diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2020-03-25 15:35:48 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2020-03-25 16:54:19 +0100 |
| commit | baa33deeb67bf9ca6771b3be6a56bce018c5702c (patch) | |
| tree | bc76c48bf8b2f9739166998cd7a903cea05e1afd /openpgp-ffi/include | |
| parent | bfd7e05a5103b48da92a38c80128d38891af984b (diff) | |
openpgp: Improve performance of detached signature verification.
- Previously, we transformed data and detached signatures into
signed messages on the fly, then used the streaming Verifier to
verify the message. However, this introduces a nontrivial
overhead, even if unnecessary copies are carefully avoided.
- Instead, specialize the streaming Decryptor to handle detached
signatures. use crypto::hash_buffered_reader to compute the
hashes over the data, then attach the computed signatures to the
signature packets, and use Decryptor's verification machinery.
- While this is arguably less elegant, it is much simpler, and a lot
faster. Notably, if we operate on files and can mmap them into
memory, we can compute the hash in one call to the compression
function. Verification of detached signatures is an important use
case, so this speedup outweighs the loss of elegance.
- Fixes #457.
Diffstat (limited to 'openpgp-ffi/include')
| -rw-r--r-- | openpgp-ffi/include/sequoia/openpgp.h | 24 | ||||
| -rw-r--r-- | openpgp-ffi/include/sequoia/openpgp/types.h | 5 |
2 files changed, 20 insertions, 9 deletions
diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h index 5f612720..20b1f150 100644 --- a/openpgp-ffi/include/sequoia/openpgp.h +++ b/openpgp-ffi/include/sequoia/openpgp.h @@ -1856,22 +1856,28 @@ pgp_reader_t pgp_verifier_new (pgp_error_t *errp, void *cookie, time_t time); /*/ -/// Verifies a detached OpenPGP signature./// -/// A Certificate (see [RFC 4880, section 11.1]) can be used to verify -/// signatures and encrypt data. It can be stored in a keystore and -/// uploaded to keyservers. -/// -/// [RFC 4880, section 11.1]: https://tools.ietf.org/html/rfc4880#section-11.1 - +/// Verifies a detached OpenPGP signature. /*/ -pgp_reader_t pgp_detached_verifier_new (pgp_error_t *errp, +pgp_detached_verifier_t pgp_detached_verifier_new (pgp_error_t *errp, pgp_policy_t policy, - pgp_reader_t signature_input, pgp_reader_t input, + pgp_reader_t signature_input, pgp_decryptor_get_public_keys_cb_t get_public_keys, pgp_decryptor_check_cb_t check, void *cookie, time_t time); /*/ +/// Frees this object. +/*/ +void pgp_detached_verifier_free (pgp_detached_verifier_t); + +/*/ +/// Verifies `data` using `verifier`. +/*/ +pgp_status_t pgp_detached_verifier_verify (pgp_error_t *errp, + pgp_detached_verifier_t verifier, + pgp_reader_t data); + +/*/ /// Returns a new standard policy. /*/ pgp_policy_t pgp_standard_policy (); diff --git a/openpgp-ffi/include/sequoia/openpgp/types.h b/openpgp-ffi/include/sequoia/openpgp/types.h index ec883df6..14c4ef08 100644 --- a/openpgp-ffi/include/sequoia/openpgp/types.h +++ b/openpgp-ffi/include/sequoia/openpgp/types.h @@ -534,6 +534,11 @@ typedef pgp_status_t (*pgp_decryptor_inspect_cb_t) (void *, pgp_packet_parser_t); /*/ +/// Verifies a detached signature. +/*/ +typedef struct pgp_detached_verifier *pgp_detached_verifier_t; + +/*/ /// An OpenPGP policy. /*/ typedef struct pgp_policy *pgp_policy_t; |