diff options
author | Ludovic Courtès <ludo@gnu.org> | 2014-03-22 22:38:23 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2014-03-22 22:57:10 +0100 |
commit | 9dbe6e43ea9f7d2afccc3c9febcd7f399e819f01 (patch) | |
tree | 08ed217ba43c462a12ac1c65da266457ead4744f | |
parent | ed1aff038a5be5f55a6b230fede7566b6f93d126 (diff) | |
download | patches-9dbe6e43ea9f7d2afccc3c9febcd7f399e819f01.tar patches-9dbe6e43ea9f7d2afccc3c9febcd7f399e819f01.tar.gz |
authenticate: Move actual work to separate procedures.
* guix/scripts/authenticate.scm (read-canonical-sexp): Change to expect
a port instead of a file name.
(read-hash-data): Likewise.
(sign-with-key, validate-signature): New procedures.
(guix-authenticate): Rewrite in terms of these two procedures.
-rw-r--r-- | guix/scripts/authenticate.scm | 86 |
1 files changed, 48 insertions, 38 deletions
diff --git a/guix/scripts/authenticate.scm b/guix/scripts/authenticate.scm index 927dbe8afc..8bc148d730 100644 --- a/guix/scripts/authenticate.scm +++ b/guix/scripts/authenticate.scm @@ -34,18 +34,53 @@ ;;; ;;; Code: -(define (read-canonical-sexp file) - "Read a gcrypt sexp from FILE and return it." - (call-with-input-file file - (compose string->canonical-sexp get-string-all))) +(define read-canonical-sexp + ;; Read a gcrypt sexp from a port and return it. + (compose string->canonical-sexp get-string-all)) -(define (read-hash-data file key-type) - "Read sha256 hash data from FILE and return it as a gcrypt sexp. KEY-TYPE +(define (read-hash-data port key-type) + "Read sha256 hash data from PORT and return it as a gcrypt sexp. KEY-TYPE is a symbol representing the type of public key algo being used." - (let* ((hex (call-with-input-file file get-string-all)) + (let* ((hex (get-string-all port)) (bv (base16-string->bytevector (string-trim-both hex)))) (bytevector->hash-data bv #:key-type key-type))) +(define (sign-with-key key-file port) + "Sign the hash read from PORT with KEY-FILE, and write an sexp that includes +both the hash and the actual signature." + (let* ((secret-key (call-with-input-file key-file read-canonical-sexp)) + (public-key (if (string-suffix? ".sec" key-file) + (call-with-input-file + (string-append (string-drop-right key-file 4) + ".pub") + read-canonical-sexp) + (leave + (_ "cannot find public key for secret key '~a'~%") + key-file))) + (data (read-hash-data port (key-type public-key))) + (signature (signature-sexp data secret-key public-key))) + (display (canonical-sexp->string signature)) + #t)) + +(define (validate-signature port) + "Read the signature from PORT (which is as produced above), check whether +its public key is authorized, verify the signature, and print the signed data +to stdout upon success." + (let* ((signature (read-canonical-sexp port)) + (subject (signature-subject signature)) + (data (signature-signed-data signature))) + (if (and data subject) + (if (authorized-key? subject) + (if (valid-signature? signature) + (let ((hash (hash-data->bytevector data))) + (display (bytevector->base16-string hash)) + #t) ; success + (leave (_ "error: invalid signature: ~a~%") + (canonical-sexp->string signature))) + (leave (_ "error: unauthorized public key: ~a~%") + (canonical-sexp->string subject))) + (leave (_ "error: corrupt signature data: ~a~%") + (canonical-sexp->string signature))))) ;;; ;;; Entry point with 'openssl'-compatible interface. We support this @@ -56,38 +91,13 @@ is a symbol representing the type of public key algo being used." (define (guix-authenticate . args) (match args (("rsautl" "-sign" "-inkey" key "-in" hash-file) - ;; Sign the hash in HASH-FILE with KEY, and return an sexp that includes - ;; both the hash and the actual signature. - (let* ((secret-key (read-canonical-sexp key)) - (public-key (if (string-suffix? ".sec" key) - (read-canonical-sexp - (string-append (string-drop-right key 4) ".pub")) - (leave - (_ "cannot find public key for secret key '~a'~%") - key))) - (data (read-hash-data hash-file (key-type public-key))) - (signature (signature-sexp data secret-key public-key))) - (display (canonical-sexp->string signature)) - #t)) + (call-with-input-file hash-file + (lambda (port) + (sign-with-key key port)))) (("rsautl" "-verify" "-inkey" _ "-pubin" "-in" signature-file) - ;; Read the signature as produced above, check whether its public key is - ;; authorized, and verify the signature, and print the signed data to - ;; stdout upon success. - (let* ((signature (read-canonical-sexp signature-file)) - (subject (signature-subject signature)) - (data (signature-signed-data signature))) - (if (and data subject) - (if (authorized-key? subject) - (if (valid-signature? signature) - (let ((hash (hash-data->bytevector data))) - (display (bytevector->base16-string hash)) - #t) ; success - (leave (_ "error: invalid signature: ~a~%") - (canonical-sexp->string signature))) - (leave (_ "error: unauthorized public key: ~a~%") - (canonical-sexp->string subject))) - (leave (_ "error: corrupt signature data: ~a~%") - (canonical-sexp->string signature))))) + (call-with-input-file signature-file + (lambda (port) + (validate-signature port)))) (("--help") (display (_ "Usage: guix authenticate OPTION... Sign or verify the signature on the given file. This tool is meant to |