aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2013-12-29 15:55:38 +0100
committerLudovic Courtès <ludo@gnu.org>2013-12-29 15:57:24 +0100
commit96e5085c8113a8ccfdb627b8e2efe30364a86563 (patch)
treef58a9358bc1e19b676a151b8ef0c0e37c9930e93
parent8b420f74e40a928493ce6afefe2c99144a4ecbb3 (diff)
downloadguix-96e5085c8113a8ccfdb627b8e2efe30364a86563.tar
guix-96e5085c8113a8ccfdb627b8e2efe30364a86563.tar.gz
authenticate: Disallow imports signed with unauthorized keys.
* guix/scripts/authenticate.scm (signature-sexp): Remove. (guix-authenticate): Upon '-verify', check whether the signature's public key passes 'authorized-key?'.
-rw-r--r--guix/scripts/authenticate.scm43
1 files changed, 20 insertions, 23 deletions
diff --git a/guix/scripts/authenticate.scm b/guix/scripts/authenticate.scm
index 7e1c2a4671..cefa035953 100644
--- a/guix/scripts/authenticate.scm
+++ b/guix/scripts/authenticate.scm
@@ -20,6 +20,7 @@
#:use-module (guix config)
#:use-module (guix utils)
#:use-module (guix pk-crypto)
+ #:use-module (guix pki)
#:use-module (guix ui)
#:use-module (rnrs io ports)
#:use-module (ice-9 match)
@@ -44,17 +45,6 @@
(bv (base16-string->bytevector (string-trim-both hex))))
(bytevector->hash-data bv)))
-(define (signature-sexp data secret-key public-key)
- "Return a SPKI-style sexp for the signature of DATA with SECRET-KEY that
-includes DATA, the actual signature value (with a 'sig-val' tag), and
-PUBLIC-KEY (see <http://theworld.com/~cme/spki.txt> for examples.)"
- (string->canonical-sexp
- (format #f
- "(signature ~a ~a ~a)"
- (canonical-sexp->string data)
- (canonical-sexp->string (sign data secret-key))
- (canonical-sexp->string public-key))))
-
;;;
;;; Entry point with 'openssl'-compatible interface. We support this
@@ -77,23 +67,30 @@ PUBLIC-KEY (see <http://theworld.com/~cme/spki.txt> for examples.)"
(signature (signature-sexp data secret-key public-key)))
(display (canonical-sexp->string signature))
#t))
- (("rsautl" "-verify" "-inkey" key "-pubin" "-in" signature-file)
- ;; Read the signature as produced above, check it against KEY, and print
- ;; the signed data to stdout upon success.
- (let* ((public-key (read-canonical-sexp key))
- (sig+data (read-canonical-sexp signature-file))
+ (("rsautl" "-verify" "-inkey" _ "-pubin" "-in" signature-file)
+ ;; Read the signature as produced above, check whether its public key is
+ ;; authorized, and verify the signature, and print the signed data to
+ ;; stdout upon success.
+ (let* ((sig+data (read-canonical-sexp signature-file))
+ (public-key (find-sexp-token sig+data 'public-key))
(data (find-sexp-token sig+data 'data))
(signature (find-sexp-token sig+data 'sig-val)))
(if (and data signature)
- (if (verify signature data public-key)
- (begin
- (display (bytevector->base16-string
- (hash-data->bytevector data)))
- #t) ; success
+ (if (authorized-key? public-key)
+ (if (verify signature data public-key)
+ (begin
+ (display (bytevector->base16-string
+ (hash-data->bytevector data)))
+ #t) ; success
+ (begin
+ (format (current-error-port)
+ "error: invalid signature: ~a~%"
+ (canonical-sexp->string signature))
+ (exit 1)))
(begin
(format (current-error-port)
- "error: invalid signature: ~a~%"
- (canonical-sexp->string signature))
+ "error: unauthorized public key: ~a~%"
+ (canonical-sexp->string public-key))
(exit 1)))
(begin
(format (current-error-port)