1 files changed, 22 insertions, 32 deletions

diff --git a/src/libstore/crypto.cc b/src/libstore/crypto.cc
index 9ec8abd22..1027469c9 100644
--- a/src/libstore/crypto.cc
+++ b/src/libstore/crypto.cc
@@ -2,21 +2,19 @@
 #include "util.hh"
 #include "globals.hh"
 
-#if HAVE_SODIUM
 #include <sodium.h>
-#endif
 
 namespace nix {
 
-static std::pair<std::string, std::string> split(const string & s)
+static std::pair<std::string_view, std::string_view> split(std::string_view s)
 {
     size_t colon = s.find(':');
     if (colon == std::string::npos || colon == 0)
         return {"", ""};
-    return {std::string(s, 0, colon), std::string(s, colon + 1)};
+    return {s.substr(0, colon), s.substr(colon + 1)};
 }
 
-Key::Key(const string & s)
+Key::Key(std::string_view s)
 {
     auto ss = split(s);
 
@@ -29,62 +27,57 @@ Key::Key(const string & s)
     key = base64Decode(key);
 }
 
-SecretKey::SecretKey(const string & s)
-    : Key(s)
+std::string Key::to_string() const
 {
-#if HAVE_SODIUM
-    if (key.size() != crypto_sign_SECRETKEYBYTES)
-        throw Error("secret key is not valid");
-#endif
+    return name + ":" + base64Encode(key);
 }
 
-#if !HAVE_SODIUM
-[[noreturn]] static void noSodium()
+SecretKey::SecretKey(std::string_view s)
+    : Key(s)
 {
-    throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
+    if (key.size() != crypto_sign_SECRETKEYBYTES)
+        throw Error("secret key is not valid");
 }
-#endif
 
-std::string SecretKey::signDetached(const std::string & data) const
+std::string SecretKey::signDetached(std::string_view data) const
 {
-#if HAVE_SODIUM
     unsigned char sig[crypto_sign_BYTES];
     unsigned long long sigLen;
     crypto_sign_detached(sig, &sigLen, (unsigned char *) data.data(), data.size(),
         (unsigned char *) key.data());
     return name + ":" + base64Encode(std::string((char *) sig, sigLen));
-#else
-    noSodium();
-#endif
 }
 
 PublicKey SecretKey::toPublicKey() const
 {
-#if HAVE_SODIUM
     unsigned char pk[crypto_sign_PUBLICKEYBYTES];
     crypto_sign_ed25519_sk_to_pk(pk, (unsigned char *) key.data());
     return PublicKey(name, std::string((char *) pk, crypto_sign_PUBLICKEYBYTES));
-#else
-    noSodium();
-#endif
 }
 
-PublicKey::PublicKey(const string & s)
+SecretKey SecretKey::generate(std::string_view name)
+{
+    unsigned char pk[crypto_sign_PUBLICKEYBYTES];
+    unsigned char sk[crypto_sign_SECRETKEYBYTES];
+    if (crypto_sign_keypair(pk, sk) != 0)
+        throw Error("key generation failed");
+
+    return SecretKey(name, std::string((char *) sk, crypto_sign_SECRETKEYBYTES));
+}
+
+PublicKey::PublicKey(std::string_view s)
     : Key(s)
 {
-#if HAVE_SODIUM
     if (key.size() != crypto_sign_PUBLICKEYBYTES)
         throw Error("public key is not valid");
-#endif
 }
 
 bool verifyDetached(const std::string & data, const std::string & sig,
     const PublicKeys & publicKeys)
 {
-#if HAVE_SODIUM
     auto ss = split(sig);
 
-    auto key = publicKeys.find(ss.first);
+    auto key = publicKeys.find(std::string(ss.first));
     if (key == publicKeys.end()) return false;
 
     auto sig2 = base64Decode(ss.second);
@@ -94,9 +87,6 @@ bool verifyDetached(const std::string & data, const std::string & sig,
     return crypto_sign_verify_detached((unsigned char *) sig2.data(),
         (unsigned char *) data.data(), data.size(),
         (unsigned char *) key->second.key.data()) == 0;
-#else
-    noSodium();
-#endif
 }
 
 PublicKeys getDefaultPublicKeys()