Add print fingerprint via -F feature

To know the fingerprint used for a sec/pub/sig the option `-F` is added which works in combination with `-s`, `-p` or `-x`. It will load the file and and print the used fingerprint in hex. This feature was ported over from OpenWrt's usign[0], which is a slimmed simpler implementation of `signify`. [0]: https://git.openwrt.org/project/usign.git Signed-off-by: Paul Spooren <mail@aparcar.org>
aperezdc · Apr 9, 2020 · 42d950d · 42d950d
1 parent 8f699a4
commit 42d950d
Showing 1 changed file with 43 additions and 3 deletions.
diff --git a/signify.c b/signify.c
@@ -84,7 +84,8 @@ usage(const char *error)
 	    "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
 	    "\t%1$s -S [-enz] [-x sigfile] -s seckey -m message\n"
 #endif
-	    "\t%1$s -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message\n",
+	    "\t%1$s -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message\n"
+	    "\t%1$s -F [-p pubkey] [-s seckey ] [-x sigfile]\n",
 	    getprogname());
 	exit(1);
 }
@@ -547,6 +548,35 @@ verifysimple(const char *pubkeyfile, const char *msgfile, const char *sigfile,
 	free(msg);
 }
 
+static int
+fingerprint(const char *seckeyfile, const char *pubkeyfile, const char *sigfile)
+{
+	struct sig sig;
+	struct pubkey pubkey;
+	struct enckey enckey;
+	uint8_t *fp;
+
+	if (seckeyfile) {
+		readb64file(seckeyfile, &enckey, sizeof(enckey), NULL);
+		fp = enckey.keynum;
+	} else if (pubkeyfile) {
+		readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
+		fp = pubkey.keynum;
+	} else if (sigfile) {
+		readb64file(sigfile, &sig, sizeof(sig), NULL);
+		fp = sig.keynum;
+	} else
+		return 1;
+
+	int i;
+	for (i = 0; i < KEYNUMLEN; i++)
+	{
+	    printf("%02x", fp[i]);
+	}
+	printf("\n");
+	return 0;
+}
+
 static uint8_t *
 verifyembedded(const char *pubkeyfile, const char *sigfile,
     int quiet, unsigned long long *msglenp, const char *keytype)
@@ -769,13 +799,14 @@ main(int argc, char **argv)
 		CHECK,
 		GENERATE,
 		SIGN,
-		VERIFY
+		VERIFY,
+		FINGERPRINT
 	} verb = NONE;
 
 	if (pledge("stdio rpath wpath cpath tty", NULL) == -1)
 		err(1, "pledge");
 
-	while ((ch = getopt(argc, argv, "CGSVzc:em:np:qs:t:x:")) != -1) {
+	while ((ch = getopt(argc, argv, "CGSVFzc:em:np:qs:t:x:")) != -1) {
 		switch (ch) {
 #ifndef VERIFYONLY
 		case 'C':
@@ -802,6 +833,11 @@ main(int argc, char **argv)
 				usage(NULL);
 			verb = VERIFY;
 			break;
+		case 'F':
+			if (verb)
+				usage(NULL);
+			verb = FINGERPRINT;
+			break;
 		case 'c':
 			comment = optarg;
 			break;
@@ -909,6 +945,10 @@ main(int argc, char **argv)
 			    quiet, keytype);
 		}
 		break;
+	case FINGERPRINT:
+		if (!!seckeyfile + !!pubkeyfile + !!sigfile != 1)
+			usage("Need one secret/public key or signature");
+		return fingerprint(seckeyfile, pubkeyfile, sigfile);
 	default:
 		if (pledge("stdio", NULL) == -1)
 			err(1, "pledge");