authenticate: Disallow imports signed with unauthorized keys.
* guix/scripts/authenticate.scm (signature-sexp): Remove. (guix-authenticate): Upon '-verify', check whether the signature's public key passes 'authorized-key?'.master
parent
8b420f74e4
commit
96e5085c81
|
@ -20,6 +20,7 @@
|
||||||
#:use-module (guix config)
|
#:use-module (guix config)
|
||||||
#:use-module (guix utils)
|
#:use-module (guix utils)
|
||||||
#:use-module (guix pk-crypto)
|
#:use-module (guix pk-crypto)
|
||||||
|
#:use-module (guix pki)
|
||||||
#:use-module (guix ui)
|
#:use-module (guix ui)
|
||||||
#:use-module (rnrs io ports)
|
#:use-module (rnrs io ports)
|
||||||
#:use-module (ice-9 match)
|
#:use-module (ice-9 match)
|
||||||
|
@ -44,17 +45,6 @@
|
||||||
(bv (base16-string->bytevector (string-trim-both hex))))
|
(bv (base16-string->bytevector (string-trim-both hex))))
|
||||||
(bytevector->hash-data bv)))
|
(bytevector->hash-data bv)))
|
||||||
|
|
||||||
(define (signature-sexp data secret-key public-key)
|
|
||||||
"Return a SPKI-style sexp for the signature of DATA with SECRET-KEY that
|
|
||||||
includes DATA, the actual signature value (with a 'sig-val' tag), and
|
|
||||||
PUBLIC-KEY (see <http://theworld.com/~cme/spki.txt> for examples.)"
|
|
||||||
(string->canonical-sexp
|
|
||||||
(format #f
|
|
||||||
"(signature ~a ~a ~a)"
|
|
||||||
(canonical-sexp->string data)
|
|
||||||
(canonical-sexp->string (sign data secret-key))
|
|
||||||
(canonical-sexp->string public-key))))
|
|
||||||
|
|
||||||
|
|
||||||
;;;
|
;;;
|
||||||
;;; Entry point with 'openssl'-compatible interface. We support this
|
;;; Entry point with 'openssl'-compatible interface. We support this
|
||||||
|
@ -77,23 +67,30 @@ PUBLIC-KEY (see <http://theworld.com/~cme/spki.txt> for examples.)"
|
||||||
(signature (signature-sexp data secret-key public-key)))
|
(signature (signature-sexp data secret-key public-key)))
|
||||||
(display (canonical-sexp->string signature))
|
(display (canonical-sexp->string signature))
|
||||||
#t))
|
#t))
|
||||||
(("rsautl" "-verify" "-inkey" key "-pubin" "-in" signature-file)
|
(("rsautl" "-verify" "-inkey" _ "-pubin" "-in" signature-file)
|
||||||
;; Read the signature as produced above, check it against KEY, and print
|
;; Read the signature as produced above, check whether its public key is
|
||||||
;; the signed data to stdout upon success.
|
;; authorized, and verify the signature, and print the signed data to
|
||||||
(let* ((public-key (read-canonical-sexp key))
|
;; stdout upon success.
|
||||||
(sig+data (read-canonical-sexp signature-file))
|
(let* ((sig+data (read-canonical-sexp signature-file))
|
||||||
|
(public-key (find-sexp-token sig+data 'public-key))
|
||||||
(data (find-sexp-token sig+data 'data))
|
(data (find-sexp-token sig+data 'data))
|
||||||
(signature (find-sexp-token sig+data 'sig-val)))
|
(signature (find-sexp-token sig+data 'sig-val)))
|
||||||
(if (and data signature)
|
(if (and data signature)
|
||||||
(if (verify signature data public-key)
|
(if (authorized-key? public-key)
|
||||||
(begin
|
(if (verify signature data public-key)
|
||||||
(display (bytevector->base16-string
|
(begin
|
||||||
(hash-data->bytevector data)))
|
(display (bytevector->base16-string
|
||||||
#t) ; success
|
(hash-data->bytevector data)))
|
||||||
|
#t) ; success
|
||||||
|
(begin
|
||||||
|
(format (current-error-port)
|
||||||
|
"error: invalid signature: ~a~%"
|
||||||
|
(canonical-sexp->string signature))
|
||||||
|
(exit 1)))
|
||||||
(begin
|
(begin
|
||||||
(format (current-error-port)
|
(format (current-error-port)
|
||||||
"error: invalid signature: ~a~%"
|
"error: unauthorized public key: ~a~%"
|
||||||
(canonical-sexp->string signature))
|
(canonical-sexp->string public-key))
|
||||||
(exit 1)))
|
(exit 1)))
|
||||||
(begin
|
(begin
|
||||||
(format (current-error-port)
|
(format (current-error-port)
|
||||||
|
|
Reference in New Issue