projects
/
u
/
mdw
/
catacomb
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Optionally turn off checking of keys.
[u/mdw/catacomb]
/
catcrypt.c
diff --git
a/catcrypt.c
b/catcrypt.c
index
bbe4660
..
fdb8473
100644
(file)
--- a/
catcrypt.c
+++ b/
catcrypt.c
@@
-153,6
+153,7
@@
static int encrypt(int argc, char *argv[])
enc *e;
#define f_bogus 1u
enc *e;
#define f_bogus 1u
+#define f_nocheck 2u
for (;;) {
static const struct option opt[] = {
for (;;) {
static const struct option opt[] = {
@@
-162,9
+163,10
@@
static int encrypt(int argc, char *argv[])
{ "armor", 0, 0, 'a' },
{ "format", OPTF_ARGREQ, 0, 'f' },
{ "output", OPTF_ARGREQ, 0, 'o' },
{ "armor", 0, 0, 'a' },
{ "format", OPTF_ARGREQ, 0, 'f' },
{ "output", OPTF_ARGREQ, 0, 'o' },
+ { "nocheck", 0, 0, 'C' },
{ 0, 0, 0, 0 }
};
{ 0, 0, 0, 0 }
};
- i = mdwopt(argc, argv, "k:s:af:o:", opt, 0, 0, 0);
+ i = mdwopt(argc, argv, "k:s:af:o:
C
", opt, 0, 0, 0);
if (i < 0) break;
switch (i) {
case 'k': kn = optarg; break;
if (i < 0) break;
switch (i) {
case 'k': kn = optarg; break;
@@
-172,6
+174,7
@@
static int encrypt(int argc, char *argv[])
case 'a': ef = "pem"; break;
case 'f': ef = optarg; break;
case 'o': of = optarg; break;
case 'a': ef = "pem"; break;
case 'f': ef = optarg; break;
case 'o': of = optarg; break;
+ case 'C': f |= f_nocheck; break;
default: f |= f_bogus; break;
}
}
default: f |= f_bogus; break;
}
}
@@
-210,7
+213,7
@@
static int encrypt(int argc, char *argv[])
key_fulltag(k, &d);
e = initenc(eo, ofp, "CATCRYPT ENCRYPTED MESSAGE");
km = getkem(k, "cckem", 0);
key_fulltag(k, &d);
e = initenc(eo, ofp, "CATCRYPT ENCRYPTED MESSAGE");
km = getkem(k, "cckem", 0);
- if ((err = km->ops->check(km)) != 0)
+ if (
!(f & f_nocheck) &&
(err = km->ops->check(km)) != 0)
moan("key %s fails check: %s", d.buf, err);
if (sk) {
dstr_reset(&d);
moan("key %s fails check: %s", d.buf, err);
if (sk) {
dstr_reset(&d);
@@
-303,6
+306,7
@@
static int encrypt(int argc, char *argv[])
return (0);
#undef f_bogus
return (0);
#undef f_bogus
+#undef f_nocheck
}
/*---- Decryption ---------------------------------------------------------*/
}
/*---- Decryption ---------------------------------------------------------*/
@@
-337,6
+341,7
@@
static int decrypt(int argc, char *argv[])
#define f_bogus 1u
#define f_buffer 2u
#define f_bogus 1u
#define f_buffer 2u
+#define f_nocheck 4u
for (;;) {
static const struct option opt[] = {
for (;;) {
static const struct option opt[] = {
@@
-345,17
+350,19
@@
static int decrypt(int argc, char *argv[])
{ "buffer", 0, 0, 'b' },
{ "verbose", 0, 0, 'v' },
{ "quiet", 0, 0, 'q' },
{ "buffer", 0, 0, 'b' },
{ "verbose", 0, 0, 'v' },
{ "quiet", 0, 0, 'q' },
+ { "nocheck", 0, 0, 'C' },
{ "format", OPTF_ARGREQ, 0, 'f' },
{ "output", OPTF_ARGREQ, 0, 'o' },
{ 0, 0, 0, 0 }
};
{ "format", OPTF_ARGREQ, 0, 'f' },
{ "output", OPTF_ARGREQ, 0, 'o' },
{ 0, 0, 0, 0 }
};
- i = mdwopt(argc, argv, "abf:o:qv", opt, 0, 0, 0);
+ i = mdwopt(argc, argv, "abf:o:qv
C
", opt, 0, 0, 0);
if (i < 0) break;
switch (i) {
case 'a': ef = "pem"; break;
case 'b': f |= f_buffer; break;
case 'v': verb++; break;
case 'q': if (verb) verb--; break;
if (i < 0) break;
switch (i) {
case 'a': ef = "pem"; break;
case 'b': f |= f_buffer; break;
case 'v': verb++; break;
case 'q': if (verb) verb--; break;
+ case 'C': f |= f_nocheck; break;
case 'f': ef = optarg; break;
case 'o': of = optarg; break;
default: f |= f_bogus; break;
case 'f': ef = optarg; break;
case 'o': of = optarg; break;
default: f |= f_bogus; break;
@@
-427,7
+434,7
@@
static int decrypt(int argc, char *argv[])
s = getsig(sk, "ccsig", 0);
dstr_reset(&d);
key_fulltag(sk, &d);
s = getsig(sk, "ccsig", 0);
dstr_reset(&d);
key_fulltag(sk, &d);
- if (verb && (err = s->ops->check(s)) != 0)
+ if (
!(f & f_nocheck) &&
verb && (err = s->ops->check(s)) != 0)
printf("WARN verification key %s fails check: %s\n", d.buf, err);
dstr_reset(&d);
dstr_ensure(&d, 1024);
printf("WARN verification key %s fails check: %s\n", d.buf, err);
dstr_reset(&d);
dstr_ensure(&d, 1024);
@@
-535,6
+542,7
@@
static int decrypt(int argc, char *argv[])
#undef f_bogus
#undef f_buffer
#undef f_bogus
#undef f_buffer
+#undef f_nocheck
}
/*----- Main code ---------------------------------------------------------*/
}
/*----- Main code ---------------------------------------------------------*/
@@
-570,7
+578,7
@@
static cmd cmdtab[] = {
CMD_ENCODE,
CMD_DECODE,
{ "encrypt", encrypt,
CMD_ENCODE,
CMD_DECODE,
{ "encrypt", encrypt,
- "encrypt [-a] [-k TAG] [-s TAG] [-f FORMAT]\n\t\
+ "encrypt [-a
C
] [-k TAG] [-s TAG] [-f FORMAT]\n\t\
[-o OUTPUT] [FILE]", "\
Options:\n\
\n\
[-o OUTPUT] [FILE]", "\
Options:\n\
\n\
@@
-579,9
+587,10
@@
Options:\n\
-k, --key=TAG Use public encryption key named by TAG.\n\
-s, --sign-key=TAG Use private signature key named by TAG.\n\
-o, --output=FILE Write output to FILE.\n\
-k, --key=TAG Use public encryption key named by TAG.\n\
-s, --sign-key=TAG Use private signature key named by TAG.\n\
-o, --output=FILE Write output to FILE.\n\
+-C, --nocheck Don't check the public key.\n\
" },
{ "decrypt", decrypt,
" },
{ "decrypt", decrypt,
- "decrypt [-abqv] [-f FORMAT] [-o OUTPUT] [FILE]", "\
+ "decrypt [-abqv
C
] [-f FORMAT] [-o OUTPUT] [FILE]", "\
Options:\n\
\n\
-a, --armour Same as `-f pem'.\n\
Options:\n\
\n\
-a, --armour Same as `-f pem'.\n\
@@
-590,6
+599,7
@@
Options:\n\
-o, --output=FILE Write output to FILE.\n\
-q, --quiet Produce fewer messages.\n\
-v, --verbose Produce more verbose messages.\n\
-o, --output=FILE Write output to FILE.\n\
-q, --quiet Produce fewer messages.\n\
-v, --verbose Produce more verbose messages.\n\
+-C, --nocheck Don't check the private key.\n\
" }, /* ' emacs is confused */
{ 0, 0, 0 }
};
" }, /* ' emacs is confused */
{ 0, 0, 0 }
};