diff --git a/.clang-format b/.clang-format index 91fa8f2..1d831c8 100644 --- a/.clang-format +++ b/.clang-format @@ -94,7 +94,7 @@ IncludeIsMainSourceRegex: "" IndentCaseLabels: false IndentCaseBlocks: false IndentGotoLabels: true -IndentPPDirectives: None +IndentPPDirectives: AfterHash IndentExternBlock: AfterExternBlock IndentRequires: false IndentWidth: 4 diff --git a/.github/workflows/issues.yml b/.github/workflows/issues.yml new file mode 100644 index 0000000..c5bf530 --- /dev/null +++ b/.github/workflows/issues.yml @@ -0,0 +1,17 @@ +name: Close inactive issues +on: + schedule: + - cron: "30 1 * * *" + +jobs: + close-issues: + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write + steps: + - uses: actions/stale@v9 + with: + stale-issue-message: "This issue is stale because it has been open for 30 days with no activity." + close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale." + repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore index 16f0f34..a7bba71 100644 --- a/.gitignore +++ b/.gitignore @@ -23,5 +23,5 @@ CMakeFiles Makefile cmake_install.cmake minisign -zig-cache +.zig-cache zig-out diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 309f589..0000000 --- a/.travis.yml +++ /dev/null @@ -1,43 +0,0 @@ -sudo: required - -language: c - -os: - - linux - -compiler: - - gcc - -before_script: - - git clone https://github.com/jedisct1/libsodium.git --branch=stable - - cd libsodium - - env CPPFLAGS=-DED25519_NONDETERMINISTIC ./configure --disable-dependency-tracking - - make -j$(nproc) - - sudo make install - - sudo ldconfig - - cd .. - -script: - - rm -fr build - - mkdir build - - cd build - - cmake .. - - make -j$(nproc) - - cd .. - - - rm -fr build - - mkdir build - - cd build - - cmake -D STATIC_LIBSODIUM=1 .. - - make -j$(nproc) - - cd .. - - - rm -fr build - - mkdir build - - cd build - - cmake -D BUILD_STATIC_EXECUTABLES=1 .. - - make -j$(nproc) - - cd .. - -matrix: - - fast_finish: true diff --git a/CMakeLists.txt b/CMakeLists.txt index 48af32d..851156d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 2.8) +cmake_minimum_required(VERSION 3.10) project(minisign C) @@ -7,7 +7,7 @@ set(CPACK_PACKAGE_VENDOR "Frank Denis") set(CPACK_PACKAGE_DESCRIPTION_FILE "${CMAKE_CURRENT_SOURCE_DIR}/README.md") set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/LICENSE") set(CPACK_PACKAGE_VERSION_MAJOR "0") -set(CPACK_PACKAGE_VERSION_MINOR "10") +set(CPACK_PACKAGE_VERSION_MINOR "12") set(CPACK_PACKAGE_VERSION_PATCH "0") set( CPACK_SOURCE_PACKAGE_FILE_NAME diff --git a/Dockerfile b/Dockerfile index 82dd35b..8f3bc69 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ RUN apk add --no-cache upx ||: RUN curl https://download.libsodium.org/libsodium/releases/LATEST.tar.gz | tar xzvf - && cd libsodium-stable && env CFLAGS="-Os" CPPFLAGS="-DED25519_NONDETERMINISTIC=1" ./configure --disable-dependency-tracking && make -j$(nproc) check && make install && cd .. && rm -fr libsodium-stable COPY ./ ./ -RUN mkdir build && cd build && cmake -D BUILD_STATIC_EXECUTABLES=1 .. && make -j$(nproc) +RUN mkdir build && cd build && cmake -DCMAKE_BUILD_TYPE=MinSizeRel -DBUILD_STATIC_EXECUTABLES=1 .. && make -j$(nproc) RUN upx --lzma build/minisign ||: FROM scratch diff --git a/LICENSE b/LICENSE index 786feb4..3b5a8b8 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ ISC LICENSE. /* - * Copyright (c) 2015-2021 + * Copyright (c) 2015-2025 * Frank Denis * * Permission to use, copy, modify, and/or distribute this software for any diff --git a/README.md b/README.md index f039e8a..bfd82f4 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ ![CodeQL scan](https://github.com/jedisct1/minisign/workflows/CodeQL%20scan/badge.svg) -Minisign -======== +# Minisign Minisign is a dead simple tool to sign files and verify signatures. @@ -13,25 +12,39 @@ public key: RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3 -Compilation / installation --------------------------- +## Compilation / installation -## Using [Zig](https://ziglang.org): +## Building with Zig Dependencies: -* [libsodium](https://libsodium.org/) +- [libsodium](https://libsodium.org/) (_optional_) +- [zig](https://ziglang.org) -Compilation: +Compilation with libsodium, dynamically linked (libsodium will need to be installed on the system for the command to run): - $ zig build -Drelease-small + $ zig build -Doptimize=ReleaseSmall -## Using cmake and gcc or clang: +Compilation with libsodium, statically linked (libsodium will only be needed for compilation): -* [libsodium](https://libsodium.org/) -* cmake -* pkg-config -* gcc or clang + $ zig build -Doptimize=ReleaseSmall -Dstatic + +Compilation without libsodium, no dependencies required: + + $ zig build -Doptimize=ReleaseSmall -Dwithout-libsodium + +The resulting binary can be found in `zig-out/bin/minisign`. + +In all these examples, `ReleaseFast` can be replaced with `ReleaseSmall` to favor speed over size. + +## Building with cmake and gcc or clang: + +Dependencies: + +- [libsodium](https://libsodium.org/) (_required_) +- cmake +- pkg-config +- gcc or clang Compilation: @@ -49,6 +62,8 @@ or: $ cmake -D BUILD_STATIC_EXECUTABLES=1 .. +## Pre-built packages + Minisign is also available in Homebrew: $ brew install minisign @@ -65,37 +80,53 @@ Minisign is also available with docker: $ docker run -i --rm jedisct1/minisign -Additional tools, libraries and implementations ------------------------------------------------ +For example, verifying a signature using the docker image can be done +with: -* [minizign](https://github.com/jedisct1/zig-minisign) is a compact -implementation in Zig, that can also use ssh-encoded keys. -* [minisign-misc](https://github.com/JayBrown/minisign-misc) is a very -nice set of workflows and scripts for macOS to verify and sign files -with minisign. -* [go-minisign](https://github.com/jedisct1/go-minisign) is a small module -in Go to verify Minisign signatures. -* [rust-minisign](https://github.com/jedisct1/rust-minisign) is a Minisign -library written in pure Rust, that can be embedded in other applications. -* [rsign2](https://github.com/jedisct1/rsign2) is a reimplementation of -the command-line tool in Rust. -* [minisign (go)](https://github.com/aead/minisign) is a rewrite of Minisign -in the Go language. It reimplements the CLI but can also be used as a library. -* [minisign-verify](https://github.com/jedisct1/rust-minisign-verify) is -a small Rust crate to verify Minisign signatures. -* [minisign-net](https://github.com/bitbeans/minisign-net) is a .NET library -to handle and create Minisign signatures. -* [minisign](https://github.com/chm-diederichs/minisign) a Javascript -implementation. -* WebAssembly implementations of [rsign2](https://wapm.io/package/jedisct1/rsign2) -and [minisign-cli](https://wapm.io/package/jedisct1/minisign) are available on -WAPM. -* [minisign-php](https://github.com/soatok/minisign-php) is a PHP implementation. -* [py-minisign](https://github.com/x13a/py-minisign) is a Python -implementation. + $ docker run -v .:/minisign -e HOME=/minisign -w /minisign \ + -it --rm jedisct1/minisign \ + -Vm file_to_verify -p minisign.pub -Signature determinism ---------------------- +The image can be verified with the following cosign public key: + +```text +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExjZWrlc6c58W7ZzmQnx6mugty99C +OQTDtJeciX9LF9hEbs1J1fzZHRdRhV4OTqcq0jTW9PXnrSSZlk1fbkE/5w== +-----END PUBLIC KEY----- +``` + +## Additional tools, libraries and implementations + +- [minizign](https://github.com/jedisct1/zig-minisign) is a compact + implementation in Zig, that can also use ssh-encoded keys. +- [minisign-misc](https://github.com/JayBrown/minisign-misc) is a very + nice set of workflows and scripts for macOS to verify and sign files + with minisign. +- [go-minisign](https://github.com/jedisct1/go-minisign) is a small module + in Go to verify Minisign signatures. +- [rust-minisign](https://github.com/jedisct1/rust-minisign) is a Minisign + library written in pure Rust, that can be embedded in other applications. +- [rsign2](https://github.com/jedisct1/rsign2) is a reimplementation of + the command-line tool in Rust. +- [minisign (go)](https://github.com/aead/minisign) is a rewrite of Minisign + in the Go language. It reimplements the CLI but can also be used as a library. +- [minisign-verify](https://github.com/jedisct1/rust-minisign-verify) is + a small Rust crate to verify Minisign signatures. +- [minisign-net](https://github.com/bitbeans/minisign-net) is a .NET library + to handle and create Minisign signatures. +- [minisign](https://github.com/chm-diederichs/minisign) a Javascript + implementation. +- WebAssembly implementations of [rsign2](https://wapm.io/package/jedisct1/rsign2) + and [minisign-cli](https://wapm.io/package/jedisct1/minisign) are available on + WAPM. +- [minisign-php](https://github.com/soatok/minisign-php) is a PHP implementation. +- [py-minisign](https://github.com/x13a/py-minisign) is a Python + implementation. +- [minisign](https://hexdocs.pm/minisign/Minisign.html) is an Elixir implementation + (verification only) + +## Signature determinism This implementation uses deterministic signatures, unless libsodium was compiled with the `ED25519_NONDETERMINISTIC` macro defined. This diff --git a/build-dist-package.sh b/build-dist-package.sh new file mode 100755 index 0000000..3762743 --- /dev/null +++ b/build-dist-package.sh @@ -0,0 +1,4 @@ +#! /bin/sh + +tar czpvf minisign-0.12.tar.gz $(git ls-files) +minisign -Sm minisign-0.12.tar.gz diff --git a/build.zig b/build.zig index 29b0e8b..410a936 100644 --- a/build.zig +++ b/build.zig @@ -1,17 +1,80 @@ +const builtin = @import("builtin"); const std = @import("std"); -pub fn build(b: *std.build.Builder) !void { - var target = b.standardTargetOptions(.{}); - const mode = b.standardReleaseOptions(); +pub fn build(b: *std.Build) !void { + const target = b.standardTargetOptions(.{}); + const optimize = b.standardOptimizeOption(.{}); + + const use_libzodium = b.option(bool, "without-libsodium", "Use the zig standard library instead of libsodium") orelse false; + const use_static_linking = b.option(bool, "static", "Statically link the binary") orelse false; + + const minisign = b.addExecutable(.{ + .name = "minisign", + .target = target, + .optimize = optimize, + .strip = true, + }); + + if (builtin.zig_version.major == 0 and builtin.zig_version.minor < 14) { + @compileError("Building requires Zig 0.14.0 or later"); + } + + // fix Mach-O relocation + minisign.headerpad_max_install_names = true; - const minisign = b.addExecutable("minisign", null); - minisign.setTarget(target); - minisign.setBuildMode(mode); - minisign.install(); minisign.linkLibC(); - minisign.linkSystemLibrary("sodium"); + if (use_libzodium) { + var libzodium = lib: { + const libzodium_mod = b.createModule(.{ + .root_source_file = b.path("src/libzodium/libzodium.zig"), + .target = target, + .optimize = optimize, + }); + break :lib b.addStaticLibrary(.{ + .name = "zodium", + .root_module = libzodium_mod, + .strip = true, + }); + }; + libzodium.linkLibC(); + b.installArtifact(libzodium); + minisign.root_module.addCMacro("LIBZODIUM", "1"); + minisign.linkLibrary(libzodium); + } else { + var override_pkgconfig = false; + if (std.posix.getenv("LIBSODIUM_INCLUDE_PATH")) |path| { + minisign.addSystemIncludePath(.{ .cwd_relative = path }); + override_pkgconfig = true; + } + if (std.posix.getenv("LIBSODIUM_LIB_PATH")) |path| { + minisign.addLibraryPath(.{ .cwd_relative = path }); + override_pkgconfig = true; + } - minisign.addIncludeDir("src"); - minisign.addSystemIncludeDir("/usr/local/include"); - minisign.addCSourceFiles(&.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" }, &.{}); + for ([_][]const u8{ "/opt/homebrew/include", "/home/linuxbrew/.linuxbrew/include", "/usr/local/include" }) |path| { + std.fs.accessAbsolute(path, .{}) catch continue; + minisign.addSystemIncludePath(.{ .cwd_relative = path }); + } + for ([_][]const u8{ "/opt/homebrew/lib", "/home/linuxbrew/.linuxbrew/lib", "/usr/local/lib" }) |path| { + std.fs.accessAbsolute(path, .{}) catch continue; + minisign.addLibraryPath(.{ .cwd_relative = path }); + } + if (!use_static_linking) { + minisign.headerpad_max_install_names = true; // required to compile using Homebrew, see https://github.com/jedisct1/minisign/pull/155 + } + minisign.root_module.linkSystemLibrary( + "sodium", + .{ + .use_pkg_config = if (override_pkgconfig) .no else .yes, + .preferred_link_mode = if (use_static_linking) .static else .dynamic, + }, + ); + } + minisign.addIncludePath(b.path("src")); + + minisign.root_module.addCMacro("_GNU_SOURCE", "1"); + const source_files = &.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" }; + minisign.addCSourceFiles(.{ .files = source_files }); + + b.installArtifact(minisign); } diff --git a/build.zig.zon b/build.zig.zon new file mode 100644 index 0000000..ec67418 --- /dev/null +++ b/build.zig.zon @@ -0,0 +1,13 @@ +.{ + .name = .minisign, + .version = "0.12.0", + .fingerprint = 0x280456c1fd373c55, + .paths = .{ + "LICEMSE", + "README.md", + "build.zig", + "build.zig.zon", + "src", + "share", + }, +} diff --git a/cosign.pub b/cosign.pub new file mode 100644 index 0000000..2103773 --- /dev/null +++ b/cosign.pub @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExjZWrlc6c58W7ZzmQnx6mugty99C +OQTDtJeciX9LF9hEbs1J1fzZHRdRhV4OTqcq0jTW9PXnrSSZlk1fbkE/5w== +-----END PUBLIC KEY----- diff --git a/share/man/man1/minisign.1 b/share/man/man1/minisign.1 index 0b3612d..346581b 100644 --- a/share/man/man1/minisign.1 +++ b/share/man/man1/minisign.1 @@ -1,22 +1,25 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "MINISIGN" "1" "June 2020" "" "" +.TH "MINISIGN" "1" "March 2025" "" "" . .SH "NAME" \fBminisign\fR \- A dead simple tool to sign files and verify signatures\. . .SH "SYNOPSIS" -\fBminisign\fR \-G [\-p pubkey] [\-s seckey] +\fBminisign\fR \-G [\-p pubkey_file] [\-s seckey_file] [\-W] . .P -\fBminisign\fR \-S [\-H] [\-x sigfile] [\-s seckey] [\-c untrusted_comment] [\-t trusted_comment] \-m file [file \.\.\.] +\fBminisign\fR \-R [\-s seckey_file] [\-p pubkey_file] . .P -\fBminisign\fR \-V [\-x sigfile] [\-p pubkeyfile | \-P pubkey] [\-o] [\-q] \-m file +\fBminisign\fR \-C [\-s seckey_file] [\-W] . .P -\fBminisign\fR \-R \-s seckey \-p pubkeyfile +\fBminisign\fR \-S [\-H] [\-x sig_file] [\-s seckey_file] [\-c untrusted_comment] [\-t trusted_comment] \-m file [file \.\.\.] +. +.P +\fBminisign\fR \-V [\-x sig_file] [\-p pubkey_file | \-P pubkey] [\-o] [\-q] \-m file . .SH "DESCRIPTION" \fBMinisign\fR is a dead simple tool to sign files and verify signatures\. @@ -32,6 +35,14 @@ These options control the actions of \fBminisign\fR\. Generate a new key pair . .TP +\fB\-C\fR +Change/remove the password of a secret key +. +.TP +\fB\-R\fR +Recreate a public key file from a secret key file +. +.TP \fB\-S\fR Sign files . @@ -40,6 +51,14 @@ Sign files Verify that a signature is valid for a given file . .TP +\fB\-H\fR +Requires the input to be prehashed +. +.TP +\fB\-l\fR +Sign using the legacy format +. +.TP \fB\-m \fR File to sign/verify . @@ -48,11 +67,7 @@ File to sign/verify Combined with \-V, output the file content after verification . .TP -\fB\-H\fR -Combined with \-S, pre\-hash in order to sign large files -. -.TP -\fB\-p \fR +\fB\-p \fR Public key file (default: \./minisign\.pub) . .TP @@ -60,11 +75,15 @@ Public key file (default: \./minisign\.pub) Public key, as a base64 string . .TP -\fB\-s \fR +\fB\-s \fR Secret key file (default: ~/\.minisign/minisign\.key) . .TP -\fB\-x \fR +\fB\-W\fR +Do not encrypt/decrypt the secret key with a password +. +.TP +\fB\-x \fR Signature file (default: \.minisig) . .TP @@ -84,10 +103,6 @@ Quiet mode, suppress output Pretty quiet mode, only print the trusted comment . .TP -\fB\-R\fR -Recreate a public key file from a secret key file -. -.TP \fB\-f\fR Force\. Combined with \-G, overwrite a previous key pair . @@ -137,53 +152,17 @@ This requires the signature \fBmyfile\.txt\.minisig\fR to be present in the same .P The public key can either reside in a file (\fB\./minisign\.pub\fR by default) or be directly specified on the command line\. . -.SH "Notes" -\fBTrusted comments\fR +.SH "NOTES" +Signature files include an untrusted comment line that can be freely modified even after the signature is created\. . .P -Signature files include an untrusted comment line that can be freely modified, even after signature creation\. +They also include a second comment line that cannot be modified without the secret key\. . .P -They also include a second comment line, that cannot be modified without the secret key\. +Trusted comments can be used to add instructions or application\-specific metadata such as the intended file name, timestamps, resource identifiers, or version numbers to prevent downgrade attacks\. . .P -Trusted comments can be used to add instructions or application\-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks)\. -. -.P -\fBCompatibility with OpenBSD signify\fR -. -.P -Signatures written by \fBminisign\fR can be verified using OpenBSD\'s \fBsignify\fR tool: public key files and signature files are compatible\. -. -.P -However, \fBminisign\fR uses a slightly different format to store secret keys\. -. -.P -\fBMinisign\fR signatures include trusted comments in addition to untrusted comments\. Trusted comments are signed, thus verified, before being displayed\. -. -.P -This adds two lines to the signature files, that signify silently ignores\. -. -.P -\fBPre\-hashing\fR -. -.P -By default, signing and verification require as much memory as the size of the file\. -. -.P -Since \fBMinisign 0\.6\fR, huge files can be signed and verified with very low memory requirements, by pre\-hashing the content\. -. -.P -The \-H command\-line switch, in combination with \-S, generates a pre\-hashed signature (HashEdDSA): -. -.P -$ \fBminisign\fR \-SHm myfile\.txt -. -.P -Verification of such a signature doesn\'t require any specific switch: the appropriate algorithm will automatically be detected\. -. -.P -Signatures generated that way are not compatible with OpenBSD\'s \fBsignify\fR tool and are not compatible with \fBMinisign\fR versions prior to 0\.6\. +OpenBSD\'s \fBsignify(1)\fR is conceptually similar to Minisign\. Minisign creates signatures that can be verified by \fBsignify\fR; however, signatures created by \fBsignify\fR cannot be verified with Minisign because Minisign expects a trusted comment section to be present\. Trusted comments are crucial for describing what has been signed, in addition to merely confirming that a signature exists\. . .SH "AUTHOR" Frank Denis (github [at] pureftpd [dot] org) diff --git a/src/base64.c b/src/base64.c index 42a8429..c06a4cb 100644 --- a/src/base64.c +++ b/src/base64.c @@ -52,7 +52,7 @@ b64_to_bin(unsigned char *const bin, const char *b64, size_t bin_maxlen, size_t REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE }; const unsigned char *b64_u = (const unsigned char *) b64; - unsigned char * bin_w = bin; + unsigned char *bin_w = bin; unsigned char mask = 0U; unsigned char t0 = 0, t1 = 0, t2 = 0, t3 = 0; uint32_t t = 0; diff --git a/src/get_line.c b/src/get_line.c index 328de78..e29e2eb 100644 --- a/src/get_line.c +++ b/src/get_line.c @@ -1,6 +1,6 @@ #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) -#include +# include #endif #include @@ -10,19 +10,19 @@ #include #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) -#include -#include -#include -#include +# include +# include +# include +# include #elif defined(_WIN32) -#include +# include #endif #include "get_line.h" #include "helpers.h" #ifndef TCSAFLUSH -#define TCSAFLUSH 0 +# define TCSAFLUSH 0 #endif #ifndef VERIFY_ONLY @@ -33,7 +33,7 @@ disable_echo(void) fflush(stdout); fflush(stderr); -#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) +# if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) { struct termios p; @@ -43,7 +43,7 @@ disable_echo(void) p.c_lflag &= ~ECHO; tcsetattr(0, TCSAFLUSH, &p); } -#elif defined(_WIN32) +# elif defined(_WIN32) { HANDLE handle = GetStdHandle(STD_INPUT_HANDLE); DWORD mode = 0; @@ -51,7 +51,7 @@ disable_echo(void) GetConsoleMode(handle, &mode); SetConsoleMode(handle, mode & ~ENABLE_ECHO_INPUT); } -#endif +# endif } static void @@ -60,7 +60,7 @@ enable_echo(void) fflush(stdout); fflush(stderr); -#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) +# if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) { struct termios p; @@ -70,7 +70,7 @@ enable_echo(void) p.c_lflag |= ECHO; tcsetattr(0, TCSAFLUSH, &p); } -#elif defined(_WIN32) +# elif defined(_WIN32) { HANDLE handle = GetStdHandle(STD_INPUT_HANDLE); DWORD mode = 0; @@ -78,7 +78,7 @@ enable_echo(void) GetConsoleMode(handle, &mode); SetConsoleMode(handle, mode | ENABLE_ECHO_INPUT); } -#endif +# endif } int diff --git a/src/helpers.c b/src/helpers.c index 073fe4a..5a1b2fc 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -1,10 +1,10 @@ #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) -#include -#include -#include +# include +# include +# include #elif defined(_WIN32) -#include +# include #endif #include @@ -14,7 +14,11 @@ #include #include -#include +#ifdef LIBZODIUM +# include "libzodium/sodium.h" +#else +# include +#endif #include "base64.h" #include "helpers.h" @@ -100,7 +104,7 @@ xor_buf(unsigned char *dst, const unsigned char *src, size_t len) int xfprintf(FILE *fp, const char *format, ...) { - char * out; + char *out; size_t out_maxlen = 4096U; int len; va_list va; @@ -126,7 +130,7 @@ int xfput_b64(FILE *fp, const unsigned char *bin, size_t bin_len) { const size_t b64_maxlen = (bin_len + 2) * 4 / 3 + 1; - char * b64; + char *b64; b64 = xsodium_malloc(b64_maxlen); if (bin_to_b64(b64, bin, b64_maxlen, bin_len) == NULL) { @@ -151,16 +155,21 @@ xfclose(FILE *fp) return 0; } -void +int trim(char *str) { size_t i = strlen(str); + int t = 0; while (i-- > (size_t) 0U) { - if (str[i] == '\n' || str[i] == '\r') { + if (str[i] == '\n') { + str[i] = 0; + t = 1; + } else if (str[i] == '\r') { str[i] = 0; } } + return t; } const char * @@ -193,7 +202,7 @@ int basedir_create_useronly(const char *file) { const char *basename; - char * dir; + char *dir; int ret = -1; dir = xstrdup(file); diff --git a/src/helpers.h b/src/helpers.h index a97ff60..5ef815d 100644 --- a/src/helpers.h +++ b/src/helpers.h @@ -6,12 +6,12 @@ #include #if !defined(__GNUC__) && !defined(__attribute__) -#define __attribute__(X) +# define __attribute__(X) #endif #ifdef _WIN32 -#define DIR_SEP '\\' +# define DIR_SEP '\\' #else -#define DIR_SEP '/' +# define DIR_SEP '/' #endif uint64_t le64_load(const unsigned char *p); @@ -36,7 +36,7 @@ int xfprintf(FILE *fp, const char *format, ...) __attribute__((format(printf, 2, int xfclose(FILE *fp); -void trim(char *str); +int trim(char *str); const char *file_basename(const char *file); diff --git a/src/libzodium/libzodium.zig b/src/libzodium/libzodium.zig new file mode 100644 index 0000000..919252d --- /dev/null +++ b/src/libzodium/libzodium.zig @@ -0,0 +1,120 @@ +const std = @import("std"); +const crypto = std.crypto; +const mem = std.mem; +const Ed25519 = crypto.sign.Ed25519; + +export fn sodium_init() callconv(.C) c_int { + return 0; +} + +export fn sodium_memzero(pnt: [*c]u8, len: usize) callconv(.C) void { + crypto.utils.secureZero(u8, pnt[0..len]); +} + +export fn randombytes_buf(pnt: [*c]u8, len: usize) callconv(.C) void { + crypto.random.bytes(pnt[0..len]); +} + +export fn sodium_malloc(len: usize) callconv(.C) ?*anyopaque { + return std.c.malloc(len); +} + +export fn sodium_free(pnt: ?*anyopaque) callconv(.C) void { + return std.c.free(pnt); +} + +export fn crypto_pwhash_scryptsalsa208sha256( + out: [*c]u8, + outlen: c_ulonglong, + passwd: [*c]const u8, + passwdlen: c_ulonglong, + salt: [*c]const u8, + opslimit: c_ulonglong, + memlimit: usize, +) callconv(.C) c_int { + crypto.pwhash.scrypt.kdf( + std.heap.c_allocator, + out[0..@intCast(outlen)], + passwd[0..@intCast(passwdlen)], + salt[0..32], + crypto.pwhash.scrypt.Params.fromLimits(opslimit, memlimit), + ) catch return -1; + return 0; +} + +const crypto_generichash_state = crypto.hash.blake2.Blake2b512; + +export fn crypto_generichash_init( + state: *crypto_generichash_state, + _: [*c]const u8, + _: usize, + outlen: usize, +) c_int { + state.* = crypto.hash.blake2.Blake2b512.init(.{ .expected_out_bits = outlen * 8 }); + return 0; +} + +export fn crypto_generichash_update( + state: *crypto_generichash_state, + in: [*c]const u8, + inlen: c_ulonglong, +) c_int { + state.*.update(in[0..@intCast(inlen)]); + return 0; +} + +export fn crypto_generichash_final( + state: *crypto_generichash_state, + out: [*c]u8, + outlen: usize, +) c_int { + var h: [64]u8 = undefined; + state.*.final(&h); + @memcpy(out[0..outlen], h[0..outlen]); + return 0; +} + +export fn crypto_sign_keypair(pk: [*c]u8, sk: [*c]u8) callconv(.C) c_int { + const kp = if (std.meta.hasFn(Ed25519.KeyPair, "generate")) Ed25519.KeyPair.generate() else (Ed25519.KeyPair.create(null) catch return -1); + pk[0..32].* = kp.public_key.toBytes(); + sk[0..64].* = kp.secret_key.toBytes(); + return 0; +} + +export fn crypto_sign_detached( + sig_bytes: [*c]u8, + _: [*c]c_ulonglong, + m: [*c]const u8, + mlen: c_ulonglong, + sk_bytes: [*c]const u8, +) callconv(.C) c_int { + const sk = Ed25519.SecretKey.fromBytes(sk_bytes[0..64].*) catch return -1; + const kp = Ed25519.KeyPair.fromSecretKey(sk) catch return -1; + var noise: [Ed25519.noise_length]u8 = undefined; + crypto.random.bytes(&noise); + const s = kp.sign(m[0..@intCast(mlen)], noise) catch return -1; + sig_bytes[0..64].* = s.toBytes(); + return 0; +} + +export fn crypto_sign_verify_detached( + sig_bytes: [*c]const u8, + m: [*c]const u8, + mlen: c_ulonglong, + pk_bytes: [*c]const u8, +) callconv(.C) c_int { + const pk = Ed25519.PublicKey.fromBytes(pk_bytes[0..32].*) catch return -1; + const sig = Ed25519.Signature.fromBytes(sig_bytes[0..64].*); + sig.verify(m[0..@intCast(mlen)], pk) catch return 1; + return 0; +} + +export fn sodium_bin2hex( + hex: [*c]u8, + hex_maxlen: usize, + bin: [*c]const u8, + bin_len: usize, +) callconv(.C) [*c]u8 { + _ = std.fmt.bufPrint(hex[0..hex_maxlen], "{s}", .{std.fmt.fmtSliceHexLower(bin[0..bin_len])}) catch return null; + return hex; +} diff --git a/src/libzodium/sodium.h b/src/libzodium/sodium.h new file mode 100644 index 0000000..5a1bc8d --- /dev/null +++ b/src/libzodium/sodium.h @@ -0,0 +1,62 @@ +#pragma once + +#include + +int sodium_init(void) __attribute__((warn_unused_result)); +; + +void sodium_memzero(void* const pnt, const size_t len); + +void randombytes_buf(void* const buf, const size_t size) __attribute__((nonnull)); + +void* sodium_malloc(const size_t size) __attribute__((malloc)); + +void sodium_free(void* ptr); + +#define crypto_pwhash_scryptsalsa208sha256_SALTBYTES 32U +#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN 32768U +#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN 16777216U +#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE 33554432U +#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE 1073741824U + +int crypto_pwhash_scryptsalsa208sha256(unsigned char* const out, + unsigned long long outlen, + const char* const passwd, + unsigned long long passwdlen, + const unsigned char* const salt, + unsigned long long opslimit, + size_t memlimit) __attribute__((warn_unused_result)) +__attribute__((nonnull)); + +typedef struct crypto_generichash_state { + unsigned char opaque[512]; +} crypto_generichash_state; + +#define crypto_generichash_BYTES_MAX 64U +#define crypto_generichash_BYTES 32U + +int crypto_generichash_init(crypto_generichash_state* state, const unsigned char* key, + const size_t keylen, const size_t outlen) __attribute__((nonnull(1))); + +int crypto_generichash_update(crypto_generichash_state* state, + const unsigned char* in, + unsigned long long inlen) __attribute__((nonnull(1))); + +int crypto_generichash_final(crypto_generichash_state* state, unsigned char* out, + const size_t outlen) __attribute__((nonnull)); + +#define crypto_sign_SECRETKEYBYTES 64 +#define crypto_sign_PUBLICKEYBYTES 32 +#define crypto_sign_BYTES 64 + +int crypto_sign_keypair(unsigned char* pk, unsigned char* sk) __attribute__((nonnull)); + +int crypto_sign_detached(unsigned char* sig, unsigned long long* siglen_p, const unsigned char* m, + unsigned long long mlen, const unsigned char* sk) + __attribute__((nonnull(1, 5))); + +int crypto_sign_verify_detached(const unsigned char* sig, + const unsigned char* m, + unsigned long long mlen, + const unsigned char* pk) __attribute__((warn_unused_result)) +__attribute__((nonnull(1, 4))); \ No newline at end of file diff --git a/src/manpage.md b/src/manpage.md index 8dcce2a..c85e140 100644 --- a/src/manpage.md +++ b/src/manpage.md @@ -1,18 +1,20 @@ -minisign(1) -- A dead simple tool to sign files and verify signatures. -====================================================================== + +# minisign(1) -- A dead simple tool to sign files and verify signatures. ## SYNOPSIS -`minisign` -G [-p pubkey] [-s seckey] +`minisign` -G [-p pubkey_file] [-s seckey_file] [-W] -`minisign` -S [-H] [-x sigfile] [-s seckey] [-c untrusted_comment] [-t trusted_comment] -m file [file ...] +`minisign` -R [-s seckey_file] [-p pubkey_file] -`minisign` -V [-x sigfile] [-p pubkeyfile | -P pubkey] [-o] [-q] -m file +`minisign` -C [-s seckey_file] [-W] -`minisign` -R -s seckey -p pubkeyfile +`minisign` -S [-H] [-x sig_file] [-s seckey_file] [-c untrusted_comment] [-t trusted_comment] -m file [file ...] + +`minisign` -V [-x sig_file] [-p pubkey_file | -P pubkey] [-o] [-q] -m file ## DESCRIPTION @@ -24,41 +26,46 @@ It is portable, lightweight, and uses the highly secure [Ed25519](http://ed25519 These options control the actions of `minisign`. - * `-G`: - Generate a new key pair - * `-S`: - Sign files - * `-V`: - Verify that a signature is valid for a given file - * `-m `: - File to sign/verify - * `-o`: - Combined with -V, output the file content after verification - * `-H`: - Combined with -S, pre-hash in order to sign large files - * `-p `: - Public key file (default: ./minisign.pub) - * `-P `: - Public key, as a base64 string - * `-s `: - Secret key file (default: ~/.minisign/minisign.key) - * `-x `: - Signature file (default: <file>.minisig) - * `-c `: - Add a one-line untrusted comment - * `-t `: - Add a one-line trusted comment - * `-q`: - Quiet mode, suppress output - * `-Q`: - Pretty quiet mode, only print the trusted comment - * `-R`: - Recreate a public key file from a secret key file - * `-f`: - Force. Combined with -G, overwrite a previous key pair - * `-v`: - Display version number - +- `-G`: + Generate a new key pair +- `-C`: + Change/remove the password of a secret key +- `-R`: + Recreate a public key file from a secret key file +- `-S`: + Sign files +- `-V`: + Verify that a signature is valid for a given file +- `-H`: + Requires the input to be prehashed +- `-l`: + Sign using the legacy format +- `-m `: + File to sign/verify +- `-o`: + Combined with -V, output the file content after verification +- `-p `: + Public key file (default: ./minisign.pub) +- `-P `: + Public key, as a base64 string +- `-s `: + Secret key file (default: ~/.minisign/minisign.key) +- `-W`: + Do not encrypt/decrypt the secret key with a password +- `-x `: + Signature file (default: <file>.minisig) +- `-c `: + Add a one-line untrusted comment +- `-t `: + Add a one-line trusted comment +- `-q`: + Quiet mode, suppress output +- `-Q`: + Pretty quiet mode, only print the trusted comment +- `-f`: + Force. Combined with -G, overwrite a previous key pair +- `-v`: + Display version number ## EXAMPLES @@ -71,7 +78,7 @@ The public key is printed and put into the `minisign.pub` file. The secret key i Signing files $ `minisign` -Sm myfile.txt -$ `minisign` -Sm myfile.txt myfile2.txt *.c +$ `minisign` -Sm myfile.txt myfile2.txt \*.c Or to include a comment in the signature, that will be verified and displayed when verifying the file: @@ -81,7 +88,7 @@ The secret key is loaded from `${MINISIGN_CONFIG_DIR}/minisign.key`, `~/.minisig Verifying a file -$ `minisign` -Vm myfile.txt -P <pubkey> +$ `minisign` -Vm myfile.txt -P <pubkey> or @@ -91,39 +98,15 @@ This requires the signature `myfile.txt.minisig` to be present in the same direc The public key can either reside in a file (`./minisign.pub` by default) or be directly specified on the command line. -## Notes +## NOTES -**Trusted comments** +Signature files include an untrusted comment line that can be freely modified even after the signature is created. -Signature files include an untrusted comment line that can be freely modified, even after signature creation. +They also include a second comment line that cannot be modified without the secret key. -They also include a second comment line, that cannot be modified without the secret key. +Trusted comments can be used to add instructions or application-specific metadata such as the intended file name, timestamps, resource identifiers, or version numbers to prevent downgrade attacks. -Trusted comments can be used to add instructions or application-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks). - -**Compatibility with OpenBSD signify** - -Signatures written by `minisign` can be verified using OpenBSD's `signify` tool: public key files and signature files are compatible. - -However, `minisign` uses a slightly different format to store secret keys. - -`Minisign` signatures include trusted comments in addition to untrusted comments. Trusted comments are signed, thus verified, before being displayed. - -This adds two lines to the signature files, that signify silently ignores. - -**Pre-hashing** - -By default, signing and verification require as much memory as the size of the file. - -Since `Minisign 0.6`, huge files can be signed and verified with very low memory requirements, by pre-hashing the content. - -The -H command-line switch, in combination with -S, generates a pre-hashed signature (HashEdDSA): - -$ `minisign` -SHm myfile.txt - -Verification of such a signature doesn't require any specific switch: the appropriate algorithm will automatically be detected. - -Signatures generated that way are not compatible with OpenBSD's `signify` tool and are not compatible with `Minisign` versions prior to 0.6. +OpenBSD's `signify(1)` is conceptually similar to Minisign. Minisign creates signatures that can be verified by `signify`; however, signatures created by `signify` cannot be verified with Minisign because Minisign expects a trusted comment section to be present. Trusted comments are crucial for describing what has been signed, in addition to merely confirming that a signature exists. ## AUTHOR diff --git a/src/minisign.c b/src/minisign.c index 99a681d..0444716 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -10,7 +10,11 @@ #include #include -#include +#ifdef LIBZODIUM +# include "libzodium/sodium.h" +#else +# include +#endif #include "base64.h" #include "get_line.h" @@ -18,7 +22,7 @@ #include "minisign.h" #ifndef VERIFY_ONLY -static const char *getopt_options = "GSVRHhc:flm:oP:p:qQs:t:vx:"; +static const char *getopt_options = "CGSVRHhc:flm:oP:p:qQs:t:vWx:"; #else static const char *getopt_options = "VhHm:oP:p:qQvx:"; #endif @@ -31,30 +35,30 @@ usage(void) puts( "Usage:\n" #ifndef VERIFY_ONLY - "minisign -G [-p pubkey] [-s seckey]\n" - "minisign -S [-l] [-x sigfile] [-s seckey] [-c untrusted_comment] [-t trusted_comment] -m " - "file [file ...]\n" -#endif - "minisign -V [-H] [-x sigfile] [-p pubkeyfile | -P pubkey] [-o] [-q] -m file\n" -#ifndef VERIFY_ONLY - "minisign -R -s seckey -p pubkeyfile\n" + "minisign -G [-f] [-p pubkey_file] [-s seckey_file] [-W]\n" + "minisign -R [-s seckey_file] [-p pubkey_file]\n" + "minisign -C [-s seckey_file] [-W]\n" + "minisign -S [-l] [-x sig_file] [-s seckey_file] [-c untrusted_comment]\n" + " [-t trusted_comment] -m file [file ...]\n" #endif + "minisign -V [-H] [-x sig_file] [-p pubkey_file | -P pubkey] [-o] [-q] -m file\n" "\n" #ifndef VERIFY_ONLY "-G generate a new key pair\n" -#endif - "-H require input to be prehashed\n" -#ifndef VERIFY_ONLY + "-R recreate a public key file from a secret key file\n" + "-C change/remove the password of the secret key\n" "-S sign files\n" #endif "-V verify that a signature is valid for a given file\n" + "-H require input to be prehashed\n" "-l sign using the legacy format\n" "-m file to sign/verify\n" "-o combined with -V, output the file content after verification\n" - "-p public key file (default: ./minisign.pub)\n" + "-p public key file (default: ./minisign.pub)\n" "-P public key, as a base64 string\n" #ifndef VERIFY_ONLY - "-s secret key file (default: ~/.minisign/minisign.key)\n" + "-s secret key file (default: ~/.minisign/minisign.key)\n" + "-W do not encrypt/decrypt the secret key with a password\n" #endif "-x signature file (default: .minisig)\n" #ifndef VERIFY_ONLY @@ -63,9 +67,6 @@ usage(void) #endif "-q quiet mode, suppress output\n" "-Q pretty quiet mode, only print the trusted comment\n" -#ifndef VERIFY_ONLY - "-R recreate a public key file from a secret key file\n" -#endif "-f force. Combined with -G, overwrite a previous key pair\n" "-v display version number\n"); exit(2); @@ -76,8 +77,8 @@ message_load_hashed(size_t *message_len, const char *message_file) { crypto_generichash_state hs; unsigned char buf[65536U]; - unsigned char * message; - FILE * fp; + unsigned char *message; + FILE *fp; size_t n; if ((fp = fopen(message_file, "rb")) == NULL) { @@ -101,7 +102,7 @@ message_load_hashed(size_t *message_len, const char *message_file) static unsigned char * message_load(size_t *message_len, const char *message_file, int hashed) { - FILE * fp; + FILE *fp; unsigned char *message; off_t message_len_; @@ -130,7 +131,7 @@ static int output_file(const char *message_file) { unsigned char buf[65536U]; - FILE * fp; + FILE *fp; size_t n; if ((fp = fopen(message_file, "rb")) == NULL) { @@ -155,9 +156,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int { char comment[COMMENTMAXBYTES]; SigStruct *sig_struct; - FILE * fp; - char * global_sig_s; - char * sig_s; + FILE *fp; + char *global_sig_s; + char *sig_s; size_t global_sig_len; size_t global_sig_s_size; size_t sig_s_size; @@ -169,6 +170,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int if (fgets(comment, (int) sizeof comment, fp) == NULL) { exit_msg("Error while reading the signature file"); } + if (trim(comment) == 0) { + exit_msg("Untrusted signature comment too long"); + } if (strncmp(comment, COMMENT_PREFIX, (sizeof COMMENT_PREFIX) - 1U) != 0) { exit_msg( "Untrusted signature comment should start with " @@ -179,7 +183,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int if (fgets(sig_s, (int) sig_s_size, fp) == NULL) { exit_msg("Error while reading the signature file"); } - trim(sig_s); + if (trim(sig_s) == 0) { + exit_msg("Signature too long"); + } if (fgets(trusted_comment, (int) trusted_comment_maxlen, fp) == NULL) { exit_msg("Trusted comment not present"); } @@ -192,7 +198,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int memmove(trusted_comment, trusted_comment + sizeof TRUSTED_COMMENT_PREFIX - 1U, strlen(trusted_comment + sizeof TRUSTED_COMMENT_PREFIX - 1U) + 1U); - trim(trusted_comment); + if (trim(trusted_comment) == 0) { + exit_msg("Trusted comment too long"); + } global_sig_s_size = B64_MAX_LEN_FROM_BIN_LEN(crypto_sign_BYTES) + 2U; global_sig_s = xmalloc(global_sig_s_size); if (fgets(global_sig_s, (int) global_sig_s_size, fp) == NULL) { @@ -248,8 +256,8 @@ pubkey_load_file(const char *pk_file) { char pk_comment[COMMENTMAXBYTES]; PubkeyStruct *pubkey_struct; - FILE * fp; - char * pubkey_s = NULL; + FILE *fp; + char *pubkey_s = NULL; size_t pubkey_s_size; if ((fp = fopen(pk_file, "r")) == NULL) { @@ -285,8 +293,9 @@ pubkey_load(const char *pk_file, const char *pubkey_s) exit_msg("A public key is required"); } +#ifndef VERIFY_ONLY static void -seckey_chk(unsigned char chk[crypto_generichash_BYTES], const SeckeyStruct *seckey_struct) +seckey_compute_chk(unsigned char chk[crypto_generichash_BYTES], const SeckeyStruct *seckey_struct) { crypto_generichash_state hs; @@ -298,50 +307,12 @@ seckey_chk(unsigned char chk[crypto_generichash_BYTES], const SeckeyStruct *seck crypto_generichash_final(&hs, chk, sizeof seckey_struct->keynum_sk.chk); } -#ifndef VERIFY_ONLY -static SeckeyStruct * -seckey_load(const char *sk_file) +static void +decrypt_key(SeckeyStruct *const seckey_struct, unsigned char chk[crypto_generichash_BYTES]) { - char sk_comment[COMMENTMAXBYTES]; - unsigned char chk[crypto_generichash_BYTES]; - SeckeyStruct * seckey_struct; - FILE * fp; - char * pwd = xsodium_malloc(PASSWORDMAXBYTES); - char * seckey_s; + char *pwd = xsodium_malloc(PASSWORDMAXBYTES); unsigned char *stream; - size_t seckey_s_size; - size_t seckey_struct_len; - if ((fp = fopen(sk_file, "r")) == NULL) { - exit_err(sk_file); - } - if (fgets(sk_comment, (int) sizeof sk_comment, fp) == NULL) { - exit_msg("Error while loading the secret key file"); - } - sodium_memzero(sk_comment, sizeof sk_comment); - seckey_s_size = B64_MAX_LEN_FROM_BIN_LEN(sizeof *seckey_struct) + 2U; - seckey_s = xsodium_malloc(seckey_s_size); - seckey_struct = xsodium_malloc(sizeof *seckey_struct); - if (fgets(seckey_s, (int) seckey_s_size, fp) == NULL) { - exit_msg("Error while loading the secret key file"); - } - trim(seckey_s); - xfclose(fp); - if (b64_to_bin((unsigned char *) (void *) seckey_struct, seckey_s, sizeof *seckey_struct, - strlen(seckey_s), &seckey_struct_len) == NULL || - seckey_struct_len != sizeof *seckey_struct) { - exit_msg("base64 conversion failed - was an actual secret key given?"); - } - sodium_free(seckey_s); - if (memcmp(seckey_struct->sig_alg, SIGALG, sizeof seckey_struct->sig_alg) != 0) { - exit_msg("Unsupported signature algorithm"); - } - if (memcmp(seckey_struct->kdf_alg, KDFALG, sizeof seckey_struct->kdf_alg) != 0) { - exit_msg("Unsupported key derivation function"); - } - if (memcmp(seckey_struct->chk_alg, CHKALG, sizeof seckey_struct->chk_alg) != 0) { - exit_msg("Unsupported checksum function"); - } if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0) { exit_msg("get_password()"); } @@ -359,12 +330,109 @@ seckey_load(const char *sk_file) sizeof seckey_struct->keynum_sk); sodium_free(stream); puts("done\n"); - seckey_chk(chk, seckey_struct); - if (memcmp(chk, seckey_struct->keynum_sk.chk, sizeof chk) != 0) { + seckey_compute_chk(chk, seckey_struct); + if (memcmp(chk, seckey_struct->keynum_sk.chk, crypto_generichash_BYTES) != 0) { exit_msg("Wrong password for that key"); } - sodium_memzero(chk, sizeof chk); + sodium_memzero(chk, crypto_generichash_BYTES); +} +static void +encrypt_key(SeckeyStruct *const seckey_struct) +{ + char *pwd = xsodium_malloc(PASSWORDMAXBYTES); + char *pwd2 = xsodium_malloc(PASSWORDMAXBYTES); + unsigned char *stream; + unsigned long kdf_memlimit; + unsigned long kdf_opslimit; + + puts("Please enter a password to protect the secret key.\n"); + if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0 || + get_password(pwd2, PASSWORDMAXBYTES, "Password (one more time): ") != 0) { + exit_msg("get_password()"); + } + if (strcmp(pwd, pwd2) != 0) { + exit_msg("Passwords don't match"); + } + printf("Deriving a key from the password in order to encrypt the secret key... "); + fflush(stdout); + stream = xsodium_malloc(sizeof seckey_struct->keynum_sk); + randombytes_buf(seckey_struct->kdf_salt, sizeof seckey_struct->kdf_salt); + kdf_opslimit = crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE; + kdf_memlimit = crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE; + + while (crypto_pwhash_scryptsalsa208sha256(stream, sizeof seckey_struct->keynum_sk, pwd, + strlen(pwd), seckey_struct->kdf_salt, kdf_opslimit, + kdf_memlimit) != 0) { + kdf_opslimit /= 2; + kdf_memlimit /= 2; + if (kdf_opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN || + kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN) { + exit_err("Unable to complete key derivation - More memory would be needed"); + } + } + sodium_free(pwd); + sodium_free(pwd2); + if (kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE) { + fprintf(stderr, + "Warning: due to limited memory the KDF used less " + "memory than the default\n"); + } + le64_store(seckey_struct->kdf_opslimit_le, kdf_opslimit); + le64_store(seckey_struct->kdf_memlimit_le, kdf_memlimit); + seckey_compute_chk(seckey_struct->keynum_sk.chk, seckey_struct); + xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream, + sizeof seckey_struct->keynum_sk); + sodium_free(stream); + puts("done\n"); +} + +static SeckeyStruct * +seckey_load(const char *sk_file, char *const sk_comment_line) +{ + char sk_comment_line_buf[COMMENTMAXBYTES]; + unsigned char chk[crypto_generichash_BYTES]; + SeckeyStruct *seckey_struct; + FILE *fp; + char *seckey_s; + size_t seckey_s_size; + size_t seckey_struct_len; + + if ((fp = fopen(sk_file, "r")) == NULL) { + exit_err(sk_file); + } + if (fgets(sk_comment_line_buf, (int) sizeof sk_comment_line_buf, fp) == NULL) { + exit_msg("Error while loading the secret key file"); + } + if (sk_comment_line != NULL) { + memcpy(sk_comment_line, sk_comment_line_buf, sizeof sk_comment_line_buf); + } + sodium_memzero(sk_comment_line_buf, sizeof sk_comment_line_buf); + seckey_s_size = B64_MAX_LEN_FROM_BIN_LEN(sizeof *seckey_struct) + 2U; + seckey_s = xsodium_malloc(seckey_s_size); + seckey_struct = xsodium_malloc(sizeof *seckey_struct); + if (fgets(seckey_s, (int) seckey_s_size, fp) == NULL) { + exit_msg("Error while loading the secret key file"); + } + trim(seckey_s); + xfclose(fp); + if (b64_to_bin((unsigned char *) (void *) seckey_struct, seckey_s, sizeof *seckey_struct, + strlen(seckey_s), &seckey_struct_len) == NULL || + seckey_struct_len != sizeof *seckey_struct) { + exit_msg("base64 conversion failed - was an actual secret key given?"); + } + sodium_free(seckey_s); + if (memcmp(seckey_struct->sig_alg, SIGALG, sizeof seckey_struct->sig_alg) != 0) { + exit_msg("Unsupported signature algorithm"); + } + if (memcmp(seckey_struct->chk_alg, CHKALG, sizeof seckey_struct->chk_alg) != 0) { + exit_msg("Unsupported checksum function"); + } + if (memcmp(seckey_struct->kdf_alg, KDFALG, sizeof seckey_struct->kdf_alg) == 0) { + decrypt_key(seckey_struct, chk); + } else if (memcmp(seckey_struct->kdf_alg, KDFNONE, sizeof seckey_struct->kdf_alg) != 0) { + exit_msg("Unsupported key derivation function"); + } return seckey_struct; } #endif @@ -375,9 +443,9 @@ verify(PubkeyStruct *pubkey_struct, const char *message_file, const char *sig_fi { char trusted_comment[TRUSTEDCOMMENTMAXBYTES]; unsigned char global_sig[crypto_sign_BYTES]; - FILE * info_fp = stdout; + FILE *info_fp = stdout; unsigned char *sig_and_trusted_comment; - SigStruct * sig_struct; + SigStruct *sig_struct; unsigned char *message; size_t message_len; size_t trusted_comment_len; @@ -397,9 +465,9 @@ verify(PubkeyStruct *pubkey_struct, const char *message_file, const char *sig_fi if (memcmp(sig_struct->keynum, pubkey_struct->keynum_pk.keynum, sizeof sig_struct->keynum) != 0) { fprintf(stderr, - "Signature key id in %s is %" PRIX64 + "Signature key id in %s is %016" PRIX64 "\n" - "but the key id in the public key is %" PRIX64 "\n", + "but the key id in the public key is %016" PRIX64 "\n", sig_file, le64_load(sig_struct->keynum), le64_load(pubkey_struct->keynum_pk.keynum)); exit(1); @@ -445,7 +513,7 @@ verify(PubkeyStruct *pubkey_struct, const char *message_file, const char *sig_fi static char * append_sig_suffix(const char *message_file) { - char * sig_file; + char *sig_file; size_t message_file_len = strlen(message_file); sig_file = xmalloc(message_file_len + sizeof SIG_SUFFIX); @@ -459,7 +527,7 @@ append_sig_suffix(const char *message_file) static char * default_trusted_comment(const char *message_file, int hashed) { - char * ret; + char *ret; time_t ts = time(NULL); if (asprintf(&ret, "timestamp:%lu\tfile:%s%s", (unsigned long) ts, file_basename(message_file), @@ -476,10 +544,10 @@ sign(SeckeyStruct *seckey_struct, PubkeyStruct *pubkey_struct, const char *messa { unsigned char global_sig[crypto_sign_BYTES]; SigStruct sig_struct; - FILE * fp; + FILE *fp; unsigned char *message; unsigned char *sig_and_trusted_comment; - char * tmp_trusted_comment = NULL; + char *tmp_trusted_comment = NULL; size_t comment_len; size_t trusted_comment_len; size_t message_len; @@ -598,74 +666,34 @@ write_pk_file(const char *pk_file, const PubkeyStruct *pubkey_struct) if ((fp = fopen(pk_file, "w")) == NULL) { exit_err(pk_file); } - xfprintf(fp, COMMENT_PREFIX "minisign public key %" PRIX64 "\n", + xfprintf(fp, COMMENT_PREFIX "minisign public key %016" PRIX64 "\n", le64_load(pubkey_struct->keynum_pk.keynum)); xfput_b64(fp, (const unsigned char *) (const void *) pubkey_struct, sizeof *pubkey_struct); xfclose(fp); } static int -generate(const char *pk_file, const char *sk_file, const char *comment, int force) +generate(const char *pk_file, const char *sk_file, const char *comment, int force, + int unencrypted_key) { - char * pwd = xsodium_malloc(PASSWORDMAXBYTES); - char * pwd2 = xsodium_malloc(PASSWORDMAXBYTES); - SeckeyStruct * seckey_struct = xsodium_malloc(sizeof(SeckeyStruct)); - PubkeyStruct * pubkey_struct = xsodium_malloc(sizeof(PubkeyStruct)); - unsigned char *stream; - FILE * fp; - unsigned long kdf_memlimit; - unsigned long kdf_opslimit; + SeckeyStruct *seckey_struct = xsodium_malloc(sizeof(SeckeyStruct)); + PubkeyStruct *pubkey_struct = xsodium_malloc(sizeof(PubkeyStruct)); + FILE *fp; abort_on_existing_key_files(pk_file, sk_file, force); + memset(seckey_struct, 0, sizeof(SeckeyStruct)); randombytes_buf(seckey_struct->keynum_sk.keynum, sizeof seckey_struct->keynum_sk.keynum); crypto_sign_keypair(pubkey_struct->keynum_pk.pk, seckey_struct->keynum_sk.sk); memcpy(seckey_struct->sig_alg, SIGALG, sizeof seckey_struct->sig_alg); - memcpy(seckey_struct->kdf_alg, KDFALG, sizeof seckey_struct->kdf_alg); + memcpy(seckey_struct->kdf_alg, unencrypted_key ? KDFNONE : KDFALG, + sizeof seckey_struct->kdf_alg); memcpy(seckey_struct->chk_alg, CHKALG, sizeof seckey_struct->chk_alg); memcpy(pubkey_struct->keynum_pk.keynum, seckey_struct->keynum_sk.keynum, sizeof pubkey_struct->keynum_pk.keynum); memcpy(pubkey_struct->sig_alg, SIGALG, sizeof pubkey_struct->sig_alg); - - puts("Please enter a password to protect the secret key.\n"); - if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0 || - get_password(pwd2, PASSWORDMAXBYTES, "Password (one more time): ") != 0) { - exit_msg("get_password()"); + if (unencrypted_key == 0) { + encrypt_key(seckey_struct); } - if (strcmp(pwd, pwd2) != 0) { - exit_msg("Passwords don't match"); - } - printf("Deriving a key from the password in order to encrypt the secret key... "); - fflush(stdout); - stream = xsodium_malloc(sizeof seckey_struct->keynum_sk); - randombytes_buf(seckey_struct->kdf_salt, sizeof seckey_struct->kdf_salt); - kdf_opslimit = crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE; - kdf_memlimit = crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE; - - while (crypto_pwhash_scryptsalsa208sha256(stream, sizeof seckey_struct->keynum_sk, pwd, - strlen(pwd), seckey_struct->kdf_salt, kdf_opslimit, - kdf_memlimit) != 0) { - kdf_opslimit /= 2; - kdf_memlimit /= 2; - if (kdf_opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN || - kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN) { - exit_err("Unable to complete key derivation - More memory would be needed"); - } - } - sodium_free(pwd); - sodium_free(pwd2); - if (kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE) { - fprintf(stderr, - "Warning: due to limited memory the KDF used less " - "memory than the default\n"); - } - le64_store(seckey_struct->kdf_opslimit_le, kdf_opslimit); - le64_store(seckey_struct->kdf_memlimit_le, kdf_memlimit); - seckey_chk(seckey_struct->keynum_sk.chk, seckey_struct); - xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream, - sizeof seckey_struct->keynum_sk); - sodium_free(stream); - puts("done\n"); - abort_on_existing_key_files(pk_file, sk_file, force); if (basedir_create_useronly(sk_file) != 0) { fprintf(stderr, "Warning: you may have to create the parent directory\n"); @@ -700,7 +728,7 @@ recreate_pk(const char *pk_file, const char *sk_file, int force) if (force == 0) { abort_on_existing_key_file(pk_file); } - if ((seckey_struct = seckey_load(sk_file)) == NULL) { + if ((seckey_struct = seckey_load(sk_file, NULL)) == NULL) { return -1; } memcpy(pubkey_struct.sig_alg, seckey_struct->sig_alg, sizeof pubkey_struct.sig_alg); @@ -718,6 +746,43 @@ recreate_pk(const char *pk_file, const char *sk_file, int force) return 0; } +static int +update_password(const char *sk_file, int unencrypted_key) +{ + SeckeyStruct *seckey_struct; + char *sk_comment_line; + FILE *fp; + + if (unencrypted_key != 0) { + printf("Key encryption for [%s] is going to be removed.\n", sk_file); + } + sk_comment_line = xsodium_malloc(COMMENTMAXBYTES); + if ((seckey_struct = seckey_load(sk_file, sk_comment_line)) == NULL) { + return -1; + } + memcpy(seckey_struct->kdf_alg, unencrypted_key ? KDFNONE : KDFALG, + sizeof seckey_struct->kdf_alg); + if (unencrypted_key == 0) { + encrypt_key(seckey_struct); + } + if ((fp = fopen_create_useronly(sk_file)) == NULL) { + exit_err(sk_file); + } + trim(sk_comment_line); + xfprintf(fp, "%s\n", sk_comment_line); + sodium_free(sk_comment_line); + xfput_b64(fp, (unsigned char *) (void *) seckey_struct, sizeof *seckey_struct); + xfclose(fp); + sodium_free(seckey_struct); + + if (unencrypted_key == 0) { + puts("Password updated."); + } else { + puts("Password removed."); + } + return 0; +} + #endif #ifndef VERIFY_ONLY @@ -725,8 +790,8 @@ static char * sig_config_dir(void) { const char *config_dir_env; - char * config_dir; - char * home_dir; + char *config_dir; + char *home_dir; config_dir = NULL; if ((config_dir_env = getenv(SIG_DEFAULT_CONFIG_DIR_ENV_VAR)) != NULL) { @@ -768,19 +833,28 @@ main(int argc, char **argv) #ifndef VERIFY_ONLY char *sk_file = sig_default_skfile(); #endif - const char * sig_file = NULL; - const char * message_file = NULL; - const char * comment = NULL; - const char * pubkey_s = NULL; - const char * trusted_comment = NULL; - unsigned char opt_seen[16] = { 0 }; + const char *sig_file = NULL; + const char *message_file = NULL; +#ifndef VERIFY_ONLY + const char *comment = NULL; +#endif + const char *pubkey_s = NULL; +#ifndef VERIFY_ONLY + const char *trusted_comment = NULL; +#endif + unsigned char opt_seen[16] = { 0 }; int opt_flag; - int quiet = 0; - int output = 0; - int force = 0; - int allow_legacy = 1; - int sign_legacy = 0; - Action action = ACTION_NONE; + int quiet = 0; + int output = 0; +#ifndef VERIFY_ONLY + int force = 0; +#endif + int allow_legacy = 1; +#ifndef VERIFY_ONLY + int sign_legacy = 0; + int unencrypted_key = 0; +#endif + Action action = ACTION_NONE; while ((opt_flag = getopt(argc, argv, getopt_options)) != -1) { switch (opt_flag) { @@ -797,6 +871,12 @@ main(int argc, char **argv) } action = ACTION_SIGN; break; + case 'C': + if (action != ACTION_NONE && action != ACTION_UPDATE_PASSWORD) { + usage(); + } + action = ACTION_UPDATE_PASSWORD; + break; case 'R': if (action != ACTION_NONE && action != ACTION_RECREATE_PK) { usage(); @@ -823,9 +903,11 @@ main(int argc, char **argv) case 'H': allow_legacy = 0; break; +#ifndef VERIFY_ONLY case 'l': sign_legacy = 1; break; +#endif case 'm': message_file = optarg; break; @@ -852,6 +934,9 @@ main(int argc, char **argv) case 't': trusted_comment = optarg; break; + case 'W': + unencrypted_key = 1; + break; #endif case 'x': sig_file = optarg; @@ -883,7 +968,7 @@ main(int argc, char **argv) if (pk_file == NULL) { pk_file = SIG_DEFAULT_PKFILE; } - return generate(pk_file, sk_file, comment, force) != 0; + return generate(pk_file, sk_file, comment, force, unencrypted_key) != 0; case ACTION_SIGN: if (message_file == NULL) { usage(); @@ -895,7 +980,7 @@ main(int argc, char **argv) comment = DEFAULT_COMMENT; } return sign_all( - seckey_load(sk_file), + seckey_load(sk_file, NULL), ((pk_file != NULL || pubkey_s != NULL) ? pubkey_load(pk_file, pubkey_s) : NULL), message_file, (const char **) &argv[optind], argc - optind, sig_file, comment, trusted_comment, sign_legacy) != 0; @@ -904,6 +989,8 @@ main(int argc, char **argv) pk_file = SIG_DEFAULT_PKFILE; } return recreate_pk(pk_file, sk_file, force) != 0; + case ACTION_UPDATE_PASSWORD: + return update_password(sk_file, unencrypted_key) != 0; #endif case ACTION_VERIFY: if (message_file == NULL) { diff --git a/src/minisign.h b/src/minisign.h index 3144656..9495f29 100644 --- a/src/minisign.h +++ b/src/minisign.h @@ -9,6 +9,7 @@ #define SIGALG "Ed" #define SIGALG_HASHED "ED" #define KDFALG "Sc" +#define KDFNONE "\0\0" #define CHKALG "B2" #define COMMENT_PREFIX "untrusted comment: " #define DEFAULT_COMMENT "signature from minisign secret key" @@ -19,7 +20,7 @@ #define SIG_DEFAULT_PKFILE "minisign.pub" #define SIG_DEFAULT_SKFILE "minisign.key" #define SIG_SUFFIX ".minisig" -#define VERSION_STRING "minisign 0.10" +#define VERSION_STRING "minisign 0.12" typedef struct KeynumSK_ { unsigned char keynum[KEYNUMBYTES]; @@ -58,7 +59,8 @@ typedef enum Action_ { ACTION_GENERATE, ACTION_SIGN, ACTION_VERIFY, - ACTION_RECREATE_PK + ACTION_RECREATE_PK, + ACTION_UPDATE_PASSWORD } Action; #endif