summaryrefslogtreecommitdiff
path: root/guix/pki.scm
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2014-01-23 22:23:22 +0100
committerLudovic Courtès <ludo@gnu.org>2014-01-24 00:01:49 +0100
commitd28684b5a5369ac87b0a2d3ae125a54d74826a2e (patch)
treea7d24e493baa83b768d225e3f3550dbe52d3cf27 /guix/pki.scm
parent2cd5c0380ed36f334114904bacf9562fc98e2090 (diff)
pki: Factorize signature manipulation procedures.
* guix/pki.scm (signature-subject, signature-signed-data, valid-signature?): New procedures. * guix/scripts/authenticate.scm (guix-authenticate): Adjust to use them.
Diffstat (limited to 'guix/pki.scm')
-rw-r--r--guix/pki.scm23
1 files changed, 22 insertions, 1 deletions
diff --git a/guix/pki.scm b/guix/pki.scm
index 5e4dbadd35..4b90b65a13 100644
--- a/guix/pki.scm
+++ b/guix/pki.scm
@@ -29,8 +29,12 @@
current-acl
public-keys->acl
acl->public-keys
+ authorized-key?
+
signature-sexp
- authorized-key?))
+ signature-subject
+ signature-signed-data
+ valid-signature?))
;;; Commentary:
;;;
@@ -136,4 +140,21 @@ PUBLIC-KEY (see <http://theworld.com/~cme/spki.txt> for examples.)"
(canonical-sexp->string (sign data secret-key))
(canonical-sexp->string public-key))))
+(define (signature-subject sig)
+ "Return the signer's public key for SIG."
+ (find-sexp-token sig 'public-key))
+
+(define (signature-signed-data sig)
+ "Return the signed data from SIG, typically an sexp such as
+ (hash \"sha256\" #...#)."
+ (find-sexp-token sig 'data))
+
+(define (valid-signature? sig)
+ "Return #t if SIG is valid."
+ (let* ((data (signature-signed-data sig))
+ (signature (find-sexp-token sig 'sig-val))
+ (public-key (signature-subject sig)))
+ (and data signature
+ (verify signature data public-key))))
+
;;; pki.scm ends here