plan9port

dsasign.c (3478B)

---

 #include <u.h>
 #include <libc.h>
 #include <mp.h>
 #include <libsec.h>
 #include <auth.h>
 #include <thread.h>
 #include <9pclient.h>
 #include <bio.h>
 
 void
 usage(void)
 {
 	fprint(2, "usage: 9 dsasign [-i id] [-v] key <data\n");
 	threadexitsall("usage");
 }
 
 static void doVerify(void);
 static char *getline(int*);
 
 char *id;
 Biobuf b;
 int nid;
 char *key;
 
 void
 threadmain(int argc, char **argv)
 {
 	int n, verify;
 	char *text, *p;
 	uchar digest[SHA1dlen];
 	AuthRpc *rpc;
 	Fmt fmt;
 
 	fmtinstall('[', encodefmt);
 	fmtinstall('H', encodefmt);
 
 	verify = 0;
 	id = "";
 	ARGBEGIN{
 	case 'i':
 		id = EARGF(usage());
 		break;
 	case 'v':
 		verify = 1;
 		break;
 	default:
 		usage();
 	}ARGEND
 
 	if(argc != 1)
 		usage();
 	key = argv[0];
 	nid = strlen(id);
 
 	Binit(&b, 0, OREAD);
 	if(verify) {
 		doVerify();
 		threadexitsall(nil);
 	}
 
 	if((rpc = auth_allocrpc()) == nil){
 		fprint(2, "dsasign: auth_allocrpc: %r\n");
 		threadexits("rpc");
 	}
 	key = smprint("proto=dsa role=sign %s", key);
 	if(auth_rpc(rpc, "start", key, strlen(key)) != ARok){
 		fprint(2, "dsasign: auth 'start' failed: %r\n");
 		auth_freerpc(rpc);
 		threadexits("rpc");
 	}
 
 	print("+%s\n", id);
 
 	Binit(&b, 0, OREAD);
 	fmtstrinit(&fmt);
 	while((p = getline(&n)) != nil) {
 		if(p[0] == '-' || p[0] == '+')
 			print("+");
 		print("%s\n", p);
 		fmtprint(&fmt, "%s\n", p);
 	}
 	text = fmtstrflush(&fmt);
 	sha1((uchar*)text, strlen(text), digest, nil);
 
 	if(auth_rpc(rpc, "write", digest, SHA1dlen) != ARok)
 		sysfatal("auth write in sign failed: %r");
 	if(auth_rpc(rpc, "read", nil, 0) != ARok)
 		sysfatal("auth read in sign failed: %r");
 
 	print("-%s %.*H\n", id, rpc->narg, rpc->arg);
 	threadexits(nil);
 }
 
 static mpint*
 keytomp(Attr *a, char *name)
 {
 	char *p;
 	mpint *m;
 
 	p = _strfindattr(a, name);
 	if(p == nil)
 		sysfatal("missing key attribute %s", name);
 	m = strtomp(p, nil, 16, nil);
 	if(m == nil)
 		sysfatal("malformed key attribute %s=%s", name, p);
 	return m;
 }
 
 static void
 doVerify(void)
 {
 	char *p;
 	int n, nsig;
 	Fmt fmt;
 	uchar digest[SHA1dlen], sig[1024];
 	char *text;
 	Attr *a;
 	DSAsig dsig;
 	DSApub dkey;
 
 	a = _parseattr(key);
 	if(a == nil)
 		sysfatal("invalid key");
 	dkey.alpha = keytomp(a, "alpha");
 	dkey.key = keytomp(a, "key");
 	dkey.p = keytomp(a, "p");
 	dkey.q = keytomp(a, "q");
 	if(!probably_prime(dkey.p, 20) && !probably_prime(dkey.q, 20))
 		sysfatal("p or q not prime");
 
 	while((p = getline(&n)) != nil)
 		if(p[0] == '+' && strcmp(p+1, id) == 0)
 			goto start;
 	sysfatal("no message found");
 
 start:
 	fmtstrinit(&fmt);
 	while((p = getline(&n)) != nil) {
 		if(n >= 1+nid+1+16 && p[0] == '-' && strncmp(p+1, id, nid) == 0 && p[1+nid] == ' ') {
 			if((nsig = dec16(sig, sizeof sig, p+1+nid+1, n-(1+nid+1))) != 20+20)
 				sysfatal("malformed signture");
 			goto end;
 		}
 		if(p[0] == '+')
 			p++;
 		fmtprint(&fmt, "%s\n", p);
 	}
 	sysfatal("did not find end of message");
 	return; // silence clang warning
 
 end:
 	text = fmtstrflush(&fmt);
 	sha1((uchar*)text, strlen(text), digest, nil);
 
 	if(nsig != 40)
 		sysfatal("malformed signature");
 	dsig.r = betomp(sig, 20, nil);
 	dsig.s = betomp(sig+20, 20, nil);
 
 	if(dsaverify(&dkey, &dsig, betomp(digest, sizeof digest, nil)) < 0)
 		sysfatal("signature failed to verify: %r");
 
 	write(1, text, strlen(text));
 	threadexitsall(0);
 }
 
 char*
 getline(int *np)
 {
 	char *p;
 	int n;
 
 	if((p = Brdline(&b, '\n')) == nil)
 		return nil;
 	n = Blinelen(&b);
 	while(n > 0 && (p[n-1] == '\n' || p[n-1] == ' ' || p[n-1] == '\t'))
 		n--;
 	p[n] = '\0';
 	*np = n;
 	return p;
 }