~mdw / distorted-keys / blame
| Commit | Line | Data |
|---|---|---|
| c47f2aba MW |
1 | ### -*-sh-*- |
| 2 | ### | |
| 3 | ### Key type for B. Poettering's `Seccure' suite | |
| 4 | ### | |
| 5 | ### (c) 2011 Mark Wooding | |
| 6 | ### | |
| 7 | ||
| 8 | ###----- Licensing notice --------------------------------------------------- | |
| 9 | ### | |
| 10 | ### This file is part of the distorted.org.uk key management suite. | |
| 11 | ### | |
| 12 | ### distorted-keys is free software; you can redistribute it and/or modify | |
| 13 | ### it under the terms of the GNU General Public License as published by | |
| 14 | ### the Free Software Foundation; either version 2 of the License, or | |
| 15 | ### (at your option) any later version. | |
| 16 | ### | |
| 17 | ### distorted-keys is distributed in the hope that it will be useful, | |
| 18 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 19 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 20 | ### GNU General Public License for more details. | |
| 21 | ### | |
| 22 | ### You should have received a copy of the GNU General Public License | |
| 23 | ### along with distorted-keys; if not, write to the Free Software Foundation, | |
| 24 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
| 25 | ||
| 26 | ###-------------------------------------------------------------------------- | |
| 27 | ### Utility functions. | |
| 28 | ||
| 29 | run_seccure () { | |
| 30 | op=$1; shift | |
| 31 | ## run_seccure OP ARG ... | |
| 32 | ## | |
| 33 | ## Run a Seccure program, ensuring that its stderr is reported if it had | |
| 34 | ## anything very interesting to say, but suppressed if it was boring. | |
| 35 | ||
| 36 | set +e; seccure-$op "$@" 2>$tmp/seccure.out; rc=$?; set -e | |
| 37 | grep -v '^WARNING: Cannot obtain memory lock' $tmp/seccure.out >&2 || : | |
| 38 | return $rc | |
| 39 | } | |
| 40 | ||
| 41 | ###-------------------------------------------------------------------------- | |
| 42 | ### Key type definition. | |
| 43 | ||
| 44 | defprops k_props <<EOF | |
| 45 | curve t $R_LABEL | |
| 46 | tagsz t $R_NUMERIC | |
| 47 | EOF | |
| 48 | ||
| 49 | : ${kprop_curve=p256} | |
| 50 | : ${kprop_tagsz=128} | |
| 51 | ||
| 52 | k_public () { | |
| 53 | nub=$2 | |
| 54 | run_seccure key -q -c$kprop_curve -F"$nub" | |
| 55 | } | |
| 56 | ||
| 57 | k_generate () { | |
| 58 | base=$1 nub=$2 | |
| 59 | makenub >"$nub" | |
| 60 | k_public "$base" "$nub" >"$base/pub" | |
| 61 | } | |
| 62 | ||
| 63 | k_check () { | |
| 64 | base=$1 nub=$2 | |
| 65 | this=$(k_public "$base" "$nub") | |
| 66 | orig=$(cat "$base/pub") | |
| 67 | case "$orig" in "$this") return 0 ;; *) return 1 ;; esac | |
| 68 | } | |
| 69 | ||
| 70 | k_encrypt () { | |
| 71 | base=$1 | |
| d8dbaabf MW |
72 | run_seccure encrypt -q -c$kprop_curve -m$kprop_tagsz -F/dev/null -- \ |
| 73 | $(cat "$base/pub") | |
| c47f2aba MW |
74 | } |
| 75 | ||
| 76 | k_decrypt () { | |
| 77 | nub=$2 | |
| 78 | if ! run_seccure decrypt -q -c$kprop_curve -m$kprop_tagsz -F"$nub"; then | |
| 79 | echo >&2 "$quis: decryption failed" | |
| 80 | return 1 | |
| 81 | fi | |
| 82 | } | |
| 83 | ||
| 84 | k_sign () { | |
| 85 | nub=$2 | |
| 6f9b975f MW |
86 | sig=$(run_seccure sign -q -c$kprop_curve -F"$nub" -s/dev/stdout) |
| 87 | echo "$sig" | |
| c47f2aba MW |
88 | } |
| 89 | ||
| 90 | k_verify () { | |
| 91 | base=$1 sig=$3 | |
| d8dbaabf | 92 | if run_seccure verify -q -c$kprop_curve -F/dev/null -- \ |
| c47f2aba MW |
93 | $(cat "$base/pub") "$sig" |
| 94 | then :; else | |
| 95 | rc=$? | |
| 96 | echo >&2 "$quis: signature verification failed" | |
| 97 | return $rc | |
| 98 | fi | |
| 99 | } | |
| 100 | ||
| 101 | ###----- That's all, folks -------------------------------------------------- |