Annotation of src/usr.bin/signify/signify.c, Revision 1.92
1.92 ! krw 1: /* $OpenBSD: signify.c,v 1.91 2014/07/13 18:59:40 tedu Exp $ */
1.1 tedu 2: /*
3: * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17: #include <sys/stat.h>
18:
19: #include <netinet/in.h>
20: #include <resolv.h>
21:
22: #include <stdint.h>
23: #include <fcntl.h>
24: #include <string.h>
25: #include <stdio.h>
1.34 tedu 26: #include <stdlib.h>
1.1 tedu 27: #include <err.h>
28: #include <unistd.h>
29: #include <readpassphrase.h>
30: #include <util.h>
31: #include <sha2.h>
32:
33: #include "crypto_api.h"
1.85 espie 34: #ifndef VERIFY_ONLY
35: #include <stddef.h>
36: #include <ohash.h>
37: #endif
1.1 tedu 38:
39: #define SIGBYTES crypto_sign_ed25519_BYTES
40: #define SECRETBYTES crypto_sign_ed25519_SECRETKEYBYTES
41: #define PUBLICBYTES crypto_sign_ed25519_PUBLICKEYBYTES
42:
43: #define PKALG "Ed"
44: #define KDFALG "BK"
1.13 tedu 45: #define FPLEN 8
46:
1.18 tedu 47: #define COMMENTHDR "untrusted comment: "
48: #define COMMENTHDRLEN 19
49: #define COMMENTMAXLEN 1024
1.51 tedu 50: #define VERIFYWITH "verify with "
1.1 tedu 51:
52: struct enckey {
53: uint8_t pkalg[2];
54: uint8_t kdfalg[2];
55: uint32_t kdfrounds;
56: uint8_t salt[16];
57: uint8_t checksum[8];
1.13 tedu 58: uint8_t fingerprint[FPLEN];
1.1 tedu 59: uint8_t seckey[SECRETBYTES];
60: };
61:
62: struct pubkey {
63: uint8_t pkalg[2];
1.13 tedu 64: uint8_t fingerprint[FPLEN];
1.1 tedu 65: uint8_t pubkey[PUBLICBYTES];
66: };
67:
68: struct sig {
69: uint8_t pkalg[2];
1.13 tedu 70: uint8_t fingerprint[FPLEN];
1.1 tedu 71: uint8_t sig[SIGBYTES];
72: };
73:
74: extern char *__progname;
75:
76: static void
1.31 tedu 77: usage(const char *error)
1.1 tedu 78: {
1.31 tedu 79: if (error)
80: fprintf(stderr, "%s\n", error);
1.9 espie 81: fprintf(stderr, "usage:"
1.15 espie 82: #ifndef VERIFYONLY
1.47 naddy 83: "\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n"
1.31 tedu 84: "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
85: "\t%1$s -I [-p pubkey] [-s seckey] [-x sigfile]\n"
86: "\t%1$s -S [-e] [-x sigfile] -s seckey -m message\n"
1.15 espie 87: #endif
1.42 tedu 88: "\t%1$s -V [-eq] [-x sigfile] -p pubkey -m message\n",
1.15 espie 89: __progname);
1.1 tedu 90: exit(1);
91: }
92:
93: static int
1.61 deraadt 94: xopen(const char *fname, int oflags, mode_t mode)
1.1 tedu 95: {
1.53 tedu 96: struct stat sb;
1.1 tedu 97: int fd;
98:
1.31 tedu 99: if (strcmp(fname, "-") == 0) {
1.61 deraadt 100: if ((oflags & O_WRONLY))
1.31 tedu 101: fd = dup(STDOUT_FILENO);
102: else
103: fd = dup(STDIN_FILENO);
104: if (fd == -1)
105: err(1, "dup failed");
106: } else {
1.61 deraadt 107: fd = open(fname, oflags, mode);
1.31 tedu 108: if (fd == -1)
109: err(1, "can't open %s for %s", fname,
1.61 deraadt 110: (oflags & O_WRONLY) ? "writing" : "reading");
1.31 tedu 111: }
1.53 tedu 112: if (fstat(fd, &sb) == -1 || S_ISDIR(sb.st_mode))
1.66 tedu 113: errx(1, "not a valid file: %s", fname);
1.1 tedu 114: return fd;
115: }
116:
117: static void *
118: xmalloc(size_t len)
119: {
120: void *p;
121:
1.89 tedu 122: if (!(p = malloc(len)))
1.1 tedu 123: err(1, "malloc %zu", len);
124: return p;
125: }
126:
1.16 tedu 127: static size_t
1.46 tedu 128: parseb64file(const char *filename, char *b64, void *buf, size_t buflen,
1.18 tedu 129: char *comment)
1.16 tedu 130: {
131: char *commentend, *b64end;
132:
133: commentend = strchr(b64, '\n');
134: if (!commentend || commentend - b64 <= COMMENTHDRLEN ||
1.65 tedu 135: memcmp(b64, COMMENTHDR, COMMENTHDRLEN) != 0)
1.16 tedu 136: errx(1, "invalid comment in %s; must start with '%s'",
137: filename, COMMENTHDR);
1.75 tedu 138: *commentend = '\0';
1.40 deraadt 139: if (comment) {
140: if (strlcpy(comment, b64 + COMMENTHDRLEN,
141: COMMENTMAXLEN) >= COMMENTMAXLEN)
1.71 tedu 142: errx(1, "comment too long");
1.40 deraadt 143: }
1.89 tedu 144: if (!(b64end = strchr(commentend + 1, '\n')))
1.82 tedu 145: errx(1, "missing new line after base64 in %s", filename);
1.75 tedu 146: *b64end = '\0';
1.77 tedu 147: if (b64_pton(commentend + 1, buf, buflen) != buflen)
1.82 tedu 148: errx(1, "invalid base64 encoding in %s", filename);
1.65 tedu 149: if (memcmp(buf, PKALG, 2) != 0)
1.16 tedu 150: errx(1, "unsupported file %s", filename);
151: return b64end - b64 + 1;
152: }
153:
1.1 tedu 154: static void
1.46 tedu 155: readb64file(const char *filename, void *buf, size_t buflen, char *comment)
1.1 tedu 156: {
157: char b64[2048];
1.10 tedu 158: int rv, fd;
1.1 tedu 159:
160: fd = xopen(filename, O_RDONLY | O_NOFOLLOW, 0);
1.89 tedu 161: if ((rv = read(fd, b64, sizeof(b64) - 1)) == -1)
1.7 espie 162: err(1, "read from %s", filename);
1.75 tedu 163: b64[rv] = '\0';
1.46 tedu 164: parseb64file(filename, b64, buf, buflen, comment);
1.41 tedu 165: explicit_bzero(b64, sizeof(b64));
1.1 tedu 166: close(fd);
167: }
168:
1.35 tedu 169: static uint8_t *
1.1 tedu 170: readmsg(const char *filename, unsigned long long *msglenp)
171: {
1.49 tedu 172: unsigned long long msglen = 0;
173: uint8_t *msg = NULL;
1.1 tedu 174: struct stat sb;
1.49 tedu 175: ssize_t x, space;
1.1 tedu 176: int fd;
1.73 tedu 177: const unsigned long long maxmsgsize = 1UL << 30;
1.1 tedu 178:
179: fd = xopen(filename, O_RDONLY | O_NOFOLLOW, 0);
1.49 tedu 180: if (fstat(fd, &sb) == 0 && S_ISREG(sb.st_mode)) {
1.73 tedu 181: if (sb.st_size > maxmsgsize)
1.49 tedu 182: errx(1, "msg too large in %s", filename);
183: space = sb.st_size + 1;
184: } else {
1.67 tedu 185: space = 64 * 1024;
1.49 tedu 186: }
187:
1.67 tedu 188: msg = xmalloc(space + 1);
1.49 tedu 189: while (1) {
190: if (space == 0) {
1.73 tedu 191: if (msglen * 2 > maxmsgsize)
1.67 tedu 192: errx(1, "msg too large in %s", filename);
193: space = msglen;
1.49 tedu 194: if (!(msg = realloc(msg, msglen + space + 1)))
195: errx(1, "realloc");
196: }
197: if ((x = read(fd, msg + msglen, space)) == -1)
198: err(1, "read from %s", filename);
199: if (x == 0)
200: break;
201: space -= x;
202: msglen += x;
203: }
204:
1.75 tedu 205: msg[msglen] = '\0';
1.1 tedu 206: close(fd);
207:
208: *msglenp = msglen;
209: return msg;
210: }
211:
212: static void
1.46 tedu 213: writeall(int fd, const void *buf, size_t buflen, const char *filename)
1.1 tedu 214: {
1.11 tedu 215: ssize_t x;
1.38 espie 216:
1.46 tedu 217: while (buflen != 0) {
1.89 tedu 218: if ((x = write(fd, buf, buflen)) == -1)
1.38 espie 219: err(1, "write to %s", filename);
1.46 tedu 220: buflen -= x;
1.61 deraadt 221: buf = (char *)buf + x;
1.7 espie 222: }
1.1 tedu 223: }
224:
1.17 deraadt 225: #ifndef VERIFYONLY
1.1 tedu 226: static void
227: writeb64file(const char *filename, const char *comment, const void *buf,
1.61 deraadt 228: size_t buflen, const void *msg, size_t msglen, int oflags, mode_t mode)
1.1 tedu 229: {
230: char header[1024];
231: char b64[1024];
1.91 tedu 232: int fd, rv, nr;
1.1 tedu 233:
1.61 deraadt 234: fd = xopen(filename, O_CREAT|oflags|O_NOFOLLOW|O_WRONLY, mode);
1.91 tedu 235: if ((nr = snprintf(header, sizeof(header), "%s%s\n",
236: COMMENTHDR, comment)) == -1 || nr >= sizeof(header))
1.71 tedu 237: errx(1, "comment too long");
1.7 espie 238: writeall(fd, header, strlen(header), filename);
1.46 tedu 239: if ((rv = b64_ntop(buf, buflen, b64, sizeof(b64)-1)) == -1)
1.82 tedu 240: errx(1, "base64 encode failed");
1.8 espie 241: b64[rv++] = '\n';
1.7 espie 242: writeall(fd, b64, rv, filename);
1.41 tedu 243: explicit_bzero(b64, sizeof(b64));
1.58 tedu 244: if (msg)
245: writeall(fd, msg, msglen, filename);
1.1 tedu 246: close(fd);
247: }
248:
249: static void
1.70 tedu 250: kdf(uint8_t *salt, size_t saltlen, int rounds, int allowstdin, int confirm,
1.50 tedu 251: uint8_t *key, size_t keylen)
1.1 tedu 252: {
253: char pass[1024];
1.48 tedu 254: int rppflags = RPP_ECHO_OFF;
1.1 tedu 255:
256: if (rounds == 0) {
257: memset(key, 0, keylen);
258: return;
259: }
260:
1.50 tedu 261: if (allowstdin && !isatty(STDIN_FILENO))
1.48 tedu 262: rppflags |= RPP_STDIN;
263: if (!readpassphrase("passphrase: ", pass, sizeof(pass), rppflags))
1.39 tedu 264: errx(1, "unable to read passphrase");
1.37 tedu 265: if (strlen(pass) == 0)
266: errx(1, "please provide a password");
1.70 tedu 267: if (confirm && !(rppflags & RPP_STDIN)) {
268: char pass2[1024];
269: if (!readpassphrase("confirm passphrase: ", pass2,
270: sizeof(pass2), rppflags))
271: errx(1, "unable to read passphrase");
272: if (strcmp(pass, pass2) != 0)
273: errx(1, "passwords don't match");
274: explicit_bzero(pass2, sizeof(pass2));
275: }
1.1 tedu 276: if (bcrypt_pbkdf(pass, strlen(pass), salt, saltlen, key,
277: keylen, rounds) == -1)
278: errx(1, "bcrypt pbkdf");
1.41 tedu 279: explicit_bzero(pass, sizeof(pass));
1.1 tedu 280: }
281:
282: static void
283: signmsg(uint8_t *seckey, uint8_t *msg, unsigned long long msglen,
284: uint8_t *sig)
285: {
286: unsigned long long siglen;
287: uint8_t *sigbuf;
288:
289: sigbuf = xmalloc(msglen + SIGBYTES);
290: crypto_sign_ed25519(sigbuf, &siglen, msg, msglen, seckey);
291: memcpy(sig, sigbuf, SIGBYTES);
292: free(sigbuf);
293: }
294:
295: static void
1.27 tedu 296: generate(const char *pubkeyfile, const char *seckeyfile, int rounds,
297: const char *comment)
1.1 tedu 298: {
299: uint8_t digest[SHA512_DIGEST_LENGTH];
300: struct pubkey pubkey;
301: struct enckey enckey;
302: uint8_t xorkey[sizeof(enckey.seckey)];
1.13 tedu 303: uint8_t fingerprint[FPLEN];
1.27 tedu 304: char commentbuf[COMMENTMAXLEN];
1.1 tedu 305: SHA2_CTX ctx;
1.91 tedu 306: int i, nr;
1.1 tedu 307:
308: crypto_sign_ed25519_keypair(pubkey.pubkey, enckey.seckey);
1.13 tedu 309: arc4random_buf(fingerprint, sizeof(fingerprint));
1.1 tedu 310:
311: SHA512Init(&ctx);
312: SHA512Update(&ctx, enckey.seckey, sizeof(enckey.seckey));
313: SHA512Final(digest, &ctx);
314:
315: memcpy(enckey.pkalg, PKALG, 2);
316: memcpy(enckey.kdfalg, KDFALG, 2);
317: enckey.kdfrounds = htonl(rounds);
1.13 tedu 318: memcpy(enckey.fingerprint, fingerprint, FPLEN);
1.1 tedu 319: arc4random_buf(enckey.salt, sizeof(enckey.salt));
1.70 tedu 320: kdf(enckey.salt, sizeof(enckey.salt), rounds, 1, 1, xorkey, sizeof(xorkey));
1.1 tedu 321: memcpy(enckey.checksum, digest, sizeof(enckey.checksum));
322: for (i = 0; i < sizeof(enckey.seckey); i++)
323: enckey.seckey[i] ^= xorkey[i];
1.41 tedu 324: explicit_bzero(digest, sizeof(digest));
325: explicit_bzero(xorkey, sizeof(xorkey));
1.1 tedu 326:
1.91 tedu 327: if ((nr = snprintf(commentbuf, sizeof(commentbuf), "%s secret key",
328: comment)) == -1 || nr >= sizeof(commentbuf))
1.71 tedu 329: errx(1, "comment too long");
1.27 tedu 330: writeb64file(seckeyfile, commentbuf, &enckey,
1.58 tedu 331: sizeof(enckey), NULL, 0, O_EXCL, 0600);
1.41 tedu 332: explicit_bzero(&enckey, sizeof(enckey));
1.1 tedu 333:
334: memcpy(pubkey.pkalg, PKALG, 2);
1.13 tedu 335: memcpy(pubkey.fingerprint, fingerprint, FPLEN);
1.91 tedu 336: if ((nr = snprintf(commentbuf, sizeof(commentbuf), "%s public key",
337: comment)) == -1 || nr >= sizeof(commentbuf))
1.71 tedu 338: errx(1, "comment too long");
1.27 tedu 339: writeb64file(pubkeyfile, commentbuf, &pubkey,
1.58 tedu 340: sizeof(pubkey), NULL, 0, O_EXCL, 0666);
1.1 tedu 341: }
342:
343: static void
1.16 tedu 344: sign(const char *seckeyfile, const char *msgfile, const char *sigfile,
345: int embedded)
1.1 tedu 346: {
347: struct sig sig;
348: uint8_t digest[SHA512_DIGEST_LENGTH];
349: struct enckey enckey;
350: uint8_t xorkey[sizeof(enckey.seckey)];
351: uint8_t *msg;
1.51 tedu 352: char comment[COMMENTMAXLEN], sigcomment[COMMENTMAXLEN];
353: char *secname;
1.1 tedu 354: unsigned long long msglen;
1.91 tedu 355: int i, rounds, nr;
1.1 tedu 356: SHA2_CTX ctx;
357:
1.18 tedu 358: readb64file(seckeyfile, &enckey, sizeof(enckey), comment);
1.1 tedu 359:
1.65 tedu 360: if (memcmp(enckey.kdfalg, KDFALG, 2) != 0)
1.1 tedu 361: errx(1, "unsupported KDF");
362: rounds = ntohl(enckey.kdfrounds);
1.50 tedu 363: kdf(enckey.salt, sizeof(enckey.salt), rounds, strcmp(msgfile, "-") != 0,
1.70 tedu 364: 0, xorkey, sizeof(xorkey));
1.1 tedu 365: for (i = 0; i < sizeof(enckey.seckey); i++)
366: enckey.seckey[i] ^= xorkey[i];
1.41 tedu 367: explicit_bzero(xorkey, sizeof(xorkey));
1.1 tedu 368: SHA512Init(&ctx);
369: SHA512Update(&ctx, enckey.seckey, sizeof(enckey.seckey));
370: SHA512Final(digest, &ctx);
1.65 tedu 371: if (memcmp(enckey.checksum, digest, sizeof(enckey.checksum)) != 0)
1.1 tedu 372: errx(1, "incorrect passphrase");
1.41 tedu 373: explicit_bzero(digest, sizeof(digest));
1.1 tedu 374:
1.16 tedu 375: msg = readmsg(msgfile, &msglen);
1.1 tedu 376:
377: signmsg(enckey.seckey, msg, msglen, sig.sig);
1.13 tedu 378: memcpy(sig.fingerprint, enckey.fingerprint, FPLEN);
1.41 tedu 379: explicit_bzero(&enckey, sizeof(enckey));
1.1 tedu 380:
381: memcpy(sig.pkalg, PKALG, 2);
1.90 tedu 382: secname = strstr(seckeyfile, ".sec");
383: if (secname && strlen(secname) == 4) {
1.91 tedu 384: if ((nr = snprintf(sigcomment, sizeof(sigcomment), VERIFYWITH "%.*s.pub",
385: (int)strlen(seckeyfile) - 4, seckeyfile)) == -1 || nr >= sizeof(sigcomment))
1.71 tedu 386: errx(1, "comment too long");
1.51 tedu 387: } else {
1.91 tedu 388: if ((nr = snprintf(sigcomment, sizeof(sigcomment), "signature from %s",
389: comment)) == -1 || nr >= sizeof(sigcomment))
1.71 tedu 390: errx(1, "comment too long");
1.51 tedu 391: }
1.16 tedu 392: if (embedded)
1.58 tedu 393: writeb64file(sigfile, sigcomment, &sig, sizeof(sig), msg,
394: msglen, O_TRUNC, 0666);
395: else
396: writeb64file(sigfile, sigcomment, &sig, sizeof(sig), NULL,
397: 0, O_TRUNC, 0666);
1.1 tedu 398:
399: free(msg);
400: }
1.22 tedu 401:
402: static void
403: inspect(const char *seckeyfile, const char *pubkeyfile, const char *sigfile)
404: {
405: struct sig sig;
406: struct enckey enckey;
407: struct pubkey pubkey;
408: char fp[(FPLEN + 2) / 3 * 4 + 1];
409:
410: if (seckeyfile) {
411: readb64file(seckeyfile, &enckey, sizeof(enckey), NULL);
412: b64_ntop(enckey.fingerprint, FPLEN, fp, sizeof(fp));
413: printf("sec fp: %s\n", fp);
414: }
415: if (pubkeyfile) {
416: readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
417: b64_ntop(pubkey.fingerprint, FPLEN, fp, sizeof(fp));
418: printf("pub fp: %s\n", fp);
419: }
420: if (sigfile) {
421: readb64file(sigfile, &sig, sizeof(sig), NULL);
422: b64_ntop(sig.fingerprint, FPLEN, fp, sizeof(fp));
423: printf("sig fp: %s\n", fp);
424: }
425: }
1.14 tedu 426: #endif
1.1 tedu 427:
428: static void
1.62 tedu 429: verifymsg(struct pubkey *pubkey, uint8_t *msg, unsigned long long msglen,
430: struct sig *sig, int quiet)
1.13 tedu 431: {
432: uint8_t *sigbuf, *dummybuf;
433: unsigned long long siglen, dummylen;
434:
1.65 tedu 435: if (memcmp(pubkey->fingerprint, sig->fingerprint, FPLEN) != 0)
1.62 tedu 436: errx(1, "verification failed: checked against wrong key");
437:
1.13 tedu 438: siglen = SIGBYTES + msglen;
439: sigbuf = xmalloc(siglen);
440: dummybuf = xmalloc(siglen);
1.62 tedu 441: memcpy(sigbuf, sig->sig, SIGBYTES);
1.13 tedu 442: memcpy(sigbuf + SIGBYTES, msg, msglen);
443: if (crypto_sign_ed25519_open(dummybuf, &dummylen, sigbuf, siglen,
1.62 tedu 444: pubkey->pubkey) == -1)
1.13 tedu 445: errx(1, "signature verification failed");
1.42 tedu 446: if (!quiet)
447: printf("Signature Verified\n");
1.13 tedu 448: free(sigbuf);
449: free(dummybuf);
450: }
451:
1.64 tedu 452: static void
453: readpubkey(const char *pubkeyfile, struct pubkey *pubkey,
454: const char *sigcomment)
455: {
1.76 tedu 456: const char *safepath = "/etc/signify/";
1.64 tedu 457:
458: if (!pubkeyfile) {
1.90 tedu 459: pubkeyfile = strstr(sigcomment, VERIFYWITH);
460: if (pubkeyfile) {
1.64 tedu 461: pubkeyfile += strlen(VERIFYWITH);
1.76 tedu 462: if (strncmp(pubkeyfile, safepath, strlen(safepath)) != 0 ||
1.64 tedu 463: strstr(pubkeyfile, "/../") != NULL)
464: errx(1, "untrusted path %s", pubkeyfile);
465: } else
1.66 tedu 466: usage("must specify pubkey");
1.64 tedu 467: }
468: readb64file(pubkeyfile, pubkey, sizeof(*pubkey), NULL);
469: }
1.13 tedu 470:
471: static void
1.63 tedu 472: verifysimple(const char *pubkeyfile, const char *msgfile, const char *sigfile,
473: int quiet)
1.1 tedu 474: {
1.64 tedu 475: char sigcomment[COMMENTMAXLEN];
1.1 tedu 476: struct sig sig;
477: struct pubkey pubkey;
1.63 tedu 478: unsigned long long msglen;
1.1 tedu 479: uint8_t *msg;
1.16 tedu 480:
1.63 tedu 481: msg = readmsg(msgfile, &msglen);
1.1 tedu 482:
1.64 tedu 483: readb64file(sigfile, &sig, sizeof(sig), sigcomment);
484: readpubkey(pubkeyfile, &pubkey, sigcomment);
1.63 tedu 485:
486: verifymsg(&pubkey, msg, msglen, &sig, quiet);
487:
488: free(msg);
489: }
490:
491: static uint8_t *
492: verifyembedded(const char *pubkeyfile, const char *sigfile,
493: int quiet, unsigned long long *msglenp)
494: {
1.64 tedu 495: char sigcomment[COMMENTMAXLEN];
1.63 tedu 496: struct sig sig;
497: struct pubkey pubkey;
498: unsigned long long msglen, siglen;
499: uint8_t *msg;
500:
501: msg = readmsg(sigfile, &msglen);
502:
1.64 tedu 503: siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), sigcomment);
504: readpubkey(pubkeyfile, &pubkey, sigcomment);
505:
1.63 tedu 506: msglen -= siglen;
507: memmove(msg, msg + siglen, msglen);
508: msg[msglen] = 0;
1.13 tedu 509:
1.62 tedu 510: verifymsg(&pubkey, msg, msglen, &sig, quiet);
1.63 tedu 511:
512: *msglenp = msglen;
513: return msg;
514: }
515:
516: static void
517: verify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
518: int embedded, int quiet)
519: {
520: unsigned long long msglen;
521: uint8_t *msg;
522: int fd;
523:
1.16 tedu 524: if (embedded) {
1.63 tedu 525: msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen);
1.30 tedu 526: fd = xopen(msgfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666);
1.16 tedu 527: writeall(fd, msg, msglen, msgfile);
1.68 espie 528: free(msg);
1.16 tedu 529: close(fd);
1.63 tedu 530: } else {
531: verifysimple(pubkeyfile, msgfile, sigfile, quiet);
1.16 tedu 532: }
1.1 tedu 533: }
534:
1.42 tedu 535: #ifndef VERIFYONLY
1.83 tedu 536: #define HASHBUFSIZE 224
1.42 tedu 537: struct checksum {
538: char file[1024];
1.83 tedu 539: char hash[HASHBUFSIZE];
1.81 tedu 540: char algo[32];
1.42 tedu 541: };
542:
1.85 espie 543: static void *
544: ecalloc(size_t s1, size_t s2, void *data)
545: {
1.87 tedu 546: void *p;
547:
1.89 tedu 548: if (!(p = calloc(s1, s2)))
1.85 espie 549: err(1, "calloc");
550: return p;
551: }
552:
553: static void
554: efree(void *p, void *data)
555: {
556: free(p);
557: }
558:
1.42 tedu 559: static void
1.85 espie 560: recodehash(char *hash, size_t len)
1.80 tedu 561: {
1.83 tedu 562: uint8_t data[HASHBUFSIZE / 2];
1.80 tedu 563: int i, rv;
564:
1.85 espie 565: if (strlen(hash) == len)
1.80 tedu 566: return;
567: if ((rv = b64_pton(hash, data, sizeof(data))) == -1)
568: errx(1, "invalid base64 encoding");
569: for (i = 0; i < rv; i++)
1.83 tedu 570: snprintf(hash + i * 2, HASHBUFSIZE - i * 2, "%2.2x", data[i]);
1.80 tedu 571: }
572:
1.85 espie 573: static int
574: verifychecksum(struct checksum *c, int quiet)
575: {
576: char buf[HASHBUFSIZE];
1.87 tedu 577:
1.85 espie 578: if (strcmp(c->algo, "SHA256") == 0) {
579: recodehash(c->hash, SHA256_DIGEST_STRING_LENGTH-1);
580: if (!SHA256File(c->file, buf))
581: return 0;
582: } else if (strcmp(c->algo, "SHA512") == 0) {
583: recodehash(c->hash, SHA512_DIGEST_STRING_LENGTH-1);
584: if (!SHA512File(c->file, buf))
585: return 0;
586: } else {
587: errx(1, "can't handle algorithm %s", c->algo);
588: }
589: if (strcmp(c->hash, buf) != 0) {
590: return 0;
591: }
592: if (!quiet)
593: printf("%s: OK\n", c->file);
594: return 1;
595: }
596:
1.80 tedu 597: static void
1.45 tedu 598: verifychecksums(char *msg, int argc, char **argv, int quiet)
1.42 tedu 599: {
1.87 tedu 600: struct ohash_info info = { 0, NULL, ecalloc, efree, NULL };
1.85 espie 601: struct ohash myh;
602: struct checksum c;
1.88 tedu 603: char *e, *line, *endline;
1.85 espie 604: int hasfailed = 0;
1.87 tedu 605: int i, rv;
1.85 espie 606: unsigned int slot;
607:
1.88 tedu 608: ohash_init(&myh, 6, &info);
1.85 espie 609: if (argc) {
610: for (i = 0; i < argc; i++) {
611: slot = ohash_qlookup(&myh, argv[i]);
612: e = ohash_find(&myh, slot);
613: if (e == NULL)
614: ohash_insert(&myh, slot, argv[i]);
615: }
616: }
1.42 tedu 617:
1.45 tedu 618: line = msg;
1.42 tedu 619: while (line && *line) {
620: if ((endline = strchr(line, '\n')))
1.78 tedu 621: *endline++ = '\0';
1.85 espie 622: rv = sscanf(line, "%31s (%1023s = "3s",
623: c.algo, c.file, c.hash);
624: if (rv != 3 || c.file[0] == 0 || c.file[strlen(c.file)-1] != ')')
1.42 tedu 625: errx(1, "unable to parse checksum line %s", line);
1.87 tedu 626: c.file[strlen(c.file) - 1] = '\0';
1.42 tedu 627: line = endline;
1.85 espie 628: if (argc) {
629: slot = ohash_qlookup(&myh, c.file);
630: e = ohash_find(&myh, slot);
631: if (e != NULL) {
1.87 tedu 632: if (verifychecksum(&c, quiet) != 0)
1.85 espie 633: ohash_remove(&myh, slot);
634: }
1.42 tedu 635: } else {
1.87 tedu 636: if (verifychecksum(&c, quiet) == 0) {
1.88 tedu 637: slot = ohash_qlookup(&myh, c.file);
638: e = ohash_find(&myh, slot);
639: if (e == NULL) {
640: if (!(e = strdup(c.file)))
641: err(1, "strdup");
642: ohash_insert(&myh, slot, e);
643: }
1.42 tedu 644: }
645: }
1.85 espie 646: }
1.42 tedu 647:
1.88 tedu 648: for (e = ohash_first(&myh, &slot); e != NULL; e = ohash_next(&myh, &slot)) {
649: fprintf(stderr, "%s: FAIL\n", e);
650: hasfailed = 1;
651: if (argc == 0)
652: free(e);
1.42 tedu 653: }
1.88 tedu 654: ohash_delete(&myh);
1.43 tedu 655: if (hasfailed)
1.42 tedu 656: exit(1);
657: }
658:
659: static void
660: check(const char *pubkeyfile, const char *sigfile, int quiet, int argc,
661: char **argv)
662: {
1.63 tedu 663: unsigned long long msglen;
1.42 tedu 664: uint8_t *msg;
665:
1.63 tedu 666: msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen);
1.45 tedu 667: verifychecksums((char *)msg, argc, argv, quiet);
1.42 tedu 668:
1.63 tedu 669: free(msg);
1.42 tedu 670: }
671: #endif
672:
1.1 tedu 673: int
674: main(int argc, char **argv)
675: {
1.16 tedu 676: const char *pubkeyfile = NULL, *seckeyfile = NULL, *msgfile = NULL,
1.1 tedu 677: *sigfile = NULL;
678: char sigfilebuf[1024];
1.27 tedu 679: const char *comment = "signify";
1.1 tedu 680: int ch, rounds;
1.16 tedu 681: int embedded = 0;
1.42 tedu 682: int quiet = 0;
1.6 tedu 683: enum {
684: NONE,
1.42 tedu 685: CHECK,
1.6 tedu 686: GENERATE,
1.22 tedu 687: INSPECT,
1.6 tedu 688: SIGN,
689: VERIFY
690: } verb = NONE;
691:
1.1 tedu 692:
693: rounds = 42;
694:
1.42 tedu 695: while ((ch = getopt(argc, argv, "CGISVc:em:np:qs:x:")) != -1) {
1.1 tedu 696: switch (ch) {
1.14 tedu 697: #ifndef VERIFYONLY
1.42 tedu 698: case 'C':
699: if (verb)
700: usage(NULL);
701: verb = CHECK;
702: break;
1.6 tedu 703: case 'G':
704: if (verb)
1.31 tedu 705: usage(NULL);
1.6 tedu 706: verb = GENERATE;
707: break;
1.22 tedu 708: case 'I':
709: if (verb)
1.31 tedu 710: usage(NULL);
1.22 tedu 711: verb = INSPECT;
712: break;
1.6 tedu 713: case 'S':
714: if (verb)
1.31 tedu 715: usage(NULL);
1.6 tedu 716: verb = SIGN;
717: break;
1.14 tedu 718: #endif
1.6 tedu 719: case 'V':
720: if (verb)
1.31 tedu 721: usage(NULL);
1.6 tedu 722: verb = VERIFY;
723: break;
1.27 tedu 724: case 'c':
725: comment = optarg;
726: break;
1.16 tedu 727: case 'e':
728: embedded = 1;
729: break;
1.31 tedu 730: case 'm':
731: msgfile = optarg;
732: break;
1.6 tedu 733: case 'n':
1.1 tedu 734: rounds = 0;
735: break;
1.6 tedu 736: case 'p':
1.1 tedu 737: pubkeyfile = optarg;
738: break;
1.42 tedu 739: case 'q':
740: quiet = 1;
741: break;
1.6 tedu 742: case 's':
1.1 tedu 743: seckeyfile = optarg;
744: break;
1.31 tedu 745: case 'x':
746: sigfile = optarg;
747: break;
1.1 tedu 748: default:
1.31 tedu 749: usage(NULL);
1.1 tedu 750: break;
751: }
752: }
1.2 tedu 753: argc -= optind;
1.9 espie 754: argv += optind;
755:
1.42 tedu 756: #ifndef VERIFYONLY
757: if (verb == CHECK) {
1.86 tedu 758: if (!sigfile)
759: usage("must specify sigfile");
1.42 tedu 760: check(pubkeyfile, sigfile, quiet, argc, argv);
761: return 0;
762: }
763: #endif
764:
1.31 tedu 765: if (argc != 0)
766: usage(NULL);
767:
1.36 tedu 768: if (!sigfile && msgfile) {
1.91 tedu 769: int nr;
1.36 tedu 770: if (strcmp(msgfile, "-") == 0)
1.66 tedu 771: usage("must specify sigfile with - message");
1.91 tedu 772: if ((nr = snprintf(sigfilebuf, sizeof(sigfilebuf), "%s.sig",
773: msgfile)) == -1 || nr >= sizeof(sigfilebuf))
1.36 tedu 774: errx(1, "path too long");
775: sigfile = sigfilebuf;
776: }
1.1 tedu 777:
1.36 tedu 778: switch (verb) {
1.14 tedu 779: #ifndef VERIFYONLY
1.36 tedu 780: case GENERATE:
1.31 tedu 781: if (!pubkeyfile || !seckeyfile)
1.66 tedu 782: usage("must specify pubkey and seckey");
1.27 tedu 783: generate(pubkeyfile, seckeyfile, rounds, comment);
1.36 tedu 784: break;
785: case INSPECT:
1.22 tedu 786: inspect(seckeyfile, pubkeyfile, sigfile);
1.36 tedu 787: break;
788: case SIGN:
789: if (!msgfile || !seckeyfile)
1.66 tedu 790: usage("must specify message and seckey");
1.36 tedu 791: sign(seckeyfile, msgfile, sigfile, embedded);
792: break;
1.14 tedu 793: #endif
1.36 tedu 794: case VERIFY:
1.51 tedu 795: if (!msgfile)
1.66 tedu 796: usage("must specify message");
1.42 tedu 797: verify(pubkeyfile, msgfile, sigfile, embedded, quiet);
1.36 tedu 798: break;
799: default:
800: usage(NULL);
801: break;
1.1 tedu 802: }
1.9 espie 803:
1.1 tedu 804: return 0;
805: }