cgoVerify should return errors of the response and the verification

client/cgo/cgotest.go

@@ -1,19 +1,27 @@
 package main
 
 /*
-int testVerify(int type,
-	char *uname, int unameSize,
-	unsigned char *key, int keySize,
-	unsigned long long currentEpoch,
-	unsigned char *savedSTR, int strSize,
-	unsigned char *pk, int pkSize,
-	char *response, int responseSize) {
-	return cgoVerify(type,
-		uname, unameSize,
-		key, keySize,
-		currentEpoch,
-		savedSTR, strSize,
-		pk, pkSize, response, responseSize);
+struct cgoVerify_return {
+    int r0;
+    int r1;
+};
+extern struct cgoVerify_return cgoVerify(int p0, char* p1, int p2, void* p3,
+    int p4, long long unsigned int p5, void* p6, int p7, void* p8, int p9,
+    char* p10, int p11);
+
+struct cgoVerify_return testVerify(int type,
+    char *uname, int unameSize,
+    unsigned char *key, int keySize,
+    long long unsigned int currentEpoch,
+    unsigned char *savedSTR, int strSize,
+    unsigned char *pk, int pkSize,
+    char *response, int responseSize) {
+    return cgoVerify(type,
+        uname, unameSize,
+        key, keySize,
+        currentEpoch,
+        savedSTR, strSize,
+        pk, pkSize, response, responseSize);
 }
 
 #cgo CFLAGS: -Wno-implicit-function-declaration
@@ -49,15 +57,18 @@ func testVerify(t *testing.T) {
 		t.Fatal(err)
 	}
 	savedSTR := d.LatestSTR().Signature
-
-	if v := C.testVerify(protocol.RegistrationType,
+	v := C.testVerify(protocol.RegistrationType,
 		byteSliceToCcharPtr([]byte(uname)), C.int(len(uname)),
 		byteSliceToCucharPtr([]byte(key)), C.int(len(key)),
 		0,
 		byteSliceToCucharPtr(savedSTR), C.int(len(savedSTR)),
 		byteSliceToCucharPtr(pk), C.int(len(pk)),
-		byteSliceToCcharPtr(response), C.int(len(response))); v != C.int(protocol.Passed) {
-		t.Error(protocol.ErrorCode(v).Error())
+		byteSliceToCcharPtr(response), C.int(len(response)))
+
+	r0 := C.struct_cgoVerify_return(v).r0
+	r1 := C.struct_cgoVerify_return(v).r1
+	if r0 != C.int(protocol.Success) || r1 != C.int(protocol.Passed) {
+		t.Errorf("%s, %s\n", protocol.ErrorCode(r0).Error(), protocol.ErrorCode(r1).Error())
 	}
 	savedSTR = res.DirectoryResponse.(*protocol.DirectoryProof).STR.Signature
 
@@ -67,28 +78,35 @@ func testVerify(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if v := C.testVerify(protocol.KeyLookupType,
+
+	v = C.testVerify(protocol.KeyLookupType,
 		byteSliceToCcharPtr([]byte(uname)), C.int(len(uname)),
 		byteSliceToCucharPtr([]byte(key)), C.int(len(key)),
 		0,
 		byteSliceToCucharPtr(savedSTR), C.int(len(savedSTR)),
 		byteSliceToCucharPtr(pk), C.int(len(pk)),
-		byteSliceToCcharPtr(response), C.int(len(response))); v != C.int(protocol.Passed) {
-		t.Error(protocol.ErrorCode(v).Error())
+		byteSliceToCcharPtr(response), C.int(len(response)))
+	r0 = C.struct_cgoVerify_return(v).r0
+	r1 = C.struct_cgoVerify_return(v).r1
+	if r0 != C.int(protocol.Success) || r1 != C.int(protocol.Passed) {
+		t.Errorf("%s, %s\n", protocol.ErrorCode(r0).Error(), protocol.ErrorCode(r1).Error())
 	}
 
 	res, _ = d.KeyLookup(&protocol.KeyLookupRequest{"bob"})
 	response, err = json.Marshal(res)
 	if err != nil {
 		t.Fatal(err)
 	}
-	if v := C.testVerify(protocol.KeyLookupType,
+	v = C.testVerify(protocol.KeyLookupType,
 		byteSliceToCcharPtr([]byte(uname)), C.int(len(uname)),
 		byteSliceToCucharPtr([]byte(key)), C.int(len(key)),
 		0,
 		byteSliceToCucharPtr(savedSTR), C.int(len(savedSTR)),
 		byteSliceToCucharPtr(pk), C.int(len(pk)),
-		byteSliceToCcharPtr(response), C.int(len(response))); v != C.int(protocol.ErrorNameNotFound) {
-		t.Error(protocol.ErrorCode(v).Error())
+		byteSliceToCcharPtr(response), C.int(len(response)))
+	r0 = C.struct_cgoVerify_return(v).r0
+	r1 = C.struct_cgoVerify_return(v).r1
+	if r0 != C.int(protocol.ErrorNameNotFound) || r1 != C.int(protocol.Passed) {
+		t.Errorf("%s, %s\n", protocol.ErrorCode(r0).Error(), protocol.ErrorCode(r1).Error())
 	}
 }

client/cgo/verification.go

@@ -14,20 +14,26 @@ import (
 func main() {}
 
 //export cgoVerify
+// This cgoVerify returns 2 error codes,
+// the first one is the error of the response,
+// the second one is the error of the verification.
+// If the response error is in ErrorResponses,
+// the verification error will be ErrorCouldNotVerify.
 func cgoVerify(cType C.int,
 	cUname *C.char, cUnameSize C.int,
 	cKey unsafe.Pointer, cKeySize C.int,
 	cCurrentEpoch C.ulonglong,
 	cSavedSTR unsafe.Pointer, cStrSize C.int,
 	cPk unsafe.Pointer, cPkSize C.int,
-	cResponse *C.char, cResponseSize C.int) C.int {
+	cResponse *C.char, cResponseSize C.int) (C.int, C.int) {
 
 	if int(cUnameSize) == 0 ||
 		int(cKeySize) == 0 ||
 		(int(cStrSize) != sign.SignatureSize && int(cStrSize) != 0) ||
 		int(cPkSize) != sign.PublicKeySize ||
 		int(cResponseSize) == 0 {
-		return C.int(protocol.ErrorMalformedDirectoryMessage)
+		return C.int(protocol.ErrorMalformedDirectoryMessage),
+			C.int(protocol.ErrorCouldNotVerify)
 	}
 
 	uname := C.GoStringN(cUname, cUnameSize)
@@ -38,10 +44,8 @@ func cgoVerify(cType C.int,
 	currentEp := uint64(cCurrentEpoch)
 
 	msg, err := client.UnmarshalResponse(int(cType), []byte(response))
-	if err != protocol.Success {
-		// TODO: We're going to want to verify some returned data,
-		// even when the response wasn't a success.
-		return C.int(err)
+	if protocol.ErrorResponses[err] {
+		return C.int(err), C.int(protocol.ErrorCouldNotVerify)
 	}
-	return C.int(msg.Verify(uname, key, currentEp, savedSTR, signKey))
+	return C.int(err), C.int(msg.Verify(uname, key, currentEp, savedSTR, signKey))
 }

protocol/error.go

@@ -25,6 +25,7 @@ const (
 	ErrorBadSTR
 	ErrorBadCommitment
 	ErrorBadBinding
+	ErrorCouldNotVerify
 )
 
 // ErrorResponses contains error codes that
@@ -51,6 +52,7 @@ var (
 		ErrorBadSTR:                    errors.New("[coniks] The hash chain is inconsistent"),
 		ErrorBadCommitment:             errors.New("[coniks] Bad commitment"),
 		ErrorBadBinding:                errors.New("[coniks] Bad name-to-key binding"),
+		ErrorCouldNotVerify:            errors.New("[coniks] Could not verify"),
 	}
 )