version 1.125, 2016/10/05 15:58:50 |
version 1.126, 2016/10/06 22:38:25 |
|
|
sizeof(pubkey), O_EXCL, 0666); |
sizeof(pubkey), O_EXCL, 0666); |
} |
} |
|
|
static void |
static const char * |
check_keyname_compliance(const char *pubkeyfile, const char *seckeyfile) |
check_keyname_compliance(const char *pubkeyfile, const char *seckeyfile) |
{ |
{ |
size_t len; |
const char *pos; |
|
|
len = strlen(pubkeyfile); |
/* basename may or may not modify input */ |
if (strlen(seckeyfile) != len) |
pos = strrchr(seckeyfile, '/'); |
goto bad; |
if (pos != NULL) |
|
seckeyfile = pos+1; |
|
|
|
size_t len; |
|
len = strlen(seckeyfile); |
if (len < 5) /* ?.key */ |
if (len < 5) /* ?.key */ |
goto bad; |
goto bad; |
if (strcmp(pubkeyfile + len - 4, ".pub") != 0 || |
if (strcmp(seckeyfile + len - 4, ".sec") != 0) |
strcmp(seckeyfile + len - 4, ".sec") != 0) |
|
goto bad; |
goto bad; |
if (strncmp(pubkeyfile, seckeyfile, len - 4) != 0) |
if (pubkeyfile != NULL) { |
goto bad; |
pos = strrchr(pubkeyfile, '/'); |
|
if (pos != NULL) |
|
pubkeyfile = pos+1; |
|
|
return; |
if (strlen(pubkeyfile) != len) |
|
goto bad; |
|
if (strcmp(pubkeyfile + len - 4, ".pub") != 0) |
|
goto bad; |
|
if (strncmp(pubkeyfile, seckeyfile, len - 4) != 0) |
|
goto bad; |
|
} |
|
|
|
return seckeyfile; |
bad: |
bad: |
errx(1, "please use naming scheme of keyname.pub and keyname.sec"); |
errx(1, "please use naming scheme of keyname.pub and keyname.sec"); |
} |
} |
|
|
uint8_t xorkey[sizeof(enckey.seckey)]; |
uint8_t xorkey[sizeof(enckey.seckey)]; |
struct sig sig; |
struct sig sig; |
char *sighdr; |
char *sighdr; |
char *extname; |
|
uint8_t digest[SHA512_DIGEST_LENGTH]; |
uint8_t digest[SHA512_DIGEST_LENGTH]; |
int i, nr, rounds; |
int i, nr, rounds; |
SHA2_CTX ctx; |
SHA2_CTX ctx; |
|
|
|
|
readb64file(seckeyfile, &enckey, sizeof(enckey), comment); |
readb64file(seckeyfile, &enckey, sizeof(enckey), comment); |
|
|
extname = strrchr(seckeyfile, '.'); |
if (strcmp(seckeyfile, "-") == 0) { |
if (extname && strcmp(extname, ".sec") == 0) { |
nr = snprintf(sigcomment, sizeof(sigcomment), |
const char *keyname; |
"signature from %s", comment); |
/* basename may or may not modify input */ |
|
if (!(keyname = strrchr(seckeyfile, '/'))) |
|
keyname = seckeyfile; |
|
else |
|
keyname++; |
|
nr = snprintf(sigcomment, sizeof(sigcomment), |
|
VERIFYWITH "%.*s.pub", (int)strlen(keyname) - 4, keyname); |
|
if (nr == -1 || nr >= sizeof(sigcomment)) |
|
errx(1, "comment too long"); |
|
} else { |
} else { |
|
const char *keyname = check_keyname_compliance(NULL, |
|
seckeyfile); |
nr = snprintf(sigcomment, sizeof(sigcomment), |
nr = snprintf(sigcomment, sizeof(sigcomment), |
"signature from %s", comment); |
VERIFYWITH "%.*s.pub", (int)strlen(keyname) - 4, keyname); |
if (nr == -1 || nr >= sizeof(sigcomment)) |
|
errx(1, "comment too long"); |
|
} |
} |
|
if (nr == -1 || nr >= sizeof(sigcomment)) |
|
errx(1, "comment too long"); |
|
|
if (memcmp(enckey.kdfalg, KDFALG, 2) != 0) |
if (memcmp(enckey.kdfalg, KDFALG, 2) != 0) |
errx(1, "unsupported KDF"); |
errx(1, "unsupported KDF"); |