2013-12-20 17:17:42 +01:00
|
|
|
|
;;; GNU Guix --- Functional package management for GNU
|
|
|
|
|
|
;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
|
|
|
|
|
|
;;;
|
|
|
|
|
|
;;; This file is part of GNU Guix.
|
|
|
|
|
|
;;;
|
|
|
|
|
|
;;; GNU Guix is free software; you can redistribute it and/or modify it
|
|
|
|
|
|
;;; under the terms of the GNU General Public License as published by
|
|
|
|
|
|
;;; the Free Software Foundation; either version 3 of the License, or (at
|
|
|
|
|
|
;;; your option) any later version.
|
|
|
|
|
|
;;;
|
|
|
|
|
|
;;; GNU Guix is distributed in the hope that it will be useful, but
|
|
|
|
|
|
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
|
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
|
;;; GNU General Public License for more details.
|
|
|
|
|
|
;;;
|
|
|
|
|
|
;;; You should have received a copy of the GNU General Public License
|
|
|
|
|
|
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
|
|
|
|
(define-module (guix scripts authenticate)
|
|
|
|
|
|
#:use-module (guix config)
|
|
|
|
|
|
#:use-module (guix utils)
|
|
|
|
|
|
#:use-module (guix pk-crypto)
|
2013-12-29 15:55:38 +01:00
|
|
|
|
#:use-module (guix pki)
|
2013-12-20 17:17:42 +01:00
|
|
|
|
#:use-module (guix ui)
|
|
|
|
|
|
#:use-module (rnrs io ports)
|
|
|
|
|
|
#:use-module (ice-9 match)
|
|
|
|
|
|
#:export (guix-authenticate))
|
|
|
|
|
|
|
|
|
|
|
|
;;; Commentary:
|
|
|
|
|
|
;;;
|
|
|
|
|
|
;;; This program is used internally by the daemon to sign exported archive
|
|
|
|
|
|
;;; (the 'export-paths' RPC), and to authenticate imported archives (the
|
|
|
|
|
|
;;; 'import-paths' RPC.)
|
|
|
|
|
|
;;;
|
|
|
|
|
|
;;; Code:
|
|
|
|
|
|
|
2013-12-27 23:32:26 +01:00
|
|
|
|
(define (read-canonical-sexp file)
|
2013-12-20 17:17:42 +01:00
|
|
|
|
"Read a gcrypt sexp from FILE and return it."
|
|
|
|
|
|
(call-with-input-file file
|
2013-12-27 23:32:26 +01:00
|
|
|
|
(compose string->canonical-sexp get-string-all)))
|
2013-12-20 17:17:42 +01:00
|
|
|
|
|
|
|
|
|
|
(define (read-hash-data file)
|
|
|
|
|
|
"Read sha256 hash data from FILE and return it as a gcrypt sexp."
|
|
|
|
|
|
(let* ((hex (call-with-input-file file get-string-all))
|
|
|
|
|
|
(bv (base16-string->bytevector (string-trim-both hex))))
|
|
|
|
|
|
(bytevector->hash-data bv)))
|
|
|
|
|
|
|
|
|
|
|
|
�
|
|
|
|
|
|
;;;
|
|
|
|
|
|
;;; Entry point with 'openssl'-compatible interface. We support this
|
|
|
|
|
|
;;; interface because that's what the daemon expects, and we want to leave it
|
|
|
|
|
|
;;; unmodified currently.
|
|
|
|
|
|
;;;
|
|
|
|
|
|
|
|
|
|
|
|
(define (guix-authenticate . args)
|
|
|
|
|
|
(match args
|
|
|
|
|
|
(("rsautl" "-sign" "-inkey" key "-in" hash-file)
|
|
|
|
|
|
;; Sign the hash in HASH-FILE with KEY, and return an sexp that includes
|
|
|
|
|
|
;; both the hash and the actual signature.
|
2013-12-27 23:32:26 +01:00
|
|
|
|
(let* ((secret-key (read-canonical-sexp key))
|
2013-12-28 00:42:07 +01:00
|
|
|
|
(public-key (if (string-suffix? ".sec" key)
|
|
|
|
|
|
(read-canonical-sexp
|
|
|
|
|
|
(string-append (string-drop-right key 4) ".pub"))
|
|
|
|
|
|
(leave (_ "cannot find public key for secret key '~a'")
|
|
|
|
|
|
key)))
|
|
|
|
|
|
(data (read-hash-data hash-file))
|
|
|
|
|
|
(signature (signature-sexp data secret-key public-key)))
|
|
|
|
|
|
(display (canonical-sexp->string signature))
|
2013-12-20 17:17:42 +01:00
|
|
|
|
#t))
|
2013-12-29 15:55:38 +01:00
|
|
|
|
(("rsautl" "-verify" "-inkey" _ "-pubin" "-in" signature-file)
|
|
|
|
|
|
;; Read the signature as produced above, check whether its public key is
|
|
|
|
|
|
;; authorized, and verify the signature, and print the signed data to
|
|
|
|
|
|
;; stdout upon success.
|
|
|
|
|
|
(let* ((sig+data (read-canonical-sexp signature-file))
|
|
|
|
|
|
(public-key (find-sexp-token sig+data 'public-key))
|
2013-12-28 00:42:07 +01:00
|
|
|
|
(data (find-sexp-token sig+data 'data))
|
2013-12-20 17:17:42 +01:00
|
|
|
|
(signature (find-sexp-token sig+data 'sig-val)))
|
|
|
|
|
|
(if (and data signature)
|
2013-12-29 15:55:38 +01:00
|
|
|
|
(if (authorized-key? public-key)
|
|
|
|
|
|
(if (verify signature data public-key)
|
|
|
|
|
|
(begin
|
|
|
|
|
|
(display (bytevector->base16-string
|
|
|
|
|
|
(hash-data->bytevector data)))
|
|
|
|
|
|
#t) ; success
|
|
|
|
|
|
(begin
|
|
|
|
|
|
(format (current-error-port)
|
|
|
|
|
|
"error: invalid signature: ~a~%"
|
|
|
|
|
|
(canonical-sexp->string signature))
|
|
|
|
|
|
(exit 1)))
|
2013-12-20 17:17:42 +01:00
|
|
|
|
(begin
|
|
|
|
|
|
(format (current-error-port)
|
2013-12-29 15:55:38 +01:00
|
|
|
|
"error: unauthorized public key: ~a~%"
|
|
|
|
|
|
(canonical-sexp->string public-key))
|
2013-12-20 17:17:42 +01:00
|
|
|
|
(exit 1)))
|
|
|
|
|
|
(begin
|
|
|
|
|
|
(format (current-error-port)
|
|
|
|
|
|
"error: corrupt signature data: ~a~%"
|
2013-12-27 23:32:26 +01:00
|
|
|
|
(canonical-sexp->string sig+data))
|
2013-12-20 17:17:42 +01:00
|
|
|
|
(exit 1)))))
|
|
|
|
|
|
(("--help")
|
|
|
|
|
|
(display (_ "Usage: guix authenticate OPTION...
|
|
|
|
|
|
Sign or verify the signature on the given file. This tool is meant to
|
|
|
|
|
|
be used internally by 'guix-daemon'.\n")))
|
|
|
|
|
|
(("--version")
|
|
|
|
|
|
(show-version-and-exit "guix authenticate"))
|
|
|
|
|
|
(else
|
|
|
|
|
|
(leave (_ "wrong arguments")))))
|
|
|
|
|
|
|
|
|
|
|
|
;;; authenticate.scm ends here
|
