pk-crypto: Don't use Ed25519 when libgcrypt is older than 1.6.0.

* guix/pk-crypto.scm (gcrypt-version): New procedure.
* guix/scripts/archive.scm (%key-generation-parameters): New variable.
  (%options) <generate-key>: Use it.
* tests/pk-crypto.scm ("sign + verify, Ed25519"): Skip if using gcrypt < 1.6.0.
This commit is contained in:
Ludovic Courtès 2014-03-20 22:33:52 +01:00
parent 2f66e64c53
commit 1fda6840a8
3 changed files with 23 additions and 3 deletions

View file

@ -24,7 +24,8 @@ (define-module (guix pk-crypto)
#:use-module (system foreign) #:use-module (system foreign)
#:use-module (rnrs bytevectors) #:use-module (rnrs bytevectors)
#:use-module (ice-9 match) #:use-module (ice-9 match)
#:export (canonical-sexp? #:export (gcrypt-version
canonical-sexp?
error-source error-source
error-string error-string
string->canonical-sexp string->canonical-sexp
@ -86,6 +87,17 @@ (define libgcrypt-func
"Return a pointer to symbol FUNC in libgcrypt." "Return a pointer to symbol FUNC in libgcrypt."
(dynamic-func func lib)))) (dynamic-func func lib))))
(define gcrypt-version
;; According to the manual, this function must be called before any other,
;; and it's not clear whether it can be called more than once. So call it
;; right here from the top level.
(let* ((ptr (libgcrypt-func "gcry_check_version"))
(proc (pointer->procedure '* ptr '(*)))
(version (pointer->string (proc %null-pointer))))
(lambda ()
"Return the version number of libgcrypt as a string."
version)))
(define finalize-canonical-sexp! (define finalize-canonical-sexp!
(libgcrypt-func "gcry_sexp_release")) (libgcrypt-func "gcry_sexp_release"))

View file

@ -87,6 +87,13 @@ (define (show-help)
(newline) (newline)
(show-bug-report-information)) (show-bug-report-information))
(define %key-generation-parameters
;; Default key generation parameters. We prefer Ed25519, but it was
;; introduced in libgcrypt 1.6.0.
(if (version>? (gcrypt-version) "1.6.0")
"(genkey (ecdsa (curve Ed25519) (flags rfc6979)))"
"(genkey (rsa (nbits 4:4096)))"))
(define %options (define %options
;; Specifications of the command-line options. ;; Specifications of the command-line options.
(cons* (option '(#\h "help") #f #f (cons* (option '(#\h "help") #f #f
@ -114,8 +121,7 @@ (define %options
;; libgcrypt 1.6.0. ;; libgcrypt 1.6.0.
(let ((params (let ((params
(string->canonical-sexp (string->canonical-sexp
(or arg "\ (or arg %key-generation-parameters))))
(genkey (ecdsa (curve Ed25519) (flags rfc6979)))"))))
(alist-cons 'generate-key params result))) (alist-cons 'generate-key params result)))
(lambda (key err) (lambda (key err)
(leave (_ "invalid key generation parameters: ~a: ~a~%") (leave (_ "invalid key generation parameters: ~a: ~a~%")

View file

@ -184,6 +184,8 @@ (define %ecc-key-pair
#:key-type (key-type public)) #:key-type (key-type public))
public))))) public)))))
;; Ed25519 appeared in libgcrypt 1.6.0.
(test-skip (if (version>? (gcrypt-version) "1.6.0") 0 1))
(test-assert "sign + verify, Ed25519" (test-assert "sign + verify, Ed25519"
(let* ((pair (string->canonical-sexp %ecc-key-pair)) (let* ((pair (string->canonical-sexp %ecc-key-pair))
(secret (find-sexp-token pair 'private-key)) (secret (find-sexp-token pair 'private-key))