Annotation of src/usr.bin/signify/signify.c, Revision 1.42
1.42 ! tedu 1: /* $OpenBSD: signify.c,v 1.41 2014/01/22 21:11:03 tedu Exp $ */
1.1 tedu 2: /*
3: * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17: #include <sys/stat.h>
18:
19: #include <netinet/in.h>
20: #include <resolv.h>
21:
22: #include <stdint.h>
23: #include <fcntl.h>
24: #include <string.h>
25: #include <stdio.h>
1.34 tedu 26: #include <stdlib.h>
1.1 tedu 27: #include <err.h>
28: #include <unistd.h>
29: #include <readpassphrase.h>
30: #include <util.h>
31: #include <sha2.h>
32:
33: #include "crypto_api.h"
34:
35: #define SIGBYTES crypto_sign_ed25519_BYTES
36: #define SECRETBYTES crypto_sign_ed25519_SECRETKEYBYTES
37: #define PUBLICBYTES crypto_sign_ed25519_PUBLICKEYBYTES
38:
39: #define PKALG "Ed"
40: #define KDFALG "BK"
1.13 tedu 41: #define FPLEN 8
42:
1.18 tedu 43: #define COMMENTHDR "untrusted comment: "
44: #define COMMENTHDRLEN 19
45: #define COMMENTMAXLEN 1024
1.1 tedu 46:
47: struct enckey {
48: uint8_t pkalg[2];
49: uint8_t kdfalg[2];
50: uint32_t kdfrounds;
51: uint8_t salt[16];
52: uint8_t checksum[8];
1.13 tedu 53: uint8_t fingerprint[FPLEN];
1.1 tedu 54: uint8_t seckey[SECRETBYTES];
55: };
56:
57: struct pubkey {
58: uint8_t pkalg[2];
1.13 tedu 59: uint8_t fingerprint[FPLEN];
1.1 tedu 60: uint8_t pubkey[PUBLICBYTES];
61: };
62:
63: struct sig {
64: uint8_t pkalg[2];
1.13 tedu 65: uint8_t fingerprint[FPLEN];
1.1 tedu 66: uint8_t sig[SIGBYTES];
67: };
68:
69: extern char *__progname;
70:
71: static void
1.31 tedu 72: usage(const char *error)
1.1 tedu 73: {
1.31 tedu 74: if (error)
75: fprintf(stderr, "%s\n", error);
1.9 espie 76: fprintf(stderr, "usage:"
1.15 espie 77: #ifndef VERIFYONLY
1.42 ! tedu 78: "\t%1$s -C [-q] -p pubkey -x sigfile [files...]\n"
1.31 tedu 79: "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
80: "\t%1$s -I [-p pubkey] [-s seckey] [-x sigfile]\n"
81: "\t%1$s -S [-e] [-x sigfile] -s seckey -m message\n"
1.15 espie 82: #endif
1.42 ! tedu 83: "\t%1$s -V [-eq] [-x sigfile] -p pubkey -m message\n",
1.15 espie 84: __progname);
1.1 tedu 85: exit(1);
86: }
87:
88: static int
89: xopen(const char *fname, int flags, mode_t mode)
90: {
91: int fd;
92:
1.31 tedu 93: if (strcmp(fname, "-") == 0) {
94: if ((flags & O_WRONLY))
95: fd = dup(STDOUT_FILENO);
96: else
97: fd = dup(STDIN_FILENO);
98: if (fd == -1)
99: err(1, "dup failed");
100: } else {
101: fd = open(fname, flags, mode);
102: if (fd == -1)
103: err(1, "can't open %s for %s", fname,
104: (flags & O_WRONLY) ? "writing" : "reading");
105: }
1.1 tedu 106: return fd;
107: }
108:
109: static void *
110: xmalloc(size_t len)
111: {
112: void *p;
113:
114: p = malloc(len);
115: if (!p)
116: err(1, "malloc %zu", len);
117: return p;
118: }
119:
120: static void
1.7 espie 121: readall(int fd, void *buf, size_t len, const char *filename)
1.1 tedu 122: {
1.11 tedu 123: ssize_t x;
1.38 espie 124:
125: while (len != 0) {
126: x = read(fd, buf, len);
127: if (x == -1)
128: err(1, "read from %s", filename);
129: else {
130: len -= x;
131: buf = (char*)buf + x;
132: }
1.7 espie 133: }
1.1 tedu 134: }
135:
1.16 tedu 136: static size_t
1.18 tedu 137: parseb64file(const char *filename, char *b64, void *buf, size_t len,
138: char *comment)
1.16 tedu 139: {
140: int rv;
141: char *commentend, *b64end;
142:
143: commentend = strchr(b64, '\n');
144: if (!commentend || commentend - b64 <= COMMENTHDRLEN ||
145: memcmp(b64, COMMENTHDR, COMMENTHDRLEN))
146: errx(1, "invalid comment in %s; must start with '%s'",
147: filename, COMMENTHDR);
1.18 tedu 148: *commentend = 0;
1.40 deraadt 149: if (comment) {
150: if (strlcpy(comment, b64 + COMMENTHDRLEN,
151: COMMENTMAXLEN) >= COMMENTMAXLEN)
152: err(1, "comment too long");
153: }
1.16 tedu 154: b64end = strchr(commentend + 1, '\n');
155: if (!b64end)
156: errx(1, "missing new line after b64 in %s", filename);
157: *b64end = 0;
158: rv = b64_pton(commentend + 1, buf, len);
159: if (rv != len)
160: errx(1, "invalid b64 encoding in %s", filename);
161: if (memcmp(buf, PKALG, 2))
162: errx(1, "unsupported file %s", filename);
163: return b64end - b64 + 1;
164: }
165:
1.1 tedu 166: static void
1.18 tedu 167: readb64file(const char *filename, void *buf, size_t len, char *comment)
1.1 tedu 168: {
169: char b64[2048];
1.10 tedu 170: int rv, fd;
1.1 tedu 171:
172: fd = xopen(filename, O_RDONLY | O_NOFOLLOW, 0);
173: memset(b64, 0, sizeof(b64));
174: rv = read(fd, b64, sizeof(b64) - 1);
175: if (rv == -1)
1.7 espie 176: err(1, "read from %s", filename);
1.18 tedu 177: parseb64file(filename, b64, buf, len, comment);
1.41 tedu 178: explicit_bzero(b64, sizeof(b64));
1.1 tedu 179: close(fd);
180: }
181:
1.35 tedu 182: static uint8_t *
1.1 tedu 183: readmsg(const char *filename, unsigned long long *msglenp)
184: {
185: unsigned long long msglen;
186: uint8_t *msg;
187: struct stat sb;
188: int fd;
189:
190: fd = xopen(filename, O_RDONLY | O_NOFOLLOW, 0);
1.29 lteo 191: if (fstat(fd, &sb) == -1)
192: err(1, "fstat on %s", filename);
1.30 tedu 193: if (!S_ISREG(sb.st_mode))
194: errx(1, "%s must be a regular file", filename);
1.1 tedu 195: msglen = sb.st_size;
196: if (msglen > (1UL << 30))
197: errx(1, "msg too large in %s", filename);
198: msg = xmalloc(msglen);
1.7 espie 199: readall(fd, msg, msglen, filename);
1.1 tedu 200: close(fd);
201:
202: *msglenp = msglen;
203: return msg;
204: }
205:
206: static void
1.7 espie 207: writeall(int fd, const void *buf, size_t len, const char *filename)
1.1 tedu 208: {
1.11 tedu 209: ssize_t x;
1.38 espie 210:
211: while (len != 0) {
212: x = write(fd, buf, len);
213: if (x == -1)
214: err(1, "write to %s", filename);
215: else {
216: len -= x;
217: buf = (char*)buf + x;
218: }
1.7 espie 219: }
1.1 tedu 220: }
221:
1.17 deraadt 222: #ifndef VERIFYONLY
1.1 tedu 223: static void
1.16 tedu 224: appendall(const char *filename, const void *buf, size_t len)
225: {
226: int fd;
227:
1.30 tedu 228: fd = xopen(filename, O_NOFOLLOW | O_WRONLY | O_APPEND, 0);
1.16 tedu 229: writeall(fd, buf, len, filename);
230: close(fd);
231: }
232:
233: static void
1.1 tedu 234: writeb64file(const char *filename, const char *comment, const void *buf,
1.20 espie 235: size_t len, int flags, mode_t mode)
1.1 tedu 236: {
237: char header[1024];
238: char b64[1024];
239: int fd, rv;
240:
1.30 tedu 241: fd = xopen(filename, O_CREAT|flags|O_NOFOLLOW|O_WRONLY, mode);
1.40 deraadt 242: if (snprintf(header, sizeof(header), "%s%s\n",
243: COMMENTHDR, comment) >= sizeof(header))
244: err(1, "comment too long");
1.7 espie 245: writeall(fd, header, strlen(header), filename);
1.8 espie 246: if ((rv = b64_ntop(buf, len, b64, sizeof(b64)-1)) == -1)
1.1 tedu 247: errx(1, "b64 encode failed");
1.8 espie 248: b64[rv++] = '\n';
1.7 espie 249: writeall(fd, b64, rv, filename);
1.41 tedu 250: explicit_bzero(b64, sizeof(b64));
1.1 tedu 251: close(fd);
252: }
253:
254: static void
255: kdf(uint8_t *salt, size_t saltlen, int rounds, uint8_t *key, size_t keylen)
256: {
257: char pass[1024];
258:
259: if (rounds == 0) {
260: memset(key, 0, keylen);
261: return;
262: }
263:
1.39 tedu 264: if (!readpassphrase("passphrase: ", pass, sizeof(pass), RPP_ECHO_OFF))
265: errx(1, "unable to read passphrase");
1.37 tedu 266: if (strlen(pass) == 0)
267: errx(1, "please provide a password");
1.1 tedu 268: if (bcrypt_pbkdf(pass, strlen(pass), salt, saltlen, key,
269: keylen, rounds) == -1)
270: errx(1, "bcrypt pbkdf");
1.41 tedu 271: explicit_bzero(pass, sizeof(pass));
1.1 tedu 272: }
273:
274: static void
275: signmsg(uint8_t *seckey, uint8_t *msg, unsigned long long msglen,
276: uint8_t *sig)
277: {
278: unsigned long long siglen;
279: uint8_t *sigbuf;
280:
281: sigbuf = xmalloc(msglen + SIGBYTES);
282: crypto_sign_ed25519(sigbuf, &siglen, msg, msglen, seckey);
283: memcpy(sig, sigbuf, SIGBYTES);
284: free(sigbuf);
285: }
286:
287: static void
1.27 tedu 288: generate(const char *pubkeyfile, const char *seckeyfile, int rounds,
289: const char *comment)
1.1 tedu 290: {
291: uint8_t digest[SHA512_DIGEST_LENGTH];
292: struct pubkey pubkey;
293: struct enckey enckey;
294: uint8_t xorkey[sizeof(enckey.seckey)];
1.13 tedu 295: uint8_t fingerprint[FPLEN];
1.27 tedu 296: char commentbuf[COMMENTMAXLEN];
1.1 tedu 297: SHA2_CTX ctx;
298: int i;
299:
300: crypto_sign_ed25519_keypair(pubkey.pubkey, enckey.seckey);
1.13 tedu 301: arc4random_buf(fingerprint, sizeof(fingerprint));
1.1 tedu 302:
303: SHA512Init(&ctx);
304: SHA512Update(&ctx, enckey.seckey, sizeof(enckey.seckey));
305: SHA512Final(digest, &ctx);
306:
307: memcpy(enckey.pkalg, PKALG, 2);
308: memcpy(enckey.kdfalg, KDFALG, 2);
309: enckey.kdfrounds = htonl(rounds);
1.13 tedu 310: memcpy(enckey.fingerprint, fingerprint, FPLEN);
1.1 tedu 311: arc4random_buf(enckey.salt, sizeof(enckey.salt));
312: kdf(enckey.salt, sizeof(enckey.salt), rounds, xorkey, sizeof(xorkey));
313: memcpy(enckey.checksum, digest, sizeof(enckey.checksum));
314: for (i = 0; i < sizeof(enckey.seckey); i++)
315: enckey.seckey[i] ^= xorkey[i];
1.41 tedu 316: explicit_bzero(digest, sizeof(digest));
317: explicit_bzero(xorkey, sizeof(xorkey));
1.1 tedu 318:
1.40 deraadt 319: if (snprintf(commentbuf, sizeof(commentbuf), "%s secret key",
320: comment) >= sizeof(commentbuf))
321: err(1, "comment too long");
1.27 tedu 322: writeb64file(seckeyfile, commentbuf, &enckey,
1.20 espie 323: sizeof(enckey), O_EXCL, 0600);
1.41 tedu 324: explicit_bzero(&enckey, sizeof(enckey));
1.1 tedu 325:
326: memcpy(pubkey.pkalg, PKALG, 2);
1.13 tedu 327: memcpy(pubkey.fingerprint, fingerprint, FPLEN);
1.40 deraadt 328: if (snprintf(commentbuf, sizeof(commentbuf), "%s public key",
329: comment) >= sizeof(commentbuf))
330: err(1, "comment too long");
1.27 tedu 331: writeb64file(pubkeyfile, commentbuf, &pubkey,
1.20 espie 332: sizeof(pubkey), O_EXCL, 0666);
1.1 tedu 333: }
334:
335: static void
1.16 tedu 336: sign(const char *seckeyfile, const char *msgfile, const char *sigfile,
337: int embedded)
1.1 tedu 338: {
339: struct sig sig;
340: uint8_t digest[SHA512_DIGEST_LENGTH];
341: struct enckey enckey;
342: uint8_t xorkey[sizeof(enckey.seckey)];
343: uint8_t *msg;
1.18 tedu 344: char comment[COMMENTMAXLEN], sigcomment[1024];
1.1 tedu 345: unsigned long long msglen;
346: int i, rounds;
347: SHA2_CTX ctx;
348:
1.18 tedu 349: readb64file(seckeyfile, &enckey, sizeof(enckey), comment);
1.1 tedu 350:
351: if (memcmp(enckey.kdfalg, KDFALG, 2))
352: errx(1, "unsupported KDF");
353: rounds = ntohl(enckey.kdfrounds);
354: kdf(enckey.salt, sizeof(enckey.salt), rounds, xorkey, sizeof(xorkey));
355: for (i = 0; i < sizeof(enckey.seckey); i++)
356: enckey.seckey[i] ^= xorkey[i];
1.41 tedu 357: explicit_bzero(xorkey, sizeof(xorkey));
1.1 tedu 358: SHA512Init(&ctx);
359: SHA512Update(&ctx, enckey.seckey, sizeof(enckey.seckey));
360: SHA512Final(digest, &ctx);
361: if (memcmp(enckey.checksum, digest, sizeof(enckey.checksum)))
362: errx(1, "incorrect passphrase");
1.41 tedu 363: explicit_bzero(digest, sizeof(digest));
1.1 tedu 364:
1.16 tedu 365: msg = readmsg(msgfile, &msglen);
1.1 tedu 366:
367: signmsg(enckey.seckey, msg, msglen, sig.sig);
1.13 tedu 368: memcpy(sig.fingerprint, enckey.fingerprint, FPLEN);
1.41 tedu 369: explicit_bzero(&enckey, sizeof(enckey));
1.1 tedu 370:
371: memcpy(sig.pkalg, PKALG, 2);
1.40 deraadt 372: if (snprintf(sigcomment, sizeof(sigcomment), "signature from %s",
373: comment) >= sizeof(sigcomment))
374: err(1, "comment too long");
1.20 espie 375: writeb64file(sigfile, sigcomment, &sig, sizeof(sig), O_TRUNC, 0666);
1.16 tedu 376: if (embedded)
377: appendall(sigfile, msg, msglen);
1.1 tedu 378:
379: free(msg);
380: }
1.22 tedu 381:
382: static void
383: inspect(const char *seckeyfile, const char *pubkeyfile, const char *sigfile)
384: {
385: struct sig sig;
386: struct enckey enckey;
387: struct pubkey pubkey;
388: char fp[(FPLEN + 2) / 3 * 4 + 1];
389:
390: if (seckeyfile) {
391: readb64file(seckeyfile, &enckey, sizeof(enckey), NULL);
392: b64_ntop(enckey.fingerprint, FPLEN, fp, sizeof(fp));
393: printf("sec fp: %s\n", fp);
394: }
395: if (pubkeyfile) {
396: readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
397: b64_ntop(pubkey.fingerprint, FPLEN, fp, sizeof(fp));
398: printf("pub fp: %s\n", fp);
399: }
400: if (sigfile) {
401: readb64file(sigfile, &sig, sizeof(sig), NULL);
402: b64_ntop(sig.fingerprint, FPLEN, fp, sizeof(fp));
403: printf("sig fp: %s\n", fp);
404: }
405: }
1.14 tedu 406: #endif
1.1 tedu 407:
408: static void
1.13 tedu 409: verifymsg(uint8_t *pubkey, uint8_t *msg, unsigned long long msglen,
1.42 ! tedu 410: uint8_t *sig, int quiet)
1.13 tedu 411: {
412: uint8_t *sigbuf, *dummybuf;
413: unsigned long long siglen, dummylen;
414:
415: siglen = SIGBYTES + msglen;
416: sigbuf = xmalloc(siglen);
417: dummybuf = xmalloc(siglen);
418: memcpy(sigbuf, sig, SIGBYTES);
419: memcpy(sigbuf + SIGBYTES, msg, msglen);
420: if (crypto_sign_ed25519_open(dummybuf, &dummylen, sigbuf, siglen,
421: pubkey) == -1)
422: errx(1, "signature verification failed");
1.42 ! tedu 423: if (!quiet)
! 424: printf("Signature Verified\n");
1.13 tedu 425: free(sigbuf);
426: free(dummybuf);
427: }
428:
429:
430: static void
1.16 tedu 431: verify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
1.42 ! tedu 432: int embedded, int quiet)
1.1 tedu 433: {
434: struct sig sig;
435: struct pubkey pubkey;
1.16 tedu 436: unsigned long long msglen, siglen = 0;
1.1 tedu 437: uint8_t *msg;
1.16 tedu 438: int fd;
439:
440: msg = readmsg(embedded ? sigfile : msgfile, &msglen);
1.1 tedu 441:
1.18 tedu 442: readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
1.16 tedu 443: if (embedded) {
1.18 tedu 444: siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), NULL);
1.16 tedu 445: msg += siglen;
446: msglen -= siglen;
447: } else {
1.18 tedu 448: readb64file(sigfile, &sig, sizeof(sig), NULL);
1.16 tedu 449: }
1.13 tedu 450:
1.22 tedu 451: if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN)) {
452: #ifndef VERIFYONLY
453: inspect(NULL, pubkeyfile, sigfile);
454: #endif
1.13 tedu 455: errx(1, "verification failed: checked against wrong key");
1.22 tedu 456: }
1.1 tedu 457:
1.42 ! tedu 458: verifymsg(pubkey.pubkey, msg, msglen, sig.sig, quiet);
1.16 tedu 459: if (embedded) {
1.30 tedu 460: fd = xopen(msgfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666);
1.16 tedu 461: writeall(fd, msg, msglen, msgfile);
462: close(fd);
463: }
1.1 tedu 464:
1.16 tedu 465: free(msg - siglen);
1.1 tedu 466: }
467:
1.42 ! tedu 468: #ifndef VERIFYONLY
! 469: struct checksum {
! 470: char file[1024];
! 471: char hash[1024];
! 472: char algo[256];
! 473: };
! 474:
! 475: static void
! 476: verifychecksums(const char *msg, unsigned long long msglen, int argc,
! 477: char **argv, int quiet)
! 478: {
! 479: char buf[1024];
! 480: char *input, *line, *endline;
! 481: struct checksum *checksums = NULL, *c = NULL;
! 482: int nchecksums = 0;
! 483: int i, j, uselist, count, failcount;
! 484: int *failures;
! 485:
! 486: if (!(input = strndup(msg, msglen)))
! 487: err(1, "strndup");
! 488: line = input;
! 489: while (line && *line) {
! 490: if (!(checksums = realloc(checksums,
! 491: sizeof(*c) * (nchecksums + 1))))
! 492: err(1, "realloc");
! 493: c = &checksums[nchecksums++];
! 494: if ((endline = strchr(line, '\n')))
! 495: *endline++ = 0;
! 496: if (sscanf(line, "%255s %1023s = %1023s",
! 497: c->algo, buf, c->hash) != 3 ||
! 498: buf[0] != '(' || buf[strlen(buf) - 1] != ')')
! 499: errx(1, "unable to parse checksum line %s", line);
! 500: buf[strlen(buf) - 1] = 0;
! 501: strlcpy(c->file, buf + 1, sizeof(c->file));
! 502: line = endline;
! 503: }
! 504: free(input);
! 505:
! 506: if (argc) {
! 507: uselist = 0;
! 508: count = argc;
! 509: } else {
! 510: uselist = 1;
! 511: count = nchecksums;
! 512: }
! 513: failures = calloc(count, sizeof(int));
! 514: for (i = 0; i < count; i++) {
! 515: if (uselist) {
! 516: c = &checksums[i];
! 517: } else {
! 518: for (j = 0; j < nchecksums; j++) {
! 519: c = &checksums[j];
! 520: if (strcmp(c->file, argv[i]) == 0)
! 521: break;
! 522: }
! 523: if (j == nchecksums) {
! 524: failures[i] = 1;
! 525: continue;
! 526: }
! 527: }
! 528:
! 529: if (strcmp(c->algo, "SHA256") == 0) {
! 530: if (!SHA256File(c->file, buf)) {
! 531: failures[i] = 1;
! 532: continue;
! 533: }
! 534: } else if (strcmp(c->algo, "SHA512") == 0) {
! 535: if (!SHA512File(c->file, buf)) {
! 536: failures[i] = 1;
! 537: continue;
! 538: }
! 539: } else {
! 540: errx(1, "can't handle algorithm %s", c->algo);
! 541: }
! 542: if (strcmp(c->hash, buf) != 0) {
! 543: failures[i] = 1;
! 544: continue;
! 545: }
! 546: if (!quiet)
! 547: printf("%s: OK\n", c->file);
! 548: }
! 549: failcount = 0;
! 550: for (i = 0; i < count; i++) {
! 551: if (failures[i]) {
! 552: fprintf(stderr, "%s: FAIL\n",
! 553: uselist ? checksums[i].file : argv[i]);
! 554: failcount++;
! 555: }
! 556: }
! 557: if (failcount)
! 558: exit(1);
! 559: free(checksums);
! 560: }
! 561:
! 562: static void
! 563: check(const char *pubkeyfile, const char *sigfile, int quiet, int argc,
! 564: char **argv)
! 565: {
! 566: struct sig sig;
! 567: struct pubkey pubkey;
! 568: unsigned long long msglen, siglen;
! 569: uint8_t *msg;
! 570:
! 571: msg = readmsg(sigfile, &msglen);
! 572:
! 573: readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
! 574: siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), NULL);
! 575: msg += siglen;
! 576: msglen -= siglen;
! 577:
! 578: if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN)) {
! 579: #ifndef VERIFYONLY
! 580: inspect(NULL, pubkeyfile, sigfile);
! 581: #endif
! 582: errx(1, "verification failed: checked against wrong key");
! 583: }
! 584:
! 585: verifymsg(pubkey.pubkey, msg, msglen, sig.sig, quiet);
! 586: verifychecksums(msg, msglen, argc, argv, quiet);
! 587:
! 588: free(msg - siglen);
! 589: }
! 590: #endif
! 591:
1.1 tedu 592: int
593: main(int argc, char **argv)
594: {
1.16 tedu 595: const char *pubkeyfile = NULL, *seckeyfile = NULL, *msgfile = NULL,
1.1 tedu 596: *sigfile = NULL;
597: char sigfilebuf[1024];
1.27 tedu 598: const char *comment = "signify";
1.1 tedu 599: int ch, rounds;
1.16 tedu 600: int embedded = 0;
1.42 ! tedu 601: int quiet = 0;
1.6 tedu 602: enum {
603: NONE,
1.42 ! tedu 604: CHECK,
1.6 tedu 605: GENERATE,
1.22 tedu 606: INSPECT,
1.6 tedu 607: SIGN,
608: VERIFY
609: } verb = NONE;
610:
1.1 tedu 611:
612: rounds = 42;
613:
1.42 ! tedu 614: while ((ch = getopt(argc, argv, "CGISVc:em:np:qs:x:")) != -1) {
1.1 tedu 615: switch (ch) {
1.14 tedu 616: #ifndef VERIFYONLY
1.42 ! tedu 617: case 'C':
! 618: if (verb)
! 619: usage(NULL);
! 620: verb = CHECK;
! 621: break;
1.6 tedu 622: case 'G':
623: if (verb)
1.31 tedu 624: usage(NULL);
1.6 tedu 625: verb = GENERATE;
626: break;
1.22 tedu 627: case 'I':
628: if (verb)
1.31 tedu 629: usage(NULL);
1.22 tedu 630: verb = INSPECT;
631: break;
1.6 tedu 632: case 'S':
633: if (verb)
1.31 tedu 634: usage(NULL);
1.6 tedu 635: verb = SIGN;
636: break;
1.14 tedu 637: #endif
1.6 tedu 638: case 'V':
639: if (verb)
1.31 tedu 640: usage(NULL);
1.6 tedu 641: verb = VERIFY;
642: break;
1.27 tedu 643: case 'c':
644: comment = optarg;
645: break;
1.16 tedu 646: case 'e':
647: embedded = 1;
648: break;
1.31 tedu 649: case 'm':
650: msgfile = optarg;
651: break;
1.6 tedu 652: case 'n':
1.1 tedu 653: rounds = 0;
654: break;
1.6 tedu 655: case 'p':
1.1 tedu 656: pubkeyfile = optarg;
657: break;
1.42 ! tedu 658: case 'q':
! 659: quiet = 1;
! 660: break;
1.6 tedu 661: case 's':
1.1 tedu 662: seckeyfile = optarg;
663: break;
1.31 tedu 664: case 'x':
665: sigfile = optarg;
666: break;
1.1 tedu 667: default:
1.31 tedu 668: usage(NULL);
1.1 tedu 669: break;
670: }
671: }
1.2 tedu 672: argc -= optind;
1.9 espie 673: argv += optind;
674:
1.42 ! tedu 675: #ifndef VERIFYONLY
! 676: if (verb == CHECK) {
! 677: if (!pubkeyfile || !sigfile)
! 678: usage("need pubkey and sigfile");
! 679: check(pubkeyfile, sigfile, quiet, argc, argv);
! 680: return 0;
! 681: }
! 682: #endif
! 683:
! 684: quiet = 1; /* retain quiet default for 5.5 release */
! 685:
1.31 tedu 686: if (argc != 0)
687: usage(NULL);
688:
1.36 tedu 689: if (!sigfile && msgfile) {
690: if (strcmp(msgfile, "-") == 0)
691: errx(1, "must specify sigfile with - message");
692: if (snprintf(sigfilebuf, sizeof(sigfilebuf), "%s.sig",
693: msgfile) >= sizeof(sigfilebuf))
694: errx(1, "path too long");
695: sigfile = sigfilebuf;
696: }
1.1 tedu 697:
1.36 tedu 698: switch (verb) {
1.14 tedu 699: #ifndef VERIFYONLY
1.36 tedu 700: case GENERATE:
1.31 tedu 701: if (!pubkeyfile || !seckeyfile)
702: usage("need pubkey and seckey");
1.27 tedu 703: generate(pubkeyfile, seckeyfile, rounds, comment);
1.36 tedu 704: break;
705: case INSPECT:
1.22 tedu 706: inspect(seckeyfile, pubkeyfile, sigfile);
1.36 tedu 707: break;
708: case SIGN:
709: if (!msgfile || !seckeyfile)
710: usage("need message and seckey");
711: sign(seckeyfile, msgfile, sigfile, embedded);
712: break;
1.14 tedu 713: #endif
1.36 tedu 714: case VERIFY:
715: if (!msgfile || !pubkeyfile)
716: usage("need message and pubkey");
1.42 ! tedu 717: verify(pubkeyfile, msgfile, sigfile, embedded, quiet);
1.36 tedu 718: break;
719: default:
720: usage(NULL);
721: break;
1.1 tedu 722: }
1.9 espie 723:
1.1 tedu 724: return 0;
725: }