Annotation of src/usr.bin/signify/signify.c, Revision 1.45
1.45 ! tedu 1: /* $OpenBSD: signify.c,v 1.44 2014/03/05 22:55:07 tedu Exp $ */
1.1 tedu 2: /*
3: * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17: #include <sys/stat.h>
18:
19: #include <netinet/in.h>
20: #include <resolv.h>
21:
22: #include <stdint.h>
23: #include <fcntl.h>
24: #include <string.h>
25: #include <stdio.h>
1.34 tedu 26: #include <stdlib.h>
1.1 tedu 27: #include <err.h>
28: #include <unistd.h>
29: #include <readpassphrase.h>
30: #include <util.h>
31: #include <sha2.h>
32:
33: #include "crypto_api.h"
34:
35: #define SIGBYTES crypto_sign_ed25519_BYTES
36: #define SECRETBYTES crypto_sign_ed25519_SECRETKEYBYTES
37: #define PUBLICBYTES crypto_sign_ed25519_PUBLICKEYBYTES
38:
39: #define PKALG "Ed"
40: #define KDFALG "BK"
1.13 tedu 41: #define FPLEN 8
42:
1.18 tedu 43: #define COMMENTHDR "untrusted comment: "
44: #define COMMENTHDRLEN 19
45: #define COMMENTMAXLEN 1024
1.1 tedu 46:
47: struct enckey {
48: uint8_t pkalg[2];
49: uint8_t kdfalg[2];
50: uint32_t kdfrounds;
51: uint8_t salt[16];
52: uint8_t checksum[8];
1.13 tedu 53: uint8_t fingerprint[FPLEN];
1.1 tedu 54: uint8_t seckey[SECRETBYTES];
55: };
56:
57: struct pubkey {
58: uint8_t pkalg[2];
1.13 tedu 59: uint8_t fingerprint[FPLEN];
1.1 tedu 60: uint8_t pubkey[PUBLICBYTES];
61: };
62:
63: struct sig {
64: uint8_t pkalg[2];
1.13 tedu 65: uint8_t fingerprint[FPLEN];
1.1 tedu 66: uint8_t sig[SIGBYTES];
67: };
68:
69: extern char *__progname;
70:
71: static void
1.31 tedu 72: usage(const char *error)
1.1 tedu 73: {
1.31 tedu 74: if (error)
75: fprintf(stderr, "%s\n", error);
1.9 espie 76: fprintf(stderr, "usage:"
1.15 espie 77: #ifndef VERIFYONLY
1.42 tedu 78: "\t%1$s -C [-q] -p pubkey -x sigfile [files...]\n"
1.31 tedu 79: "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
80: "\t%1$s -I [-p pubkey] [-s seckey] [-x sigfile]\n"
81: "\t%1$s -S [-e] [-x sigfile] -s seckey -m message\n"
1.15 espie 82: #endif
1.42 tedu 83: "\t%1$s -V [-eq] [-x sigfile] -p pubkey -m message\n",
1.15 espie 84: __progname);
1.1 tedu 85: exit(1);
86: }
87:
88: static int
89: xopen(const char *fname, int flags, mode_t mode)
90: {
91: int fd;
92:
1.31 tedu 93: if (strcmp(fname, "-") == 0) {
94: if ((flags & O_WRONLY))
95: fd = dup(STDOUT_FILENO);
96: else
97: fd = dup(STDIN_FILENO);
98: if (fd == -1)
99: err(1, "dup failed");
100: } else {
101: fd = open(fname, flags, mode);
102: if (fd == -1)
103: err(1, "can't open %s for %s", fname,
104: (flags & O_WRONLY) ? "writing" : "reading");
105: }
1.1 tedu 106: return fd;
107: }
108:
109: static void *
110: xmalloc(size_t len)
111: {
112: void *p;
113:
114: p = malloc(len);
115: if (!p)
116: err(1, "malloc %zu", len);
117: return p;
118: }
119:
120: static void
1.7 espie 121: readall(int fd, void *buf, size_t len, const char *filename)
1.1 tedu 122: {
1.11 tedu 123: ssize_t x;
1.38 espie 124:
125: while (len != 0) {
126: x = read(fd, buf, len);
127: if (x == -1)
128: err(1, "read from %s", filename);
1.44 tedu 129: len -= x;
130: buf = (char*)buf + x;
1.7 espie 131: }
1.1 tedu 132: }
133:
1.16 tedu 134: static size_t
1.18 tedu 135: parseb64file(const char *filename, char *b64, void *buf, size_t len,
136: char *comment)
1.16 tedu 137: {
138: int rv;
139: char *commentend, *b64end;
140:
141: commentend = strchr(b64, '\n');
142: if (!commentend || commentend - b64 <= COMMENTHDRLEN ||
143: memcmp(b64, COMMENTHDR, COMMENTHDRLEN))
144: errx(1, "invalid comment in %s; must start with '%s'",
145: filename, COMMENTHDR);
1.18 tedu 146: *commentend = 0;
1.40 deraadt 147: if (comment) {
148: if (strlcpy(comment, b64 + COMMENTHDRLEN,
149: COMMENTMAXLEN) >= COMMENTMAXLEN)
150: err(1, "comment too long");
151: }
1.16 tedu 152: b64end = strchr(commentend + 1, '\n');
153: if (!b64end)
154: errx(1, "missing new line after b64 in %s", filename);
155: *b64end = 0;
156: rv = b64_pton(commentend + 1, buf, len);
157: if (rv != len)
158: errx(1, "invalid b64 encoding in %s", filename);
159: if (memcmp(buf, PKALG, 2))
160: errx(1, "unsupported file %s", filename);
161: return b64end - b64 + 1;
162: }
163:
1.1 tedu 164: static void
1.18 tedu 165: readb64file(const char *filename, void *buf, size_t len, char *comment)
1.1 tedu 166: {
167: char b64[2048];
1.10 tedu 168: int rv, fd;
1.1 tedu 169:
170: fd = xopen(filename, O_RDONLY | O_NOFOLLOW, 0);
171: memset(b64, 0, sizeof(b64));
172: rv = read(fd, b64, sizeof(b64) - 1);
173: if (rv == -1)
1.7 espie 174: err(1, "read from %s", filename);
1.18 tedu 175: parseb64file(filename, b64, buf, len, comment);
1.41 tedu 176: explicit_bzero(b64, sizeof(b64));
1.1 tedu 177: close(fd);
178: }
179:
1.35 tedu 180: static uint8_t *
1.1 tedu 181: readmsg(const char *filename, unsigned long long *msglenp)
182: {
183: unsigned long long msglen;
184: uint8_t *msg;
185: struct stat sb;
186: int fd;
187:
188: fd = xopen(filename, O_RDONLY | O_NOFOLLOW, 0);
1.29 lteo 189: if (fstat(fd, &sb) == -1)
190: err(1, "fstat on %s", filename);
1.30 tedu 191: if (!S_ISREG(sb.st_mode))
192: errx(1, "%s must be a regular file", filename);
1.1 tedu 193: msglen = sb.st_size;
194: if (msglen > (1UL << 30))
195: errx(1, "msg too large in %s", filename);
1.45 ! tedu 196: msg = xmalloc(msglen + 1);
1.7 espie 197: readall(fd, msg, msglen, filename);
1.45 ! tedu 198: msg[msglen] = 0;
1.1 tedu 199: close(fd);
200:
201: *msglenp = msglen;
202: return msg;
203: }
204:
205: static void
1.7 espie 206: writeall(int fd, const void *buf, size_t len, const char *filename)
1.1 tedu 207: {
1.11 tedu 208: ssize_t x;
1.38 espie 209:
210: while (len != 0) {
211: x = write(fd, buf, len);
212: if (x == -1)
213: err(1, "write to %s", filename);
1.44 tedu 214: len -= x;
215: buf = (char*)buf + x;
1.7 espie 216: }
1.1 tedu 217: }
218:
1.17 deraadt 219: #ifndef VERIFYONLY
1.1 tedu 220: static void
1.16 tedu 221: appendall(const char *filename, const void *buf, size_t len)
222: {
223: int fd;
224:
1.30 tedu 225: fd = xopen(filename, O_NOFOLLOW | O_WRONLY | O_APPEND, 0);
1.16 tedu 226: writeall(fd, buf, len, filename);
227: close(fd);
228: }
229:
230: static void
1.1 tedu 231: writeb64file(const char *filename, const char *comment, const void *buf,
1.20 espie 232: size_t len, int flags, mode_t mode)
1.1 tedu 233: {
234: char header[1024];
235: char b64[1024];
236: int fd, rv;
237:
1.30 tedu 238: fd = xopen(filename, O_CREAT|flags|O_NOFOLLOW|O_WRONLY, mode);
1.40 deraadt 239: if (snprintf(header, sizeof(header), "%s%s\n",
240: COMMENTHDR, comment) >= sizeof(header))
241: err(1, "comment too long");
1.7 espie 242: writeall(fd, header, strlen(header), filename);
1.8 espie 243: if ((rv = b64_ntop(buf, len, b64, sizeof(b64)-1)) == -1)
1.1 tedu 244: errx(1, "b64 encode failed");
1.8 espie 245: b64[rv++] = '\n';
1.7 espie 246: writeall(fd, b64, rv, filename);
1.41 tedu 247: explicit_bzero(b64, sizeof(b64));
1.1 tedu 248: close(fd);
249: }
250:
251: static void
252: kdf(uint8_t *salt, size_t saltlen, int rounds, uint8_t *key, size_t keylen)
253: {
254: char pass[1024];
255:
256: if (rounds == 0) {
257: memset(key, 0, keylen);
258: return;
259: }
260:
1.39 tedu 261: if (!readpassphrase("passphrase: ", pass, sizeof(pass), RPP_ECHO_OFF))
262: errx(1, "unable to read passphrase");
1.37 tedu 263: if (strlen(pass) == 0)
264: errx(1, "please provide a password");
1.1 tedu 265: if (bcrypt_pbkdf(pass, strlen(pass), salt, saltlen, key,
266: keylen, rounds) == -1)
267: errx(1, "bcrypt pbkdf");
1.41 tedu 268: explicit_bzero(pass, sizeof(pass));
1.1 tedu 269: }
270:
271: static void
272: signmsg(uint8_t *seckey, uint8_t *msg, unsigned long long msglen,
273: uint8_t *sig)
274: {
275: unsigned long long siglen;
276: uint8_t *sigbuf;
277:
278: sigbuf = xmalloc(msglen + SIGBYTES);
279: crypto_sign_ed25519(sigbuf, &siglen, msg, msglen, seckey);
280: memcpy(sig, sigbuf, SIGBYTES);
281: free(sigbuf);
282: }
283:
284: static void
1.27 tedu 285: generate(const char *pubkeyfile, const char *seckeyfile, int rounds,
286: const char *comment)
1.1 tedu 287: {
288: uint8_t digest[SHA512_DIGEST_LENGTH];
289: struct pubkey pubkey;
290: struct enckey enckey;
291: uint8_t xorkey[sizeof(enckey.seckey)];
1.13 tedu 292: uint8_t fingerprint[FPLEN];
1.27 tedu 293: char commentbuf[COMMENTMAXLEN];
1.1 tedu 294: SHA2_CTX ctx;
295: int i;
296:
297: crypto_sign_ed25519_keypair(pubkey.pubkey, enckey.seckey);
1.13 tedu 298: arc4random_buf(fingerprint, sizeof(fingerprint));
1.1 tedu 299:
300: SHA512Init(&ctx);
301: SHA512Update(&ctx, enckey.seckey, sizeof(enckey.seckey));
302: SHA512Final(digest, &ctx);
303:
304: memcpy(enckey.pkalg, PKALG, 2);
305: memcpy(enckey.kdfalg, KDFALG, 2);
306: enckey.kdfrounds = htonl(rounds);
1.13 tedu 307: memcpy(enckey.fingerprint, fingerprint, FPLEN);
1.1 tedu 308: arc4random_buf(enckey.salt, sizeof(enckey.salt));
309: kdf(enckey.salt, sizeof(enckey.salt), rounds, xorkey, sizeof(xorkey));
310: memcpy(enckey.checksum, digest, sizeof(enckey.checksum));
311: for (i = 0; i < sizeof(enckey.seckey); i++)
312: enckey.seckey[i] ^= xorkey[i];
1.41 tedu 313: explicit_bzero(digest, sizeof(digest));
314: explicit_bzero(xorkey, sizeof(xorkey));
1.1 tedu 315:
1.40 deraadt 316: if (snprintf(commentbuf, sizeof(commentbuf), "%s secret key",
317: comment) >= sizeof(commentbuf))
318: err(1, "comment too long");
1.27 tedu 319: writeb64file(seckeyfile, commentbuf, &enckey,
1.20 espie 320: sizeof(enckey), O_EXCL, 0600);
1.41 tedu 321: explicit_bzero(&enckey, sizeof(enckey));
1.1 tedu 322:
323: memcpy(pubkey.pkalg, PKALG, 2);
1.13 tedu 324: memcpy(pubkey.fingerprint, fingerprint, FPLEN);
1.40 deraadt 325: if (snprintf(commentbuf, sizeof(commentbuf), "%s public key",
326: comment) >= sizeof(commentbuf))
327: err(1, "comment too long");
1.27 tedu 328: writeb64file(pubkeyfile, commentbuf, &pubkey,
1.20 espie 329: sizeof(pubkey), O_EXCL, 0666);
1.1 tedu 330: }
331:
332: static void
1.16 tedu 333: sign(const char *seckeyfile, const char *msgfile, const char *sigfile,
334: int embedded)
1.1 tedu 335: {
336: struct sig sig;
337: uint8_t digest[SHA512_DIGEST_LENGTH];
338: struct enckey enckey;
339: uint8_t xorkey[sizeof(enckey.seckey)];
340: uint8_t *msg;
1.18 tedu 341: char comment[COMMENTMAXLEN], sigcomment[1024];
1.1 tedu 342: unsigned long long msglen;
343: int i, rounds;
344: SHA2_CTX ctx;
345:
1.18 tedu 346: readb64file(seckeyfile, &enckey, sizeof(enckey), comment);
1.1 tedu 347:
348: if (memcmp(enckey.kdfalg, KDFALG, 2))
349: errx(1, "unsupported KDF");
350: rounds = ntohl(enckey.kdfrounds);
351: kdf(enckey.salt, sizeof(enckey.salt), rounds, xorkey, sizeof(xorkey));
352: for (i = 0; i < sizeof(enckey.seckey); i++)
353: enckey.seckey[i] ^= xorkey[i];
1.41 tedu 354: explicit_bzero(xorkey, sizeof(xorkey));
1.1 tedu 355: SHA512Init(&ctx);
356: SHA512Update(&ctx, enckey.seckey, sizeof(enckey.seckey));
357: SHA512Final(digest, &ctx);
358: if (memcmp(enckey.checksum, digest, sizeof(enckey.checksum)))
359: errx(1, "incorrect passphrase");
1.41 tedu 360: explicit_bzero(digest, sizeof(digest));
1.1 tedu 361:
1.16 tedu 362: msg = readmsg(msgfile, &msglen);
1.1 tedu 363:
364: signmsg(enckey.seckey, msg, msglen, sig.sig);
1.13 tedu 365: memcpy(sig.fingerprint, enckey.fingerprint, FPLEN);
1.41 tedu 366: explicit_bzero(&enckey, sizeof(enckey));
1.1 tedu 367:
368: memcpy(sig.pkalg, PKALG, 2);
1.40 deraadt 369: if (snprintf(sigcomment, sizeof(sigcomment), "signature from %s",
370: comment) >= sizeof(sigcomment))
371: err(1, "comment too long");
1.20 espie 372: writeb64file(sigfile, sigcomment, &sig, sizeof(sig), O_TRUNC, 0666);
1.16 tedu 373: if (embedded)
374: appendall(sigfile, msg, msglen);
1.1 tedu 375:
376: free(msg);
377: }
1.22 tedu 378:
379: static void
380: inspect(const char *seckeyfile, const char *pubkeyfile, const char *sigfile)
381: {
382: struct sig sig;
383: struct enckey enckey;
384: struct pubkey pubkey;
385: char fp[(FPLEN + 2) / 3 * 4 + 1];
386:
387: if (seckeyfile) {
388: readb64file(seckeyfile, &enckey, sizeof(enckey), NULL);
389: b64_ntop(enckey.fingerprint, FPLEN, fp, sizeof(fp));
390: printf("sec fp: %s\n", fp);
391: }
392: if (pubkeyfile) {
393: readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
394: b64_ntop(pubkey.fingerprint, FPLEN, fp, sizeof(fp));
395: printf("pub fp: %s\n", fp);
396: }
397: if (sigfile) {
398: readb64file(sigfile, &sig, sizeof(sig), NULL);
399: b64_ntop(sig.fingerprint, FPLEN, fp, sizeof(fp));
400: printf("sig fp: %s\n", fp);
401: }
402: }
1.14 tedu 403: #endif
1.1 tedu 404:
405: static void
1.13 tedu 406: verifymsg(uint8_t *pubkey, uint8_t *msg, unsigned long long msglen,
1.42 tedu 407: uint8_t *sig, int quiet)
1.13 tedu 408: {
409: uint8_t *sigbuf, *dummybuf;
410: unsigned long long siglen, dummylen;
411:
412: siglen = SIGBYTES + msglen;
413: sigbuf = xmalloc(siglen);
414: dummybuf = xmalloc(siglen);
415: memcpy(sigbuf, sig, SIGBYTES);
416: memcpy(sigbuf + SIGBYTES, msg, msglen);
417: if (crypto_sign_ed25519_open(dummybuf, &dummylen, sigbuf, siglen,
418: pubkey) == -1)
419: errx(1, "signature verification failed");
1.42 tedu 420: if (!quiet)
421: printf("Signature Verified\n");
1.13 tedu 422: free(sigbuf);
423: free(dummybuf);
424: }
425:
426:
427: static void
1.16 tedu 428: verify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
1.42 tedu 429: int embedded, int quiet)
1.1 tedu 430: {
431: struct sig sig;
432: struct pubkey pubkey;
1.16 tedu 433: unsigned long long msglen, siglen = 0;
1.1 tedu 434: uint8_t *msg;
1.16 tedu 435: int fd;
436:
437: msg = readmsg(embedded ? sigfile : msgfile, &msglen);
1.1 tedu 438:
1.18 tedu 439: readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
1.16 tedu 440: if (embedded) {
1.18 tedu 441: siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), NULL);
1.16 tedu 442: msg += siglen;
443: msglen -= siglen;
444: } else {
1.18 tedu 445: readb64file(sigfile, &sig, sizeof(sig), NULL);
1.16 tedu 446: }
1.13 tedu 447:
1.22 tedu 448: if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN)) {
449: #ifndef VERIFYONLY
450: inspect(NULL, pubkeyfile, sigfile);
451: #endif
1.13 tedu 452: errx(1, "verification failed: checked against wrong key");
1.22 tedu 453: }
1.1 tedu 454:
1.42 tedu 455: verifymsg(pubkey.pubkey, msg, msglen, sig.sig, quiet);
1.16 tedu 456: if (embedded) {
1.30 tedu 457: fd = xopen(msgfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666);
1.16 tedu 458: writeall(fd, msg, msglen, msgfile);
459: close(fd);
460: }
1.1 tedu 461:
1.16 tedu 462: free(msg - siglen);
1.1 tedu 463: }
464:
1.42 tedu 465: #ifndef VERIFYONLY
466: struct checksum {
467: char file[1024];
468: char hash[1024];
469: char algo[256];
470: };
471:
472: static void
1.45 ! tedu 473: verifychecksums(char *msg, int argc, char **argv, int quiet)
1.42 tedu 474: {
475: char buf[1024];
1.45 ! tedu 476: char *line, *endline;
1.42 tedu 477: struct checksum *checksums = NULL, *c = NULL;
478: int nchecksums = 0;
1.43 tedu 479: int i, j, uselist, count, hasfailed;
1.42 tedu 480: int *failures;
481:
1.45 ! tedu 482: line = msg;
1.42 tedu 483: while (line && *line) {
484: if (!(checksums = realloc(checksums,
485: sizeof(*c) * (nchecksums + 1))))
486: err(1, "realloc");
487: c = &checksums[nchecksums++];
488: if ((endline = strchr(line, '\n')))
489: *endline++ = 0;
490: if (sscanf(line, "%255s %1023s = %1023s",
491: c->algo, buf, c->hash) != 3 ||
492: buf[0] != '(' || buf[strlen(buf) - 1] != ')')
493: errx(1, "unable to parse checksum line %s", line);
494: buf[strlen(buf) - 1] = 0;
495: strlcpy(c->file, buf + 1, sizeof(c->file));
496: line = endline;
497: }
498:
499: if (argc) {
500: uselist = 0;
501: count = argc;
502: } else {
503: uselist = 1;
504: count = nchecksums;
505: }
1.43 tedu 506: if (!(failures = calloc(count, sizeof(int))))
507: err(1, "calloc");
1.42 tedu 508: for (i = 0; i < count; i++) {
509: if (uselist) {
510: c = &checksums[i];
511: } else {
512: for (j = 0; j < nchecksums; j++) {
513: c = &checksums[j];
514: if (strcmp(c->file, argv[i]) == 0)
515: break;
516: }
517: if (j == nchecksums) {
518: failures[i] = 1;
519: continue;
520: }
521: }
522:
523: if (strcmp(c->algo, "SHA256") == 0) {
524: if (!SHA256File(c->file, buf)) {
525: failures[i] = 1;
526: continue;
527: }
528: } else if (strcmp(c->algo, "SHA512") == 0) {
529: if (!SHA512File(c->file, buf)) {
530: failures[i] = 1;
531: continue;
532: }
533: } else {
534: errx(1, "can't handle algorithm %s", c->algo);
535: }
536: if (strcmp(c->hash, buf) != 0) {
537: failures[i] = 1;
538: continue;
539: }
540: if (!quiet)
541: printf("%s: OK\n", c->file);
542: }
1.43 tedu 543: hasfailed = 0;
1.42 tedu 544: for (i = 0; i < count; i++) {
545: if (failures[i]) {
546: fprintf(stderr, "%s: FAIL\n",
547: uselist ? checksums[i].file : argv[i]);
1.43 tedu 548: hasfailed = 1;
1.42 tedu 549: }
550: }
1.43 tedu 551: if (hasfailed)
1.42 tedu 552: exit(1);
553: free(checksums);
1.43 tedu 554: free(failures);
1.42 tedu 555: }
556:
557: static void
558: check(const char *pubkeyfile, const char *sigfile, int quiet, int argc,
559: char **argv)
560: {
561: struct sig sig;
562: struct pubkey pubkey;
563: unsigned long long msglen, siglen;
564: uint8_t *msg;
565:
566: msg = readmsg(sigfile, &msglen);
567:
568: readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
569: siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), NULL);
570: msg += siglen;
571: msglen -= siglen;
572:
573: if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN)) {
574: #ifndef VERIFYONLY
575: inspect(NULL, pubkeyfile, sigfile);
576: #endif
577: errx(1, "verification failed: checked against wrong key");
578: }
579:
580: verifymsg(pubkey.pubkey, msg, msglen, sig.sig, quiet);
1.45 ! tedu 581: verifychecksums((char *)msg, argc, argv, quiet);
1.42 tedu 582:
583: free(msg - siglen);
584: }
585: #endif
586:
1.1 tedu 587: int
588: main(int argc, char **argv)
589: {
1.16 tedu 590: const char *pubkeyfile = NULL, *seckeyfile = NULL, *msgfile = NULL,
1.1 tedu 591: *sigfile = NULL;
592: char sigfilebuf[1024];
1.27 tedu 593: const char *comment = "signify";
1.1 tedu 594: int ch, rounds;
1.16 tedu 595: int embedded = 0;
1.42 tedu 596: int quiet = 0;
1.6 tedu 597: enum {
598: NONE,
1.42 tedu 599: CHECK,
1.6 tedu 600: GENERATE,
1.22 tedu 601: INSPECT,
1.6 tedu 602: SIGN,
603: VERIFY
604: } verb = NONE;
605:
1.1 tedu 606:
607: rounds = 42;
608:
1.42 tedu 609: while ((ch = getopt(argc, argv, "CGISVc:em:np:qs:x:")) != -1) {
1.1 tedu 610: switch (ch) {
1.14 tedu 611: #ifndef VERIFYONLY
1.42 tedu 612: case 'C':
613: if (verb)
614: usage(NULL);
615: verb = CHECK;
616: break;
1.6 tedu 617: case 'G':
618: if (verb)
1.31 tedu 619: usage(NULL);
1.6 tedu 620: verb = GENERATE;
621: break;
1.22 tedu 622: case 'I':
623: if (verb)
1.31 tedu 624: usage(NULL);
1.22 tedu 625: verb = INSPECT;
626: break;
1.6 tedu 627: case 'S':
628: if (verb)
1.31 tedu 629: usage(NULL);
1.6 tedu 630: verb = SIGN;
631: break;
1.14 tedu 632: #endif
1.6 tedu 633: case 'V':
634: if (verb)
1.31 tedu 635: usage(NULL);
1.6 tedu 636: verb = VERIFY;
637: break;
1.27 tedu 638: case 'c':
639: comment = optarg;
640: break;
1.16 tedu 641: case 'e':
642: embedded = 1;
643: break;
1.31 tedu 644: case 'm':
645: msgfile = optarg;
646: break;
1.6 tedu 647: case 'n':
1.1 tedu 648: rounds = 0;
649: break;
1.6 tedu 650: case 'p':
1.1 tedu 651: pubkeyfile = optarg;
652: break;
1.42 tedu 653: case 'q':
654: quiet = 1;
655: break;
1.6 tedu 656: case 's':
1.1 tedu 657: seckeyfile = optarg;
658: break;
1.31 tedu 659: case 'x':
660: sigfile = optarg;
661: break;
1.1 tedu 662: default:
1.31 tedu 663: usage(NULL);
1.1 tedu 664: break;
665: }
666: }
1.2 tedu 667: argc -= optind;
1.9 espie 668: argv += optind;
669:
1.42 tedu 670: #ifndef VERIFYONLY
671: if (verb == CHECK) {
672: if (!pubkeyfile || !sigfile)
673: usage("need pubkey and sigfile");
674: check(pubkeyfile, sigfile, quiet, argc, argv);
675: return 0;
676: }
677: #endif
678:
679: quiet = 1; /* retain quiet default for 5.5 release */
680:
1.31 tedu 681: if (argc != 0)
682: usage(NULL);
683:
1.36 tedu 684: if (!sigfile && msgfile) {
685: if (strcmp(msgfile, "-") == 0)
686: errx(1, "must specify sigfile with - message");
687: if (snprintf(sigfilebuf, sizeof(sigfilebuf), "%s.sig",
688: msgfile) >= sizeof(sigfilebuf))
689: errx(1, "path too long");
690: sigfile = sigfilebuf;
691: }
1.1 tedu 692:
1.36 tedu 693: switch (verb) {
1.14 tedu 694: #ifndef VERIFYONLY
1.36 tedu 695: case GENERATE:
1.31 tedu 696: if (!pubkeyfile || !seckeyfile)
697: usage("need pubkey and seckey");
1.27 tedu 698: generate(pubkeyfile, seckeyfile, rounds, comment);
1.36 tedu 699: break;
700: case INSPECT:
1.22 tedu 701: inspect(seckeyfile, pubkeyfile, sigfile);
1.36 tedu 702: break;
703: case SIGN:
704: if (!msgfile || !seckeyfile)
705: usage("need message and seckey");
706: sign(seckeyfile, msgfile, sigfile, embedded);
707: break;
1.14 tedu 708: #endif
1.36 tedu 709: case VERIFY:
710: if (!msgfile || !pubkeyfile)
711: usage("need message and pubkey");
1.42 tedu 712: verify(pubkeyfile, msgfile, sigfile, embedded, quiet);
1.36 tedu 713: break;
714: default:
715: usage(NULL);
716: break;
1.1 tedu 717: }
1.9 espie 718:
1.1 tedu 719: return 0;
720: }