diff options
author | Ludovic Courtès <ludo@gnu.org> | 2013-12-29 15:55:38 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2013-12-29 15:57:24 +0100 |
commit | 96e5085c8113a8ccfdb627b8e2efe30364a86563 (patch) | |
tree | f58a9358bc1e19b676a151b8ef0c0e37c9930e93 | |
parent | 8b420f74e40a928493ce6afefe2c99144a4ecbb3 (diff) | |
download | guix-96e5085c8113a8ccfdb627b8e2efe30364a86563.tar guix-96e5085c8113a8ccfdb627b8e2efe30364a86563.tar.gz |
authenticate: Disallow imports signed with unauthorized keys.
* guix/scripts/authenticate.scm (signature-sexp): Remove.
(guix-authenticate): Upon '-verify', check whether the signature's
public key passes 'authorized-key?'.
-rw-r--r-- | guix/scripts/authenticate.scm | 43 |
1 files changed, 20 insertions, 23 deletions
diff --git a/guix/scripts/authenticate.scm b/guix/scripts/authenticate.scm index 7e1c2a4671..cefa035953 100644 --- a/guix/scripts/authenticate.scm +++ b/guix/scripts/authenticate.scm @@ -20,6 +20,7 @@ #:use-module (guix config) #:use-module (guix utils) #:use-module (guix pk-crypto) + #:use-module (guix pki) #:use-module (guix ui) #:use-module (rnrs io ports) #:use-module (ice-9 match) @@ -44,17 +45,6 @@ (bv (base16-string->bytevector (string-trim-both hex)))) (bytevector->hash-data bv))) -(define (signature-sexp data secret-key public-key) - "Return a SPKI-style sexp for the signature of DATA with SECRET-KEY that -includes DATA, the actual signature value (with a 'sig-val' tag), and -PUBLIC-KEY (see <http://theworld.com/~cme/spki.txt> for examples.)" - (string->canonical-sexp - (format #f - "(signature ~a ~a ~a)" - (canonical-sexp->string data) - (canonical-sexp->string (sign data secret-key)) - (canonical-sexp->string public-key)))) - ;;; ;;; Entry point with 'openssl'-compatible interface. We support this @@ -77,23 +67,30 @@ PUBLIC-KEY (see <http://theworld.com/~cme/spki.txt> for examples.)" (signature (signature-sexp data secret-key public-key))) (display (canonical-sexp->string signature)) #t)) - (("rsautl" "-verify" "-inkey" key "-pubin" "-in" signature-file) - ;; Read the signature as produced above, check it against KEY, and print - ;; the signed data to stdout upon success. - (let* ((public-key (read-canonical-sexp key)) - (sig+data (read-canonical-sexp signature-file)) + (("rsautl" "-verify" "-inkey" _ "-pubin" "-in" signature-file) + ;; Read the signature as produced above, check whether its public key is + ;; authorized, and verify the signature, and print the signed data to + ;; stdout upon success. + (let* ((sig+data (read-canonical-sexp signature-file)) + (public-key (find-sexp-token sig+data 'public-key)) (data (find-sexp-token sig+data 'data)) (signature (find-sexp-token sig+data 'sig-val))) (if (and data signature) - (if (verify signature data public-key) - (begin - (display (bytevector->base16-string - (hash-data->bytevector data))) - #t) ; success + (if (authorized-key? public-key) + (if (verify signature data public-key) + (begin + (display (bytevector->base16-string + (hash-data->bytevector data))) + #t) ; success + (begin + (format (current-error-port) + "error: invalid signature: ~a~%" + (canonical-sexp->string signature)) + (exit 1))) (begin (format (current-error-port) - "error: invalid signature: ~a~%" - (canonical-sexp->string signature)) + "error: unauthorized public key: ~a~%" + (canonical-sexp->string public-key)) (exit 1))) (begin (format (current-error-port) |