| @@ -19,27 +19,29 @@ | | | @@ -19,27 +19,29 @@ |
19 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | | 19 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
20 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | | 20 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
21 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | | 21 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
22 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | | 22 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
23 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 23 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
24 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | | 24 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
25 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | | 25 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
26 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 26 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
27 | * POSSIBILITY OF SUCH DAMAGE. | | 27 | * POSSIBILITY OF SUCH DAMAGE. |
28 | */ | | 28 | */ |
29 | #include "config.h" | | 29 | #include "config.h" |
30 | | | 30 | |
31 | #include <sys/types.h> | | 31 | #include <sys/types.h> |
| | | 32 | #include <sys/stat.h> |
32 | #include <sys/param.h> | | 33 | #include <sys/param.h> |
| | | 34 | #include <sys/mman.h> |
33 | | | 35 | |
34 | #ifdef HAVE_OPENSSL_CAST_H | | 36 | #ifdef HAVE_OPENSSL_CAST_H |
35 | #include <openssl/cast.h> | | 37 | #include <openssl/cast.h> |
36 | #endif | | 38 | #endif |
37 | | | 39 | |
38 | #include <netpgp.h> | | 40 | #include <netpgp.h> |
39 | | | 41 | |
40 | #include "packet.h" | | 42 | #include "packet.h" |
41 | #include "packet-parse.h" | | 43 | #include "packet-parse.h" |
42 | #include "keyring.h" | | 44 | #include "keyring.h" |
43 | #include "errors.h" | | 45 | #include "errors.h" |
44 | #include "packet-show.h" | | 46 | #include "packet-show.h" |
45 | #include "create.h" | | 47 | #include "create.h" |
| @@ -148,69 +150,84 @@ psuccess(char *f, __ops_validation_t *re | | | @@ -148,69 +150,84 @@ psuccess(char *f, __ops_validation_t *re |
148 | f, | | 150 | f, |
149 | ctime(&results->valid_sigs[i].creation_time), | | 151 | ctime(&results->valid_sigs[i].creation_time), |
150 | __ops_show_pka(results->valid_sigs[i].key_algorithm), | | 152 | __ops_show_pka(results->valid_sigs[i].key_algorithm), |
151 | userid_to_id(results->valid_sigs[i].signer_id, id)); | | 153 | userid_to_id(results->valid_sigs[i].signer_id, id)); |
152 | pubkey = __ops_keyring_find_key_by_id(pubring, | | 154 | pubkey = __ops_keyring_find_key_by_id(pubring, |
153 | (const unsigned char *) | | 155 | (const unsigned char *) |
154 | results->valid_sigs[i].signer_id); | | 156 | results->valid_sigs[i].signer_id); |
155 | __ops_print_public_keydata(pubkey); | | 157 | __ops_print_public_keydata(pubkey); |
156 | } | | 158 | } |
157 | } | | 159 | } |
158 | | | 160 | |
159 | /* sign a file, and put the signature in a separate file */ | | 161 | /* sign a file, and put the signature in a separate file */ |
160 | static int | | 162 | static int |
161 | sign_detached(__ops_secret_key_t *seckey, const char *hashstr, char *f, | | 163 | sign_detached(char *f, char *sigfile, __ops_secret_key_t *seckey, |
162 | char *sigfile) | | 164 | const char *hashstr) |
163 | { | | 165 | { |
164 | __ops_create_signature_t *sig; | | 166 | __ops_create_signature_t *sig; |
165 | __ops_hash_algorithm_t alg; | | 167 | __ops_hash_algorithm_t alg; |
166 | __ops_create_info_t *info; | | 168 | __ops_create_info_t *info; |
167 | unsigned char keyid[OPS_KEY_ID_SIZE]; | | 169 | unsigned char keyid[OPS_KEY_ID_SIZE]; |
| | | 170 | unsigned char *mmapped; |
| | | 171 | struct stat st; |
168 | time_t t; | | 172 | time_t t; |
169 | char fname[MAXPATHLEN]; | | 173 | char fname[MAXPATHLEN]; |
170 | int fd; | | 174 | int fd; |
171 | | | 175 | |
172 | /* find out which hash algorithm to use */ | | 176 | /* find out which hash algorithm to use */ |
173 | alg = __ops_hash_algorithm_from_text(hashstr); | | 177 | alg = __ops_hash_algorithm_from_text(hashstr); |
174 | if (alg == OPS_HASH_UNKNOWN) { | | 178 | if (alg == OPS_HASH_UNKNOWN) { |
175 | (void) fprintf(stderr,"Unknown hash algorithm: %s\n", hashstr); | | 179 | (void) fprintf(stderr,"Unknown hash algorithm: %s\n", hashstr); |
176 | return 0; | | 180 | return 0; |
177 | } | | 181 | } |
178 | | | 182 | |
179 | /* create a new signature */ | | 183 | /* create a new signature */ |
180 | sig = __ops_create_signature_new(); | | 184 | sig = __ops_create_signature_new(); |
181 | __ops_signature_start_cleartext_signature(sig, seckey, alg, | | 185 | __ops_signature_start_cleartext_signature(sig, seckey, alg, |
182 | OPS_SIG_BINARY); | | 186 | OPS_SIG_BINARY); |
183 | | | 187 | |
184 | /* read the contents of 'f' */ | | 188 | /* read the contents of 'f' */ |
185 | fd = open(f, O_RDONLY); | | 189 | fd = open(f, O_RDONLY); |
186 | if (fd < 0) { | | 190 | if (fd < 0) { |
187 | (void) fprintf(stderr, "can't open file \"%s\" to sign\n", | | 191 | (void) fprintf(stderr, "can't open file \"%s\" to sign\n", |
188 | f); | | 192 | f); |
189 | return 0; | | 193 | return 0; |
190 | } | | 194 | } |
191 | for (;;) { | | 195 | /* attempt to mmap(2) the file - if that fails, fall back to |
192 | unsigned char buf[8192]; | | 196 | * standard read(2) */ |
193 | int n; | | 197 | mmapped = MAP_FAILED; |
| | | 198 | if (fstat(fd, &st) == 0) { |
| | | 199 | mmapped = mmap(NULL, (size_t)st.st_size, PROT_READ, |
| | | 200 | MAP_FILE | MAP_PRIVATE, fd, 0); |
| | | 201 | } |
| | | 202 | if (mmapped == MAP_FAILED) { |
| | | 203 | for (;;) { |
| | | 204 | unsigned char buf[8192]; |
| | | 205 | int n; |
194 | | | 206 | |
195 | if ((n = read(fd, buf, sizeof(buf))) == 0) { | | 207 | if ((n = read(fd, buf, sizeof(buf))) == 0) { |
196 | break; | | 208 | break; |
197 | } | | 209 | } |
198 | if (n < 0) { | | 210 | if (n < 0) { |
199 | (void) fprintf(stderr, "short read \"%s\"\n", f); | | 211 | (void) fprintf(stderr, "short read \"%s\"\n", |
200 | (void) close(fd); | | 212 | f); |
201 | return 0; | | 213 | (void) close(fd); |
| | | 214 | return 0; |
| | | 215 | } |
| | | 216 | __ops_signature_add_data(sig, buf, (unsigned)n); |
202 | } | | 217 | } |
203 | __ops_signature_add_data(sig, buf, (unsigned)n); | | 218 | } else { |
| | | 219 | __ops_signature_add_data(sig, mmapped, (unsigned)st.st_size); |
| | | 220 | (void) munmap(mmapped, (unsigned)st.st_size); |
204 | } | | 221 | } |
205 | (void) close(fd); | | 222 | (void) close(fd); |
206 | | | 223 | |
207 | /* calculate the signature */ | | 224 | /* calculate the signature */ |
208 | t = time(NULL); | | 225 | t = time(NULL); |
209 | __ops_signature_add_creation_time(sig, t); | | 226 | __ops_signature_add_creation_time(sig, t); |
210 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, | | 227 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, |
211 | &seckey->public_key); | | 228 | &seckey->public_key); |
212 | __ops_signature_add_issuer_key_id(sig, keyid); | | 229 | __ops_signature_add_issuer_key_id(sig, keyid); |
213 | __ops_signature_hashed_subpackets_end(sig); | | 230 | __ops_signature_hashed_subpackets_end(sig); |
214 | | | 231 | |
215 | /* write the signature to the detached file */ | | 232 | /* write the signature to the detached file */ |
216 | if (sigfile == NULL) { | | 233 | if (sigfile == NULL) { |
| @@ -453,27 +470,27 @@ netpgp_sign_file(netpgp_t *netpgp, char | | | @@ -453,27 +470,27 @@ netpgp_sign_file(netpgp_t *netpgp, char |
453 | /* get the passphrase */ | | 470 | /* get the passphrase */ |
454 | get_pass_phrase(passphrase, sizeof(passphrase)); | | 471 | get_pass_phrase(passphrase, sizeof(passphrase)); |
455 | /* now decrypt key */ | | 472 | /* now decrypt key */ |
456 | seckey = __ops_decrypt_secret_key_from_data(keypair, | | 473 | seckey = __ops_decrypt_secret_key_from_data(keypair, |
457 | passphrase); | | 474 | passphrase); |
458 | if (seckey == NULL) { | | 475 | if (seckey == NULL) { |
459 | (void) fprintf(stderr, "Bad passphrase\n"); | | 476 | (void) fprintf(stderr, "Bad passphrase\n"); |
460 | } | | 477 | } |
461 | } while (seckey == NULL); | | 478 | } while (seckey == NULL); |
462 | /* sign file */ | | 479 | /* sign file */ |
463 | if (cleartext) { | | 480 | if (cleartext) { |
464 | __ops_sign_file_as_cleartext(f, out, seckey, true); | | 481 | __ops_sign_file_as_cleartext(f, out, seckey, true); |
465 | } else if (detached) { | | 482 | } else if (detached) { |
466 | sign_detached(seckey, "SHA1", f, out); | | 483 | sign_detached(f, out, seckey, "SHA1"); |
467 | } else { | | 484 | } else { |
468 | __ops_sign_file(f, out, seckey, armored, true); | | 485 | __ops_sign_file(f, out, seckey, armored, true); |
469 | } | | 486 | } |
470 | (void) memset(passphrase, 0x0, sizeof(passphrase)); | | 487 | (void) memset(passphrase, 0x0, sizeof(passphrase)); |
471 | return 1; | | 488 | return 1; |
472 | } | | 489 | } |
473 | | | 490 | |
474 | /* verify a file */ | | 491 | /* verify a file */ |
475 | int | | 492 | int |
476 | netpgp_verify_file(netpgp_t *netpgp, char *f, int armored) | | 493 | netpgp_verify_file(netpgp_t *netpgp, char *f, int armored) |
477 | { | | 494 | { |
478 | __ops_validation_t result; | | 495 | __ops_validation_t result; |
479 | | | 496 | |