From 946c3f725423fb5b822d809f1befb8c361ac2625 Mon Sep 17 00:00:00 2001 From: mdw Date: Tue, 27 Sep 2005 18:22:50 +0000 Subject: [PATCH] Optionally turn off checking of keys. --- catcrypt.1 | 13 +++++++++++-- catcrypt.c | 22 ++++++++++++++++------ catsign.1 | 14 ++++++++++++-- catsign.c | 17 ++++++++++++----- dsig.1 | 14 ++++++++++++-- dsig.c | 28 +++++++++++++++++++++------- 6 files changed, 84 insertions(+), 24 deletions(-) diff --git a/catcrypt.1 b/catcrypt.1 index 56fe297..6803067 100644 --- a/catcrypt.1 +++ b/catcrypt.1 @@ -44,7 +44,7 @@ is one of: .RI [ item ...] .br .B encrypt -.RB [ \-a ] +.RB [ \-aC ] .RB [ \-k .IR tag ] .RB [ \-f @@ -54,7 +54,7 @@ is one of: .RI [ file ] .br .B decrypt -.RB [ \-aqv ] +.RB [ \-aqvC ] .RB [ \-f .IR format ] .RB [ \-o @@ -470,6 +470,10 @@ in the current keyring; the default is not to sign the ciphertext. Write output to .I file rather than to standard output. +.TP +.B "\-C, \-\-nocheck" +Don't check the public key for validity. This makes encryption go much +faster, but at the risk of using a duff key. .SS decrypt The .B decrypt @@ -508,6 +512,11 @@ Write output to instead of to standard output. The file is written in binary mode. Fixing line-end conventions is your problem; there are lots of good tools for dealing with it. +.TP +.B "\-C, \-\-nocheck" +Don't check the private key for validity. This makes decryption go much +faster, but at the risk of using a duff key, and possibly leaking +information about the private key. .PP Output is written to standard output in a machine-readable format. Major problems cause the program to write a diagnostic to standard error diff --git a/catcrypt.c b/catcrypt.c index bbe4660..fdb8473 100644 --- a/catcrypt.c +++ b/catcrypt.c @@ -153,6 +153,7 @@ static int encrypt(int argc, char *argv[]) enc *e; #define f_bogus 1u +#define f_nocheck 2u for (;;) { static const struct option opt[] = { @@ -162,9 +163,10 @@ static int encrypt(int argc, char *argv[]) { "armor", 0, 0, 'a' }, { "format", OPTF_ARGREQ, 0, 'f' }, { "output", OPTF_ARGREQ, 0, 'o' }, + { "nocheck", 0, 0, 'C' }, { 0, 0, 0, 0 } }; - i = mdwopt(argc, argv, "k:s:af:o:", opt, 0, 0, 0); + i = mdwopt(argc, argv, "k:s:af:o:C", opt, 0, 0, 0); if (i < 0) break; switch (i) { case 'k': kn = optarg; break; @@ -172,6 +174,7 @@ static int encrypt(int argc, char *argv[]) case 'a': ef = "pem"; break; case 'f': ef = optarg; break; case 'o': of = optarg; break; + case 'C': f |= f_nocheck; break; default: f |= f_bogus; break; } } @@ -210,7 +213,7 @@ static int encrypt(int argc, char *argv[]) key_fulltag(k, &d); e = initenc(eo, ofp, "CATCRYPT ENCRYPTED MESSAGE"); km = getkem(k, "cckem", 0); - if ((err = km->ops->check(km)) != 0) + if (!(f & f_nocheck) && (err = km->ops->check(km)) != 0) moan("key %s fails check: %s", d.buf, err); if (sk) { dstr_reset(&d); @@ -303,6 +306,7 @@ static int encrypt(int argc, char *argv[]) return (0); #undef f_bogus +#undef f_nocheck } /*---- Decryption ---------------------------------------------------------*/ @@ -337,6 +341,7 @@ static int decrypt(int argc, char *argv[]) #define f_bogus 1u #define f_buffer 2u +#define f_nocheck 4u for (;;) { static const struct option opt[] = { @@ -345,17 +350,19 @@ static int decrypt(int argc, char *argv[]) { "buffer", 0, 0, 'b' }, { "verbose", 0, 0, 'v' }, { "quiet", 0, 0, 'q' }, + { "nocheck", 0, 0, 'C' }, { "format", OPTF_ARGREQ, 0, 'f' }, { "output", OPTF_ARGREQ, 0, 'o' }, { 0, 0, 0, 0 } }; - i = mdwopt(argc, argv, "abf:o:qv", opt, 0, 0, 0); + i = mdwopt(argc, argv, "abf:o:qvC", opt, 0, 0, 0); if (i < 0) break; switch (i) { case 'a': ef = "pem"; break; case 'b': f |= f_buffer; break; case 'v': verb++; break; case 'q': if (verb) verb--; break; + case 'C': f |= f_nocheck; break; case 'f': ef = optarg; break; case 'o': of = optarg; break; default: f |= f_bogus; break; @@ -427,7 +434,7 @@ static int decrypt(int argc, char *argv[]) s = getsig(sk, "ccsig", 0); dstr_reset(&d); key_fulltag(sk, &d); - if (verb && (err = s->ops->check(s)) != 0) + if (!(f & f_nocheck) && verb && (err = s->ops->check(s)) != 0) printf("WARN verification key %s fails check: %s\n", d.buf, err); dstr_reset(&d); dstr_ensure(&d, 1024); @@ -535,6 +542,7 @@ static int decrypt(int argc, char *argv[]) #undef f_bogus #undef f_buffer +#undef f_nocheck } /*----- Main code ---------------------------------------------------------*/ @@ -570,7 +578,7 @@ static cmd cmdtab[] = { CMD_ENCODE, CMD_DECODE, { "encrypt", encrypt, - "encrypt [-a] [-k TAG] [-s TAG] [-f FORMAT]\n\t\ + "encrypt [-aC] [-k TAG] [-s TAG] [-f FORMAT]\n\t\ [-o OUTPUT] [FILE]", "\ Options:\n\ \n\ @@ -579,9 +587,10 @@ Options:\n\ -k, --key=TAG Use public encryption key named by TAG.\n\ -s, --sign-key=TAG Use private signature key named by TAG.\n\ -o, --output=FILE Write output to FILE.\n\ +-C, --nocheck Don't check the public key.\n\ " }, { "decrypt", decrypt, - "decrypt [-abqv] [-f FORMAT] [-o OUTPUT] [FILE]", "\ + "decrypt [-abqvC] [-f FORMAT] [-o OUTPUT] [FILE]", "\ Options:\n\ \n\ -a, --armour Same as `-f pem'.\n\ @@ -590,6 +599,7 @@ Options:\n\ -o, --output=FILE Write output to FILE.\n\ -q, --quiet Produce fewer messages.\n\ -v, --verbose Produce more verbose messages.\n\ +-C, --nocheck Don't check the private key.\n\ " }, /* ' emacs is confused */ { 0, 0, 0 } }; diff --git a/catsign.1 b/catsign.1 index 596b76f..e762712 100644 --- a/catsign.1 +++ b/catsign.1 @@ -44,7 +44,7 @@ is one of: .RI [ item ...] .br .B sign -.RB [ \-adt ] +.RB [ \-adtC ] .RB [ \-k .IR tag ] .RB [ \-f @@ -54,7 +54,7 @@ is one of: .RI [ file ] .br .B verify -.RB [ \-aquv ] +.RB [ \-aquvC ] .RB [ \-k .IR tag ] .RB [ \-f @@ -403,6 +403,11 @@ rather than to standard output. .TP .B "\-t, \-\-text" Read and sign the input as text. This is the default. +.TP +.B "\-C, \-\-nocheck" +Don't check the private key for validity. This makes signing go much +faster, but at the risk of using a duff key, and potentially leaking +information about the private key. .SS verify The .B verify @@ -472,6 +477,11 @@ The file is written in text or binary mode as appropriate. The default is to write the message to standard output unless verifying a detached signature, in which case nothing is written. +.TP +.B "\-C, \-\-nocheck" +Don't check the public key for validity. This makes verification go +much faster, but at the risk of using a duff key, and potentially +accepting false signatures. .PP Output is written to standard output in a machine-readable format. Major problems cause the program to write a diagnostic to standard error diff --git a/catsign.c b/catsign.c index ce05618..46b7b87 100644 --- a/catsign.c +++ b/catsign.c @@ -91,6 +91,7 @@ typedef struct sigmsg { #define F_BOGUS 128u #define F_BUFFER 256u #define F_UTC 512u +#define F_NOCHECK 1024u /*----- Chunk I/O ---------------------------------------------------------*/ @@ -453,9 +454,10 @@ static int sign(int argc, char *argv[]) { "format", OPTF_ARGREQ, 0, 'f' }, { "output", OPTF_ARGREQ, 0, 'o' }, { "text", 0, 0, 't' }, + { "nocheck", 0, 0, 'C' }, { 0, 0, 0, 0 } }; - i = mdwopt(argc, argv, "k:f:o:abdt", opt, 0, 0, 0); + i = mdwopt(argc, argv, "k:f:o:abdtC", opt, 0, 0, 0); if (i < 0) break; switch (i) { case 'k': kn = optarg; break; @@ -465,6 +467,7 @@ static int sign(int argc, char *argv[]) case 't': f &= ~F_BINARY; break; case 'b': f |= F_BINARY; break; case 'd': f |= F_DETACH; break; + case 'C': f |= F_NOCHECK; break; default: f |= F_BOGUS; break; } } @@ -494,7 +497,7 @@ static int sign(int argc, char *argv[]) dstr_reset(&d); key_fulltag(k, &d); s.s = getsig(k, "ccsig", 1); - if ((err = s.s->ops->check(s.s)) != 0) + if (!(f & F_NOCHECK) && (err = s.s->ops->check(s.s)) != 0) moan("key %s fails check: %s", d.buf, err); keyhash(k, s.s, &s.kh); e = initenc(eo, ofp, @@ -600,6 +603,7 @@ static int verify(int argc, char *argv[]) { "fresh-time", 0, 0, 't' }, { "gmt", 0, 0, 'u' }, { "verbose", 0, 0, 'v' }, + { "nocheck", 0, 0, 'C' }, { 0, 0, 0, 0 } }; i = mdwopt(argc, argv, "k:f:o:abqt:uv", opt, 0, 0, 0); @@ -611,6 +615,7 @@ static int verify(int argc, char *argv[]) case 'f': ef = optarg; break; case 'o': of = optarg; break; case 'u': v.f |= F_UTC; break; + case 'C': v.f |= F_NOCHECK; break; case 't': if (strcmp(optarg, "always") == 0) t_fresh = 0; else if ((t_fresh = get_date(optarg, 0)) < 0) @@ -672,7 +677,7 @@ static int verify(int argc, char *argv[]) s.s = getsig(k, "ccsig", 0); dstr_reset(&d); key_fulltag(k, &d); - if (v.verb && (err = s.s->ops->check(s.s)) != 0) + if (!(v.f & F_NOCHECK) && v.verb && (err = s.s->ops->check(s.s)) != 0) printf("WARN verification key %s fails check: %s\n", d.buf, err); dstr_reset(&dd); keyhash(k, s.s, &dd); @@ -1053,7 +1058,7 @@ static cmd cmdtab[] = { CMD_ENCODE, CMD_DECODE, { "sign", sign, - "sign [-adt] [-k TAG] [-f FORMAT] [-o OUTPUT] [FILE]", "\ + "sign [-adtC] [-k TAG] [-f FORMAT] [-o OUTPUT] [FILE]", "\ Options:\n\ \n\ -a, --armour Same as `-f pem'.\n\ @@ -1063,9 +1068,10 @@ Options:\n\ -k, --key=TAG Use public encryption key named by TAG.\n\ -o, --output=FILE Write output to FILE.\n\ -t, --text Canonify input message as a text file.\n\ +-C, --nocheck Don't check the private key.\n\ " }, { "verify", verify, - "verify [-abquv] [-f FORMAT] [-k TAG] [-o OUTPUT]\n\t\ + "verify [-abquvC] [-f FORMAT] [-k TAG] [-o OUTPUT]\n\t\ [FILE [MESSAGE]]", "\ Options:\n\ \n\ @@ -1078,6 +1084,7 @@ Options:\n\ -t, --freshtime=TIME Only accept signatures made after this time.\n\ -u, --utc Show dates in UTC rather than local time.\n\ -v, --verbose Produce more verbose messages.\n\ +-C, --nocheck Don't check the public key.\n\ " }, { "info", info, "info [-au] [-f FORMAT] [FILE]", "\ diff --git a/dsig.1 b/dsig.1 index 70a4ea8..10fe6c6 100644 --- a/dsig.1 +++ b/dsig.1 @@ -44,7 +44,7 @@ is one of: .RI [ item ...] .br .B sign -.RB [ \-0bqv ] +.RB [ \-0bqvC ] .RB [ \-c .IR comment ] .RB [ \-k @@ -59,7 +59,7 @@ is one of: .IR output ] .br .B verify -.RB [ \-qv ] +.RB [ \-qvC ] .RI [ file ] .SH DESCRIPTION The @@ -323,6 +323,11 @@ Set the signature to expire at The default is to expire 28 days from creation. Use .B forever to make the signature not expire. +.TP +.B "\-C, \-\-nocheck" +Don't check the private key for validity. This makes signing go much +faster, but at the risk of using a duff key, and potentially leaking +information about the private key. .PP The whitespace-separated format for filenames allows quoting and escaping of strange characters. The backslash @@ -360,6 +365,11 @@ Produce more informational output. The default verbosity level is 1. .TP .B "\-q, \-\-quiet" Produce less information output. +.TP +.B "\-C, \-\-nocheck" +Don't check the public key for validity. This makes verification go +much faster, but at the risk of using a duff key, and potentially +accepting false signatures. .PP Output is written to standard output in a machine-readable format. Formatting errors cause the program to write a diagnostic to standard diff --git a/dsig.c b/dsig.c index a8fc2f9..bcfe51d 100644 --- a/dsig.c +++ b/dsig.c @@ -654,6 +654,7 @@ static int sign(int argc, char *argv[]) #define f_raw 1u #define f_bin 2u #define f_bogus 4u +#define f_nocheck 8u unsigned f = 0; const char *ki = "dsig"; @@ -682,9 +683,10 @@ static int sign(int argc, char *argv[]) { "output", OPTF_ARGREQ, 0, 'o' }, { "key", OPTF_ARGREQ, 0, 'k' }, { "expire", OPTF_ARGREQ, 0, 'e' }, + { "nocheck", OPTF_ARGREQ, 0, 'C' }, { 0, 0, 0, 0 } }; - int i = mdwopt(argc, argv, "+0vqb" "c:" "f:o:" "k:e:", opts, 0, 0, 0); + int i = mdwopt(argc, argv, "+0vqbC" "c:" "f:o:" "k:e:", opts, 0, 0, 0); if (i < 0) break; switch (i) { @@ -701,6 +703,9 @@ static int sign(int argc, char *argv[]) if (verb > 0) verb--; break; + case 'C': + f |= f_nocheck; + break; case 'c': c = optarg; break; @@ -742,7 +747,7 @@ static int sign(int argc, char *argv[]) /* --- Check the key --- */ - if ((err = s->ops->check(s)) != 0) + if (!(f & f_nocheck) && (err = s->ops->check(s)) != 0) moan("key `%s' fails check: %s", d.buf, err); /* --- Open files --- */ @@ -864,6 +869,7 @@ static int sign(int argc, char *argv[]) #undef f_raw #undef f_bin #undef f_bogus +#undef f_nocheck } /*----- Signature verification --------------------------------------------*/ @@ -873,6 +879,7 @@ static int verify(int argc, char *argv[]) #define f_bogus 1u #define f_bin 2u #define f_ok 4u +#define f_nocheck 8u unsigned f = 0; unsigned verb = 1; @@ -891,9 +898,10 @@ static int verify(int argc, char *argv[]) static struct option opts[] = { { "verbose", 0, 0, 'v' }, { "quiet", 0, 0, 'q' }, + { "nocheck", 0, 0, 'C' }, { 0, 0, 0, 0 } }; - int i = mdwopt(argc, argv, "+vq", opts, 0, 0, 0); + int i = mdwopt(argc, argv, "+vqC", opts, 0, 0, 0); if (i < 0) break; switch (i) { @@ -904,6 +912,9 @@ static int verify(int argc, char *argv[]) if (verb) verb--; break; + case 'C': + f |= f_nocheck; + break; default: f |= f_bogus; break; @@ -912,7 +923,7 @@ static int verify(int argc, char *argv[]) argc -= optind; argv += optind; if ((f & f_bogus) || argc > 1) - die(EXIT_FAILURE, "Usage: verify [-qv] [FILE]"); + die(EXIT_FAILURE, "Usage: verify [-qvC] [FILE]"); /* --- Open the key file, and start reading the input file --- */ @@ -979,7 +990,7 @@ static int verify(int argc, char *argv[]) } s = getsig(k, "dsig", 0); - if (verb && (err = s->ops->check(s)) != 0) + if (!(f & f_nocheck) && verb && (err = s->ops->check(s)) != 0) printf("WARN public key fails check: %s", err); for (;;) { @@ -1072,6 +1083,7 @@ done: #undef f_bogus #undef f_bin #undef f_ok +#undef f_nocheck } /*----- Main code ---------------------------------------------------------*/ @@ -1097,7 +1109,7 @@ static cmd cmdtab[] = { { "help", cmd_help, "help [COMMAND...]" }, { "show", cmd_show, "show [ITEM...]" }, { "sign", sign, - "sign [-0bqv] [-c COMMENT] [-k TAG] [-e EXPIRE]\n\t\ + "sign [-0bqvC] [-c COMMENT] [-k TAG] [-e EXPIRE]\n\t\ [-f FILE] [-o OUTPUT]", "\ Options:\n\ @@ -1106,6 +1118,7 @@ Options:\n\ -b, --binary Produce a binary output file.\n\ -q, --quiet Produce fewer messages while working.\n\ -v, --verbose Produce more messages while working.\n\ +-C, --nocheck Don't check the private key.\n\ -c, --comment=COMMENT Include COMMENT in the output file.\n\ -f, --file=FILE Read filenames to hash from FILE.\n\ -o, --output=FILE Write the signed result to FILE.\n\ @@ -1113,11 +1126,12 @@ Options:\n\ -e, --expire=TIME The signature should expire after TIME.\n\ " }, { "verify", verify, - "verify [-qv] [FILE]", "\ + "verify [-qvC] [FILE]", "\ Options:\n\ \n\ -q, --quiet Produce fewer messages while working.\n\ -v, --verbose Produce more messages while working.\n\ +-C, --nocheck Don't check the public key.\n\ " }, { 0, 0, 0 } }; -- 2.11.0