[][src]Struct sequoia_openpgp::parse::stream::Verifier

pub struct Verifier<'a, H: VerificationHelper> { /* fields omitted */ }

Verifies a signed OpenPGP message.

To create a Verifier, create a VerifierBuilder using Parse, and customize it to your needs.

Signature verification requires processing the whole message first. Therefore, OpenPGP implementations supporting streaming operations necessarily must output unverified data. This has been a source of problems in the past. To alleviate this, we buffer the message first (up to 25 megabytes of net message data by default, see DEFAULT_BUFFER_SIZE), and verify the signatures if the message fits into our buffer. Nevertheless it is important to treat the data as unverified and untrustworthy until you have seen a positive verification. See Verifier::message_processed for more information.

See GoodChecksum for what it means for a signature to be considered valid.

Examples

use std::io::Read;
use sequoia_openpgp as openpgp;
use openpgp::{KeyHandle, Cert, Result};
use openpgp::parse::{Parse, stream::*};
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

// This fetches keys and computes the validity of the verification.
struct Helper {};
impl VerificationHelper for Helper {
    fn get_certs(&mut self, ids: &[KeyHandle]) -> Result<Vec<Cert>> {
        let mut certs = Vec::new();
        for id in ids {
            certs.push(lookup_cert_by_handle(id)?);
        }
        Ok(certs)
    }

    fn check(&mut self, structure: MessageStructure) -> Result<()> {
        for (i, layer) in structure.into_iter().enumerate() {
            match layer {
                MessageLayer::Encryption { .. } if i == 0 => (),
                MessageLayer::Compression { .. } if i == 1 => (),
                MessageLayer::SignatureGroup { ref results } => {
                    if ! results.iter().any(|r| r.is_ok()) {
                        return Err(anyhow::anyhow!(
                                       "No valid signature"));
                    }
                }
                _ => return Err(anyhow::anyhow!(
                                    "Unexpected message structure")),
            }
        }
        Ok(())
    }
}

let message =
   b"-----BEGIN PGP MESSAGE-----

     xA0DAAoW+zdR8Vh9rvEByxJiAAAAAABIZWxsbyBXb3JsZCHCdQQAFgoABgWCXrLl
     AQAhCRD7N1HxWH2u8RYhBDnRAKtn1b2MBAECBfs3UfFYfa7xRUsBAJaxkU/RCstf
     UD7TM30IorO1Mb9cDa/hPRxyzipulT55AQDN1m9LMqi9yJDjHNHwYYVwxDcg+pLY
     YmAFv/UfO0vYBw==
     =+l94
     -----END PGP MESSAGE-----
     ";

let h = Helper {};
let mut v = VerifierBuilder::from_bytes(&message[..])?
    .with_policy(p, None, h)?;

let mut content = Vec::new();
v.read_to_end(&mut content)?;
assert_eq!(content, b"Hello World!");

Implementations

impl<'a, H: VerificationHelper> Verifier<'a, H>[src]

pub fn helper_ref(&self) -> &H[src]

Returns a reference to the helper.

pub fn helper_mut(&mut self) -> &mut H[src]

Returns a mutable reference to the helper.

pub fn into_helper(self) -> H[src]

Recovers the helper.

pub fn message_processed(&self) -> bool[src]

Returns true if the whole message has been processed and authenticated.

If the function returns true, the whole message has been processed, the signatures are verified, and the message structure has been passed to VerificationHelper::check. Data read from this Verifier using io::Read has been authenticated.

If the function returns false, the message did not fit into the internal buffer, and therefore data read from this Verifier using io::Read has not yet been authenticated. It is important to treat this data as attacker controlled and not use it until it has been authenticated.

Examples

This example demonstrates how to verify a message in a streaming fashion, writing the data to a temporary file and only commit the result once the data is authenticated.

use std::io::{Read, Seek, SeekFrom};
use sequoia_openpgp as openpgp;
use openpgp::{KeyHandle, Cert, Result};
use openpgp::parse::{Parse, stream::*};
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

// This fetches keys and computes the validity of the verification.
struct Helper {};
impl VerificationHelper for Helper {
    // ...
}

let mut source =
   // ...

fn consume(r: &mut dyn Read) -> Result<()> {
   // ...
}

let h = Helper {};
let mut v = VerifierBuilder::from_reader(&mut source)?
    .with_policy(p, None, h)?;

if v.message_processed() {
    // The data has been authenticated.
    consume(&mut v)?;
} else {
    let mut tmp = tempfile::tempfile()?;
    std::io::copy(&mut v, &mut tmp)?;

    // If the copy succeeds, the message has been fully
    // processed and the data has been authenticated.
    assert!(v.message_processed());

    // Rewind and consume.
    tmp.seek(SeekFrom::Start(0))?;
    consume(&mut tmp)?;
}

Trait Implementations

impl<'a, H: VerificationHelper> Read for Verifier<'a, H>[src]

Auto Trait Implementations

impl<'a, H> !RefUnwindSafe for Verifier<'a, H>[src]

impl<'a, H> Send for Verifier<'a, H> where
    H: Send
[src]

impl<'a, H> Sync for Verifier<'a, H> where
    H: Sync
[src]

impl<'a, H> Unpin for Verifier<'a, H> where
    H: Unpin
[src]

impl<'a, H> !UnwindSafe for Verifier<'a, H>[src]

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized
[src]

impl<T> Borrow<T> for T where
    T: ?Sized
[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized
[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, 
[src]

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T where
    U: Into<T>, 
[src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, 
[src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.