aboutsummaryrefslogtreecommitdiff
path: root/main.go
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2017-05-02 16:57:52 +0200
committerDimitri Sokolyuk <demon@dim13.org>2017-05-02 16:57:52 +0200
commit4e9762633f173b98c83fc2728bbad5951cc1dd70 (patch)
treecee88b3283a735407c5c2e60f3c71f51c2b7ff55 /main.go
parentd45e9ff22001629da6f994e0bf7b2cc02c8d600f (diff)
Split files
Diffstat (limited to 'main.go')
-rw-r--r--main.go204
1 files changed, 15 insertions, 189 deletions
diff --git a/main.go b/main.go
index cdb16fb..0294bb5 100644
--- a/main.go
+++ b/main.go
@@ -4,13 +4,7 @@ import (
"errors"
"flag"
"fmt"
- "io/ioutil"
"os"
-
- "dim13.org/signify/ask"
- "dim13.org/signify/bhash"
- "dim13.org/signify/file"
- "dim13.org/signify/key"
)
/*
@@ -22,9 +16,7 @@ import (
const safePath = "/etc/signify"
-var (
- ErrEZ = errors.New("can't combine -e and -z options")
-)
+var ErrEZ = errors.New("can't combine -e and -z options")
var (
checksum = flag.Bool("C", false, "Verify a signed checksum list")
@@ -52,9 +44,16 @@ const (
ModeVerify
)
+func (m *Mode) Set(v Mode) {
+ if *m != ModeNone {
+ usage()
+ }
+ *m = v
+}
+
func usage() {
flag.Usage()
- os.Exit(1)
+ os.Exit(2)
}
func fatal(err error) {
@@ -65,42 +64,29 @@ func fatal(err error) {
func main() {
flag.Parse()
- var mode Mode
+ mode := new(Mode)
if *embedded && *gzip {
fatal(ErrEZ)
}
if *generate {
- if mode != ModeNone {
- usage()
- }
- mode = ModeGenerate
+ mode.Set(ModeGenerate)
}
if *checksum {
- if mode != ModeNone {
- usage()
- }
- mode = ModeCheck
+ mode.Set(ModeCheck)
}
if *sign {
- if mode != ModeNone {
- usage()
- }
- mode = ModeSign
+ mode.Set(ModeSign)
}
if *verify {
- if mode != ModeNone {
- flag.Usage()
- os.Exit(2)
- }
- mode = ModeVerify
+ mode.Set(ModeVerify)
}
- switch mode {
+ switch *mode {
case ModeGenerate:
if err := Generate(*pub, *sec, *comment, *nopass); err != nil {
fatal(err)
@@ -117,163 +103,3 @@ func main() {
usage()
}
}
-
-func Generate(pubFile, encFile, comment string, nopass bool) error {
- if err := file.Names(pubFile, encFile); err != nil {
- return err
- }
-
- pubKey, encKey, err := key.NewKey()
- if err != nil {
- return err
- }
-
- if nopass {
- encKey.KDFRounds = 0
- }
- if err := Kdf(encKey, ask.Confirmed); err != nil {
- return err
- }
-
- encRaw, err := key.Marshal(encKey)
- if err != nil {
- return err
- }
-
- block := &file.Block{
- Comment: fmt.Sprintf("%s secret key", comment),
- Bytes: encRaw,
- }
- if err := file.EncodeFile(encFile, file.EncMode, block); err != nil {
- return err
- }
-
- pubRaw, err := key.Marshal(pubKey)
- if err != nil {
- return err
- }
- block = &file.Block{
- Comment: fmt.Sprintf("%s public key", comment),
- Bytes: pubRaw,
- }
- if err := file.EncodeFile(pubFile, file.PubMode, block); err != nil {
- return err
- }
-
- return nil
-}
-
-func OpenEnc(fname string) (*key.Enc, error) {
- block, err := file.DecodeFile(fname)
- if err != nil {
- return nil, err
- }
- encKey := new(key.Enc)
- if err := key.Unmarshal(block.Bytes, encKey); err != nil {
- return nil, err
- }
- if err := Kdf(encKey, ask.Password); err != nil {
- return nil, err
- }
- if err := encKey.Check(); err != nil {
- return nil, err
- }
- return encKey, nil
-}
-
-func OpenPub(fname string) (*key.Pub, error) {
- block, err := file.DecodeFile(fname)
- if err != nil {
- return nil, err
- }
- pubKey := new(key.Pub)
- if err := key.Unmarshal(block.Bytes, pubKey); err != nil {
- return nil, err
- }
- if err := pubKey.Check(); err != nil {
- return nil, err
- }
- return pubKey, nil
-}
-
-func OpenSig(fname string) (*key.Sig, []byte, error) {
- block, err := file.DecodeFile(fname + ".sig")
- if err != nil {
- return nil, nil, err
- }
- sig := new(key.Sig)
- if err := key.Unmarshal(block.Bytes, sig); err != nil {
- return nil, nil, err
- }
- if err := sig.Check(); err != nil {
- return nil, nil, err
- }
- if len(block.Message) > 0 {
- return sig, block.Message, nil
- }
- msg, err := ioutil.ReadFile(fname)
- if err != nil {
- return nil, nil, err
- }
- return sig, msg, nil
-}
-
-func Sign(msgFile, encFile string, embed bool) error {
- encKey, err := OpenEnc(encFile)
- if err != nil {
- return err
- }
- body, err := ioutil.ReadFile(msgFile)
- if err != nil {
- return err
- }
- sig := encKey.Sign(body)
- sigRaw, err := key.Marshal(sig)
- if err != nil {
- return err
- }
- block := &file.Block{
- Comment: fmt.Sprintf("verify with %s", file.PubName(encFile)),
- Bytes: sigRaw,
- }
- if embed {
- block.Message = body
- }
- if err := file.EncodeFile(msgFile+".sig", file.SigMode, block); err != nil {
- return err
- }
- return nil
-}
-
-func Verify(msgFile, pubFile string, quiet bool) error {
- pubKey, err := OpenPub(pubFile)
- if err != nil {
- return err
- }
- sig, body, err := OpenSig(msgFile)
- if err != nil {
- return err
- }
- if err := pubKey.Verify(body, sig); err != nil {
- return err
- }
- if !quiet {
- fmt.Println("Signature Verfied")
- }
- return nil
-}
-
-func Kdf(enc *key.Enc, ask func() (string, error)) error {
- if enc.KDFRounds == 0 {
- return nil
- }
- pass, err := ask()
- if err != nil {
- return err
- }
- xor := bhash.Pbkdf([]byte(pass), enc.Salt[:], int(enc.KDFRounds), len(enc.Key))
- for i := range xor {
- enc.Key[i] ^= xor[i]
- }
- return nil
-}