Move signature support from NarInfo to ValidPathInfo
This commit is contained in:
parent
11525377e1
commit
374198ad6d
4 changed files with 43 additions and 39 deletions
|
@ -1,4 +1,3 @@
|
||||||
#include "crypto.hh"
|
|
||||||
#include "globals.hh"
|
#include "globals.hh"
|
||||||
#include "nar-info.hh"
|
#include "nar-info.hh"
|
||||||
|
|
||||||
|
@ -104,15 +103,6 @@ std::string NarInfo::to_string() const
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
std::string NarInfo::fingerprint() const
|
|
||||||
{
|
|
||||||
return
|
|
||||||
"1;" + path + ";"
|
|
||||||
+ printHashType(narHash.type) + ":" + printHash32(narHash) + ";"
|
|
||||||
+ std::to_string(narSize) + ";"
|
|
||||||
+ concatStringsSep(",", references);
|
|
||||||
}
|
|
||||||
|
|
||||||
Strings NarInfo::shortRefs() const
|
Strings NarInfo::shortRefs() const
|
||||||
{
|
{
|
||||||
Strings refs;
|
Strings refs;
|
||||||
|
@ -121,18 +111,4 @@ Strings NarInfo::shortRefs() const
|
||||||
return refs;
|
return refs;
|
||||||
}
|
}
|
||||||
|
|
||||||
void NarInfo::sign(const SecretKey & secretKey)
|
|
||||||
{
|
|
||||||
sigs.insert(secretKey.signDetached(fingerprint()));
|
|
||||||
}
|
|
||||||
|
|
||||||
unsigned int NarInfo::checkSignatures(const PublicKeys & publicKeys) const
|
|
||||||
{
|
|
||||||
unsigned int good = 0;
|
|
||||||
for (auto & sig : sigs)
|
|
||||||
if (verifyDetached(fingerprint(), sig, publicKeys))
|
|
||||||
good++;
|
|
||||||
return good;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,20 +20,6 @@ struct NarInfo : ValidPathInfo
|
||||||
|
|
||||||
std::string to_string() const;
|
std::string to_string() const;
|
||||||
|
|
||||||
/* Return a fingerprint of the store path to be used in binary
|
|
||||||
cache signatures. It contains the store path, the base-32
|
|
||||||
SHA-256 hash of the NAR serialisation of the path, the size of
|
|
||||||
the NAR, and the sorted references. The size field is strictly
|
|
||||||
speaking superfluous, but might prevent endless/excessive data
|
|
||||||
attacks. */
|
|
||||||
std::string fingerprint() const;
|
|
||||||
|
|
||||||
void sign(const SecretKey & secretKey);
|
|
||||||
|
|
||||||
/* Return the number of signatures on this .narinfo that were
|
|
||||||
produced by one of the specified keys. */
|
|
||||||
unsigned int checkSignatures(const PublicKeys & publicKeys) const;
|
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
|
||||||
Strings shortRefs() const;
|
Strings shortRefs() const;
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
#include "store-api.hh"
|
#include "crypto.hh"
|
||||||
#include "globals.hh"
|
#include "globals.hh"
|
||||||
|
#include "store-api.hh"
|
||||||
#include "util.hh"
|
#include "util.hh"
|
||||||
|
|
||||||
|
|
||||||
|
@ -309,6 +310,32 @@ void Store::exportPaths(const Paths & paths,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
std::string ValidPathInfo::fingerprint() const
|
||||||
|
{
|
||||||
|
return
|
||||||
|
"1;" + path + ";"
|
||||||
|
+ printHashType(narHash.type) + ":" + printHash32(narHash) + ";"
|
||||||
|
+ std::to_string(narSize) + ";"
|
||||||
|
+ concatStringsSep(",", references);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void ValidPathInfo::sign(const SecretKey & secretKey)
|
||||||
|
{
|
||||||
|
sigs.insert(secretKey.signDetached(fingerprint()));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
unsigned int ValidPathInfo::checkSignatures(const PublicKeys & publicKeys) const
|
||||||
|
{
|
||||||
|
unsigned int good = 0;
|
||||||
|
for (auto & sig : sigs)
|
||||||
|
if (verifyDetached(fingerprint(), sig, publicKeys))
|
||||||
|
good++;
|
||||||
|
return good;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
#include "hash.hh"
|
#include "hash.hh"
|
||||||
#include "serialise.hh"
|
#include "serialise.hh"
|
||||||
|
#include "crypto.hh"
|
||||||
|
|
||||||
#include <string>
|
#include <string>
|
||||||
#include <limits>
|
#include <limits>
|
||||||
|
@ -112,6 +113,20 @@ struct ValidPathInfo
|
||||||
&& narHash == i.narHash
|
&& narHash == i.narHash
|
||||||
&& references == i.references;
|
&& references == i.references;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Return a fingerprint of the store path to be used in binary
|
||||||
|
cache signatures. It contains the store path, the base-32
|
||||||
|
SHA-256 hash of the NAR serialisation of the path, the size of
|
||||||
|
the NAR, and the sorted references. The size field is strictly
|
||||||
|
speaking superfluous, but might prevent endless/excessive data
|
||||||
|
attacks. */
|
||||||
|
std::string fingerprint() const;
|
||||||
|
|
||||||
|
void sign(const SecretKey & secretKey);
|
||||||
|
|
||||||
|
/* Return the number of signatures on this .narinfo that were
|
||||||
|
produced by one of the specified keys. */
|
||||||
|
unsigned int checkSignatures(const PublicKeys & publicKeys) const;
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef list<ValidPathInfo> ValidPathInfos;
|
typedef list<ValidPathInfo> ValidPathInfos;
|
||||||
|
|
Loading…
Reference in a new issue