tvl-depot/third_party/nix/src/libstore/crypto.hh

#pragma once

#include <map>

#include "libutil/types.hh"

namespace nix {

struct Key {
  std::string name;
  std::string key;

  /* Construct Key from a string in the format
     ‘<name>:<key-in-base64>’. */
  Key(const std::string& s);

 protected:
  Key(const std::string& name, const std::string& key) : name(name), key(key) {}
};

struct PublicKey;

struct SecretKey : Key {
  SecretKey(const std::string& s);

  /* Return a detached signature of the given string. */
  std::string signDetached(const std::string& data) const;

  PublicKey toPublicKey() const;
};

struct PublicKey : Key {
  PublicKey(const std::string& s);

 private:
  PublicKey(const std::string& name, const std::string& key) : Key(name, key) {}
  friend struct SecretKey;
};

typedef std::map<std::string, PublicKey> PublicKeys;

/* Return true iff ‘sig’ is a correct signature over ‘data’ using one
   of the given public keys. */
bool verifyDetached(const std::string& data, const std::string& sig,
                    const PublicKeys& publicKeys);

PublicKeys getDefaultPublicKeys();

}  // namespace nix
-												Add C++ functions for .narinfo processing / signing

This is currently only used by the Hydra queue runner rework, but like
eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful
for the C++ rewrite of nix-push and
download-from-binary-cache. (@shlevy)

											
										
										
											2016-02-16 16:38:44 +01:00
+								#pragma once
 								#include <map>
-												style(3p/nix): Reformat all includes to match new style

											
										
										
											2020-05-19 16:54:39 +02:00
-												refactor(3p/nix): Anchor local includes at src/

Previously all includes were anchored in one global mess of header
files. This moves the includes into filesystem "namespaces" (if you
will) for each sub-package of Nix.

Note: This commit does not introduce the relevant build system changes.

											
										
										
											2020-05-27 22:56:34 +02:00
+								#include "libutil/types.hh"
-												Add C++ functions for .narinfo processing / signing

This is currently only used by the Hydra queue runner rework, but like
eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful
for the C++ rewrite of nix-push and
download-from-binary-cache. (@shlevy)

											
										
										
											2016-02-16 16:38:44 +01:00
 								namespace nix {
 								struct Key {
 								  std::string name;
 								  std::string key;
 								  /* Construct Key from a string in the format
-												Revert "Get rid of unicode quotes (#1140)"

This reverts commit f78126bfd6b6c8477fcdbc09b2f98772dbe9a1e7. There
really is no need for such a massive change...

											
										
										
											2016-11-26 00:37:43 +01:00
+								     ‘<name>:<key-in-base64>’. */
-												Add C++ functions for .narinfo processing / signing

This is currently only used by the Hydra queue runner rework, but like
eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful
for the C++ rewrite of nix-push and
download-from-binary-cache. (@shlevy)

											
										
										
											2016-02-16 16:38:44 +01:00
+								  Key(const std::string& s);
-												BinaryCacheStore: Remove publicKeyFile argument

The public key can be derived from the secret key, so there's no need
for the user to supply it separately.

											
										
										
											2016-03-04 17:08:30 +01:00
+								 protected:
 								  Key(const std::string& name, const std::string& key) : name(name), key(key) {}
-												Add C++ functions for .narinfo processing / signing

This is currently only used by the Hydra queue runner rework, but like
eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful
for the C++ rewrite of nix-push and
download-from-binary-cache. (@shlevy)

											
										
										
											2016-02-16 16:38:44 +01:00
+								};
-												BinaryCacheStore: Remove publicKeyFile argument

The public key can be derived from the secret key, so there's no need
for the user to supply it separately.

											
										
										
											2016-03-04 17:08:30 +01:00
+								struct PublicKey;
-												Add C++ functions for .narinfo processing / signing

This is currently only used by the Hydra queue runner rework, but like
eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful
for the C++ rewrite of nix-push and
download-from-binary-cache. (@shlevy)

											
										
										
											2016-02-16 16:38:44 +01:00
+								struct SecretKey : Key {
 								  SecretKey(const std::string& s);
 								  /* Return a detached signature of the given string. */
-												refactor(3p/nix): Apply clang-tidy's readability-* fixes

This applies the readability fixes listed here:

https://clang.llvm.org/extra/clang-tidy/checks/list.html

											
										
										
											2020-05-20 23:27:37 +02:00
+								  std::string signDetached(const std::string& data) const;
-												BinaryCacheStore: Remove publicKeyFile argument

The public key can be derived from the secret key, so there's no need
for the user to supply it separately.

											
										
										
											2016-03-04 17:08:30 +01:00
 								  PublicKey toPublicKey() const;
-												Add C++ functions for .narinfo processing / signing

This is currently only used by the Hydra queue runner rework, but like
eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful
for the C++ rewrite of nix-push and
download-from-binary-cache. (@shlevy)

											
										
										
											2016-02-16 16:38:44 +01:00
+								};
 								struct PublicKey : Key {
-												refactor(3p/nix): Apply clang-tidy's readability-* fixes

This applies the readability fixes listed here:

https://clang.llvm.org/extra/clang-tidy/checks/list.html

											
										
										
											2020-05-20 23:27:37 +02:00
+								  PublicKey(const std::string& s);
-												BinaryCacheStore: Remove publicKeyFile argument

The public key can be derived from the secret key, so there's no need
for the user to supply it separately.

											
										
										
											2016-03-04 17:08:30 +01:00
 								 private:
 								  PublicKey(const std::string& name, const std::string& key) : Key(name, key) {}
-												Fix Darwin build

http://hydra.nixos.org/build/33279996

											
										
										
											2016-03-15 12:11:27 +01:00
+								  friend struct SecretKey;
-												Add C++ functions for .narinfo processing / signing

This is currently only used by the Hydra queue runner rework, but like
eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful
for the C++ rewrite of nix-push and
download-from-binary-cache. (@shlevy)

											
										
										
											2016-02-16 16:38:44 +01:00
+								};
 								typedef std::map<std::string, PublicKey> PublicKeys;
-												Revert "Get rid of unicode quotes (#1140)"

This reverts commit f78126bfd6b6c8477fcdbc09b2f98772dbe9a1e7. There
really is no need for such a massive change...

											
										
										
											2016-11-26 00:37:43 +01:00
+								/* Return true iff ‘sig’ is a correct signature over ‘data’ using one
-												Add C++ functions for .narinfo processing / signing

This is currently only used by the Hydra queue runner rework, but like
eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful
for the C++ rewrite of nix-push and
download-from-binary-cache. (@shlevy)

											
										
										
											2016-02-16 16:38:44 +01:00
+								   of the given public keys. */
 								bool verifyDetached(const std::string& data, const std::string& sig,
 								                    const PublicKeys& publicKeys);
-												Add "nix verify-paths" command

Unlike "nix-store --verify-path", this command verifies signatures in
addition to store path contents, is multi-threaded (especially useful
when verifying binary caches), and has a progress indicator.

Example use:

$ nix verify-paths --store https://cache.nixos.org -r $(type -p thunderbird)
...
[17/132 checked] checking ‘/nix/store/rawakphadqrqxr6zri2rmnxh03gqkrl3-autogen-5.18.6’

											
										
										
											2016-03-29 14:29:50 +02:00
+								PublicKeys getDefaultPublicKeys();
-												Add C++ functions for .narinfo processing / signing

This is currently only used by the Hydra queue runner rework, but like
eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful
for the C++ rewrite of nix-push and
download-from-binary-cache. (@shlevy)

											
										
										
											2016-02-16 16:38:44 +01:00
+								}  // namespace nix