perf(sequoia): stream data to be signed

2023-08-31 16:25:46 -04:00 · 2023-08-31 16:25:46 -04:00 · fae00948bc
parent fae08c0d5d
commit fae00948bc
1 changed files with 29 additions and 33 deletions
--- a/src/main.rs
+++ b/src/main.rs
@ -18,14 +18,9 @@ use rand::Rng;
 use sequoia_openpgp::{
    self as openpgp,
    crypto::KeyPair,
-    packet::prelude::*,
    parse::Parse,
    policy::StandardPolicy,
-    serialize::{
-        Serialize,
-        stream::{Armorer, Message},
-    },
-    types::*,
+    serialize::stream::{Armorer, Message, Signer},
 };
 use serde::Deserialize;
 use sha1::{Digest, Sha1};
@ -461,7 +456,7 @@ fn main() -> Result<()> {

    for _ in 0..threads {
        let bar = bar.clone();
-        let mut seq_key = seq_key.clone();
+        let seq_key = seq_key.clone();
        let key = key_id.cloned();
        let counter = Arc::clone(&counter);
        let found = Arc::clone(&found);
@ -496,6 +491,7 @@ fn main() -> Result<()> {
            };

            let signing = gpg.is_some() || seq_key.is_some();
+            let mut signature_bytes = Vec::with_capacity(1024);
            let mut sha1 = Sha1::default();
            let mut buffer = itoa::Buffer::new();
            let mut count_buffer = itoa::Buffer::new();
@ -503,9 +499,8 @@ fn main() -> Result<()> {
            let mut random_hex = [0; 32];
            let mut first = true;
            while !found.load(Ordering::Relaxed) {
-                let mut append = None;
-                let mut header = if !signing {
-                    append = match method {
+                let (mut header, append) = if !signing {
+                    let append = match method {
                        Method::Random => {
                            rand::thread_rng().fill(&mut random_bytes);
                            data_encoding::HEXLOWER.encode_mut(&random_bytes, &mut random_hex);
@ -549,18 +544,19 @@ fn main() -> Result<()> {
                        line.push_str(buffer.format(count));
                    }

-                    match method {
+                    let header = match method {
                        Method::Counter | Method::Random => Cow::from(&stripped_header),
                        _ => Cow::from(header_lines.join("\n")),
-                    }
+                    };
+
+                    (header, append)
                } else {
-                    Cow::from(&stripped_header)
+                    (Cow::from(&stripped_header), None)
                };

                // NOTE: don't need to handle append here, since we'll never be
                //       both appending *and* signing
                if let Some(ctx) = &mut gpg {
-                    let header = header.to_mut();
                    let to_sign = format!("{header}\n{message}");
                    let mut output = Vec::new();
                    ctx.sign(SignMode::Detached, to_sign, &mut output)
@ -570,38 +566,38 @@ fn main() -> Result<()> {
                    let sig = String::from_utf8(output)
                        .context("signature was not utf-8")
                        .unwrap(); // FIXME
+
+                    let header = header.to_mut();
                    header.push_str("gpgsig");
                    for line in sig.trim().split('\n') {
                        header.push(' ');
                        header.push_str(line);
                        header.push('\n');
                    }
-                } else if let Some(key) = &mut seq_key {
-                    let header = header.to_mut();
-                    let to_sign = format!("{header}\n{message}");
-                    let sig = SignatureBuilder::new(SignatureType::Binary)
-                        .sign_message(key, to_sign)
-                        .context("failed to sign message")
-                        .unwrap(); // FIXME
-
-                    let mut output = Vec::new();
-                    let message = Message::new(&mut output);
-                    let mut message = Armorer::new(message)
+                } else if let Some(key) = &seq_key {
+                    signature_bytes.clear();
+                    let msg = Message::new(&mut signature_bytes);
+                    let msg = Armorer::new(msg)
                        .kind(openpgp::armor::Kind::Signature)
                        .build()
-                        .context("failed to build pgp message")
+                        .context("failed to build armorer")
                        .unwrap(); // FIXME
-                    Packet::from(sig)
-                        .serialize(&mut message)
-                        .context("failed to serialise packet")
-                        .unwrap(); // FIXME
-                    message.finalize()
-                        .context("could not finalise message")
+                    let mut msg = Signer::new(msg, key.clone())
+                        .detached()
+                        .build()
+                        .context("failed to build signer")
                        .unwrap(); // FIXME

-                    let sig = String::from_utf8(output)
+                    msg.write_all(header.as_bytes()).unwrap(); // FIXME
+                    msg.write_all(&[b'\n']).unwrap(); // FIXME
+                    msg.write_all(message.as_bytes()).unwrap(); // FIXME
+                    msg.finalize().unwrap(); // FIXME
+
+                    let sig = std::str::from_utf8(&signature_bytes)
                        .context("signature was not utf-8")
                        .unwrap(); // FIXME
+
+                    let header = header.to_mut();
                    header.push_str("gpgsig");
                    for line in sig.trim().split('\n') {
                        header.push(' ');