Annotation of src/usr.bin/signify/signify.c, Revision 1.119
1.119 ! tedu 1: /* $OpenBSD: signify.c,v 1.118 2016/09/10 12:23:16 deraadt Exp $ */
1.1 tedu 2: /*
3: * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17: #include <sys/stat.h>
18:
19: #include <netinet/in.h>
20: #include <resolv.h>
21:
1.98 tedu 22: #include <limits.h>
1.1 tedu 23: #include <stdint.h>
24: #include <fcntl.h>
25: #include <string.h>
26: #include <stdio.h>
1.34 tedu 27: #include <stdlib.h>
1.96 tedu 28: #include <stddef.h>
29: #include <ohash.h>
1.1 tedu 30: #include <err.h>
31: #include <unistd.h>
32: #include <readpassphrase.h>
33: #include <util.h>
34: #include <sha2.h>
35:
36: #include "crypto_api.h"
1.111 espie 37: #include "signify.h"
1.1 tedu 38:
39: #define SIGBYTES crypto_sign_ed25519_BYTES
40: #define SECRETBYTES crypto_sign_ed25519_SECRETKEYBYTES
41: #define PUBLICBYTES crypto_sign_ed25519_PUBLICKEYBYTES
42:
43: #define PKALG "Ed"
44: #define KDFALG "BK"
1.94 tedu 45: #define KEYNUMLEN 8
1.13 tedu 46:
1.18 tedu 47: #define COMMENTHDR "untrusted comment: "
48: #define COMMENTHDRLEN 19
49: #define COMMENTMAXLEN 1024
1.51 tedu 50: #define VERIFYWITH "verify with "
1.1 tedu 51:
52: struct enckey {
53: uint8_t pkalg[2];
54: uint8_t kdfalg[2];
55: uint32_t kdfrounds;
56: uint8_t salt[16];
57: uint8_t checksum[8];
1.94 tedu 58: uint8_t keynum[KEYNUMLEN];
1.1 tedu 59: uint8_t seckey[SECRETBYTES];
60: };
61:
62: struct pubkey {
63: uint8_t pkalg[2];
1.94 tedu 64: uint8_t keynum[KEYNUMLEN];
1.1 tedu 65: uint8_t pubkey[PUBLICBYTES];
66: };
67:
68: struct sig {
69: uint8_t pkalg[2];
1.94 tedu 70: uint8_t keynum[KEYNUMLEN];
1.1 tedu 71: uint8_t sig[SIGBYTES];
72: };
73:
1.103 tedu 74: static void __dead
1.31 tedu 75: usage(const char *error)
1.1 tedu 76: {
1.31 tedu 77: if (error)
78: fprintf(stderr, "%s\n", error);
1.9 espie 79: fprintf(stderr, "usage:"
1.15 espie 80: #ifndef VERIFYONLY
1.47 naddy 81: "\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n"
1.31 tedu 82: "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
1.111 espie 83: "\t%1$s -S [-ez] [-x sigfile] -s seckey -m message\n"
1.15 espie 84: #endif
1.112 espie 85: "\t%1$s -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message\n",
1.106 tedu 86: getprogname());
1.1 tedu 87: exit(1);
88: }
89:
1.111 espie 90: int
1.61 deraadt 91: xopen(const char *fname, int oflags, mode_t mode)
1.1 tedu 92: {
1.53 tedu 93: struct stat sb;
1.1 tedu 94: int fd;
95:
1.31 tedu 96: if (strcmp(fname, "-") == 0) {
1.61 deraadt 97: if ((oflags & O_WRONLY))
1.31 tedu 98: fd = dup(STDOUT_FILENO);
99: else
100: fd = dup(STDIN_FILENO);
101: if (fd == -1)
102: err(1, "dup failed");
103: } else {
1.61 deraadt 104: fd = open(fname, oflags, mode);
1.31 tedu 105: if (fd == -1)
106: err(1, "can't open %s for %s", fname,
1.61 deraadt 107: (oflags & O_WRONLY) ? "writing" : "reading");
1.31 tedu 108: }
1.53 tedu 109: if (fstat(fd, &sb) == -1 || S_ISDIR(sb.st_mode))
1.66 tedu 110: errx(1, "not a valid file: %s", fname);
1.1 tedu 111: return fd;
112: }
113:
1.111 espie 114: void *
1.1 tedu 115: xmalloc(size_t len)
116: {
117: void *p;
118:
1.89 tedu 119: if (!(p = malloc(len)))
1.1 tedu 120: err(1, "malloc %zu", len);
121: return p;
122: }
123:
1.16 tedu 124: static size_t
1.46 tedu 125: parseb64file(const char *filename, char *b64, void *buf, size_t buflen,
1.18 tedu 126: char *comment)
1.16 tedu 127: {
128: char *commentend, *b64end;
129:
130: commentend = strchr(b64, '\n');
131: if (!commentend || commentend - b64 <= COMMENTHDRLEN ||
1.65 tedu 132: memcmp(b64, COMMENTHDR, COMMENTHDRLEN) != 0)
1.16 tedu 133: errx(1, "invalid comment in %s; must start with '%s'",
134: filename, COMMENTHDR);
1.75 tedu 135: *commentend = '\0';
1.40 deraadt 136: if (comment) {
137: if (strlcpy(comment, b64 + COMMENTHDRLEN,
138: COMMENTMAXLEN) >= COMMENTMAXLEN)
1.71 tedu 139: errx(1, "comment too long");
1.40 deraadt 140: }
1.89 tedu 141: if (!(b64end = strchr(commentend + 1, '\n')))
1.82 tedu 142: errx(1, "missing new line after base64 in %s", filename);
1.75 tedu 143: *b64end = '\0';
1.77 tedu 144: if (b64_pton(commentend + 1, buf, buflen) != buflen)
1.82 tedu 145: errx(1, "invalid base64 encoding in %s", filename);
1.65 tedu 146: if (memcmp(buf, PKALG, 2) != 0)
1.16 tedu 147: errx(1, "unsupported file %s", filename);
148: return b64end - b64 + 1;
149: }
150:
1.1 tedu 151: static void
1.46 tedu 152: readb64file(const char *filename, void *buf, size_t buflen, char *comment)
1.1 tedu 153: {
154: char b64[2048];
1.10 tedu 155: int rv, fd;
1.1 tedu 156:
157: fd = xopen(filename, O_RDONLY | O_NOFOLLOW, 0);
1.89 tedu 158: if ((rv = read(fd, b64, sizeof(b64) - 1)) == -1)
1.7 espie 159: err(1, "read from %s", filename);
1.75 tedu 160: b64[rv] = '\0';
1.46 tedu 161: parseb64file(filename, b64, buf, buflen, comment);
1.41 tedu 162: explicit_bzero(b64, sizeof(b64));
1.1 tedu 163: close(fd);
164: }
165:
1.35 tedu 166: static uint8_t *
1.1 tedu 167: readmsg(const char *filename, unsigned long long *msglenp)
168: {
1.49 tedu 169: unsigned long long msglen = 0;
170: uint8_t *msg = NULL;
1.1 tedu 171: struct stat sb;
1.49 tedu 172: ssize_t x, space;
1.1 tedu 173: int fd;
1.73 tedu 174: const unsigned long long maxmsgsize = 1UL << 30;
1.1 tedu 175:
176: fd = xopen(filename, O_RDONLY | O_NOFOLLOW, 0);
1.49 tedu 177: if (fstat(fd, &sb) == 0 && S_ISREG(sb.st_mode)) {
1.73 tedu 178: if (sb.st_size > maxmsgsize)
1.49 tedu 179: errx(1, "msg too large in %s", filename);
180: space = sb.st_size + 1;
181: } else {
1.97 tedu 182: space = 64 * 1024 - 1;
1.49 tedu 183: }
184:
1.67 tedu 185: msg = xmalloc(space + 1);
1.49 tedu 186: while (1) {
187: if (space == 0) {
1.73 tedu 188: if (msglen * 2 > maxmsgsize)
1.67 tedu 189: errx(1, "msg too large in %s", filename);
190: space = msglen;
1.49 tedu 191: if (!(msg = realloc(msg, msglen + space + 1)))
1.116 tedu 192: err(1, "realloc");
1.49 tedu 193: }
194: if ((x = read(fd, msg + msglen, space)) == -1)
195: err(1, "read from %s", filename);
196: if (x == 0)
197: break;
198: space -= x;
199: msglen += x;
200: }
201:
1.75 tedu 202: msg[msglen] = '\0';
1.1 tedu 203: close(fd);
204:
205: *msglenp = msglen;
206: return msg;
207: }
208:
1.111 espie 209: void
1.46 tedu 210: writeall(int fd, const void *buf, size_t buflen, const char *filename)
1.1 tedu 211: {
1.11 tedu 212: ssize_t x;
1.38 espie 213:
1.46 tedu 214: while (buflen != 0) {
1.89 tedu 215: if ((x = write(fd, buf, buflen)) == -1)
1.38 espie 216: err(1, "write to %s", filename);
1.46 tedu 217: buflen -= x;
1.61 deraadt 218: buf = (char *)buf + x;
1.7 espie 219: }
1.1 tedu 220: }
221:
1.17 deraadt 222: #ifndef VERIFYONLY
1.109 tedu 223: static char *
224: createheader(const char *comment, const void *buf, size_t buflen)
225: {
226: char *header;
227: char b64[1024];
228:
229: if (b64_ntop(buf, buflen, b64, sizeof(b64)) == -1)
230: errx(1, "base64 encode failed");
231: if (asprintf(&header, "%s%s\n%s\n", COMMENTHDR, comment, b64) == -1)
232: err(1, "asprintf failed");
233: explicit_bzero(b64, sizeof(b64));
234: return header;
235: }
236:
1.1 tedu 237: static void
1.109 tedu 238: writekeyfile(const char *filename, const char *comment, const void *buf,
239: size_t buflen, int oflags, mode_t mode)
1.1 tedu 240: {
1.109 tedu 241: char *header;
242: int fd;
1.1 tedu 243:
1.61 deraadt 244: fd = xopen(filename, O_CREAT|oflags|O_NOFOLLOW|O_WRONLY, mode);
1.109 tedu 245: header = createheader(comment, buf, buflen);
1.7 espie 246: writeall(fd, header, strlen(header), filename);
1.109 tedu 247: explicit_bzero(header, strlen(header));
248: free(header);
1.1 tedu 249: close(fd);
250: }
251:
252: static void
1.70 tedu 253: kdf(uint8_t *salt, size_t saltlen, int rounds, int allowstdin, int confirm,
1.50 tedu 254: uint8_t *key, size_t keylen)
1.1 tedu 255: {
256: char pass[1024];
1.48 tedu 257: int rppflags = RPP_ECHO_OFF;
1.1 tedu 258:
259: if (rounds == 0) {
260: memset(key, 0, keylen);
261: return;
262: }
263:
1.50 tedu 264: if (allowstdin && !isatty(STDIN_FILENO))
1.48 tedu 265: rppflags |= RPP_STDIN;
266: if (!readpassphrase("passphrase: ", pass, sizeof(pass), rppflags))
1.39 tedu 267: errx(1, "unable to read passphrase");
1.37 tedu 268: if (strlen(pass) == 0)
269: errx(1, "please provide a password");
1.70 tedu 270: if (confirm && !(rppflags & RPP_STDIN)) {
271: char pass2[1024];
272: if (!readpassphrase("confirm passphrase: ", pass2,
273: sizeof(pass2), rppflags))
274: errx(1, "unable to read passphrase");
275: if (strcmp(pass, pass2) != 0)
276: errx(1, "passwords don't match");
277: explicit_bzero(pass2, sizeof(pass2));
278: }
1.1 tedu 279: if (bcrypt_pbkdf(pass, strlen(pass), salt, saltlen, key,
280: keylen, rounds) == -1)
281: errx(1, "bcrypt pbkdf");
1.41 tedu 282: explicit_bzero(pass, sizeof(pass));
1.1 tedu 283: }
284:
285: static void
286: signmsg(uint8_t *seckey, uint8_t *msg, unsigned long long msglen,
287: uint8_t *sig)
288: {
289: unsigned long long siglen;
290: uint8_t *sigbuf;
291:
292: sigbuf = xmalloc(msglen + SIGBYTES);
293: crypto_sign_ed25519(sigbuf, &siglen, msg, msglen, seckey);
294: memcpy(sig, sigbuf, SIGBYTES);
295: free(sigbuf);
296: }
297:
298: static void
1.27 tedu 299: generate(const char *pubkeyfile, const char *seckeyfile, int rounds,
300: const char *comment)
1.1 tedu 301: {
302: uint8_t digest[SHA512_DIGEST_LENGTH];
303: struct pubkey pubkey;
304: struct enckey enckey;
305: uint8_t xorkey[sizeof(enckey.seckey)];
1.94 tedu 306: uint8_t keynum[KEYNUMLEN];
1.27 tedu 307: char commentbuf[COMMENTMAXLEN];
1.1 tedu 308: SHA2_CTX ctx;
1.91 tedu 309: int i, nr;
1.1 tedu 310:
311: crypto_sign_ed25519_keypair(pubkey.pubkey, enckey.seckey);
1.94 tedu 312: arc4random_buf(keynum, sizeof(keynum));
1.1 tedu 313:
314: SHA512Init(&ctx);
315: SHA512Update(&ctx, enckey.seckey, sizeof(enckey.seckey));
316: SHA512Final(digest, &ctx);
317:
318: memcpy(enckey.pkalg, PKALG, 2);
319: memcpy(enckey.kdfalg, KDFALG, 2);
320: enckey.kdfrounds = htonl(rounds);
1.94 tedu 321: memcpy(enckey.keynum, keynum, KEYNUMLEN);
1.1 tedu 322: arc4random_buf(enckey.salt, sizeof(enckey.salt));
1.70 tedu 323: kdf(enckey.salt, sizeof(enckey.salt), rounds, 1, 1, xorkey, sizeof(xorkey));
1.1 tedu 324: memcpy(enckey.checksum, digest, sizeof(enckey.checksum));
325: for (i = 0; i < sizeof(enckey.seckey); i++)
326: enckey.seckey[i] ^= xorkey[i];
1.41 tedu 327: explicit_bzero(digest, sizeof(digest));
328: explicit_bzero(xorkey, sizeof(xorkey));
1.1 tedu 329:
1.91 tedu 330: if ((nr = snprintf(commentbuf, sizeof(commentbuf), "%s secret key",
331: comment)) == -1 || nr >= sizeof(commentbuf))
1.71 tedu 332: errx(1, "comment too long");
1.109 tedu 333: writekeyfile(seckeyfile, commentbuf, &enckey,
334: sizeof(enckey), O_EXCL, 0600);
1.41 tedu 335: explicit_bzero(&enckey, sizeof(enckey));
1.1 tedu 336:
337: memcpy(pubkey.pkalg, PKALG, 2);
1.94 tedu 338: memcpy(pubkey.keynum, keynum, KEYNUMLEN);
1.91 tedu 339: if ((nr = snprintf(commentbuf, sizeof(commentbuf), "%s public key",
340: comment)) == -1 || nr >= sizeof(commentbuf))
1.71 tedu 341: errx(1, "comment too long");
1.109 tedu 342: writekeyfile(pubkeyfile, commentbuf, &pubkey,
343: sizeof(pubkey), O_EXCL, 0666);
1.1 tedu 344: }
345:
1.111 espie 346: uint8_t *
1.110 tedu 347: createsig(const char *seckeyfile, const char *msgfile, uint8_t *msg,
348: unsigned long long msglen)
1.1 tedu 349: {
1.110 tedu 350: struct enckey enckey;
351: uint8_t xorkey[sizeof(enckey.seckey)];
1.1 tedu 352: struct sig sig;
1.109 tedu 353: char *sighdr;
1.110 tedu 354: char *secname;
1.1 tedu 355: uint8_t digest[SHA512_DIGEST_LENGTH];
1.110 tedu 356: int i, nr, rounds;
1.1 tedu 357: SHA2_CTX ctx;
1.110 tedu 358: char comment[COMMENTMAXLEN], sigcomment[COMMENTMAXLEN];
359:
360: readb64file(seckeyfile, &enckey, sizeof(enckey), comment);
1.1 tedu 361:
1.110 tedu 362: secname = strstr(seckeyfile, ".sec");
363: if (secname && strlen(secname) == 4) {
1.119 ! tedu 364: const char *keyname;
! 365: /* basename may or may not modify input */
! 366: if (!(keyname = strrchr(seckeyfile, '/')))
! 367: keyname = seckeyfile;
1.110 tedu 368: if ((nr = snprintf(sigcomment, sizeof(sigcomment), VERIFYWITH "%.*s.pub",
1.119 ! tedu 369: (int)strlen(keyname) - 4, keyname)) == -1 || nr >= sizeof(sigcomment))
1.110 tedu 370: errx(1, "comment too long");
371: } else {
372: if ((nr = snprintf(sigcomment, sizeof(sigcomment), "signature from %s",
373: comment)) == -1 || nr >= sizeof(sigcomment))
374: errx(1, "comment too long");
375: }
376:
377: if (memcmp(enckey.kdfalg, KDFALG, 2) != 0)
1.1 tedu 378: errx(1, "unsupported KDF");
1.110 tedu 379: rounds = ntohl(enckey.kdfrounds);
380: kdf(enckey.salt, sizeof(enckey.salt), rounds, strcmp(msgfile, "-") != 0,
1.70 tedu 381: 0, xorkey, sizeof(xorkey));
1.110 tedu 382: for (i = 0; i < sizeof(enckey.seckey); i++)
383: enckey.seckey[i] ^= xorkey[i];
1.41 tedu 384: explicit_bzero(xorkey, sizeof(xorkey));
1.1 tedu 385: SHA512Init(&ctx);
1.110 tedu 386: SHA512Update(&ctx, enckey.seckey, sizeof(enckey.seckey));
1.1 tedu 387: SHA512Final(digest, &ctx);
1.110 tedu 388: if (memcmp(enckey.checksum, digest, sizeof(enckey.checksum)) != 0)
1.105 tedu 389: errx(1, "incorrect passphrase");
1.41 tedu 390: explicit_bzero(digest, sizeof(digest));
1.1 tedu 391:
1.110 tedu 392: signmsg(enckey.seckey, msg, msglen, sig.sig);
393: memcpy(sig.keynum, enckey.keynum, KEYNUMLEN);
394: explicit_bzero(&enckey, sizeof(enckey));
1.109 tedu 395:
396: memcpy(sig.pkalg, PKALG, 2);
397:
398: sighdr = createheader(sigcomment, &sig, sizeof(sig));
399: return sighdr;
400: }
401:
402: static void
403: sign(const char *seckeyfile, const char *msgfile, const char *sigfile,
404: int embedded)
405: {
406: uint8_t *msg;
407: char *sighdr;
1.110 tedu 408: int fd;
1.109 tedu 409: unsigned long long msglen;
410:
411: msg = readmsg(msgfile, &msglen);
412:
1.110 tedu 413: sighdr = createsig(seckeyfile, msgfile, msg, msglen);
1.109 tedu 414:
415: fd = xopen(sigfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666);
416: writeall(fd, sighdr, strlen(sighdr), sigfile);
417: free(sighdr);
1.16 tedu 418: if (embedded)
1.109 tedu 419: writeall(fd, msg, msglen, sigfile);
420: close(fd);
1.1 tedu 421:
422: free(msg);
423: }
1.14 tedu 424: #endif
1.1 tedu 425:
426: static void
1.62 tedu 427: verifymsg(struct pubkey *pubkey, uint8_t *msg, unsigned long long msglen,
428: struct sig *sig, int quiet)
1.13 tedu 429: {
430: uint8_t *sigbuf, *dummybuf;
431: unsigned long long siglen, dummylen;
432:
1.94 tedu 433: if (memcmp(pubkey->keynum, sig->keynum, KEYNUMLEN) != 0)
1.62 tedu 434: errx(1, "verification failed: checked against wrong key");
435:
1.13 tedu 436: siglen = SIGBYTES + msglen;
437: sigbuf = xmalloc(siglen);
438: dummybuf = xmalloc(siglen);
1.62 tedu 439: memcpy(sigbuf, sig->sig, SIGBYTES);
1.13 tedu 440: memcpy(sigbuf + SIGBYTES, msg, msglen);
441: if (crypto_sign_ed25519_open(dummybuf, &dummylen, sigbuf, siglen,
1.62 tedu 442: pubkey->pubkey) == -1)
1.13 tedu 443: errx(1, "signature verification failed");
1.42 tedu 444: if (!quiet)
445: printf("Signature Verified\n");
1.13 tedu 446: free(sigbuf);
447: free(dummybuf);
448: }
449:
1.107 espie 450: #ifndef VERIFYONLY
451: static void
452: check_keytype(const char *pubkeyfile, const char *keytype)
453: {
1.108 tedu 454: size_t len;
1.107 espie 455: char *cmp;
1.108 tedu 456: int slen;
1.118 deraadt 457:
1.108 tedu 458: len = strlen(pubkeyfile);
459: slen = asprintf(&cmp, "-%s.pub", keytype);
1.107 espie 460: if (slen < 0)
1.116 tedu 461: err(1, "asprintf error");
1.107 espie 462: if (len < slen)
463: errx(1, "too short");
464:
465: if (strcmp(pubkeyfile + len - slen, cmp) != 0)
466: errx(1, "wrong keytype");
467: free(cmp);
468: }
469: #endif
470:
1.64 tedu 471: static void
472: readpubkey(const char *pubkeyfile, struct pubkey *pubkey,
1.107 espie 473: const char *sigcomment, const char *keytype)
1.64 tedu 474: {
1.119 ! tedu 475: const char *safepath = "/etc/signify";
! 476: char keypath[1024];
1.64 tedu 477:
478: if (!pubkeyfile) {
1.90 tedu 479: pubkeyfile = strstr(sigcomment, VERIFYWITH);
1.119 ! tedu 480: if (pubkeyfile && strchr(pubkeyfile, '/') == NULL) {
1.64 tedu 481: pubkeyfile += strlen(VERIFYWITH);
1.107 espie 482: #ifndef VERIFYONLY
483: if (keytype)
484: check_keytype(pubkeyfile, keytype);
485: #endif
1.119 ! tedu 486: if (snprintf(keypath, sizeof(keypath), "%s/%s",
! 487: safepath, pubkeyfile) >= sizeof(keypath))
! 488: errx(1, "name too long %s", pubkeyfile);
1.64 tedu 489: } else
1.66 tedu 490: usage("must specify pubkey");
1.119 ! tedu 491: } else {
! 492: if (strlcpy(keypath, pubkeyfile, sizeof(keypath)) >=
! 493: sizeof(keypath))
! 494: errx(1, "name too long %s", pubkeyfile);
1.64 tedu 495: }
1.119 ! tedu 496: readb64file(keypath, pubkey, sizeof(*pubkey), NULL);
1.64 tedu 497: }
1.13 tedu 498:
499: static void
1.63 tedu 500: verifysimple(const char *pubkeyfile, const char *msgfile, const char *sigfile,
1.107 espie 501: int quiet, const char *keytype)
1.1 tedu 502: {
1.64 tedu 503: char sigcomment[COMMENTMAXLEN];
1.1 tedu 504: struct sig sig;
505: struct pubkey pubkey;
1.63 tedu 506: unsigned long long msglen;
1.1 tedu 507: uint8_t *msg;
1.16 tedu 508:
1.63 tedu 509: msg = readmsg(msgfile, &msglen);
1.1 tedu 510:
1.64 tedu 511: readb64file(sigfile, &sig, sizeof(sig), sigcomment);
1.107 espie 512: readpubkey(pubkeyfile, &pubkey, sigcomment, keytype);
1.63 tedu 513:
514: verifymsg(&pubkey, msg, msglen, &sig, quiet);
515:
516: free(msg);
517: }
518:
519: static uint8_t *
520: verifyembedded(const char *pubkeyfile, const char *sigfile,
1.107 espie 521: int quiet, unsigned long long *msglenp, const char *keytype)
1.63 tedu 522: {
1.64 tedu 523: char sigcomment[COMMENTMAXLEN];
1.63 tedu 524: struct sig sig;
525: struct pubkey pubkey;
526: unsigned long long msglen, siglen;
527: uint8_t *msg;
528:
529: msg = readmsg(sigfile, &msglen);
530:
1.64 tedu 531: siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), sigcomment);
1.107 espie 532: readpubkey(pubkeyfile, &pubkey, sigcomment, keytype);
1.64 tedu 533:
1.63 tedu 534: msglen -= siglen;
535: memmove(msg, msg + siglen, msglen);
536: msg[msglen] = 0;
1.13 tedu 537:
1.62 tedu 538: verifymsg(&pubkey, msg, msglen, &sig, quiet);
1.63 tedu 539:
540: *msglenp = msglen;
541: return msg;
542: }
543:
544: static void
545: verify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
1.107 espie 546: int embedded, int quiet, const char *keytype)
1.63 tedu 547: {
548: unsigned long long msglen;
549: uint8_t *msg;
550: int fd;
551:
1.16 tedu 552: if (embedded) {
1.107 espie 553: msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen,
554: keytype);
1.30 tedu 555: fd = xopen(msgfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666);
1.16 tedu 556: writeall(fd, msg, msglen, msgfile);
1.68 espie 557: free(msg);
1.16 tedu 558: close(fd);
1.63 tedu 559: } else {
1.107 espie 560: verifysimple(pubkeyfile, msgfile, sigfile, quiet, keytype);
1.16 tedu 561: }
1.1 tedu 562: }
563:
1.42 tedu 564: #ifndef VERIFYONLY
1.83 tedu 565: #define HASHBUFSIZE 224
1.42 tedu 566: struct checksum {
1.98 tedu 567: char file[PATH_MAX];
1.83 tedu 568: char hash[HASHBUFSIZE];
1.81 tedu 569: char algo[32];
1.42 tedu 570: };
571:
1.118 deraadt 572: static void *
1.85 espie 573: ecalloc(size_t s1, size_t s2, void *data)
574: {
1.87 tedu 575: void *p;
576:
1.89 tedu 577: if (!(p = calloc(s1, s2)))
1.85 espie 578: err(1, "calloc");
579: return p;
580: }
581:
582: static void
583: efree(void *p, void *data)
584: {
585: free(p);
586: }
587:
1.42 tedu 588: static void
1.85 espie 589: recodehash(char *hash, size_t len)
1.80 tedu 590: {
1.83 tedu 591: uint8_t data[HASHBUFSIZE / 2];
1.80 tedu 592: int i, rv;
593:
1.85 espie 594: if (strlen(hash) == len)
1.80 tedu 595: return;
596: if ((rv = b64_pton(hash, data, sizeof(data))) == -1)
597: errx(1, "invalid base64 encoding");
598: for (i = 0; i < rv; i++)
1.83 tedu 599: snprintf(hash + i * 2, HASHBUFSIZE - i * 2, "%2.2x", data[i]);
1.80 tedu 600: }
601:
1.85 espie 602: static int
603: verifychecksum(struct checksum *c, int quiet)
604: {
605: char buf[HASHBUFSIZE];
1.87 tedu 606:
1.85 espie 607: if (strcmp(c->algo, "SHA256") == 0) {
608: recodehash(c->hash, SHA256_DIGEST_STRING_LENGTH-1);
609: if (!SHA256File(c->file, buf))
610: return 0;
611: } else if (strcmp(c->algo, "SHA512") == 0) {
612: recodehash(c->hash, SHA512_DIGEST_STRING_LENGTH-1);
613: if (!SHA512File(c->file, buf))
614: return 0;
615: } else {
616: errx(1, "can't handle algorithm %s", c->algo);
617: }
1.105 tedu 618: if (strcmp(c->hash, buf) != 0)
1.85 espie 619: return 0;
620: if (!quiet)
621: printf("%s: OK\n", c->file);
622: return 1;
623: }
624:
1.80 tedu 625: static void
1.45 tedu 626: verifychecksums(char *msg, int argc, char **argv, int quiet)
1.42 tedu 627: {
1.87 tedu 628: struct ohash_info info = { 0, NULL, ecalloc, efree, NULL };
1.85 espie 629: struct ohash myh;
630: struct checksum c;
1.88 tedu 631: char *e, *line, *endline;
1.85 espie 632: int hasfailed = 0;
1.87 tedu 633: int i, rv;
1.85 espie 634: unsigned int slot;
635:
1.88 tedu 636: ohash_init(&myh, 6, &info);
1.85 espie 637: if (argc) {
638: for (i = 0; i < argc; i++) {
639: slot = ohash_qlookup(&myh, argv[i]);
640: e = ohash_find(&myh, slot);
641: if (e == NULL)
642: ohash_insert(&myh, slot, argv[i]);
643: }
644: }
1.42 tedu 645:
1.45 tedu 646: line = msg;
1.42 tedu 647: while (line && *line) {
648: if ((endline = strchr(line, '\n')))
1.78 tedu 649: *endline++ = '\0';
1.99 tedu 650: #if PATH_MAX < 1024 || HASHBUFSIZE < 224
651: #error sizes are wrong
652: #endif
1.100 tedu 653: rv = sscanf(line, "%31s (%1023[^)]) = "3s",
1.85 espie 654: c.algo, c.file, c.hash);
1.100 tedu 655: if (rv != 3)
1.42 tedu 656: errx(1, "unable to parse checksum line %s", line);
657: line = endline;
1.85 espie 658: if (argc) {
659: slot = ohash_qlookup(&myh, c.file);
660: e = ohash_find(&myh, slot);
661: if (e != NULL) {
1.87 tedu 662: if (verifychecksum(&c, quiet) != 0)
1.85 espie 663: ohash_remove(&myh, slot);
664: }
1.42 tedu 665: } else {
1.87 tedu 666: if (verifychecksum(&c, quiet) == 0) {
1.88 tedu 667: slot = ohash_qlookup(&myh, c.file);
668: e = ohash_find(&myh, slot);
669: if (e == NULL) {
670: if (!(e = strdup(c.file)))
671: err(1, "strdup");
672: ohash_insert(&myh, slot, e);
673: }
1.42 tedu 674: }
675: }
1.85 espie 676: }
1.42 tedu 677:
1.88 tedu 678: for (e = ohash_first(&myh, &slot); e != NULL; e = ohash_next(&myh, &slot)) {
679: fprintf(stderr, "%s: FAIL\n", e);
680: hasfailed = 1;
681: if (argc == 0)
682: free(e);
1.42 tedu 683: }
1.88 tedu 684: ohash_delete(&myh);
1.43 tedu 685: if (hasfailed)
1.42 tedu 686: exit(1);
687: }
688:
689: static void
690: check(const char *pubkeyfile, const char *sigfile, int quiet, int argc,
691: char **argv)
692: {
1.63 tedu 693: unsigned long long msglen;
1.42 tedu 694: uint8_t *msg;
695:
1.107 espie 696: msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen, NULL);
1.45 tedu 697: verifychecksums((char *)msg, argc, argv, quiet);
1.42 tedu 698:
1.63 tedu 699: free(msg);
1.42 tedu 700: }
1.111 espie 701:
702: void *
1.118 deraadt 703: verifyzdata(uint8_t *zdata, unsigned long long zdatalen,
1.111 espie 704: const char *filename, const char *pubkeyfile, const char *keytype)
705: {
706: struct sig sig;
707: char sigcomment[COMMENTMAXLEN];
708: unsigned long long siglen;
709: struct pubkey pubkey;
710:
711: if (zdatalen < sizeof(sig))
712: errx(1, "signature too short in %s", filename);
1.118 deraadt 713: siglen = parseb64file(filename, zdata, &sig, sizeof(sig),
1.111 espie 714: sigcomment);
715: readpubkey(pubkeyfile, &pubkey, sigcomment, keytype);
716: zdata += siglen;
717: zdatalen -= siglen;
718: verifymsg(&pubkey, zdata, zdatalen, &sig, 1);
719: return zdata;
720: }
1.42 tedu 721: #endif
722:
1.1 tedu 723: int
724: main(int argc, char **argv)
725: {
1.16 tedu 726: const char *pubkeyfile = NULL, *seckeyfile = NULL, *msgfile = NULL,
1.1 tedu 727: *sigfile = NULL;
1.98 tedu 728: char sigfilebuf[PATH_MAX];
1.27 tedu 729: const char *comment = "signify";
1.107 espie 730: char *keytype = NULL;
1.1 tedu 731: int ch, rounds;
1.16 tedu 732: int embedded = 0;
1.42 tedu 733: int quiet = 0;
1.111 espie 734: int gzip = 0;
1.6 tedu 735: enum {
736: NONE,
1.42 tedu 737: CHECK,
1.6 tedu 738: GENERATE,
739: SIGN,
740: VERIFY
741: } verb = NONE;
742:
1.102 deraadt 743: if (pledge("stdio rpath wpath cpath tty", NULL) == -1)
744: err(1, "pledge");
1.1 tedu 745:
746: rounds = 42;
747:
1.111 espie 748: while ((ch = getopt(argc, argv, "CGSVzc:em:np:qs:t:x:")) != -1) {
1.1 tedu 749: switch (ch) {
1.14 tedu 750: #ifndef VERIFYONLY
1.42 tedu 751: case 'C':
752: if (verb)
753: usage(NULL);
754: verb = CHECK;
755: break;
1.6 tedu 756: case 'G':
757: if (verb)
1.31 tedu 758: usage(NULL);
1.6 tedu 759: verb = GENERATE;
760: break;
761: case 'S':
762: if (verb)
1.31 tedu 763: usage(NULL);
1.6 tedu 764: verb = SIGN;
765: break;
1.111 espie 766: case 'z':
767: gzip = 1;
768: break;
1.14 tedu 769: #endif
1.6 tedu 770: case 'V':
771: if (verb)
1.31 tedu 772: usage(NULL);
1.6 tedu 773: verb = VERIFY;
774: break;
1.27 tedu 775: case 'c':
776: comment = optarg;
777: break;
1.16 tedu 778: case 'e':
779: embedded = 1;
780: break;
1.31 tedu 781: case 'm':
782: msgfile = optarg;
783: break;
1.6 tedu 784: case 'n':
1.1 tedu 785: rounds = 0;
786: break;
1.6 tedu 787: case 'p':
1.1 tedu 788: pubkeyfile = optarg;
789: break;
1.42 tedu 790: case 'q':
791: quiet = 1;
792: break;
1.6 tedu 793: case 's':
1.1 tedu 794: seckeyfile = optarg;
795: break;
1.107 espie 796: case 't':
797: keytype = optarg;
798: break;
1.31 tedu 799: case 'x':
800: sigfile = optarg;
801: break;
1.1 tedu 802: default:
1.31 tedu 803: usage(NULL);
1.1 tedu 804: break;
805: }
806: }
1.2 tedu 807: argc -= optind;
1.9 espie 808: argv += optind;
1.113 tedu 809:
810: if (embedded && gzip)
811: errx(1, "can't combine -e and -z options");
1.104 bluhm 812:
813: if (setvbuf(stdout, NULL, _IOLBF, 0) != 0)
814: err(1, "setvbuf");
1.101 tedu 815:
1.114 tedu 816: #ifndef VERIFYONLY
817: if (verb == CHECK) {
1.102 deraadt 818: if (pledge("stdio rpath", NULL) == -1)
819: err(1, "pledge");
1.86 tedu 820: if (!sigfile)
821: usage("must specify sigfile");
1.42 tedu 822: check(pubkeyfile, sigfile, quiet, argc, argv);
823: return 0;
824: }
825: #endif
826:
1.31 tedu 827: if (argc != 0)
828: usage(NULL);
829:
1.36 tedu 830: if (!sigfile && msgfile) {
1.91 tedu 831: int nr;
1.36 tedu 832: if (strcmp(msgfile, "-") == 0)
1.66 tedu 833: usage("must specify sigfile with - message");
1.91 tedu 834: if ((nr = snprintf(sigfilebuf, sizeof(sigfilebuf), "%s.sig",
835: msgfile)) == -1 || nr >= sizeof(sigfilebuf))
1.36 tedu 836: errx(1, "path too long");
837: sigfile = sigfilebuf;
838: }
1.1 tedu 839:
1.36 tedu 840: switch (verb) {
1.14 tedu 841: #ifndef VERIFYONLY
1.36 tedu 842: case GENERATE:
1.114 tedu 843: /* no pledge */
1.31 tedu 844: if (!pubkeyfile || !seckeyfile)
1.66 tedu 845: usage("must specify pubkey and seckey");
1.27 tedu 846: generate(pubkeyfile, seckeyfile, rounds, comment);
1.36 tedu 847: break;
848: case SIGN:
1.114 tedu 849: /* no pledge */
1.115 tedu 850: if (gzip) {
1.117 espie 851: if (!msgfile || !seckeyfile || !sigfile)
852: usage("must specify message sigfile seckey");
1.111 espie 853: zsign(seckeyfile, msgfile, sigfile);
1.115 tedu 854: } else {
1.111 espie 855: if (!msgfile || !seckeyfile)
856: usage("must specify message and seckey");
857: sign(seckeyfile, msgfile, sigfile, embedded);
858: }
1.36 tedu 859: break;
1.14 tedu 860: #endif
1.36 tedu 861: case VERIFY:
1.115 tedu 862: if ((embedded || gzip) &&
863: (msgfile && strcmp(msgfile, "-") != 0)) {
864: /* will need to create output file */
1.114 tedu 865: if (pledge("stdio rpath wpath cpath", NULL) == -1)
866: err(1, "pledge");
867: } else {
868: if (pledge("stdio rpath", NULL) == -1)
869: err(1, "pledge");
870: }
1.115 tedu 871: if (gzip) {
1.111 espie 872: zverify(pubkeyfile, msgfile, sigfile, keytype);
1.115 tedu 873: } else {
1.111 espie 874: if (!msgfile)
875: usage("must specify message");
1.118 deraadt 876: verify(pubkeyfile, msgfile, sigfile, embedded,
1.111 espie 877: quiet, keytype);
878: }
1.36 tedu 879: break;
880: default:
1.114 tedu 881: if (pledge("stdio", NULL) == -1)
882: err(1, "pledge");
1.36 tedu 883: usage(NULL);
884: break;
1.1 tedu 885: }
1.9 espie 886:
1.1 tedu 887: return 0;
888: }
![[BACK]](/icons/back.gif){kind=icon}
Return to signify.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / signify