From: Nicolas Frey <n.frey@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH proxmox-offline-mirror 3/3] verifier: remove module
Date: Thu, 26 Feb 2026 12:12:39 +0100 [thread overview]
Message-ID: <20260226111239.80602-4-n.frey@proxmox.com> (raw)
In-Reply-To: <20260226111239.80602-1-n.frey@proxmox.com>
Signed-off-by: Nicolas Frey <n.frey@proxmox.com>
---
src/helpers/mod.rs | 3 -
src/helpers/verifier.rs | 163 ----------------------------------------
2 files changed, 166 deletions(-)
delete mode 100644 src/helpers/verifier.rs
diff --git a/src/helpers/mod.rs b/src/helpers/mod.rs
index fb084a0..906a087 100644
--- a/src/helpers/mod.rs
+++ b/src/helpers/mod.rs
@@ -1,6 +1,3 @@
pub mod http;
pub mod tty;
-
-mod verifier;
-pub(crate) use verifier::verify_signature;
diff --git a/src/helpers/verifier.rs b/src/helpers/verifier.rs
deleted file mode 100644
index e1a663e..0000000
--- a/src/helpers/verifier.rs
+++ /dev/null
@@ -1,163 +0,0 @@
-use std::io;
-
-use anyhow::{Error, bail, format_err};
-use sequoia_openpgp::cert::CertParser;
-use sequoia_openpgp::parse::stream::{
- DetachedVerifierBuilder, MessageLayer, MessageStructure, VerificationError, VerificationHelper,
- VerifierBuilder,
-};
-use sequoia_openpgp::parse::{PacketParser, PacketParserResult, Parse};
-use sequoia_openpgp::policy::StandardPolicy;
-use sequoia_openpgp::types::HashAlgorithm;
-use sequoia_openpgp::{Cert, KeyHandle};
-
-use crate::config::WeakCryptoConfig;
-
-struct Helper<'a> {
- cert: &'a Cert,
-}
-
-impl VerificationHelper for Helper<'_> {
- fn get_certs(&mut self, _ids: &[KeyHandle]) -> sequoia_openpgp::Result<Vec<Cert>> {
- // Return public keys for signature verification here.
- Ok(vec![self.cert.clone()])
- }
-
- fn check(&mut self, structure: MessageStructure) -> sequoia_openpgp::Result<()> {
- // In this function, we implement our signature verification policy.
-
- let mut good = false;
-
- // we don't want compression and/or encryption
- let layers: Vec<_> = structure.iter().collect();
- if layers.len() > 1 || layers.is_empty() {
- bail!(
- "unexpected GPG message structure - expected plain signed data, got {} layers!",
- layers.len()
- );
- }
- let layer = &layers[0];
- let mut errors = Vec::new();
- match layer {
- MessageLayer::SignatureGroup { results } => {
- // We possibly have multiple signatures, but not all keys, so `or` all the individual results.
- for result in results {
- match result {
- Ok(_) => good = true,
- Err(e) => errors.push(e),
- }
- }
- }
- _ => return Err(anyhow::anyhow!("Unexpected message structure")),
- }
-
- if good {
- Ok(()) // Good signature.
- } else {
- if errors.len() > 1 {
- eprintln!("\nEncountered {} errors:", errors.len());
- }
-
- for (n, err) in errors.iter().enumerate() {
- if errors.len() > 1 {
- eprintln!("\nSignature #{n}: {err}");
- } else {
- eprintln!("\n{err}");
- }
- match err {
- VerificationError::MalformedSignature { error, .. }
- | VerificationError::UnboundKey { error, .. }
- | VerificationError::BadKey { error, .. }
- | VerificationError::BadSignature { error, .. } => {
- let mut cause = error.chain();
- if cause.len() > 1 {
- cause.next(); // already included in `err` above
- eprintln!("Caused by:");
- for (n, e) in cause.enumerate() {
- eprintln!("\t{n}: {e}");
- }
- }
- }
- VerificationError::MissingKey { .. }
- | VerificationError::UnknownSignature { .. } => {} // doesn't contain a cause
- _ => {} // we already print the error above in full
- };
- }
- eprintln!();
- Err(anyhow::anyhow!("No valid signature found."))
- }
- }
-}
-
-/// Verifies GPG-signed `msg` was signed by `key`, returning the verified data without signature.
-pub(crate) fn verify_signature(
- msg: &[u8],
- key: &[u8],
- detached_sig: Option<&[u8]>,
- weak_crypto: &WeakCryptoConfig,
-) -> Result<Vec<u8>, Error> {
- let mut policy = StandardPolicy::new();
- if weak_crypto.allow_sha1 {
- policy.accept_hash(HashAlgorithm::SHA1);
- }
- if let Some(min_dsa) = weak_crypto.min_dsa_key_size {
- if min_dsa <= 1024 {
- policy.accept_asymmetric_algo(sequoia_openpgp::policy::AsymmetricAlgorithm::DSA1024);
- }
- }
- if let Some(min_rsa) = weak_crypto.min_rsa_key_size {
- if min_rsa <= 1024 {
- policy.accept_asymmetric_algo(sequoia_openpgp::policy::AsymmetricAlgorithm::RSA1024);
- }
- }
-
- let verifier = |cert| {
- let helper = Helper { cert: &cert };
-
- if let Some(sig) = detached_sig {
- let mut verifier =
- DetachedVerifierBuilder::from_bytes(sig)?.with_policy(&policy, None, helper)?;
- verifier.verify_bytes(msg)?;
- Ok(msg.to_vec())
- } else {
- let mut verified = Vec::new();
- let mut verifier =
- VerifierBuilder::from_bytes(msg)?.with_policy(&policy, None, helper)?;
- let bytes = io::copy(&mut verifier, &mut verified)?;
- println!("{bytes} bytes verified");
- if !verifier.message_processed() {
- bail!("Failed to verify message!");
- }
- Ok(verified)
- }
- };
-
- let mut packed_parser = PacketParser::from_bytes(key)?;
-
- // parse all packets to see whether this is a simple certificate or a keyring
- while let PacketParserResult::Some(pp) = packed_parser {
- packed_parser = pp.recurse()?.1;
- }
-
- if let PacketParserResult::EOF(eof) = packed_parser {
- // verify against a single certificate
- if eof.is_cert().is_ok() {
- let cert = Cert::from_bytes(key)?;
- return verifier(cert);
- // verify against a keyring
- } else if eof.is_keyring().is_ok() {
- let packed_parser = PacketParser::from_bytes(key)?;
-
- return CertParser::from(packed_parser)
- // flatten here as we ignore packets that aren't a certificate
- .flatten()
- // keep trying to verify the message until the first certificate that succeeds
- .find_map(|c| verifier(c).ok())
- // if no certificate verified the message, abort
- .ok_or_else(|| format_err!("No key in keyring could verify the message!"));
- }
- }
-
- // neither a keyring nor a certificate was detect, so we abort here
- bail!("'key-path' contains neither a keyring nor a certificate, aborting!");
-}
--
2.47.3
prev parent reply other threads:[~2026-02-26 11:11 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-26 11:12 [PATCH proxmox-offline-mirror 0/3] use proxmox-pgp crate to replace verifier helper module Nicolas Frey
2026-02-26 11:12 ` [PATCH proxmox-offline-mirror 1/3] clippy: elide redundant lifetimes Nicolas Frey
2026-02-26 11:12 ` [PATCH proxmox-offline-mirror 2/3] use proxmox-pgp crate to replace verifier helper module Nicolas Frey
2026-02-26 11:12 ` Nicolas Frey [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260226111239.80602-4-n.frey@proxmox.com \
--to=n.frey@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox