diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-08-11 10:50:27 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-08-11 14:23:48 +0200 |
commit | 739c6eda692a10f531fbba2f3940cfb919c294bd (patch) | |
tree | 1cce6ba42633ed9b6cd8d993df38f4d879a6a673 | |
parent | 1b113cbd74685c67e23a22b9fb87911380dfdca4 (diff) |
openpgp: Move hash_buffered_reader, drop hash_reader.
- Previously, we provided hash_reader to downstream users to verify
detached signatures. Nowadays, we have the DetachedVerifier that
does the same in a much more convenient way. Therefore, we drop
hash_reader, and move its non-public sibling hash_buffered_reader
to a more appropriate location.
-rw-r--r-- | openpgp/src/crypto/mod.rs | 79 | ||||
-rw-r--r-- | openpgp/src/parse/hashed_reader.rs | 63 | ||||
-rw-r--r-- | openpgp/src/parse/stream.rs | 3 |
3 files changed, 64 insertions, 81 deletions
diff --git a/openpgp/src/crypto/mod.rs b/openpgp/src/crypto/mod.rs index 5deba504..029e31b3 100644 --- a/openpgp/src/crypto/mod.rs +++ b/openpgp/src/crypto/mod.rs @@ -19,16 +19,9 @@ //! [`SessionKey::new`]: struct.SessionKey.html#method.new //! [`KeyPair` example]: struct.KeyPair.html#examples -use std::io::Read; use std::ops::{Deref, DerefMut}; use std::fmt; -use buffered_reader::BufferedReader; - -use crate::types::HashAlgorithm; -use crate::Result; -use crate::parse::HashingMode; - pub(crate) mod aead; mod asymmetric; pub use self::asymmetric::{Signer, Decryptor, KeyPair}; @@ -211,75 +204,3 @@ impl Password { self.0.map(fun) } } - - -/// Hashes the given reader. -/// -/// This can be used to verify detached signatures. For a more -/// convenient method, see [`DetachedVerifier`]. -/// -/// [`DetachedVerifier`]: ../parse/stream/struct.DetachedVerifier.html -pub fn hash_reader<R: Read>(reader: R, algos: &[HashingMode<HashAlgorithm>]) - -> Result<Vec<HashingMode<hash::Context>>> -{ - let reader - = buffered_reader::Generic::with_cookie( - reader, None, Default::default()); - hash_buffered_reader(reader, algos) -} - -/// Hashes the given buffered reader. -/// -/// This can be used to verify detached signatures. For a more -/// convenient method, see [`DetachedVerifier`]. -/// -/// [`DetachedVerifier`]: ../parse/stream/struct.DetachedVerifier.html -pub(crate) fn hash_buffered_reader<R>(reader: R, - algos: &[HashingMode<HashAlgorithm>]) - -> Result<Vec<HashingMode<hash::Context>>> - where R: BufferedReader<crate::parse::Cookie>, -{ - use std::mem; - - use crate::parse::HashedReader; - use crate::parse::HashesFor; - - let mut reader - = HashedReader::new(reader, HashesFor::Signature, algos.to_vec()); - - // Hash all of the data. - reader.drop_eof()?; - - let hashes = - mem::replace(&mut reader.cookie_mut().sig_group_mut().hashes, - Default::default()); - Ok(hashes) -} - - -#[test] -fn hash_reader_test() { - use std::collections::HashMap; - - let expected: HashMap<HashAlgorithm, &str> = [ - (HashAlgorithm::SHA1, "7945E3DA269C25C04F9EF435A5C0F25D9662C771"), - (HashAlgorithm::SHA512, "DDE60DB05C3958AF1E576CD006A7F3D2C343DD8C8DECE789A15D148DF90E6E0D1454DE734F8343502CA93759F22C8F6221BE35B6BDE9728BD12D289122437CB1"), - ].iter().cloned().collect(); - - let result = - hash_reader(std::io::Cursor::new(crate::tests::manifesto()), - &expected.keys().cloned() - .map(|algo| HashingMode::Binary(algo)). - collect::<Vec<_>>()) - .unwrap(); - - for mut mode in result.into_iter() { - let hash = mode.as_mut(); - let algo = hash.algo(); - let mut digest = vec![0u8; hash.digest_size()]; - hash.digest(&mut digest); - - assert_eq!(*expected.get(&algo).unwrap(), - &crate::fmt::to_hex(&digest[..], false)); - } -} diff --git a/openpgp/src/parse/hashed_reader.rs b/openpgp/src/parse/hashed_reader.rs index 143988d5..0a26a617 100644 --- a/openpgp/src/parse/hashed_reader.rs +++ b/openpgp/src/parse/hashed_reader.rs @@ -6,7 +6,10 @@ use std::fmt; use buffered_reader::BufferedReader; use buffered_reader::buffered_reader_generic_read_impl; -use crate::HashAlgorithm; +use crate::{ + Result, + types::HashAlgorithm, +}; use crate::parse::{Cookie, HashesFor, Hashing, HashingMode}; const TRACE : bool = false; @@ -260,6 +263,29 @@ impl<R: BufferedReader<Cookie>> } } +/// Hashes the given buffered reader. +/// +/// This can be used to verify detached signatures. For a more +/// convenient method, see [`DetachedVerifier`]. +/// +/// [`DetachedVerifier`]: ../parse/stream/struct.DetachedVerifier.html +pub(crate) fn hash_buffered_reader<R>(reader: R, + algos: &[HashingMode<HashAlgorithm>]) + -> Result<Vec<HashingMode<crate::crypto::hash::Context>>> + where R: BufferedReader<crate::parse::Cookie>, +{ + let mut reader + = HashedReader::new(reader, HashesFor::Signature, algos.to_vec()); + + // Hash all of the data. + reader.drop_eof()?; + + let hashes = + mem::replace(&mut reader.cookie_mut().sig_group_mut().hashes, + Default::default()); + Ok(hashes) +} + #[cfg(test)] mod test { use super::*; @@ -348,4 +374,39 @@ mod test { } Ok(()) } + + #[test] + fn hash_reader_test() { + use std::collections::HashMap; + + let expected: HashMap<HashAlgorithm, &str> = [ + (HashAlgorithm::SHA1, "7945E3DA269C25C04F9EF435A5C0F25D9662C771"), + (HashAlgorithm::SHA512, "DDE60DB05C3958AF1E576CD006A7F3D2C343DD8C\ + 8DECE789A15D148DF90E6E0D1454DE734F834350\ + 2CA93759F22C8F6221BE35B6BDE9728BD12D2891\ + 22437CB1"), + ].iter().cloned().collect(); + + let reader + = buffered_reader::Generic::with_cookie( + std::io::Cursor::new(crate::tests::manifesto()), + None, Default::default()); + let result = + hash_buffered_reader( + reader, + &expected.keys().cloned() + .map(|algo| HashingMode::Binary(algo)). + collect::<Vec<_>>()) + .unwrap(); + + for mut mode in result.into_iter() { + let hash = mode.as_mut(); + let algo = hash.algo(); + let mut digest = vec![0u8; hash.digest_size()]; + hash.digest(&mut digest); + + assert_eq!(*expected.get(&algo).unwrap(), + &crate::fmt::to_hex(&digest[..], false)); + } + } } diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index cfeba6c6..36f3cf9f 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -2404,7 +2404,8 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { let algos: Vec<_> = sigs.iter().map(|s| { HashingMode::for_signature(s.hash_algo(), s.typ()) }).collect(); - let hashes = crate::crypto::hash_buffered_reader(data, &algos)?; + let hashes = + crate::parse::hashed_reader::hash_buffered_reader(data, &algos)?; // Attach the digests. for sig in sigs.iter_mut() { |