version 1.50, 2014/03/07 19:53:33 |
version 1.51, 2014/03/16 17:58:28 |
|
|
#define COMMENTHDR "untrusted comment: " |
#define COMMENTHDR "untrusted comment: " |
#define COMMENTHDRLEN 19 |
#define COMMENTHDRLEN 19 |
#define COMMENTMAXLEN 1024 |
#define COMMENTMAXLEN 1024 |
|
#define VERIFYWITH "verify with " |
|
|
struct enckey { |
struct enckey { |
uint8_t pkalg[2]; |
uint8_t pkalg[2]; |
|
|
struct enckey enckey; |
struct enckey enckey; |
uint8_t xorkey[sizeof(enckey.seckey)]; |
uint8_t xorkey[sizeof(enckey.seckey)]; |
uint8_t *msg; |
uint8_t *msg; |
char comment[COMMENTMAXLEN], sigcomment[1024]; |
char comment[COMMENTMAXLEN], sigcomment[COMMENTMAXLEN]; |
|
char *secname; |
unsigned long long msglen; |
unsigned long long msglen; |
int i, rounds; |
int i, rounds; |
SHA2_CTX ctx; |
SHA2_CTX ctx; |
|
|
explicit_bzero(&enckey, sizeof(enckey)); |
explicit_bzero(&enckey, sizeof(enckey)); |
|
|
memcpy(sig.pkalg, PKALG, 2); |
memcpy(sig.pkalg, PKALG, 2); |
if (snprintf(sigcomment, sizeof(sigcomment), "signature from %s", |
if ((secname = strstr(seckeyfile, ".sec")) && strlen(secname) == 4) { |
comment) >= sizeof(sigcomment)) |
if (snprintf(sigcomment, sizeof(sigcomment), VERIFYWITH "%.*s.pub", |
err(1, "comment too long"); |
(int)strlen(seckeyfile) - 4, seckeyfile) >= sizeof(sigcomment)); |
|
} else { |
|
if (snprintf(sigcomment, sizeof(sigcomment), "signature from %s", |
|
comment) >= sizeof(sigcomment)) |
|
err(1, "comment too long"); |
|
} |
writeb64file(sigfile, sigcomment, &sig, sizeof(sig), O_TRUNC, 0666); |
writeb64file(sigfile, sigcomment, &sig, sizeof(sig), O_TRUNC, 0666); |
if (embedded) |
if (embedded) |
appendall(sigfile, msg, msglen); |
appendall(sigfile, msg, msglen); |
|
|
verify(const char *pubkeyfile, const char *msgfile, const char *sigfile, |
verify(const char *pubkeyfile, const char *msgfile, const char *sigfile, |
int embedded, int quiet) |
int embedded, int quiet) |
{ |
{ |
|
char comment[COMMENTMAXLEN]; |
struct sig sig; |
struct sig sig; |
struct pubkey pubkey; |
struct pubkey pubkey; |
unsigned long long msglen, siglen = 0; |
unsigned long long msglen, siglen = 0; |
|
|
|
|
msg = readmsg(embedded ? sigfile : msgfile, &msglen); |
msg = readmsg(embedded ? sigfile : msgfile, &msglen); |
|
|
readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); |
|
if (embedded) { |
if (embedded) { |
siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), NULL); |
siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), comment); |
msg += siglen; |
msg += siglen; |
msglen -= siglen; |
msglen -= siglen; |
} else { |
} else { |
readb64file(sigfile, &sig, sizeof(sig), NULL); |
readb64file(sigfile, &sig, sizeof(sig), comment); |
} |
} |
|
if (!pubkeyfile) { |
|
if ((pubkeyfile = strstr(comment, VERIFYWITH))) |
|
pubkeyfile += strlen(VERIFYWITH); |
|
else |
|
usage("need pubkey"); |
|
} |
|
readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); |
|
|
if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN)) { |
if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN)) { |
#ifndef VERIFYONLY |
#ifndef VERIFYONLY |
|
|
check(const char *pubkeyfile, const char *sigfile, int quiet, int argc, |
check(const char *pubkeyfile, const char *sigfile, int quiet, int argc, |
char **argv) |
char **argv) |
{ |
{ |
|
char comment[COMMENTMAXLEN]; |
struct sig sig; |
struct sig sig; |
struct pubkey pubkey; |
struct pubkey pubkey; |
unsigned long long msglen, siglen; |
unsigned long long msglen, siglen; |
|
|
|
|
msg = readmsg(sigfile, &msglen); |
msg = readmsg(sigfile, &msglen); |
|
|
readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); |
|
siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), NULL); |
siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), NULL); |
|
if (!pubkeyfile) { |
|
if ((pubkeyfile = strstr(comment, VERIFYWITH))) |
|
pubkeyfile += strlen(VERIFYWITH); |
|
else |
|
usage("need pubkey"); |
|
} |
|
readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); |
msg += siglen; |
msg += siglen; |
msglen -= siglen; |
msglen -= siglen; |
|
|
|
|
break; |
break; |
#endif |
#endif |
case VERIFY: |
case VERIFY: |
if (!msgfile || !pubkeyfile) |
if (!msgfile) |
usage("need message and pubkey"); |
usage("need message"); |
verify(pubkeyfile, msgfile, sigfile, embedded, quiet); |
verify(pubkeyfile, msgfile, sigfile, embedded, quiet); |
break; |
break; |
default: |
default: |