aboutsummaryrefslogtreecommitdiff
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2022 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (test-pki)
  #:use-module (guix pki)
  #:use-module (gcrypt pk-crypto)
  #:use-module (gcrypt hash)
  #:use-module (rnrs io ports)
  #:use-module (srfi srfi-64))

;; Test the (guix pki) module.

(define %public-key
  (call-with-input-file %public-key-file
    (compose string->canonical-sexp get-string-all)))

(define %secret-key
  (call-with-input-file %private-key-file
    (compose string->canonical-sexp get-string-all)))

(define %alternate-secret-key
  (string->canonical-sexp
   "
  (key-data
   (public-key
    (rsa
     (n #00FDBF170366AC43B7D95CF9085565C566FB1F21B17C0A36E68F35ABB500E7851E00B40D7B04C8CD25903371F38E4C298FACEFFC4C97E913B536A0672BAF99D04515AE98A1A56627CD7EB02502FCFBEEA21AF13CC1A853192AD6409B9EFBD9F549BDE32BD890AE01F9A221E81FEE1C407090550647790E0D60775B855E181C2FB5#)
     (e #010001#)))
   (private-key
    (rsa
     (n #00FDBF170366AC43B7D95CF9085565C566FB1F21B17C0A36E68F35ABB500E7851E00B40D7B04C8CD25903371F38E4C298FACEFFC4C97E913B536A0672BAF99D04515AE98A1A56627CD7EB02502FCFBEEA21AF13CC1A853192AD6409B9EFBD9F549BDE32BD890AE01F9A221E81FEE1C407090550647790E0D60775B855E181C2FB5#)
     (e #010001#)
     (d #2790250C2E74C2FD361A99288BBA19B878048F5A0F333F829CC71B3DD64582DB9DF3F4DB1EB0994DD7493225EDA4A1E1492F44D903617FA5643E47BFC7BA157EF48B492AB51229916B02DDBDA0E7DBC7B35A6B8332AB463DC61951CA694551A9760F5A836A375D39E3EA8F2C502A3B5D89CB8777A809B75D603BE7511CEB74E9#)
     (p #00FE15B1751E1C31125B724FF37462F9476239A2AFF4192FAB1550F76928C8D02407F4F5EFC83F7A0AF51BD93399DDC06A4B54DFA60A7079F160A9F618C0148AD9#)
     (q #00FFA8BE7005AAB7401B0926CD9D6AC30BC9BE7D12C8737C9438498A999F56BE9F5EA98B4D7F5364BEB6D550A5AEDDE34C1EC152C9DAF61A97FDE71740C73BAA3D#)
     (u #00FD4050EF4F31B41EC81C28E18D205DFFB3C188F15D8BBA300E30AD8B5C4D3E392EFE10269FC115A538B19F4025973AB09B6650A7FF97DA833FB726F3D8819319#))))"))

(test-begin "pki")

(test-assert "current-acl"
  (not (not (member (canonical-sexp->sexp %public-key)
                    (map canonical-sexp->sexp
                         (acl->public-keys (current-acl)))))))

(test-assert "authorized-key? public-key current-acl"
  (authorized-key? %public-key))

(test-assert "authorized-key? public-key empty-acl"
  (not (authorized-key? %public-key (public-keys->acl '()))))

(test-assert "authorized-key? public-key singleton"
  (authorized-key? %public-key (public-keys->acl (list %public-key))))

(test-equal "public-keys->acl deduplication"
  (public-keys->acl (list %public-key))
  (public-keys->acl (make-list 10 %public-key)))

(test-assert "signature-case valid-signature"
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %secret-key %public-key)))
   (signature-case (sig hash (public-keys->acl (list %public-key)))
     (valid-signature #t)
     (else #f))))

(test-eq "signature-case invalid-signature" 'i
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %alternate-secret-key %public-key)))
    (signature-case (sig hash (public-keys->acl (list %public-key)))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-eq "signature-case hash-mismatch" 'm
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %secret-key %public-key)))
    (signature-case (sig (sha256 #vu8())
                         (public-keys->acl (list %public-key)))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-eq "signature-case unauthorized-key" 'u
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %secret-key %public-key)))
    (signature-case (sig hash (public-keys->acl '()))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-eq "signature-case corrupt-signature" 'c
  (let* ((hash (sha256 #vu8(1 2 3)))
         (sig  (string->canonical-sexp "(w tf)")))
    (signature-case (sig hash (public-keys->acl (list %public-key)))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-end)
generated by cgit
lt;https://bugs.gnu.org/43736>. Reported by Vitaliy Shatrov <guix.vits@disroot.org>. * guix/gexp.scm (%local-file): Add #:literal? and #:location. Emit a warning when LITERAL? is false and FILE is not absolute. (local-file): In the non-literal case, pass #:location and #:literal?. * po/guix/POTFILES.in: Add guix/gexp.scm. * tests/guix-system.sh: Add test for the warning. Ludovic Courtès 2020-09-30scripts: system: Add support for image-type....* guix/scripts/system.scm (list-image-types): New procedure, (%options): add "image-type" and "list-image-types" options, remove "file-system-type" option, (show-help): adapt accordingly, (%default-options): also adapt, and set the default "image-type" to "raw", (perform-action): add image-type argument and remove file-system-type argument, (process-action): adapt perform-action call, (system-derivation-for-action): remove base-image argument, add image-type argument, and use it to create the image passed to "system-image". * tests/guix-system.sh: Adapt accordingly and add a test for "--list-image-types" command. * doc/guix.texi (Building the Installation Image, Invoking guix system): Adapt accordingly. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Mathieu Othacehe 2020-06-08system: examples: Add bare-hurd.tmpl....* gnu/system/hurd.scm (%hurd-def%hurd-default-operating-system-kernel, %hurd-default-operating-system): New exported variables. * gnu/system/examples/bare-hurd.tmpl: New file. * Makefile.am (EXAMPLES): Add it. * tests/guix-system.sh: Add --target=i586-pc-gnu when testing it. Jan (janneke) Nieuwenhuizen 2020-01-17guix system: Add workaround in test for Guile 3.0.0....* tests/guix-system.sh: For the 'GRUB-config' test, add workaround for the reported line number in Guile 3.0.0. Ludovic Courtès 2020-01-16records: Improve reporting of "invalid field specifier" errors....Previously users would just see: error: invalid field specifier without source location or hints. * guix/records.scm (expand): Add optional 'parent-form' parameter and pass it to 'syntax-violation' when it is true. (make-syntactic-constructor): Pass S as a third argument to 'report-invalid-field-specifier'. * guix/ui.scm (report-load-error): For 'syntax-error', show SUBFORM or FORM in the message. * tests/records.scm ("define-record-type* & wrong field specifier"): Add a 'subform' parameter and adjust test accordingly. ("define-record-type* & wrong field specifier, identifier"): New test. * tests/guix-system.sh: Add test. Ludovic Courtès 2019-04-29tests: Adjust wildcard when testing OS examples....* tests/guix-system.sh: Use *.tmpl instead of *, to avoid catching backup files, etc. Ludovic Courtès 2019-01-21tests: Adjust for removal of 'device' field in <bootloader-configuration>....This is a followup to commit 5f7467f046c3c1648cdf6eb81b3ec041bfc1f9bb. * tests/guix-system.sh: For <bootloader-configuration> records, use 'target' rather than 'device'. Ludovic Courtès 2019-01-11services: Deprecate a few more service procedures....These procedures were already either undocumented (and de facto deprecated) or documented as deprecated or redundant. * gnu/services/base.scm (guix-service, guix-publish-service): Mark as deprecated. * gnu/services/mcron.scm (mcron-service): Likewise. * gnu/services/networking.scm (tor-service): Likewise. * doc/guix.texi (Scheduled Job Execution): Remove 'mcron-service' and adjust example. (Networking Services): Remove 'tor-service'. * gnu/tests/base.scm (%mcron-os): Use 'mcron-service-type' instead of 'mcron-service'. * gnu/tests/networking.scm (%tor-os): Use 'tor-service-type' instead of 'tor-service'. * tests/guix-system.sh: Likewise. Ludovic Courtès 2018-10-18services: dhcp-client: Deprecate 'dhcp-client-service' procedure....* gnu/services/networking.scm (dhcp-client-service-type): Add default value. * gnu/system/examples/bare-bones.tmpl: Use (service dhcp-client-service-type) instead of (dhcp-client-service). * gnu/system/examples/beaglebone-black.tmpl: Likewise. * gnu/tests/base.scm (%avahi-os): Likewise. * gnu/tests/databases.scm (%memcached-os): Likewise. (%mongodb-os): Likewise. * gnu/tests/dict.scm (%dicod-os): Likewise. * gnu/tests/mail.scm (%opensmtpd-os): Likewise. (%exim-os): Likewise. (%dovecot-os): Likewise. * gnu/tests/messaging.scm (run-xmpp-test): Likewise. (run-bitlbee-test): Likewise. * gnu/tests/monitoring.scm (%prometheus-node-exporter-os): Likewise. * gnu/tests/networking.scm (%inetd-os): Likewise. (run-iptables-test): Likewise. * gnu/tests/nfs.scm (%base-os): Likewise. * gnu/tests/rsync.scm (%rsync-os): Likewise. * gnu/tests/ssh.scm (run-ssh-test): Likewise. * gnu/tests/version-control.scm (%cgit-os): Likewise. (%git-http-os): Likewise. (%gitolite-os): Likewise. * gnu/tests/virtualization.scm (%libvirt-os): Likewise. * gnu/tests/web.scm (%httpd-os): Likewise. (%nginx-os): Likewise. (%varnish-os): Likewise. (%php-fpm-os): Likewise. (%hpcguix-web-os): Likewise. (%tailon-os): Likewise. * tests/guix-system.sh: Likewise. * doc/guix.texi (Networking Services): Document 'dhcp-client-service-type' and remove 'dhcp-client-service'. Ludovic Courtès 2018-09-07vm: Make UUID computation really deterministic....Fixes <https://bugs.gnu.org/32652>. * gnu/system/vm.scm (operating-system-uuid)[service-name, file-system-digest]: New procedures. Map these over services and file systems and hash the result. * tests/guix-system.sh: Add test. Ludovic Courtès 2018-05-28system: Remove uses of the 'title' field of <file-system>....* gnu/system/install.scm (installation-os): Remove uses of the 'title' field of 'file-system'; use 'file-system-label' as appropriate. * gnu/system/vm.scm (system-disk-image, system-qemu-image): Likewise. * gnu/tests.scm (%simple-os): Likewise. * gnu/tests/install.scm (%minimal-os, %minimal-extlinux-os) (%minimal-os-on-vda, %separate-home-os, %separate-store-os) (%raid-root-os, %encrypted-root-os, %btrfs-root-os): Likewise. * gnu/build/shepherd.scm (default-mounts)[tmpfs]: Likewise. * tests/guix-system.sh: Likewise. * tests/system.scm (%root-fs): Likewise. ("operating-system-boot-mapped-devices, implicit dependency"): Likewise. Ludovic Courtès 2018-05-19tests: Adjust to new "unbound variable" messages....This is a followup to 2d2f98efb36db3f003d950a004806234962b4f4d. * tests/guix-system.sh: Adjust regexps to match "error:". Ludovic Courtès 2018-04-30guix system: search: Display default Shepherd service names....Fixes <https://bugs.gnu.org/29707>. Reported by Clément Lassieur <clement@lassieur.org>. * guix/scripts/system/search.scm (service-type-default-shepherd-services) (service-type-shepherd-names): New procedures. (service-type->recutils): Use it. * tests/guix-system.sh: Add test. Ludovic Courtès 2018-03-24tests: Add tests for "guix system disk-image" et al....* tests/guix-system.sh: Add test cases that exercise (1) all of the example files in gnu/system/examples, and (2) all of the "image" creation commands: vm, vm-image, disk-image, and docker-image. Chris Marusich