From 2f381829f88ec1431058f560aa32a8e79dedb3b9 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Sun, 15 Dec 2024 12:11:04 +0100 Subject: [PATCH] Make verifying detached signatures more efficient. - Now that we depend on sequoia-openpgp 1.22, we can make use of the more efficient DetachedVerifier::verify_buffered_reader. --- src/commands/download.rs | 5 ++++- src/commands/verify.rs | 19 ++++++------------- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/src/commands/download.rs b/src/commands/download.rs index abca0c86..add35677 100644 --- a/src/commands/download.rs +++ b/src/commands/download.rs @@ -27,6 +27,7 @@ use openpgp::Packet; use openpgp::parse::PacketParser; use openpgp::parse::PacketParserResult; use openpgp::parse::Parse; +use openpgp::parse::buffered_reader::{self, BufferedReader}; use openpgp::types::KeyFlags; use sequoia_openpgp as openpgp; @@ -529,7 +530,9 @@ pub fn dispatch(sq: Sq, c: download::Command) let result = verify( sq, - data_file.as_mut(), + buffered_reader::File::new_with_cookie( + data_file.as_ref().try_clone()?, data_file.path(), + Default::default())?.into_boxed(), signature_file.as_ref().map(|f| f.path().to_path_buf()), &mut output_file, signatures, diff --git a/src/commands/verify.rs b/src/commands/verify.rs index 02f1439d..77a5079e 100644 --- a/src/commands/verify.rs +++ b/src/commands/verify.rs @@ -10,6 +10,8 @@ use sequoia_openpgp::{ Cert, cert::amalgamation::ValidAmalgamation, packet::UserID, + parse::Cookie, + parse::buffered_reader::BufferedReader, parse::stream::*, parse::Parse, types::{ @@ -31,14 +33,14 @@ pub fn dispatch(sq: Sq, command: cli::verify::Command) { tracer!(TRACE, "verify::dispatch"); - let mut input = command.input.open("a signed message")?; + let input = command.input.open("a signed message")?; let mut output = command.output.create_safe(&sq)?; let signatures = command.signatures; let signers = sq.resolve_certs_or_fail(&command.signers, sequoia_wot::FULLY_TRUSTED)?; - let result = verify(sq, &mut input, + let result = verify(sq, input, command.detached, &mut output, signatures, signers); if result.is_err() { @@ -54,7 +56,7 @@ pub fn dispatch(sq: Sq, command: cli::verify::Command) } pub fn verify(mut sq: Sq, - input: &mut (dyn io::Read + Sync + Send), + input: Box>, detached: Option, output: &mut dyn io::Write, signatures: usize, certs: Vec) @@ -75,16 +77,7 @@ pub fn verify(mut sq: Sq, let helper = if let Some(dsig) = detached { let mut v = DetachedVerifierBuilder::from_reader(dsig)? .with_policy(sq.policy, Some(sq.time), helper)?; - - // XXX: This is inefficient, as input was originally a - // buffered reader, then we "cast it down" to a io::Reader, - // and this will be wrapped into a buffered_reader::Generic by - // sequoia-openpgp, incurring an extra copy of the data. If - // it weren't for that, we could verify mmap'ed files, - // exceeding the speed of sha256sum(1). - // - // See https://gitlab.com/sequoia-pgp/sequoia/-/issues/1135 - v.verify_reader(input)?; + v.verify_buffered_reader(input)?; v.into_helper() } else { let mut v = VerifierBuilder::from_reader(input)?