From 37f70c3207b76286d5d612c07d3b9962607762cd Mon Sep 17 00:00:00 2001 From: tedu Date: Fri, 10 Jan 2014 04:15:38 +0000 Subject: [PATCH] at least for now, we're going to need some -Inspector magic --- usr.bin/signify/signify.1 | 11 +++++++-- usr.bin/signify/signify.c | 48 +++++++++++++++++++++++++++++++++++---- 2 files changed, 53 insertions(+), 6 deletions(-) diff --git a/usr.bin/signify/signify.1 b/usr.bin/signify/signify.1 index 9f8397a1e48..8d82634a539 100644 --- a/usr.bin/signify/signify.1 +++ b/usr.bin/signify/signify.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: signify.1,v 1.8 2014/01/09 15:36:40 tedu Exp $ +.\" $OpenBSD: signify.1,v 1.9 2014/01/10 04:15:38 tedu Exp $ .\" .\"Copyright (c) 2013 Marc Espie .\"Copyright (c) 2013 Ted Unangst @@ -14,7 +14,7 @@ .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: January 9 2014 $ +.Dd $Mdocdate: January 10 2014 $ .Dt SIGNIFY 1 .Os .Sh NAME @@ -27,6 +27,11 @@ .Fl s Ar seckey .Fl G .Nm signify +.Op Fl o Ar signature +.Op Fl p Ar pubkey +.Op Fl s Ar seckey +.Fl I +.Nm signify .Op Fl e .Op Fl o Ar output .Fl s Ar seckey @@ -58,6 +63,8 @@ Embed the message after the signature when signing. For verification, extract the message from the signature. .It Fl G Generate a new keypair. +.It Fl I +Inspect the specified keys or signature and print their fingerprint. .It Fl n Do not ask for a passphrase during key generation. Otherwise, diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c index 1c0e37a9a58..52957c7ac18 100644 --- a/usr.bin/signify/signify.c +++ b/usr.bin/signify/signify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: signify.c,v 1.21 2014/01/09 21:19:38 jmc Exp $ */ +/* $OpenBSD: signify.c,v 1.22 2014/01/10 04:15:38 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst * @@ -73,11 +73,12 @@ usage(void) fprintf(stderr, "usage:" #ifndef VERIFYONLY "\t%s [-n] -p pubkey -s seckey -G\n" + "\t%s [-o sig] [-p pubkey] [-s seckey] -I\n" "\t%s [-e] [-o output] -s seckey -S message\n" #endif "\t%s [-e] [-o output] -p pubkey -V message\n", #ifndef VERIFYONLY - __progname, __progname, + __progname, __progname, __progname, #endif __progname); exit(1); @@ -341,6 +342,31 @@ sign(const char *seckeyfile, const char *msgfile, const char *sigfile, free(msg); } + +static void +inspect(const char *seckeyfile, const char *pubkeyfile, const char *sigfile) +{ + struct sig sig; + struct enckey enckey; + struct pubkey pubkey; + char fp[(FPLEN + 2) / 3 * 4 + 1]; + + if (seckeyfile) { + readb64file(seckeyfile, &enckey, sizeof(enckey), NULL); + b64_ntop(enckey.fingerprint, FPLEN, fp, sizeof(fp)); + printf("sec fp: %s\n", fp); + } + if (pubkeyfile) { + readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); + b64_ntop(pubkey.fingerprint, FPLEN, fp, sizeof(fp)); + printf("pub fp: %s\n", fp); + } + if (sigfile) { + readb64file(sigfile, &sig, sizeof(sig), NULL); + b64_ntop(sig.fingerprint, FPLEN, fp, sizeof(fp)); + printf("sig fp: %s\n", fp); + } +} #endif static void @@ -384,8 +410,12 @@ verify(const char *pubkeyfile, const char *msgfile, const char *sigfile, readb64file(sigfile, &sig, sizeof(sig), NULL); } - if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN)) + if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN)) { +#ifndef VERIFYONLY + inspect(NULL, pubkeyfile, sigfile); +#endif errx(1, "verification failed: checked against wrong key"); + } verifymsg(pubkey.pubkey, msg, msglen, sig.sig); if (embedded) { @@ -410,6 +440,7 @@ main(int argc, char **argv) enum { NONE, GENERATE, + INSPECT, SIGN, VERIFY } verb = NONE; @@ -417,7 +448,7 @@ main(int argc, char **argv) rounds = 42; - while ((ch = getopt(argc, argv, "GSVeno:p:s:")) != -1) { + while ((ch = getopt(argc, argv, "GISVeno:p:s:")) != -1) { switch (ch) { #ifndef VERIFYONLY case 'G': @@ -425,6 +456,11 @@ main(int argc, char **argv) usage(); verb = GENERATE; break; + case 'I': + if (verb) + usage(); + verb = INSPECT; + break; case 'S': if (verb) usage(); @@ -471,6 +507,10 @@ main(int argc, char **argv) if (!pubkeyfile || !seckeyfile || argc != 0) usage(); generate(pubkeyfile, seckeyfile, rounds); + } else if (verb == INSPECT) { + if (argc != 0) + usage(); + inspect(seckeyfile, pubkeyfile, sigfile); } else #endif { -- 2.20.1