slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make verifying detached signatures more efficient.

Browse Source 
- Now that we depend on sequoia-openpgp 1.22, we can make use of the
    more efficient DetachedVerifier::verify_buffered_reader.
This commit is contained in:
Justus Winter 2024-12-15 12:11:04 +01:00
parent 65b210395f
commit 2f381829f8
No known key found for this signature in database
GPG Key ID: 686F55B4AB2B3386
2 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/commands/download.rs
View File

@ -27,6 +27,7 @@ use openpgp::Packet;
use openpgp::parse::PacketParser; use openpgp::parse::PacketParser;
use openpgp::parse::PacketParserResult; use openpgp::parse::PacketParserResult;
use openpgp::parse::Parse; use openpgp::parse::Parse;
use openpgp::parse::buffered_reader::{self, BufferedReader};
use openpgp::types::KeyFlags; use openpgp::types::KeyFlags;
use sequoia_openpgp as openpgp; use sequoia_openpgp as openpgp;
@ -529,7 +530,9 @@ pub fn dispatch(sq: Sq, c: download::Command)
let result = verify( let result = verify(
sq, sq,
data_file.as_mut(), buffered_reader::File::new_with_cookie(
data_file.as_ref().try_clone()?, data_file.path(),
Default::default())?.into_boxed(),
signature_file.as_ref().map(|f| f.path().to_path_buf()), signature_file.as_ref().map(|f| f.path().to_path_buf()),
&mut output_file, &mut output_file,
signatures, signatures,

19
src/commands/verify.rs
View File

@ -10,6 +10,8 @@ use sequoia_openpgp::{
Cert, Cert,
cert::amalgamation::ValidAmalgamation, cert::amalgamation::ValidAmalgamation,
packet::UserID, packet::UserID,
parse::Cookie,
parse::buffered_reader::BufferedReader,
parse::stream::*, parse::stream::*,
parse::Parse, parse::Parse,
types::{ types::{
@ -31,14 +33,14 @@ pub fn dispatch(sq: Sq, command: cli::verify::Command)
{ {
tracer!(TRACE, "verify::dispatch"); tracer!(TRACE, "verify::dispatch");
let mut input = command.input.open("a signed message")?; let input = command.input.open("a signed message")?;
let mut output = command.output.create_safe(&sq)?; let mut output = command.output.create_safe(&sq)?;
let signatures = command.signatures; let signatures = command.signatures;
let signers = let signers =
sq.resolve_certs_or_fail(&command.signers, sequoia_wot::FULLY_TRUSTED)?; sq.resolve_certs_or_fail(&command.signers, sequoia_wot::FULLY_TRUSTED)?;
let result = verify(sq, &mut input, let result = verify(sq, input,
command.detached, command.detached,
&mut output, signatures, signers); &mut output, signatures, signers);
if result.is_err() { if result.is_err() {
@ -54,7 +56,7 @@ pub fn dispatch(sq: Sq, command: cli::verify::Command)
} }
pub fn verify(mut sq: Sq, pub fn verify(mut sq: Sq,
input: &mut (dyn io::Read + Sync + Send), input: Box<dyn BufferedReader<Cookie>>,
detached: Option<PathBuf>, detached: Option<PathBuf>,
output: &mut dyn io::Write, output: &mut dyn io::Write,
signatures: usize, certs: Vec<Cert>) signatures: usize, certs: Vec<Cert>)
@ -75,16 +77,7 @@ pub fn verify(mut sq: Sq,
let helper = if let Some(dsig) = detached { let helper = if let Some(dsig) = detached {
let mut v = DetachedVerifierBuilder::from_reader(dsig)? let mut v = DetachedVerifierBuilder::from_reader(dsig)?
.with_policy(sq.policy, Some(sq.time), helper)?; .with_policy(sq.policy, Some(sq.time), helper)?;
v.verify_buffered_reader(input)?;
// XXX: This is inefficient, as input was originally a
// buffered reader, then we "cast it down" to a io::Reader,
// and this will be wrapped into a buffered_reader::Generic by
// sequoia-openpgp, incurring an extra copy of the data. If
// it weren't for that, we could verify mmap'ed files,
// exceeding the speed of sha256sum(1).
//
// See https://gitlab.com/sequoia-pgp/sequoia/-/issues/1135
v.verify_reader(input)?;
v.into_helper() v.into_helper()
} else { } else {
let mut v = VerifierBuilder::from_reader(input)? let mut v = VerifierBuilder::from_reader(input)?