aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2017-07-25 23:32:10 +0200
committerDimitri Sokolyuk <demon@dim13.org>2017-07-25 23:32:10 +0200
commit15fe28c9af4a69d5fb5188c3cbeadae31a9c891f (patch)
tree89f665b0dd71fbe4db17f598bdb494924a774290
parente718cddb32df846caea3a1235a3dc806e03dc1e4 (diff)
prototype gzip verify
-rw-r--r--file/file.go14
-rw-r--r--verify.go51
-rw-r--r--zsig/header.go6
3 files changed, 70 insertions, 1 deletions
diff --git a/file/file.go b/file/file.go
index e954604..5b3fbcf 100644
--- a/file/file.go
+++ b/file/file.go
@@ -3,6 +3,7 @@ package file
import (
"bufio"
+ "bytes"
"encoding"
"encoding/base64"
"errors"
@@ -20,7 +21,8 @@ const (
untrusted = "untrusted comment:"
)
-var ErrComment = errors.New("expected untrusted comment")
+// Original Error: "invalid comment in %s; must start with 'untrusted comment: '"
+var ErrComment = errors.New("comment must start with 'untrusted comment: '")
func DecodeFile(fname string, u encoding.BinaryUnmarshaler) (string, []byte, error) {
fd, err := os.Open(fname)
@@ -31,6 +33,16 @@ func DecodeFile(fname string, u encoding.BinaryUnmarshaler) (string, []byte, err
return Decode(fd, u)
}
+func DecodeString(data string, u encoding.BinaryUnmarshaler) (string, []byte, error) {
+ r := strings.NewReader(data)
+ return Decode(r, u)
+}
+
+func DecodeBytes(data []byte, u encoding.BinaryUnmarshaler) (string, []byte, error) {
+ r := bytes.NewReader(data)
+ return Decode(r, u)
+}
+
func Decode(r io.Reader, u encoding.BinaryUnmarshaler) (string, []byte, error) {
buf := bufio.NewReader(r)
diff --git a/verify.go b/verify.go
index 9f71dc8..2c62241 100644
--- a/verify.go
+++ b/verify.go
@@ -1,12 +1,18 @@
package main
import (
+ "bytes"
+ "crypto/sha512"
+ "errors"
"flag"
"fmt"
"io/ioutil"
+ "log"
+ "os"
"dim13.org/signify/file"
"dim13.org/signify/key"
+ "dim13.org/signify/zsig"
)
// Usage: signify -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message
@@ -88,7 +94,52 @@ func verifyEmbedded(pubFile, sigFile string) error {
return sig.Verify(msg, pub)
}
+// TODO ugly work-in-progress
func verifyGzip(pubFile, msgFile string) error {
+ sigFile := msgFile + ".sig" // XXX
+ fd, err := os.Open(sigFile)
+ if err != nil {
+ return err
+ }
+ defer fd.Close()
+ z, err := zsig.NewReader(fd)
+ if err != nil {
+ return err
+ }
+
+ log.Println(z)
+ sig := new(key.Sig)
+ _, msg, err := file.DecodeString(z.Comment, sig)
+ if err != nil {
+ return err
+ }
+
+ pub, err := openPub(pubFile)
+ if err != nil {
+ return err
+ }
+ if err := sig.Verify(msg, pub); err != nil {
+ return err
+ }
+
+ log.Printf("%s", msg)
+ zhead, err := zsig.ParseBytes(msg)
+ if err != nil {
+ return err
+ }
+
+ if zhead.Alg != "SHA512/256" {
+ return errors.New("whatever alg")
+ }
+
+ sumch := zsig.Sum(z, zhead.BlockSize, sha512.New512_256())
+ for _, sum := range zhead.Sums {
+ s := <-sumch
+ if !bytes.Equal(sum, s) {
+ return errors.New("don't match")
+ }
+ }
+
return nil
}
diff --git a/zsig/header.go b/zsig/header.go
index 7bf87ed..c63a03b 100644
--- a/zsig/header.go
+++ b/zsig/header.go
@@ -2,6 +2,7 @@ package zsig
import (
"bufio"
+ "bytes"
"encoding/hex"
"fmt"
"io"
@@ -29,6 +30,11 @@ func (h ZHeader) Print(w io.Writer) error {
return nil
}
+func ParseBytes(data []byte) (ZHeader, error) {
+ r := bytes.NewReader(data)
+ return Parse(r)
+}
+
func Parse(r io.Reader) (ZHeader, error) {
var h ZHeader
s := bufio.NewScanner(r)