Make sodium a required dependency

2025-07-03 10:21:47 +02:00 · 2021-01-06 17:56:53 +01:00 · 2021-01-06 17:56:53 +01:00 · 0df69d96e0
commit 0df69d96e0
parent 9374c2baea
10 changed files with 2 additions and 64 deletions
--- a/src/libstore/crypto.cc
+++ b/src/libstore/crypto.cc
@ -2,9 +2,7 @@
 #include "util.hh"
 #include "globals.hh"

-#if HAVE_SODIUM
 #include <sodium.h>
-#endif

 namespace nix {

@ -37,70 +35,46 @@ std::string Key::to_string() const
 SecretKey::SecretKey(std::string_view s)
    : Key(s)
 {
-#if HAVE_SODIUM
    if (key.size() != crypto_sign_SECRETKEYBYTES)
        throw Error("secret key is not valid");
-#endif
 }

-#if !HAVE_SODIUM
-[[noreturn]] static void noSodium()
-{
-    throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
-}
-#endif
-
 std::string SecretKey::signDetached(std::string_view data) const
 {
-#if HAVE_SODIUM
    unsigned char sig[crypto_sign_BYTES];
    unsigned long long sigLen;
    crypto_sign_detached(sig, &sigLen, (unsigned char *) data.data(), data.size(),
        (unsigned char *) key.data());
    return name + ":" + base64Encode(std::string((char *) sig, sigLen));
-#else
-    noSodium();
-#endif
 }

 PublicKey SecretKey::toPublicKey() const
 {
-#if HAVE_SODIUM
    unsigned char pk[crypto_sign_PUBLICKEYBYTES];
    crypto_sign_ed25519_sk_to_pk(pk, (unsigned char *) key.data());
    return PublicKey(name, std::string((char *) pk, crypto_sign_PUBLICKEYBYTES));
-#else
-    noSodium();
-#endif
 }

 SecretKey SecretKey::generate(std::string_view name)
 {
-#if HAVE_SODIUM
    unsigned char pk[crypto_sign_PUBLICKEYBYTES];
    unsigned char sk[crypto_sign_SECRETKEYBYTES];
    if (crypto_sign_keypair(pk, sk) != 0)
        throw Error("key generation failed");

    return SecretKey(name, std::string((char *) sk, crypto_sign_SECRETKEYBYTES));
-#else
-    noSodium();
-#endif
 }

 PublicKey::PublicKey(std::string_view s)
    : Key(s)
 {
-#if HAVE_SODIUM
    if (key.size() != crypto_sign_PUBLICKEYBYTES)
        throw Error("public key is not valid");
-#endif
 }

 bool verifyDetached(const std::string & data, const std::string & sig,
    const PublicKeys & publicKeys)
 {
-#if HAVE_SODIUM
    auto ss = split(sig);

    auto key = publicKeys.find(std::string(ss.first));
@ -113,9 +87,6 @@ bool verifyDetached(const std::string & data, const std::string & sig,
    return crypto_sign_verify_detached((unsigned char *) sig2.data(),
        (unsigned char *) data.data(), data.size(),
        (unsigned char *) key->second.key.data()) == 0;
-#else
-    noSodium();
-#endif
 }

 PublicKeys getDefaultPublicKeys()