diff options
| author |   tedu <tedu@openbsd.org> | 2014-01-10 04:15:38 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2014-01-10 04:15:38 +0000 |
| commit | 37f70c3207b76286d5d612c07d3b9962607762cd (patch) | |
| tree | a370d461d511ee1bafdfa9e2d99ff8bc4f66226d | |
| parent | Check the return values of the strdup() calls. (diff) | |
| download | wireguard-openbsd-37f70c3207b76286d5d612c07d3b9962607762cd.tar.xz wireguard-openbsd-37f70c3207b76286d5d612c07d3b9962607762cd.zip | |
at least for now, we're going to need some -Inspector magic
| -rw-r--r-- | usr.bin/signify/signify.1 | 11 | ||||
| -rw-r--r-- | usr.bin/signify/signify.c | 48 |
2 files changed, 53 insertions, 6 deletions
diff --git a/usr.bin/signify/signify.1 b/usr.bin/signify/signify.1 index 9f8397a1e48..8d82634a539 100644 --- a/usr.bin/signify/signify.1 +++ b/usr.bin/signify/signify.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: signify.1,v 1.8 2014/01/09 15:36:40 tedu Exp $ +.\" $OpenBSD: signify.1,v 1.9 2014/01/10 04:15:38 tedu Exp $ .\" .\"Copyright (c) 2013 Marc Espie <espie@openbsd.org> .\"Copyright (c) 2013 Ted Unangst <tedu@openbsd.org> @@ -14,7 +14,7 @@ .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: January 9 2014 $ +.Dd $Mdocdate: January 10 2014 $ .Dt SIGNIFY 1 .Os .Sh NAME @@ -27,6 +27,11 @@ .Fl s Ar seckey .Fl G .Nm signify +.Op Fl o Ar signature +.Op Fl p Ar pubkey +.Op Fl s Ar seckey +.Fl I +.Nm signify .Op Fl e .Op Fl o Ar output .Fl s Ar seckey @@ -58,6 +63,8 @@ Embed the message after the signature when signing. For verification, extract the message from the signature. .It Fl G Generate a new keypair. +.It Fl I +Inspect the specified keys or signature and print their fingerprint. .It Fl n Do not ask for a passphrase during key generation. Otherwise, diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c index 1c0e37a9a58..52957c7ac18 100644 --- a/usr.bin/signify/signify.c +++ b/usr.bin/signify/signify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: signify.c,v 1.21 2014/01/09 21:19:38 jmc Exp $ */ +/* $OpenBSD: signify.c,v 1.22 2014/01/10 04:15:38 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org> * @@ -73,11 +73,12 @@ usage(void) fprintf(stderr, "usage:" #ifndef VERIFYONLY "\t%s [-n] -p pubkey -s seckey -G\n" + "\t%s [-o sig] [-p pubkey] [-s seckey] -I\n" "\t%s [-e] [-o output] -s seckey -S message\n" #endif "\t%s [-e] [-o output] -p pubkey -V message\n", #ifndef VERIFYONLY - __progname, __progname, + __progname, __progname, __progname, #endif __progname); exit(1); @@ -341,6 +342,31 @@ sign(const char *seckeyfile, const char *msgfile, const char *sigfile, free(msg); } + +static void +inspect(const char *seckeyfile, const char *pubkeyfile, const char *sigfile) +{ + struct sig sig; + struct enckey enckey; + struct pubkey pubkey; + char fp[(FPLEN + 2) / 3 * 4 + 1]; + + if (seckeyfile) { + readb64file(seckeyfile, &enckey, sizeof(enckey), NULL); + b64_ntop(enckey.fingerprint, FPLEN, fp, sizeof(fp)); + printf("sec fp: %s\n", fp); + } + if (pubkeyfile) { + readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); + b64_ntop(pubkey.fingerprint, FPLEN, fp, sizeof(fp)); + printf("pub fp: %s\n", fp); + } + if (sigfile) { + readb64file(sigfile, &sig, sizeof(sig), NULL); + b64_ntop(sig.fingerprint, FPLEN, fp, sizeof(fp)); + printf("sig fp: %s\n", fp); + } +} #endif static void @@ -384,8 +410,12 @@ verify(const char *pubkeyfile, const char *msgfile, const char *sigfile, readb64file(sigfile, &sig, sizeof(sig), NULL); } - if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN)) + if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN)) { +#ifndef VERIFYONLY + inspect(NULL, pubkeyfile, sigfile); +#endif errx(1, "verification failed: checked against wrong key"); + } verifymsg(pubkey.pubkey, msg, msglen, sig.sig); if (embedded) { @@ -410,6 +440,7 @@ main(int argc, char **argv) enum { NONE, GENERATE, + INSPECT, SIGN, VERIFY } verb = NONE; @@ -417,7 +448,7 @@ main(int argc, char **argv) rounds = 42; - while ((ch = getopt(argc, argv, "GSVeno:p:s:")) != -1) { + while ((ch = getopt(argc, argv, "GISVeno:p:s:")) != -1) { switch (ch) { #ifndef VERIFYONLY case 'G': @@ -425,6 +456,11 @@ main(int argc, char **argv) usage(); verb = GENERATE; break; + case 'I': + if (verb) + usage(); + verb = INSPECT; + break; case 'S': if (verb) usage(); @@ -471,6 +507,10 @@ main(int argc, char **argv) if (!pubkeyfile || !seckeyfile || argc != 0) usage(); generate(pubkeyfile, seckeyfile, rounds); + } else if (verb == INSPECT) { + if (argc != 0) + usage(); + inspect(seckeyfile, pubkeyfile, sigfile); } else #endif { |