version 1.62, 2014/03/17 02:10:54 |
version 1.63, 2014/03/17 02:54:54 |
|
|
|
|
|
|
static void |
static void |
verify(const char *pubkeyfile, const char *msgfile, const char *sigfile, |
verifysimple(const char *pubkeyfile, const char *msgfile, const char *sigfile, |
int embedded, int quiet) |
int quiet) |
{ |
{ |
char comment[COMMENTMAXLEN]; |
char comment[COMMENTMAXLEN]; |
struct sig sig; |
struct sig sig; |
struct pubkey pubkey; |
struct pubkey pubkey; |
unsigned long long msglen, siglen = 0; |
unsigned long long msglen; |
uint8_t *msg; |
uint8_t *msg; |
int fd; |
|
|
|
msg = readmsg(embedded ? sigfile : msgfile, &msglen); |
msg = readmsg(msgfile, &msglen); |
|
|
if (embedded) { |
readb64file(sigfile, &sig, sizeof(sig), comment); |
siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), comment); |
if (!pubkeyfile) { |
msg += siglen; |
if ((pubkeyfile = strstr(comment, VERIFYWITH))) { |
msglen -= siglen; |
pubkeyfile += strlen(VERIFYWITH); |
} else { |
if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 || |
readb64file(sigfile, &sig, sizeof(sig), comment); |
strstr(pubkeyfile, "/../") != NULL) |
|
errx(1, "untrusted path %s", pubkeyfile); |
|
} else |
|
usage("need pubkey"); |
} |
} |
|
readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); |
|
|
|
verifymsg(&pubkey, msg, msglen, &sig, quiet); |
|
|
|
free(msg); |
|
} |
|
|
|
static uint8_t * |
|
verifyembedded(const char *pubkeyfile, const char *sigfile, |
|
int quiet, unsigned long long *msglenp) |
|
{ |
|
char comment[COMMENTMAXLEN]; |
|
struct sig sig; |
|
struct pubkey pubkey; |
|
unsigned long long msglen, siglen; |
|
uint8_t *msg; |
|
|
|
msg = readmsg(sigfile, &msglen); |
|
|
|
siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), comment); |
|
msglen -= siglen; |
|
memmove(msg, msg + siglen, msglen); |
|
msg[msglen] = 0; |
if (!pubkeyfile) { |
if (!pubkeyfile) { |
if ((pubkeyfile = strstr(comment, VERIFYWITH))) { |
if ((pubkeyfile = strstr(comment, VERIFYWITH))) { |
pubkeyfile += strlen(VERIFYWITH); |
pubkeyfile += strlen(VERIFYWITH); |
|
|
readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); |
readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); |
|
|
verifymsg(&pubkey, msg, msglen, &sig, quiet); |
verifymsg(&pubkey, msg, msglen, &sig, quiet); |
|
|
|
*msglenp = msglen; |
|
return msg; |
|
} |
|
|
|
static void |
|
verify(const char *pubkeyfile, const char *msgfile, const char *sigfile, |
|
int embedded, int quiet) |
|
{ |
|
unsigned long long msglen; |
|
uint8_t *msg; |
|
int fd; |
|
|
if (embedded) { |
if (embedded) { |
|
msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen); |
fd = xopen(msgfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666); |
fd = xopen(msgfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666); |
writeall(fd, msg, msglen, msgfile); |
writeall(fd, msg, msglen, msgfile); |
close(fd); |
close(fd); |
|
} else { |
|
verifysimple(pubkeyfile, msgfile, sigfile, quiet); |
} |
} |
|
|
free(msg - siglen); |
|
} |
} |
|
|
#ifndef VERIFYONLY |
#ifndef VERIFYONLY |
|
|
check(const char *pubkeyfile, const char *sigfile, int quiet, int argc, |
check(const char *pubkeyfile, const char *sigfile, int quiet, int argc, |
char **argv) |
char **argv) |
{ |
{ |
char comment[COMMENTMAXLEN]; |
unsigned long long msglen; |
struct sig sig; |
|
struct pubkey pubkey; |
|
unsigned long long msglen, siglen; |
|
uint8_t *msg; |
uint8_t *msg; |
|
|
msg = readmsg(sigfile, &msglen); |
msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen); |
|
|
siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), comment); |
|
if (!pubkeyfile) { |
|
if ((pubkeyfile = strstr(comment, VERIFYWITH))) |
|
pubkeyfile += strlen(VERIFYWITH); |
|
if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 || |
|
strstr(pubkeyfile, "/../") != NULL) |
|
errx(1, "untrusted path %s", pubkeyfile); |
|
else |
|
usage("need pubkey"); |
|
} |
|
readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); |
|
msg += siglen; |
|
msglen -= siglen; |
|
|
|
verifymsg(&pubkey, msg, msglen, &sig, quiet); |
|
verifychecksums((char *)msg, argc, argv, quiet); |
verifychecksums((char *)msg, argc, argv, quiet); |
|
|
free(msg - siglen); |
free(msg); |
} |
} |
#endif |
#endif |
|
|