aboutsummaryrefslogtreecommitdiff
path: root/tests/pki.scm
blob: 86daff8ddfa082c3d74f538822bc9be9de06f679 (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2022 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (test-pki)
  #:use-module (guix pki)
  #:use-module (gcrypt pk-crypto)
  #:use-module (gcrypt hash)
  #:use-module (rnrs io ports)
  #:use-module (srfi srfi-64))

;; Test the (guix pki) module.

(define %public-key
  (call-with-input-file %public-key-file
    (compose string->canonical-sexp get-string-all)))

(define %secret-key
  (call-with-input-file %private-key-file
    (compose string->canonical-sexp get-string-all)))

(define %alternate-secret-key
  (string->canonical-sexp
   "
  (key-data
   (public-key
    (rsa
     (n #00FDBF170366AC43B7D95CF9085565C566FB1F21B17C0A36E68F35ABB500E7851E00B40D7B04C8CD25903371F38E4C298FACEFFC4C97E913B536A0672BAF99D04515AE98A1A56627CD7EB02502FCFBEEA21AF13CC1A853192AD6409B9EFBD9F549BDE32BD890AE01F9A221E81FEE1C407090550647790E0D60775B855E181C2FB5#)
     (e #010001#)))
   (private-key
    (rsa
     (n #00FDBF170366AC43B7D95CF9085565C566FB1F21B17C0A36E68F35ABB500E7851E00B40D7B04C8CD25903371F38E4C298FACEFFC4C97E913B536A0672BAF99D04515AE98A1A56627CD7EB02502FCFBEEA21AF13CC1A853192AD6409B9EFBD9F549BDE32BD890AE01F9A221E81FEE1C407090550647790E0D60775B855E181C2FB5#)
     (e #010001#)
     (d #2790250C2E74C2FD361A99288BBA19B878048F5A0F333F829CC71B3DD64582DB9DF3F4DB1EB0994DD7493225EDA4A1E1492F44D903617FA5643E47BFC7BA157EF48B492AB51229916B02DDBDA0E7DBC7B35A6B8332AB463DC61951CA694551A9760F5A836A375D39E3EA8F2C502A3B5D89CB8777A809B75D603BE7511CEB74E9#)
     (p #00FE15B1751E1C31125B724FF37462F9476239A2AFF4192FAB1550F76928C8D02407F4F5EFC83F7A0AF51BD93399DDC06A4B54DFA60A7079F160A9F618C0148AD9#)
     (q #00FFA8BE7005AAB7401B0926CD9D6AC30BC9BE7D12C8737C9438498A999F56BE9F5EA98B4D7F5364BEB6D550A5AEDDE34C1EC152C9DAF61A97FDE71740C73BAA3D#)
     (u #00FD4050EF4F31B41EC81C28E18D205DFFB3C188F15D8BBA300E30AD8B5C4D3E392EFE10269FC115A538B19F4025973AB09B6650A7FF97DA833FB726F3D8819319#))))"))

(test-begin "pki")

(test-assert "current-acl"
  (not (not (member (canonical-sexp->sexp %public-key)
                    (map canonical-sexp->sexp
                         (acl->public-keys (current-acl)))))))

(test-assert "authorized-key? public-key current-acl"
  (authorized-key? %public-key))

(test-assert "authorized-key? public-key empty-acl"
  (not (authorized-key? %public-key (public-keys->acl '()))))

(test-assert "authorized-key? public-key singleton"
  (authorized-key? %public-key (public-keys->acl (list %public-key))))

(test-equal "public-keys->acl deduplication"
  (public-keys->acl (list %public-key))
  (public-keys->acl (make-list 10 %public-key)))

(test-assert "signature-case valid-signature"
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %secret-key %public-key)))
   (signature-case (sig hash (public-keys->acl (list %public-key)))
     (valid-signature #t)
     (else #f))))

(test-eq "signature-case invalid-signature" 'i
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %alternate-secret-key %public-key)))
    (signature-case (sig hash (public-keys->acl (list %public-key)))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-eq "signature-case hash-mismatch" 'm
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %secret-key %public-key)))
    (signature-case (sig (sha256 #vu8())
                         (public-keys->acl (list %public-key)))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-eq "signature-case unauthorized-key" 'u
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %secret-key %public-key)))
    (signature-case (sig hash (public-keys->acl '()))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-eq "signature-case corrupt-signature" 'c
  (let* ((hash (sha256 #vu8(1 2 3)))
         (sig  (string->canonical-sexp "(w tf)")))
    (signature-case (sig hash (public-keys->acl (list %public-key)))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-end)
doc/contributing.texi?id=26a788ae06c0ec0a073d262d4eb3f9b73f9e09f9'>doc: Add some information/recommendation regarding --sysconfdir....* doc/contributing.texi (Building from Git): Mention sysconfdir along localstatedir. * doc/guix.texi (Requirements): Likewise. Maxim Cournoyer 2023-05-01doc: Simplify contributing section by automating git configuration....Fixes <https://issues.guix.gnu.org/58813>. No longer suggests to splice the output of etc/teams.scm commands into the 'git send-email' command line; this is now transparently handled by the Git configuration, which is also automatic. * doc/contributing.texi (Configuring Git): Streamline section, now automated via Automake. (Sending a Patch Series): Do not specify options configured as default by the above. Prefer long option names, for readability. (Teams): Rewrite the examples to use --header-cmd. (Commit Access): Refer to the Configuring Git section instead of detailing manual steps. Maxim Cournoyer 2023-04-30doc: Add --sysconfdir=/etc to the recommended ./configure....* doc/contributing.texi (Building from Git): Add --sysconfdir=/etc to the recommended ./configure invocation. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Josselin Poiret 2023-04-03doc: Add a reference to a page explaining consensus decision making....This is to make explicit something which until now had always been implicit. * doc/contributing.texi (Commit Access): Mention that committers are expected to employ consensus decision making. Co-authored-by: Ludovic Courtès <ludo@gnu.org> Maxim Cournoyer 2023-03-23doc: Mention Python 2 packages should not be added anymore....* doc/contributing.texi (Python Modules): Mention Python 2 packages should not be added anymore. Maxim Cournoyer 2023-03-10doc: Sending-a-Patch-Series: Fix URL....* doc/contributing.texi (Sending a Patch Series): Fix URL for issue tracker. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Hugo Buddelmeijer 2023-03-05doc: Give advice to contributors about communicating with reviewers....* doc/contributing.texi (Submitting Patches): Give advice. Leo Famulari 2023-01-11doc: contributing: Note '-v REVISION' bug in 'git send-email'....* doc/contributing.texi ("Submitting Patches")["Sending a Patch Series"]: Note that a bug in 'git send-email' means '-v REVISION' (with a space) will not work. Signed-off-by: Christopher Baines <mail@cbaines.net> ( 2023-01-11doc: contributing: Tweak the Commit Policy....Add more examples of when it can be appropriate to push changes without review, as I think this can be appropriate in the case of trivial changes (as mentioned before), but also non-trivial fixes. No longer suggest pushing simple new packages or package upgrades (that don't cause lots of rebuilds) without sending to guix-patches. Now there's some automation for testing changes sent to guix-patches, sending changes there before pushing can mean that more rigorous testing takes place and help speed up substitutes becoming available. This is true, even if no human review takes place. Only suggest waiting one week for review for simpler changes, wait two weeks for more significant changes. Also, reorder some of the information in this section so it's grouped together better. * doc/contributing.texi (Commit Policy): Tweak. Signed-off-by: Christopher Baines <mail@cbaines.net> Christopher Baines 2022-12-18doc: Fix typo....* doc/contributing.texi (Sending a Patch Series): Fix e-mail address of <guix-patches@gnu.org>. Reported by Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>. Tobias Geerinckx-Rice 2022-12-02doc: Recommend 'match-record'....* doc/contributing.texi (Data Types and Pattern Matching): Recommend 'match-record'. Ludovic Courtès 2022-11-01doc: contributing: Use proper subsections....* doc/contributing.texi ("Submitting Patches") ["Sending a Patch Series", "Teams"]: Convert to numbered subsections. Add nodes. Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com> ( 2022-10-28doc: contributing: Expand "Sending a Patch Series"....* doc/contributing.texi: Expand on sending patches and using git send-email. Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com> ( 2022-10-27build-system: Add pyproject-build-system....This is an experimental build system based on python-build-system that implements PEP 517-compliant builds. * doc/guix.texi (Build Systems): Add pyproject-build-system section. * doc/contributing.texi (Python Modules): Mention pyproject.toml and the PYTHON-TOOLCHAIN package, as well as differences to python-build-system. * guix/build-system/pyproject.scm, guix/build/pyproject-build-system.scm, gnu/packages/aux-files/python/sanity-check-next.py, gnu/packages/python-commencement.scm: New files. * Makefile.am (MODULES): Register the new build systems. * gnu/local.mk (GNU_SYSTEM_MODULES): Add python-commencement.scm. * gnu/packages/python.scm (python-sans-pip, python-sans-pip-wrapper): New variables. Co-authored-by: Marius Bakke <marius@gnu.org> Lars-Dominik Braun 2022-10-07doc: Add git send-email tip in 'Submitting Patches' section....* doc/contributing.texi (Submitting Patches): Add a tip detailing how to prefix the subject line with the branch name the change should be installed to. Maxim Cournoyer 2022-09-25etc: teams: Add scope support....Add a scope list to each team. This list defines all the files and directories that are mentored by the team. Also add a cc-members command that takes two Git revision strings as input, add returns the members that should be CC'ed given the files impacted between the two revisions. * etc/teams.scm.in (<team>)[scope]: New field. (team, list-teams): Adapt those procedures. (find-team-by-scope, diff-revisions): New procedures. (main): Add a "cc-members" command. * doc/contributing.texi ("Teams"): Document it. ("Sending a Patch Series"): Adapt it. Mathieu Othacehe 2022-09-05doc: Add more info about commits signature local verification....* doc/contributing.texi (Commit Access): Add more info about commits signature local verification. Andrew Tropin 2022-08-30etc: Add tempel snippets....* etc/snippets/tempel/scheme-mode: New file. * etc/snippets/tempel/text-mode: New file. * etc/snippets/scheme-mode: Moved from here... * etc/snippets/yas/scheme-mode: ... to here. * etc/snippets/text-mode: Moved from here... * etc/snippets/yas/text-mode: ... to here. * doc/contributing.texi ("The Perfect Setup"): Adjust yasnippet setup accordingly. Add tempel setup. Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com> Nicolas Graves 2022-07-18doc: Fix the example of "Run `make` automatically"...* doc/contributing.texi (Running Guix Before It Is Installed): add missing command separator '--'. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Rostislav Svoboda 2022-07-15monad-repl: Add "build", "lower", and "verbosity" commands....Fixes <https://issues.guix.gnu.org/56114>. Reported by Maxime Devos <maximedevos@telenet.be>. * guix/monad-repl.scm (%build-verbosity): New variable. (evaluate/print-with-store): New procedure. (run-in-store): Rewrite in terms of 'evaluate/print-with-store'. (verbosity, lower, build): New meta-commands. * doc/guix.texi (Using Guix Interactively): New node. (The Store Monad): Link to it. (Invoking guix repl): Likewise. * doc/contributing.texi (Running Guix Before It Is Installed): Refer to it. (The Perfect Setup): Suggest 'guix install' rather than 'guix package -i'. Ludovic Courtès 2022-07-13doc: Prefer "guix show" over "guix package --show"....* doc/contributing.texi (Synopses and Descriptions): Use "guix show" instead of "guix package --show". Ludovic Courtès 2022-07-11doc: Fix cross-reference to Git Info manual....Partially fixes <https://issues.guix.gnu.org/55821>. Partially because our git package doesn't yet include the documentation. This change will need to go to core-updates. * doc/contributing.texi (Submitting Patches): Adjust the node name. Maxim Cournoyer 2022-07-07doc: Document the documentation process....* doc/contributing.texi (Contributing): Add Writing Documentation section. Co-authored-by: Julien Lepiller <julien@lepiller.eu> Co-authored-by: Matt Trzcinski <matt@excalamus.com> Co-authored-by: Fabio Natali <me@fabionatali.com> Co-authored-by: Gabor Boskovits <boskovits@gmail.com> Co-authored-by: Luis Felipe <luis.felipe.la@protonmail.com> Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> jgart