move crypt_sign_detached out of libnixstore to harmonia

nix-community · Nov 3, 2024 · a37386a · a37386a
1 parent 9c69ca7
commit a37386a
Show file tree

Hide file tree

Showing 8 changed files with 33 additions and 37 deletions.
diff --git a/harmonia/Cargo.toml b/harmonia/Cargo.toml
@@ -34,3 +34,6 @@ url = "2.4.1"
 
 
 libnixstore = { path = "../libnixstore" }
+
+[build-dependencies]
+pkg-config = "0.3"
diff --git a/harmonia/build.rs b/harmonia/build.rs
@@ -0,0 +1,3 @@
+fn main() {
+    pkg_config::probe_library("libsodium").unwrap();
+}
diff --git a/harmonia/src/signing.rs b/harmonia/src/signing.rs
@@ -10,6 +10,17 @@ use crate::config::SigningKey;
 // omitted: E O U T
 const BASE32_CHARS: &[u8] = b"0123456789abcdfghijklmnpqrsvwxyz";
 
+#[link(name = "sodium")]
+extern "C" {
+    fn crypto_sign_detached(
+        sig: *mut u8,
+        sig_len: *mut usize,
+        msg: *const u8,
+        msg_len: usize,
+        sk: *const u8,
+    ) -> i32;
+}
+
 /// Converts the given byte slice to a nix-compatible base32 encoded String.
 fn to_nix_base32(bytes: &[u8]) -> String {
     let len = (bytes.len() * 8 - 1) / 5 + 1;
@@ -127,8 +138,19 @@ pub(crate) fn fingerprint_path(
 }
 
 pub(crate) fn sign_string(sign_key: &SigningKey, msg: &str) -> String {
-    let signature = libnixstore::sign_detached(&sign_key.key, msg);
-    let base64 = general_purpose::STANDARD.encode(signature);
+    let mut signature = vec![0u8; 64]; // crypto_sign_BYTES -> 64
+    let mut signature_len : usize = 0;
+    let msg = msg.as_bytes();
+    unsafe {
+        crypto_sign_detached(
+            signature.as_mut_ptr(),
+            &mut signature_len,
+            msg.as_ptr(),
+            msg.len(),
+            sign_key.key.as_ptr(),
+        )
+    };
+    let base64 = general_purpose::STANDARD.encode(&signature[..signature_len]);
     format!("{}:{}", sign_key.name, base64)
 }
 

diff --git a/libnixstore/README.md b/libnixstore/README.md
@@ -1,16 +1,12 @@
 # libnixstore
 
-Is a library that provides simple access to your local nix store, based on c++
-bindings. It mimics the already available perl bindings but also adds bindings
-on top, that might be useful.
+These are libnix bindings required by harmonia to communicate with the local nix daemon.
+Over time we will replace the dependencies on libnix with rust-native code.
 
 Note: This project provides bindings, this makes the project automatically unsafe.
 
 Supported nix version:
-- nix 2.8
-- nix 2.9
-- nix 2.10
-- nix 2.11
+- nix 2.24
 
 ## Requirements
 
@@ -26,7 +22,6 @@ stdenv.mkDerivation {
     # required
     nix
     nlohmann_json
-    libsodium
     boost
 
     # additional packages you might need

diff --git a/libnixstore/build.rs b/libnixstore/build.rs
@@ -5,7 +5,6 @@ fn main() {
 
     pkg_config::probe_library("nix-store").unwrap();
     pkg_config::probe_library("nix-main").unwrap();
-    pkg_config::probe_library("libsodium").unwrap();
 
     let includedir =
         pkg_config::get_variable("nix-store", "includedir").expect("Failed to get includedir");

diff --git a/libnixstore/include/nix.h b/libnixstore/include/nix.h
@@ -10,8 +10,6 @@ rust::String query_path_hash(rust::Str path);
 InternalPathInfo query_path_info(rust::Str path, bool base32);
 rust::String query_path_from_hash_part(rust::Str hash_part);
 rust::String sign_string(rust::Str secret_key, rust::Str msg);
-rust::Vec<unsigned char>
-sign_detached(rust::Slice<const unsigned char> secret_key, rust::Str msg);
 rust::String get_store_dir();
 rust::String get_real_store_dir();
 rust::String get_build_log(rust::Str derivation_path);

diff --git a/libnixstore/src/lib.rs b/libnixstore/src/lib.rs
@@ -29,7 +29,6 @@ mod ffi {
         fn query_path_hash(path: &str) -> Result<String>;
         fn query_path_info(path: &str, base32: bool) -> Result<InternalPathInfo>;
         fn query_path_from_hash_part(hash_part: &str) -> Result<String>;
-        fn sign_detached(secret_key: &[u8], msg: &str) -> Vec<u8>;
         fn get_store_dir() -> String;
         fn get_real_store_dir() -> String;
         fn get_build_log(derivation_path: &str) -> Result<String>;
@@ -129,12 +128,6 @@ pub fn query_path_from_hash_part(hash_part: &str) -> Option<String> {
     }
 }
 
-#[inline]
-/// Return a detached signature of the given string.
-pub fn sign_detached(secret_key: &[u8], msg: &str) -> Vec<u8> {
-    ffi::sign_detached(secret_key, msg)
-}
-
 #[inline]
 #[must_use]
 /// Returns the path to the directory where nix store sources and derived files.

diff --git a/libnixstore/src/nix.cpp b/libnixstore/src/nix.cpp
@@ -14,7 +14,6 @@
 #include <nix/nar-accessor.hh>
 
 #include <nlohmann/json.hpp>
-#include <sodium.h>
 
 #include <stdlib.h>
 
@@ -127,22 +126,6 @@ rust::String query_path_from_hash_part(rust::Str hash_part) {
       get_store()->queryPathFromHashPart(STRING_VIEW(hash_part)));
 }
 
-rust::Vec<unsigned char>
-sign_detached(rust::Slice<const unsigned char> secret_key, rust::Str msg) {
-  rust::Vec<unsigned char> sig;
-  sig.reserve(crypto_sign_BYTES);
-  unsigned long long sigLen;
-  for (size_t i = 0; i < crypto_sign_BYTES; i++) {
-    sig.push_back(0);
-  }
-
-  crypto_sign_detached(sig.data(), &sigLen, (unsigned char *)msg.data(),
-                       msg.size(), (unsigned char *)secret_key.data());
-  sig.truncate(sigLen);
-
-  return sig;
-}
-
 rust::String get_store_dir() {
   return nix::settings.nixStore;
 }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -34,3 +34,6 @@ url = "2.4.1"


		libnixstore = { path = "../libnixstore" }

		[build-dependencies]
		pkg-config = "0.3"