about summary refs log tree commit diff
path: root/perl/lib/Nix/Crypto.pm
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2014-01-21T14·30+0100
committerEelco Dolstra <eelco.dolstra@logicblox.com>2014-01-21T14·30+0100
commit81628a6ccc6ce496735b22492bee15c9ad46f072 (patch)
treed1ec18b84514d2f44700082f8d800efb929a7678 /perl/lib/Nix/Crypto.pm
parentb1db599dd05e86f65e73dc40584913e6e78c2bac (diff)
parent5ef8508a92997dbd7f8aa501b64fd283fb1c7bb8 (diff)
Merge branch 'master' into make
Conflicts:
	src/libexpr/eval.cc
Diffstat (limited to 'perl/lib/Nix/Crypto.pm')
-rw-r--r--perl/lib/Nix/Crypto.pm42
1 files changed, 42 insertions, 0 deletions
diff --git a/perl/lib/Nix/Crypto.pm b/perl/lib/Nix/Crypto.pm
new file mode 100644
index 000000000000..0286e88d3d28
--- /dev/null
+++ b/perl/lib/Nix/Crypto.pm
@@ -0,0 +1,42 @@
+package Nix::Crypto;
+
+use strict;
+use MIME::Base64;
+use Nix::Store;
+use Nix::Config;
+use IPC::Open2;
+
+our @ISA = qw(Exporter);
+our @EXPORT = qw(signString isValidSignature);
+
+sub signString {
+    my ($privateKeyFile, $s) = @_;
+    my $hash = hashString("sha256", 0, $s);
+    my ($from, $to);
+    my $pid = open2($from, $to, $Nix::Config::openssl, "rsautl", "-sign", "-inkey", $privateKeyFile);
+    print $to $hash;
+    close $to;
+    local $/ = undef;
+    my $sig = <$from>;
+    close $from;
+    waitpid($pid, 0);
+    die "$0: OpenSSL returned exit code $? while signing hash\n" if $? != 0;
+    my $sig64 = encode_base64($sig, "");
+    return $sig64;
+}
+
+sub isValidSignature {
+    my ($publicKeyFile, $sig64, $s) = @_;
+    my ($from, $to);
+    my $pid = open2($from, $to, $Nix::Config::openssl, "rsautl", "-verify", "-inkey", $publicKeyFile, "-pubin");
+    print $to decode_base64($sig64);
+    close $to;
+    my $decoded = <$from>;
+    close $from;
+    waitpid($pid, 0);
+    return 0 if $? != 0;
+    my $hash = hashString("sha256", 0, $s);
+    return $decoded eq $hash;
+}
+
+1;