Signer infrastructure: Prep for #9076

This sets up infrastructure in libutil to allow for signing other than by a secret key in memory. #9076 uses this to implement remote signing. (Split from that PR to allow reviewing in smaller chunks.) Co-Authored-By: Raito Bezarius <masterancpp@gmail.com>
2025-07-06 17:31:47 +02:00 · 2024-01-03 15:02:20 -05:00 · 2024-01-03 15:02:20 -05:00 · 12bb8cdd38
commit 12bb8cdd38
parent 315aade89d
24 changed files with 233 additions and 70 deletions
--- a/src/libutil/hash.cc
+++ b/src/libutil/hash.cc
@ -14,6 +14,8 @@
 #include <sys/stat.h>
 #include <fcntl.h>

+#include <sodium.h>
+
 namespace nix {

 static size_t regularHashSize(HashAlgorithm type) {
@ -261,6 +263,13 @@ Hash::Hash(std::string_view rest, HashAlgorithm algo, bool isSRI)
        throw BadHash("hash '%s' has wrong length for hash algorithm '%s'", rest, printHashAlgo(this->algo));
 }

+Hash Hash::random(HashAlgorithm algo)
+{
+    Hash hash(algo);
+    randombytes_buf(hash.hash, hash.hashSize);
+    return hash;
+}
+
 Hash newHashAllowEmpty(std::string_view hashStr, std::optional<HashAlgorithm> ha)
 {
    if (hashStr.empty()) {
--- a/src/libutil/hash.hh
+++ b/src/libutil/hash.hh
@ -5,7 +5,6 @@
 #include "serialise.hh"
 #include "file-system.hh"

-
 namespace nix {


@ -143,6 +142,11 @@ public:
    }

    static Hash dummy;
+
+    /**
+     * @return a random hash with hash algorithm `algo`
+     */
+    static Hash random(HashAlgorithm algo);
 };

 /**
--- a/src/libutil/local.mk
+++ b/src/libutil/local.mk
@ -4,14 +4,17 @@ libutil_NAME = libnixutil

 libutil_DIR := $(d)

-libutil_SOURCES := $(wildcard $(d)/*.cc)
+libutil_SOURCES := $(wildcard $(d)/*.cc $(d)/signature/*.cc)

 libutil_CXXFLAGS += -I src/libutil

-libutil_LDFLAGS += -pthread $(OPENSSL_LIBS) $(LIBBROTLI_LIBS) $(LIBARCHIVE_LIBS) $(BOOST_LDFLAGS) -lboost_context
+libutil_LDFLAGS += -pthread $(LIBCURL_LIBS) $(SODIUM_LIBS) $(OPENSSL_LIBS) $(LIBBROTLI_LIBS) $(LIBARCHIVE_LIBS) $(BOOST_LDFLAGS) -lboost_context

 $(foreach i, $(wildcard $(d)/args/*.hh), \
  $(eval $(call install-file-in, $(i), $(includedir)/nix/args, 0644)))
+$(foreach i, $(wildcard $(d)/signature/*.hh), \
+  $(eval $(call install-file-in, $(i), $(includedir)/nix/signature, 0644)))
+

 ifeq ($(HAVE_LIBCPUID), 1)
 	libutil_LDFLAGS += -lcpuid
--- a/src/libutil/signature/local-keys.cc
+++ b/src/libutil/signature/local-keys.cc
@ -0,0 +1,105 @@
+#include "signature/local-keys.hh"
+
+#include "file-system.hh"
+#include "util.hh"
+#include <sodium.h>
+
+namespace nix {
+
+BorrowedCryptoValue BorrowedCryptoValue::parse(std::string_view s)
+{
+    size_t colon = s.find(':');
+    if (colon == std::string::npos || colon == 0)
+        return {"", ""};
+    return {s.substr(0, colon), s.substr(colon + 1)};
+}
+
+Key::Key(std::string_view s)
+{
+    auto ss = BorrowedCryptoValue::parse(s);
+
+    name = ss.name;
+    key = ss.payload;
+
+    if (name == "" || key == "")
+        throw Error("secret key is corrupt");
+
+    key = base64Decode(key);
+}
+
+std::string Key::to_string() const
+{
+    return name + ":" + base64Encode(key);
+}
+
+SecretKey::SecretKey(std::string_view s)
+    : Key(s)
+{
+    if (key.size() != crypto_sign_SECRETKEYBYTES)
+        throw Error("secret key is not valid");
+}
+
+std::string SecretKey::signDetached(std::string_view data) const
+{
+    unsigned char sig[crypto_sign_BYTES];
+    unsigned long long sigLen;
+    crypto_sign_detached(sig, &sigLen, (unsigned char *) data.data(), data.size(),
+        (unsigned char *) key.data());
+    return name + ":" + base64Encode(std::string((char *) sig, sigLen));
+}
+
+PublicKey SecretKey::toPublicKey() const
+{
+    unsigned char pk[crypto_sign_PUBLICKEYBYTES];
+    crypto_sign_ed25519_sk_to_pk(pk, (unsigned char *) key.data());
+    return PublicKey(name, std::string((char *) pk, crypto_sign_PUBLICKEYBYTES));
+}
+
+SecretKey SecretKey::generate(std::string_view name)
+{
+    unsigned char pk[crypto_sign_PUBLICKEYBYTES];
+    unsigned char sk[crypto_sign_SECRETKEYBYTES];
+    if (crypto_sign_keypair(pk, sk) != 0)
+        throw Error("key generation failed");
+
+    return SecretKey(name, std::string((char *) sk, crypto_sign_SECRETKEYBYTES));
+}
+
+PublicKey::PublicKey(std::string_view s)
+    : Key(s)
+{
+    if (key.size() != crypto_sign_PUBLICKEYBYTES)
+        throw Error("public key is not valid");
+}
+
+bool PublicKey::verifyDetached(std::string_view data, std::string_view sig) const
+{
+    auto ss = BorrowedCryptoValue::parse(sig);
+
+    if (ss.name != std::string_view { name }) return false;
+
+    return verifyDetachedAnon(data, ss.payload);
+}
+
+bool PublicKey::verifyDetachedAnon(std::string_view data, std::string_view sig) const
+{
+    auto sig2 = base64Decode(sig);
+    if (sig2.size() != crypto_sign_BYTES)
+        throw Error("signature is not valid");
+
+    return crypto_sign_verify_detached((unsigned char *) sig2.data(),
+        (unsigned char *) data.data(), data.size(),
+        (unsigned char *) key.data()) == 0;
+}
+
+bool verifyDetached(std::string_view data, std::string_view sig, const PublicKeys & publicKeys)
+{
+    auto ss = BorrowedCryptoValue::parse(sig);
+
+    auto key = publicKeys.find(std::string(ss.name));
+    if (key == publicKeys.end()) return false;
+
+    return key->second.verifyDetachedAnon(data, ss.payload);
+}
+
+}
--- a/src/libutil/signature/local-keys.hh
+++ b/src/libutil/signature/local-keys.hh
@ -0,0 +1,103 @@
+#pragma once
+///@file
+
+#include "types.hh"
+
+#include <map>
+
+namespace nix {
+
+/**
+ * Except where otherwise noted, Nix serializes keys and signatures in
+ * the form:
+ *
+ * ```
+ * <name>:<key/signature-in-Base64>
+ * ```
+ */
+struct BorrowedCryptoValue {
+    std::string_view name;
+    std::string_view payload;
+
+    /**
+     * This splits on the colon, the user can then separated decode the
+     * Base64 payload separately.
+     */
+    static BorrowedCryptoValue parse(std::string_view);
+};
+
+struct Key
+{
+    std::string name;
+    std::string key;
+
+    /**
+     * Construct Key from a string in the format
+     * ‘<name>:<key-in-base64>’.
+     */
+    Key(std::string_view s);
+
+    std::string to_string() const;
+
+protected:
+    Key(std::string_view name, std::string && key)
+        : name(name), key(std::move(key)) { }
+};
+
+struct PublicKey;
+
+struct SecretKey : Key
+{
+    SecretKey(std::string_view s);
+
+    /**
+     * Return a detached signature of the given string.
+     */
+    std::string signDetached(std::string_view s) const;
+
+    PublicKey toPublicKey() const;
+
+    static SecretKey generate(std::string_view name);
+
+private:
+    SecretKey(std::string_view name, std::string && key)
+        : Key(name, std::move(key)) { }
+};
+
+struct PublicKey : Key
+{
+    PublicKey(std::string_view data);
+
+    /**
+     * @return true iff `sig` and this key's names match, and `sig` is a
+     * correct signature over `data` using the given public key.
+     */
+    bool verifyDetached(std::string_view data, std::string_view sigs) const;
+
+    /**
+     * @return true iff `sig` is a correct signature over `data` using the
+     * given public key.
+     *
+     * @param just the Base64 signature itself, not a colon-separated pair of a
+     * public key name and signature.
+     */
+    bool verifyDetachedAnon(std::string_view data, std::string_view sigs) const;
+
+private:
+    PublicKey(std::string_view name, std::string && key)
+        : Key(name, std::move(key)) { }
+    friend struct SecretKey;
+};
+
+/**
+ * Map from key names to public keys
+ */
+typedef std::map<std::string, PublicKey> PublicKeys;
+
+/**
+ * @return true iff ‘sig’ is a correct signature over ‘data’ using one
+ * of the given public keys.
+ */
+bool verifyDetached(std::string_view data, std::string_view sig, const PublicKeys & publicKeys);
+
+}
--- a/src/libutil/signature/signer.cc
+++ b/src/libutil/signature/signer.cc
@ -0,0 +1,23 @@
+#include "signature/signer.hh"
+#include "error.hh"
+
+#include <sodium.h>
+
+namespace nix {
+
+LocalSigner::LocalSigner(SecretKey && privateKey)
+    : privateKey(privateKey)
+    , publicKey(privateKey.toPublicKey())
+{ }
+
+std::string LocalSigner::signDetached(std::string_view s) const
+{
+    return privateKey.signDetached(s);
+}
+
+const PublicKey & LocalSigner::getPublicKey()
+{
+    return publicKey;
+}
+
+}
--- a/src/libutil/signature/signer.hh
+++ b/src/libutil/signature/signer.hh
@ -0,0 +1,61 @@
+#pragma once
+
+#include "types.hh"
+#include "signature/local-keys.hh"
+
+#include <map>
+#include <optional>
+
+namespace nix {
+
+/**
+ * An abstract signer
+ *
+ * Derive from this class to implement a custom signature scheme.
+ *
+ * It is only necessary to implement signature of bytes and provide a
+ * public key.
+ */
+struct Signer
+{
+    virtual ~Signer() = default;
+
+    /**
+     * Sign the given data, creating a (detached) signature.
+     *
+     * @param data data to be signed.
+     *
+     * @return the [detached
+     * signature](https://en.wikipedia.org/wiki/Detached_signature),
+     * i.e. just the signature itself without a copy of the signed data.
+     */
+    virtual std::string signDetached(std::string_view data) const = 0;
+
+    /**
+     * View the public key associated with this `Signer`.
+     */
+    virtual const PublicKey & getPublicKey() = 0;
+};
+
+using Signers = std::map<std::string, Signer*>;
+
+/**
+ * Local signer
+ *
+ * The private key is held in this machine's RAM
+ */
+struct LocalSigner : Signer
+{
+    LocalSigner(SecretKey && privateKey);
+
+    std::string signDetached(std::string_view s) const override;
+
+    const PublicKey & getPublicKey() override;
+
+private:
+
+    SecretKey privateKey;
+    PublicKey publicKey;
+};
+
+}
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@ -7,6 +7,7 @@
 #include <grp.h>
 #include <regex>

+#include <sodium.h>

 namespace nix {

@ -28,6 +29,9 @@ void initLibUtil() {
    }
    // This is not actually the main point of this check, but let's make sure anyway:
    assert(caught);
+
+    if (sodium_init() == -1)
+        throw Error("could not initialise libsodium");
 }

 //////////////////////////////////////////////////////////////////////