X-Git-Url: https://git.distorted.org.uk/~mdw/distorted-keys/blobdiff_plain/c47f2aba7d705252c660ba1ad0931fbb93122d80..e787e19c99a9df4f49ac77237c58d43df3829e9f:/keyfunc.sh.in

diff --git a/keyfunc.sh.in b/keyfunc.sh.in
index ca14782..bad5af1 100644
--- a/keyfunc.sh.in
+++ b/keyfunc.sh.in
@@ -28,13 +28,14 @@ quis=${0##*/}
 ###--------------------------------------------------------------------------
 ### Configuration variables.
 
+## Automatically configured pathnames.
 PACKAGE="@PACKAGE@" VERSION="@VERSION@"
 bindir="@bindir@"
 
-case ":$PATH:" in *:"$bindir":*) ;; *) PATH=$bindir:$PATH ;; esac
-
+## Read user configuration.
 if [ -f $ETC/keys.conf ]; then . $ETC/keys.conf; fi
 
+## Maybe turn on debugging.
 case "${KEYS_DEBUG+t}" in t) set -x ;; esac
 
 ###--------------------------------------------------------------------------
@@ -163,7 +164,7 @@ getsysprofile () {
   profile=$1
   ## Write the named system PROFILE to standard output.
 
-  $bindir/extract-profile $ETC/profile.d/ "$profile"
+  $bindir/extract-profile "$profile" $ETC/profile.d/
 }
 
 setprops () {
@@ -227,9 +228,9 @@ defprops g_props <<EOF
 type			nil	$R_IDENT
 recovery		t	$R_WORDSEQ
 random			t	$R_WORD
-nubhash			t	$R_WORD
-nubidhash		t	$R_WORD
-nubsz			t	$R_NUMERIC
+nub_hash		t	$R_WORD
+nubid_hash		t	$R_WORD
+nub_random_bytes	t	$R_NUMERIC
 EOF
 
 readprops () {
@@ -265,20 +266,21 @@ readmeta () {
 
 makenub () {
   ## Generate a key nub in the default way, and write it to standard output.
-  ## The properties `random', `nubsz' and `nubhash' are referred to.
+  ## The properties `random', `nub_random_bytes' and `nub_hash' are referred
+  ## to.
 
   dd 2>/dev/null \
-    if=/dev/${kprop_random-random} bs=1 count=${kprop_nubsz-512} |
-  openssl dgst -${kprop_nubhash-sha384} -binary |
+    if=/dev/${kprop_random-random} bs=1 count=${kprop_nub_random_bytes-64} |
+  openssl dgst -${kprop_nub_hash-sha256} -binary |
   openssl base64
 }
 
 nubid () {
   ## Compute a hash of the key nub in stdin, and write it to stdout in hex.
-  ## The property `nubidhash' is used.
+  ## The property `nubid_hash' is used.
 
   { echo "distorted-keys nubid"; cat -; } |
-  openssl dgst -${kprop_nubidhash-sha256}
+  openssl dgst -${kprop_nubid_hash-sha256}
 }
 
 subst () {
@@ -353,7 +355,7 @@ read_profile () {
       userv "$user" cryptop-profile "$label" >$tmp/profile
       ;;
     nil)
-      $bindir/extract-profile $ETC/profile.d/ "$label" >$tmp/profile
+      $bindir/extract-profile "$label" $ETC/profile.d/ >$tmp/profile
       ;;
   esac
 
@@ -474,7 +476,7 @@ prepare () {
   done
 
   case $verdict in
-    forbid) echo >&2 "$quis: $op access to key \`$key' forbidden"; exit ;;
+    forbid) echo >&2 "$quis: $op access to key \`$key' forbidden"; exit 1 ;;
   esac
 }