3 ### Common key management functions.
5 ### (c) 2011 Mark Wooding
8 ###----- Licensing notice ---------------------------------------------------
10 ### This file is part of the distorted.org.uk key management suite.
12 ### distorted-keys is free software; you can redistribute it and/or modify
13 ### it under the terms of the GNU General Public License as published by
14 ### the Free Software Foundation; either version 2 of the License, or
15 ### (at your option) any later version.
17 ### distorted-keys is distributed in the hope that it will be useful,
18 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
19 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 ### GNU General Public License for more details.
22 ### You should have received a copy of the GNU General Public License
23 ### along with distorted-keys; if not, write to the Free Software Foundation,
24 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
28 ###--------------------------------------------------------------------------
29 ### Configuration variables.
31 PACKAGE
="@PACKAGE@" VERSION
="@VERSION@"
32 pkgconfdir
="@pkgconfdir@" pkglibdir
="@pkglibdir@"
35 case ":$PATH:" in *:"$bindir":*) ;; *) PATH
=$bindir:$PATH ;; esac
37 if [ -f
$KEYS/keys.conf
]; then .
$KEYS/keys.conf
; fi
38 : ${random=/dev/random}
40 case "${KEYS_DEBUG+t}" in t
) set -x
;; esac
42 ###--------------------------------------------------------------------------
46 cleanup
() { cleanups
="$cleanups $1"; }
47 trap 'rc=$?; for i in $cleanups; do $i; done; exit $rc' EXIT
48 trap 'exit 127' INT TERM
50 ###--------------------------------------------------------------------------
51 ### Utility functions.
53 ## Temporary directory.
55 rmtmp
() { cd /; rm -rf
$tmp; }
57 ## Make and return the name of a temporary directory.
59 case "${tmp+t}" in t
) echo "$tmp"; return ;; esac
60 mem
=$
(userv root claim-mem-dir
</dev
/null
)
61 tmp
="$mem/keys.tmp.$$"
67 ###--------------------------------------------------------------------------
68 ### Input validation functions.
73 "" |
[!1-9]* |
*[!0-9]*)
74 echo >&2 "$quis: bad $what \`$thing'"
83 "" |
*[!-0-9a-zA-Z_
!%@
+=]*)
84 echo >&2 "$quis: bad $what: \`$thing'"
93 *[!-0-9a-zA-Z_
!%@
+=/#]* | *//* | /* | */)
94 echo >&2 "$quis: bad $what label \`$thing'"
100 ###--------------------------------------------------------------------------
101 ### Crypto operations.
103 ### We use Seccure for this, but it's interface is Very Annoying.
107 ## run_seccure OP ARG ...
109 ## Run a Seccure program, ensuring that its stderr is reported if it had
110 ## anything very interesting to say, but suppressed if it was boring.
112 ## We need a temporary place for the error output.
116 echo >&2 "$quis (INTERNAL): run_seccure called without tmpdir"
122 set +e
; seccure-
$op "$@" 2>$tmp/seccure.out
; rc
=$?
; set -e
123 grep -v
'^WARNING: Cannot obtain memory lock' $tmp/seccure.out
>&2 ||
:
129 ## Write the public key corresponding to PRIVATE to stdout.
131 run_seccure key
-q
-cp256
-F
"$private"
136 ## Make a new key, write private key to PRIVATE and public key to PUBLIC.
138 dd if=$random bs
=1 count
=512 2>/dev
/null |
139 openssl dgst
-sha384
-binary |
140 (umask 077 && openssl base64
>"$private")
141 ec_public
"$private" >"$public"
146 ## Encrypt stuff using the PUBLIC key. Use -i/-o or redirection.
148 run_seccure encrypt
-q
-cp256
-m128
"$@" -- $
(cat "$public")
153 ## Decrypt stuff using the PRIVATE key. Use -i/-o or redirection.
155 run_seccure decrypt
-q
-cp256
-m128
-F
"$private" "$@"
160 ## Sign stuff using the PRIVATE key. Use -i/-o or redirection.
162 run_seccure sign
-q
-cp256
-F
"$private" "$@"
166 public
=$1 signature
=$2; shift
167 ## Verify a SIGNATURE using the PUBLIC key; use -i or redirection for the
170 run_seccure verify
-q
-cp256
"$@" -- $
(cat "$public") "$signature"
173 ###--------------------------------------------------------------------------
177 case "$KEYS_HELP" in t
) ;; *) return ;; esac
181 defhelp
() { read umsg
; usage
="usage: $quis${umsg+ }$umsg"; help=$
(cat); }
182 help () { showhelp
; }
191 ###----- That's all, folks --------------------------------------------------