add signature decoding

- add NarSignature decoding
- use cryptonite instead of saltine for signature
- remove saltine dependency
- add signature decode and verify tests taken from tvix
- start decoding signatures in queryPathInfoUncached

Closes #240 and #246

Author: squalus

hnix-store-core/hnix-store-core.cabal

@@ -85,7 +85,6 @@ library
     -- Required for cryptonite low-level type convertion
     , memory
     , nix-derivation >= 1.1.1 && <2
-    , saltine >= 0.2 && < 0.3
     , some > 1.0.5 && < 2
     , time
     , text
@@ -100,6 +99,7 @@ test-suite core
   other-modules:
     Derivation
     Hash
+    Signature
   hs-source-dirs:
     tests
   build-tool-depends:

hnix-store-core/src/System/Nix/Signature.hs

@@ -1,37 +1,61 @@
+{-# LANGUAGE OverloadedStrings #-}
 {-|
 Description : Nix-relevant interfaces to NaCl signatures.
 -}
 
 module System.Nix.Signature
-  ( Signature
+  ( Signature(..)
   , NarSignature(..)
+  , signatureParser
+  , parseSignature
   ) where
 
-import Crypto.Saltine.Core.Sign (PublicKey)
-import Crypto.Saltine.Class (IsEncoding(..))
-import Data.ByteString (ByteString)
 import GHC.Generics (Generic)
 
-import qualified Data.ByteString
-import qualified Data.Coerce
+import qualified Crypto.PubKey.Ed25519
+import Crypto.Error (CryptoFailable(..))
+import qualified Data.Attoparsec.Text
+import qualified Data.Char
+import qualified Data.ByteArray
+import qualified Data.ByteString as BS
+import Data.Text (Text)
+import qualified System.Nix.Base
+import System.Nix.Base (BaseEncoding(Base64))
 
-import qualified Crypto.Saltine.Internal.Sign as NaClSizes
+-- | An ed25519 signature.
+newtype Signature = Signature Crypto.PubKey.Ed25519.Signature
+  deriving (Eq, Generic, Show)
 
--- | A NaCl signature.
-newtype Signature = Signature ByteString
-  deriving (Eq, Generic, Ord, Show)
-
-instance IsEncoding Signature where
-  decode s
-    | Data.ByteString.length s == NaClSizes.sign_bytes = Just $ Signature s
-    | otherwise = Nothing
-  encode = Data.Coerce.coerce
-
--- | A detached NaCl signature attesting to a nix archive's validity.
+-- | A detached signature attesting to a nix archive's validity.
 data NarSignature = NarSignature
-  { -- | The public key used to sign the archive.
-    publicKey :: PublicKey
+  { -- | The name of the public key used to sign the archive.
+    publicKey :: !Text
   , -- | The archive's signature.
-    sig       :: Signature
+    sig :: !Signature
   }
   deriving (Eq, Generic, Ord, Show)
+
+instance Ord Signature where
+  compare (Signature x) (Signature y) = let
+    xBS = Data.ByteArray.convert x :: BS.ByteString
+    yBS = Data.ByteArray.convert y :: BS.ByteString
+    in compare xBS yBS
+
+signatureParser :: Data.Attoparsec.Text.Parser NarSignature
+signatureParser = do
+  publicKey <- Data.Attoparsec.Text.takeWhile1 (/= ':')
+  _ <- Data.Attoparsec.Text.string ":"
+  encodedSig <- Data.Attoparsec.Text.takeWhile1 (\c -> Data.Char.isAlphaNum c || c == '+' || c == '/' || c == '=')
+  decodedSig <- case System.Nix.Base.decodeWith Base64 encodedSig of
+    Left e -> fail e
+    Right decodedSig -> pure decodedSig
+  sig <- case Crypto.PubKey.Ed25519.signature decodedSig of
+    CryptoFailed e -> (fail . show) e
+    CryptoPassed sig -> pure sig
+  pure $ NarSignature publicKey (Signature sig)
+
+parseSignature
+  :: Text -> Either String NarSignature
+parseSignature =
+  Data.Attoparsec.Text.parseOnly signatureParser
+

hnix-store-core/tests/Signature.hs

@@ -0,0 +1,75 @@
+{-# LANGUAGE OverloadedStrings #-}
+
+module Signature where
+
+import qualified Data.ByteString as BS
+import Test.Hspec
+import Data.Text (Text)
+import qualified Crypto.PubKey.Ed25519
+import qualified System.Nix.Base
+import System.Nix.Base (BaseEncoding(Base64))
+import Crypto.Error (CryptoFailable(..))
+
+import System.Nix.Signature
+
+spec_signature :: Spec
+spec_signature = do
+
+  describe "signature parser" $ do
+
+    it "parses names" $ do
+      shouldParseName "cache.nixos.org-1:TsTTb3WGTZKphvYdBHXwo6weVILmTytUjLB+vcX89fOjjRicCHmKA4RCPMVLkj6TMJ4GMX3HPVWRdD1hkeKZBQ==" "cache.nixos.org-1"
+
+    it "fails on invalid signatures" $ do
+      shouldNotParse ""
+      shouldNotParse "asdf"
+      shouldNotParse "cache.nixos.org-1:"
+      shouldNotParse ":TsTTb3WGTZKphvYdBHXwo6weVILmTytUjLB+vcX89fOjjRicCHmKA4RCPMVLkj6TMJ4GMX3HPVWRdD1hkeKZBQ=="
+      shouldNotParse "cache.nixos.org-1TsTTb3WGTZKphvYdBHXwo6weVILmTytUjLB+vcX89fOjjRicCHmKA4RCPMVLkj6TMJ4GMX3HPVWRdD1hkeKZBQ=="
+      shouldNotParse "cache.nixos.org-1:sTTb3WGTZKphvYdBHXwo6weVILmTytUjLB+vcX89fOjjRicCHmKA4RCPMVLkj6TMJ4GMX3HPVWRdD1hkeKZBQ=="
+
+    it "parses verifying signatures" $ do
+      shouldVerify "cache.nixos.org-1:TsTTb3WGTZKphvYdBHXwo6weVILmTytUjLB+vcX89fOjjRicCHmKA4RCPMVLkj6TMJ4GMX3HPVWRdD1hkeKZBQ==" pubkeyNixosOrg fingerprint
+      shouldVerify "cache.nixos.org-2:TsTTb3WGTZKphvYdBHXwo6weVILmTytUjLB+vcX89fOjjRicCHmKA4RCPMVLkj6TMJ4GMX3HPVWRdD1hkeKZBQ==" pubkeyNixosOrg fingerprint
+
+    it "parses non-verifying signatures" $ do
+      shouldNotVerify "cache.nixos.org-1:TsTTb000000000000000000000000ytUjLB+vcX89fOjjRicCHmKA4RCPMVLkj6TMJ4GMX3HPVWRdD1hkeKZBQ==" pubkeyNixosOrg fingerprint
+
+fingerprint :: BS.ByteString
+fingerprint = "1;/nix/store/syd87l2rxw8cbsxmxl853h0r6pdwhwjr-curl-7.82.0-bin;sha256:1b4sb93wp679q4zx9k1ignby1yna3z7c4c2ri3wphylbc2dwsys0;196040;/nix/store/0jqd0rlxzra1rs38rdxl43yh6rxchgc6-curl-7.82.0,/nix/store/6w8g7njm4mck5dmjxws0z1xnrxvl81xa-glibc-2.34-115,/nix/store/j5jxw3iy7bbz4a57fh9g2xm2gxmyal8h-zlib-1.2.12,/nix/store/yxvjs9drzsphm9pcf42a4byzj1kb9m7k-openssl-1.1.1n";
+
+forceDecodeB64Pubkey :: Text -> Crypto.PubKey.Ed25519.PublicKey
+forceDecodeB64Pubkey b64EncodedPubkey = let
+  decoded = case System.Nix.Base.decodeWith Base64 b64EncodedPubkey of
+    Left err -> error err
+    Right x -> x
+  in case Crypto.PubKey.Ed25519.publicKey decoded of
+    CryptoFailed err -> (error . show) err
+    CryptoPassed x -> x
+
+pubkeyNixosOrg :: Crypto.PubKey.Ed25519.PublicKey
+pubkeyNixosOrg = forceDecodeB64Pubkey "6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+
+shouldNotParse :: Text -> Expectation
+shouldNotParse encoded = case parseSignature encoded of
+  Left _ -> pure ()
+  Right _ -> expectationFailure "should not have parsed"
+
+shouldParseName :: Text -> Text -> Expectation
+shouldParseName encoded name = case parseSignature encoded of
+  Left err -> expectationFailure err
+  Right narSig -> shouldBe name (publicKey narSig)
+
+shouldVerify :: Text -> Crypto.PubKey.Ed25519.PublicKey -> BS.ByteString -> Expectation
+shouldVerify encoded pubkey msg = case parseSignature encoded of
+  Left err -> expectationFailure err
+  Right narSig -> let
+    (Signature sig') = sig narSig
+    in sig' `shouldSatisfy` Crypto.PubKey.Ed25519.verify pubkey msg
+
+shouldNotVerify :: Text -> Crypto.PubKey.Ed25519.PublicKey -> BS.ByteString -> Expectation
+shouldNotVerify encoded pubkey msg = case parseSignature encoded of
+  Left err -> expectationFailure err
+  Right narSig -> let
+    (Signature sig') = sig narSig
+    in sig' `shouldNotSatisfy` Crypto.PubKey.Ed25519.verify pubkey msg

hnix-store-remote/src/System/Nix/Store/Remote.hs

@@ -72,6 +72,7 @@ import           System.Nix.Store.Remote.Binary
 import           System.Nix.Store.Remote.Types
 import           System.Nix.Store.Remote.Protocol
 import           System.Nix.Store.Remote.Util
+import qualified System.Nix.Signature
 import           Crypto.Hash                    ( SHA256 )
 import           System.Nix.Nar                 ( NarSource )
 
@@ -252,12 +253,15 @@ queryPathInfoUncached path = do
   narBytes         <- Just <$> sockGetInt
   ultimate         <- sockGetBool
 
-  _sigStrings      <- fmap bsToText <$> sockGetStrings
+  sigStrings       <- fmap bsToText <$> sockGetStrings
   caString         <- bsToText <$> sockGetStr
 
   let
-      -- XXX: signatures need pubkey from config
-      sigs = Data.Set.empty
+      sigs = case
+               Data.Set.fromList <$> mapM (Data.Attoparsec.Text.parseOnly System.Nix.Signature.signatureParser) sigStrings
+               of
+               Left e -> error e
+               Right x -> x
 
       contentAddress =
         if Data.Text.null caString then Nothing else