From 444eee04084aa9dfc525db9060498876bed47b05 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Tue, 2 May 2017 21:32:42 +0200 Subject: Split modi --- check.go | 26 ++++++++++++++++++ gen.go | 70 ----------------------------------------------- generate.go | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ main.go | 91 ++++++++++++------------------------------------------------- sig.go | 55 ------------------------------------- sign.go | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++ ver.go | 64 ------------------------------------------- verify.go | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 8 files changed, 296 insertions(+), 262 deletions(-) create mode 100644 check.go delete mode 100644 gen.go create mode 100644 generate.go delete mode 100644 sig.go create mode 100644 sign.go delete mode 100644 ver.go create mode 100644 verify.go diff --git a/check.go b/check.go new file mode 100644 index 0000000..aaad24c --- /dev/null +++ b/check.go @@ -0,0 +1,26 @@ +package main + +import ( + "flag" + "fmt" + "os" +) + +// Usage: signify -C [-q] -p pubkey -x sigfile [file ...] + +func Check() error { + args := flag.NewFlagSet("check", flag.ExitOnError) + var ( + quiet = args.Bool("q", false, "Quiet mode") + pubFile = args.String("p", "", "Public key file") + sigFile = args.String("x", "", "Signature file") + ) + args.Parse(os.Args[2:]) + files := make([]string, args.NArg()) + for i := 0; i < args.NArg(); i++ { + files[i] = args.Arg(i) + } + fmt.Println(files) + _, _, _ = quiet, pubFile, sigFile + return nil +} diff --git a/gen.go b/gen.go deleted file mode 100644 index d3d2933..0000000 --- a/gen.go +++ /dev/null @@ -1,70 +0,0 @@ -package main - -import ( - "fmt" - - "dim13.org/signify/ask" - "dim13.org/signify/bhash" - "dim13.org/signify/file" - "dim13.org/signify/key" -) - -func Generate(pubFile, encFile, comment string, nopass bool) error { - if err := file.Names(pubFile, encFile); err != nil { - return err - } - - pubKey, encKey, err := key.NewKey() - if err != nil { - return err - } - - if nopass { - encKey.KDFRounds = 0 - } - if err := Kdf(encKey, ask.Confirmed); err != nil { - return err - } - - encRaw, err := key.Marshal(encKey) - if err != nil { - return err - } - - block := &file.Block{ - Comment: fmt.Sprintf("%s secret key", comment), - Bytes: encRaw, - } - if err := file.EncodeFile(encFile, file.EncMode, block); err != nil { - return err - } - - pubRaw, err := key.Marshal(pubKey) - if err != nil { - return err - } - block = &file.Block{ - Comment: fmt.Sprintf("%s public key", comment), - Bytes: pubRaw, - } - if err := file.EncodeFile(pubFile, file.PubMode, block); err != nil { - return err - } - - return nil -} - -func Kdf(enc *key.Enc, ask func() (string, error)) error { - if enc.KDFRounds == 0 { - return nil - } - pass, err := ask() - if err != nil { - return err - } - xor := bhash.Pbkdf([]byte(pass), enc.Salt[:], int(enc.KDFRounds), len(enc.Key)) - for i := range xor { - enc.Key[i] ^= xor[i] - } - return nil -} diff --git a/generate.go b/generate.go new file mode 100644 index 0000000..4f63667 --- /dev/null +++ b/generate.go @@ -0,0 +1,87 @@ +package main + +import ( + "flag" + "fmt" + "os" + + "dim13.org/signify/ask" + "dim13.org/signify/bhash" + "dim13.org/signify/file" + "dim13.org/signify/key" +) + +// Usage: signify -G [-n] [-c comment] -p pubkey -s seckey + +func Generate() error { + args := flag.NewFlagSet("generate", flag.ExitOnError) + var ( + nopass = args.Bool("n", false, "No key passphrase") + comment = args.String("c", "signify", "Comment") + pubFile = args.String("p", "", "Public key file (required)") + encFile = args.String("s", "", "Secret key file (required)") + ) + args.Parse(os.Args[2:]) + if *pubFile == "" || *encFile == "" { + args.Usage() + return nil + } + + if err := file.Names(*pubFile, *encFile); err != nil { + return err + } + + pubKey, encKey, err := key.NewKey() + if err != nil { + return err + } + + if *nopass { + encKey.KDFRounds = 0 + } + if err := Kdf(encKey, ask.Confirmed); err != nil { + return err + } + + encRaw, err := key.Marshal(encKey) + if err != nil { + return err + } + + block := &file.Block{ + Comment: fmt.Sprintf("%s secret key", *comment), + Bytes: encRaw, + } + if err := file.EncodeFile(*encFile, file.EncMode, block); err != nil { + return err + } + + pubRaw, err := key.Marshal(pubKey) + if err != nil { + return err + } + block = &file.Block{ + Comment: fmt.Sprintf("%s public key", *comment), + Bytes: pubRaw, + } + if err := file.EncodeFile(*pubFile, file.PubMode, block); err != nil { + return err + } + + return nil +} + +func Kdf(enc *key.Enc, ask func() (string, error)) error { + if enc.KDFRounds == 0 { + return nil + } + pass, err := ask() + if err != nil { + return err + } + xor := bhash.Pbkdf([]byte(pass), enc.Salt[:], int(enc.KDFRounds), len(enc.Key)) + for i := range xor { + enc.Key[i] ^= xor[i] + } + return nil +} diff --git a/main.go b/main.go index 0294bb5..f03d279 100644 --- a/main.go +++ b/main.go @@ -2,57 +2,19 @@ package main import ( "errors" - "flag" "fmt" "os" ) -/* - signify -C [-q] -p pubkey -x sigfile [file ...] - signify -G [-n] [-c comment] -p pubkey -s seckey - signify -S [-ez] [-x sigfile] -s seckey -m message - signify -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message -*/ - -const safePath = "/etc/signify" - var ErrEZ = errors.New("can't combine -e and -z options") -var ( - checksum = flag.Bool("C", false, "Verify a signed checksum list") - generate = flag.Bool("G", false, "Generate a new key pair") - sign = flag.Bool("S", false, "Sign the specfied message") - verify = flag.Bool("V", false, "Verify the message") - comment = flag.String("c", "signify", "Comment") - embedded = flag.Bool("e", false, "Embed the message") - msg = flag.String("m", "", "Message file") - nopass = flag.Bool("n", false, "No key passphrase") - pub = flag.String("p", "", "Public key file") - quiet = flag.Bool("q", false, "Quiet mode") - sec = flag.String("s", "", "Secret key file") - sig = flag.String("x", "", "Signature file") - gzip = flag.Bool("z", false, "Sign and verify gzip archives") -) - -type Mode int - -const ( - ModeNone Mode = iota - ModeCheck - ModeGenerate - ModeSign - ModeVerify -) - -func (m *Mode) Set(v Mode) { - if *m != ModeNone { - usage() - } - *m = v -} +const safePath = "/etc/signify" func usage() { - flag.Usage() + fmt.Println("\tsignify -C [-q] -p pubkey -x sigfile [file ...]") + fmt.Println("\tsignify -G [-n] [-c comment] -p pubkey -s seckey") + fmt.Println("\tsignify -S [-ez] [-x sigfile] -s seckey -m message") + fmt.Println("\tsignify -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message") os.Exit(2) } @@ -62,41 +24,24 @@ func fatal(err error) { } func main() { - flag.Parse() - - mode := new(Mode) - - if *embedded && *gzip { - fatal(ErrEZ) - } - - if *generate { - mode.Set(ModeGenerate) - } - - if *checksum { - mode.Set(ModeCheck) - } - - if *sign { - mode.Set(ModeSign) - } - - if *verify { - mode.Set(ModeVerify) + if len(os.Args) < 2 { + usage() } - - switch *mode { - case ModeGenerate: - if err := Generate(*pub, *sec, *comment, *nopass); err != nil { + switch os.Args[1] { + case "-C", "check": + if err := Check(); err != nil { + fatal(err) + } + case "-G", "generate": + if err := Generate(); err != nil { fatal(err) } - case ModeSign: - if err := Sign(*msg, *sec, *embedded); err != nil { + case "-S", "sign": + if err := Sign(); err != nil { fatal(err) } - case ModeVerify: - if err := Verify(*msg, *pub, *quiet); err != nil { + case "-V", "verify": + if err := Verify(); err != nil { fatal(err) } default: diff --git a/sig.go b/sig.go deleted file mode 100644 index ac7bc73..0000000 --- a/sig.go +++ /dev/null @@ -1,55 +0,0 @@ -package main - -import ( - "fmt" - "io/ioutil" - - "dim13.org/signify/ask" - "dim13.org/signify/file" - "dim13.org/signify/key" -) - -func Sign(msgFile, encFile string, embed bool) error { - encKey, err := OpenEnc(encFile) - if err != nil { - return err - } - body, err := ioutil.ReadFile(msgFile) - if err != nil { - return err - } - sig := encKey.Sign(body) - sigRaw, err := key.Marshal(sig) - if err != nil { - return err - } - block := &file.Block{ - Comment: fmt.Sprintf("verify with %s", file.PubName(encFile)), - Bytes: sigRaw, - } - if embed { - block.Message = body - } - if err := file.EncodeFile(msgFile+".sig", file.SigMode, block); err != nil { - return err - } - return nil -} - -func OpenEnc(fname string) (*key.Enc, error) { - block, err := file.DecodeFile(fname) - if err != nil { - return nil, err - } - encKey := new(key.Enc) - if err := key.Unmarshal(block.Bytes, encKey); err != nil { - return nil, err - } - if err := Kdf(encKey, ask.Password); err != nil { - return nil, err - } - if err := encKey.Check(); err != nil { - return nil, err - } - return encKey, nil -} diff --git a/sign.go b/sign.go new file mode 100644 index 0000000..4eee930 --- /dev/null +++ b/sign.go @@ -0,0 +1,77 @@ +package main + +import ( + "flag" + "fmt" + "io/ioutil" + "os" + + "dim13.org/signify/ask" + "dim13.org/signify/file" + "dim13.org/signify/key" +) + +// Usage: signify -S [-ez] [-x sigfile] -s seckey -m message + +func Sign() error { + args := flag.NewFlagSet("sign", flag.ExitOnError) + var ( + embedded = args.Bool("e", false, "Embed the message") + zip = args.Bool("z", false, "Sign gzip archive") + sigFile = args.String("x", "", "Signature file") + encFile = args.String("s", "", "Secret file (required)") + msgFile = args.String("m", "", "Message file (required)") + ) + args.Parse(os.Args[2:]) + if *embedded && *zip { + return ErrEZ + } + if *encFile == "" || *msgFile == "" { + args.Usage() + return nil + } + _, _ = zip, sigFile + + encKey, err := OpenEnc(*encFile) + if err != nil { + return err + } + body, err := ioutil.ReadFile(*msgFile) + if err != nil { + return err + } + sig := encKey.Sign(body) + sigRaw, err := key.Marshal(sig) + if err != nil { + return err + } + block := &file.Block{ + Comment: fmt.Sprintf("verify with %s", file.PubName(*encFile)), + Bytes: sigRaw, + } + if *embedded { + block.Message = body + } + if err := file.EncodeFile(*msgFile+".sig", file.SigMode, block); err != nil { + return err + } + return nil +} + +func OpenEnc(fname string) (*key.Enc, error) { + block, err := file.DecodeFile(fname) + if err != nil { + return nil, err + } + encKey := new(key.Enc) + if err := key.Unmarshal(block.Bytes, encKey); err != nil { + return nil, err + } + if err := Kdf(encKey, ask.Password); err != nil { + return nil, err + } + if err := encKey.Check(); err != nil { + return nil, err + } + return encKey, nil +} diff --git a/ver.go b/ver.go deleted file mode 100644 index 3de37b2..0000000 --- a/ver.go +++ /dev/null @@ -1,64 +0,0 @@ -package main - -import ( - "fmt" - "io/ioutil" - - "dim13.org/signify/file" - "dim13.org/signify/key" -) - -func Verify(msgFile, pubFile string, quiet bool) error { - pubKey, err := OpenPub(pubFile) - if err != nil { - return err - } - sig, body, err := OpenSig(msgFile) - if err != nil { - return err - } - if err := pubKey.Verify(body, sig); err != nil { - return err - } - if !quiet { - fmt.Println("Signature Verfied") - } - return nil -} - -func OpenPub(fname string) (*key.Pub, error) { - block, err := file.DecodeFile(fname) - if err != nil { - return nil, err - } - pubKey := new(key.Pub) - if err := key.Unmarshal(block.Bytes, pubKey); err != nil { - return nil, err - } - if err := pubKey.Check(); err != nil { - return nil, err - } - return pubKey, nil -} - -func OpenSig(fname string) (*key.Sig, []byte, error) { - block, err := file.DecodeFile(fname + ".sig") - if err != nil { - return nil, nil, err - } - sig := new(key.Sig) - if err := key.Unmarshal(block.Bytes, sig); err != nil { - return nil, nil, err - } - if err := sig.Check(); err != nil { - return nil, nil, err - } - if len(block.Message) > 0 { - return sig, block.Message, nil - } - msg, err := ioutil.ReadFile(fname) - if err != nil { - return nil, nil, err - } - return sig, msg, nil -} diff --git a/verify.go b/verify.go new file mode 100644 index 0000000..6fb9885 --- /dev/null +++ b/verify.go @@ -0,0 +1,88 @@ +package main + +import ( + "flag" + "fmt" + "io/ioutil" + "os" + + "dim13.org/signify/file" + "dim13.org/signify/key" +) + +// Usage: signify -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message + +func Verify() error { + args := flag.NewFlagSet("verify", flag.ExitOnError) + var ( + embedded = args.Bool("e", false, "Embed message") + quiet = args.Bool("q", false, "Quiet mode") + zip = args.Bool("z", false, "Verify gzip archive") + pubFile = args.String("p", "", "Public key file") + keyType = args.String("t", "", "Key type") // TODO + sigFile = args.String("x", "", "Signature file") + msgFile = args.String("m", "", "Message file (required)") + ) + args.Parse(os.Args[2:]) + if *embedded && *zip { + return ErrEZ + } + if *msgFile == "" { + args.Usage() + return nil + } + _, _, _ = embedded, keyType, sigFile + + pubKey, err := OpenPub(*pubFile) + if err != nil { + return err + } + sig, body, err := OpenSig(*msgFile) + if err != nil { + return err + } + if err := pubKey.Verify(body, sig); err != nil { + return err + } + if !*quiet { + fmt.Println("Signature Verfied") + } + return nil +} + +func OpenPub(fname string) (*key.Pub, error) { + block, err := file.DecodeFile(fname) + if err != nil { + return nil, err + } + pubKey := new(key.Pub) + if err := key.Unmarshal(block.Bytes, pubKey); err != nil { + return nil, err + } + if err := pubKey.Check(); err != nil { + return nil, err + } + return pubKey, nil +} + +func OpenSig(fname string) (*key.Sig, []byte, error) { + block, err := file.DecodeFile(fname + ".sig") + if err != nil { + return nil, nil, err + } + sig := new(key.Sig) + if err := key.Unmarshal(block.Bytes, sig); err != nil { + return nil, nil, err + } + if err := sig.Check(); err != nil { + return nil, nil, err + } + if len(block.Message) > 0 { + return sig, block.Message, nil + } + msg, err := ioutil.ReadFile(fname) + if err != nil { + return nil, nil, err + } + return sig, msg, nil +} -- cgit v1.2.3