tDecode base64 keys on-the-fly - sick - sign and check files using ed25519
(HTM) git clone git://z3bra.org/sick
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 259292d1564073a40c90671ad9b8c2c242b76ad7
(DIR) parent 65c927600a8e8db3a65a2b62fce53a05aa97948c
(HTM) Author: Willy Goiffon <contact@z3bra.org>
Date: Fri, 25 Aug 2023 08:03:16 +0200
Decode base64 keys on-the-fly
Diffstat:
M sick.c | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
---
(DIR) diff --git a/sick.c b/sick.c
t@@ -33,6 +33,7 @@ static size_t bufferize(unsigned char **buf, FILE *fp);
static size_t extractmsg(unsigned char *msg[], unsigned char *buf, size_t len);
static size_t extractsig(unsigned char *sig[], unsigned char *buf, size_t len);
static int createkeypair(const char *);
+static int readkey(FILE *, unsigned char **);
static int check_keyring(unsigned char *sig, unsigned char *msg, size_t len);
static int sign(FILE *fp, FILE *key);
static int check(FILE *fp, FILE *key);
t@@ -252,6 +253,15 @@ createkeypair(const char *alias)
return 0;
}
+int
+readkey(FILE *fp, unsigned char **k)
+{
+ size_t len;
+ char b64[96];
+ len = fread(b64, 1, sizeof(b64), fp);
+ return base64_decode((char **)k, (unsigned char *)b64, len);
+}
+
/*
* Buffer a data stream, sign it, and write the buffer + base64 encoded
* signature to stdout
t@@ -266,9 +276,7 @@ sign(FILE *fp, FILE *key)
if (key == NULL)
return ERR_NOKEY;
- priv = malloc(64);
-
- if (!fread(priv, 1, 64, key))
+ if (readkey(key, &priv) < 64)
return ERR_NOKEY;
mlen = bufferize(&msg, fp);
t@@ -320,7 +328,7 @@ check_keyring(unsigned char *sig, unsigned char *msg, size_t len)
FILE *key = NULL;
struct dirent *dt = NULL;
char *keyring = NULL, path[PATH_MAX];
- unsigned char pub[32];
+ unsigned char *pub;
/* get the keyring from the environment */
keyring = getenv("KEYRING");
t@@ -356,14 +364,16 @@ check_keyring(unsigned char *sig, unsigned char *msg, size_t len)
perror(path);
continue;
}
- if (fread(pub, 1, 32, key) < 32) {
+ if (readkey(key, &pub) < 32) {
perror(path);
fclose(key);
+ free(pub);
continue;
}
/* check message for the given public key */
ret += crypto_sign_ed25519_open(sig, &buflen, msg, len, pub) == -1 ? 0 : 1;
+ free(pub);
if (ret) {
if (verbose)
fprintf(stderr, "Key match: %s\n", path);
t@@ -385,7 +395,7 @@ check(FILE *fp, FILE *key)
{
int ret = 0;
unsigned long long len, dummylen;
- unsigned char pub[32], *sig, *msg, *buf = NULL, *dummybuf = NULL;
+ unsigned char *pub, *sig, *msg, *buf = NULL, *dummybuf = NULL;
if ((len = bufferize(&buf, fp)) == 0)
return ERR_NOMSG;
t@@ -413,7 +423,7 @@ check(FILE *fp, FILE *key)
fprintf(stderr, "Verifying stream (%llu bytes)\n", len);
if (key) {
- if (fread(pub, 1, 32, key) < 32)
+ if (readkey(key, &pub) != 32)
return ERR_NOKEY;
buf = malloc(len + 64);