aboutsummaryrefslogtreecommitdiff
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2022 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (test-pki)
  #:use-module (guix pki)
  #:use-module (gcrypt pk-crypto)
  #:use-module (gcrypt hash)
  #:use-module (rnrs io ports)
  #:use-module (srfi srfi-64))

;; Test the (guix pki) module.

(define %public-key
  (call-with-input-file %public-key-file
    (compose string->canonical-sexp get-string-all)))

(define %secret-key
  (call-with-input-file %private-key-file
    (compose string->canonical-sexp get-string-all)))

(define %alternate-secret-key
  (string->canonical-sexp
   "
  (key-data
   (public-key
    (rsa
     (n #00FDBF170366AC43B7D95CF9085565C566FB1F21B17C0A36E68F35ABB500E7851E00B40D7B04C8CD25903371F38E4C298FACEFFC4C97E913B536A0672BAF99D04515AE98A1A56627CD7EB02502FCFBEEA21AF13CC1A853192AD6409B9EFBD9F549BDE32BD890AE01F9A221E81FEE1C407090550647790E0D60775B855E181C2FB5#)
     (e #010001#)))
   (private-key
    (rsa
     (n #00FDBF170366AC43B7D95CF9085565C566FB1F21B17C0A36E68F35ABB500E7851E00B40D7B04C8CD25903371F38E4C298FACEFFC4C97E913B536A0672BAF99D04515AE98A1A56627CD7EB02502FCFBEEA21AF13CC1A853192AD6409B9EFBD9F549BDE32BD890AE01F9A221E81FEE1C407090550647790E0D60775B855E181C2FB5#)
     (e #010001#)
     (d #2790250C2E74C2FD361A99288BBA19B878048F5A0F333F829CC71B3DD64582DB9DF3F4DB1EB0994DD7493225EDA4A1E1492F44D903617FA5643E47BFC7BA157EF48B492AB51229916B02DDBDA0E7DBC7B35A6B8332AB463DC61951CA694551A9760F5A836A375D39E3EA8F2C502A3B5D89CB8777A809B75D603BE7511CEB74E9#)
     (p #00FE15B1751E1C31125B724FF37462F9476239A2AFF4192FAB1550F76928C8D02407F4F5EFC83F7A0AF51BD93399DDC06A4B54DFA60A7079F160A9F618C0148AD9#)
     (q #00FFA8BE7005AAB7401B0926CD9D6AC30BC9BE7D12C8737C9438498A999F56BE9F5EA98B4D7F5364BEB6D550A5AEDDE34C1EC152C9DAF61A97FDE71740C73BAA3D#)
     (u #00FD4050EF4F31B41EC81C28E18D205DFFB3C188F15D8BBA300E30AD8B5C4D3E392EFE10269FC115A538B19F4025973AB09B6650A7FF97DA833FB726F3D8819319#))))"))

(test-begin "pki")

(test-assert "current-acl"
  (not (not (member (canonical-sexp->sexp %public-key)
                    (map canonical-sexp->sexp
                         (acl->public-keys (current-acl)))))))

(test-assert "authorized-key? public-key current-acl"
  (authorized-key? %public-key))

(test-assert "authorized-key? public-key empty-acl"
  (not (authorized-key? %public-key (public-keys->acl '()))))

(test-assert "authorized-key? public-key singleton"
  (authorized-key? %public-key (public-keys->acl (list %public-key))))

(test-equal "public-keys->acl deduplication"
  (public-keys->acl (list %public-key))
  (public-keys->acl (make-list 10 %public-key)))

(test-assert "signature-case valid-signature"
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %secret-key %public-key)))
   (signature-case (sig hash (public-keys->acl (list %public-key)))
     (valid-signature #t)
     (else #f))))

(test-eq "signature-case invalid-signature" 'i
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %alternate-secret-key %public-key)))
    (signature-case (sig hash (public-keys->acl (list %public-key)))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-eq "signature-case hash-mismatch" 'm
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %secret-key %public-key)))
    (signature-case (sig (sha256 #vu8())
                         (public-keys->acl (list %public-key)))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-eq "signature-case unauthorized-key" 'u
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %secret-key %public-key)))
    (signature-case (sig hash (public-keys->acl '()))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-eq "signature-case corrupt-signature" 'c
  (let* ((hash (sha256 #vu8(1 2 3)))
         (sig  (string->canonical-sexp "(w tf)")))
    (signature-case (sig hash (public-keys->acl (list %public-key)))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-end)
generated by cgit
at contains Linux-swap support in (gnu build file-systems). * gnu/installer/parted.scm (user-partitions->configuration): Use UUIDs in the 'swap-devices' field. * gnu/installer/newt/final.scm (run-final-page)[wait-for-clients]: New procedure. Use it. * gnu/installer/tests.scm (choose-partitioning): Wait for 'starting-final-step' message and move configuration file dialog handling to... (conclude-installation): ... here. Send over PORT the reply corresponding to 'starting-final-step'. * gnu/tests/install.scm (gui-test-program): When ENCRYPTED? is false, invoke 'swaplabel' in the marionette. (installation-target-os-for-gui-tests): When ENCRYPTED? is false, except a fixed UUID. Ludovic Courtès 2020-10-28installer: Log partition formatting....* gnu/installer/newt/partition.scm (run-partitioning-page): Add 'syslog' call. Ludovic Courtès 2020-10-23installer: Make the network management selection window tighter....* gnu/installer/newt/services.scm (run-network-management-page): Pass #:listbox-height. Ludovic Courtès 2020-10-13installer: Add Emacs EXWM desktop environment....Suggested by zenny via IRC. * gnu/installer/services.scm (%system-services): Add emacs, emacs-exwm, emacs-desktop-environment. * etc/release-manifest.scm (%system-packages): Likewise. * gnu/system/examples/lightweight-desktop.tmpl: Likewise. * gnu/tests/install.scm (installation-target-desktop-os-for-gui-tests) [packages]: Likewise * gnu/installer/newt/services.scm (run-desktop-environments-cbt-page): Make one entry taller. Jan (janneke) Nieuwenhuizen 2020-09-21installer: Rename RUN-PARTIONING-PAGE....* gnu/installer/newt/partition.scm (run-partioning-page): Rename to run-partitioning-page. Adjust all callers. Tobias Geerinckx-Rice 2020-09-21installer: Fix docstring typoes....* gnu/installer/connman.scm (connman-state, run-locale-page) (start-swapping, stop-swapping, run-installer-steps): Fix typo in docstring. Tobias Geerinckx-Rice 2020-09-02installer: Run the installation inside a container....When the store overlay is mounted, other processes such as kmscon, udev and guix-daemon may open files from the store, preventing the underlying install support from being umounted. See: https://lists.gnu.org/archive/html/guix-devel/2018-12/msg00161.html. To avoid this situation, mount the store overlay inside a container, and run the installation from within that container. * gnu/build/shepherd.scm (fork+exec-command/container): New procedure. * gnu/services/base.scm (guix-shepherd-service): Support an optional PID argument passed to the "start" method. If that argument is passed, ensure that guix-daemon enters the given PID MNT namespace by using fork+exec-command/container procedure. * gnu/installer/final.scm (umount-cow-store): Remove it, (install-system): run the installation from within a container. * gnu/installer/newt/final.scm (run-install-shell): Remove the display hack. Mathieu Othacehe 2020-07-26installer: Add NTFS support....This adds support for creating and editing NTFS partitions. It is however not possible yet to create root NTFS partitions, as overlaying on top of a fuse partition does not seem supported. * gnu/installer.scm (installer-program): Add "ntfs-3g" to the inputs. * gnu/installer/parted.scm (user-fs-type-name, user-fs-type->mount-type, partition-filesystem-user-type, create-ntfs-file-system, format-user-partitions): Add NTFS support. * gnu/installer/newt/partition.scm (run-fs-type-page): Add NTFS support. Mathieu Othacehe 2020-06-14installer: final: Make sure 'bold' font files are loaded....* gnu/installer/newt/final.scm (run-install-shell): Force kmscon to open 'bold' font files, before the cow-store overlay is mounted. Mathieu Othacehe 2020-04-09installer: Include empty variant in keyboard layout selection....Previously for Azerbaijani, no Latin layout but only the Cyrillic variant could be selected. * gnu/installer/newt/keymap.scm (add-empty-variant): New procedure. (run-keymap-page): Use it to insert an empty variant. Florian Pelz 2020-04-09installer: Allow Alt+Shift toggle from non-Latin keyboard layouts....Fixes <https://bugs.gnu.org/40493>. * gnu/installer/newt/keymap.scm (%non-latin-layouts): New variable. (%non-latin-variants): New variable. (%latin-layout+variants): New variable. (toggleable-latin-layout): New procedure to compute combined layouts. (run-keymap-page): Use it. (keyboard-layout->configuration): Apply it in config.scm. (run-layout-page): Mention Alt+Shift. * gnu/installer/keymap.scm (kmscon-update-keymap): Pass on XKB options. * gnu/installer/record.scm (<installer>): Adjust code comments. * gnu/installer.scm (apply-keymap): Pass on XKB options. (installer-steps): Adjust code comments. * gnu/packages/patches/kmscon-runtime-keymap-switch.patch: Apply XKB options. Florian Pelz 2020-04-08installer: Add proxy support....* gnu/installer/proxy.scm: New file. * gnu/local.mk (INSTALLER_MODULES): Add it. * po/guix/POTFILES.in: Add it. * gnu/installer/newt/parameters.scm (run-proxy-page): New procedure, (run-parameters-page): add the previous procedure to the parameters menu. Mathieu Othacehe 2020-04-08installer: Turn help menu into parameters menu....* gnu/local.mk (INSTALLER_MODULES): Rename help.scm into parameters.scm. * po/guix/POTFILES.in: Ditto. * gnu/installer/record.scm (<installer>): Rename help-menu into parameter-menu and help-page into parameters-page. * gnu/installer/newt/parameters.scm: Renamed from help.scm. Update information messages. * gnu/installer/newt.scm: Update accordingly. * gnu/installer/newt/keymap.scm: Ditto. Mathieu Othacehe 2020-04-07installer: Reduce height of the help window....* gnu/installer/newt/help.scm (run-help-page): Pass #:listbox-height. Ludovic Courtès 2020-04-06installer: Adapt to Guile-newt revision 2....* gnu/installer/newt/page.scm (run-input-page): Remove component argument that is not longer passed to the procedure passed to 'add-component-callback', (run-listbox-selection-page): ditto. * gnu/installer/newt/user.scm (run-user-add-page): Ditto, (run-user-add-page): ditto. Mathieu Othacehe 2020-04-06installer: Add a help page....* gnu/installer/newt/help.scm: New file. * gnu/local.mk (INSTALLER_MODULES): Add it. * po/guix/POTFILES.in: Add it. * gnu/installer/record.scm (<installer>): Add 'help-menu' and 'help-page' fields, (installer-help-menu, installer-help-page): new exported procedures. * gnu/installer/newt.scm (init): Set the help line, (help-menu, help-page): new procedures used ... (newt-installer): ... here. * gnu/installer/newt/keymap.scm (run-layout-page): Add a context argument to differenciate the help context from the main one, (run-keymap-page): add a context argument and pass it to run-layout-page. * gnu/installer.scm (compute-keymap-step): Add a context argument and pass it to 'installer-keymap-page', (installer-steps): set the help menu and pass the appropriate context to compute-keymap-step calls, (guile-newt): update to revision 2. Mathieu Othacehe 2020-03-05installer: Run commands without hopping through the shell....* gnu/installer/utils.scm (run-shell-command): Rename to... (run-command): Remove call to 'call-with-temporary-output-file' and hop through Bash. Expect COMMAND to be a list of strings rather than a string. * gnu/installer/final.scm (install-system): Turn INSTALL-COMMAND into a list of strings and pass it to 'run-command'. * gnu/installer/newt/page.scm (edit-file): Likewise. Ludovic Courtès 2020-03-05installer: Bypass connectivity check when /tmp/installer-assume-online exists....This is useful for automated tests. * gnu/installer/newt/network.scm (wait-service-online)[online?]: New procedure. Check for /tmp/installer-assume-online. Use it instead of 'connman-online?'. Ludovic Courtès 2020-03-05installer: Implement a dialog on /var/guix/installer-socket....This will allow us to automate testing of the installer. * gnu/installer/utils.scm (%client-socket-file) (current-server-socket, current-clients): New variables. (open-server-socket, call-with-server-socket): New procedure. (with-server-socket): New macro. (run-shell-command): Add call to 'send-to-clients'. Select on both current-input-port and current-clients. * gnu/installer/steps.scm (run-installer-steps): Wrap 'call-with-prompt' in 'with-socket-server'. Call 'sigaction' for SIGPIPE. * gnu/installer/newt/page.scm (watch-clients!, close-port-and-reuse-fd) (run-form-with-clients, send-to-clients): New procedures. (draw-info-page): Add call to 'run-form-with-clients'. (run-input-page): Likewise. Handle EXIT-REASON equal to 'exit-fd-ready. (run-confirmation-page): Likewise. (run-listbox-selection-page): Likewise. Define 'choice->item' and use it. (run-checkbox-tree-page): Likewise. (run-file-textbox-page): Add call to 'run-form-with-clients'. Handle 'exit-fd-ready'. * gnu/installer/newt/partition.scm (run-disk-page): Pass #:client-callback-procedure to 'run-listbox-selection-page'. * gnu/installer/newt/user.scm (run-user-page): Call 'run-form-with-clients'. Handle 'exit-fd-ready'. * gnu/installer/newt/welcome.scm (run-menu-page): Define 'choice->item' and use it. Call 'run-form-with-clients'. * gnu/installer/newt/final.scm (run-install-success-page) (run-install-failed-page): When (current-clients) is non-empty, call 'send-to-clients' without displaying a choice window. Ludovic Courtès 2020-02-12installer: Fix installer restart dialog....* gnu/installer/newt/final.scm (run-install-failed-page): Propose between installer resume or restart. Do actually resume the installation by raising an &installer-step-abort condition if "Resume" button is pressed. Otherwise, keep going as the installer will be restarted by login. * gnu/installer.scm (installer-program): Remove the associated TODO comment. Mathieu Othacehe 2020-01-23installer: Make "TRANSLATORS" comment visible....* gnu/installer/newt/user.scm (run-root-password-page): Move "TRANSLATORS" comment right above 'G_' call. Ludovic Courtès 2020-01-20installer: Disable F12 hot key....Fixes <https://bugs.gnu.org/38562>. Reported by Brice Waegeneire <brice@waegenei.re>. Previously, pressing F12 or shift-F2 in one of those forms would cause it to exit, usually with the default value #t because the caller had not provided a useful hotkey "callback". * gnu/installer/newt/page.scm (run-input-page, run-confirmation-page) (run-listbox-selection-page, run-checkbox-tree-page) (run-file-textbox-page): Pass #:flags FLAG-NOF12 to 'make-form'. Ludovic Courtès 2020-01-20installer: Makes sure the installer proceeds after hitting "Edit"....Fixes <https://bugs.gnu.org/39199>. Reported by Jonathan Brielmaier <jonathan.brielmaier@web.de>. * gnu/installer/newt/page.scm (run-file-textbox-page): Move 'loop' to the beginning of the body. Do not call 'loop' from the 'dynamic-wind' exit handler as we would not return the value of the second call to 'loop'. Ludovic Courtès 2020-01-12installer: Add an "Edit" button on the final page....Fixes <https://bugs.gnu.org/36885>. Reported by <lukasbf@tutanota.com>. * gnu/installer/newt/page.scm (edit-file): New procedure. (run-file-textbox-page): Add #:edit-button? and #:editor-locale parameters. Remove 'file-text' and add 'edit-button', and add it to the horizontal stacked grid when EXIT-BUTTON? is true. Wrap body in 'loop'. Handle case where ARGUMENT is EDIT-BUTTON by calling 'loop'. * gnu/installer/newt/final.scm (run-config-display-page): Add #:locale parameter. Pass #:edit-button? and #:editor-locale to 'run-file-textbox-page'. (run-final-page): Pass LOCALE to 'run-config-display-page'. Ludovic Courtès 2020-01-05installer: Add JFS support....* gnu/installer/newt/partition.scm (run-fs-type-page): Add ‘jfs’ to the list box. * gnu/installer/parted.scm (user-fs-type-name, user-fs-type->mount-type) (partition-filesystem-user-type): Add ‘jfs’ mapping (create-jfs-file-system): New procedure. (format-user-partitions): Use it. * gnu/installer.scm (set-installer-path): Add jfsutils. Tobias Geerinckx-Rice