X-Git-Url: https://git.distorted.org.uk/~mdw/distorted-keys/blobdiff_plain/68023101ab409d775673edadb77079a7adf50374..5cff41ea66c1dd4e60bd255b0f68d7d1f8d22383:/keyfunc.sh.in diff --git a/keyfunc.sh.in b/keyfunc.sh.in index 82ed9e5..f134198 100644 --- a/keyfunc.sh.in +++ b/keyfunc.sh.in @@ -28,13 +28,14 @@ quis=${0##*/} ###-------------------------------------------------------------------------- ### Configuration variables. +## Automatically configured pathnames. PACKAGE="@PACKAGE@" VERSION="@VERSION@" bindir="@bindir@" -case ":$PATH:" in *:"$bindir":*) ;; *) PATH=$bindir:$PATH ;; esac - +## Read user configuration. if [ -f $ETC/keys.conf ]; then . $ETC/keys.conf; fi +## Maybe turn on debugging. case "${KEYS_DEBUG+t}" in t) set -x ;; esac ###-------------------------------------------------------------------------- @@ -227,9 +228,9 @@ defprops g_props </dev/null \ - if=/dev/${kprop_random-random} bs=1 count=${kprop_nubsz-512} | - openssl dgst -${kprop_nubhash-sha384} -binary | + if=/dev/${kprop_random-random} bs=1 count=${kprop_nub_random_bytes-64} | + openssl dgst -${kprop_nub_hash-sha256} -binary | openssl base64 } nubid () { ## Compute a hash of the key nub in stdin, and write it to stdout in hex. - ## The property `nubidhash' is used. + ## The property `nubid_hash' is used. { echo "distorted-keys nubid"; cat -; } | - openssl dgst -${kprop_nubidhash-sha256} + openssl dgst -${kprop_nubid_hash-sha256} } subst () { @@ -424,7 +426,8 @@ k_verify () { notsupp verify; } prepare () { key=$1 op=$2 ## Prepare for a crypto operation OP, using the KEY. This validates the - ## key label, reads the profile, and checks the access-control list. + ## key label, reads the profile, and checks the access-control list. If OP + ## is `-' then allow the operation unconditionally. ## Find the key properties. parse_keylabel "$key" @@ -434,6 +437,7 @@ prepare () { ## Check whether we're allowed to do this thing. This is annoyingly ## fiddly. + case $op in -) return ;; esac eval acl=\${kprop_acl_$op-!owner} verdict=forbid while :; do