syncthing/cmd/stsigtool/main.go

// Copyright (C) 2015 The Syncthing Authors.
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
// You can obtain one at https://mozilla.org/MPL/2.0/.

package main

import (
	"flag"
	"io"
	"log"
	"os"

	"github.com/syncthing/syncthing/lib/signature"
	"github.com/syncthing/syncthing/lib/upgrade"
)

func main() {
	log.SetFlags(0)
	log.SetOutput(os.Stdout)

	flag.Parse()

	if flag.NArg() < 1 {
		log.Print(`Usage:
	stsigtool <command>

Where command is one of:

	gen
		- generate a new key pair

	sign <privkeyfile> [datafile]
		- sign a file

	verify <signaturefile> <datafile>
		- verify a signature, using the built in public key

	verify <signaturefile> <datafile> <pubkeyfile>
		- verify a signature, using the specified public key file

`)
	}

	switch flag.Arg(0) {
	case "gen":
		gen()
	case "sign":
		sign(flag.Arg(1), flag.Arg(2))
	case "verify":
		if flag.NArg() == 4 {
			verifyWithFile(flag.Arg(1), flag.Arg(2), flag.Arg(3))
		} else {
			verifyWithKey(flag.Arg(1), flag.Arg(2), upgrade.SigningKey)
		}
	}
}

func gen() {
	priv, pub, err := signature.GenerateKeys()
	if err != nil {
		log.Fatal(err)
	}

	os.Stdout.Write(priv)
	os.Stdout.Write(pub)
}

func sign(keyname, dataname string) {
	privkey, err := os.ReadFile(keyname)
	if err != nil {
		log.Fatal(err)
	}

	var input io.Reader
	if dataname == "-" || dataname == "" {
		input = os.Stdin
	} else {
		fd, err := os.Open(dataname)
		if err != nil {
			log.Fatal(err)
		}
		defer fd.Close()
		input = fd
	}

	sig, err := signature.Sign(privkey, input)
	if err != nil {
		log.Fatal(err)
	}

	os.Stdout.Write(sig)
}

func verifyWithFile(signame, dataname, keyname string) {
	pubkey, err := os.ReadFile(keyname)
	if err != nil {
		log.Fatal(err)
	}
	verifyWithKey(signame, dataname, pubkey)
}

func verifyWithKey(signame, dataname string, pubkey []byte) {
	sig, err := os.ReadFile(signame)
	if err != nil {
		log.Fatal(err)
	}

	fd, err := os.Open(dataname)
	if err != nil {
		log.Fatal(err)
	}
	defer fd.Close()

	err = signature.Verify(pubkey, sig, fd)
	if err != nil {
		log.Fatal(err)
	}

	log.Println("correct signature")
}
Add a signature package and stsigtool CLI utility 2015-08-21 07:22:52 +00:00			`// Copyright (C) 2015 The Syncthing Authors.`
			`//`
			`// This Source Code Form is subject to the terms of the Mozilla Public`
			`// License, v. 2.0. If a copy of the MPL was not distributed with this file,`
all: Update license url to https (ref #3976) 2017-02-09 06:52:18 +00:00			`// You can obtain one at https://mozilla.org/MPL/2.0/.`
Add a signature package and stsigtool CLI utility 2015-08-21 07:22:52 +00:00
			`package main`

			`import (`
			`"flag"`
cmd/stsigtool: Sign stdin when not given a file to sign, or when given "-" GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3041 2016-05-05 19:05:45 +00:00			`"io"`
Add a signature package and stsigtool CLI utility 2015-08-21 07:22:52 +00:00			`"log"`
			`"os"`

			`"github.com/syncthing/syncthing/lib/signature"`
stsigtool should use the built in key by default 2015-08-24 14:24:00 +00:00			`"github.com/syncthing/syncthing/lib/upgrade"`
Add a signature package and stsigtool CLI utility 2015-08-21 07:22:52 +00:00			`)`

			`func main() {`
			`log.SetFlags(0)`
			`log.SetOutput(os.Stdout)`

			`flag.Parse()`

			`if flag.NArg() < 1 {`
cmd/stsigtool: Silence spurious Go 1.10 test/vet complaint 2017-12-10 18:42:08 +00:00			log.Print(`Usage:
Add a signature package and stsigtool CLI utility 2015-08-21 07:22:52 +00:00			`stsigtool <command>`

			`Where command is one of:`

			`gen`
			`- generate a new key pair`

cmd/stsigtool: Sign stdin when not given a file to sign, or when given "-" GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3041 2016-05-05 19:05:45 +00:00			`sign <privkeyfile> [datafile]`
Add a signature package and stsigtool CLI utility 2015-08-21 07:22:52 +00:00			`- sign a file`

stsigtool should use the built in key by default 2015-08-24 14:24:00 +00:00			`verify <signaturefile> <datafile>`
			`- verify a signature, using the built in public key`

			`verify <signaturefile> <datafile> <pubkeyfile>`
			`- verify a signature, using the specified public key file`
cmd/stsigtool: Silence spurious Go 1.10 test/vet complaint 2017-12-10 18:42:08 +00:00
Add a signature package and stsigtool CLI utility 2015-08-21 07:22:52 +00:00			`)
			`}`

			`switch flag.Arg(0) {`
			`case "gen":`
			`gen()`
			`case "sign":`
			`sign(flag.Arg(1), flag.Arg(2))`
			`case "verify":`
stsigtool should use the built in key by default 2015-08-24 14:24:00 +00:00			`if flag.NArg() == 4 {`
			`verifyWithFile(flag.Arg(1), flag.Arg(2), flag.Arg(3))`
			`} else {`
			`verifyWithKey(flag.Arg(1), flag.Arg(2), upgrade.SigningKey)`
			`}`
Add a signature package and stsigtool CLI utility 2015-08-21 07:22:52 +00:00			`}`
			`}`

			`func gen() {`
			`priv, pub, err := signature.GenerateKeys()`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`os.Stdout.Write(priv)`
			`os.Stdout.Write(pub)`
			`}`

			`func sign(keyname, dataname string) {`
all: Remove usage of deprecated io/ioutil (#7971) As of Go 1.16 io/ioutil is deprecated. This replaces usage with the corresponding functions in package os and package io. 2021-11-22 07:59:47 +00:00			`privkey, err := os.ReadFile(keyname)`
Add a signature package and stsigtool CLI utility 2015-08-21 07:22:52 +00:00			`if err != nil {`
			`log.Fatal(err)`
			`}`

cmd/stsigtool: Sign stdin when not given a file to sign, or when given "-" GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3041 2016-05-05 19:05:45 +00:00			`var input io.Reader`
			`if dataname == "-" \|\| dataname == "" {`
			`input = os.Stdin`
			`} else {`
			`fd, err := os.Open(dataname)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`defer fd.Close()`
			`input = fd`
Add a signature package and stsigtool CLI utility 2015-08-21 07:22:52 +00:00			`}`

cmd/stsigtool: Sign stdin when not given a file to sign, or when given "-" GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3041 2016-05-05 19:05:45 +00:00			`sig, err := signature.Sign(privkey, input)`
Add a signature package and stsigtool CLI utility 2015-08-21 07:22:52 +00:00			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`os.Stdout.Write(sig)`
			`}`

stsigtool should use the built in key by default 2015-08-24 14:24:00 +00:00			`func verifyWithFile(signame, dataname, keyname string) {`
all: Remove usage of deprecated io/ioutil (#7971) As of Go 1.16 io/ioutil is deprecated. This replaces usage with the corresponding functions in package os and package io. 2021-11-22 07:59:47 +00:00			`pubkey, err := os.ReadFile(keyname)`
Add a signature package and stsigtool CLI utility 2015-08-21 07:22:52 +00:00			`if err != nil {`
			`log.Fatal(err)`
			`}`
stsigtool should use the built in key by default 2015-08-24 14:24:00 +00:00			`verifyWithKey(signame, dataname, pubkey)`
			`}`
Add a signature package and stsigtool CLI utility 2015-08-21 07:22:52 +00:00
stsigtool should use the built in key by default 2015-08-24 14:24:00 +00:00			`func verifyWithKey(signame, dataname string, pubkey []byte) {`
all: Remove usage of deprecated io/ioutil (#7971) As of Go 1.16 io/ioutil is deprecated. This replaces usage with the corresponding functions in package os and package io. 2021-11-22 07:59:47 +00:00			`sig, err := os.ReadFile(signame)`
Add a signature package and stsigtool CLI utility 2015-08-21 07:22:52 +00:00			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`fd, err := os.Open(dataname)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`defer fd.Close()`

			`err = signature.Verify(pubkey, sig, fd)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
stsigtool should use the built in key by default 2015-08-24 14:24:00 +00:00
			`log.Println("correct signature")`
Add a signature package and stsigtool CLI utility 2015-08-21 07:22:52 +00:00			`}`