From 555152ffe8494190ca42dd481991c9b54759f686 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Wed, 6 Jan 2021 17:04:46 +0100
Subject: [PATCH] crypto.cc: API cleanup and add generate() / to_string()
 methods

---
 src/libstore/crypto.cc     | 33 ++++++++++++++++++++++++++-------
 src/libstore/crypto.hh     | 24 ++++++++++++++++--------
 src/nix-store/nix-store.cc | 17 +++--------------
 3 files changed, 45 insertions(+), 29 deletions(-)

diff --git a/src/libstore/crypto.cc b/src/libstore/crypto.cc
index 9ec8abd22..135ced277 100644
--- a/src/libstore/crypto.cc
+++ b/src/libstore/crypto.cc
@@ -8,15 +8,15 @@
 
 namespace nix {
 
-static std::pair<std::string, std::string> split(const string & s)
+static std::pair<std::string_view, std::string_view> split(std::string_view s)
 {
     size_t colon = s.find(':');
     if (colon == std::string::npos || colon == 0)
         return {"", ""};
-    return {std::string(s, 0, colon), std::string(s, colon + 1)};
+    return {s.substr(0, colon), s.substr(colon + 1)};
 }
 
-Key::Key(const string & s)
+Key::Key(std::string_view s)
 {
     auto ss = split(s);
 
@@ -29,7 +29,12 @@ Key::Key(const string & s)
     key = base64Decode(key);
 }
 
-SecretKey::SecretKey(const string & s)
+std::string Key::to_string() const
+{
+    return name + ":" + base64Encode(key);
+}
+
+SecretKey::SecretKey(std::string_view s)
     : Key(s)
 {
 #if HAVE_SODIUM
@@ -45,7 +50,7 @@ SecretKey::SecretKey(const string & s)
 }
 #endif
 
-std::string SecretKey::signDetached(const std::string & data) const
+std::string SecretKey::signDetached(std::string_view data) const
 {
 #if HAVE_SODIUM
     unsigned char sig[crypto_sign_BYTES];
@@ -69,7 +74,21 @@ PublicKey SecretKey::toPublicKey() const
 #endif
 }
 
-PublicKey::PublicKey(const string & s)
+SecretKey SecretKey::generate(std::string_view name)
+{
+#if HAVE_SODIUM
+    unsigned char pk[crypto_sign_PUBLICKEYBYTES];
+    unsigned char sk[crypto_sign_SECRETKEYBYTES];
+    if (crypto_sign_keypair(pk, sk) != 0)
+        throw Error("key generation failed");
+
+    return SecretKey(name, std::string((char *) sk, crypto_sign_SECRETKEYBYTES));
+#else
+    noSodium();
+#endif
+}
+
+PublicKey::PublicKey(std::string_view s)
     : Key(s)
 {
 #if HAVE_SODIUM
@@ -84,7 +103,7 @@ bool verifyDetached(const std::string & data, const std::string & sig,
 #if HAVE_SODIUM
     auto ss = split(sig);
 
-    auto key = publicKeys.find(ss.first);
+    auto key = publicKeys.find(std::string(ss.first));
     if (key == publicKeys.end()) return false;
 
     auto sig2 = base64Decode(ss.second);
diff --git a/src/libstore/crypto.hh b/src/libstore/crypto.hh
index 9110af3aa..03f85c103 100644
--- a/src/libstore/crypto.hh
+++ b/src/libstore/crypto.hh
@@ -13,32 +13,40 @@ struct Key
 
     /* Construct Key from a string in the format
        ‘<name>:<key-in-base64>’. */
-    Key(const std::string & s);
+    Key(std::string_view s);
+
+    std::string to_string() const;
 
 protected:
-    Key(const std::string & name, const std::string & key)
-        : name(name), key(key) { }
+    Key(std::string_view name, std::string && key)
+        : name(name), key(std::move(key)) { }
 };
 
 struct PublicKey;
 
 struct SecretKey : Key
 {
-    SecretKey(const std::string & s);
+    SecretKey(std::string_view s);
 
     /* Return a detached signature of the given string. */
-    std::string signDetached(const std::string & s) const;
+    std::string signDetached(std::string_view s) const;
 
     PublicKey toPublicKey() const;
+
+    static SecretKey generate(std::string_view name);
+
+private:
+    SecretKey(std::string_view name, std::string && key)
+        : Key(name, std::move(key)) { }
 };
 
 struct PublicKey : Key
 {
-    PublicKey(const std::string & data);
+    PublicKey(std::string_view data);
 
 private:
-    PublicKey(const std::string & name, const std::string & key)
-        : Key(name, key) { }
+    PublicKey(std::string_view name, std::string && key)
+        : Key(name, std::move(key)) { }
     friend struct SecretKey;
 };
 
diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc
index e1ccece99..e43788bc3 100644
--- a/src/nix-store/nix-store.cc
+++ b/src/nix-store/nix-store.cc
@@ -19,10 +19,6 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 
-#if HAVE_SODIUM
-#include <sodium.h>
-#endif
-
 
 namespace nix_store {
 
@@ -980,18 +976,11 @@ static void opGenerateBinaryCacheKey(Strings opFlags, Strings opArgs)
     string secretKeyFile = *i++;
     string publicKeyFile = *i++;
 
-#if HAVE_SODIUM
-    unsigned char pk[crypto_sign_PUBLICKEYBYTES];
-    unsigned char sk[crypto_sign_SECRETKEYBYTES];
-    if (crypto_sign_keypair(pk, sk) != 0)
-        throw Error("key generation failed");
+    auto secretKey = SecretKey::generate(keyName);
 
-    writeFile(publicKeyFile, keyName + ":" + base64Encode(string((char *) pk, crypto_sign_PUBLICKEYBYTES)));
+    writeFile(publicKeyFile, secretKey.toPublicKey().to_string());
     umask(0077);
-    writeFile(secretKeyFile, keyName + ":" + base64Encode(string((char *) sk, crypto_sign_SECRETKEYBYTES)));
-#else
-    throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
-#endif
+    writeFile(secretKeyFile, secretKey.to_string());
 }