octoleo/syncthing
1
0
Fork 0
mirror of https://github.com/octoleo/syncthing.git synced 2024-12-22 19:08:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

stsigtool should use the built in key by default

Browse Source
This commit is contained in:
Jakob Borg 2015-08-24 16:24:00 +02:00
parent d6e34761dc
commit a27bc4ebea
2 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
cmd/stsigtool/main.go
View File

@ -13,6 +13,7 @@ import (
"os" "os"
"github.com/syncthing/syncthing/lib/signature" "github.com/syncthing/syncthing/lib/signature"
"github.com/syncthing/syncthing/lib/upgrade"
) )
func main() { func main() {
@ -33,8 +34,11 @@ Where command is one of:
sign <privkeyfile> <datafile> sign <privkeyfile> <datafile>
- sign a file - sign a file
verify <pubkeyfile> <signaturefile> <datafile> verify <signaturefile> <datafile>
- verify a signature - verify a signature, using the built in public key
verify <signaturefile> <datafile> <pubkeyfile>
- verify a signature, using the specified public key file
`) `)
} }
@ -44,7 +48,11 @@ Where command is one of:
case "sign": case "sign":
sign(flag.Arg(1), flag.Arg(2)) sign(flag.Arg(1), flag.Arg(2))
case "verify": case "verify":
verify(flag.Arg(1), flag.Arg(2), flag.Arg(3)) if flag.NArg() == 4 {
verifyWithFile(flag.Arg(1), flag.Arg(2), flag.Arg(3))
} else {
verifyWithKey(flag.Arg(1), flag.Arg(2), upgrade.SigningKey)
}
} }
} }
@ -78,12 +86,15 @@ func sign(keyname, dataname string) {
os.Stdout.Write(sig) os.Stdout.Write(sig)
} }
func verify(keyname, signame, dataname string) { func verifyWithFile(signame, dataname, keyname string) {
pubkey, err := ioutil.ReadFile(keyname) pubkey, err := ioutil.ReadFile(keyname)
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }
verifyWithKey(signame, dataname, pubkey)
}
func verifyWithKey(signame, dataname string, pubkey []byte) {
sig, err := ioutil.ReadFile(signame) sig, err := ioutil.ReadFile(signame)
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
@ -99,4 +110,6 @@ func verify(keyname, signame, dataname string) {
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }
log.Println("correct signature")
} }

7
lib/signature/signature.go
View File

@ -105,6 +105,10 @@ func Verify(pubKeyPEM []byte, signature []byte, data io.Reader) error {
// Parse the signature // Parse the signature
block, _ := pem.Decode(signature) block, _ := pem.Decode(signature)
if block == nil || block.Bytes == nil {
return errors.New("unsupported signature format")
}
r, s, err := unmarshalSignature(block.Bytes) r, s, err := unmarshalSignature(block.Bytes)
if err != nil { if err != nil {
return err return err
@ -146,6 +150,9 @@ func loadPrivateKey(bs []byte) (*ecdsa.PrivateKey, error) {
func loadPublicKey(bs []byte) (*ecdsa.PublicKey, error) { func loadPublicKey(bs []byte) (*ecdsa.PublicKey, error) {
// Decode and parse the public key PEM block // Decode and parse the public key PEM block
block, _ := pem.Decode(bs) block, _ := pem.Decode(bs)
if block == nil || block.Bytes == nil {
return nil, errors.New("unsupported public key format")
}
intf, err := x509.ParsePKIXPublicKey(block.Bytes) intf, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil { if err != nil {
return nil, err return nil, err