pki: Factorize signature manipulation procedures.

* guix/pki.scm (signature-subject, signature-signed-data,
  valid-signature?): New procedures.
* guix/scripts/authenticate.scm (guix-authenticate): Adjust to use
  them.

1 files changed, 22 insertions, 1 deletions

diff --git a/guix/pki.scm b/guix/pki.scm
index 5e4dbadd35..4b90b65a13 100644
--- a/guix/pki.scm
+++ b/guix/pki.scm
@@ -29,8 +29,12 @@
             current-acl
             public-keys->acl
             acl->public-keys
+            authorized-key?
+
             signature-sexp
-            authorized-key?))
+            signature-subject
+            signature-signed-data
+            valid-signature?))
 
 ;;; Commentary:
 ;;;
@@ -136,4 +140,21 @@ PUBLIC-KEY (see <http://theworld.com/~cme/spki.txt> for examples.)"
            (canonical-sexp->string (sign data secret-key))
            (canonical-sexp->string public-key))))
 
+(define (signature-subject sig)
+  "Return the signer's public key for SIG."
+  (find-sexp-token sig 'public-key))
+
+(define (signature-signed-data sig)
+  "Return the signed data from SIG, typically an sexp such as
+  (hash \"sha256\" #...#)."
+  (find-sexp-token sig 'data))
+
+(define (valid-signature? sig)
+  "Return #t if SIG is valid."
+  (let* ((data       (signature-signed-data sig))
+         (signature  (find-sexp-token sig 'sig-val))
+         (public-key (signature-subject sig)))
+    (and data signature
+         (verify signature data public-key))))
+
 ;;; pki.scm ends here