guile-fediverse

Add pem encoding and decoding for rsa public keys

Julien LepillerSat May 02 23:54:19+0200 2020

3d589f0

Add pem encoding and decoding for rsa public keys

Makefile.am

   activitystreams/predicates.scm \
   activitystreams/vocabulary.scm \
   http-signature/asn1.scm \
   http-signature/crypto.scm \
   http-signature/vocabulary.scm \
   webfinger/webfinger.scm

http-signature/asn1.scm

   (make-asn1-type
     "bitstring" 3 #t #t
     (lambda (bv pos len)
       (let ((ans (make-bytevector len)))
         (bytevector-copy! bv pos ans 0 len)
       (let ((ans (make-bytevector (- len 1))))
         (bytevector-copy! bv (+ pos 1) ans 0 (- len 1))
         ans))
     (lambda (value)
       value)
       (let ((ans (make-bytevector (+ (bytevector-length value) 1))))
         (bytevector-u8-set! ans 0 0)
         (bytevector-copy! value 0 ans 1 (bytevector-length value))
         ans))
     (lambda (value)
       (apply bv-append value))))

http-signature/crypto.scm

   #:use-module (gcrypt base64)
   #:use-module (gcrypt pk-crypto)
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-9)
   #:use-module (rnrs bytevectors)
   #:export (;; this file provides some functions to deal with asn.1, der and pem.
             asn.1?
             make-asn.1
             asn.1-type
             asn.1-len
             asn.1-val
             asn.1-compute-len
             asn.1->bv
             ;; this file also provides higher-level functions that produce
   #:use-module (http-signature asn1)
   #:export (;; this file also provides higher-level functions that produce
             ;; pem-encoded strings from gcrypt keys.
             pem-encode-public))
 (define-record-type asn.1
   (make-asn.1 type len val)
   asn.1?
   (type asn.1-type)
   (len  asn.1-len)
   (val  asn.1-val))
 (define (asn.1-compute-len asn)
   "Computes the length of values in an asn.1 record.  Return that record, where
 lengths are updated."
   (match asn
     (($ asn.1 type len val)
      (match type
        ('bool
         (match val
           ((? boolean? val)
            (make-asn.1 type 1 val))))
        ('int
         (match val
          ((? bytevector? val)
           (make-asn.1 type (bytevector-length val) val))))
        ('null
         (make-asn.1 type 0 val))
        ('sequence
         (let ((nval (map asn.1-compute-len val)))
           (make-asn.1 type (fold + 0 (map asn.1-full-length nval)) nval)))))))
 (define (asn.1-full-length asn)
   "Compute the length of an asn.1 record, including the length of its length
 field."
   (match asn
     (($ asn.1 type len val)
      (+ len 1 1 (if (> len 127) (nbits len) 0)))))
             pem-encode-public
             pem-decode-public))
 (define (nbits len)
   (if (< len 256) 1 (+ 1 (nbits (quotient len 256)))))
 (define (asn.1->bv asn)
   "Take an asn.1 where lengths are computed and returns a bytevector that
 corresponds to the DER encoding of that content."
   (let ((bv (make-bytevector (asn.1-full-length asn))))
     (match asn
       (($ asn.1 type len val)
        (let ((val-pos (if (> len 127) (+ 2 (nbits len)) 2)))
          (bytevector-u8-set! bv 1 (if (> len 127) (+ 128 (nbits len)) len))
          (when (> len 127)
            (let loop ((val len) (pos (- val-pos 1)))
              (when (> val 0)
                (bytevector-u8-set! bv pos (modulo val 256))
                (loop (quotient val 256) (- pos 1)))))
          (match type
            ('bool
             (begin
               (bytevector-u8-set! bv 0 #x01)
               (bytevector-u8-set! bv val-pos (if val 255 0))))
            ('int
             (begin
               (bytevector-u8-set! bv 0 #x02)
               (bytevector-copy! val 0 bv val-pos (bytevector-length val))))
            ('null
             (bytevector-u8-set! bv 0 #x05))
            ('sequence
             (begin
               (bytevector-u8-set! bv 0 #x30)
               (let loop ((val (map asn.1->bv val)) (pos val-pos))
                 (when (not (null? val))
                   (bytevector-copy! (car val) 0 bv pos (bytevector-length (car val)))
                   (loop (cdr val) (+ pos (bytevector-length (car val))))))))))))
     bv))
 (define pkcs1-type (asn1:sequence asn1:int-bv asn1:int-bv))
 (define pkcs8-type (asn1:sequence (asn1:sequence asn1:object-identifier asn1:null)
                                   asn1:bitstring))
 (define (asn.1->string asn)
   "Return the PEM-encoded representation of the @var{asn} record."
   (base64-encode (asn.1->bv asn)))
   (base64-encode asn))
 (define (public-key->pkcs1-asn.1 pk)
   "Return the ASN.1 representation of @var{pk}, an RSA public key, using the
 PKCS#1 representation."
   (asn.1-compute-len
     (match (canonical-sexp->sexp pk)
       (('public-key ('rsa ('n n) ('e e)))
        (make-asn.1
          'sequence #f
          (list
            (make-asn.1 'int #f n)
            (make-asn.1 'int #f e))))))))
   (match (canonical-sexp->sexp pk)
     (('public-key ('rsa ('n n) ('e e)))
      (encode-asn1 pkcs1-type (list n e)))))
 (define (public-key->pkcs8-asn.1 pk)
   "Return the ASN.1 representation of @var{pk}, a public key, using the PKCS#8
 representation.  Currently only RSA keys can be transformed."
   (asn.1-compute-len
     (match (canonical-sexp->sexp pk)
       (('public-key ('rsa ('n n) ('e e)))
        (make-asn.1
          'sequence #f
          (list
            (make-asn.1)
            (make-asn.1))))))
   (match (canonical-sexp->sexp pk)
     (('public-key ('rsa ('n n) ('e e)))
      (encode-asn1 pkcs8-type
                   (list (list (list 1 2 840 113549 1 1 1) #f)
                         (public-key->pkcs1-asn.1 pk))))))
 (define (cut-str str n)
   "Cut a string @var{str} at @var{n} characters by placing a @code{\\n}, so that
   "Return the PEM-encoded version of the public key in @var{keypair}, an RSA
 keypair."
   (let* ((public (find-sexp-token keypair 'public-key))
          (asn (public-key->pkcs1-asn.1 public)))
          (asn (public-key->pkcs8-asn.1 public)))
     (string-append
       "-----BEGIN RSA PUBLIC KEY-----\n"
       "-----BEGIN PUBLIC KEY-----\n"
       (cut-str (asn.1->string asn) 64)
       "\n-----END RSA PUBLIC KEY-----")))
       "\n-----END PUBLIC KEY-----")))
 (define (decode-pkcs1 der)
   (let ((data (decode-asn1 der pkcs1-type)))
     (match data
       ((n e) (sexp->canonical-sexp `(public-key (rsa (n ,n) (e ,e))))))))
 (define (decode-pkcs8 der)
   (let ((data (decode-asn1 der pkcs8-type)))
     (match data
       (((_ _) bs) (decode-pkcs1 bs)))))
 (define (pem-decode-public str)
   "Return a public-key from the PEM-encoded key in @var{str}."
   (let* ((lines (string-split str #\newline))
          (first-line (car lines))
          (lines (cdr (reverse (cdr (reverse lines))))))
     (match first-line
       ("-----BEGIN PUBLIC KEY-----"
        (let loop ((content '()) (lines lines))
          (match lines
            (() (throw 'invalid-key))
            ((line lines ...)
             (if (equal? line "-----END PUBLIC KEY-----")
                 (decode-pkcs8 (base64-decode (string-join (reverse content) "")))
                 (loop (cons line content) lines))))))
       ("-----BEGIN RSA PUBLIC KEY-----"
        (let loop ((content '()) (lines lines))
          (match lines
            (() (throw 'invalid-key))
            ((line lines ...)
             (if (equal? line "-----END RSA PUBLIC KEY-----")
                 (decode-pkcs1 (base64-decode (string-join (reverse content) "")))
                 (loop (cons line content) lines))))))
       (_ (throw 'unrecognised-key-type)))))