From 6dd8ffc57420ee2f6f19e79e41028e78fe9e6a7e Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Tue, 8 Sep 2020 15:00:29 +0200
Subject: daemon: Simplify interface with 'guix authenticate'.

There's no reason at this point to mimic the calling convention of the
'openssl' command.

* nix/libstore/local-store.cc (LocalStore::exportPath): Add only "sign"
and HASH to ARGS.  Remove 'tmpDir' and 'hashFile'.
(LocalStore::importPath): Add only "verify" and SIGNATURE to
* guix/scripts/authenticate.scm (guix-authenticate): Adjust
accordingly; remove the OpenSSL-style clauses.
(read-hash-data): Remove.
(sign-with-key): Replace 'port' with 'sha256' and adjust accordingly.
(validate-signature): Export SIGNATURE to be a canonical sexp.
* tests/guix-authenticate.sh: Adjust tests accordingly.
---
 guix/scripts/authenticate.scm | 54 +++++++++++++++----------------------------
 1 file changed, 18 insertions(+), 36 deletions(-)

(limited to 'guix/scripts')

diff --git a/guix/scripts/authenticate.scm b/guix/scripts/authenticate.scm
index a4b9171fc7..37e6cef53c 100644
--- a/guix/scripts/authenticate.scm
+++ b/guix/scripts/authenticate.scm
@@ -17,7 +17,6 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (guix scripts authenticate)
-  #:use-module (guix config)
   #:use-module (guix scripts)
   #:use-module (guix base16)
   #:use-module (gcrypt pk-crypto)
@@ -40,16 +39,9 @@
   ;; Read a gcrypt sexp from a port and return it.
   (compose string->canonical-sexp read-string))
 
-(define (read-hash-data port key-type)
-  "Read sha256 hash data from PORT and return it as a gcrypt sexp.  KEY-TYPE
-is a symbol representing the type of public key algo being used."
-  (let* ((hex (read-string port))
-         (bv  (base16-string->bytevector (string-trim-both hex))))
-    (bytevector->hash-data bv #:key-type key-type)))
-
-(define (sign-with-key key-file port)
-  "Sign the hash read from PORT with KEY-FILE, and write an sexp that includes
-both the hash and the actual signature."
+(define (sign-with-key key-file sha256)
+  "Sign the hash SHA256 (a bytevector) with KEY-FILE, and write an sexp that
+includes both the hash and the actual signature."
   (let* ((secret-key (call-with-input-file key-file read-canonical-sexp))
          (public-key (if (string-suffix? ".sec" key-file)
                          (call-with-input-file
@@ -59,18 +51,18 @@ both the hash and the actual signature."
                          (leave
                           (G_ "cannot find public key for secret key '~a'~%")
                           key-file)))
-         (data       (read-hash-data port (key-type public-key)))
+         (data       (bytevector->hash-data sha256
+                                            #:key-type (key-type public-key)))
          (signature  (signature-sexp data secret-key public-key)))
     (display (canonical-sexp->string signature))
     #t))
 
-(define (validate-signature port)
-  "Read the signature from PORT (which is as produced above), check whether
-its public key is authorized, verify the signature, and print the signed data
-to stdout upon success."
-  (let* ((signature (read-canonical-sexp port))
-         (subject   (signature-subject signature))
-         (data      (signature-signed-data signature)))
+(define (validate-signature signature)
+  "Validate SIGNATURE, a canonical sexp.  Check whether its public key is
+authorized, verify the signature, and print the signed data to stdout upon
+success."
+  (let* ((subject (signature-subject signature))
+         (data    (signature-signed-data signature)))
     (if (and data subject)
         (if (authorized-key? subject)
             (if (valid-signature? signature)
@@ -86,9 +78,7 @@ to stdout upon success."
 
 
 ;;;
-;;; Entry point with 'openssl'-compatible interface.  We support this
-;;; interface because that's what the daemon expects, and we want to leave it
-;;; unmodified currently.
+;;; Entry point.
 ;;;
 
 (define-command (guix-authenticate . args)
@@ -105,22 +95,14 @@ to stdout upon success."
   (with-fluids ((%default-port-encoding "ISO-8859-1")
                 (%default-port-conversion-strategy 'error))
     (match args
-      ;; As invoked by guix-daemon.
-      (("rsautl" "-sign" "-inkey" key "-in" hash-file)
-       (call-with-input-file hash-file
-         (lambda (port)
-           (sign-with-key key port))))
-      ;; As invoked by Nix/Crypto.pm (used by Hydra.)
-      (("rsautl" "-sign" "-inkey" key)
-       (sign-with-key key (current-input-port)))
-      ;; As invoked by guix-daemon.
-      (("rsautl" "-verify" "-inkey" _ "-pubin" "-in" signature-file)
+      (("sign" key-file hash)
+       (sign-with-key key-file (base16-string->bytevector hash)))
+      (("verify" signature-file)
        (call-with-input-file signature-file
          (lambda (port)
-           (validate-signature port))))
-      ;; As invoked by Nix/Crypto.pm (used by Hydra.)
-      (("rsautl" "-verify" "-inkey" _ "-pubin")
-       (validate-signature (current-input-port)))
+           (validate-signature (string->canonical-sexp
+                                (read-string port))))))
+
       (("--help")
        (display (G_ "Usage: guix authenticate OPTION...
 Sign or verify the signature on the given file.  This tool is meant to
-- 
cgit v1.2.3