From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Signed archives (preliminary patch) Date: Fri, 28 Feb 2014 23:05:02 +0100 Message-ID: <87ob1qyju9.fsf@gnu.org> References: <87txcqesqv.fsf@karetnikov.org> <87eh3ure1r.fsf@gnu.org> <87bnyyiv2u.fsf_-_@karetnikov.org> <87ha8qo7rl.fsf@gnu.org> <8761p5jv1g.fsf@karetnikov.org> <87r47tfmes.fsf@gnu.org> <8738k0pj8c.fsf@karetnikov.org> <874n4fnhs7.fsf@gnu.org> <87ppmigld8.fsf@karetnikov.org> <87y514dv2u.fsf@gnu.org> <87y50wffjy.fsf_-_@karetnikov.org> <874n3kp46f.fsf@gnu.org> <87a9dbj5km.fsf@karetnikov.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:32942) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WJVYR-0006OR-0t for guix-devel@gnu.org; Fri, 28 Feb 2014 17:05:20 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WJVYH-0005Ds-Jc for guix-devel@gnu.org; Fri, 28 Feb 2014 17:05:14 -0500 Received: from hera.aquilenet.fr ([2a01:474::1]:39242) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WJVYH-0005AB-2y for guix-devel@gnu.org; Fri, 28 Feb 2014 17:05:05 -0500 In-Reply-To: <87a9dbj5km.fsf@karetnikov.org> (Nikita Karetnikov's message of "Sat, 01 Mar 2014 01:22:17 +0400") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Nikita Karetnikov Cc: guix-devel@gnu.org Nikita Karetnikov skribis: >> There=E2=80=99s an important check missing here: the code verifies that = BODY* is >> a valid signature, but it doesn=E2=80=99t check whether what it signs >> corresponds to this narinfo up to but excluding the =E2=80=98Signature= =E2=80=99 field. > > Oh, indeed. > >> 5. pass the hash to the signature verification procedure. > > Then, it should extract the other hash from the Signature line, compare > the hashes, and run the rest of the checks, right? The signature is computed over a hash of the narinfo up to the Signature line, not included. So the substituter must keep a string containing said lines, and compute the hash of the UTF-8/ASCII representation of this string. Then, for verification purposes, it must make sure that the hash found in the signature sexp is the same as the hash computed as above. >>> + ("Signature" . ,(lambda (narinfo) >>> + (let ((sig (narinfo-signature na= rinfo))) >>> + (string-append >>> + (number->string (signature-ve= rsion sig)) >>> + ";" >>> + (signature-key-id sig) >>> + ";" >>> + (base64-encode >>> + ;; XXX: Can we assume UTF-8 = here? >>> + (string->utf8 >>> + (canonical-sexp->string >>> + (signature-body sig)))))))= )) > >> It=E2=80=99s important to keep the original signatures intact. > > Not sure I follow. Can I simply use ("Signature" . ,narinfo-signature)? > >> To fix this, the record must include an additional field to >> contain the original narinfo string. > > Please elaborate. Which string are you talking about? The narinfo. Suppose the signature is computed over a hash of this: --8<---------------cut here---------------start------------->8--- StorePath: /nix/store/phw82pzgl32ygpaa1z2v3l04afni7f28-gdbm-1.10 URL: nar/phw82pzgl32ygpaa1z2v3l04afni7f28-gdbm-1.10 Compression: bzip2 NarHash: sha256:1mn4rm7gs71dsqdm1gilw3h3krgfgbjsmni9yz9dziw1jpcrk3x1 NarSize: 372720 References: 9fnjjsbarscbmakr44ixfv9yhg6z12mw-glibc-2.17 lwc6sygaglzfk17v3w1= 5cc2xv97fjgci-gcc-4.7.2 phw82pzgl32ygpaa1z2v3l04afni7f28-gdbm-1.10 Deriver: ykf90hcbvn3nm9ai7ikpw992vdq6l95k-gdbm-1.10.drv System: x86_64-linux --8<---------------cut here---------------end--------------->8--- The following narinfo, although semantically equivalent, would fail signature verification: --8<---------------cut here---------------start------------->8--- NarSize: 372720 StorePath: /nix/store/phw82pzgl32ygpaa1z2v3l04afni7f28-gdbm-1.10 References: 9fnjjsbarscbmakr44ixfv9yhg6z12mw-glibc-2.17 lwc6sygaglzfk17= v3w15cc2xv97fjgci-gcc-4.7.2 phw82pzgl32ygpaa1z2v3l04afni7f28-gdbm-1.10 Deriver: ykf90hcbvn3nm9ai7ikpw992vdq6l95k-gdbm-1.10.drv System: x86_64-linux URL: nar/phw82pzgl32ygpaa1z2v3l04afni7f28-gdbm-1.10 NarHash: sha256:1mn4rm7gs71dsqdm1gilw3h3krgfgbjsmni9yz9dziw1jpcrk3x1 Compression: bzip2 --8<---------------cut here---------------end--------------->8--- That=E2=80=99s why the must include a copy of the exact textual representation of the narinfo that was signed. Then, =E2=80=98write-narinf= o=E2=80=99 must simply write out that string, unchanged (including the =E2=80=98Signat= ure=E2=80=99 line.) HTH, Ludo=E2=80=99.