From 374198ad6d8747c135ce8d8a8284723b0968aeef Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 24 Mar 2016 11:41:00 +0100 Subject: [PATCH] Move signature support from NarInfo to ValidPathInfo --- src/libstore/nar-info.cc | 24 ------------------------ src/libstore/nar-info.hh | 14 -------------- src/libstore/store-api.cc | 29 ++++++++++++++++++++++++++++- src/libstore/store-api.hh | 15 +++++++++++++++ 4 files changed, 43 insertions(+), 39 deletions(-) diff --git a/src/libstore/nar-info.cc b/src/libstore/nar-info.cc index 9028370ac..680facdcf 100644 --- a/src/libstore/nar-info.cc +++ b/src/libstore/nar-info.cc @@ -1,4 +1,3 @@ -#include "crypto.hh" #include "globals.hh" #include "nar-info.hh" @@ -104,15 +103,6 @@ std::string NarInfo::to_string() const return res; } -std::string NarInfo::fingerprint() const -{ - return - "1;" + path + ";" - + printHashType(narHash.type) + ":" + printHash32(narHash) + ";" - + std::to_string(narSize) + ";" - + concatStringsSep(",", references); -} - Strings NarInfo::shortRefs() const { Strings refs; @@ -121,18 +111,4 @@ Strings NarInfo::shortRefs() const return refs; } -void NarInfo::sign(const SecretKey & secretKey) -{ - sigs.insert(secretKey.signDetached(fingerprint())); -} - -unsigned int NarInfo::checkSignatures(const PublicKeys & publicKeys) const -{ - unsigned int good = 0; - for (auto & sig : sigs) - if (verifyDetached(fingerprint(), sig, publicKeys)) - good++; - return good; -} - } diff --git a/src/libstore/nar-info.hh b/src/libstore/nar-info.hh index 2d04e4526..3c783cf83 100644 --- a/src/libstore/nar-info.hh +++ b/src/libstore/nar-info.hh @@ -20,20 +20,6 @@ struct NarInfo : ValidPathInfo std::string to_string() const; - /* Return a fingerprint of the store path to be used in binary - cache signatures. It contains the store path, the base-32 - SHA-256 hash of the NAR serialisation of the path, the size of - the NAR, and the sorted references. The size field is strictly - speaking superfluous, but might prevent endless/excessive data - attacks. */ - std::string fingerprint() const; - - void sign(const SecretKey & secretKey); - - /* Return the number of signatures on this .narinfo that were - produced by one of the specified keys. */ - unsigned int checkSignatures(const PublicKeys & publicKeys) const; - private: Strings shortRefs() const; diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc index 5f3f621e8..b47376e55 100644 --- a/src/libstore/store-api.cc +++ b/src/libstore/store-api.cc @@ -1,5 +1,6 @@ -#include "store-api.hh" +#include "crypto.hh" #include "globals.hh" +#include "store-api.hh" #include "util.hh" @@ -309,6 +310,32 @@ void Store::exportPaths(const Paths & paths, } +std::string ValidPathInfo::fingerprint() const +{ + return + "1;" + path + ";" + + printHashType(narHash.type) + ":" + printHash32(narHash) + ";" + + std::to_string(narSize) + ";" + + concatStringsSep(",", references); +} + + +void ValidPathInfo::sign(const SecretKey & secretKey) +{ + sigs.insert(secretKey.signDetached(fingerprint())); +} + + +unsigned int ValidPathInfo::checkSignatures(const PublicKeys & publicKeys) const +{ + unsigned int good = 0; + for (auto & sig : sigs) + if (verifyDetached(fingerprint(), sig, publicKeys)) + good++; + return good; +} + + } diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh index 62ee811eb..b7209d4a3 100644 --- a/src/libstore/store-api.hh +++ b/src/libstore/store-api.hh @@ -2,6 +2,7 @@ #include "hash.hh" #include "serialise.hh" +#include "crypto.hh" #include #include @@ -112,6 +113,20 @@ struct ValidPathInfo && narHash == i.narHash && references == i.references; } + + /* Return a fingerprint of the store path to be used in binary + cache signatures. It contains the store path, the base-32 + SHA-256 hash of the NAR serialisation of the path, the size of + the NAR, and the sorted references. The size field is strictly + speaking superfluous, but might prevent endless/excessive data + attacks. */ + std::string fingerprint() const; + + void sign(const SecretKey & secretKey); + + /* Return the number of signatures on this .narinfo that were + produced by one of the specified keys. */ + unsigned int checkSignatures(const PublicKeys & publicKeys) const; }; typedef list ValidPathInfos;