Make verifying detached signatures more efficient.

- Now that we depend on sequoia-openpgp 1.22, we can make use of the more efficient DetachedVerifier::verify_buffered_reader.
2024-12-15 12:11:04 +01:00 · 2024-12-15 12:11:04 +01:00 · 2f381829f8
commit 2f381829f8
parent 65b210395f
2 changed files with 10 additions and 14 deletions
--- a/src/commands/download.rs
+++ b/src/commands/download.rs
@ -27,6 +27,7 @@ use openpgp::Packet;
 use openpgp::parse::PacketParser;
 use openpgp::parse::PacketParserResult;
 use openpgp::parse::Parse;
+use openpgp::parse::buffered_reader::{self, BufferedReader};
 use openpgp::types::KeyFlags;
 use sequoia_openpgp as openpgp;

@ -529,7 +530,9 @@ pub fn dispatch(sq: Sq, c: download::Command)

    let result = verify(
        sq,
-        data_file.as_mut(),
+        buffered_reader::File::new_with_cookie(
+            data_file.as_ref().try_clone()?, data_file.path(),
+            Default::default())?.into_boxed(),
        signature_file.as_ref().map(|f| f.path().to_path_buf()),
        &mut output_file,
        signatures,
--- a/src/commands/verify.rs
+++ b/src/commands/verify.rs
@ -10,6 +10,8 @@ use sequoia_openpgp::{
    Cert,
    cert::amalgamation::ValidAmalgamation,
    packet::UserID,
+    parse::Cookie,
+    parse::buffered_reader::BufferedReader,
    parse::stream::*,
    parse::Parse,
    types::{
@ -31,14 +33,14 @@ pub fn dispatch(sq: Sq, command: cli::verify::Command)
 {
    tracer!(TRACE, "verify::dispatch");

-    let mut input = command.input.open("a signed message")?;
+    let input = command.input.open("a signed message")?;
    let mut output = command.output.create_safe(&sq)?;
    let signatures = command.signatures;

    let signers =
        sq.resolve_certs_or_fail(&command.signers, sequoia_wot::FULLY_TRUSTED)?;

-    let result = verify(sq, &mut input,
+    let result = verify(sq, input,
                        command.detached,
                        &mut output, signatures, signers);
    if result.is_err() {
@ -54,7 +56,7 @@ pub fn dispatch(sq: Sq, command: cli::verify::Command)
 }

 pub fn verify(mut sq: Sq,
-              input: &mut (dyn io::Read + Sync + Send),
+              input: Box<dyn BufferedReader<Cookie>>,
              detached: Option<PathBuf>,
              output: &mut dyn io::Write,
              signatures: usize, certs: Vec<Cert>)
@ -75,16 +77,7 @@ pub fn verify(mut sq: Sq,
    let helper = if let Some(dsig) = detached {
        let mut v = DetachedVerifierBuilder::from_reader(dsig)?
            .with_policy(sq.policy, Some(sq.time), helper)?;
-
-        // XXX: This is inefficient, as input was originally a
-        // buffered reader, then we "cast it down" to a io::Reader,
-        // and this will be wrapped into a buffered_reader::Generic by
-        // sequoia-openpgp, incurring an extra copy of the data.  If
-        // it weren't for that, we could verify mmap'ed files,
-        // exceeding the speed of sha256sum(1).
-        //
-        // See https://gitlab.com/sequoia-pgp/sequoia/-/issues/1135
-        v.verify_reader(input)?;
+        v.verify_buffered_reader(input)?;
        v.into_helper()
    } else {
        let mut v = VerifierBuilder::from_reader(input)?