lix/src/libstore/crypto.cc

#include "crypto.hh"
#include "util.hh"
#include "globals.hh"

#if HAVE_SODIUM
#include <sodium.h>
#endif

namespace nix {

static std::pair<std::string, std::string> split(const string & s)
{
    size_t colon = s.find(':');
    if (colon == std::string::npos || colon == 0)
        return {"", ""};
    return {std::string(s, 0, colon), std::string(s, colon + 1)};
}

Key::Key(const string & s)
{
    auto ss = split(s);

    name = ss.first;
    key = ss.second;

    if (name == "" || key == "")
        throw Error("secret key is corrupt");

    key = base64Decode(key);
}

SecretKey::SecretKey(const string & s)
    : Key(s)
{
#if HAVE_SODIUM
    if (key.size() != crypto_sign_SECRETKEYBYTES)
        throw Error("secret key is not valid");
#endif
}

#if !HAVE_SODIUM
[[noreturn]] static void noSodium()
{
    throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
}
#endif

std::string SecretKey::signDetached(const std::string & data) const
{
#if HAVE_SODIUM
    unsigned char sig[crypto_sign_BYTES];
    unsigned long long sigLen;
    crypto_sign_detached(sig, &sigLen, (unsigned char *) data.data(), data.size(),
        (unsigned char *) key.data());
    return name + ":" + base64Encode(std::string((char *) sig, sigLen));
#else
    noSodium();
#endif
}

PublicKey SecretKey::toPublicKey() const
{
#if HAVE_SODIUM
    unsigned char pk[crypto_sign_PUBLICKEYBYTES];
    crypto_sign_ed25519_sk_to_pk(pk, (unsigned char *) key.data());
    return PublicKey(name, std::string((char *) pk, crypto_sign_PUBLICKEYBYTES));
#else
    noSodium();
#endif
}

PublicKey::PublicKey(const string & s)
    : Key(s)
{
#if HAVE_SODIUM
    if (key.size() != crypto_sign_PUBLICKEYBYTES)
        throw Error("public key is not valid");
#endif
}

bool verifyDetached(const std::string & data, const std::string & sig,
    const PublicKeys & publicKeys)
{
#if HAVE_SODIUM
    auto ss = split(sig);

    auto key = publicKeys.find(ss.first);
    if (key == publicKeys.end()) return false;

    auto sig2 = base64Decode(ss.second);
    if (sig2.size() != crypto_sign_BYTES)
        throw Error("signature is not valid");

    return crypto_sign_verify_detached((unsigned char *) sig2.data(),
        (unsigned char *) data.data(), data.size(),
        (unsigned char *) key->second.key.data()) == 0;
#else
    noSodium();
#endif
}

PublicKeys getDefaultPublicKeys()
{
    PublicKeys publicKeys;
    for (auto s : settings.get("binary-cache-public-keys", Strings())) {
        PublicKey key(s);
        publicKeys.emplace(key.name, key);
        // FIXME: filter duplicates
    }
    return publicKeys;
}

}
Add C++ functions for .narinfo processing / signing This is currently only used by the Hydra queue runner rework, but like eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful for the C++ rewrite of nix-push and download-from-binary-cache. (@shlevy) 2016-02-16 15:38:44 +00:00			`#include "crypto.hh"`
			`#include "util.hh"`
Add "nix verify-paths" command Unlike "nix-store --verify-path", this command verifies signatures in addition to store path contents, is multi-threaded (especially useful when verifying binary caches), and has a progress indicator. Example use: $ nix verify-paths --store https://cache.nixos.org -r $(type -p thunderbird) ... [17/132 checked] checking ‘/nix/store/rawakphadqrqxr6zri2rmnxh03gqkrl3-autogen-5.18.6’ 2016-03-29 12:29:50 +00:00			`#include "globals.hh"`
Add C++ functions for .narinfo processing / signing This is currently only used by the Hydra queue runner rework, but like eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful for the C++ rewrite of nix-push and download-from-binary-cache. (@shlevy) 2016-02-16 15:38:44 +00:00
			`#if HAVE_SODIUM`
			`#include <sodium.h>`
			`#endif`

			`namespace nix {`

			`static std::pair<std::string, std::string> split(const string & s)`
			`{`
			`size_t colon = s.find(':');`
			`if (colon == std::string::npos \|\| colon == 0)`
			`return {"", ""};`
			`return {std::string(s, 0, colon), std::string(s, colon + 1)};`
			`}`

			`Key::Key(const string & s)`
			`{`
			`auto ss = split(s);`

			`name = ss.first;`
			`key = ss.second;`

			`if (name == "" \|\| key == "")`
			`throw Error("secret key is corrupt");`

			`key = base64Decode(key);`
			`}`

			`SecretKey::SecretKey(const string & s)`
			`: Key(s)`
			`{`
			`#if HAVE_SODIUM`
			`if (key.size() != crypto_sign_SECRETKEYBYTES)`
			`throw Error("secret key is not valid");`
			`#endif`
			`}`

Fix Darwin build http://hydra.nixos.org/build/33279996 2016-03-15 11:11:27 +00:00			`#if !HAVE_SODIUM`
Fix build without sodium http://hydra.nixos.org/build/32085949 2016-02-17 11:41:41 +00:00			`[[noreturn]] static void noSodium()`
			`{`
			`throw Error("Nix was not compiled with libsodium, required for signed binary cache support");`
			`}`
Fix Darwin build http://hydra.nixos.org/build/33279996 2016-03-15 11:11:27 +00:00			`#endif`
Fix build without sodium http://hydra.nixos.org/build/32085949 2016-02-17 11:41:41 +00:00
Add C++ functions for .narinfo processing / signing This is currently only used by the Hydra queue runner rework, but like eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful for the C++ rewrite of nix-push and download-from-binary-cache. (@shlevy) 2016-02-16 15:38:44 +00:00			`std::string SecretKey::signDetached(const std::string & data) const`
			`{`
			`#if HAVE_SODIUM`
			`unsigned char sig[crypto_sign_BYTES];`
			`unsigned long long sigLen;`
			`crypto_sign_detached(sig, &sigLen, (unsigned char *) data.data(), data.size(),`
			`(unsigned char *) key.data());`
			`return name + ":" + base64Encode(std::string((char *) sig, sigLen));`
			`#else`
Fix build without sodium http://hydra.nixos.org/build/32085949 2016-02-17 11:41:41 +00:00			`noSodium();`
Add C++ functions for .narinfo processing / signing This is currently only used by the Hydra queue runner rework, but like eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful for the C++ rewrite of nix-push and download-from-binary-cache. (@shlevy) 2016-02-16 15:38:44 +00:00			`#endif`
			`}`

BinaryCacheStore: Remove publicKeyFile argument The public key can be derived from the secret key, so there's no need for the user to supply it separately. 2016-03-04 16:08:30 +00:00			`PublicKey SecretKey::toPublicKey() const`
			`{`
			`#if HAVE_SODIUM`
			`unsigned char pk[crypto_sign_PUBLICKEYBYTES];`
			`crypto_sign_ed25519_sk_to_pk(pk, (unsigned char *) key.data());`
			`return PublicKey(name, std::string((char *) pk, crypto_sign_PUBLICKEYBYTES));`
			`#else`
			`noSodium();`
			`#endif`
			`}`

Add C++ functions for .narinfo processing / signing This is currently only used by the Hydra queue runner rework, but like eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful for the C++ rewrite of nix-push and download-from-binary-cache. (@shlevy) 2016-02-16 15:38:44 +00:00			`PublicKey::PublicKey(const string & s)`
			`: Key(s)`
			`{`
			`#if HAVE_SODIUM`
			`if (key.size() != crypto_sign_PUBLICKEYBYTES)`
			`throw Error("public key is not valid");`
			`#endif`
			`}`

			`bool verifyDetached(const std::string & data, const std::string & sig,`
			`const PublicKeys & publicKeys)`
			`{`
Fix build without sodium http://hydra.nixos.org/build/32085949 2016-02-17 11:41:41 +00:00			`#if HAVE_SODIUM`
Add C++ functions for .narinfo processing / signing This is currently only used by the Hydra queue runner rework, but like eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful for the C++ rewrite of nix-push and download-from-binary-cache. (@shlevy) 2016-02-16 15:38:44 +00:00			`auto ss = split(sig);`

			`auto key = publicKeys.find(ss.first);`
			`if (key == publicKeys.end()) return false;`

			`auto sig2 = base64Decode(ss.second);`
			`if (sig2.size() != crypto_sign_BYTES)`
			`throw Error("signature is not valid");`

			`return crypto_sign_verify_detached((unsigned char *) sig2.data(),`
			`(unsigned char *) data.data(), data.size(),`
			`(unsigned char *) key->second.key.data()) == 0;`
Fix build without sodium http://hydra.nixos.org/build/32085949 2016-02-17 11:41:41 +00:00			`#else`
			`noSodium();`
			`#endif`
Add C++ functions for .narinfo processing / signing This is currently only used by the Hydra queue runner rework, but like eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful for the C++ rewrite of nix-push and download-from-binary-cache. (@shlevy) 2016-02-16 15:38:44 +00:00			`}`

Add "nix verify-paths" command Unlike "nix-store --verify-path", this command verifies signatures in addition to store path contents, is multi-threaded (especially useful when verifying binary caches), and has a progress indicator. Example use: $ nix verify-paths --store https://cache.nixos.org -r $(type -p thunderbird) ... [17/132 checked] checking ‘/nix/store/rawakphadqrqxr6zri2rmnxh03gqkrl3-autogen-5.18.6’ 2016-03-29 12:29:50 +00:00			`PublicKeys getDefaultPublicKeys()`
			`{`
			`PublicKeys publicKeys;`
			`for (auto s : settings.get("binary-cache-public-keys", Strings())) {`
			`PublicKey key(s);`
			`publicKeys.emplace(key.name, key);`
			`// FIXME: filter duplicates`
			`}`
			`return publicKeys;`
			`}`

Add C++ functions for .narinfo processing / signing This is currently only used by the Hydra queue runner rework, but like eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful for the C++ rewrite of nix-push and download-from-binary-cache. (@shlevy) 2016-02-16 15:38:44 +00:00			`}`