Add non-sha1 metadata processing. Add fetching catalog statistics and properties.

Author: saurvs

cvmfs/fetcher.js

@@ -26,9 +26,12 @@ cvmfs.fetcher.downloadCertificate = function(data_url, hash) {
   return this.downloadChunk(data_url, hash, 'X');
 };
 
+cvmfs.fetcher.downloadCatalog = function(data_url, hash) {
+  return this.downloadChunk(data_url, hash, 'C');
+};
+
 cvmfs.fetcher.parseManifest = function(data, repo_name) {
   const manifest = {};
-  const metadata_digest = new KJUR.crypto.MessageDigest({alg: 'sha1', prov: 'cryptojs'});
 
   const lines = data.split('\n');
   for (const i in lines) {
@@ -44,7 +47,7 @@ cvmfs.fetcher.parseManifest = function(data, repo_name) {
         manifest.catalog_size = parseInt(tail);
         break;
       case 'C':
-        manifest.catalog_hash = tail;
+        manifest.catalog_hash = new cvmfs.util.hash(tail);
         break;
       case 'D':
         manifest.ttl = parseInt(tail);
@@ -53,10 +56,10 @@ cvmfs.fetcher.parseManifest = function(data, repo_name) {
         manifest.garbage_collectable = (tail === 'yes');
         break;
       case 'H':
-        manifest.history_hash = tail;
+        manifest.history_hash = new cvmfs.util.hash(tail);
         break;
       case 'M':
-        manifest.json_hash = tail;
+        manifest.json_hash = new cvmfs.util.hash(tail);
         break;
       case 'N':
         if (tail !== repo_name) return undefined;
@@ -72,27 +75,28 @@ cvmfs.fetcher.parseManifest = function(data, repo_name) {
         manifest.published_timestamp = parseInt(tail);
         break;
       case 'X':
-        manifest.certificate_hash = tail;
+        manifest.certificate_hash = new cvmfs.util.hash(tail);
         break;
     }
 
     if (head === '-') {
       const j = (parseInt(i) + 1).toString();
-      manifest.metadata_hash = lines[j];
+      manifest.metadata_hash = new cvmfs.util.hash(lines[j]);
       break;
     }
-
-    metadata_digest.updateString(line + '\n')
   }
 
   if (manifest.catalog_hash === undefined ||
       manifest.root_hash === undefined ||
       manifest.ttl === undefined ||
       manifest.revision === undefined) return undefined;
 
-  if (manifest.metadata_hash !== metadata_digest.digest()) return undefined;
+  const metadata = data.substring(0, data.search('--'));
+  const computed_metadata_hash = cvmfs.util.digestString(metadata, manifest.metadata_hash.alg);
+  if (manifest.metadata_hash.hex !== computed_metadata_hash) return undefined;
 
-  const signature = data.substr(data.search('-') + 3 /*(--\n)*/ + 40 /*(SHA1 hex len)*/ + 1 /*(\n)*/);
+  var signature = data.substr(data.search('--') + 3 /*(--\n)*/);
+  signature = signature.substr(signature.search('\n') + 1 /*\n*/);
   manifest.signature_hex = cvmfs.util.stringToHex(signature);
 
   return manifest;
@@ -104,9 +108,13 @@ cvmfs.fetcher.fetchManifest = function(repo_url, repo_name) {
 };
 
 cvmfs.fetcher.parseWhitelist = function(data, repo_name) {
-  const metadata = data.substr(0, data.search('-'));
-  const metadata_hash = data.substr(metadata.length + 3 /*(--\n)*/, 40 /*(SHA1 hex len)*/);
-  if (metadata_hash !== KJUR.crypto.Util.sha1(metadata)) return undefined;
+  const metadata = data.substr(0, data.search('--'));
+  var metadata_hash_str = data.substr(metadata.length + 3 /*(--\n)*/);
+  metadata_hash_str = metadata_hash_str.substr(0, metadata_hash_str.search('\n'));
+
+  const metadata_hash = new cvmfs.util.hash(metadata_hash_str);
+  const computed_metadata_hash = cvmfs.util.digestString(metadata, metadata_hash.alg);
+  if (metadata_hash.hex !== computed_metadata_hash) return undefined;
 
   const whitelist = { metadata_hash: metadata_hash };
   const lines = metadata.split('\n');
@@ -122,9 +130,10 @@ cvmfs.fetcher.parseWhitelist = function(data, repo_name) {
     parseInt(expiry_line.substr(9, 2))
   );
 
-  whitelist.certificate_fingerprint = lines[3].replace(/\:/g, '').toLowerCase();
+  whitelist.certificate_fingerprint = new cvmfs.util.hash(lines[3].replace(/\:/g, '').toLowerCase());
 
-  const signature = data.substr(metadata.length + 3 /*(--\n)*/ + 40 /*(SHA1 hex len)*/ + 1 /*(\n)*/);
+  var signature = data.substr(metadata.length + 3 /*(--\n)*/);
+  signature = signature.substr(signature.search('\n') + 1 /*(\n)*/);
   whitelist.signature_hex = cvmfs.util.stringToHex(signature);
 
   return whitelist;
@@ -136,11 +145,11 @@ cvmfs.fetcher.fetchWhitelist = function(repo_url, repo_name) {
 };
 
 cvmfs.fetcher.fetchCertificate = function(data_url, cert_hash) {
-  const data = cvmfs.fetcher.downloadCertificate(data_url, cert_hash);
+  const data = cvmfs.fetcher.downloadCertificate(data_url, cert_hash.download_handle);
 
   const data_hex = cvmfs.util.stringToHex(data);
-  const data_hash = KJUR.crypto.Util.hashHex(data_hex, 'sha1');
-  if (data_hash !== cert_hash) return undefined;
+  const data_hash = cvmfs.util.digestHex(data_hex, cert_hash.alg);
+  if (data_hash !== cert_hash.hex) return undefined;
 
   const data_deflated = pako.inflate(data);
   const decoder = new TextDecoder("utf-8");
@@ -149,4 +158,15 @@ cvmfs.fetcher.fetchCertificate = function(data_url, cert_hash) {
   const certificate = new X509();
   certificate.readCertPEM(pem);
   return certificate;
+};
+
+cvmfs.fetcher.fetchCatalog = function(data_url, catalog_hash) {
+  const data = cvmfs.fetcher.downloadCatalog(data_url, catalog_hash.download_handle);
+
+  const data_hex = cvmfs.util.stringToHex(data);
+  const data_hash = cvmfs.util.digestHex(data_hex, catalog_hash.alg);
+  if (data_hash !== catalog_hash.hex) return undefined;
+
+  const db_data = pako.inflate(data);
+  return new SQL.Database(db_data);
 };

cvmfs/repo.js

@@ -11,7 +11,7 @@ cvmfs.repo = function(base_url, repo_name) {
   const master_keys = cvmfs.getMasterKeys();
   for (const key of master_keys) {
     whitelist_verified = key.verifyRawWithMessageHex(
-      cvmfs.util.stringToHex(this._whitelist.metadata_hash),
+      cvmfs.util.stringToHex(this._whitelist.metadata_hash.download_handle),
       this._whitelist.signature_hex
     );
     if (whitelist_verified) break;
@@ -21,17 +21,61 @@ cvmfs.repo = function(base_url, repo_name) {
   /* verify certificate fingerprint */
   const now = new Date();
   if (now >= this._whitelist.expiry_date) return undefined;
-  const fingerprint = KJUR.crypto.Util.hashHex(this._certificate.hex, 'sha1');
-  if (fingerprint !== this._whitelist.certificate_fingerprint) return undefined;
+  const fingerprint = cvmfs.util.digestHex(this._certificate.hex, this._whitelist.certificate_fingerprint.alg);
+  if (fingerprint !== this._whitelist.certificate_fingerprint.hex) return undefined;
 
   /* verify manifest signature */
   const signature = new KJUR.crypto.Signature({alg: 'SHA1withRSA'});
   signature.init(this._certificate.getPublicKey());
-  signature.updateString(this._manifest.metadata_hash);
+  signature.updateString(this._manifest.metadata_hash.download_handle);
   if (!signature.verify(this._manifest.signature_hex)) return undefined;
 };
 
 cvmfs.repo.prototype = {
+  _catalog: null,
+  _catalog_stats: null,
+  _catalog_properties: null,
+  _getCatalog: function() {
+    if (this._catalog === null) {
+      this._catalog = cvmfs.fetcher.fetchCatalog(this._data_url, this._manifest.catalog_hash);
+    }
+    return this._catalog;
+  },
+  getCatalogStats: function() {
+    if (this._catalog_stats === null) {
+      const catalog = this._getCatalog();
+      const result = catalog.exec("SELECT * FROM STATISTICS")[0].values;
+
+      this._catalog_stats = {};
+      for (const row of result) {
+        const counter = row[0];
+        const value = row[1];
+        this._catalog_stats[counter] = value;
+      }
+    }
+    return this._catalog_stats;
+  },
+  getCatalogProperties: function() {
+    if (this._catalog_properties === null) {
+      const catalog = this._getCatalog();
+      const result = catalog.exec("SELECT * FROM PROPERTIES")[0].values;
+
+      this._catalog_properties = {};
+      for (const row of result) {
+        const counter = row[0];
+
+        var value = row[1];
+        if (/^\d+$/.test(value)) { // if value is base-10 integer
+          value = parseInt(value);
+        } else if (/^\d+\.?\d*$/.test(value)) { // if value is float
+          value = parseFloat(value);
+        }
+
+        this._catalog_properties[counter] = value;
+      }
+    }
+    return this._catalog_properties;
+  },
   getManifest: function() { return this._manifest; },
   getWhitelist: function() { return this._whitelist; },
   getCertificate: function() { return this._certificate; }

cvmfs/util.js

@@ -14,4 +14,45 @@ cvmfs.util.stringToHex = function(str) {
     hex[i] = ('0' + byte.toString(16)).slice(-2);
   }
   return hex.join('');
+}
+
+cvmfs.util.hash = function(download_handle) {
+  this.download_handle = download_handle;
+
+  const hash_len = download_handle.search('-');
+  if (hash_len === -1) {
+    this.hex = download_handle;
+    this.alg = 'sha1';
+  } else {
+    this.hex = download_handle.substring(0, hash_len);
+    this.alg = download_handle.substring(hash_len + 1);
+  }
+}
+
+cvmfs.util.hash.prototype = {
+  hex: null,
+  alg: null,
+  download_handle: null
+};
+
+cvmfs.util.digestString = function(str, alg) {
+  if (alg === undefined) return undefined;
+  else if (alg === 'shake128') {
+    const shake128 = new jsSHA("SHAKE128", "TEXT");
+    shake128.update(str);
+    return shake128.getHash("HEX", {shakeLen: 160});
+  } else {
+    return KJUR.crypto.Util.hashString(str, alg);
+  }
+}
+
+cvmfs.util.digestHex = function(hex, alg) {
+  if (alg === undefined) return undefined;
+  else if (alg === 'shake128') {
+    const shake128 = new jsSHA("SHAKE128", "HEX");
+    shake128.update(hex);
+    return shake128.getHash("HEX", {shakeLen: 160});
+  } else {
+    return KJUR.crypto.Util.hashHex(hex, alg);
+  }
 }

emcc-cvmfs

@@ -8,7 +8,9 @@ THIRD_PARTY_DIR=$SRC_DIR/third_party
 emcc $* \
     -s WASM=0 \
     --pre-js $THIRD_PARTY_DIR/jsrsasign-all-min.js \
+    --pre-js $THIRD_PARTY_DIR/sha3.js \
     --pre-js $THIRD_PARTY_DIR/pako_inflate.min.js \
+    --pre-js $THIRD_PARTY_DIR/sql.js \
     --pre-js $CVMFS_DIR/cvmfs.js \
     --pre-js $CVMFS_DIR/fetcher.js \
     --pre-js $CVMFS_DIR/master_keys.js \

fs/library_cvmfs.js

@@ -14,6 +14,9 @@ mergeInto(LibraryManager.library, {
       console.log(whitelist);
       console.log(certificate);
 
+      console.log(repo.getCatalogStats());
+      console.log(repo.getCatalogProperties());
+
       return CVMFS.createNode(null, '/', {{{ cDefine('S_IFDIR') }}} | 0777);
     },
     createNode: function(parent, name, mode) {

tests/data/cvmfspublished-shake128

@@ -13,16 +13,29 @@ tests.runTest(function test_parseManifest() {
   const manifest = cvmfs.fetcher.parseManifest(data, repo_name);
   chai.assert.strictEqual(manifest.has_alt_catalog_path, false);
   chai.assert.strictEqual(manifest.catalog_size, 18432);
-  chai.assert.strictEqual(manifest.catalog_hash, '34ec515941acb52652ac2c448407caebca2bfe49');
+  chai.assert.strictEqual(manifest.catalog_hash.hex, '34ec515941acb52652ac2c448407caebca2bfe49');
   chai.assert.strictEqual(manifest.ttl, 240);
   chai.assert.strictEqual(manifest.garbage_collectable, false);
-  chai.assert.strictEqual(manifest.history_hash, 'e615b5a83d3a20120199ba05afe4ffcbef07714a');
-  chai.assert.strictEqual(manifest.json_hash, 'decf358874358c4f313db997d36a3b8e3d62622e');
+  chai.assert.strictEqual(manifest.history_hash.hex, 'e615b5a83d3a20120199ba05afe4ffcbef07714a');
+  chai.assert.strictEqual(manifest.json_hash.hex, 'decf358874358c4f313db997d36a3b8e3d62622e');
   chai.assert.strictEqual(manifest.repository_name, repo_name);
   chai.assert.strictEqual(manifest.root_hash, 'd41d8cd98f00b204e9800998ecf8427e');
   chai.assert.strictEqual(manifest.revision, 10);
   chai.assert.strictEqual(manifest.published_timestamp, 1525779612);
-  chai.assert.strictEqual(manifest.certificate_hash, 'f03e97f4586869a417dadd56ff206c8ba9566284');
-  chai.assert.strictEqual(manifest.metadata_hash, '92db4f64d030df3a32bb18233b4b933511c20d9c');
+  chai.assert.strictEqual(manifest.certificate_hash.hex, 'f03e97f4586869a417dadd56ff206c8ba9566284');
+  chai.assert.strictEqual(manifest.metadata_hash.hex, '92db4f64d030df3a32bb18233b4b933511c20d9c');
   chai.assert.strictEqual(manifest.signature_hex, 'b8f34fa30053d1ea3a440ad6c8a7d0b684182fbccabca531674059fcf1f83a5e5535e428983ede29d38c8c87741c1bd700ec8ee1315bea6d9b6aca5159460c7e889a62c137d90ce4ea6d0d8413ec86dd521b57544f456411df49e9791a9c3a8955a14e8bddd1a5e52cd8dc9d7c28bb6cf76e9b1dc11b8009dde2a78b340303e9913dbc36dc4520438bf2a402cc1efca1e938082a7235136238d880d1c8fca4add6755ae53887237841f46a7aa72b0d98c43f890dd724cdcd7a1cacd7f6aaf95c9f7f26c2b224e811ec0ed1734246bb745e0410086938b6acafc43d00496de1091a8eb3e42a801cd0a07db89283d362972f702d8048d1d7ad9d994693053a80d7');
+});
+
+tests.runTest(function test_parseManifestShake128() {
+  const data = tests.readFile('data/cvmfspublished-shake128');
+  const repo_name = 'emscripten.cvmfs.io';
+
+  const manifest = cvmfs.fetcher.parseManifest(data, repo_name);
+  chai.assert.strictEqual(manifest.catalog_hash.hex, '08b158e37829afbb15a0d8f78885b91941b16df2');
+  chai.assert.strictEqual(manifest.history_hash.hex, 'c0bb8dd94b8b2ccdf7df816e6d1dfd2af07c3ea9');
+  chai.assert.strictEqual(manifest.json_hash.hex, 'decf358874358c4f313db997d36a3b8e3d62622e');
+  chai.assert.strictEqual(manifest.certificate_hash.hex, 'f223b5c0af62e4e494f6c1cd629ef39163b1a32d');
+  chai.assert.strictEqual(manifest.metadata_hash.hex, '984a2eb4ac636675caceec3df39e53012dffa6e4');
+  chai.assert.strictEqual(manifest.signature_hex, 'a065622a4619cce396670f6688970765d1ef82453a9f9a8a4c13fe84f13df2facb2b284bab09ccf3e0a9f5f6ee4a381047cc446a3c45fb2326ee842f6a71140d3036d96ce74a295457df48a517a4242d7bdb21baf931c1666d272e204df24d6852619695b359f83dbefd105743fb0bd65a679910430a4f1a63f4d0aa534543c661066e2794a898e161f27da53161362936d63fc83015dd8ae64c953089d0223310ef732452c41d6f4a8f519df01d5795fa9008049524b85d728c3bf3a752d4f4c8e378f0e8121f264c80f1ec3e7d70238676dd70a75ad84960f4d5af970c63c0166983ca40d90ea84dc3517de71100a791b28db58c914c63c0241a231a659e2a');
 });

tests/data/cvmfswhitelist-shake128

@@ -16,4 +16,14 @@ tests.runTest(function parseWhitelist() {
   chai.assert.strictEqual(whitelist.certificate_fingerprint, 'fc97541ac39e72cac9bfd7b27b3cf54c3c2a35b9');
   chai.assert.strictEqual(whitelist.metadata_hash, 'b04ddf54b894e03d7b6fe2ab9e26f0161229dc7d');
   chai.assert.strictEqual(whitelist.signature_hex, 'b0d8d8f9b7d6a1dfceed6e5995c6f56b716a5e54fc4121da1c74da0ff4bc97805001ef2ec502a10e52921f72d0e81efa3a83541a0d59c99c29cf4e627ea9f233debde50ffc3ecacc354a345745cf3d487ac6ee3b550facaab50380eea992bbaeb7681a39bc48c5b0b9ac6f9a613b9d15c3198168621c9a75d832d04ccaab203617858e5985169b0a18130bcdc0c113b5f92611b289c4eb53f74e7813584c9b02620fa2113a5e7328d3fb65fb43c66d3edaffc02005c47326719005035c98f53555156b444f0cf3a3e56a7efed1c1ebce740bf13de7e8040f72e187b7ed642ab0402b35c7f07222b673f72cd5cdf81c70b7a8ce139c2eddd445c88f830fb6297f');
+});
+
+tests.runTest(function parseWhitelistShake128() {
+  const data = tests.readFile('data/cvmfswhitelist-shake128');
+  const repo_name = 'emscripten.cvmfs.io';
+
+  const whitelist = cvmfs.fetcher.parseWhitelist(data, repo_name);
+  chai.assert.strictEqual(whitelist.certificate_fingerprint.hex, '2d63ea98499ed1041fca8359c7989dc28c171edf');
+  chai.assert.strictEqual(whitelist.metadata_hash.hex, 'c6e2ed2dd9e768601f5621ebcc5b6b058a624282');
+  chai.assert.strictEqual(whitelist.signature_hex, '49a9d8bf0520f84b8040347b8170b005f5235cb509e80e4f5631866b56e510562809369a5c664edfb402e9a772b471266062506e7890c778bed41abf2a71f9577d4182b3cc2257480787c985f489a26f590b41926d59145fac4b68b8509670385a2522c59016e128bd12165b7ea2a7ac4812a9653637773672fc149962fec4d1abf4df9b68dabca54ed46c55bdfa906155a16ea5872446c14ec82dbdd706d6c2efc7d6e1f4abae75be87b84cecfd898fbdcc81843043252edc8a0cad0027ad7e525db1adaf7830ba316d6b96695d3a2e194e6b857aa80cd694501831305699339ffa6847571662606b76b91b6cb9874298a90bfc338c98a4327d453b4ea76ddf');
 });