Move signature support from NarInfo to ValidPathInfo

This commit is contained in:
Eelco Dolstra 2016-03-24 11:41:00 +01:00
parent 11525377e1
commit 374198ad6d
4 changed files with 43 additions and 39 deletions

View file

@ -1,4 +1,3 @@
#include "crypto.hh"
#include "globals.hh"
#include "nar-info.hh"
@ -104,15 +103,6 @@ std::string NarInfo::to_string() const
return res;
}
std::string NarInfo::fingerprint() const
{
return
"1;" + path + ";"
+ printHashType(narHash.type) + ":" + printHash32(narHash) + ";"
+ std::to_string(narSize) + ";"
+ concatStringsSep(",", references);
}
Strings NarInfo::shortRefs() const
{
Strings refs;
@ -121,18 +111,4 @@ Strings NarInfo::shortRefs() const
return refs;
}
void NarInfo::sign(const SecretKey & secretKey)
{
sigs.insert(secretKey.signDetached(fingerprint()));
}
unsigned int NarInfo::checkSignatures(const PublicKeys & publicKeys) const
{
unsigned int good = 0;
for (auto & sig : sigs)
if (verifyDetached(fingerprint(), sig, publicKeys))
good++;
return good;
}
}

View file

@ -20,20 +20,6 @@ struct NarInfo : ValidPathInfo
std::string to_string() const;
/* Return a fingerprint of the store path to be used in binary
cache signatures. It contains the store path, the base-32
SHA-256 hash of the NAR serialisation of the path, the size of
the NAR, and the sorted references. The size field is strictly
speaking superfluous, but might prevent endless/excessive data
attacks. */
std::string fingerprint() const;
void sign(const SecretKey & secretKey);
/* Return the number of signatures on this .narinfo that were
produced by one of the specified keys. */
unsigned int checkSignatures(const PublicKeys & publicKeys) const;
private:
Strings shortRefs() const;

View file

@ -1,5 +1,6 @@
#include "store-api.hh"
#include "crypto.hh"
#include "globals.hh"
#include "store-api.hh"
#include "util.hh"
@ -309,6 +310,32 @@ void Store::exportPaths(const Paths & paths,
}
std::string ValidPathInfo::fingerprint() const
{
return
"1;" + path + ";"
+ printHashType(narHash.type) + ":" + printHash32(narHash) + ";"
+ std::to_string(narSize) + ";"
+ concatStringsSep(",", references);
}
void ValidPathInfo::sign(const SecretKey & secretKey)
{
sigs.insert(secretKey.signDetached(fingerprint()));
}
unsigned int ValidPathInfo::checkSignatures(const PublicKeys & publicKeys) const
{
unsigned int good = 0;
for (auto & sig : sigs)
if (verifyDetached(fingerprint(), sig, publicKeys))
good++;
return good;
}
}

View file

@ -2,6 +2,7 @@
#include "hash.hh"
#include "serialise.hh"
#include "crypto.hh"
#include <string>
#include <limits>
@ -112,6 +113,20 @@ struct ValidPathInfo
&& narHash == i.narHash
&& references == i.references;
}
/* Return a fingerprint of the store path to be used in binary
cache signatures. It contains the store path, the base-32
SHA-256 hash of the NAR serialisation of the path, the size of
the NAR, and the sorted references. The size field is strictly
speaking superfluous, but might prevent endless/excessive data
attacks. */
std::string fingerprint() const;
void sign(const SecretKey & secretKey);
/* Return the number of signatures on this .narinfo that were
produced by one of the specified keys. */
unsigned int checkSignatures(const PublicKeys & publicKeys) const;
};
typedef list<ValidPathInfo> ValidPathInfos;