aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gen.go70
-rw-r--r--main.go204
-rw-r--r--sig.go55
-rw-r--r--ver.go64
4 files changed, 204 insertions, 189 deletions
diff --git a/gen.go b/gen.go
new file mode 100644
index 0000000..d3d2933
--- /dev/null
+++ b/gen.go
@@ -0,0 +1,70 @@
+package main
+
+import (
+ "fmt"
+
+ "dim13.org/signify/ask"
+ "dim13.org/signify/bhash"
+ "dim13.org/signify/file"
+ "dim13.org/signify/key"
+)
+
+func Generate(pubFile, encFile, comment string, nopass bool) error {
+ if err := file.Names(pubFile, encFile); err != nil {
+ return err
+ }
+
+ pubKey, encKey, err := key.NewKey()
+ if err != nil {
+ return err
+ }
+
+ if nopass {
+ encKey.KDFRounds = 0
+ }
+ if err := Kdf(encKey, ask.Confirmed); err != nil {
+ return err
+ }
+
+ encRaw, err := key.Marshal(encKey)
+ if err != nil {
+ return err
+ }
+
+ block := &file.Block{
+ Comment: fmt.Sprintf("%s secret key", comment),
+ Bytes: encRaw,
+ }
+ if err := file.EncodeFile(encFile, file.EncMode, block); err != nil {
+ return err
+ }
+
+ pubRaw, err := key.Marshal(pubKey)
+ if err != nil {
+ return err
+ }
+ block = &file.Block{
+ Comment: fmt.Sprintf("%s public key", comment),
+ Bytes: pubRaw,
+ }
+ if err := file.EncodeFile(pubFile, file.PubMode, block); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func Kdf(enc *key.Enc, ask func() (string, error)) error {
+ if enc.KDFRounds == 0 {
+ return nil
+ }
+ pass, err := ask()
+ if err != nil {
+ return err
+ }
+ xor := bhash.Pbkdf([]byte(pass), enc.Salt[:], int(enc.KDFRounds), len(enc.Key))
+ for i := range xor {
+ enc.Key[i] ^= xor[i]
+ }
+ return nil
+}
diff --git a/main.go b/main.go
index cdb16fb..0294bb5 100644
--- a/main.go
+++ b/main.go
@@ -4,13 +4,7 @@ import (
"errors"
"flag"
"fmt"
- "io/ioutil"
"os"
-
- "dim13.org/signify/ask"
- "dim13.org/signify/bhash"
- "dim13.org/signify/file"
- "dim13.org/signify/key"
)
/*
@@ -22,9 +16,7 @@ import (
const safePath = "/etc/signify"
-var (
- ErrEZ = errors.New("can't combine -e and -z options")
-)
+var ErrEZ = errors.New("can't combine -e and -z options")
var (
checksum = flag.Bool("C", false, "Verify a signed checksum list")
@@ -52,9 +44,16 @@ const (
ModeVerify
)
+func (m *Mode) Set(v Mode) {
+ if *m != ModeNone {
+ usage()
+ }
+ *m = v
+}
+
func usage() {
flag.Usage()
- os.Exit(1)
+ os.Exit(2)
}
func fatal(err error) {
@@ -65,42 +64,29 @@ func fatal(err error) {
func main() {
flag.Parse()
- var mode Mode
+ mode := new(Mode)
if *embedded && *gzip {
fatal(ErrEZ)
}
if *generate {
- if mode != ModeNone {
- usage()
- }
- mode = ModeGenerate
+ mode.Set(ModeGenerate)
}
if *checksum {
- if mode != ModeNone {
- usage()
- }
- mode = ModeCheck
+ mode.Set(ModeCheck)
}
if *sign {
- if mode != ModeNone {
- usage()
- }
- mode = ModeSign
+ mode.Set(ModeSign)
}
if *verify {
- if mode != ModeNone {
- flag.Usage()
- os.Exit(2)
- }
- mode = ModeVerify
+ mode.Set(ModeVerify)
}
- switch mode {
+ switch *mode {
case ModeGenerate:
if err := Generate(*pub, *sec, *comment, *nopass); err != nil {
fatal(err)
@@ -117,163 +103,3 @@ func main() {
usage()
}
}
-
-func Generate(pubFile, encFile, comment string, nopass bool) error {
- if err := file.Names(pubFile, encFile); err != nil {
- return err
- }
-
- pubKey, encKey, err := key.NewKey()
- if err != nil {
- return err
- }
-
- if nopass {
- encKey.KDFRounds = 0
- }
- if err := Kdf(encKey, ask.Confirmed); err != nil {
- return err
- }
-
- encRaw, err := key.Marshal(encKey)
- if err != nil {
- return err
- }
-
- block := &file.Block{
- Comment: fmt.Sprintf("%s secret key", comment),
- Bytes: encRaw,
- }
- if err := file.EncodeFile(encFile, file.EncMode, block); err != nil {
- return err
- }
-
- pubRaw, err := key.Marshal(pubKey)
- if err != nil {
- return err
- }
- block = &file.Block{
- Comment: fmt.Sprintf("%s public key", comment),
- Bytes: pubRaw,
- }
- if err := file.EncodeFile(pubFile, file.PubMode, block); err != nil {
- return err
- }
-
- return nil
-}
-
-func OpenEnc(fname string) (*key.Enc, error) {
- block, err := file.DecodeFile(fname)
- if err != nil {
- return nil, err
- }
- encKey := new(key.Enc)
- if err := key.Unmarshal(block.Bytes, encKey); err != nil {
- return nil, err
- }
- if err := Kdf(encKey, ask.Password); err != nil {
- return nil, err
- }
- if err := encKey.Check(); err != nil {
- return nil, err
- }
- return encKey, nil
-}
-
-func OpenPub(fname string) (*key.Pub, error) {
- block, err := file.DecodeFile(fname)
- if err != nil {
- return nil, err
- }
- pubKey := new(key.Pub)
- if err := key.Unmarshal(block.Bytes, pubKey); err != nil {
- return nil, err
- }
- if err := pubKey.Check(); err != nil {
- return nil, err
- }
- return pubKey, nil
-}
-
-func OpenSig(fname string) (*key.Sig, []byte, error) {
- block, err := file.DecodeFile(fname + ".sig")
- if err != nil {
- return nil, nil, err
- }
- sig := new(key.Sig)
- if err := key.Unmarshal(block.Bytes, sig); err != nil {
- return nil, nil, err
- }
- if err := sig.Check(); err != nil {
- return nil, nil, err
- }
- if len(block.Message) > 0 {
- return sig, block.Message, nil
- }
- msg, err := ioutil.ReadFile(fname)
- if err != nil {
- return nil, nil, err
- }
- return sig, msg, nil
-}
-
-func Sign(msgFile, encFile string, embed bool) error {
- encKey, err := OpenEnc(encFile)
- if err != nil {
- return err
- }
- body, err := ioutil.ReadFile(msgFile)
- if err != nil {
- return err
- }
- sig := encKey.Sign(body)
- sigRaw, err := key.Marshal(sig)
- if err != nil {
- return err
- }
- block := &file.Block{
- Comment: fmt.Sprintf("verify with %s", file.PubName(encFile)),
- Bytes: sigRaw,
- }
- if embed {
- block.Message = body
- }
- if err := file.EncodeFile(msgFile+".sig", file.SigMode, block); err != nil {
- return err
- }
- return nil
-}
-
-func Verify(msgFile, pubFile string, quiet bool) error {
- pubKey, err := OpenPub(pubFile)
- if err != nil {
- return err
- }
- sig, body, err := OpenSig(msgFile)
- if err != nil {
- return err
- }
- if err := pubKey.Verify(body, sig); err != nil {
- return err
- }
- if !quiet {
- fmt.Println("Signature Verfied")
- }
- return nil
-}
-
-func Kdf(enc *key.Enc, ask func() (string, error)) error {
- if enc.KDFRounds == 0 {
- return nil
- }
- pass, err := ask()
- if err != nil {
- return err
- }
- xor := bhash.Pbkdf([]byte(pass), enc.Salt[:], int(enc.KDFRounds), len(enc.Key))
- for i := range xor {
- enc.Key[i] ^= xor[i]
- }
- return nil
-}
diff --git a/sig.go b/sig.go
new file mode 100644
index 0000000..ac7bc73
--- /dev/null
+++ b/sig.go
@@ -0,0 +1,55 @@
+package main
+
+import (
+ "fmt"
+ "io/ioutil"
+
+ "dim13.org/signify/ask"
+ "dim13.org/signify/file"
+ "dim13.org/signify/key"
+)
+
+func Sign(msgFile, encFile string, embed bool) error {
+ encKey, err := OpenEnc(encFile)
+ if err != nil {
+ return err
+ }
+ body, err := ioutil.ReadFile(msgFile)
+ if err != nil {
+ return err
+ }
+ sig := encKey.Sign(body)
+ sigRaw, err := key.Marshal(sig)
+ if err != nil {
+ return err
+ }
+ block := &file.Block{
+ Comment: fmt.Sprintf("verify with %s", file.PubName(encFile)),
+ Bytes: sigRaw,
+ }
+ if embed {
+ block.Message = body
+ }
+ if err := file.EncodeFile(msgFile+".sig", file.SigMode, block); err != nil {
+ return err
+ }
+ return nil
+}
+
+func OpenEnc(fname string) (*key.Enc, error) {
+ block, err := file.DecodeFile(fname)
+ if err != nil {
+ return nil, err
+ }
+ encKey := new(key.Enc)
+ if err := key.Unmarshal(block.Bytes, encKey); err != nil {
+ return nil, err
+ }
+ if err := Kdf(encKey, ask.Password); err != nil {
+ return nil, err
+ }
+ if err := encKey.Check(); err != nil {
+ return nil, err
+ }
+ return encKey, nil
+}
diff --git a/ver.go b/ver.go
new file mode 100644
index 0000000..3de37b2
--- /dev/null
+++ b/ver.go
@@ -0,0 +1,64 @@
+package main
+
+import (
+ "fmt"
+ "io/ioutil"
+
+ "dim13.org/signify/file"
+ "dim13.org/signify/key"
+)
+
+func Verify(msgFile, pubFile string, quiet bool) error {
+ pubKey, err := OpenPub(pubFile)
+ if err != nil {
+ return err
+ }
+ sig, body, err := OpenSig(msgFile)
+ if err != nil {
+ return err
+ }
+ if err := pubKey.Verify(body, sig); err != nil {
+ return err
+ }
+ if !quiet {
+ fmt.Println("Signature Verfied")
+ }
+ return nil
+}
+
+func OpenPub(fname string) (*key.Pub, error) {
+ block, err := file.DecodeFile(fname)
+ if err != nil {
+ return nil, err
+ }
+ pubKey := new(key.Pub)
+ if err := key.Unmarshal(block.Bytes, pubKey); err != nil {
+ return nil, err
+ }
+ if err := pubKey.Check(); err != nil {
+ return nil, err
+ }
+ return pubKey, nil
+}
+
+func OpenSig(fname string) (*key.Sig, []byte, error) {
+ block, err := file.DecodeFile(fname + ".sig")
+ if err != nil {
+ return nil, nil, err
+ }
+ sig := new(key.Sig)
+ if err := key.Unmarshal(block.Bytes, sig); err != nil {
+ return nil, nil, err
+ }
+ if err := sig.Check(); err != nil {
+ return nil, nil, err
+ }
+ if len(block.Message) > 0 {
+ return sig, block.Message, nil
+ }
+ msg, err := ioutil.ReadFile(fname)
+ if err != nil {
+ return nil, nil, err
+ }
+ return sig, msg, nil
+}