| @@ -19,27 +19,29 @@ | | | @@ -19,27 +19,29 @@ |
| 19 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | | 19 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 20 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | | 20 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
| 21 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | | 21 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 22 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | | 22 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 23 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 23 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
| 24 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | | 24 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
| 25 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | | 25 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 26 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 26 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| 27 | * POSSIBILITY OF SUCH DAMAGE. | | 27 | * POSSIBILITY OF SUCH DAMAGE. |
| 28 | */ | | 28 | */ |
| 29 | #include "config.h" | | 29 | #include "config.h" |
| 30 | | | 30 | |
| 31 | #include <sys/types.h> | | 31 | #include <sys/types.h> |
| | | 32 | #include <sys/stat.h> |
| 32 | #include <sys/param.h> | | 33 | #include <sys/param.h> |
| | | 34 | #include <sys/mman.h> |
| 33 | | | 35 | |
| 34 | #ifdef HAVE_OPENSSL_CAST_H | | 36 | #ifdef HAVE_OPENSSL_CAST_H |
| 35 | #include <openssl/cast.h> | | 37 | #include <openssl/cast.h> |
| 36 | #endif | | 38 | #endif |
| 37 | | | 39 | |
| 38 | #include <netpgp.h> | | 40 | #include <netpgp.h> |
| 39 | | | 41 | |
| 40 | #include "packet.h" | | 42 | #include "packet.h" |
| 41 | #include "packet-parse.h" | | 43 | #include "packet-parse.h" |
| 42 | #include "keyring.h" | | 44 | #include "keyring.h" |
| 43 | #include "errors.h" | | 45 | #include "errors.h" |
| 44 | #include "packet-show.h" | | 46 | #include "packet-show.h" |
| 45 | #include "create.h" | | 47 | #include "create.h" |
| @@ -148,69 +150,84 @@ psuccess(char *f, __ops_validation_t *re | | | @@ -148,69 +150,84 @@ psuccess(char *f, __ops_validation_t *re |
| 148 | f, | | 150 | f, |
| 149 | ctime(&results->valid_sigs[i].creation_time), | | 151 | ctime(&results->valid_sigs[i].creation_time), |
| 150 | __ops_show_pka(results->valid_sigs[i].key_algorithm), | | 152 | __ops_show_pka(results->valid_sigs[i].key_algorithm), |
| 151 | userid_to_id(results->valid_sigs[i].signer_id, id)); | | 153 | userid_to_id(results->valid_sigs[i].signer_id, id)); |
| 152 | pubkey = __ops_keyring_find_key_by_id(pubring, | | 154 | pubkey = __ops_keyring_find_key_by_id(pubring, |
| 153 | (const unsigned char *) | | 155 | (const unsigned char *) |
| 154 | results->valid_sigs[i].signer_id); | | 156 | results->valid_sigs[i].signer_id); |
| 155 | __ops_print_public_keydata(pubkey); | | 157 | __ops_print_public_keydata(pubkey); |
| 156 | } | | 158 | } |
| 157 | } | | 159 | } |
| 158 | | | 160 | |
| 159 | /* sign a file, and put the signature in a separate file */ | | 161 | /* sign a file, and put the signature in a separate file */ |
| 160 | static int | | 162 | static int |
| 161 | sign_detached(__ops_secret_key_t *seckey, const char *hashstr, char *f, | | 163 | sign_detached(char *f, char *sigfile, __ops_secret_key_t *seckey, |
| 162 | char *sigfile) | | 164 | const char *hashstr) |
| 163 | { | | 165 | { |
| 164 | __ops_create_signature_t *sig; | | 166 | __ops_create_signature_t *sig; |
| 165 | __ops_hash_algorithm_t alg; | | 167 | __ops_hash_algorithm_t alg; |
| 166 | __ops_create_info_t *info; | | 168 | __ops_create_info_t *info; |
| 167 | unsigned char keyid[OPS_KEY_ID_SIZE]; | | 169 | unsigned char keyid[OPS_KEY_ID_SIZE]; |
| | | 170 | unsigned char *mmapped; |
| | | 171 | struct stat st; |
| 168 | time_t t; | | 172 | time_t t; |
| 169 | char fname[MAXPATHLEN]; | | 173 | char fname[MAXPATHLEN]; |
| 170 | int fd; | | 174 | int fd; |
| 171 | | | 175 | |
| 172 | /* find out which hash algorithm to use */ | | 176 | /* find out which hash algorithm to use */ |
| 173 | alg = __ops_hash_algorithm_from_text(hashstr); | | 177 | alg = __ops_hash_algorithm_from_text(hashstr); |
| 174 | if (alg == OPS_HASH_UNKNOWN) { | | 178 | if (alg == OPS_HASH_UNKNOWN) { |
| 175 | (void) fprintf(stderr,"Unknown hash algorithm: %s\n", hashstr); | | 179 | (void) fprintf(stderr,"Unknown hash algorithm: %s\n", hashstr); |
| 176 | return 0; | | 180 | return 0; |
| 177 | } | | 181 | } |
| 178 | | | 182 | |
| 179 | /* create a new signature */ | | 183 | /* create a new signature */ |
| 180 | sig = __ops_create_signature_new(); | | 184 | sig = __ops_create_signature_new(); |
| 181 | __ops_signature_start_cleartext_signature(sig, seckey, alg, | | 185 | __ops_signature_start_cleartext_signature(sig, seckey, alg, |
| 182 | OPS_SIG_BINARY); | | 186 | OPS_SIG_BINARY); |
| 183 | | | 187 | |
| 184 | /* read the contents of 'f' */ | | 188 | /* read the contents of 'f' */ |
| 185 | fd = open(f, O_RDONLY); | | 189 | fd = open(f, O_RDONLY); |
| 186 | if (fd < 0) { | | 190 | if (fd < 0) { |
| 187 | (void) fprintf(stderr, "can't open file \"%s\" to sign\n", | | 191 | (void) fprintf(stderr, "can't open file \"%s\" to sign\n", |
| 188 | f); | | 192 | f); |
| 189 | return 0; | | 193 | return 0; |
| 190 | } | | 194 | } |
| 191 | for (;;) { | | 195 | /* attempt to mmap(2) the file - if that fails, fall back to |
| 192 | unsigned char buf[8192]; | | 196 | * standard read(2) */ |
| 193 | int n; | | 197 | mmapped = MAP_FAILED; |
| | | 198 | if (fstat(fd, &st) == 0) { |
| | | 199 | mmapped = mmap(NULL, (size_t)st.st_size, PROT_READ, |
| | | 200 | MAP_FILE | MAP_PRIVATE, fd, 0); |
| | | 201 | } |
| | | 202 | if (mmapped == MAP_FAILED) { |
| | | 203 | for (;;) { |
| | | 204 | unsigned char buf[8192]; |
| | | 205 | int n; |
| 194 | | | 206 | |
| 195 | if ((n = read(fd, buf, sizeof(buf))) == 0) { | | 207 | if ((n = read(fd, buf, sizeof(buf))) == 0) { |
| 196 | break; | | 208 | break; |
| 197 | } | | 209 | } |
| 198 | if (n < 0) { | | 210 | if (n < 0) { |
| 199 | (void) fprintf(stderr, "short read \"%s\"\n", f); | | 211 | (void) fprintf(stderr, "short read \"%s\"\n", |
| 200 | (void) close(fd); | | 212 | f); |
| 201 | return 0; | | 213 | (void) close(fd); |
| | | 214 | return 0; |
| | | 215 | } |
| | | 216 | __ops_signature_add_data(sig, buf, (unsigned)n); |
| 202 | } | | 217 | } |
| 203 | __ops_signature_add_data(sig, buf, (unsigned)n); | | 218 | } else { |
| | | 219 | __ops_signature_add_data(sig, mmapped, (unsigned)st.st_size); |
| | | 220 | (void) munmap(mmapped, (unsigned)st.st_size); |
| 204 | } | | 221 | } |
| 205 | (void) close(fd); | | 222 | (void) close(fd); |
| 206 | | | 223 | |
| 207 | /* calculate the signature */ | | 224 | /* calculate the signature */ |
| 208 | t = time(NULL); | | 225 | t = time(NULL); |
| 209 | __ops_signature_add_creation_time(sig, t); | | 226 | __ops_signature_add_creation_time(sig, t); |
| 210 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, | | 227 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, |
| 211 | &seckey->public_key); | | 228 | &seckey->public_key); |
| 212 | __ops_signature_add_issuer_key_id(sig, keyid); | | 229 | __ops_signature_add_issuer_key_id(sig, keyid); |
| 213 | __ops_signature_hashed_subpackets_end(sig); | | 230 | __ops_signature_hashed_subpackets_end(sig); |
| 214 | | | 231 | |
| 215 | /* write the signature to the detached file */ | | 232 | /* write the signature to the detached file */ |
| 216 | if (sigfile == NULL) { | | 233 | if (sigfile == NULL) { |
| @@ -453,27 +470,27 @@ netpgp_sign_file(netpgp_t *netpgp, char | | | @@ -453,27 +470,27 @@ netpgp_sign_file(netpgp_t *netpgp, char |
| 453 | /* get the passphrase */ | | 470 | /* get the passphrase */ |
| 454 | get_pass_phrase(passphrase, sizeof(passphrase)); | | 471 | get_pass_phrase(passphrase, sizeof(passphrase)); |
| 455 | /* now decrypt key */ | | 472 | /* now decrypt key */ |
| 456 | seckey = __ops_decrypt_secret_key_from_data(keypair, | | 473 | seckey = __ops_decrypt_secret_key_from_data(keypair, |
| 457 | passphrase); | | 474 | passphrase); |
| 458 | if (seckey == NULL) { | | 475 | if (seckey == NULL) { |
| 459 | (void) fprintf(stderr, "Bad passphrase\n"); | | 476 | (void) fprintf(stderr, "Bad passphrase\n"); |
| 460 | } | | 477 | } |
| 461 | } while (seckey == NULL); | | 478 | } while (seckey == NULL); |
| 462 | /* sign file */ | | 479 | /* sign file */ |
| 463 | if (cleartext) { | | 480 | if (cleartext) { |
| 464 | __ops_sign_file_as_cleartext(f, out, seckey, true); | | 481 | __ops_sign_file_as_cleartext(f, out, seckey, true); |
| 465 | } else if (detached) { | | 482 | } else if (detached) { |
| 466 | sign_detached(seckey, "SHA1", f, out); | | 483 | sign_detached(f, out, seckey, "SHA1"); |
| 467 | } else { | | 484 | } else { |
| 468 | __ops_sign_file(f, out, seckey, armored, true); | | 485 | __ops_sign_file(f, out, seckey, armored, true); |
| 469 | } | | 486 | } |
| 470 | (void) memset(passphrase, 0x0, sizeof(passphrase)); | | 487 | (void) memset(passphrase, 0x0, sizeof(passphrase)); |
| 471 | return 1; | | 488 | return 1; |
| 472 | } | | 489 | } |
| 473 | | | 490 | |
| 474 | /* verify a file */ | | 491 | /* verify a file */ |
| 475 | int | | 492 | int |
| 476 | netpgp_verify_file(netpgp_t *netpgp, char *f, int armored) | | 493 | netpgp_verify_file(netpgp_t *netpgp, char *f, int armored) |
| 477 | { | | 494 | { |
| 478 | __ops_validation_t result; | | 495 | __ops_validation_t result; |
| 479 | | | 496 | |