Annotation of src/usr.bin/signify/signify.c, Revision 1.136
1.136 ! kn 1: /* $OpenBSD: signify.c,v 1.135 2020/01/21 12:13:21 tb Exp $ */
1.1 tedu 2: /*
3: * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17: #include <sys/stat.h>
18:
19: #include <netinet/in.h>
20: #include <resolv.h>
21:
1.98 tedu 22: #include <limits.h>
1.1 tedu 23: #include <stdint.h>
24: #include <fcntl.h>
25: #include <string.h>
26: #include <stdio.h>
1.34 tedu 27: #include <stdlib.h>
1.96 tedu 28: #include <stddef.h>
29: #include <ohash.h>
1.1 tedu 30: #include <err.h>
31: #include <unistd.h>
32: #include <readpassphrase.h>
33: #include <util.h>
34: #include <sha2.h>
35:
36: #include "crypto_api.h"
1.111 espie 37: #include "signify.h"
1.1 tedu 38:
39: #define SIGBYTES crypto_sign_ed25519_BYTES
40: #define SECRETBYTES crypto_sign_ed25519_SECRETKEYBYTES
41: #define PUBLICBYTES crypto_sign_ed25519_PUBLICKEYBYTES
42:
43: #define PKALG "Ed"
44: #define KDFALG "BK"
1.94 tedu 45: #define KEYNUMLEN 8
1.13 tedu 46:
1.18 tedu 47: #define COMMENTHDR "untrusted comment: "
48: #define COMMENTHDRLEN 19
49: #define COMMENTMAXLEN 1024
1.51 tedu 50: #define VERIFYWITH "verify with "
1.1 tedu 51:
52: struct enckey {
53: uint8_t pkalg[2];
54: uint8_t kdfalg[2];
55: uint32_t kdfrounds;
56: uint8_t salt[16];
57: uint8_t checksum[8];
1.94 tedu 58: uint8_t keynum[KEYNUMLEN];
1.1 tedu 59: uint8_t seckey[SECRETBYTES];
60: };
61:
62: struct pubkey {
63: uint8_t pkalg[2];
1.94 tedu 64: uint8_t keynum[KEYNUMLEN];
1.1 tedu 65: uint8_t pubkey[PUBLICBYTES];
66: };
67:
68: struct sig {
69: uint8_t pkalg[2];
1.94 tedu 70: uint8_t keynum[KEYNUMLEN];
1.1 tedu 71: uint8_t sig[SIGBYTES];
72: };
73:
1.103 tedu 74: static void __dead
1.31 tedu 75: usage(const char *error)
1.1 tedu 76: {
1.31 tedu 77: if (error)
78: fprintf(stderr, "%s\n", error);
1.9 espie 79: fprintf(stderr, "usage:"
1.15 espie 80: #ifndef VERIFYONLY
1.135 tb 81: "\t%1$s -C [-q] [-p pubkey] [-t keytype] -x sigfile [file ...]\n"
1.31 tedu 82: "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
1.131 tedu 83: "\t%1$s -S [-enz] [-x sigfile] -s seckey -m message\n"
1.15 espie 84: #endif
1.112 espie 85: "\t%1$s -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message\n",
1.106 tedu 86: getprogname());
1.1 tedu 87: exit(1);
88: }
89:
1.111 espie 90: int
1.61 deraadt 91: xopen(const char *fname, int oflags, mode_t mode)
1.1 tedu 92: {
1.53 tedu 93: struct stat sb;
1.1 tedu 94: int fd;
95:
1.31 tedu 96: if (strcmp(fname, "-") == 0) {
1.61 deraadt 97: if ((oflags & O_WRONLY))
1.31 tedu 98: fd = dup(STDOUT_FILENO);
99: else
100: fd = dup(STDIN_FILENO);
101: if (fd == -1)
102: err(1, "dup failed");
103: } else {
1.61 deraadt 104: fd = open(fname, oflags, mode);
1.31 tedu 105: if (fd == -1)
106: err(1, "can't open %s for %s", fname,
1.61 deraadt 107: (oflags & O_WRONLY) ? "writing" : "reading");
1.31 tedu 108: }
1.53 tedu 109: if (fstat(fd, &sb) == -1 || S_ISDIR(sb.st_mode))
1.66 tedu 110: errx(1, "not a valid file: %s", fname);
1.1 tedu 111: return fd;
112: }
113:
1.111 espie 114: void *
1.1 tedu 115: xmalloc(size_t len)
116: {
117: void *p;
118:
1.89 tedu 119: if (!(p = malloc(len)))
1.1 tedu 120: err(1, "malloc %zu", len);
121: return p;
122: }
123:
1.16 tedu 124: static size_t
1.46 tedu 125: parseb64file(const char *filename, char *b64, void *buf, size_t buflen,
1.18 tedu 126: char *comment)
1.16 tedu 127: {
128: char *commentend, *b64end;
129:
130: commentend = strchr(b64, '\n');
131: if (!commentend || commentend - b64 <= COMMENTHDRLEN ||
1.65 tedu 132: memcmp(b64, COMMENTHDR, COMMENTHDRLEN) != 0)
1.16 tedu 133: errx(1, "invalid comment in %s; must start with '%s'",
134: filename, COMMENTHDR);
1.75 tedu 135: *commentend = '\0';
1.40 deraadt 136: if (comment) {
137: if (strlcpy(comment, b64 + COMMENTHDRLEN,
138: COMMENTMAXLEN) >= COMMENTMAXLEN)
1.71 tedu 139: errx(1, "comment too long");
1.40 deraadt 140: }
1.89 tedu 141: if (!(b64end = strchr(commentend + 1, '\n')))
1.82 tedu 142: errx(1, "missing new line after base64 in %s", filename);
1.75 tedu 143: *b64end = '\0';
1.77 tedu 144: if (b64_pton(commentend + 1, buf, buflen) != buflen)
1.130 tedu 145: errx(1, "unable to parse %s", filename);
1.65 tedu 146: if (memcmp(buf, PKALG, 2) != 0)
1.16 tedu 147: errx(1, "unsupported file %s", filename);
1.134 espie 148: *commentend = '\n';
149: *b64end = '\n';
1.16 tedu 150: return b64end - b64 + 1;
151: }
152:
1.1 tedu 153: static void
1.46 tedu 154: readb64file(const char *filename, void *buf, size_t buflen, char *comment)
1.1 tedu 155: {
156: char b64[2048];
1.10 tedu 157: int rv, fd;
1.1 tedu 158:
159: fd = xopen(filename, O_RDONLY | O_NOFOLLOW, 0);
1.89 tedu 160: if ((rv = read(fd, b64, sizeof(b64) - 1)) == -1)
1.7 espie 161: err(1, "read from %s", filename);
1.75 tedu 162: b64[rv] = '\0';
1.46 tedu 163: parseb64file(filename, b64, buf, buflen, comment);
1.41 tedu 164: explicit_bzero(b64, sizeof(b64));
1.1 tedu 165: close(fd);
166: }
167:
1.35 tedu 168: static uint8_t *
1.1 tedu 169: readmsg(const char *filename, unsigned long long *msglenp)
170: {
1.49 tedu 171: unsigned long long msglen = 0;
172: uint8_t *msg = NULL;
1.1 tedu 173: struct stat sb;
1.49 tedu 174: ssize_t x, space;
1.1 tedu 175: int fd;
1.73 tedu 176: const unsigned long long maxmsgsize = 1UL << 30;
1.1 tedu 177:
178: fd = xopen(filename, O_RDONLY | O_NOFOLLOW, 0);
1.49 tedu 179: if (fstat(fd, &sb) == 0 && S_ISREG(sb.st_mode)) {
1.73 tedu 180: if (sb.st_size > maxmsgsize)
1.49 tedu 181: errx(1, "msg too large in %s", filename);
182: space = sb.st_size + 1;
183: } else {
1.97 tedu 184: space = 64 * 1024 - 1;
1.49 tedu 185: }
186:
1.67 tedu 187: msg = xmalloc(space + 1);
1.49 tedu 188: while (1) {
189: if (space == 0) {
1.73 tedu 190: if (msglen * 2 > maxmsgsize)
1.67 tedu 191: errx(1, "msg too large in %s", filename);
192: space = msglen;
1.49 tedu 193: if (!(msg = realloc(msg, msglen + space + 1)))
1.116 tedu 194: err(1, "realloc");
1.49 tedu 195: }
196: if ((x = read(fd, msg + msglen, space)) == -1)
197: err(1, "read from %s", filename);
198: if (x == 0)
199: break;
200: space -= x;
201: msglen += x;
202: }
203:
1.75 tedu 204: msg[msglen] = '\0';
1.1 tedu 205: close(fd);
206:
207: *msglenp = msglen;
208: return msg;
209: }
210:
1.111 espie 211: void
1.46 tedu 212: writeall(int fd, const void *buf, size_t buflen, const char *filename)
1.1 tedu 213: {
1.11 tedu 214: ssize_t x;
1.38 espie 215:
1.46 tedu 216: while (buflen != 0) {
1.89 tedu 217: if ((x = write(fd, buf, buflen)) == -1)
1.38 espie 218: err(1, "write to %s", filename);
1.46 tedu 219: buflen -= x;
1.61 deraadt 220: buf = (char *)buf + x;
1.7 espie 221: }
1.1 tedu 222: }
223:
1.17 deraadt 224: #ifndef VERIFYONLY
1.109 tedu 225: static char *
226: createheader(const char *comment, const void *buf, size_t buflen)
227: {
228: char *header;
229: char b64[1024];
230:
231: if (b64_ntop(buf, buflen, b64, sizeof(b64)) == -1)
232: errx(1, "base64 encode failed");
233: if (asprintf(&header, "%s%s\n%s\n", COMMENTHDR, comment, b64) == -1)
234: err(1, "asprintf failed");
235: explicit_bzero(b64, sizeof(b64));
236: return header;
237: }
238:
1.1 tedu 239: static void
1.109 tedu 240: writekeyfile(const char *filename, const char *comment, const void *buf,
241: size_t buflen, int oflags, mode_t mode)
1.1 tedu 242: {
1.109 tedu 243: char *header;
244: int fd;
1.1 tedu 245:
1.61 deraadt 246: fd = xopen(filename, O_CREAT|oflags|O_NOFOLLOW|O_WRONLY, mode);
1.109 tedu 247: header = createheader(comment, buf, buflen);
1.7 espie 248: writeall(fd, header, strlen(header), filename);
1.127 deraadt 249: freezero(header, strlen(header));
1.1 tedu 250: close(fd);
251: }
252:
253: static void
1.70 tedu 254: kdf(uint8_t *salt, size_t saltlen, int rounds, int allowstdin, int confirm,
1.50 tedu 255: uint8_t *key, size_t keylen)
1.1 tedu 256: {
257: char pass[1024];
1.48 tedu 258: int rppflags = RPP_ECHO_OFF;
1.129 tedu 259: const char *errstr = NULL;
1.1 tedu 260:
261: if (rounds == 0) {
262: memset(key, 0, keylen);
263: return;
264: }
265:
1.50 tedu 266: if (allowstdin && !isatty(STDIN_FILENO))
1.48 tedu 267: rppflags |= RPP_STDIN;
268: if (!readpassphrase("passphrase: ", pass, sizeof(pass), rppflags))
1.39 tedu 269: errx(1, "unable to read passphrase");
1.37 tedu 270: if (strlen(pass) == 0)
271: errx(1, "please provide a password");
1.70 tedu 272: if (confirm && !(rppflags & RPP_STDIN)) {
273: char pass2[1024];
274: if (!readpassphrase("confirm passphrase: ", pass2,
275: sizeof(pass2), rppflags))
1.129 tedu 276: errstr = "unable to read passphrase";
277: if (!errstr && strcmp(pass, pass2) != 0)
278: errstr = "passwords don't match";
1.70 tedu 279: explicit_bzero(pass2, sizeof(pass2));
280: }
1.129 tedu 281: if (!errstr && bcrypt_pbkdf(pass, strlen(pass), salt, saltlen, key,
1.1 tedu 282: keylen, rounds) == -1)
1.129 tedu 283: errstr = "bcrypt pbkdf";
1.41 tedu 284: explicit_bzero(pass, sizeof(pass));
1.129 tedu 285: if (errstr)
286: errx(1, "%s", errstr);
1.1 tedu 287: }
288:
289: static void
290: signmsg(uint8_t *seckey, uint8_t *msg, unsigned long long msglen,
291: uint8_t *sig)
292: {
293: unsigned long long siglen;
294: uint8_t *sigbuf;
295:
296: sigbuf = xmalloc(msglen + SIGBYTES);
297: crypto_sign_ed25519(sigbuf, &siglen, msg, msglen, seckey);
298: memcpy(sig, sigbuf, SIGBYTES);
299: free(sigbuf);
300: }
301:
302: static void
1.27 tedu 303: generate(const char *pubkeyfile, const char *seckeyfile, int rounds,
304: const char *comment)
1.1 tedu 305: {
306: uint8_t digest[SHA512_DIGEST_LENGTH];
307: struct pubkey pubkey;
308: struct enckey enckey;
309: uint8_t xorkey[sizeof(enckey.seckey)];
1.94 tedu 310: uint8_t keynum[KEYNUMLEN];
1.27 tedu 311: char commentbuf[COMMENTMAXLEN];
1.1 tedu 312: SHA2_CTX ctx;
1.91 tedu 313: int i, nr;
1.1 tedu 314:
315: crypto_sign_ed25519_keypair(pubkey.pubkey, enckey.seckey);
1.94 tedu 316: arc4random_buf(keynum, sizeof(keynum));
1.1 tedu 317:
318: SHA512Init(&ctx);
319: SHA512Update(&ctx, enckey.seckey, sizeof(enckey.seckey));
320: SHA512Final(digest, &ctx);
321:
322: memcpy(enckey.pkalg, PKALG, 2);
323: memcpy(enckey.kdfalg, KDFALG, 2);
324: enckey.kdfrounds = htonl(rounds);
1.94 tedu 325: memcpy(enckey.keynum, keynum, KEYNUMLEN);
1.1 tedu 326: arc4random_buf(enckey.salt, sizeof(enckey.salt));
1.70 tedu 327: kdf(enckey.salt, sizeof(enckey.salt), rounds, 1, 1, xorkey, sizeof(xorkey));
1.1 tedu 328: memcpy(enckey.checksum, digest, sizeof(enckey.checksum));
329: for (i = 0; i < sizeof(enckey.seckey); i++)
330: enckey.seckey[i] ^= xorkey[i];
1.41 tedu 331: explicit_bzero(digest, sizeof(digest));
332: explicit_bzero(xorkey, sizeof(xorkey));
1.1 tedu 333:
1.123 tedu 334: nr = snprintf(commentbuf, sizeof(commentbuf), "%s secret key", comment);
1.132 deraadt 335: if (nr < 0 || nr >= sizeof(commentbuf))
1.71 tedu 336: errx(1, "comment too long");
1.109 tedu 337: writekeyfile(seckeyfile, commentbuf, &enckey,
338: sizeof(enckey), O_EXCL, 0600);
1.41 tedu 339: explicit_bzero(&enckey, sizeof(enckey));
1.1 tedu 340:
341: memcpy(pubkey.pkalg, PKALG, 2);
1.94 tedu 342: memcpy(pubkey.keynum, keynum, KEYNUMLEN);
1.123 tedu 343: nr = snprintf(commentbuf, sizeof(commentbuf), "%s public key", comment);
1.132 deraadt 344: if (nr < 0 || nr >= sizeof(commentbuf))
1.71 tedu 345: errx(1, "comment too long");
1.109 tedu 346: writekeyfile(pubkeyfile, commentbuf, &pubkey,
347: sizeof(pubkey), O_EXCL, 0666);
1.1 tedu 348: }
349:
1.126 espie 350: static const char *
1.125 tedu 351: check_keyname_compliance(const char *pubkeyfile, const char *seckeyfile)
352: {
1.126 espie 353: const char *pos;
1.128 tedu 354: size_t len;
1.126 espie 355:
356: /* basename may or may not modify input */
357: pos = strrchr(seckeyfile, '/');
358: if (pos != NULL)
1.128 tedu 359: seckeyfile = pos + 1;
1.126 espie 360:
361: len = strlen(seckeyfile);
1.125 tedu 362: if (len < 5) /* ?.key */
363: goto bad;
1.126 espie 364: if (strcmp(seckeyfile + len - 4, ".sec") != 0)
1.125 tedu 365: goto bad;
1.126 espie 366: if (pubkeyfile != NULL) {
367: pos = strrchr(pubkeyfile, '/');
368: if (pos != NULL)
1.128 tedu 369: pubkeyfile = pos + 1;
1.126 espie 370:
371: if (strlen(pubkeyfile) != len)
372: goto bad;
373: if (strcmp(pubkeyfile + len - 4, ".pub") != 0)
374: goto bad;
375: if (strncmp(pubkeyfile, seckeyfile, len - 4) != 0)
376: goto bad;
377: }
1.125 tedu 378:
1.126 espie 379: return seckeyfile;
1.125 tedu 380: bad:
381: errx(1, "please use naming scheme of keyname.pub and keyname.sec");
382: }
383:
1.111 espie 384: uint8_t *
1.110 tedu 385: createsig(const char *seckeyfile, const char *msgfile, uint8_t *msg,
386: unsigned long long msglen)
1.1 tedu 387: {
1.110 tedu 388: struct enckey enckey;
389: uint8_t xorkey[sizeof(enckey.seckey)];
1.1 tedu 390: struct sig sig;
1.109 tedu 391: char *sighdr;
1.1 tedu 392: uint8_t digest[SHA512_DIGEST_LENGTH];
1.110 tedu 393: int i, nr, rounds;
1.1 tedu 394: SHA2_CTX ctx;
1.110 tedu 395: char comment[COMMENTMAXLEN], sigcomment[COMMENTMAXLEN];
396:
397: readb64file(seckeyfile, &enckey, sizeof(enckey), comment);
1.1 tedu 398:
1.126 espie 399: if (strcmp(seckeyfile, "-") == 0) {
400: nr = snprintf(sigcomment, sizeof(sigcomment),
401: "signature from %s", comment);
402: } else {
403: const char *keyname = check_keyname_compliance(NULL,
404: seckeyfile);
1.123 tedu 405: nr = snprintf(sigcomment, sizeof(sigcomment),
406: VERIFYWITH "%.*s.pub", (int)strlen(keyname) - 4, keyname);
1.110 tedu 407: }
1.132 deraadt 408: if (nr < 0 || nr >= sizeof(sigcomment))
1.126 espie 409: errx(1, "comment too long");
1.110 tedu 410:
411: if (memcmp(enckey.kdfalg, KDFALG, 2) != 0)
1.1 tedu 412: errx(1, "unsupported KDF");
1.110 tedu 413: rounds = ntohl(enckey.kdfrounds);
414: kdf(enckey.salt, sizeof(enckey.salt), rounds, strcmp(msgfile, "-") != 0,
1.70 tedu 415: 0, xorkey, sizeof(xorkey));
1.110 tedu 416: for (i = 0; i < sizeof(enckey.seckey); i++)
417: enckey.seckey[i] ^= xorkey[i];
1.41 tedu 418: explicit_bzero(xorkey, sizeof(xorkey));
1.1 tedu 419: SHA512Init(&ctx);
1.110 tedu 420: SHA512Update(&ctx, enckey.seckey, sizeof(enckey.seckey));
1.1 tedu 421: SHA512Final(digest, &ctx);
1.110 tedu 422: if (memcmp(enckey.checksum, digest, sizeof(enckey.checksum)) != 0)
1.105 tedu 423: errx(1, "incorrect passphrase");
1.41 tedu 424: explicit_bzero(digest, sizeof(digest));
1.1 tedu 425:
1.110 tedu 426: signmsg(enckey.seckey, msg, msglen, sig.sig);
427: memcpy(sig.keynum, enckey.keynum, KEYNUMLEN);
428: explicit_bzero(&enckey, sizeof(enckey));
1.109 tedu 429:
430: memcpy(sig.pkalg, PKALG, 2);
431:
432: sighdr = createheader(sigcomment, &sig, sizeof(sig));
433: return sighdr;
434: }
435:
436: static void
437: sign(const char *seckeyfile, const char *msgfile, const char *sigfile,
438: int embedded)
439: {
440: uint8_t *msg;
441: char *sighdr;
1.110 tedu 442: int fd;
1.109 tedu 443: unsigned long long msglen;
444:
445: msg = readmsg(msgfile, &msglen);
446:
1.110 tedu 447: sighdr = createsig(seckeyfile, msgfile, msg, msglen);
1.109 tedu 448:
449: fd = xopen(sigfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666);
450: writeall(fd, sighdr, strlen(sighdr), sigfile);
451: free(sighdr);
1.16 tedu 452: if (embedded)
1.109 tedu 453: writeall(fd, msg, msglen, sigfile);
454: close(fd);
1.1 tedu 455:
456: free(msg);
457: }
1.14 tedu 458: #endif
1.1 tedu 459:
460: static void
1.62 tedu 461: verifymsg(struct pubkey *pubkey, uint8_t *msg, unsigned long long msglen,
462: struct sig *sig, int quiet)
1.13 tedu 463: {
464: uint8_t *sigbuf, *dummybuf;
465: unsigned long long siglen, dummylen;
466:
1.94 tedu 467: if (memcmp(pubkey->keynum, sig->keynum, KEYNUMLEN) != 0)
1.62 tedu 468: errx(1, "verification failed: checked against wrong key");
469:
1.13 tedu 470: siglen = SIGBYTES + msglen;
471: sigbuf = xmalloc(siglen);
472: dummybuf = xmalloc(siglen);
1.62 tedu 473: memcpy(sigbuf, sig->sig, SIGBYTES);
1.13 tedu 474: memcpy(sigbuf + SIGBYTES, msg, msglen);
475: if (crypto_sign_ed25519_open(dummybuf, &dummylen, sigbuf, siglen,
1.62 tedu 476: pubkey->pubkey) == -1)
1.13 tedu 477: errx(1, "signature verification failed");
1.42 tedu 478: if (!quiet)
479: printf("Signature Verified\n");
1.13 tedu 480: free(sigbuf);
481: free(dummybuf);
482: }
483:
1.107 espie 484: static void
485: check_keytype(const char *pubkeyfile, const char *keytype)
486: {
1.122 tedu 487: const char *p;
488: size_t typelen;
489:
490: if (!(p = strrchr(pubkeyfile, '-')))
491: goto bad;
492: p++;
493: typelen = strlen(keytype);
494: if (strncmp(p, keytype, typelen) != 0)
495: goto bad;
496: if (strcmp(p + typelen, ".pub") != 0)
497: goto bad;
498: return;
499:
500: bad:
501: errx(1, "incorrect keytype: %s is not %s", pubkeyfile, keytype);
1.107 espie 502: }
503:
1.64 tedu 504: static void
505: readpubkey(const char *pubkeyfile, struct pubkey *pubkey,
1.107 espie 506: const char *sigcomment, const char *keytype)
1.64 tedu 507: {
1.119 tedu 508: const char *safepath = "/etc/signify";
1.133 deraadt 509: char keypath[PATH_MAX];
1.64 tedu 510:
511: if (!pubkeyfile) {
1.90 tedu 512: pubkeyfile = strstr(sigcomment, VERIFYWITH);
1.119 tedu 513: if (pubkeyfile && strchr(pubkeyfile, '/') == NULL) {
1.64 tedu 514: pubkeyfile += strlen(VERIFYWITH);
1.107 espie 515: if (keytype)
516: check_keytype(pubkeyfile, keytype);
1.119 tedu 517: if (snprintf(keypath, sizeof(keypath), "%s/%s",
518: safepath, pubkeyfile) >= sizeof(keypath))
519: errx(1, "name too long %s", pubkeyfile);
1.121 tedu 520: pubkeyfile = keypath;
1.64 tedu 521: } else
1.66 tedu 522: usage("must specify pubkey");
1.64 tedu 523: }
1.121 tedu 524: readb64file(pubkeyfile, pubkey, sizeof(*pubkey), NULL);
1.64 tedu 525: }
1.13 tedu 526:
527: static void
1.63 tedu 528: verifysimple(const char *pubkeyfile, const char *msgfile, const char *sigfile,
1.107 espie 529: int quiet, const char *keytype)
1.1 tedu 530: {
1.64 tedu 531: char sigcomment[COMMENTMAXLEN];
1.1 tedu 532: struct sig sig;
533: struct pubkey pubkey;
1.63 tedu 534: unsigned long long msglen;
1.1 tedu 535: uint8_t *msg;
1.16 tedu 536:
1.63 tedu 537: msg = readmsg(msgfile, &msglen);
1.1 tedu 538:
1.64 tedu 539: readb64file(sigfile, &sig, sizeof(sig), sigcomment);
1.107 espie 540: readpubkey(pubkeyfile, &pubkey, sigcomment, keytype);
1.63 tedu 541:
542: verifymsg(&pubkey, msg, msglen, &sig, quiet);
543:
544: free(msg);
545: }
546:
547: static uint8_t *
548: verifyembedded(const char *pubkeyfile, const char *sigfile,
1.107 espie 549: int quiet, unsigned long long *msglenp, const char *keytype)
1.63 tedu 550: {
1.64 tedu 551: char sigcomment[COMMENTMAXLEN];
1.63 tedu 552: struct sig sig;
553: struct pubkey pubkey;
554: unsigned long long msglen, siglen;
555: uint8_t *msg;
556:
557: msg = readmsg(sigfile, &msglen);
558:
1.64 tedu 559: siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), sigcomment);
1.107 espie 560: readpubkey(pubkeyfile, &pubkey, sigcomment, keytype);
1.64 tedu 561:
1.63 tedu 562: msglen -= siglen;
563: memmove(msg, msg + siglen, msglen);
564: msg[msglen] = 0;
1.13 tedu 565:
1.62 tedu 566: verifymsg(&pubkey, msg, msglen, &sig, quiet);
1.63 tedu 567:
568: *msglenp = msglen;
569: return msg;
570: }
571:
572: static void
573: verify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
1.107 espie 574: int embedded, int quiet, const char *keytype)
1.63 tedu 575: {
576: unsigned long long msglen;
577: uint8_t *msg;
578: int fd;
579:
1.16 tedu 580: if (embedded) {
1.107 espie 581: msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen,
582: keytype);
1.30 tedu 583: fd = xopen(msgfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666);
1.16 tedu 584: writeall(fd, msg, msglen, msgfile);
1.68 espie 585: free(msg);
1.16 tedu 586: close(fd);
1.63 tedu 587: } else {
1.107 espie 588: verifysimple(pubkeyfile, msgfile, sigfile, quiet, keytype);
1.16 tedu 589: }
1.1 tedu 590: }
591:
1.42 tedu 592: #ifndef VERIFYONLY
1.83 tedu 593: #define HASHBUFSIZE 224
1.42 tedu 594: struct checksum {
1.98 tedu 595: char file[PATH_MAX];
1.83 tedu 596: char hash[HASHBUFSIZE];
1.81 tedu 597: char algo[32];
1.42 tedu 598: };
599:
1.118 deraadt 600: static void *
1.85 espie 601: ecalloc(size_t s1, size_t s2, void *data)
602: {
1.87 tedu 603: void *p;
604:
1.89 tedu 605: if (!(p = calloc(s1, s2)))
1.85 espie 606: err(1, "calloc");
607: return p;
608: }
609:
610: static void
611: efree(void *p, void *data)
612: {
613: free(p);
614: }
615:
1.42 tedu 616: static void
1.85 espie 617: recodehash(char *hash, size_t len)
1.80 tedu 618: {
1.83 tedu 619: uint8_t data[HASHBUFSIZE / 2];
1.80 tedu 620: int i, rv;
621:
1.85 espie 622: if (strlen(hash) == len)
1.80 tedu 623: return;
624: if ((rv = b64_pton(hash, data, sizeof(data))) == -1)
625: errx(1, "invalid base64 encoding");
626: for (i = 0; i < rv; i++)
1.83 tedu 627: snprintf(hash + i * 2, HASHBUFSIZE - i * 2, "%2.2x", data[i]);
1.80 tedu 628: }
629:
1.85 espie 630: static int
631: verifychecksum(struct checksum *c, int quiet)
632: {
633: char buf[HASHBUFSIZE];
1.87 tedu 634:
1.85 espie 635: if (strcmp(c->algo, "SHA256") == 0) {
636: recodehash(c->hash, SHA256_DIGEST_STRING_LENGTH-1);
637: if (!SHA256File(c->file, buf))
638: return 0;
639: } else if (strcmp(c->algo, "SHA512") == 0) {
640: recodehash(c->hash, SHA512_DIGEST_STRING_LENGTH-1);
641: if (!SHA512File(c->file, buf))
642: return 0;
643: } else {
644: errx(1, "can't handle algorithm %s", c->algo);
645: }
1.105 tedu 646: if (strcmp(c->hash, buf) != 0)
1.85 espie 647: return 0;
648: if (!quiet)
649: printf("%s: OK\n", c->file);
650: return 1;
651: }
652:
1.80 tedu 653: static void
1.45 tedu 654: verifychecksums(char *msg, int argc, char **argv, int quiet)
1.42 tedu 655: {
1.87 tedu 656: struct ohash_info info = { 0, NULL, ecalloc, efree, NULL };
1.85 espie 657: struct ohash myh;
658: struct checksum c;
1.88 tedu 659: char *e, *line, *endline;
1.85 espie 660: int hasfailed = 0;
1.87 tedu 661: int i, rv;
1.85 espie 662: unsigned int slot;
663:
1.88 tedu 664: ohash_init(&myh, 6, &info);
1.85 espie 665: if (argc) {
666: for (i = 0; i < argc; i++) {
667: slot = ohash_qlookup(&myh, argv[i]);
668: e = ohash_find(&myh, slot);
669: if (e == NULL)
670: ohash_insert(&myh, slot, argv[i]);
671: }
672: }
1.42 tedu 673:
1.45 tedu 674: line = msg;
1.42 tedu 675: while (line && *line) {
676: if ((endline = strchr(line, '\n')))
1.78 tedu 677: *endline++ = '\0';
1.99 tedu 678: #if PATH_MAX < 1024 || HASHBUFSIZE < 224
679: #error sizes are wrong
680: #endif
1.100 tedu 681: rv = sscanf(line, "%31s (%1023[^)]) = "3s",
1.85 espie 682: c.algo, c.file, c.hash);
1.100 tedu 683: if (rv != 3)
1.42 tedu 684: errx(1, "unable to parse checksum line %s", line);
685: line = endline;
1.85 espie 686: if (argc) {
687: slot = ohash_qlookup(&myh, c.file);
688: e = ohash_find(&myh, slot);
689: if (e != NULL) {
1.87 tedu 690: if (verifychecksum(&c, quiet) != 0)
1.85 espie 691: ohash_remove(&myh, slot);
692: }
1.42 tedu 693: } else {
1.87 tedu 694: if (verifychecksum(&c, quiet) == 0) {
1.88 tedu 695: slot = ohash_qlookup(&myh, c.file);
696: e = ohash_find(&myh, slot);
697: if (e == NULL) {
698: if (!(e = strdup(c.file)))
699: err(1, "strdup");
700: ohash_insert(&myh, slot, e);
701: }
1.42 tedu 702: }
703: }
1.85 espie 704: }
1.42 tedu 705:
1.88 tedu 706: for (e = ohash_first(&myh, &slot); e != NULL; e = ohash_next(&myh, &slot)) {
707: fprintf(stderr, "%s: FAIL\n", e);
708: hasfailed = 1;
709: if (argc == 0)
710: free(e);
1.42 tedu 711: }
1.88 tedu 712: ohash_delete(&myh);
1.43 tedu 713: if (hasfailed)
1.42 tedu 714: exit(1);
715: }
716:
717: static void
1.135 tb 718: check(const char *pubkeyfile, const char *sigfile, const char *keytype,
719: int quiet, int argc, char **argv)
1.42 tedu 720: {
1.63 tedu 721: unsigned long long msglen;
1.42 tedu 722: uint8_t *msg;
723:
1.135 tb 724: msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen, keytype);
1.45 tedu 725: verifychecksums((char *)msg, argc, argv, quiet);
1.42 tedu 726:
1.63 tedu 727: free(msg);
1.42 tedu 728: }
1.111 espie 729:
730: void *
1.118 deraadt 731: verifyzdata(uint8_t *zdata, unsigned long long zdatalen,
1.111 espie 732: const char *filename, const char *pubkeyfile, const char *keytype)
733: {
734: struct sig sig;
735: char sigcomment[COMMENTMAXLEN];
736: unsigned long long siglen;
737: struct pubkey pubkey;
738:
739: if (zdatalen < sizeof(sig))
740: errx(1, "signature too short in %s", filename);
1.118 deraadt 741: siglen = parseb64file(filename, zdata, &sig, sizeof(sig),
1.111 espie 742: sigcomment);
743: readpubkey(pubkeyfile, &pubkey, sigcomment, keytype);
744: zdata += siglen;
745: zdatalen -= siglen;
746: verifymsg(&pubkey, zdata, zdatalen, &sig, 1);
747: return zdata;
748: }
1.42 tedu 749: #endif
750:
1.1 tedu 751: int
752: main(int argc, char **argv)
753: {
1.136 ! kn 754: const char *pubkeyfile = NULL, *msgfile = NULL, *sigfile = NULL;
1.98 tedu 755: char sigfilebuf[PATH_MAX];
1.107 espie 756: char *keytype = NULL;
1.136 ! kn 757: #ifndef VERIFYONLY
! 758: const char *seckeyfile = NULL, *comment = "signify";
! 759: int none = 0;
! 760: #endif
1.131 tedu 761: int ch;
1.16 tedu 762: int embedded = 0;
1.42 tedu 763: int quiet = 0;
1.111 espie 764: int gzip = 0;
1.6 tedu 765: enum {
766: NONE,
1.42 tedu 767: CHECK,
1.6 tedu 768: GENERATE,
769: SIGN,
770: VERIFY
771: } verb = NONE;
772:
1.102 deraadt 773: if (pledge("stdio rpath wpath cpath tty", NULL) == -1)
774: err(1, "pledge");
1.1 tedu 775:
1.111 espie 776: while ((ch = getopt(argc, argv, "CGSVzc:em:np:qs:t:x:")) != -1) {
1.1 tedu 777: switch (ch) {
1.14 tedu 778: #ifndef VERIFYONLY
1.42 tedu 779: case 'C':
780: if (verb)
781: usage(NULL);
782: verb = CHECK;
783: break;
1.6 tedu 784: case 'G':
785: if (verb)
1.31 tedu 786: usage(NULL);
1.6 tedu 787: verb = GENERATE;
788: break;
789: case 'S':
790: if (verb)
1.31 tedu 791: usage(NULL);
1.6 tedu 792: verb = SIGN;
793: break;
1.136 ! kn 794: case 'c':
! 795: comment = optarg;
! 796: break;
! 797: case 'n':
! 798: none = 1;
! 799: break;
! 800: case 's':
! 801: seckeyfile = optarg;
! 802: break;
1.111 espie 803: case 'z':
804: gzip = 1;
805: break;
1.14 tedu 806: #endif
1.6 tedu 807: case 'V':
808: if (verb)
1.31 tedu 809: usage(NULL);
1.6 tedu 810: verb = VERIFY;
811: break;
1.16 tedu 812: case 'e':
813: embedded = 1;
814: break;
1.31 tedu 815: case 'm':
816: msgfile = optarg;
817: break;
1.6 tedu 818: case 'p':
1.1 tedu 819: pubkeyfile = optarg;
820: break;
1.42 tedu 821: case 'q':
822: quiet = 1;
1.1 tedu 823: break;
1.107 espie 824: case 't':
825: keytype = optarg;
826: break;
1.31 tedu 827: case 'x':
828: sigfile = optarg;
829: break;
1.1 tedu 830: default:
1.31 tedu 831: usage(NULL);
1.1 tedu 832: break;
833: }
834: }
1.2 tedu 835: argc -= optind;
1.9 espie 836: argv += optind;
1.113 tedu 837:
838: if (embedded && gzip)
839: errx(1, "can't combine -e and -z options");
1.104 bluhm 840:
841: if (setvbuf(stdout, NULL, _IOLBF, 0) != 0)
842: err(1, "setvbuf");
1.101 tedu 843:
1.114 tedu 844: #ifndef VERIFYONLY
845: if (verb == CHECK) {
1.102 deraadt 846: if (pledge("stdio rpath", NULL) == -1)
847: err(1, "pledge");
1.86 tedu 848: if (!sigfile)
849: usage("must specify sigfile");
1.135 tb 850: check(pubkeyfile, sigfile, keytype, quiet, argc, argv);
1.42 tedu 851: return 0;
852: }
853: #endif
854:
1.31 tedu 855: if (argc != 0)
856: usage(NULL);
857:
1.36 tedu 858: if (!sigfile && msgfile) {
1.91 tedu 859: int nr;
1.36 tedu 860: if (strcmp(msgfile, "-") == 0)
1.66 tedu 861: usage("must specify sigfile with - message");
1.123 tedu 862: nr = snprintf(sigfilebuf, sizeof(sigfilebuf),
863: "%s.sig", msgfile);
1.132 deraadt 864: if (nr < 0 || nr >= sizeof(sigfilebuf))
1.36 tedu 865: errx(1, "path too long");
866: sigfile = sigfilebuf;
867: }
1.1 tedu 868:
1.36 tedu 869: switch (verb) {
1.14 tedu 870: #ifndef VERIFYONLY
1.36 tedu 871: case GENERATE:
1.114 tedu 872: /* no pledge */
1.31 tedu 873: if (!pubkeyfile || !seckeyfile)
1.66 tedu 874: usage("must specify pubkey and seckey");
1.125 tedu 875: check_keyname_compliance(pubkeyfile, seckeyfile);
1.131 tedu 876: generate(pubkeyfile, seckeyfile, none ? 0 : 42, comment);
1.36 tedu 877: break;
878: case SIGN:
1.114 tedu 879: /* no pledge */
1.115 tedu 880: if (gzip) {
1.117 espie 881: if (!msgfile || !seckeyfile || !sigfile)
882: usage("must specify message sigfile seckey");
1.131 tedu 883: zsign(seckeyfile, msgfile, sigfile, none);
1.115 tedu 884: } else {
1.111 espie 885: if (!msgfile || !seckeyfile)
886: usage("must specify message and seckey");
887: sign(seckeyfile, msgfile, sigfile, embedded);
888: }
1.36 tedu 889: break;
1.14 tedu 890: #endif
1.36 tedu 891: case VERIFY:
1.115 tedu 892: if ((embedded || gzip) &&
893: (msgfile && strcmp(msgfile, "-") != 0)) {
894: /* will need to create output file */
1.114 tedu 895: if (pledge("stdio rpath wpath cpath", NULL) == -1)
896: err(1, "pledge");
897: } else {
898: if (pledge("stdio rpath", NULL) == -1)
899: err(1, "pledge");
900: }
1.115 tedu 901: if (gzip) {
1.111 espie 902: zverify(pubkeyfile, msgfile, sigfile, keytype);
1.115 tedu 903: } else {
1.111 espie 904: if (!msgfile)
905: usage("must specify message");
1.118 deraadt 906: verify(pubkeyfile, msgfile, sigfile, embedded,
1.111 espie 907: quiet, keytype);
908: }
1.36 tedu 909: break;
910: default:
1.114 tedu 911: if (pledge("stdio", NULL) == -1)
912: err(1, "pledge");
1.36 tedu 913: usage(NULL);
914: break;
1.1 tedu 915: }
1.9 espie 916:
1.1 tedu 917: return 0;
918: }