-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make tkey-sign more compatible with OpenBSD signify
- Make flags more or less compatible with signify, except no -s since our private key is in the TKey. We make -p obligatory when signing to be sure that the signer's public key is what the caller expected. - Output public key and signature in signify-compatible files instead of just printing. We can now verify with signify. See provided signify-verify script. - Simplify internal command handling and handling of flags. - Break out utility functions and file I/O to their own source files.
- Loading branch information
1 parent
e0ddfbe
commit 1920241
Showing
8 changed files
with
921 additions
and
410 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,136 @@ | ||
// Copyright (C) 2023 - Tillitis AB | ||
// SPDX-License-Identifier: GPL-2.0-only | ||
|
||
package main | ||
|
||
import ( | ||
"bufio" | ||
"bytes" | ||
"encoding/base64" | ||
"encoding/binary" | ||
"errors" | ||
"fmt" | ||
"os" | ||
"strings" | ||
) | ||
|
||
// readBase64 reads the file in filename with base64, decodes it and | ||
// returns a binary representation | ||
func readBase64(filename string) ([]byte, error) { | ||
input, err := os.ReadFile(filename) | ||
if err != nil { | ||
return nil, fmt.Errorf("%w", err) | ||
} | ||
|
||
lines := strings.Split(string(input), "\n") | ||
if len(lines) < 2 { | ||
return nil, fmt.Errorf("Too few lines in file %s", filename) | ||
} | ||
|
||
data, err := base64.StdEncoding.DecodeString(lines[1]) | ||
if err != nil { | ||
return nil, fmt.Errorf("could not decode: %w", err) | ||
} | ||
|
||
return data, nil | ||
} | ||
|
||
func readKey(filename string) (*pubKey, error) { | ||
var pub pubKey | ||
|
||
buf, err := readBase64(filename) | ||
if err != nil { | ||
return nil, fmt.Errorf("%w", err) | ||
} | ||
|
||
r := bytes.NewReader(buf) | ||
err = binary.Read(r, binary.BigEndian, &pub) | ||
if err != nil { | ||
return nil, fmt.Errorf("%w", err) | ||
} | ||
|
||
return &pub, nil | ||
} | ||
|
||
func readSig(filename string) (*signature, error) { | ||
var sig signature | ||
|
||
buf, err := readBase64(filename) | ||
if err != nil { | ||
return nil, fmt.Errorf("%w", err) | ||
} | ||
|
||
r := bytes.NewReader(buf) | ||
err = binary.Read(r, binary.BigEndian, &sig) | ||
if err != nil { | ||
return nil, fmt.Errorf("%w", err) | ||
} | ||
|
||
return &sig, nil | ||
} | ||
|
||
// writeBase64 encodes data in base64 and writes it the file given in | ||
// filename. If overwrite is true it overwrites any existing file, | ||
// otherwise it returns an error. | ||
func writeBase64(filename string, data any, comment string, overwrite bool) error { | ||
var buf bytes.Buffer | ||
|
||
err := binary.Write(&buf, binary.BigEndian, data) | ||
if err != nil { | ||
return fmt.Errorf("%w", err) | ||
} | ||
|
||
b64 := base64.StdEncoding.EncodeToString(buf.Bytes()) | ||
b64 += "\n" | ||
|
||
var f *os.File | ||
|
||
f, err = os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0o666) | ||
if err != nil { | ||
if os.IsExist(err) && overwrite { | ||
f, err = os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0o666) | ||
if err != nil { | ||
return fmt.Errorf("%w", err) | ||
} | ||
} else { | ||
return fmt.Errorf("%w", err) | ||
} | ||
} | ||
|
||
defer f.Close() | ||
|
||
_, err = f.Write([]byte(fmt.Sprintf("untrusted comment: %s\n", comment))) | ||
if err != nil { | ||
return fmt.Errorf("%w", err) | ||
} | ||
_, err = f.Write([]byte(b64)) | ||
if err != nil { | ||
return fmt.Errorf("%w", err) | ||
} | ||
|
||
return nil | ||
} | ||
|
||
// writeRetry writes the data in the file given in filename as base64. | ||
// If a file already exists it prompts interactively for permission to | ||
// overwrite the file. | ||
func writeRetry(filename string, data any, comment string) error { | ||
err := writeBase64(filename, data, comment, false) | ||
if os.IsExist(errors.Unwrap(err)) { | ||
le.Printf("File %v exists. Overwrite [y/n]?", filename) | ||
reader := bufio.NewReader(os.Stdin) | ||
overWriteP, _ := reader.ReadString('\n') | ||
if overWriteP == "y\n" { | ||
err = writeBase64(filename, data, comment, true) | ||
} else { | ||
le.Printf("Aborted\n") | ||
os.Exit(1) | ||
} | ||
} | ||
|
||
if !os.IsExist(errors.Unwrap(err)) && err != nil { | ||
return fmt.Errorf("%w", err) | ||
} | ||
|
||
return nil | ||
} |
Oops, something went wrong.