tComment out code and functions - sick - sign and check files using ed25519
(HTM) git clone git://z3bra.org/sick
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 971109b68dea44b87c6e62538aea62856657f7e4
(DIR) parent a213aaa860eb78fb708172bbe802cd4a8fff5d07
(HTM) Author: z3bra <willyatmailoodotorg>
Date: Mon, 16 May 2016 23:11:35 +0200
Comment out code and functions
Diffstat:
M base64.c | 18 ++++++++++++++++--
M sick.c | 65 ++++++++++++++++++++++++++++---
2 files changed, 75 insertions(+), 8 deletions(-)
---
(DIR) diff --git a/base64.c b/base64.c
t@@ -13,6 +13,9 @@ int base64_index(const char *, char);
const char base64_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+/*
+ * Return the index of a base64 char in the table
+ */
int
base64_index(const char *base64, char ch)
{
t@@ -25,7 +28,10 @@ base64_index(const char *base64, char ch)
return ch == '=' ? 0 : -1;
}
-
+/*
+ * Encode the given message in base64, allocate memory to store the encoded
+ * message, and return the size allocated.
+ */
size_t
base64_encode(char **buf, const unsigned char *msg, size_t len)
{
t@@ -56,6 +62,10 @@ base64_encode(char **buf, const unsigned char *msg, size_t len)
return size;
}
+/*
+ * Allocate size to decode a base64 message, decode it in the buffer and
+ * return the allocated size.
+ */
size_t
base64_decode(char **buf, const unsigned char *msg, size_t len)
{
t@@ -89,6 +99,10 @@ base64_decode(char **buf, const unsigned char *msg, size_t len)
return size;
}
+/*
+ * Write a base64 encoded message to the given file pointer, folded at the
+ * given width (defaults to BASE64_FOLD if specified width is 0).
+ */
size_t
base64_fold(FILE *fp, char *base64, size_t len, size_t fold)
{
t@@ -97,7 +111,7 @@ base64_fold(FILE *fp, char *base64, size_t len, size_t fold)
fold = fold > 0 ? fold : BASE64_FOLD;
for (i = 0; i < len; i += BASE64_FOLD) {
- fwrite(base64+i, 1, i+BASE64_FOLD > len ? len - i : BASE64_FOLD, fp);
+ fwrite(base64+i, 1, i+BASE64_FOLD>len?len-i:BASE64_FOLD, fp);
fwrite("\n", 1, 1, fp);
}
(DIR) diff --git a/sick.c b/sick.c
t@@ -56,6 +56,10 @@ bufferize(char **buf, FILE *fp)
size_t n, len = 0;
char chunk[MAX_INPUT], *tmp;
+ /*
+ * For each chunk read, reallocate the buffer size to fit the newly
+ * read data, and copy it over
+ */
while ((n = fread(chunk, 1, MAX_INPUT, fp)) > 0) {
if ((tmp = realloc(*buf, len + n)) == NULL) {
free(*buf);
t@@ -71,16 +75,22 @@ bufferize(char **buf, FILE *fp)
return len;
}
+/*
+ * Copy the full content of the buffer, minus the signature to the given
+ * pointer
+ */
static size_t
extractmsg(unsigned char **msg, char *buf)
{
size_t len = 0;
char *sig;
+ /* signature start is identified by SIGBEGIN */
sig = strstr(buf, SIGBEGIN);
+ /* if signature is not found, return an error */
if (sig == NULL)
- return -1;
+ return 0;
len = sig - buf;
*msg = malloc(len);
t@@ -89,6 +99,9 @@ extractmsg(unsigned char **msg, char *buf)
return len;
}
+/*
+ * Copy the signature at the end of the buffer to the given pointer
+ */
static size_t
extractsig(unsigned char **sig, char *buf)
{
t@@ -97,22 +110,35 @@ extractsig(unsigned char **sig, char *buf)
char *begin, *end, *tmp;
unsigned char base64[76];
+ /* search start and end strings for the signatures */
begin = strstr(buf, SIGBEGIN) + strlen(SIGBEGIN);
end = strstr(buf, SIGEND);
- if (!(begin && end)) {
+ /* in case the signature block isn't well formated, return 0 */
+ if (!(begin && end))
return 0;
- }
+ /* ed25519 signatures are 64 bytes longs */
*sig = malloc(64);
if (*sig == NULL)
return 0;
memset(*sig, 0, 64);
- /* base64 signature are wrapped at 76 chars */
+ /*
+ * base64 signature are wrapped at 76 chars.
+ * 76 being a multiple of 4, it means we can decode the signature in
+ * chunks of 76 bytes, and concatenate them together to get the
+ * original data.
+ */
for (i = 0; begin+i < end; i+=77) {
- /* black magic pointer arithmetic there */
+ /*
+ * black magic pointer arithmetic there..
+ * if we reached the "end" pointer, it means we're at the end
+ * of the signature.
+ * The line length is either 76 bytes long, or less (for the
+ * last line)
+ */
n = begin+i+76 < end ? 76 : end - (begin + i);
memset(base64, 0, 76);
memcpy(base64, begin+i, n);
t@@ -181,6 +207,10 @@ createkeypair(const char *alias)
return 0;
}
+/*
+ * Buffer a data stream, sign it, and write the buffer + base64 encoded
+ * signature to stdout
+ */
int
sign(FILE *fp, FILE *key)
{
t@@ -225,6 +255,10 @@ sign(FILE *fp, FILE *key)
return 0;
}
+/*
+ * Check a buffer against all files in the $KEYRING directory set in the
+ * environment.
+ */
static int
check_keyring(unsigned char *sig, unsigned char *msg, size_t len)
{
t@@ -236,6 +270,7 @@ check_keyring(unsigned char *sig, unsigned char *msg, size_t len)
char *keyring = NULL, path[PATH_MAX];
unsigned char pub[32];
+ /* get the keyring from the environment */
keyring = getenv("KEYRING");
if (keyring == NULL) {
if (verbose)
t@@ -249,10 +284,17 @@ check_keyring(unsigned char *sig, unsigned char *msg, size_t len)
return ERR_NORING;
}
+ /* loop through all entries in the $KEYRING directory */
while ((dt = readdir(dirp)) != NULL) {
+ /* ignore entries that are not regular files */
if (dt->d_type != DT_REG)
continue;
+ /* ignore all entries that are not 32 bytes long */
+ if (dt->d_reclen != 32)
+ continue
+
+ /* set public key file path and store its content */
n = strnlen(keyring, PATH_MAX);
memset(path, 0, PATH_MAX);
memcpy(path, keyring, n);
t@@ -267,6 +309,8 @@ check_keyring(unsigned char *sig, unsigned char *msg, size_t len)
fclose(key);
continue;
}
+
+ /* check message for the given public key */
ret += ed25519_verify(sig, msg, len, pub);
if (ret) {
if (verbose)
t@@ -279,6 +323,11 @@ check_keyring(unsigned char *sig, unsigned char *msg, size_t len)
return !ret;
}
+/*
+ * Check the given stream against the key provided. If the stream pointer
+ * supposed to hold the key is NULL, check the stream against all public keys
+ * located in the $KEYRING directory.
+ */
static int
check(FILE *fp, FILE *key)
{
t@@ -309,7 +358,6 @@ check(FILE *fp, FILE *key)
if (verbose)
fprintf(stderr, "Verifying stream (%lu bytes)\n", len);
-
if (key) {
if (fread(pub, 1, 32, key) < 32)
return ERR_NOKEY;
t@@ -319,6 +367,10 @@ check(FILE *fp, FILE *key)
ret = check_keyring(sig, msg, len);
}
+ /*
+ * if we're able to verify the signature, dump buffer's content to
+ * stdout
+ */
if (ret == 0)
fwrite(msg, 1, len, stdout);
t@@ -355,6 +407,7 @@ main(int argc, char *argv[])
usage();
}ARGEND;
+ /* if no argument is provided, read stdin */
fp = argc ? fopen(*argv, "r") : stdin;
switch (action) {