| version 1.62, 2014/03/17 02:10:54 |
version 1.63, 2014/03/17 02:54:54 |
|
|
| |
|
| |
|
| static void |
static void |
| verify(const char *pubkeyfile, const char *msgfile, const char *sigfile, |
verifysimple(const char *pubkeyfile, const char *msgfile, const char *sigfile, |
| int embedded, int quiet) |
int quiet) |
| { |
{ |
| char comment[COMMENTMAXLEN]; |
char comment[COMMENTMAXLEN]; |
| struct sig sig; |
struct sig sig; |
| struct pubkey pubkey; |
struct pubkey pubkey; |
| unsigned long long msglen, siglen = 0; |
unsigned long long msglen; |
| uint8_t *msg; |
uint8_t *msg; |
| int fd; |
|
| |
|
| msg = readmsg(embedded ? sigfile : msgfile, &msglen); |
msg = readmsg(msgfile, &msglen); |
| |
|
| if (embedded) { |
readb64file(sigfile, &sig, sizeof(sig), comment); |
| siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), comment); |
if (!pubkeyfile) { |
| msg += siglen; |
if ((pubkeyfile = strstr(comment, VERIFYWITH))) { |
| msglen -= siglen; |
pubkeyfile += strlen(VERIFYWITH); |
| } else { |
if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 || |
| readb64file(sigfile, &sig, sizeof(sig), comment); |
strstr(pubkeyfile, "/../") != NULL) |
| |
errx(1, "untrusted path %s", pubkeyfile); |
| |
} else |
| |
usage("need pubkey"); |
| } |
} |
| |
readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); |
| |
|
| |
verifymsg(&pubkey, msg, msglen, &sig, quiet); |
| |
|
| |
free(msg); |
| |
} |
| |
|
| |
static uint8_t * |
| |
verifyembedded(const char *pubkeyfile, const char *sigfile, |
| |
int quiet, unsigned long long *msglenp) |
| |
{ |
| |
char comment[COMMENTMAXLEN]; |
| |
struct sig sig; |
| |
struct pubkey pubkey; |
| |
unsigned long long msglen, siglen; |
| |
uint8_t *msg; |
| |
|
| |
msg = readmsg(sigfile, &msglen); |
| |
|
| |
siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), comment); |
| |
msglen -= siglen; |
| |
memmove(msg, msg + siglen, msglen); |
| |
msg[msglen] = 0; |
| if (!pubkeyfile) { |
if (!pubkeyfile) { |
| if ((pubkeyfile = strstr(comment, VERIFYWITH))) { |
if ((pubkeyfile = strstr(comment, VERIFYWITH))) { |
| pubkeyfile += strlen(VERIFYWITH); |
pubkeyfile += strlen(VERIFYWITH); |
|
|
| readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); |
readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); |
| |
|
| verifymsg(&pubkey, msg, msglen, &sig, quiet); |
verifymsg(&pubkey, msg, msglen, &sig, quiet); |
| |
|
| |
*msglenp = msglen; |
| |
return msg; |
| |
} |
| |
|
| |
static void |
| |
verify(const char *pubkeyfile, const char *msgfile, const char *sigfile, |
| |
int embedded, int quiet) |
| |
{ |
| |
unsigned long long msglen; |
| |
uint8_t *msg; |
| |
int fd; |
| |
|
| if (embedded) { |
if (embedded) { |
| |
msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen); |
| fd = xopen(msgfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666); |
fd = xopen(msgfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666); |
| writeall(fd, msg, msglen, msgfile); |
writeall(fd, msg, msglen, msgfile); |
| close(fd); |
close(fd); |
| |
} else { |
| |
verifysimple(pubkeyfile, msgfile, sigfile, quiet); |
| } |
} |
| |
|
| free(msg - siglen); |
|
| } |
} |
| |
|
| #ifndef VERIFYONLY |
#ifndef VERIFYONLY |
|
|
| check(const char *pubkeyfile, const char *sigfile, int quiet, int argc, |
check(const char *pubkeyfile, const char *sigfile, int quiet, int argc, |
| char **argv) |
char **argv) |
| { |
{ |
| char comment[COMMENTMAXLEN]; |
unsigned long long msglen; |
| struct sig sig; |
|
| struct pubkey pubkey; |
|
| unsigned long long msglen, siglen; |
|
| uint8_t *msg; |
uint8_t *msg; |
| |
|
| msg = readmsg(sigfile, &msglen); |
msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen); |
| |
|
| siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), comment); |
|
| if (!pubkeyfile) { |
|
| if ((pubkeyfile = strstr(comment, VERIFYWITH))) |
|
| pubkeyfile += strlen(VERIFYWITH); |
|
| if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 || |
|
| strstr(pubkeyfile, "/../") != NULL) |
|
| errx(1, "untrusted path %s", pubkeyfile); |
|
| else |
|
| usage("need pubkey"); |
|
| } |
|
| readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); |
|
| msg += siglen; |
|
| msglen -= siglen; |
|
| |
|
| verifymsg(&pubkey, msg, msglen, &sig, quiet); |
|
| verifychecksums((char *)msg, argc, argv, quiet); |
verifychecksums((char *)msg, argc, argv, quiet); |
| |
|
| free(msg - siglen); |
free(msg); |
| } |
} |
| #endif |
#endif |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to signify.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / signify