1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
|
\input texinfo
@c -*-texinfo-*-
@c %**start of header
@setfilename guile-gcrypt.info
@documentencoding UTF-8
@settitle Guile-Gcrypt Reference Manual
@c %**end of header
@include version.texi
@copying
Copyright @copyright{} 2018, 2019, 2020, 2021, 2022 Ludovic Courtès@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
any later version published by the Free Software Foundation; with no
Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A
copy of the license is included in the section entitled ``GNU Free
Documentation License''.
@end copying
@dircategory The Algorithmic Language Scheme
@direntry
* Guile-Gcrypt: (guile-gcrypt). Cryptographic library for Guile.
@end direntry
@titlepage
@title Guile-Gcrypt Reference Manual
@author The Guile-Gcrypt Developers
@page
@vskip 0pt plus 1filll
Edition @value{EDITION} @*
@value{UPDATED} @*
@insertcopying
@end titlepage
@contents
@c *********************************************************************
@node Top
@top Guile-Gcrypt
This manual documents Guile-Gcrypt, a Guile 2.x/3.x interface to the
GNU@tie{}Libgcrypt crytographic library, which is itself used by the
GNU@tie{}Privacy Guard (GPG). @xref{Top,,, gcrypt, The Libgcrypt
Library}, for more information on Libgcrypt.
Actually this is very much a stub more than an actual manual. Please
visit @uref{https://notabug.org/cwebber/guile-gcrypt} or email
@email{guile-user@@gnu.org} if you'd like to give a hand!
@menu
* Introduction:: Getting started.
* Hash Functions:: SHA1 and its friends.
* Message Authentication Codes:: MACs.
* Public-Key Cryptography:: Signing and encrypting.
* Random Numbers:: Generating random numbers.
* Miscellany:: Bonuses!
* GNU Free Documentation License:: The license of this manual.
* Index:: Index of concepts and procedures.
@end menu
@node Introduction
@chapter Introduction
@cindex modules
Libgcrypt functionality is exposed in a set of Guile modules in the
@code{(gcrypt @dots{})} name space (@pxref{Modules,,, guile, The Guile
Reference Manual}). Each module provides specific functionality from
Libgcrypt. For example, the following code imports cryptographic hash
functions:
@lisp
(use-modules (gcrypt hash))
@end lisp
@findex string->canonical-sexp
Procedure names are not a direct mapping of the C function names;
instead, more ``Schemey'' names are chosen for your enjoyment. For
example, the Libgcrypt's C function called @code{gcry_sexp_new} is
exposed in Scheme as the @code{string->canonical-sexp} procedure in the
@code{(gcrypt pk-crypto)}---more pleasant to the eye, no?
@cindex error handling
@cindex exceptions
When an error occurs, Guile-Gcrypt procedures raise an exception with
the key @code{'gcry-error} (@pxref{Exceptions,,, guile, The Guile
Reference Manual}). Exceptions have two arguments: the name of the
procedure that raised it, and an @dfn{error number}. The @code{(gcrypt
common)} modules provides procedures to interpret error numbers:
@code{error-source} and @code{error-string}. Here's an example showing
how you could report Libgcrypt errors to the user:
@lisp
(catch 'gcry-error
(lambda ()
;; Do something with Guile-Gcrypt...
)
(lambda (key proc err)
(format (current-error-port) "error from '~a': ~a: ~a~%"
proc (error-source err) (error-string err))))
@end lisp
These two procedures are detailed below. You can also refer to one of
the @code{error/} constants exported by @code{(gcrypt common)} when
looking for a specific error:
@lisp
(catch 'gcry-error
(lambda ()
;; Do something with Guile-Gcrypt...
)
(lambda (key proc err)
(if (error-code=? err error/bad-signature)
(format (current-error-port) "Uh oh, bad signature!\n")
(format (current-error-port) @dots{}))))
@end lisp
@deffn {Scheme Procedure} error-source @var{err}
Return the error source (a string) for @var{err}, an error code as thrown
along with @code{gcry-error}.
@end deffn
@deffn {Scheme Procedure} error-string @var{err}
Return the error description (a string) for @var{err}, an error code as
thrown along with @code{gcry-error}.
@end deffn
@node Hash Functions
@chapter Hash Functions
The @code{(gcrypt hash)} module exports @dfn{cryptographic hash
functions} (@pxref{Hashing,,, gcrypt, The Libgcrypt Library}).
The procedures below all take a @dfn{hash algorithm} as an argument;
these are constructed using the @code{hash-algorithm} macro, as in this
example:
@example
(hash-algorithm sha1)
@end example
Alternately, you can look up a hash algorithm by name using the
@code{lookup-hash-algorithm} procedure:
@example
(lookup-hash-algorithm 'blake2b-512)
@end example
The following macros and procedures allow you to deal with algorithms.
@deffn {Scheme Syntax} hash-algorithm @var{id}
Return the hash algorithm for @var{id}, a lower-case identifier such as
@code{sha1}, @code{whirlpool}, or @code{blake2b-512}. A syntax error
is raised when @var{id} doesn't match any know algorithm.
@end deffn
@deffn {Scheme Procedure} lookup-hash-algorithm @var{id}
Return the hash algorithm corresponding to @var{id}, a symbol, or
@code{#f} if @var{id} does not denote a known hash algorithm.
@end deffn
@deffn {Scheme Procedure} hash-algorithm-name @var{algorithm}
Return the name, a symbol, of @var{algorithm}, a value as returned by
@code{hash-algorithm}.
@end deffn
@deffn {Scheme Procedure} hash-size @var{algorithm}
Return the size in bytes of hashes produced by @var{algorithm}.
@end deffn
The procedures below offer several ways to compute a hash.
@deffn {Scheme Procedure} bytevector-hash @var{bv} @var{algorithm}
@deffnx {Scheme Procedure} crc32 @var{bv}
@deffnx {Scheme Procedure} sha1 @var{bv}
@deffnx {Scheme Procedure} sha256 @var{bv}
@deffnx {Scheme Procedure} sha512 @var{bv}
@deffnx {Scheme Procedure} sha3-512 @var{bv}
Return the hash @var{algorithm} of @var{bv} as a bytevector.
Shorthand procedures like @code{sha256} are available for all the
algorithms that are valid identifiers for @code{hash-algorithm} though
for brevity only a handful are listed here.
@end deffn
@deffn {Scheme Procedure} open-hash-port @var{algorithm}
@deffnx {Scheme Procedure} open-sha256-port
Return two values: an output port, and a thunk. When the thunk is
called, it returns the hash (a bytevector) for @var{algorithm} of all
the data written to the output port.
@end deffn
@deffn {Scheme Procedure} port-hash @var{algorithm} @var{port}
@deffnx {Scheme Procedure} port-sha256 @var{port}
Return the @var{algorithm} hash (a bytevector) of all the data drained
from @var{port}.
@end deffn
@deffn {Scheme Procedure} file-hash @var{algorithm} @var{file}
@deffnx {Scheme Procedure} file-sha256 @var{file}
Return the @var{algorithm} hash (a bytevector) of @var{file}.
@end deffn
@deffn {Scheme Procedure} open-hash-port @var{algorithm} @var{port}
@deffnx {Scheme Procedure} open-sha256-port @var{port}
Return an input port that wraps @var{port} and a thunk to get the hash
of all the data read from @var{port}. The thunk always returns the same
value.
@end deffn
@deffn {Scheme Procedure} open-hash-input-port @var{algorithm} @var{port}
@deffnx {Scheme Procedure} open-sha256-input-port @var{port}
Return an input port that wraps @var{port} and a thunk to get the hash
of all the data read from @var{port}. The thunk always returns the same
value.
@end deffn
@node Message Authentication Codes
@chapter Message Authentication Codes
The @code{(gcrypt mac)} module provides procedures to deal with
@dfn{message authentication codes} or @dfn{MACs} (@pxref{Message
Authentication Codes,,, gcrypt, The Libgcrypt Library}).
@quotation Note
Guile-Gcrypt 0.1.0 provided this functionality in the @code{(gcrypt
hmac)} module. This module is still provided for backward
compatibility, with the same interface as before, but it is deprecated
and will be removed in future versions.
@end quotation
Similar to how hash functions are handled (@pxref{Hash Functions}), the
@code{mac-algorithm} macro can be used to construct a MAC algorithm:
@example
(mac-algorithm hmac-sha3-512)
@end example
The following macros and procedures allow you to deal with algorithms.
@deffn {Scheme Syntax} mac-algorithm @var{id}
Return the MAC algorithm for @var{id}, a lower-case identifier such as
@code{sha256}. A syntax error is raised when @var{id} doesn't match any
know algorithm.
@end deffn
@deffn {Scheme Procedure} lookup-mac-algorithm @var{id}
Return the MAC algorithm corresponding to @var{id}, a symbol, or
@code{#f} if @var{id} does not denote a known MAC algorithm.
@end deffn
@deffn {Scheme Procedure} mac-algorithm-name @var{algorithm}
Return the name, a symbol, of @var{algorithm}, a value as returned by
@code{mac-algorithm}.
@end deffn
@deffn {Scheme Procedure} mac-size @var{algorithm}
Return the size in bytes of MACs produced by @var{algorithm}.
@end deffn
@c TODO
@quotation Warning
This section is incomplete.
@end quotation
@node Public-Key Cryptography
@chapter Public-Key Cryptography
@cindex public-key cryptography
@cindex canonical S-expressions
Tools for @dfn{public-key cryptography} (@pxref{Public Key
cryptography,,, gcrypt, The Libgcrypt Library}) are provided by the
@code{(gcrypt pk-crypto)} module.
This module includes code to deal with @dfn{canonical S-expressions} (or
``sexps'') @uref{http://people.csail.mit.edu/rivest/Sexp.txt, as defined
by Rivest et al.} They are used to specify public-key cryptography
parameters (@pxref{Used S-expressions,,, gcrypt, The Libgcrypt
Library}). Naturally, there are procedures to convert a Guile sexp to a
Libgcrypt canonical sexp object and @i{vice versa}:
@deffn {Scheme Procedure} canonical-sexp->sexp @var{sexp}
Return a Scheme sexp corresponding to @var{sexp}. This is particularly useful to
compare sexps (since Libgcrypt does not provide an @code{equal?} procedure), or to
use pattern matching.
@end deffn
@deffn {Scheme Procedure} sexp->canonical-sexp @var{sexp}
Return a canonical sexp equivalent to @var{sexp}, a Scheme sexp as returned by
@code{canonical-sexp->sexp}.
@end deffn
@deffn {Scheme Procedure} string->canonical-sexp @var{str}
Parse @var{str} and return the corresponding gcrypt s-expression.
@end deffn
@deffn {Scheme Procedure} canonical-sexp->string @var{sexp}
Return a textual representation of @var{sexp}.
@end deffn
@cindex key pair generation
@cindex generating key pairs
For example, here is how you would generate an Ed25519 key pair and
display its public key as a canonical sexp:
@findex generate-key
@findex find-sexp-token
@lisp
(use-modules (gcrypt pk-crypto))
(let* ((parameters (sexp->canonical-sexp
'(genkey
(ecdsa (curve Ed25519) (flags rfc6979)))))
(pair (generate-key parameters))
(public (find-sexp-token pair 'public-key)))
(display (canonical-sexp->string public)))
@print{}
(public-key
(ecc
(curve Ed25519)
(q #141D9C42@dots{}CE853B#)
)
)
@end lisp
Notice that we did @emph{not} pass @code{pair} to
@code{canonical-sexp->sexp}: that would have worked, but the private key
would have been copied to memory managed by the garbage collector, which
is a security risk---Libgcrypt might have stored the private key in
so-called ``secure memory'' protected from swap, whereas Guile does no
such thing for its objects (@pxref{Initializing the library, secure
memory,, gcrypt, The Libgcrypt Library}). Thus the above example uses
@code{find-sexp-token}, which accesses the canonical sexp directly, in
search for the @code{public-key} symbol.
Those canonical sexps are the basic way to communicate information to
public-key crytography routines. The following procedures, for example,
are available to make and verify cryptographic signatures.
@deffn {Scheme Procedure} bytevector->hash-data @var{bv} @
[@var{hash-algo} "sha256"] [#:key-type 'ecc]
Given @var{bv}, a bytevector containing a hash of type @var{hash-algo},
return an s-expression suitable for use as the @var{data} argument for
@code{sign} (see below). @var{key-type} must be a symbol: @code{'dsa},
@code{'ecc}, or @code{'rsa}.
@end deffn
@deffn {Scheme Procedure} sign @var{data} @var{secret-key}
Sign @var{data}, a canonical s-expression representing a suitable hash,
with @var{secret-key} (a canonical s-expression whose car is
@code{private-key}.) Note that @var{data} must be a @code{data}
s-expression, as returned by @code{bytevector->hash-data}
(@pxref{Cryptographic Functions,,, gcrypt, The Libgcrypt Libgcrypt}).
@end deffn
@deffn {Scheme Procedure} verify @var{signature} @var{data} @var{public-key}
Verify that @var{signature} is a signature of @var{data} with
@var{public-key}, all of which are gcrypt s-expressions; return
@code{#t} if the verification was successful, @code{#f} otherwise.
Raise an error if, for example, one of the given s-expressions is
invalid.
@end deffn
As an example, assuming @var{pair} is bound to the canonical sexp
representation of a key pair (as returned by @code{generate-key}), the
following snippet signs a string and verifies its signature:
@lisp
(let* ((secret (find-sexp-token pair 'private-key))
(public (find-sexp-token pair 'public-key))
(data (bytevector->hash-data
(sha256 (string->utf8 "Hello, world."))
#:key-type (key-type public)))
(sig (sign data secret)))
(verify sig data public))
@result{} #t
@end lisp
@xref{Used S-expressions,,, gcrypt, The Libgcrypt Library}, for more
information on the canonical sexps consumed and produced by public-key
cryptography functions.
@node Random Numbers
@chapter Random Numbers
The @code{(gcrypt random)} module provides tools to generate random
number of different quality levels (@pxref{Random Numbers,,, gcrypt, The
Libgcrypt Library}).
@node Miscellany
@chapter Miscellany
As a bonus, Guile-Gcrypt provides two useful modules:
@itemize
@item @code{(gcrypt base16)} provides procedures to encode and decode
hexadecimal strings;
@item @code{(gcrypt base64)} provides procedures to encode and decode
base64 strings as defined in @uref{https://tools.ietf.org/html/rfc4648,
RFC 4648}.
@end itemize
@c *********************************************************************
@node GNU Free Documentation License
@appendix GNU Free Documentation License
@cindex license, GNU Free Documentation License
@include fdl-1.3.texi
@c *********************************************************************
@node Index
@unnumbered Index
@printindex cp
@syncodeindex tp fn
@syncodeindex vr fn
@printindex fn
@bye
@c Local Variables:
@c ispell-local-dictionary: "american";
@c End:
|
