From baa33deeb67bf9ca6771b3be6a56bce018c5702c Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Wed, 25 Mar 2020 15:35:48 +0100 Subject: openpgp: Improve performance of detached signature verification. - Previously, we transformed data and detached signatures into signed messages on the fly, then used the streaming Verifier to verify the message. However, this introduces a nontrivial overhead, even if unnecessary copies are carefully avoided. - Instead, specialize the streaming Decryptor to handle detached signatures. use crypto::hash_buffered_reader to compute the hashes over the data, then attach the computed signatures to the signature packets, and use Decryptor's verification machinery. - While this is arguably less elegant, it is much simpler, and a lot faster. Notably, if we operate on files and can mmap them into memory, we can compute the hash in one call to the compression function. Verification of detached signatures is an important use case, so this speedup outweighs the loss of elegance. - Fixes #457. --- openpgp-ffi/include/sequoia/openpgp/types.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'openpgp-ffi/include/sequoia/openpgp') diff --git a/openpgp-ffi/include/sequoia/openpgp/types.h b/openpgp-ffi/include/sequoia/openpgp/types.h index ec883df6..14c4ef08 100644 --- a/openpgp-ffi/include/sequoia/openpgp/types.h +++ b/openpgp-ffi/include/sequoia/openpgp/types.h @@ -533,6 +533,11 @@ typedef pgp_status_t (*pgp_decryptor_check_cb_t) (void *, typedef pgp_status_t (*pgp_decryptor_inspect_cb_t) (void *, pgp_packet_parser_t); +/*/ +/// Verifies a detached signature. +/*/ +typedef struct pgp_detached_verifier *pgp_detached_verifier_t; + /*/ /// An OpenPGP policy. /*/ -- cgit v1.2.3