aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile.am2
-rw-r--r--guix/pk-crypto.scm167
-rw-r--r--tests/pk-crypto.scm106
3 files changed, 275 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am
index eb278a76e9..2db77d57f3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -30,6 +30,7 @@ MODULES = \
guix/base32.scm \
guix/records.scm \
guix/hash.scm \
+ guix/pk-crypto.scm \
guix/utils.scm \
guix/download.scm \
guix/monads.scm \
@@ -107,6 +108,7 @@ clean-go:
SCM_TESTS = \
tests/base32.scm \
tests/hash.scm \
+ tests/pk-crypto.scm \
tests/builders.scm \
tests/derivations.scm \
tests/ui.scm \
diff --git a/guix/pk-crypto.scm b/guix/pk-crypto.scm
new file mode 100644
index 0000000000..9d093b34b0
--- /dev/null
+++ b/guix/pk-crypto.scm
@@ -0,0 +1,167 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix pk-crypto)
+ #:use-module (guix config)
+ #:use-module ((guix utils) #:select (bytevector->base16-string))
+ #:use-module (system foreign)
+ #:use-module (rnrs bytevectors)
+ #:use-module (ice-9 match)
+ #:export (gcry-sexp?
+ string->gcry-sexp
+ gcry-sexp->string
+ number->gcry-sexp
+ bytevector->hash-data
+ sign
+ verify
+ generate-key
+ find-sexp-token))
+
+
+;;; Commentary:
+;;;
+;;; Public key cryptographic routines from GNU Libgcrypt.
+;;;;
+;;; Libgcrypt uses s-expressions to represent key material, parameters, and
+;;; data. We keep it as an opaque object rather than attempting to map them
+;;; to Scheme s-expressions because (1) Libgcrypt sexps are stored in secure
+;;; memory, and (2) the read syntax is different.
+;;;
+;;; Code:
+
+;; Libgcrypt "s-expressions".
+(define-wrapped-pointer-type <gcry-sexp>
+ gcry-sexp?
+ naked-pointer->gcry-sexp
+ gcry-sexp->pointer
+ (lambda (obj port)
+ ;; Don't print OBJ's external representation: we don't want key material
+ ;; to leak in backtraces and such.
+ (format port "#<gcry-sexp ~a | ~a>"
+ (number->string (object-address obj) 16)
+ (number->string (pointer-address (gcry-sexp->pointer obj))
+ 16))))
+
+(define libgcrypt-func
+ (let ((lib (dynamic-link %libgcrypt)))
+ (lambda (func)
+ "Return a pointer to symbol FUNC in libgcrypt."
+ (dynamic-func func lib))))
+
+(define finalize-gcry-sexp!
+ (libgcrypt-func "gcry_sexp_release"))
+
+(define-inlinable (pointer->gcry-sexp ptr)
+ "Return a <gcry-sexp> that wraps PTR."
+ (let* ((sexp (naked-pointer->gcry-sexp ptr))
+ (ptr* (gcry-sexp->pointer sexp)))
+ ;; Did we already have a <gcry-sexp> object for PTR?
+ (when (equal? ptr ptr*)
+ ;; No, so we can safely add a finalizer (in Guile 2.0.9
+ ;; 'set-pointer-finalizer!' *adds* a finalizer rather than replacing the
+ ;; existing one.)
+ (set-pointer-finalizer! ptr finalize-gcry-sexp!))
+ sexp))
+
+(define string->gcry-sexp
+ (let* ((ptr (libgcrypt-func "gcry_sexp_new"))
+ (proc (pointer->procedure int ptr `(* * ,size_t ,int))))
+ (lambda (str)
+ "Parse STR and return the corresponding gcrypt s-expression."
+ (let* ((sexp (bytevector->pointer (make-bytevector (sizeof '*))))
+ (err (proc sexp (string->pointer str) 0 1)))
+ (if (= 0 err)
+ (pointer->gcry-sexp (dereference-pointer sexp))
+ (throw 'gcry-error err))))))
+
+(define-syntax GCRYSEXP_FMT_ADVANCED
+ (identifier-syntax 3))
+
+(define gcry-sexp->string
+ (let* ((ptr (libgcrypt-func "gcry_sexp_sprint"))
+ (proc (pointer->procedure size_t ptr `(* ,int * ,size_t))))
+ (lambda (sexp)
+ "Return a textual representation of SEXP."
+ (let loop ((len 1024))
+ (let* ((buf (bytevector->pointer (make-bytevector len)))
+ (size (proc (gcry-sexp->pointer sexp)
+ GCRYSEXP_FMT_ADVANCED buf len)))
+ (if (zero? size)
+ (loop (* len 2))
+ (pointer->string buf size "ISO-8859-1")))))))
+
+(define (number->gcry-sexp number)
+ "Return an s-expression representing NUMBER."
+ (string->gcry-sexp (string-append "#" (number->string number 16) "#")))
+
+(define* (bytevector->hash-data bv #:optional (hash-algo "sha256"))
+ "Given BV, a bytevector containing a hash, return an s-expression suitable
+for use as the data for 'sign'."
+ (string->gcry-sexp
+ (format #f "(data (flags pkcs1) (hash \"~a\" #~a#))"
+ hash-algo
+ (bytevector->base16-string bv))))
+
+(define sign
+ (let* ((ptr (libgcrypt-func "gcry_pk_sign"))
+ (proc (pointer->procedure int ptr '(* * *))))
+ (lambda (data secret-key)
+ "Sign DATA (an s-expression) with SECRET-KEY (an s-expression whose car
+is 'private-key'.)"
+ (let* ((sig (bytevector->pointer (make-bytevector (sizeof '*))))
+ (err (proc sig (gcry-sexp->pointer data)
+ (gcry-sexp->pointer secret-key))))
+ (if (= 0 err)
+ (pointer->gcry-sexp (dereference-pointer sig))
+ (throw 'gry-error err))))))
+
+(define verify
+ (let* ((ptr (libgcrypt-func "gcry_pk_verify"))
+ (proc (pointer->procedure int ptr '(* * *))))
+ (lambda (signature data public-key)
+ "Verify that SIGNATURE is a signature of DATA with PUBLIC-KEY, all of
+which are gcrypt s-expressions."
+ (zero? (proc (gcry-sexp->pointer signature)
+ (gcry-sexp->pointer data)
+ (gcry-sexp->pointer public-key))))))
+
+(define generate-key
+ (let* ((ptr (libgcrypt-func "gcry_pk_genkey"))
+ (proc (pointer->procedure int ptr '(* *))))
+ (lambda (params)
+ "Return as an s-expression a new key pair for PARAMS. PARAMS must be an
+s-expression like: (genkey (rsa (nbits 4:2048)))."
+ (let* ((key (bytevector->pointer (make-bytevector (sizeof '*))))
+ (err (proc key (gcry-sexp->pointer params))))
+ (if (zero? err)
+ (pointer->gcry-sexp (dereference-pointer key))
+ (throw 'gcry-error err))))))
+
+(define find-sexp-token
+ (let* ((ptr (libgcrypt-func "gcry_sexp_find_token"))
+ (proc (pointer->procedure '* ptr `(* * ,size_t))))
+ (lambda (sexp token)
+ "Find in SEXP the first element whose 'car' is TOKEN and return it;
+return #f if not found."
+ (let* ((token (string->pointer (symbol->string token)))
+ (res (proc (gcry-sexp->pointer sexp) token 0)))
+ (if (null-pointer? res)
+ #f
+ (pointer->gcry-sexp res))))))
+
+;;; pk-crypto.scm ends here
diff --git a/tests/pk-crypto.scm b/tests/pk-crypto.scm
new file mode 100644
index 0000000000..1acce13f0a
--- /dev/null
+++ b/tests/pk-crypto.scm
@@ -0,0 +1,106 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (test-pk-crypto)
+ #:use-module (guix pk-crypto)
+ #:use-module (guix utils)
+ #:use-module (guix hash)
+ #:use-module (srfi srfi-1)
+ #:use-module (srfi srfi-64)
+ #:use-module (rnrs bytevectors)
+ #:use-module (rnrs io ports)
+ #:use-module (ice-9 match))
+
+;; Test the (guix pk-crypto) module.
+
+(define %key-pair
+ ;; Key pair that was generated with:
+ ;; (generate-key (string->gcry-sexp "(genkey (rsa (nbits 4:1024)))"))
+ ;; which takes a bit of time.
+ "(key-data
+ (public-key
+ (rsa
+ (n #00C1F764069F54FFE93A126B02328903E984E4AE3AF6DF402B5B6B3907911B88C385F1BA76A002EC9DEA109A5228EF0E62EE31A06D1A5861CAB474F6C857AC66EB65A1905F25BBA1869579E73A3B7FED13AF5A1667326F88CDFC2FF24B03C14FD1384AA7E73CA89572880B606E3A974E15347963FC7B6378574936A47580DBCB45#)
+ (e #010001#)))
+ (private-key
+ (rsa
+ (n #00C1F764069F54FFE93A126B02328903E984E4AE3AF6DF402B5B6B3907911B88C385F1BA76A002EC9DEA109A5228EF0E62EE31A06D1A5861CAB474F6C857AC66EB65A1905F25BBA1869579E73A3B7FED13AF5A1667326F88CDFC2FF24B03C14FD1384AA7E73CA89572880B606E3A974E15347963FC7B6378574936A47580DBCB45#)
+ (e #010001#)
+ (d #58CAD84653D0046A8EC3F9AA82D9C829B145422109FC3F12DA01A694B92FA296E70D366FB166454D30E632CEE3A033B4C41781BA10325F69FCDC0250CA19C8EEB352FA085992494098DB133E682ED38A931701F0DED1A1E508F4341A4FB446A04F019427C7CB3C44F251EEA9D386100DA80F125E0FD5CE1B0DFEC6D21516EACD#)
+ (p #00D47F185147EC39393CCDA4E7323FFC20FC8B8073E2A54DD63BA392A66975E4204CA48572496A9DFD7522436B852C07472A5AB25B7706F7C14E6F33FBC420FF3B#)
+ (q #00E9AD22F158060BC9AE3601DA623AFC60FFF3058795802CA92371C00097335CF9A23D7782DE353C9DBA93D7BB99E6A24A411107605E722481C5C191F80D7EB77F#)
+ (u #59B45B95AE01A7A7370FAFDB08FE73A4793CE37F228961B09B1B1E7DDAD9F8D3E28F5C5E8B4B067E6B8E0BBF3F690B42991A79E46108DDCDA2514323A66964DE#))))")
+
+(test-begin "pk-crypto")
+
+(let ((sexps '("(foo bar)" "#C0FFEE#"
+ "(genkey \n (rsa \n (nbits \"1024\")\n )\n )")))
+ (test-equal "string->gcry-sexp->string"
+ sexps
+ (let ((sexps (map string->gcry-sexp sexps)))
+ (and (every gcry-sexp? sexps)
+ (map (compose string-trim-both gcry-sexp->string) sexps)))))
+
+(gc) ; stress test!
+
+(let ((sexps `(("(foo bar)" foo -> "(foo bar)")
+ ("(foo (bar (baz 3:123)))" baz -> "(baz \"123\")")
+ ("(foo (bar 3:123))" baz -> #f))))
+ (test-equal "find-sexp-token"
+ (map (match-lambda
+ ((_ _ '-> expected)
+ expected))
+ sexps)
+ (map (match-lambda
+ ((input token '-> _)
+ (let ((sexp (find-sexp-token (string->gcry-sexp input) token)))
+ (and sexp
+ (string-trim-both (gcry-sexp->string sexp))))))
+ sexps)))
+
+(gc)
+
+;; XXX: The test below is typically too long as it needs to gather enough entropy.
+
+;; (test-assert "generate-key"
+;; (let ((key (generate-key (string->gcry-sexp
+;; "(genkey (rsa (nbits 3:128)))"))))
+;; (and (gcry-sexp? key)
+;; (find-sexp-token key 'key-data)
+;; (find-sexp-token key 'public-key)
+;; (find-sexp-token key 'private-key))))
+
+(test-assert "sign + verify"
+ (let* ((pair (string->gcry-sexp %key-pair))
+ (secret (find-sexp-token pair 'private-key))
+ (public (find-sexp-token pair 'public-key))
+ (data (bytevector->hash-data
+ (sha256 (string->utf8 "Hello, world."))))
+ (sig (sign data secret)))
+ (and (verify sig data public)
+ (not (verify sig
+ (bytevector->hash-data
+ (sha256 (string->utf8 "Hi!")))
+ public)))))
+
+(gc)
+
+(test-end)
+
+
+(exit (= (test-runner-fail-count (test-runner-current)) 0))