From: Nicolas Frey <n.frey@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH proxmox-offline-mirror 3/3] verifier: remove module
Date: Thu, 26 Feb 2026 12:12:39 +0100 [thread overview]
Message-ID: <20260226111239.80602-4-n.frey@proxmox.com> (raw)
In-Reply-To: <20260226111239.80602-1-n.frey@proxmox.com>
Signed-off-by: Nicolas Frey <n.frey@proxmox.com>
---
src/helpers/mod.rs | 3 -
src/helpers/verifier.rs | 163 ----------------------------------------
2 files changed, 166 deletions(-)
delete mode 100644 src/helpers/verifier.rs
diff --git a/src/helpers/mod.rs b/src/helpers/mod.rs
index fb084a0..906a087 100644
--- a/src/helpers/mod.rs
+++ b/src/helpers/mod.rs
@@ -1,6 +1,3 @@
pub mod http;
pub mod tty;
-
-mod verifier;
-pub(crate) use verifier::verify_signature;
diff --git a/src/helpers/verifier.rs b/src/helpers/verifier.rs
deleted file mode 100644
index e1a663e..0000000
--- a/src/helpers/verifier.rs
+++ /dev/null
@@ -1,163 +0,0 @@
-use std::io;
-
-use anyhow::{Error, bail, format_err};
-use sequoia_openpgp::cert::CertParser;
-use sequoia_openpgp::parse::stream::{
- DetachedVerifierBuilder, MessageLayer, MessageStructure, VerificationError, VerificationHelper,
- VerifierBuilder,
-};
-use sequoia_openpgp::parse::{PacketParser, PacketParserResult, Parse};
-use sequoia_openpgp::policy::StandardPolicy;
-use sequoia_openpgp::types::HashAlgorithm;
-use sequoia_openpgp::{Cert, KeyHandle};
-
-use crate::config::WeakCryptoConfig;
-
-struct Helper<'a> {
- cert: &'a Cert,
-}
-
-impl VerificationHelper for Helper<'_> {
- fn get_certs(&mut self, _ids: &[KeyHandle]) -> sequoia_openpgp::Result<Vec<Cert>> {
- // Return public keys for signature verification here.
- Ok(vec![self.cert.clone()])
- }
-
- fn check(&mut self, structure: MessageStructure) -> sequoia_openpgp::Result<()> {
- // In this function, we implement our signature verification policy.
-
- let mut good = false;
-
- // we don't want compression and/or encryption
- let layers: Vec<_> = structure.iter().collect();
- if layers.len() > 1 || layers.is_empty() {
- bail!(
- "unexpected GPG message structure - expected plain signed data, got {} layers!",
- layers.len()
- );
- }
- let layer = &layers[0];
- let mut errors = Vec::new();
- match layer {
- MessageLayer::SignatureGroup { results } => {
- // We possibly have multiple signatures, but not all keys, so `or` all the individual results.
- for result in results {
- match result {
- Ok(_) => good = true,
- Err(e) => errors.push(e),
- }
- }
- }
- _ => return Err(anyhow::anyhow!("Unexpected message structure")),
- }
-
- if good {
- Ok(()) // Good signature.
- } else {
- if errors.len() > 1 {
- eprintln!("\nEncountered {} errors:", errors.len());
- }
-
- for (n, err) in errors.iter().enumerate() {
- if errors.len() > 1 {
- eprintln!("\nSignature #{n}: {err}");
- } else {
- eprintln!("\n{err}");
- }
- match err {
- VerificationError::MalformedSignature { error, .. }
- | VerificationError::UnboundKey { error, .. }
- | VerificationError::BadKey { error, .. }
- | VerificationError::BadSignature { error, .. } => {
- let mut cause = error.chain();
- if cause.len() > 1 {
- cause.next(); // already included in `err` above
- eprintln!("Caused by:");
- for (n, e) in cause.enumerate() {
- eprintln!("\t{n}: {e}");
- }
- }
- }
- VerificationError::MissingKey { .. }
- | VerificationError::UnknownSignature { .. } => {} // doesn't contain a cause
- _ => {} // we already print the error above in full
- };
- }
- eprintln!();
- Err(anyhow::anyhow!("No valid signature found."))
- }
- }
-}
-
-/// Verifies GPG-signed `msg` was signed by `key`, returning the verified data without signature.
-pub(crate) fn verify_signature(
- msg: &[u8],
- key: &[u8],
- detached_sig: Option<&[u8]>,
- weak_crypto: &WeakCryptoConfig,
-) -> Result<Vec<u8>, Error> {
- let mut policy = StandardPolicy::new();
- if weak_crypto.allow_sha1 {
- policy.accept_hash(HashAlgorithm::SHA1);
- }
- if let Some(min_dsa) = weak_crypto.min_dsa_key_size {
- if min_dsa <= 1024 {
- policy.accept_asymmetric_algo(sequoia_openpgp::policy::AsymmetricAlgorithm::DSA1024);
- }
- }
- if let Some(min_rsa) = weak_crypto.min_rsa_key_size {
- if min_rsa <= 1024 {
- policy.accept_asymmetric_algo(sequoia_openpgp::policy::AsymmetricAlgorithm::RSA1024);
- }
- }
-
- let verifier = |cert| {
- let helper = Helper { cert: &cert };
-
- if let Some(sig) = detached_sig {
- let mut verifier =
- DetachedVerifierBuilder::from_bytes(sig)?.with_policy(&policy, None, helper)?;
- verifier.verify_bytes(msg)?;
- Ok(msg.to_vec())
- } else {
- let mut verified = Vec::new();
- let mut verifier =
- VerifierBuilder::from_bytes(msg)?.with_policy(&policy, None, helper)?;
- let bytes = io::copy(&mut verifier, &mut verified)?;
- println!("{bytes} bytes verified");
- if !verifier.message_processed() {
- bail!("Failed to verify message!");
- }
- Ok(verified)
- }
- };
-
- let mut packed_parser = PacketParser::from_bytes(key)?;
-
- // parse all packets to see whether this is a simple certificate or a keyring
- while let PacketParserResult::Some(pp) = packed_parser {
- packed_parser = pp.recurse()?.1;
- }
-
- if let PacketParserResult::EOF(eof) = packed_parser {
- // verify against a single certificate
- if eof.is_cert().is_ok() {
- let cert = Cert::from_bytes(key)?;
- return verifier(cert);
- // verify against a keyring
- } else if eof.is_keyring().is_ok() {
- let packed_parser = PacketParser::from_bytes(key)?;
-
- return CertParser::from(packed_parser)
- // flatten here as we ignore packets that aren't a certificate
- .flatten()
- // keep trying to verify the message until the first certificate that succeeds
- .find_map(|c| verifier(c).ok())
- // if no certificate verified the message, abort
- .ok_or_else(|| format_err!("No key in keyring could verify the message!"));
- }
- }
-
- // neither a keyring nor a certificate was detect, so we abort here
- bail!("'key-path' contains neither a keyring nor a certificate, aborting!");
-}
--
2.47.3
prev parent reply other threads:[~2026-02-26 11:11 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-26 11:12 [PATCH proxmox-offline-mirror 0/3] use proxmox-pgp crate to replace verifier helper module Nicolas Frey
2026-02-26 11:12 ` [PATCH proxmox-offline-mirror 1/3] clippy: elide redundant lifetimes Nicolas Frey
2026-02-26 11:12 ` [PATCH proxmox-offline-mirror 2/3] use proxmox-pgp crate to replace verifier helper module Nicolas Frey
2026-02-26 11:12 ` Nicolas Frey [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260226111239.80602-4-n.frey@proxmox.com \
--to=n.frey@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.