/// Collects statistics about the SKS packet dump using the openpgp
/// crate, Sequoia's low-level API.
///
/// Note that to achieve reasonable performance, you need to compile
/// Sequoia and this program with optimizations:
///
/// % cargo run --example dsa-statistics --release \
/// -- <packet-dump> [<packet-dump>..]
use std::{
env,
fs,
sync::mpsc::sync_channel,
thread,
time::Duration,
};
use anyhow::Context;
use sequoia_openpgp as openpgp;
use openpgp::{
cert::amalgamation::ValidAmalgamation,
types::*,
policy::NullPolicy,
};
use sequoia_openpgp_mt::keyring;
fn main() -> openpgp::Result<()> {
let args: Vec<String> = env::args().collect();
if args.len() < 2 {
return Err(anyhow::anyhow!("Collects statistics about OpenPGP packet dumps.\n\n\
Usage: {} <packet-dump> [<packet-dump>...]\n", args[0]));
}
let (sender, receiver) = sync_channel(4);
// For each input file, create a parser.
let n_threads = num_cpus::get() / 2;
let chunk_size = args[1..].len() / n_threads;
for inputs in args[1..].chunks(chunk_size) {
let inputs = inputs.to_vec();
let sender = sender.clone();
thread::spawn(move || {
for input in inputs {
eprintln!("Parsing {:?}...", input);
let f = fs::File::open(&input)
.context(format!("Failed to parse {:?}", input))
.unwrap();
sender.send(keyring::parse(f)
.context(format!("Failed to parse {:?}", input))
.unwrap()).unwrap();
}
});
}
drop(sender);
const P: &NullPolicy = unsafe { &NullPolicy::new() };
let five_years = Duration::new(5 * 365 * 24 * 60 * 60, 0);
let mut all_certs_including_parse_errors = 0;
let mut all_certs = 0;
let mut gp_certs = 0;
let mut valid_all_certs = 0;
let mut valid_gp_certs = 0;
let mut valid_gp_dsa_elg_certs = 0;
let mut valid_recent_all_certs = 0;
let mut valid_recent_gp_certs = 0;
let mut valid_recent_gp_dsa_elg_certs = 0;
fn is_revoked(s: RevocationStatus) -> bool {
match s {
RevocationStatus::Revoked(_) => true,
_ => false,
}
}
while let Ok(certs) = receiver.recv() {
all_certs_including_parse_errors += certs.len();
for cert in certs.into_iter().filter_map(|c| c.ok()) {
all_certs += 1;
// Canonicalize at creation time to see if it once had an
// encryption (sub)key.
let creation_time = cert.primary_key().key().creation_time();
if let Ok(vcert0) = cert.with_policy(P, creation_time) {
if vcert0.keys()
.for_transport_encryption()
.for_storage_encryption()
.count() > 0
{
gp_certs += 1;
}
}
// Canonicalize for now.
if let Ok(vcert) = cert.with_policy(P, None) {
if ! vcert.primary_key().alive().is_ok()
|| ! is_revoked(vcert.primary_key().revocation_status())
{
// Primary not alive or revoked.
continue;
}
let recent =
if cert.primary_key().key().creation_time().elapsed().unwrap()
<= five_years { 1 } else { 0 };
valid_all_certs += 1;
valid_recent_all_certs += recent;
// General purpose now?
if vcert.keys()
.for_transport_encryption()
.for_storage_encryption()
.alive()
.revoked(false)
.count() > 0
{
valid_gp_certs += 1;
valid_recent_gp_certs += recent;
}
#[allow(deprecated)]
if vcert.primary_key().key().pk_algo() == PublicKeyAlgorithm::DSA
&& vcert.keys()
.for_transport_encryption()
.for_storage_encryption()
.alive()
.revoked(false)
.filter(|vka|
vka.key().pk_algo() == PublicKeyAlgorithm::ElGamalEncrypt)
.count() > 0
{
valid_gp_dsa_elg_certs += 1;
valid_recent_gp_dsa_elg_certs += recent;
}
}
}
}
println!("All (including parse errors): {}",
all_certs_including_parse_errors);
println!("All certs: {} ({:.2}% parsed ok)",
all_certs,
all_certs as f32 / all_certs_including_parse_errors as f32 * 100.);
println!("General purpose certs (GP): {} ({:.2}% of all certs)",
gp_certs,
gp_certs as f32 / all_certs as f32 * 100.);
println!("Valid now certs: {} ({:.2}% of all certs)",
valid_all_certs,
valid_all_certs as f32 / all_certs as f32 * 100.);
println!("Valid now GP certs: {} ({:.2}% of all valid now certs)",
valid_gp_certs,
valid_gp_certs as f32 / valid_all_certs as f32 * 100.);
println!("Valid now GP DSA/ELG certs: {} ({:.2}% of all valid now GP certs)",
valid_gp_dsa_elg_certs,
valid_gp_dsa_elg_certs as f32 / valid_gp_certs as f32 * 100.);
println!("Valid now recent certs: {} ({:.2}% of all valid now certs)",
valid_recent_all_certs,
valid_recent_all_certs as f32 / valid_all_certs as f32 * 100.);
println!("Valid now recent GP certs: {} ({:.2}% of all valid now recent certs)",
valid_recent_gp_certs,
valid_recent_gp_certs as f32 / valid_recent_all_certs as f32 * 100.);
println!("Valid now recent GP DSA/ELG certs: {} ({:.2}% of all valid now recent GP certs)",
valid_recent_gp_dsa_elg_certs,
valid_recent_gp_dsa_elg_certs as f32 / valid_recent_gp_certs as f32 * 100.);
Ok(())
}