diff options
| -rw-r--r-- | Makefile.am | 2 | ||||
| -rw-r--r-- | guix/pk-crypto.scm | 167 | ||||
| -rw-r--r-- | tests/pk-crypto.scm | 106 |
3 files changed, 275 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index eb278a76e9..2db77d57f3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -30,6 +30,7 @@ MODULES = \ guix/base32.scm \ guix/records.scm \ guix/hash.scm \ + guix/pk-crypto.scm \ guix/utils.scm \ guix/download.scm \ guix/monads.scm \ @@ -107,6 +108,7 @@ clean-go: SCM_TESTS = \ tests/base32.scm \ tests/hash.scm \ + tests/pk-crypto.scm \ tests/builders.scm \ tests/derivations.scm \ tests/ui.scm \ diff --git a/guix/pk-crypto.scm b/guix/pk-crypto.scm new file mode 100644 index 0000000000..9d093b34b0 --- /dev/null +++ b/guix/pk-crypto.scm @@ -0,0 +1,167 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (guix pk-crypto) + #:use-module (guix config) + #:use-module ((guix utils) #:select (bytevector->base16-string)) + #:use-module (system foreign) + #:use-module (rnrs bytevectors) + #:use-module (ice-9 match) + #:export (gcry-sexp? + string->gcry-sexp + gcry-sexp->string + number->gcry-sexp + bytevector->hash-data + sign + verify + generate-key + find-sexp-token)) + + +;;; Commentary: +;;; +;;; Public key cryptographic routines from GNU Libgcrypt. +;;;; +;;; Libgcrypt uses s-expressions to represent key material, parameters, and +;;; data. We keep it as an opaque object rather than attempting to map them +;;; to Scheme s-expressions because (1) Libgcrypt sexps are stored in secure +;;; memory, and (2) the read syntax is different. +;;; +;;; Code: + +;; Libgcrypt "s-expressions". +(define-wrapped-pointer-type <gcry-sexp> + gcry-sexp? + naked-pointer->gcry-sexp + gcry-sexp->pointer + (lambda (obj port) + ;; Don't print OBJ's external representation: we don't want key material + ;; to leak in backtraces and such. + (format port "#<gcry-sexp ~a | ~a>" + (number->string (object-address obj) 16) + (number->string (pointer-address (gcry-sexp->pointer obj)) + 16)))) + +(define libgcrypt-func + (let ((lib (dynamic-link %libgcrypt))) + (lambda (func) + "Return a pointer to symbol FUNC in libgcrypt." + (dynamic-func func lib)))) + +(define finalize-gcry-sexp! + (libgcrypt-func "gcry_sexp_release")) + +(define-inlinable (pointer->gcry-sexp ptr) + "Return a <gcry-sexp> that wraps PTR." + (let* ((sexp (naked-pointer->gcry-sexp ptr)) + (ptr* (gcry-sexp->pointer sexp))) + ;; Did we already have a <gcry-sexp> object for PTR? + (when (equal? ptr ptr*) + ;; No, so we can safely add a finalizer (in Guile 2.0.9 + ;; 'set-pointer-finalizer!' *adds* a finalizer rather than replacing the + ;; existing one.) + (set-pointer-finalizer! ptr finalize-gcry-sexp!)) + sexp)) + +(define string->gcry-sexp + (let* ((ptr (libgcrypt-func "gcry_sexp_new")) + (proc (pointer->procedure int ptr `(* * ,size_t ,int)))) + (lambda (str) + "Parse STR and return the corresponding gcrypt s-expression." + (let* ((sexp (bytevector->pointer (make-bytevector (sizeof '*)))) + (err (proc sexp (string->pointer str) 0 1))) + (if (= 0 err) + (pointer->gcry-sexp (dereference-pointer sexp)) + (throw 'gcry-error err)))))) + +(define-syntax GCRYSEXP_FMT_ADVANCED + (identifier-syntax 3)) + +(define gcry-sexp->string + (let* ((ptr (libgcrypt-func "gcry_sexp_sprint")) + (proc (pointer->procedure size_t ptr `(* ,int * ,size_t)))) + (lambda (sexp) + "Return a textual representation of SEXP." + (let loop ((len 1024)) + (let* ((buf (bytevector->pointer (make-bytevector len))) + (size (proc (gcry-sexp->pointer sexp) + GCRYSEXP_FMT_ADVANCED buf len))) + (if (zero? size) + (loop (* len 2)) + (pointer->string buf size "ISO-8859-1"))))))) + +(define (number->gcry-sexp number) + "Return an s-expression representing NUMBER." + (string->gcry-sexp (string-append "#" (number->string number 16) "#"))) + +(define* (bytevector->hash-data bv #:optional (hash-algo "sha256")) + "Given BV, a bytevector containing a hash, return an s-expression suitable +for use as the data for 'sign'." + (string->gcry-sexp + (format #f "(data (flags pkcs1) (hash \"~a\" #~a#))" + hash-algo + (bytevector->base16-string bv)))) + +(define sign + (let* ((ptr (libgcrypt-func "gcry_pk_sign")) + (proc (pointer->procedure int ptr '(* * *)))) + (lambda (data secret-key) + "Sign DATA (an s-expression) with SECRET-KEY (an s-expression whose car +is 'private-key'.)" + (let* ((sig (bytevector->pointer (make-bytevector (sizeof '*)))) + (err (proc sig (gcry-sexp->pointer data) + (gcry-sexp->pointer secret-key)))) + (if (= 0 err) + (pointer->gcry-sexp (dereference-pointer sig)) + (throw 'gry-error err)))))) + +(define verify + (let* ((ptr (libgcrypt-func "gcry_pk_verify")) + (proc (pointer->procedure int ptr '(* * *)))) + (lambda (signature data public-key) + "Verify that SIGNATURE is a signature of DATA with PUBLIC-KEY, all of +which are gcrypt s-expressions." + (zero? (proc (gcry-sexp->pointer signature) + (gcry-sexp->pointer data) + (gcry-sexp->pointer public-key)))))) + +(define generate-key + (let* ((ptr (libgcrypt-func "gcry_pk_genkey")) + (proc (pointer->procedure int ptr '(* *)))) + (lambda (params) + "Return as an s-expression a new key pair for PARAMS. PARAMS must be an +s-expression like: (genkey (rsa (nbits 4:2048)))." + (let* ((key (bytevector->pointer (make-bytevector (sizeof '*)))) + (err (proc key (gcry-sexp->pointer params)))) + (if (zero? err) + (pointer->gcry-sexp (dereference-pointer key)) + (throw 'gcry-error err)))))) + +(define find-sexp-token + (let* ((ptr (libgcrypt-func "gcry_sexp_find_token")) + (proc (pointer->procedure '* ptr `(* * ,size_t)))) + (lambda (sexp token) + "Find in SEXP the first element whose 'car' is TOKEN and return it; +return #f if not found." + (let* ((token (string->pointer (symbol->string token))) + (res (proc (gcry-sexp->pointer sexp) token 0))) + (if (null-pointer? res) + #f + (pointer->gcry-sexp res)))))) + +;;; pk-crypto.scm ends here diff --git a/tests/pk-crypto.scm b/tests/pk-crypto.scm new file mode 100644 index 0000000000..1acce13f0a --- /dev/null +++ b/tests/pk-crypto.scm @@ -0,0 +1,106 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (test-pk-crypto) + #:use-module (guix pk-crypto) + #:use-module (guix utils) + #:use-module (guix hash) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-64) + #:use-module (rnrs bytevectors) + #:use-module (rnrs io ports) + #:use-module (ice-9 match)) + +;; Test the (guix pk-crypto) module. + +(define %key-pair + ;; Key pair that was generated with: + ;; (generate-key (string->gcry-sexp "(genkey (rsa (nbits 4:1024)))")) + ;; which takes a bit of time. + "(key-data + (public-key + (rsa + (n #00C1F764069F54FFE93A126B02328903E984E4AE3AF6DF402B5B6B3907911B88C385F1BA76A002EC9DEA109A5228EF0E62EE31A06D1A5861CAB474F6C857AC66EB65A1905F25BBA1869579E73A3B7FED13AF5A1667326F88CDFC2FF24B03C14FD1384AA7E73CA89572880B606E3A974E15347963FC7B6378574936A47580DBCB45#) + (e #010001#))) + (private-key + (rsa + (n #00C1F764069F54FFE93A126B02328903E984E4AE3AF6DF402B5B6B3907911B88C385F1BA76A002EC9DEA109A5228EF0E62EE31A06D1A5861CAB474F6C857AC66EB65A1905F25BBA1869579E73A3B7FED13AF5A1667326F88CDFC2FF24B03C14FD1384AA7E73CA89572880B606E3A974E15347963FC7B6378574936A47580DBCB45#) + (e #010001#) + (d #58CAD84653D0046A8EC3F9AA82D9C829B145422109FC3F12DA01A694B92FA296E70D366FB166454D30E632CEE3A033B4C41781BA10325F69FCDC0250CA19C8EEB352FA085992494098DB133E682ED38A931701F0DED1A1E508F4341A4FB446A04F019427C7CB3C44F251EEA9D386100DA80F125E0FD5CE1B0DFEC6D21516EACD#) + (p #00D47F185147EC39393CCDA4E7323FFC20FC8B8073E2A54DD63BA392A66975E4204CA48572496A9DFD7522436B852C07472A5AB25B7706F7C14E6F33FBC420FF3B#) + (q #00E9AD22F158060BC9AE3601DA623AFC60FFF3058795802CA92371C00097335CF9A23D7782DE353C9DBA93D7BB99E6A24A411107605E722481C5C191F80D7EB77F#) + (u #59B45B95AE01A7A7370FAFDB08FE73A4793CE37F228961B09B1B1E7DDAD9F8D3E28F5C5E8B4B067E6B8E0BBF3F690B42991A79E46108DDCDA2514323A66964DE#))))") + +(test-begin "pk-crypto") + +(let ((sexps '("(foo bar)" "#C0FFEE#" + "(genkey \n (rsa \n (nbits \"1024\")\n )\n )"))) + (test-equal "string->gcry-sexp->string" + sexps + (let ((sexps (map string->gcry-sexp sexps))) + (and (every gcry-sexp? sexps) + (map (compose string-trim-both gcry-sexp->string) sexps))))) + +(gc) ; stress test! + +(let ((sexps `(("(foo bar)" foo -> "(foo bar)") + ("(foo (bar (baz 3:123)))" baz -> "(baz \"123\")") + ("(foo (bar 3:123))" baz -> #f)))) + (test-equal "find-sexp-token" + (map (match-lambda + ((_ _ '-> expected) + expected)) + sexps) + (map (match-lambda + ((input token '-> _) + (let ((sexp (find-sexp-token (string->gcry-sexp input) token))) + (and sexp + (string-trim-both (gcry-sexp->string sexp)))))) + sexps))) + +(gc) + +;; XXX: The test below is typically too long as it needs to gather enough entropy. + +;; (test-assert "generate-key" +;; (let ((key (generate-key (string->gcry-sexp +;; "(genkey (rsa (nbits 3:128)))")))) +;; (and (gcry-sexp? key) +;; (find-sexp-token key 'key-data) +;; (find-sexp-token key 'public-key) +;; (find-sexp-token key 'private-key)))) + +(test-assert "sign + verify" + (let* ((pair (string->gcry-sexp %key-pair)) + (secret (find-sexp-token pair 'private-key)) + (public (find-sexp-token pair 'public-key)) + (data (bytevector->hash-data + (sha256 (string->utf8 "Hello, world.")))) + (sig (sign data secret))) + (and (verify sig data public) + (not (verify sig + (bytevector->hash-data + (sha256 (string->utf8 "Hi!"))) + public))))) + +(gc) + +(test-end) + + +(exit (= (test-runner-fail-count (test-runner-current)) 0)) |