version 1.110, 2016/09/02 15:08:48 |
version 1.111, 2016/09/02 16:10:56 |
|
|
#include <sha2.h> |
#include <sha2.h> |
|
|
#include "crypto_api.h" |
#include "crypto_api.h" |
|
#include "signify.h" |
|
|
#define SIGBYTES crypto_sign_ed25519_BYTES |
#define SIGBYTES crypto_sign_ed25519_BYTES |
#define SECRETBYTES crypto_sign_ed25519_SECRETKEYBYTES |
#define SECRETBYTES crypto_sign_ed25519_SECRETKEYBYTES |
|
|
#ifndef VERIFYONLY |
#ifndef VERIFYONLY |
"\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n" |
"\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n" |
"\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n" |
"\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n" |
"\t%1$s -S [-e] [-x sigfile] -s seckey -m message\n" |
"\t%1$s -S [-ez] [-x sigfile] -s seckey -m message\n" |
#endif |
#endif |
"\t%1$s -V [-eq] [-x sigfile] -p pubkey -m message\n", |
"\t%1$s -V [-ezq] [-x sigfile] -p pubkey -m message\n", |
getprogname()); |
getprogname()); |
exit(1); |
exit(1); |
} |
} |
|
|
static int |
int |
xopen(const char *fname, int oflags, mode_t mode) |
xopen(const char *fname, int oflags, mode_t mode) |
{ |
{ |
struct stat sb; |
struct stat sb; |
|
|
return fd; |
return fd; |
} |
} |
|
|
static void * |
void * |
xmalloc(size_t len) |
xmalloc(size_t len) |
{ |
{ |
void *p; |
void *p; |
|
|
return msg; |
return msg; |
} |
} |
|
|
static void |
void |
writeall(int fd, const void *buf, size_t buflen, const char *filename) |
writeall(int fd, const void *buf, size_t buflen, const char *filename) |
{ |
{ |
ssize_t x; |
ssize_t x; |
|
|
sizeof(pubkey), O_EXCL, 0666); |
sizeof(pubkey), O_EXCL, 0666); |
} |
} |
|
|
static uint8_t * |
uint8_t * |
createsig(const char *seckeyfile, const char *msgfile, uint8_t *msg, |
createsig(const char *seckeyfile, const char *msgfile, uint8_t *msg, |
unsigned long long msglen) |
unsigned long long msglen) |
{ |
{ |
|
|
|
|
free(msg); |
free(msg); |
} |
} |
|
|
|
void * |
|
verifyzdata(uint8_t *zdata, unsigned long long zdatalen, |
|
const char *filename, const char *pubkeyfile, const char *keytype) |
|
{ |
|
struct sig sig; |
|
char sigcomment[COMMENTMAXLEN]; |
|
unsigned long long siglen; |
|
struct pubkey pubkey; |
|
|
|
if (zdatalen < sizeof(sig)) |
|
errx(1, "signature too short in %s", filename); |
|
siglen = parseb64file(filename, zdata, &sig, sizeof(sig), |
|
sigcomment); |
|
readpubkey(pubkeyfile, &pubkey, sigcomment, keytype); |
|
zdata += siglen; |
|
zdatalen -= siglen; |
|
verifymsg(&pubkey, zdata, zdatalen, &sig, 1); |
|
return zdata; |
|
} |
#endif |
#endif |
|
|
int |
int |
|
|
int ch, rounds; |
int ch, rounds; |
int embedded = 0; |
int embedded = 0; |
int quiet = 0; |
int quiet = 0; |
|
int gzip = 0; |
enum { |
enum { |
NONE, |
NONE, |
CHECK, |
CHECK, |
|
|
|
|
rounds = 42; |
rounds = 42; |
|
|
while ((ch = getopt(argc, argv, "CGSVc:em:np:qs:t:x:")) != -1) { |
while ((ch = getopt(argc, argv, "CGSVzc:em:np:qs:t:x:")) != -1) { |
switch (ch) { |
switch (ch) { |
#ifndef VERIFYONLY |
#ifndef VERIFYONLY |
case 'C': |
case 'C': |
|
|
usage(NULL); |
usage(NULL); |
verb = SIGN; |
verb = SIGN; |
break; |
break; |
|
case 'z': |
|
gzip = 1; |
|
break; |
#endif |
#endif |
case 'V': |
case 'V': |
if (verb) |
if (verb) |
|
|
err(1, "pledge"); |
err(1, "pledge"); |
break; |
break; |
case VERIFY: |
case VERIFY: |
if (embedded && (!msgfile || strcmp(msgfile, "-") != 0)) { |
if ((embedded || gzip) |
|
&& (!msgfile || strcmp(msgfile, "-") != 0)) { |
if (pledge("stdio rpath wpath cpath", NULL) == -1) |
if (pledge("stdio rpath wpath cpath", NULL) == -1) |
err(1, "pledge"); |
err(1, "pledge"); |
} else { |
} else { |
|
|
generate(pubkeyfile, seckeyfile, rounds, comment); |
generate(pubkeyfile, seckeyfile, rounds, comment); |
break; |
break; |
case SIGN: |
case SIGN: |
if (!msgfile || !seckeyfile) |
if (gzip) |
usage("must specify message and seckey"); |
zsign(seckeyfile, msgfile, sigfile); |
sign(seckeyfile, msgfile, sigfile, embedded); |
else { |
|
if (!msgfile || !seckeyfile) |
|
usage("must specify message and seckey"); |
|
sign(seckeyfile, msgfile, sigfile, embedded); |
|
} |
break; |
break; |
#endif |
#endif |
case VERIFY: |
case VERIFY: |
if (!msgfile) |
if (gzip) |
usage("must specify message"); |
zverify(pubkeyfile, msgfile, sigfile, keytype); |
verify(pubkeyfile, msgfile, sigfile, embedded, quiet, keytype); |
else { |
|
if (!msgfile) |
|
usage("must specify message"); |
|
verify(pubkeyfile, msgfile, sigfile, embedded, |
|
quiet, keytype); |
|
} |
break; |
break; |
default: |
default: |
usage(NULL); |
usage(NULL); |