diff options
author | Ludovic Courtès <ludo@gnu.org> | 2014-03-19 21:40:10 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2014-03-19 21:40:10 +0100 |
commit | 32a1eb802519179eab8ff687e73f26edab28922f (patch) | |
tree | 53ea24d789fffa2a4968a96dcf0313713834b33a /guix/scripts | |
parent | 0f4139e97eaaf590c81f71fb42dff3d47ce60de3 (diff) | |
download | guix-patches-32a1eb802519179eab8ff687e73f26edab28922f.tar guix-patches-32a1eb802519179eab8ff687e73f26edab28922f.tar.gz |
pk-crypto: Use RFC6979 when signing with an ECC or DSA key.
* guix/pk-crypto.scm (bytevector->hash-data): Add #:key-type parameter.
Use the 'pkcs1' flag when KEY-TYPE is 'rsa', and 'rfc6979' when
KEY-TYPE is 'ecc' or 'dsa'.
(key-type): New procedure.
* guix/scripts/authenticate.scm (read-hash-data): Add 'key-type'
parameter. Pass it to 'bytevector->hash-data'. Adjust caller
accordingly.
* tests/pk-crypto.scm (%ecc-key-pair): New variable.
("key-type"): New test.
("sign + verify"): Pass #:key-type to 'bytevector->hash-data'.
("sign + verify, Ed25519"): New test.
Diffstat (limited to 'guix/scripts')
-rw-r--r-- | guix/scripts/authenticate.scm | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/guix/scripts/authenticate.scm b/guix/scripts/authenticate.scm index 27580dedff..927dbe8afc 100644 --- a/guix/scripts/authenticate.scm +++ b/guix/scripts/authenticate.scm @@ -39,11 +39,12 @@ (call-with-input-file file (compose string->canonical-sexp get-string-all))) -(define (read-hash-data file) - "Read sha256 hash data from FILE and return it as a gcrypt sexp." +(define (read-hash-data file key-type) + "Read sha256 hash data from FILE and return it as a gcrypt sexp. KEY-TYPE +is a symbol representing the type of public key algo being used." (let* ((hex (call-with-input-file file get-string-all)) (bv (base16-string->bytevector (string-trim-both hex)))) - (bytevector->hash-data bv))) + (bytevector->hash-data bv #:key-type key-type))) ;;; @@ -64,7 +65,7 @@ (leave (_ "cannot find public key for secret key '~a'~%") key))) - (data (read-hash-data hash-file)) + (data (read-hash-data hash-file (key-type public-key))) (signature (signature-sexp data secret-key public-key))) (display (canonical-sexp->string signature)) #t)) |