summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorChristian Neukirchen <chneukirchen@gmail.com>2016-10-06 18:28:22 +0200
committerChristian Neukirchen <chneukirchen@gmail.com>2016-10-06 18:28:22 +0200
commit771e5fcc430f33540569f4dd8596ad2e54272b41 (patch)
tree61f38af078793c48dedde82312056fea71bc88d6 /src
parent6be3843d5d8f117f57ee18815eea0806b2a59d86 (diff)
downloadoutils-771e5fcc430f33540569f4dd8596ad2e54272b41.tar.gz
outils-771e5fcc430f33540569f4dd8596ad2e54272b41.tar.xz
outils-771e5fcc430f33540569f4dd8596ad2e54272b41.zip
cvs update
Diffstat (limited to 'src')
-rw-r--r--src/usr.bin/signify/signify.117
-rw-r--r--src/usr.bin/signify/signify.c53
-rw-r--r--src/usr.bin/signify/zsig.c4
3 files changed, 52 insertions, 22 deletions
diff --git a/src/usr.bin/signify/signify.1 b/src/usr.bin/signify/signify.1
index 0207091..70c1bef 100644
--- a/src/usr.bin/signify/signify.1
+++ b/src/usr.bin/signify/signify.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: signify.1,v 1.39 2016/09/19 21:15:58 tedu Exp $
+.\" $OpenBSD: signify.1,v 1.40 2016/10/05 15:45:13 tedu Exp $
 .\"
 .\"Copyright (c) 2013 Marc Espie <espie@openbsd.org>
 .\"Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
@@ -14,7 +14,7 @@
 .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: September 19 2016 $
+.Dd $Mdocdate: October 5 2016 $
 .Dt SIGNIFY 1
 .Os
 .Sh NAME
@@ -63,6 +63,11 @@ should be the signed output of
 .Xr sha256 1 .
 .It Fl G
 Generate a new key pair.
+Keynames should follow the convention of
+.Pa keyname.pub
+and
+.Pa keyname.sec
+for the public and secret keys, respectively.
 .It Fl S
 Sign the specified message file and create a signature.
 .It Fl V
@@ -127,10 +132,10 @@ The key and signature files created by
 have the same format.
 The first line of the file is a free form text comment that may be edited,
 so long as it does not exceed a single line.
-.\" Signature comments will be generated based on the name of the secret
-.\" key used for signing.
-.\" This comment can then be used as a hint for the name of the public key
-.\" when verifying.
+Signature comments will be generated based on the name of the secret
+key used for signing.
+This comment can then be used as a hint for the name of the public key
+when verifying.
 The second line of the file is the actual key or signature base64 encoded.
 .Sh EXIT STATUS
 .Ex -std signify
diff --git a/src/usr.bin/signify/signify.c b/src/usr.bin/signify/signify.c
index 73be96d..646532e 100644
--- a/src/usr.bin/signify/signify.c
+++ b/src/usr.bin/signify/signify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: signify.c,v 1.122 2016/09/27 02:13:27 tedu Exp $ */
+/* $OpenBSD: signify.c,v 1.125 2016/10/05 15:58:50 tedu Exp $ */
 /*
  * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
  *
@@ -329,8 +329,8 @@ generate(const char *pubkeyfile, const char *seckeyfile, int rounds,
 	explicit_bzero(digest, sizeof(digest));
 	explicit_bzero(xorkey, sizeof(xorkey));
 
-	if ((nr = snprintf(commentbuf, sizeof(commentbuf), "%s secret key",
-	    comment)) == -1 || nr >= sizeof(commentbuf))
+	nr = snprintf(commentbuf, sizeof(commentbuf), "%s secret key", comment);
+	if (nr == -1 || nr >= sizeof(commentbuf))
 		errx(1, "comment too long");
 	writekeyfile(seckeyfile, commentbuf, &enckey,
 	    sizeof(enckey), O_EXCL, 0600);
@@ -338,13 +338,34 @@ generate(const char *pubkeyfile, const char *seckeyfile, int rounds,
 
 	memcpy(pubkey.pkalg, PKALG, 2);
 	memcpy(pubkey.keynum, keynum, KEYNUMLEN);
-	if ((nr = snprintf(commentbuf, sizeof(commentbuf), "%s public key",
-	    comment)) == -1 || nr >= sizeof(commentbuf))
+	nr = snprintf(commentbuf, sizeof(commentbuf), "%s public key", comment);
+	if (nr == -1 || nr >= sizeof(commentbuf))
 		errx(1, "comment too long");
 	writekeyfile(pubkeyfile, commentbuf, &pubkey,
 	    sizeof(pubkey), O_EXCL, 0666);
 }
 
+static void
+check_keyname_compliance(const char *pubkeyfile, const char *seckeyfile)
+{
+	size_t len;
+
+	len = strlen(pubkeyfile);
+	if (strlen(seckeyfile) != len)
+		goto bad;
+	if (len < 5) /* ?.key */
+		goto bad;
+	if (strcmp(pubkeyfile + len - 4, ".pub") != 0 ||
+	    strcmp(seckeyfile + len - 4, ".sec") != 0)
+		goto bad;
+	if (strncmp(pubkeyfile, seckeyfile, len - 4) != 0)
+		goto bad;
+
+	return;
+bad:
+	errx(1, "please use naming scheme of keyname.pub and keyname.sec");
+}
+
 uint8_t *
 createsig(const char *seckeyfile, const char *msgfile, uint8_t *msg,
     unsigned long long msglen)
@@ -353,7 +374,7 @@ createsig(const char *seckeyfile, const char *msgfile, uint8_t *msg,
 	uint8_t xorkey[sizeof(enckey.seckey)];
 	struct sig sig;
 	char *sighdr;
-	char *secname;
+	char *extname;
 	uint8_t digest[SHA512_DIGEST_LENGTH];
 	int i, nr, rounds;
 	SHA2_CTX ctx;
@@ -361,20 +382,22 @@ createsig(const char *seckeyfile, const char *msgfile, uint8_t *msg,
 
 	readb64file(seckeyfile, &enckey, sizeof(enckey), comment);
 
-	secname = strstr(seckeyfile, ".sec");
-	if (secname && strlen(secname) == 4) {
+	extname = strrchr(seckeyfile, '.');
+	if (extname && strcmp(extname, ".sec") == 0) {
 		const char *keyname;
 		/* basename may or may not modify input */
 		if (!(keyname = strrchr(seckeyfile, '/')))
 			keyname = seckeyfile;
 		else
 			keyname++;
-		if ((nr = snprintf(sigcomment, sizeof(sigcomment), VERIFYWITH "%.*s.pub",
-		    (int)strlen(keyname) - 4, keyname)) == -1 || nr >= sizeof(sigcomment))
+		nr = snprintf(sigcomment, sizeof(sigcomment),
+		    VERIFYWITH "%.*s.pub", (int)strlen(keyname) - 4, keyname);
+		if (nr == -1 || nr >= sizeof(sigcomment))
 			errx(1, "comment too long");
 	} else {
-		if ((nr = snprintf(sigcomment, sizeof(sigcomment), "signature from %s",
-		    comment)) == -1 || nr >= sizeof(sigcomment))
+		nr = snprintf(sigcomment, sizeof(sigcomment),
+		    "signature from %s", comment);
+		if (nr == -1 || nr >= sizeof(sigcomment))
 			errx(1, "comment too long");
 	}
 
@@ -829,8 +852,9 @@ main(int argc, char **argv)
 		int nr;
 		if (strcmp(msgfile, "-") == 0)
 			usage("must specify sigfile with - message");
-		if ((nr = snprintf(sigfilebuf, sizeof(sigfilebuf), "%s.sig",
-		    msgfile)) == -1 || nr >= sizeof(sigfilebuf))
+		nr = snprintf(sigfilebuf, sizeof(sigfilebuf),
+		    "%s.sig", msgfile);
+		if (nr == -1 || nr >= sizeof(sigfilebuf))
 			errx(1, "path too long");
 		sigfile = sigfilebuf;
 	}
@@ -841,6 +865,7 @@ main(int argc, char **argv)
 		/* no pledge */
 		if (!pubkeyfile || !seckeyfile)
 			usage("must specify pubkey and seckey");
+		check_keyname_compliance(pubkeyfile, seckeyfile);
 		generate(pubkeyfile, seckeyfile, rounds, comment);
 		break;
 	case SIGN:
diff --git a/src/usr.bin/signify/zsig.c b/src/usr.bin/signify/zsig.c
index 5538065..38092be 100644
--- a/src/usr.bin/signify/zsig.c
+++ b/src/usr.bin/signify/zsig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: zsig.c,v 1.13 2016/09/27 02:16:40 tedu Exp $ */
+/* $OpenBSD: zsig.c,v 1.14 2016/10/04 14:40:41 espie Exp $ */
 /*
  * Copyright (c) 2016 Marc Espie <espie@openbsd.org>
  *
@@ -94,7 +94,7 @@ readgz_header(struct gzheader *h, int fd)
 			h->os = buf[9];
 			/* magic gzip header */
 			if (buf[0] != 0x1f || buf[1] != 0x8b || buf[2] != 8)
-				err(1, "invalud magic in gzheader");
+				err(1, "invalid magic in gzheader");
 			/* XXX special code that only caters to our needs */
 			if (h->flg & ~ (FCOMMENT_FLAG | FNAME_FLAG))
 				err(1, "invalid flags in gzheader");