factor non-type stuff out of Key
This commit is contained in:
parent
ae3f6705eb
commit
ca0daa8bb8
10 changed files with 201 additions and 188 deletions
186
Key.hs
Normal file
186
Key.hs
Normal file
|
@ -0,0 +1,186 @@
|
|||
{- git-annex Keys
|
||||
-
|
||||
- Copyright 2011-2017 Joey Hess <id@joeyh.name>
|
||||
-
|
||||
- Licensed under the GNU GPL version 3 or higher.
|
||||
-}
|
||||
|
||||
{-# OPTIONS_GHC -fno-warn-orphans #-}
|
||||
|
||||
module Key (
|
||||
Key(..),
|
||||
AssociatedFile,
|
||||
stubKey,
|
||||
key2file,
|
||||
file2key,
|
||||
nonChunkKey,
|
||||
chunkKeyOffset,
|
||||
isChunkKey,
|
||||
isKeyPrefix,
|
||||
|
||||
prop_isomorphic_key_encode,
|
||||
prop_isomorphic_key_decode
|
||||
) where
|
||||
|
||||
import Data.Aeson
|
||||
import Data.Char
|
||||
import qualified Data.Text as T
|
||||
|
||||
import Common
|
||||
import Types.Key
|
||||
import Utility.QuickCheck
|
||||
import Utility.Bloom
|
||||
import qualified Utility.SimpleProtocol as Proto
|
||||
|
||||
stubKey :: Key
|
||||
stubKey = Key
|
||||
{ keyName = ""
|
||||
, keyBackendName = ""
|
||||
, keySize = Nothing
|
||||
, keyMtime = Nothing
|
||||
, keyChunkSize = Nothing
|
||||
, keyChunkNum = Nothing
|
||||
}
|
||||
|
||||
-- Gets the parent of a chunk key.
|
||||
nonChunkKey :: Key -> Key
|
||||
nonChunkKey k = k
|
||||
{ keyChunkSize = Nothing
|
||||
, keyChunkNum = Nothing
|
||||
}
|
||||
|
||||
-- Where a chunk key is offset within its parent.
|
||||
chunkKeyOffset :: Key -> Maybe Integer
|
||||
chunkKeyOffset k = (*)
|
||||
<$> keyChunkSize k
|
||||
<*> (pred <$> keyChunkNum k)
|
||||
|
||||
isChunkKey :: Key -> Bool
|
||||
isChunkKey k = isJust (keyChunkSize k) && isJust (keyChunkNum k)
|
||||
|
||||
-- Checks if a string looks like at least the start of a key.
|
||||
isKeyPrefix :: String -> Bool
|
||||
isKeyPrefix s = [fieldSep, fieldSep] `isInfixOf` s
|
||||
|
||||
fieldSep :: Char
|
||||
fieldSep = '-'
|
||||
|
||||
{- Converts a key to a string that is suitable for use as a filename.
|
||||
- The name field is always shown last, separated by doubled fieldSeps,
|
||||
- and is the only field allowed to contain the fieldSep. -}
|
||||
key2file :: Key -> FilePath
|
||||
key2file Key { keyBackendName = b, keySize = s, keyMtime = m, keyChunkSize = cs, keyChunkNum = cn, keyName = n } =
|
||||
b +++ ('s' ?: s) +++ ('m' ?: m) +++ ('S' ?: cs) +++ ('C' ?: cn) +++ (fieldSep : n)
|
||||
where
|
||||
"" +++ y = y
|
||||
x +++ "" = x
|
||||
x +++ y = x ++ fieldSep:y
|
||||
f ?: (Just v) = f : show v
|
||||
_ ?: _ = ""
|
||||
|
||||
file2key :: FilePath -> Maybe Key
|
||||
file2key s
|
||||
| key == Just stubKey || (keyName <$> key) == Just "" || (keyBackendName <$> key) == Just "" = Nothing
|
||||
| otherwise = key
|
||||
where
|
||||
key = startbackend stubKey s
|
||||
|
||||
startbackend k v = sepfield k v addbackend
|
||||
|
||||
sepfield k v a = case span (/= fieldSep) v of
|
||||
(v', _:r) -> findfields r $ a k v'
|
||||
_ -> Nothing
|
||||
|
||||
findfields (c:v) (Just k)
|
||||
| c == fieldSep = addkeyname k v
|
||||
| otherwise = sepfield k v $ addfield c
|
||||
findfields _ v = v
|
||||
|
||||
addbackend k v = Just k { keyBackendName = v }
|
||||
|
||||
-- This is a strict parser for security reasons; a key
|
||||
-- can contain only 4 fields, which all consist only of numbers.
|
||||
-- Any key containing other fields, or non-numeric data is
|
||||
-- rejected with Nothing.
|
||||
--
|
||||
-- If a key contained non-numeric fields, they could be used to
|
||||
-- embed data used in a SHA1 collision attack, which would be a
|
||||
-- problem since the keys are committed to git.
|
||||
addfield _ _ v | not (all isDigit v) = Nothing
|
||||
addfield 's' k v = do
|
||||
sz <- readish v
|
||||
return $ k { keySize = Just sz }
|
||||
addfield 'm' k v = do
|
||||
mtime <- readish v
|
||||
return $ k { keyMtime = Just mtime }
|
||||
addfield 'S' k v = do
|
||||
chunksize <- readish v
|
||||
return $ k { keyChunkSize = Just chunksize }
|
||||
addfield 'C' k v = case readish v of
|
||||
Just chunknum | chunknum > 0 ->
|
||||
return $ k { keyChunkNum = Just chunknum }
|
||||
_ -> Nothing
|
||||
addfield _ _ _ = Nothing
|
||||
|
||||
addkeyname k v
|
||||
| validKeyName k v = Just $ k { keyName = v }
|
||||
| otherwise = Nothing
|
||||
|
||||
{- A key with a backend ending in "E" is an extension preserving key,
|
||||
- using some hash.
|
||||
-
|
||||
- The length of the extension is limited in order to mitigate against
|
||||
- SHA1 collision attacks (specifically, chosen-prefix attacks).
|
||||
- In such an attack, the extension of the key could be made to contain
|
||||
- the collision generation data, with the result that a signed git commit
|
||||
- including such keys would not be secure.
|
||||
-
|
||||
- The maximum extension length ever generated for such a key was 8
|
||||
- characters; 20 is used here to give a little future wiggle-room.
|
||||
- The SHA1 common-prefix attack used 128 bytes of data.
|
||||
-
|
||||
- This code is here, and not in Backend.Hash (where it really belongs)
|
||||
- so that file2key can check it whenever a Key is constructed.
|
||||
-}
|
||||
validKeyName :: Key -> String -> Bool
|
||||
validKeyName k v
|
||||
| end (keyBackendName k) == "E" = length (takeExtensions v) <= 20
|
||||
| otherwise = True
|
||||
|
||||
instance Arbitrary Key where
|
||||
arbitrary = Key
|
||||
<$> (listOf1 $ elements $ ['A'..'Z'] ++ ['a'..'z'] ++ ['0'..'9'] ++ "-_\r\n \t")
|
||||
<*> (listOf1 $ elements ['A'..'Z']) -- BACKEND
|
||||
<*> ((abs <$>) <$> arbitrary) -- size cannot be negative
|
||||
<*> arbitrary
|
||||
<*> ((abs <$>) <$> arbitrary) -- chunksize cannot be negative
|
||||
<*> ((succ . abs <$>) <$> arbitrary) -- chunknum cannot be 0 or negative
|
||||
|
||||
instance Hashable Key where
|
||||
hashIO32 = hashIO32 . key2file
|
||||
hashIO64 = hashIO64 . key2file
|
||||
|
||||
instance ToJSON Key where
|
||||
toJSON = toJSON . key2file
|
||||
|
||||
instance FromJSON Key where
|
||||
parseJSON (String t) = maybe mempty pure $ file2key $ T.unpack t
|
||||
parseJSON _ = mempty
|
||||
|
||||
instance Proto.Serializable Key where
|
||||
serialize = key2file
|
||||
deserialize = file2key
|
||||
|
||||
prop_isomorphic_key_encode :: Key -> Bool
|
||||
prop_isomorphic_key_encode k = Just k == (file2key . key2file) k
|
||||
|
||||
prop_isomorphic_key_decode :: FilePath -> Bool
|
||||
prop_isomorphic_key_decode f
|
||||
| normalfieldorder = maybe True (\k -> key2file k == f) (file2key f)
|
||||
| otherwise = True
|
||||
where
|
||||
-- file2key will accept the fields in any order, so don't
|
||||
-- try the test unless the fields are in the normal order
|
||||
normalfieldorder = fields `isPrefixOf` "smSC"
|
||||
fields = map (f !!) $ filter (< length f) $ map succ $
|
||||
elemIndices fieldSep f
|
Loading…
Add table
Add a link
Reference in a new issue