From 503f722ac3b102e0cbf4d7e71b571de2bed749cf Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 9 Oct 2021 15:34:41 +0200 Subject: [PATCH 01/70] Suggest release-safe --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f039e8a..2d03019 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ Dependencies: Compilation: - $ zig build -Drelease-small + $ zig build -Drelease-safe ## Using cmake and gcc or clang: From 614fd57665e39d92bdc8779c190504abc0cb8d37 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 9 Oct 2021 15:54:09 +0200 Subject: [PATCH 02/70] Define _GNU_SOURCE --- build.zig | 1 + 1 file changed, 1 insertion(+) diff --git a/build.zig b/build.zig index 29b0e8b..237e498 100644 --- a/build.zig +++ b/build.zig @@ -13,5 +13,6 @@ pub fn build(b: *std.build.Builder) !void { minisign.addIncludeDir("src"); minisign.addSystemIncludeDir("/usr/local/include"); + minisign.defineCMacro("_GNU_SOURCE", "1"); minisign.addCSourceFiles(&.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" }, &.{}); } From aa99a5c41737ab838f8bfdd322c179812b257420 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 9 Oct 2021 17:47:16 +0200 Subject: [PATCH 03/70] Document -f option --- src/minisign.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/minisign.c b/src/minisign.c index 99a681d..145dfe5 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -31,7 +31,7 @@ usage(void) puts( "Usage:\n" #ifndef VERIFY_ONLY - "minisign -G [-p pubkey] [-s seckey]\n" + "minisign -G [-f] [-p pubkey] [-s seckey]\n" "minisign -S [-l] [-x sigfile] [-s seckey] [-c untrusted_comment] [-t trusted_comment] -m " "file [file ...]\n" #endif From e74428c4648e9dedd8071f84f2104462acb23baf Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 25 Oct 2021 00:53:09 +0200 Subject: [PATCH 04/70] Update man page Fixes #106 --- share/man/man1/minisign.1 | 53 +++++++-------------------------------- src/manpage.md | 32 +++-------------------- 2 files changed, 13 insertions(+), 72 deletions(-) diff --git a/share/man/man1/minisign.1 b/share/man/man1/minisign.1 index 0b3612d..86317a7 100644 --- a/share/man/man1/minisign.1 +++ b/share/man/man1/minisign.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "MINISIGN" "1" "June 2020" "" "" +.TH "MINISIGN" "1" "October 2021" "" "" . .SH "NAME" \fBminisign\fR \- A dead simple tool to sign files and verify signatures\. @@ -48,10 +48,6 @@ File to sign/verify Combined with \-V, output the file content after verification . .TP -\fB\-H\fR -Combined with \-S, pre\-hash in order to sign large files -. -.TP \fB\-p \fR Public key file (default: \./minisign\.pub) . @@ -76,10 +72,18 @@ Add a one\-line untrusted comment Add a one\-line trusted comment . .TP +\fB\-l\fR +Sign using the legacy format +. +.TP \fB\-q\fR Quiet mode, suppress output . .TP +\fB\-H\fR +Requires the input to be prehashed +. +.TP \fB\-Q\fR Pretty quiet mode, only print the trusted comment . @@ -138,9 +142,6 @@ This requires the signature \fBmyfile\.txt\.minisig\fR to be present in the same The public key can either reside in a file (\fB\./minisign\.pub\fR by default) or be directly specified on the command line\. . .SH "Notes" -\fBTrusted comments\fR -. -.P Signature files include an untrusted comment line that can be freely modified, even after signature creation\. . .P @@ -149,41 +150,5 @@ They also include a second comment line, that cannot be modified without the sec .P Trusted comments can be used to add instructions or application\-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks)\. . -.P -\fBCompatibility with OpenBSD signify\fR -. -.P -Signatures written by \fBminisign\fR can be verified using OpenBSD\'s \fBsignify\fR tool: public key files and signature files are compatible\. -. -.P -However, \fBminisign\fR uses a slightly different format to store secret keys\. -. -.P -\fBMinisign\fR signatures include trusted comments in addition to untrusted comments\. Trusted comments are signed, thus verified, before being displayed\. -. -.P -This adds two lines to the signature files, that signify silently ignores\. -. -.P -\fBPre\-hashing\fR -. -.P -By default, signing and verification require as much memory as the size of the file\. -. -.P -Since \fBMinisign 0\.6\fR, huge files can be signed and verified with very low memory requirements, by pre\-hashing the content\. -. -.P -The \-H command\-line switch, in combination with \-S, generates a pre\-hashed signature (HashEdDSA): -. -.P -$ \fBminisign\fR \-SHm myfile\.txt -. -.P -Verification of such a signature doesn\'t require any specific switch: the appropriate algorithm will automatically be detected\. -. -.P -Signatures generated that way are not compatible with OpenBSD\'s \fBsignify\fR tool and are not compatible with \fBMinisign\fR versions prior to 0\.6\. -. .SH "AUTHOR" Frank Denis (github [at] pureftpd [dot] org) diff --git a/src/manpage.md b/src/manpage.md index 8dcce2a..6bb9ce2 100644 --- a/src/manpage.md +++ b/src/manpage.md @@ -34,8 +34,6 @@ These options control the actions of `minisign`. File to sign/verify * `-o`: Combined with -V, output the file content after verification - * `-H`: - Combined with -S, pre-hash in order to sign large files * `-p `: Public key file (default: ./minisign.pub) * `-P `: @@ -48,8 +46,12 @@ These options control the actions of `minisign`. Add a one-line untrusted comment * `-t `: Add a one-line trusted comment + * `-l`: + Sign using the legacy format * `-q`: Quiet mode, suppress output + * `-H`: + Requires the input to be prehashed * `-Q`: Pretty quiet mode, only print the trusted comment * `-R`: @@ -93,38 +95,12 @@ The public key can either reside in a file (`./minisign.pub` by default) or be d ## Notes -**Trusted comments** - Signature files include an untrusted comment line that can be freely modified, even after signature creation. They also include a second comment line, that cannot be modified without the secret key. Trusted comments can be used to add instructions or application-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks). -**Compatibility with OpenBSD signify** - -Signatures written by `minisign` can be verified using OpenBSD's `signify` tool: public key files and signature files are compatible. - -However, `minisign` uses a slightly different format to store secret keys. - -`Minisign` signatures include trusted comments in addition to untrusted comments. Trusted comments are signed, thus verified, before being displayed. - -This adds two lines to the signature files, that signify silently ignores. - -**Pre-hashing** - -By default, signing and verification require as much memory as the size of the file. - -Since `Minisign 0.6`, huge files can be signed and verified with very low memory requirements, by pre-hashing the content. - -The -H command-line switch, in combination with -S, generates a pre-hashed signature (HashEdDSA): - -$ `minisign` -SHm myfile.txt - -Verification of such a signature doesn't require any specific switch: the appropriate algorithm will automatically be detected. - -Signatures generated that way are not compatible with OpenBSD's `signify` tool and are not compatible with `Minisign` versions prior to 0.6. - ## AUTHOR Frank Denis (github [at] pureftpd [dot] org) From b81f3d4065066994a1e61de7d1d1814817adb1d5 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 30 Nov 2021 09:22:24 +0100 Subject: [PATCH 05/70] Add paths for Homebrew on Apple Silicon --- build.zig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/build.zig b/build.zig index 237e498..e5fa85c 100644 --- a/build.zig +++ b/build.zig @@ -9,9 +9,12 @@ pub fn build(b: *std.build.Builder) !void { minisign.setBuildMode(mode); minisign.install(); minisign.linkLibC(); + minisign.addLibPath("/opt/homebrew/lib"); + minisign.addLibPath("/usr/local/lib"); minisign.linkSystemLibrary("sodium"); minisign.addIncludeDir("src"); + minisign.addSystemIncludeDir("/opt/homebrew/include"); minisign.addSystemIncludeDir("/usr/local/include"); minisign.defineCMacro("_GNU_SOURCE", "1"); minisign.addCSourceFiles(&.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" }, &.{}); From 4b2df2ee07c13852b62fa17a47f9fff1dcd140bf Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 20 Feb 2022 10:50:37 +0100 Subject: [PATCH 06/70] Bail out if fgets() output is not \n terminated when it should Fixes #116 --- src/helpers.c | 9 +++++++-- src/helpers.h | 2 +- src/minisign.c | 11 +++++++++-- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/src/helpers.c b/src/helpers.c index 073fe4a..a151603 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -151,16 +151,21 @@ xfclose(FILE *fp) return 0; } -void +int trim(char *str) { size_t i = strlen(str); + int t = 0; while (i-- > (size_t) 0U) { - if (str[i] == '\n' || str[i] == '\r') { + if (str[i] == '\n') { + str[i] = 0; + t = 1; + } else if (str[i] == '\r') { str[i] = 0; } } + return t; } const char * diff --git a/src/helpers.h b/src/helpers.h index a97ff60..ec76326 100644 --- a/src/helpers.h +++ b/src/helpers.h @@ -36,7 +36,7 @@ int xfprintf(FILE *fp, const char *format, ...) __attribute__((format(printf, 2, int xfclose(FILE *fp); -void trim(char *str); +int trim(char *str); const char *file_basename(const char *file); diff --git a/src/minisign.c b/src/minisign.c index 145dfe5..83672da 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -169,6 +169,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int if (fgets(comment, (int) sizeof comment, fp) == NULL) { exit_msg("Error while reading the signature file"); } + if (trim(comment) == 0) { + exit_msg("Untrusted signature comment too long"); + } if (strncmp(comment, COMMENT_PREFIX, (sizeof COMMENT_PREFIX) - 1U) != 0) { exit_msg( "Untrusted signature comment should start with " @@ -179,7 +182,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int if (fgets(sig_s, (int) sig_s_size, fp) == NULL) { exit_msg("Error while reading the signature file"); } - trim(sig_s); + if (trim(sig_s) == 0) { + exit_msg("Signature too long"); + } if (fgets(trusted_comment, (int) trusted_comment_maxlen, fp) == NULL) { exit_msg("Trusted comment not present"); } @@ -192,7 +197,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int memmove(trusted_comment, trusted_comment + sizeof TRUSTED_COMMENT_PREFIX - 1U, strlen(trusted_comment + sizeof TRUSTED_COMMENT_PREFIX - 1U) + 1U); - trim(trusted_comment); + if (trim(trusted_comment) == 0) { + exit_msg("Trusted comment too long"); + } global_sig_s_size = B64_MAX_LEN_FROM_BIN_LEN(crypto_sign_BYTES) + 2U; global_sig_s = xmalloc(global_sig_s_size); if (fgets(global_sig_s, (int) global_sig_s_size, fp) == NULL) { From a2c8848418f58131ff6dbba6030768dab8555f16 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Fri, 10 Jun 2022 14:17:52 +0200 Subject: [PATCH 07/70] Add cosign public key Fixes #121 --- README.md | 9 +++++++++ cosign.pub | 4 ++++ 2 files changed, 13 insertions(+) create mode 100644 cosign.pub diff --git a/README.md b/README.md index 2d03019..23f6196 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,15 @@ Minisign is also available with docker: $ docker run -i --rm jedisct1/minisign +The image can be verified with the following cosign public key: + +```text +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExjZWrlc6c58W7ZzmQnx6mugty99C +OQTDtJeciX9LF9hEbs1J1fzZHRdRhV4OTqcq0jTW9PXnrSSZlk1fbkE/5w== +-----END PUBLIC KEY----- +``` + Additional tools, libraries and implementations ----------------------------------------------- diff --git a/cosign.pub b/cosign.pub new file mode 100644 index 0000000..2103773 --- /dev/null +++ b/cosign.pub @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExjZWrlc6c58W7ZzmQnx6mugty99C +OQTDtJeciX9LF9hEbs1J1fzZHRdRhV4OTqcq0jTW9PXnrSSZlk1fbkE/5w== +-----END PUBLIC KEY----- From a26f2c8e5dca101220f0fa7138b2e50ff59ed47e Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 11 Jan 2023 01:27:48 +0100 Subject: [PATCH 08/70] Update build.zig for zig 0.10 --- build.zig | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/build.zig b/build.zig index e5fa85c..afa2612 100644 --- a/build.zig +++ b/build.zig @@ -9,13 +9,13 @@ pub fn build(b: *std.build.Builder) !void { minisign.setBuildMode(mode); minisign.install(); minisign.linkLibC(); - minisign.addLibPath("/opt/homebrew/lib"); - minisign.addLibPath("/usr/local/lib"); + minisign.addLibraryPath("/opt/homebrew/lib"); + minisign.addLibraryPath("/usr/local/lib"); minisign.linkSystemLibrary("sodium"); - minisign.addIncludeDir("src"); - minisign.addSystemIncludeDir("/opt/homebrew/include"); - minisign.addSystemIncludeDir("/usr/local/include"); + minisign.addIncludePath("src"); + minisign.addSystemIncludePath("/opt/homebrew/include"); + minisign.addSystemIncludePath("/usr/local/include"); minisign.defineCMacro("_GNU_SOURCE", "1"); minisign.addCSourceFiles(&.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" }, &.{}); } From 0fccaf94e24bcbb807bde0876649d9c490b9ce0c Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 18:43:18 +0100 Subject: [PATCH 09/70] Require cmake 2.8.12 --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 48af32d..f8c3171 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 2.8) +cmake_minimum_required(VERSION 2.8.12) project(minisign C) From cb2fc2ce7cb0f2da110e67742b21dc12ca3df065 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 18:50:36 +0100 Subject: [PATCH 10/70] Add a flag to allow secret keys to be unencrypted https://github.com/ziglang/zig/issues/4945 --- src/minisign.c | 103 +++++++++++++++++++++++++++---------------------- 1 file changed, 57 insertions(+), 46 deletions(-) diff --git a/src/minisign.c b/src/minisign.c index 83672da..eef755a 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -18,7 +18,7 @@ #include "minisign.h" #ifndef VERIFY_ONLY -static const char *getopt_options = "GSVRHhc:flm:oP:p:qQs:t:vx:"; +static const char *getopt_options = "GSVRHhc:flm:oP:p:qQs:t:vWx:"; #else static const char *getopt_options = "VhHm:oP:p:qQvx:"; #endif @@ -55,6 +55,7 @@ usage(void) "-P public key, as a base64 string\n" #ifndef VERIFY_ONLY "-s secret key file (default: ~/.minisign/minisign.key)\n" + "-W do not encrypt/decrypt the secret key with a password\n" #endif "-x signature file (default: .minisig)\n" #ifndef VERIFY_ONLY @@ -307,7 +308,7 @@ seckey_chk(unsigned char chk[crypto_generichash_BYTES], const SeckeyStruct *seck #ifndef VERIFY_ONLY static SeckeyStruct * -seckey_load(const char *sk_file) +seckey_load(const char *sk_file, int unencrypted_key) { char sk_comment[COMMENTMAXBYTES]; unsigned char chk[crypto_generichash_BYTES]; @@ -349,6 +350,9 @@ seckey_load(const char *sk_file) if (memcmp(seckey_struct->chk_alg, CHKALG, sizeof seckey_struct->chk_alg) != 0) { exit_msg("Unsupported checksum function"); } + if (unencrypted_key != 0) { + return seckey_struct; + } if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0) { exit_msg("get_password()"); } @@ -612,7 +616,8 @@ write_pk_file(const char *pk_file, const PubkeyStruct *pubkey_struct) } static int -generate(const char *pk_file, const char *sk_file, const char *comment, int force) +generate(const char *pk_file, const char *sk_file, const char *comment, int force, + int unencrypted_key) { char * pwd = xsodium_malloc(PASSWORDMAXBYTES); char * pwd2 = xsodium_malloc(PASSWORDMAXBYTES); @@ -633,45 +638,47 @@ generate(const char *pk_file, const char *sk_file, const char *comment, int forc sizeof pubkey_struct->keynum_pk.keynum); memcpy(pubkey_struct->sig_alg, SIGALG, sizeof pubkey_struct->sig_alg); - puts("Please enter a password to protect the secret key.\n"); - if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0 || - get_password(pwd2, PASSWORDMAXBYTES, "Password (one more time): ") != 0) { - exit_msg("get_password()"); - } - if (strcmp(pwd, pwd2) != 0) { - exit_msg("Passwords don't match"); - } - printf("Deriving a key from the password in order to encrypt the secret key... "); - fflush(stdout); - stream = xsodium_malloc(sizeof seckey_struct->keynum_sk); - randombytes_buf(seckey_struct->kdf_salt, sizeof seckey_struct->kdf_salt); - kdf_opslimit = crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE; - kdf_memlimit = crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE; - - while (crypto_pwhash_scryptsalsa208sha256(stream, sizeof seckey_struct->keynum_sk, pwd, - strlen(pwd), seckey_struct->kdf_salt, kdf_opslimit, - kdf_memlimit) != 0) { - kdf_opslimit /= 2; - kdf_memlimit /= 2; - if (kdf_opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN || - kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN) { - exit_err("Unable to complete key derivation - More memory would be needed"); + if (unencrypted_key == 0) { + puts("Please enter a password to protect the secret key.\n"); + if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0 || + get_password(pwd2, PASSWORDMAXBYTES, "Password (one more time): ") != 0) { + exit_msg("get_password()"); } + if (strcmp(pwd, pwd2) != 0) { + exit_msg("Passwords don't match"); + } + printf("Deriving a key from the password in order to encrypt the secret key... "); + fflush(stdout); + stream = xsodium_malloc(sizeof seckey_struct->keynum_sk); + randombytes_buf(seckey_struct->kdf_salt, sizeof seckey_struct->kdf_salt); + kdf_opslimit = crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE; + kdf_memlimit = crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE; + + while (crypto_pwhash_scryptsalsa208sha256(stream, sizeof seckey_struct->keynum_sk, pwd, + strlen(pwd), seckey_struct->kdf_salt, + kdf_opslimit, kdf_memlimit) != 0) { + kdf_opslimit /= 2; + kdf_memlimit /= 2; + if (kdf_opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN || + kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN) { + exit_err("Unable to complete key derivation - More memory would be needed"); + } + } + sodium_free(pwd); + sodium_free(pwd2); + if (kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE) { + fprintf(stderr, + "Warning: due to limited memory the KDF used less " + "memory than the default\n"); + } + le64_store(seckey_struct->kdf_opslimit_le, kdf_opslimit); + le64_store(seckey_struct->kdf_memlimit_le, kdf_memlimit); + seckey_chk(seckey_struct->keynum_sk.chk, seckey_struct); + xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream, + sizeof seckey_struct->keynum_sk); + sodium_free(stream); + puts("done\n"); } - sodium_free(pwd); - sodium_free(pwd2); - if (kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE) { - fprintf(stderr, - "Warning: due to limited memory the KDF used less " - "memory than the default\n"); - } - le64_store(seckey_struct->kdf_opslimit_le, kdf_opslimit); - le64_store(seckey_struct->kdf_memlimit_le, kdf_memlimit); - seckey_chk(seckey_struct->keynum_sk.chk, seckey_struct); - xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream, - sizeof seckey_struct->keynum_sk); - sodium_free(stream); - puts("done\n"); abort_on_existing_key_files(pk_file, sk_file, force); if (basedir_create_useronly(sk_file) != 0) { @@ -699,7 +706,7 @@ generate(const char *pk_file, const char *sk_file, const char *comment, int forc } static int -recreate_pk(const char *pk_file, const char *sk_file, int force) +recreate_pk(const char *pk_file, const char *sk_file, int force, int unencrypted_key) { SeckeyStruct *seckey_struct; PubkeyStruct pubkey_struct; @@ -707,7 +714,7 @@ recreate_pk(const char *pk_file, const char *sk_file, int force) if (force == 0) { abort_on_existing_key_file(pk_file); } - if ((seckey_struct = seckey_load(sk_file)) == NULL) { + if ((seckey_struct = seckey_load(sk_file, unencrypted_key)) == NULL) { return -1; } memcpy(pubkey_struct.sig_alg, seckey_struct->sig_alg, sizeof pubkey_struct.sig_alg); @@ -787,7 +794,8 @@ main(int argc, char **argv) int force = 0; int allow_legacy = 1; int sign_legacy = 0; - Action action = ACTION_NONE; + int unencrypted_key = 0; + Action action = ACTION_NONE; while ((opt_flag = getopt(argc, argv, getopt_options)) != -1) { switch (opt_flag) { @@ -859,6 +867,9 @@ main(int argc, char **argv) case 't': trusted_comment = optarg; break; + case 'W': + unencrypted_key = 1; + break; #endif case 'x': sig_file = optarg; @@ -890,7 +901,7 @@ main(int argc, char **argv) if (pk_file == NULL) { pk_file = SIG_DEFAULT_PKFILE; } - return generate(pk_file, sk_file, comment, force) != 0; + return generate(pk_file, sk_file, comment, force, unencrypted_key) != 0; case ACTION_SIGN: if (message_file == NULL) { usage(); @@ -902,7 +913,7 @@ main(int argc, char **argv) comment = DEFAULT_COMMENT; } return sign_all( - seckey_load(sk_file), + seckey_load(sk_file, unencrypted_key), ((pk_file != NULL || pubkey_s != NULL) ? pubkey_load(pk_file, pubkey_s) : NULL), message_file, (const char **) &argv[optind], argc - optind, sig_file, comment, trusted_comment, sign_legacy) != 0; @@ -910,7 +921,7 @@ main(int argc, char **argv) if (pk_file == NULL) { pk_file = SIG_DEFAULT_PKFILE; } - return recreate_pk(pk_file, sk_file, force) != 0; + return recreate_pk(pk_file, sk_file, force, unencrypted_key) != 0; #endif case ACTION_VERIFY: if (message_file == NULL) { From c33051dec35999f401e06e56616396aac4d473b6 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 19:03:20 +0100 Subject: [PATCH 11/70] Update usage --- src/minisign.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/minisign.c b/src/minisign.c index eef755a..a661ef1 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -31,13 +31,14 @@ usage(void) puts( "Usage:\n" #ifndef VERIFY_ONLY - "minisign -G [-f] [-p pubkey] [-s seckey]\n" - "minisign -S [-l] [-x sigfile] [-s seckey] [-c untrusted_comment] [-t trusted_comment] -m " + "minisign -G [-f] [-p pubkeyfile] [-s seckeyfile]\n" + "minisign -S [-l] [-x sigfile] [-s seckeyfile] [-c untrusted_comment] [-t trusted_comment] " + "-m " "file [file ...]\n" #endif "minisign -V [-H] [-x sigfile] [-p pubkeyfile | -P pubkey] [-o] [-q] -m file\n" #ifndef VERIFY_ONLY - "minisign -R -s seckey -p pubkeyfile\n" + "minisign -R [-s seckeyfile] [-p pubkeyfile]\n" #endif "\n" #ifndef VERIFY_ONLY @@ -54,7 +55,7 @@ usage(void) "-p public key file (default: ./minisign.pub)\n" "-P public key, as a base64 string\n" #ifndef VERIFY_ONLY - "-s secret key file (default: ~/.minisign/minisign.key)\n" + "-s secret key file (default: ~/.minisign/minisign.key)\n" "-W do not encrypt/decrypt the secret key with a password\n" #endif "-x signature file (default: .minisig)\n" From d2afa89fe7bcc00ae4536bf7543570de9391c4ec Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 19:15:53 +0100 Subject: [PATCH 12/70] Update usage --- share/man/man1/minisign.1 | 16 ++++++++-------- src/manpage.md | 16 ++++++++-------- src/minisign.c | 15 +++++++-------- 3 files changed, 23 insertions(+), 24 deletions(-) diff --git a/share/man/man1/minisign.1 b/share/man/man1/minisign.1 index 86317a7..56d052b 100644 --- a/share/man/man1/minisign.1 +++ b/share/man/man1/minisign.1 @@ -1,22 +1,22 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "MINISIGN" "1" "October 2021" "" "" +.TH "MINISIGN" "1" "January 2023" "" "" . .SH "NAME" \fBminisign\fR \- A dead simple tool to sign files and verify signatures\. . .SH "SYNOPSIS" -\fBminisign\fR \-G [\-p pubkey] [\-s seckey] +\fBminisign\fR \-G [\-p pubkey_file] [\-s seckey_file] [\-W] . .P -\fBminisign\fR \-S [\-H] [\-x sigfile] [\-s seckey] [\-c untrusted_comment] [\-t trusted_comment] \-m file [file \.\.\.] +\fBminisign\fR \-S [\-H] [\-x sig_file] [\-s seckey_file] [\-W] [\-c untrusted_comment] [\-t trusted_comment] \-m file [file \.\.\.] . .P -\fBminisign\fR \-V [\-x sigfile] [\-p pubkeyfile | \-P pubkey] [\-o] [\-q] \-m file +\fBminisign\fR \-V [\-x sig_file] [\-p pubkey_file | \-P pubkey] [\-o] [\-q] \-m file . .P -\fBminisign\fR \-R \-s seckey \-p pubkeyfile +\fBminisign\fR \-R [\-s seckey_file] [\-W] [\-p pubkey_file] . .SH "DESCRIPTION" \fBMinisign\fR is a dead simple tool to sign files and verify signatures\. @@ -48,7 +48,7 @@ File to sign/verify Combined with \-V, output the file content after verification . .TP -\fB\-p \fR +\fB\-p \fR Public key file (default: \./minisign\.pub) . .TP @@ -56,11 +56,11 @@ Public key file (default: \./minisign\.pub) Public key, as a base64 string . .TP -\fB\-s \fR +\fB\-s \fR Secret key file (default: ~/\.minisign/minisign\.key) . .TP -\fB\-x \fR +\fB\-x \fR Signature file (default: \.minisig) . .TP diff --git a/src/manpage.md b/src/manpage.md index 6bb9ce2..b12de77 100644 --- a/src/manpage.md +++ b/src/manpage.md @@ -1,18 +1,18 @@ minisign(1) -- A dead simple tool to sign files and verify signatures. ====================================================================== ## SYNOPSIS -`minisign` -G [-p pubkey] [-s seckey] +`minisign` -G [-p pubkey_file] [-s seckey_file] [-W] -`minisign` -S [-H] [-x sigfile] [-s seckey] [-c untrusted_comment] [-t trusted_comment] -m file [file ...] +`minisign` -S [-H] [-x sig_file] [-s seckey_file] [-W] [-c untrusted_comment] [-t trusted_comment] -m file [file ...] -`minisign` -V [-x sigfile] [-p pubkeyfile | -P pubkey] [-o] [-q] -m file +`minisign` -V [-x sig_file] [-p pubkey_file | -P pubkey] [-o] [-q] -m file -`minisign` -R -s seckey -p pubkeyfile +`minisign` -R [-s seckey_file] [-W] [-p pubkey_file] ## DESCRIPTION @@ -34,13 +34,13 @@ These options control the actions of `minisign`. File to sign/verify * `-o`: Combined with -V, output the file content after verification - * `-p `: + * `-p `: Public key file (default: ./minisign.pub) * `-P `: Public key, as a base64 string - * `-s `: + * `-s `: Secret key file (default: ~/.minisign/minisign.key) - * `-x `: + * `-x `: Signature file (default: <file>.minisig) * `-c `: Add a one-line untrusted comment diff --git a/src/minisign.c b/src/minisign.c index a661ef1..7ffb3a7 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -31,14 +31,13 @@ usage(void) puts( "Usage:\n" #ifndef VERIFY_ONLY - "minisign -G [-f] [-p pubkeyfile] [-s seckeyfile]\n" - "minisign -S [-l] [-x sigfile] [-s seckeyfile] [-c untrusted_comment] [-t trusted_comment] " - "-m " - "file [file ...]\n" + "minisign -G [-f] [-p pubkey_file] [-s seckey_file] [-W]\n" + "minisign -S [-l] [-x sig_file] [-s seckey_file] [-W] [-c untrusted_comment]\n" + " [-t trusted_comment] -m file [file ...]\n" #endif - "minisign -V [-H] [-x sigfile] [-p pubkeyfile | -P pubkey] [-o] [-q] -m file\n" + "minisign -V [-H] [-x sig_file] [-p pubkey_file | -P pubkey] [-o] [-q] -m file\n" #ifndef VERIFY_ONLY - "minisign -R [-s seckeyfile] [-p pubkeyfile]\n" + "minisign -R [-s seckey_file] [-W] [-p pubkey_file]\n" #endif "\n" #ifndef VERIFY_ONLY @@ -52,10 +51,10 @@ usage(void) "-l sign using the legacy format\n" "-m file to sign/verify\n" "-o combined with -V, output the file content after verification\n" - "-p public key file (default: ./minisign.pub)\n" + "-p public key file (default: ./minisign.pub)\n" "-P public key, as a base64 string\n" #ifndef VERIFY_ONLY - "-s secret key file (default: ~/.minisign/minisign.key)\n" + "-s secret key file (default: ~/.minisign/minisign.key)\n" "-W do not encrypt/decrypt the secret key with a password\n" #endif "-x signature file (default: .minisig)\n" From d870938ae5bf82a1753e45d28e2e64074eaa5f8a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 19:21:19 +0100 Subject: [PATCH 13/70] Reorder commands for clarity --- share/man/man1/minisign.1 | 34 +++++++++++++++++++--------------- src/manpage.md | 18 ++++++++++-------- src/minisign.c | 12 +++--------- 3 files changed, 32 insertions(+), 32 deletions(-) diff --git a/share/man/man1/minisign.1 b/share/man/man1/minisign.1 index 56d052b..bae8f7d 100644 --- a/share/man/man1/minisign.1 +++ b/share/man/man1/minisign.1 @@ -10,14 +10,14 @@ \fBminisign\fR \-G [\-p pubkey_file] [\-s seckey_file] [\-W] . .P +\fBminisign\fR \-R [\-s seckey_file] [\-W] [\-p pubkey_file] +. +.P \fBminisign\fR \-S [\-H] [\-x sig_file] [\-s seckey_file] [\-W] [\-c untrusted_comment] [\-t trusted_comment] \-m file [file \.\.\.] . .P \fBminisign\fR \-V [\-x sig_file] [\-p pubkey_file | \-P pubkey] [\-o] [\-q] \-m file . -.P -\fBminisign\fR \-R [\-s seckey_file] [\-W] [\-p pubkey_file] -. .SH "DESCRIPTION" \fBMinisign\fR is a dead simple tool to sign files and verify signatures\. . @@ -32,6 +32,10 @@ These options control the actions of \fBminisign\fR\. Generate a new key pair . .TP +\fB\-R\fR +Recreate a public key file from a secret key file +. +.TP \fB\-S\fR Sign files . @@ -40,6 +44,14 @@ Sign files Verify that a signature is valid for a given file . .TP +\fB\-H\fR +Requires the input to be prehashed +. +.TP +\fB\-l\fR +Sign using the legacy format +. +.TP \fB\-m \fR File to sign/verify . @@ -60,6 +72,10 @@ Public key, as a base64 string Secret key file (default: ~/\.minisign/minisign\.key) . .TP +\fB\-W\fR +Do not encrypt/decrypt the secret key with a password +. +.TP \fB\-x \fR Signature file (default: \.minisig) . @@ -72,26 +88,14 @@ Add a one\-line untrusted comment Add a one\-line trusted comment . .TP -\fB\-l\fR -Sign using the legacy format -. -.TP \fB\-q\fR Quiet mode, suppress output . .TP -\fB\-H\fR -Requires the input to be prehashed -. -.TP \fB\-Q\fR Pretty quiet mode, only print the trusted comment . .TP -\fB\-R\fR -Recreate a public key file from a secret key file -. -.TP \fB\-f\fR Force\. Combined with \-G, overwrite a previous key pair . diff --git a/src/manpage.md b/src/manpage.md index b12de77..e84aff8 100644 --- a/src/manpage.md +++ b/src/manpage.md @@ -8,12 +8,12 @@ minisign(1) -- A dead simple tool to sign files and verify signatures. `minisign` -G [-p pubkey_file] [-s seckey_file] [-W] +`minisign` -R [-s seckey_file] [-W] [-p pubkey_file] + `minisign` -S [-H] [-x sig_file] [-s seckey_file] [-W] [-c untrusted_comment] [-t trusted_comment] -m file [file ...] `minisign` -V [-x sig_file] [-p pubkey_file | -P pubkey] [-o] [-q] -m file -`minisign` -R [-s seckey_file] [-W] [-p pubkey_file] - ## DESCRIPTION **Minisign** is a dead simple tool to sign files and verify signatures. @@ -26,10 +26,16 @@ These options control the actions of `minisign`. * `-G`: Generate a new key pair + * `-R`: + Recreate a public key file from a secret key file * `-S`: Sign files * `-V`: Verify that a signature is valid for a given file + * `-H`: + Requires the input to be prehashed + * `-l`: + Sign using the legacy format * `-m `: File to sign/verify * `-o`: @@ -40,22 +46,18 @@ These options control the actions of `minisign`. Public key, as a base64 string * `-s `: Secret key file (default: ~/.minisign/minisign.key) + * `-W`: + Do not encrypt/decrypt the secret key with a password * `-x `: Signature file (default: <file>.minisig) * `-c `: Add a one-line untrusted comment * `-t `: Add a one-line trusted comment - * `-l`: - Sign using the legacy format * `-q`: Quiet mode, suppress output - * `-H`: - Requires the input to be prehashed * `-Q`: Pretty quiet mode, only print the trusted comment - * `-R`: - Recreate a public key file from a secret key file * `-f`: Force. Combined with -G, overwrite a previous key pair * `-v`: diff --git a/src/minisign.c b/src/minisign.c index 7ffb3a7..16422ec 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -32,22 +32,19 @@ usage(void) "Usage:\n" #ifndef VERIFY_ONLY "minisign -G [-f] [-p pubkey_file] [-s seckey_file] [-W]\n" + "minisign -R [-s seckey_file] [-W] [-p pubkey_file]\n" "minisign -S [-l] [-x sig_file] [-s seckey_file] [-W] [-c untrusted_comment]\n" " [-t trusted_comment] -m file [file ...]\n" #endif "minisign -V [-H] [-x sig_file] [-p pubkey_file | -P pubkey] [-o] [-q] -m file\n" -#ifndef VERIFY_ONLY - "minisign -R [-s seckey_file] [-W] [-p pubkey_file]\n" -#endif "\n" #ifndef VERIFY_ONLY "-G generate a new key pair\n" -#endif - "-H require input to be prehashed\n" -#ifndef VERIFY_ONLY + "-R recreate a public key file from a secret key file\n" "-S sign files\n" #endif "-V verify that a signature is valid for a given file\n" + "-H require input to be prehashed\n" "-l sign using the legacy format\n" "-m file to sign/verify\n" "-o combined with -V, output the file content after verification\n" @@ -64,9 +61,6 @@ usage(void) #endif "-q quiet mode, suppress output\n" "-Q pretty quiet mode, only print the trusted comment\n" -#ifndef VERIFY_ONLY - "-R recreate a public key file from a secret key file\n" -#endif "-f force. Combined with -G, overwrite a previous key pair\n" "-v display version number\n"); exit(2); From 94e18a72d80ca46c7bb11bdcf0fcc56ce1973f9b Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 19:38:39 +0100 Subject: [PATCH 14/70] Move variables to a local context --- src/minisign.c | 72 +++++++++++++++++++++++++------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/src/minisign.c b/src/minisign.c index 16422ec..90b3d8c 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -307,10 +307,8 @@ seckey_load(const char *sk_file, int unencrypted_key) char sk_comment[COMMENTMAXBYTES]; unsigned char chk[crypto_generichash_BYTES]; SeckeyStruct * seckey_struct; - FILE * fp; - char * pwd = xsodium_malloc(PASSWORDMAXBYTES); - char * seckey_s; - unsigned char *stream; + FILE *fp; + char *seckey_s; size_t seckey_s_size; size_t seckey_struct_len; @@ -344,32 +342,33 @@ seckey_load(const char *sk_file, int unencrypted_key) if (memcmp(seckey_struct->chk_alg, CHKALG, sizeof seckey_struct->chk_alg) != 0) { exit_msg("Unsupported checksum function"); } - if (unencrypted_key != 0) { - return seckey_struct; - } - if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0) { - exit_msg("get_password()"); - } - printf("Deriving a key from the password and decrypting the secret key... "); - fflush(stdout); - stream = xsodium_malloc(sizeof seckey_struct->keynum_sk); - if (crypto_pwhash_scryptsalsa208sha256(stream, sizeof seckey_struct->keynum_sk, pwd, - strlen(pwd), seckey_struct->kdf_salt, - le64_load(seckey_struct->kdf_opslimit_le), - le64_load(seckey_struct->kdf_memlimit_le)) != 0) { - exit_err("Unable to complete key derivation - This probably means out of memory"); - } - sodium_free(pwd); - xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream, - sizeof seckey_struct->keynum_sk); - sodium_free(stream); - puts("done\n"); - seckey_chk(chk, seckey_struct); - if (memcmp(chk, seckey_struct->keynum_sk.chk, sizeof chk) != 0) { - exit_msg("Wrong password for that key"); - } - sodium_memzero(chk, sizeof chk); + if (unencrypted_key == 0) { + char *pwd = xsodium_malloc(PASSWORDMAXBYTES); + unsigned char *stream; + if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0) { + exit_msg("get_password()"); + } + printf("Deriving a key from the password and decrypting the secret key... "); + fflush(stdout); + stream = xsodium_malloc(sizeof seckey_struct->keynum_sk); + if (crypto_pwhash_scryptsalsa208sha256(stream, sizeof seckey_struct->keynum_sk, pwd, + strlen(pwd), seckey_struct->kdf_salt, + le64_load(seckey_struct->kdf_opslimit_le), + le64_load(seckey_struct->kdf_memlimit_le)) != 0) { + exit_err("Unable to complete key derivation - This probably means out of memory"); + } + sodium_free(pwd); + xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream, + sizeof seckey_struct->keynum_sk); + sodium_free(stream); + puts("done\n"); + seckey_chk(chk, seckey_struct); + if (memcmp(chk, seckey_struct->keynum_sk.chk, sizeof chk) != 0) { + exit_msg("Wrong password for that key"); + } + sodium_memzero(chk, sizeof chk); + } return seckey_struct; } #endif @@ -613,14 +612,9 @@ static int generate(const char *pk_file, const char *sk_file, const char *comment, int force, int unencrypted_key) { - char * pwd = xsodium_malloc(PASSWORDMAXBYTES); - char * pwd2 = xsodium_malloc(PASSWORDMAXBYTES); SeckeyStruct * seckey_struct = xsodium_malloc(sizeof(SeckeyStruct)); - PubkeyStruct * pubkey_struct = xsodium_malloc(sizeof(PubkeyStruct)); - unsigned char *stream; - FILE * fp; - unsigned long kdf_memlimit; - unsigned long kdf_opslimit; + PubkeyStruct *pubkey_struct = xsodium_malloc(sizeof(PubkeyStruct)); + FILE *fp; abort_on_existing_key_files(pk_file, sk_file, force); randombytes_buf(seckey_struct->keynum_sk.keynum, sizeof seckey_struct->keynum_sk.keynum); @@ -633,6 +627,12 @@ generate(const char *pk_file, const char *sk_file, const char *comment, int forc memcpy(pubkey_struct->sig_alg, SIGALG, sizeof pubkey_struct->sig_alg); if (unencrypted_key == 0) { + char *pwd = xsodium_malloc(PASSWORDMAXBYTES); + char *pwd2 = xsodium_malloc(PASSWORDMAXBYTES); + unsigned char *stream; + unsigned long kdf_memlimit; + unsigned long kdf_opslimit; + puts("Please enter a password to protect the secret key.\n"); if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0 || get_password(pwd2, PASSWORDMAXBYTES, "Password (one more time): ") != 0) { From a536c178ab66dec89f2895a259fcc0a8c6c1b81b Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 19:40:34 +0100 Subject: [PATCH 15/70] Format --- src/minisign.c | 74 +++++++++++++++++++++++++------------------------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/src/minisign.c b/src/minisign.c index 90b3d8c..84dffc0 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -71,8 +71,8 @@ message_load_hashed(size_t *message_len, const char *message_file) { crypto_generichash_state hs; unsigned char buf[65536U]; - unsigned char * message; - FILE * fp; + unsigned char *message; + FILE *fp; size_t n; if ((fp = fopen(message_file, "rb")) == NULL) { @@ -96,7 +96,7 @@ message_load_hashed(size_t *message_len, const char *message_file) static unsigned char * message_load(size_t *message_len, const char *message_file, int hashed) { - FILE * fp; + FILE *fp; unsigned char *message; off_t message_len_; @@ -125,7 +125,7 @@ static int output_file(const char *message_file) { unsigned char buf[65536U]; - FILE * fp; + FILE *fp; size_t n; if ((fp = fopen(message_file, "rb")) == NULL) { @@ -150,9 +150,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int { char comment[COMMENTMAXBYTES]; SigStruct *sig_struct; - FILE * fp; - char * global_sig_s; - char * sig_s; + FILE *fp; + char *global_sig_s; + char *sig_s; size_t global_sig_len; size_t global_sig_s_size; size_t sig_s_size; @@ -250,8 +250,8 @@ pubkey_load_file(const char *pk_file) { char pk_comment[COMMENTMAXBYTES]; PubkeyStruct *pubkey_struct; - FILE * fp; - char * pubkey_s = NULL; + FILE *fp; + char *pubkey_s = NULL; size_t pubkey_s_size; if ((fp = fopen(pk_file, "r")) == NULL) { @@ -304,13 +304,13 @@ seckey_chk(unsigned char chk[crypto_generichash_BYTES], const SeckeyStruct *seck static SeckeyStruct * seckey_load(const char *sk_file, int unencrypted_key) { - char sk_comment[COMMENTMAXBYTES]; - unsigned char chk[crypto_generichash_BYTES]; - SeckeyStruct * seckey_struct; - FILE *fp; - char *seckey_s; - size_t seckey_s_size; - size_t seckey_struct_len; + char sk_comment[COMMENTMAXBYTES]; + unsigned char chk[crypto_generichash_BYTES]; + SeckeyStruct *seckey_struct; + FILE *fp; + char *seckey_s; + size_t seckey_s_size; + size_t seckey_struct_len; if ((fp = fopen(sk_file, "r")) == NULL) { exit_err(sk_file); @@ -379,9 +379,9 @@ verify(PubkeyStruct *pubkey_struct, const char *message_file, const char *sig_fi { char trusted_comment[TRUSTEDCOMMENTMAXBYTES]; unsigned char global_sig[crypto_sign_BYTES]; - FILE * info_fp = stdout; + FILE *info_fp = stdout; unsigned char *sig_and_trusted_comment; - SigStruct * sig_struct; + SigStruct *sig_struct; unsigned char *message; size_t message_len; size_t trusted_comment_len; @@ -449,7 +449,7 @@ verify(PubkeyStruct *pubkey_struct, const char *message_file, const char *sig_fi static char * append_sig_suffix(const char *message_file) { - char * sig_file; + char *sig_file; size_t message_file_len = strlen(message_file); sig_file = xmalloc(message_file_len + sizeof SIG_SUFFIX); @@ -463,7 +463,7 @@ append_sig_suffix(const char *message_file) static char * default_trusted_comment(const char *message_file, int hashed) { - char * ret; + char *ret; time_t ts = time(NULL); if (asprintf(&ret, "timestamp:%lu\tfile:%s%s", (unsigned long) ts, file_basename(message_file), @@ -480,10 +480,10 @@ sign(SeckeyStruct *seckey_struct, PubkeyStruct *pubkey_struct, const char *messa { unsigned char global_sig[crypto_sign_BYTES]; SigStruct sig_struct; - FILE * fp; + FILE *fp; unsigned char *message; unsigned char *sig_and_trusted_comment; - char * tmp_trusted_comment = NULL; + char *tmp_trusted_comment = NULL; size_t comment_len; size_t trusted_comment_len; size_t message_len; @@ -612,9 +612,9 @@ static int generate(const char *pk_file, const char *sk_file, const char *comment, int force, int unencrypted_key) { - SeckeyStruct * seckey_struct = xsodium_malloc(sizeof(SeckeyStruct)); - PubkeyStruct *pubkey_struct = xsodium_malloc(sizeof(PubkeyStruct)); - FILE *fp; + SeckeyStruct *seckey_struct = xsodium_malloc(sizeof(SeckeyStruct)); + PubkeyStruct *pubkey_struct = xsodium_malloc(sizeof(PubkeyStruct)); + FILE *fp; abort_on_existing_key_files(pk_file, sk_file, force); randombytes_buf(seckey_struct->keynum_sk.keynum, sizeof seckey_struct->keynum_sk.keynum); @@ -733,8 +733,8 @@ static char * sig_config_dir(void) { const char *config_dir_env; - char * config_dir; - char * home_dir; + char *config_dir; + char *home_dir; config_dir = NULL; if ((config_dir_env = getenv(SIG_DEFAULT_CONFIG_DIR_ENV_VAR)) != NULL) { @@ -776,18 +776,18 @@ main(int argc, char **argv) #ifndef VERIFY_ONLY char *sk_file = sig_default_skfile(); #endif - const char * sig_file = NULL; - const char * message_file = NULL; - const char * comment = NULL; - const char * pubkey_s = NULL; - const char * trusted_comment = NULL; + const char *sig_file = NULL; + const char *message_file = NULL; + const char *comment = NULL; + const char *pubkey_s = NULL; + const char *trusted_comment = NULL; unsigned char opt_seen[16] = { 0 }; int opt_flag; - int quiet = 0; - int output = 0; - int force = 0; - int allow_legacy = 1; - int sign_legacy = 0; + int quiet = 0; + int output = 0; + int force = 0; + int allow_legacy = 1; + int sign_legacy = 0; int unencrypted_key = 0; Action action = ACTION_NONE; From 41938e99f5d04c3bf4cf2efae9dc1e7f6b7c9174 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 19:45:00 +0100 Subject: [PATCH 16/70] Move key encryption/decryption code to dedicated functions --- src/minisign.c | 154 ++++++++++++++++++++++++++----------------------- 1 file changed, 82 insertions(+), 72 deletions(-) diff --git a/src/minisign.c b/src/minisign.c index 84dffc0..a7f3ab6 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -301,6 +301,86 @@ seckey_chk(unsigned char chk[crypto_generichash_BYTES], const SeckeyStruct *seck } #ifndef VERIFY_ONLY +static void +decrypt_key(SeckeyStruct *const seckey_struct, const unsigned char chk[crypto_generichash_BYTES]) +{ + char *pwd = xsodium_malloc(PASSWORDMAXBYTES); + unsigned char *stream; + + if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0) { + exit_msg("get_password()"); + } + printf("Deriving a key from the password and decrypting the secret key... "); + fflush(stdout); + stream = xsodium_malloc(sizeof seckey_struct->keynum_sk); + if (crypto_pwhash_scryptsalsa208sha256(stream, sizeof seckey_struct->keynum_sk, pwd, + strlen(pwd), seckey_struct->kdf_salt, + le64_load(seckey_struct->kdf_opslimit_le), + le64_load(seckey_struct->kdf_memlimit_le)) != 0) { + exit_err("Unable to complete key derivation - This probably means out of memory"); + } + sodium_free(pwd); + xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream, + sizeof seckey_struct->keynum_sk); + sodium_free(stream); + puts("done\n"); + seckey_chk(chk, seckey_struct); + if (memcmp(chk, seckey_struct->keynum_sk.chk, sizeof chk) != 0) { + exit_msg("Wrong password for that key"); + } + sodium_memzero(chk, sizeof chk); +} + +static void +encrypt_key(SeckeyStruct *const seckey_struct) +{ + char *pwd = xsodium_malloc(PASSWORDMAXBYTES); + char *pwd2 = xsodium_malloc(PASSWORDMAXBYTES); + unsigned char *stream; + unsigned long kdf_memlimit; + unsigned long kdf_opslimit; + + puts("Please enter a password to protect the secret key.\n"); + if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0 || + get_password(pwd2, PASSWORDMAXBYTES, "Password (one more time): ") != 0) { + exit_msg("get_password()"); + } + if (strcmp(pwd, pwd2) != 0) { + exit_msg("Passwords don't match"); + } + printf("Deriving a key from the password in order to encrypt the secret key... "); + fflush(stdout); + stream = xsodium_malloc(sizeof seckey_struct->keynum_sk); + randombytes_buf(seckey_struct->kdf_salt, sizeof seckey_struct->kdf_salt); + kdf_opslimit = crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE; + kdf_memlimit = crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE; + + while (crypto_pwhash_scryptsalsa208sha256(stream, sizeof seckey_struct->keynum_sk, pwd, + strlen(pwd), seckey_struct->kdf_salt, kdf_opslimit, + kdf_memlimit) != 0) { + kdf_opslimit /= 2; + kdf_memlimit /= 2; + if (kdf_opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN || + kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN) { + exit_err("Unable to complete key derivation - More memory would be needed"); + } + } + sodium_free(pwd); + sodium_free(pwd2); + if (kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE) { + fprintf(stderr, + "Warning: due to limited memory the KDF used less " + "memory than the default\n"); + } + le64_store(seckey_struct->kdf_opslimit_le, kdf_opslimit); + le64_store(seckey_struct->kdf_memlimit_le, kdf_memlimit); + seckey_chk(seckey_struct->keynum_sk.chk, seckey_struct); + xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream, + sizeof seckey_struct->keynum_sk); + sodium_free(stream); + puts("done\n"); +} + static SeckeyStruct * seckey_load(const char *sk_file, int unencrypted_key) { @@ -343,31 +423,7 @@ seckey_load(const char *sk_file, int unencrypted_key) exit_msg("Unsupported checksum function"); } if (unencrypted_key == 0) { - char *pwd = xsodium_malloc(PASSWORDMAXBYTES); - unsigned char *stream; - - if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0) { - exit_msg("get_password()"); - } - printf("Deriving a key from the password and decrypting the secret key... "); - fflush(stdout); - stream = xsodium_malloc(sizeof seckey_struct->keynum_sk); - if (crypto_pwhash_scryptsalsa208sha256(stream, sizeof seckey_struct->keynum_sk, pwd, - strlen(pwd), seckey_struct->kdf_salt, - le64_load(seckey_struct->kdf_opslimit_le), - le64_load(seckey_struct->kdf_memlimit_le)) != 0) { - exit_err("Unable to complete key derivation - This probably means out of memory"); - } - sodium_free(pwd); - xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream, - sizeof seckey_struct->keynum_sk); - sodium_free(stream); - puts("done\n"); - seckey_chk(chk, seckey_struct); - if (memcmp(chk, seckey_struct->keynum_sk.chk, sizeof chk) != 0) { - exit_msg("Wrong password for that key"); - } - sodium_memzero(chk, sizeof chk); + decrypt_key(seckey_struct, chk); } return seckey_struct; } @@ -625,55 +681,9 @@ generate(const char *pk_file, const char *sk_file, const char *comment, int forc memcpy(pubkey_struct->keynum_pk.keynum, seckey_struct->keynum_sk.keynum, sizeof pubkey_struct->keynum_pk.keynum); memcpy(pubkey_struct->sig_alg, SIGALG, sizeof pubkey_struct->sig_alg); - if (unencrypted_key == 0) { - char *pwd = xsodium_malloc(PASSWORDMAXBYTES); - char *pwd2 = xsodium_malloc(PASSWORDMAXBYTES); - unsigned char *stream; - unsigned long kdf_memlimit; - unsigned long kdf_opslimit; - - puts("Please enter a password to protect the secret key.\n"); - if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0 || - get_password(pwd2, PASSWORDMAXBYTES, "Password (one more time): ") != 0) { - exit_msg("get_password()"); - } - if (strcmp(pwd, pwd2) != 0) { - exit_msg("Passwords don't match"); - } - printf("Deriving a key from the password in order to encrypt the secret key... "); - fflush(stdout); - stream = xsodium_malloc(sizeof seckey_struct->keynum_sk); - randombytes_buf(seckey_struct->kdf_salt, sizeof seckey_struct->kdf_salt); - kdf_opslimit = crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE; - kdf_memlimit = crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE; - - while (crypto_pwhash_scryptsalsa208sha256(stream, sizeof seckey_struct->keynum_sk, pwd, - strlen(pwd), seckey_struct->kdf_salt, - kdf_opslimit, kdf_memlimit) != 0) { - kdf_opslimit /= 2; - kdf_memlimit /= 2; - if (kdf_opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN || - kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN) { - exit_err("Unable to complete key derivation - More memory would be needed"); - } - } - sodium_free(pwd); - sodium_free(pwd2); - if (kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE) { - fprintf(stderr, - "Warning: due to limited memory the KDF used less " - "memory than the default\n"); - } - le64_store(seckey_struct->kdf_opslimit_le, kdf_opslimit); - le64_store(seckey_struct->kdf_memlimit_le, kdf_memlimit); - seckey_chk(seckey_struct->keynum_sk.chk, seckey_struct); - xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream, - sizeof seckey_struct->keynum_sk); - sodium_free(stream); - puts("done\n"); + encrypt_key(seckey_struct); } - abort_on_existing_key_files(pk_file, sk_file, force); if (basedir_create_useronly(sk_file) != 0) { fprintf(stderr, "Warning: you may have to create the parent directory\n"); From 6ccd801dbca51380b133415c187c8240de445102 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 20:04:16 +0100 Subject: [PATCH 17/70] Allow seckey_load() to optionally return a copy of the key comment --- src/minisign.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/minisign.c b/src/minisign.c index a7f3ab6..41c7fb5 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -382,7 +382,7 @@ encrypt_key(SeckeyStruct *const seckey_struct) } static SeckeyStruct * -seckey_load(const char *sk_file, int unencrypted_key) +seckey_load(const char *sk_file, char *const sk_comment_copy, int unencrypted_key) { char sk_comment[COMMENTMAXBYTES]; unsigned char chk[crypto_generichash_BYTES]; @@ -398,6 +398,9 @@ seckey_load(const char *sk_file, int unencrypted_key) if (fgets(sk_comment, (int) sizeof sk_comment, fp) == NULL) { exit_msg("Error while loading the secret key file"); } + if (sk_comment_copy != NULL) { + memcpy(sk_comment_copy, sk_comment, sizeof sk_comment); + } sodium_memzero(sk_comment, sizeof sk_comment); seckey_s_size = B64_MAX_LEN_FROM_BIN_LEN(sizeof *seckey_struct) + 2U; seckey_s = xsodium_malloc(seckey_s_size); @@ -718,7 +721,7 @@ recreate_pk(const char *pk_file, const char *sk_file, int force, int unencrypted if (force == 0) { abort_on_existing_key_file(pk_file); } - if ((seckey_struct = seckey_load(sk_file, unencrypted_key)) == NULL) { + if ((seckey_struct = seckey_load(sk_file, NULL, unencrypted_key)) == NULL) { return -1; } memcpy(pubkey_struct.sig_alg, seckey_struct->sig_alg, sizeof pubkey_struct.sig_alg); @@ -917,7 +920,7 @@ main(int argc, char **argv) comment = DEFAULT_COMMENT; } return sign_all( - seckey_load(sk_file, unencrypted_key), + seckey_load(sk_file, NULL, unencrypted_key), ((pk_file != NULL || pubkey_s != NULL) ? pubkey_load(pk_file, pubkey_s) : NULL), message_file, (const char **) &argv[optind], argc - optind, sig_file, comment, trusted_comment, sign_legacy) != 0; From 16624abf2e73c0bea9290459145f25c7bcec355a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 20:39:56 +0100 Subject: [PATCH 18/70] Add the ability to change the password of a secret key Fixes #110 --- share/man/man1/minisign.1 | 7 +++++ src/manpage.md | 4 +++ src/minisign.c | 57 ++++++++++++++++++++++++++++++++++----- src/minisign.h | 3 ++- 4 files changed, 63 insertions(+), 8 deletions(-) diff --git a/share/man/man1/minisign.1 b/share/man/man1/minisign.1 index bae8f7d..1fd51de 100644 --- a/share/man/man1/minisign.1 +++ b/share/man/man1/minisign.1 @@ -13,6 +13,9 @@ \fBminisign\fR \-R [\-s seckey_file] [\-W] [\-p pubkey_file] . .P +\fBminisign\fR \-C [\-s seckey_file] [\-W] +. +.P \fBminisign\fR \-S [\-H] [\-x sig_file] [\-s seckey_file] [\-W] [\-c untrusted_comment] [\-t trusted_comment] \-m file [file \.\.\.] . .P @@ -32,6 +35,10 @@ These options control the actions of \fBminisign\fR\. Generate a new key pair . .TP +\fB\-C\fR +Change the password of a secret key +. +.TP \fB\-R\fR Recreate a public key file from a secret key file . diff --git a/src/manpage.md b/src/manpage.md index e84aff8..654af00 100644 --- a/src/manpage.md +++ b/src/manpage.md @@ -10,6 +10,8 @@ minisign(1) -- A dead simple tool to sign files and verify signatures. `minisign` -R [-s seckey_file] [-W] [-p pubkey_file] +`minisign` -C [-s seckey_file] [-W] + `minisign` -S [-H] [-x sig_file] [-s seckey_file] [-W] [-c untrusted_comment] [-t trusted_comment] -m file [file ...] `minisign` -V [-x sig_file] [-p pubkey_file | -P pubkey] [-o] [-q] -m file @@ -26,6 +28,8 @@ These options control the actions of `minisign`. * `-G`: Generate a new key pair + * `-C`: + Change the password of a secret key * `-R`: Recreate a public key file from a secret key file * `-S`: diff --git a/src/minisign.c b/src/minisign.c index 41c7fb5..72289e9 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -18,7 +18,7 @@ #include "minisign.h" #ifndef VERIFY_ONLY -static const char *getopt_options = "GSVRHhc:flm:oP:p:qQs:t:vWx:"; +static const char *getopt_options = "CGSVRHhc:flm:oP:p:qQs:t:vWx:"; #else static const char *getopt_options = "VhHm:oP:p:qQvx:"; #endif @@ -33,6 +33,7 @@ usage(void) #ifndef VERIFY_ONLY "minisign -G [-f] [-p pubkey_file] [-s seckey_file] [-W]\n" "minisign -R [-s seckey_file] [-W] [-p pubkey_file]\n" + "minisign -C [-s seckey_file] [-W]\n" "minisign -S [-l] [-x sig_file] [-s seckey_file] [-W] [-c untrusted_comment]\n" " [-t trusted_comment] -m file [file ...]\n" #endif @@ -41,6 +42,7 @@ usage(void) #ifndef VERIFY_ONLY "-G generate a new key pair\n" "-R recreate a public key file from a secret key file\n" + "-C change the password of the secret key\n" "-S sign files\n" #endif "-V verify that a signature is valid for a given file\n" @@ -382,9 +384,9 @@ encrypt_key(SeckeyStruct *const seckey_struct) } static SeckeyStruct * -seckey_load(const char *sk_file, char *const sk_comment_copy, int unencrypted_key) +seckey_load(const char *sk_file, char *const sk_comment_line, int unencrypted_key) { - char sk_comment[COMMENTMAXBYTES]; + char sk_comment_line_buf[COMMENTMAXBYTES]; unsigned char chk[crypto_generichash_BYTES]; SeckeyStruct *seckey_struct; FILE *fp; @@ -395,13 +397,13 @@ seckey_load(const char *sk_file, char *const sk_comment_copy, int unencrypted_ke if ((fp = fopen(sk_file, "r")) == NULL) { exit_err(sk_file); } - if (fgets(sk_comment, (int) sizeof sk_comment, fp) == NULL) { + if (fgets(sk_comment_line_buf, (int) sizeof sk_comment_line_buf, fp) == NULL) { exit_msg("Error while loading the secret key file"); } - if (sk_comment_copy != NULL) { - memcpy(sk_comment_copy, sk_comment, sizeof sk_comment); + if (sk_comment_line != NULL) { + memcpy(sk_comment_line, sk_comment_line_buf, sizeof sk_comment_line_buf); } - sodium_memzero(sk_comment, sizeof sk_comment); + sodium_memzero(sk_comment_line_buf, sizeof sk_comment_line_buf); seckey_s_size = B64_MAX_LEN_FROM_BIN_LEN(sizeof *seckey_struct) + 2U; seckey_s = xsodium_malloc(seckey_s_size); seckey_struct = xsodium_malloc(sizeof *seckey_struct); @@ -739,6 +741,39 @@ recreate_pk(const char *pk_file, const char *sk_file, int force, int unencrypted return 0; } +static int +update_password(const char *sk_file, int unencrypted_key) +{ + SeckeyStruct *seckey_struct; + char *sk_comment_line; + FILE *fp; + size_t sk_comment_line_len; + + sk_comment_line = xsodium_malloc(COMMENTMAXBYTES); + if (unencrypted_key == 0) { + printf("Enter the current password for [%s].\n", sk_file); + } else { + printf("Assuming the secret key in [%s] is unencrypted.\n", sk_file); + } + if ((seckey_struct = seckey_load(sk_file, sk_comment_line, unencrypted_key)) == NULL) { + return -1; + } + encrypt_key(seckey_struct); + if ((fp = fopen_create_useronly(sk_file)) == NULL) { + exit_err(sk_file); + } + trim(sk_comment_line); + xfprintf(fp, "%s\n", sk_comment_line); + sodium_free(sk_comment_line); + xfput_b64(fp, (unsigned char *) (void *) seckey_struct, sizeof *seckey_struct); + xfclose(fp); + sodium_free(seckey_struct); + + puts("Password updated."); + + return 0; +} + #endif #ifndef VERIFY_ONLY @@ -819,6 +854,12 @@ main(int argc, char **argv) } action = ACTION_SIGN; break; + case 'C': + if (action != ACTION_NONE && action != ACTION_UPDATE_PASSWORD) { + usage(); + } + action = ACTION_UPDATE_PASSWORD; + break; case 'R': if (action != ACTION_NONE && action != ACTION_RECREATE_PK) { usage(); @@ -929,6 +970,8 @@ main(int argc, char **argv) pk_file = SIG_DEFAULT_PKFILE; } return recreate_pk(pk_file, sk_file, force, unencrypted_key) != 0; + case ACTION_UPDATE_PASSWORD: + return update_password(sk_file, unencrypted_key) != 0; #endif case ACTION_VERIFY: if (message_file == NULL) { diff --git a/src/minisign.h b/src/minisign.h index 3144656..d131aab 100644 --- a/src/minisign.h +++ b/src/minisign.h @@ -58,7 +58,8 @@ typedef enum Action_ { ACTION_GENERATE, ACTION_SIGN, ACTION_VERIFY, - ACTION_RECREATE_PK + ACTION_RECREATE_PK, + ACTION_UPDATE_PASSWORD } Action; #endif From 6040047c271932a62aca1a9fcae54a031cc98553 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 20:46:14 +0100 Subject: [PATCH 19/70] seckey_chk() actually computes chk --- src/minisign.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/minisign.c b/src/minisign.c index 72289e9..fc7b08e 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -290,7 +290,7 @@ pubkey_load(const char *pk_file, const char *pubkey_s) } static void -seckey_chk(unsigned char chk[crypto_generichash_BYTES], const SeckeyStruct *seckey_struct) +seckey_compute_chk(unsigned char chk[crypto_generichash_BYTES], const SeckeyStruct *seckey_struct) { crypto_generichash_state hs; @@ -304,7 +304,7 @@ seckey_chk(unsigned char chk[crypto_generichash_BYTES], const SeckeyStruct *seck #ifndef VERIFY_ONLY static void -decrypt_key(SeckeyStruct *const seckey_struct, const unsigned char chk[crypto_generichash_BYTES]) +decrypt_key(SeckeyStruct *const seckey_struct, unsigned char chk[crypto_generichash_BYTES]) { char *pwd = xsodium_malloc(PASSWORDMAXBYTES); unsigned char *stream; @@ -326,11 +326,11 @@ decrypt_key(SeckeyStruct *const seckey_struct, const unsigned char chk[crypto_ge sizeof seckey_struct->keynum_sk); sodium_free(stream); puts("done\n"); - seckey_chk(chk, seckey_struct); - if (memcmp(chk, seckey_struct->keynum_sk.chk, sizeof chk) != 0) { + seckey_compute_chk(chk, seckey_struct); + if (memcmp(chk, seckey_struct->keynum_sk.chk, crypto_generichash_BYTES) != 0) { exit_msg("Wrong password for that key"); } - sodium_memzero(chk, sizeof chk); + sodium_memzero(chk, crypto_generichash_BYTES); } static void @@ -376,7 +376,7 @@ encrypt_key(SeckeyStruct *const seckey_struct) } le64_store(seckey_struct->kdf_opslimit_le, kdf_opslimit); le64_store(seckey_struct->kdf_memlimit_le, kdf_memlimit); - seckey_chk(seckey_struct->keynum_sk.chk, seckey_struct); + seckey_compute_chk(seckey_struct->keynum_sk.chk, seckey_struct); xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream, sizeof seckey_struct->keynum_sk); sodium_free(stream); From 80defb2a9924edfe5af1a86c02404d028de69658 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 20:42:39 +0100 Subject: [PATCH 20/70] Bump --- CMakeLists.txt | 2 +- src/minisign.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index f8c3171..7157da4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -7,7 +7,7 @@ set(CPACK_PACKAGE_VENDOR "Frank Denis") set(CPACK_PACKAGE_DESCRIPTION_FILE "${CMAKE_CURRENT_SOURCE_DIR}/README.md") set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/LICENSE") set(CPACK_PACKAGE_VERSION_MAJOR "0") -set(CPACK_PACKAGE_VERSION_MINOR "10") +set(CPACK_PACKAGE_VERSION_MINOR "11") set(CPACK_PACKAGE_VERSION_PATCH "0") set( CPACK_SOURCE_PACKAGE_FILE_NAME diff --git a/src/minisign.h b/src/minisign.h index d131aab..c870b43 100644 --- a/src/minisign.h +++ b/src/minisign.h @@ -19,7 +19,7 @@ #define SIG_DEFAULT_PKFILE "minisign.pub" #define SIG_DEFAULT_SKFILE "minisign.key" #define SIG_SUFFIX ".minisig" -#define VERSION_STRING "minisign 0.10" +#define VERSION_STRING "minisign 0.11" typedef struct KeynumSK_ { unsigned char keynum[KEYNUMBYTES]; From 27bff8a1f5985964d47840bff118bd25af3e6ccb Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 20:50:57 +0100 Subject: [PATCH 21/70] Use CMAKE_BUILD_TYPE=MinSizeRel --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 82dd35b..8f3bc69 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ RUN apk add --no-cache upx ||: RUN curl https://download.libsodium.org/libsodium/releases/LATEST.tar.gz | tar xzvf - && cd libsodium-stable && env CFLAGS="-Os" CPPFLAGS="-DED25519_NONDETERMINISTIC=1" ./configure --disable-dependency-tracking && make -j$(nproc) check && make install && cd .. && rm -fr libsodium-stable COPY ./ ./ -RUN mkdir build && cd build && cmake -D BUILD_STATIC_EXECUTABLES=1 .. && make -j$(nproc) +RUN mkdir build && cd build && cmake -DCMAKE_BUILD_TYPE=MinSizeRel -DBUILD_STATIC_EXECUTABLES=1 .. && make -j$(nproc) RUN upx --lzma build/minisign ||: FROM scratch From 506ac9ce3e7ed986680d138cba862dd4c1af38bc Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 21:12:06 +0100 Subject: [PATCH 22/70] Simplify usage without key encryption --- src/minisign.c | 40 +++++++++++++++++++++------------------- src/minisign.h | 1 + 2 files changed, 22 insertions(+), 19 deletions(-) diff --git a/src/minisign.c b/src/minisign.c index fc7b08e..8343bf4 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -32,9 +32,9 @@ usage(void) "Usage:\n" #ifndef VERIFY_ONLY "minisign -G [-f] [-p pubkey_file] [-s seckey_file] [-W]\n" - "minisign -R [-s seckey_file] [-W] [-p pubkey_file]\n" + "minisign -R [-s seckey_file] [-p pubkey_file]\n" "minisign -C [-s seckey_file] [-W]\n" - "minisign -S [-l] [-x sig_file] [-s seckey_file] [-W] [-c untrusted_comment]\n" + "minisign -S [-l] [-x sig_file] [-s seckey_file] [-c untrusted_comment]\n" " [-t trusted_comment] -m file [file ...]\n" #endif "minisign -V [-H] [-x sig_file] [-p pubkey_file | -P pubkey] [-o] [-q] -m file\n" @@ -384,7 +384,7 @@ encrypt_key(SeckeyStruct *const seckey_struct) } static SeckeyStruct * -seckey_load(const char *sk_file, char *const sk_comment_line, int unencrypted_key) +seckey_load(const char *sk_file, char *const sk_comment_line) { char sk_comment_line_buf[COMMENTMAXBYTES]; unsigned char chk[crypto_generichash_BYTES]; @@ -421,14 +421,13 @@ seckey_load(const char *sk_file, char *const sk_comment_line, int unencrypted_ke if (memcmp(seckey_struct->sig_alg, SIGALG, sizeof seckey_struct->sig_alg) != 0) { exit_msg("Unsupported signature algorithm"); } - if (memcmp(seckey_struct->kdf_alg, KDFALG, sizeof seckey_struct->kdf_alg) != 0) { - exit_msg("Unsupported key derivation function"); - } if (memcmp(seckey_struct->chk_alg, CHKALG, sizeof seckey_struct->chk_alg) != 0) { exit_msg("Unsupported checksum function"); } - if (unencrypted_key == 0) { + if (memcmp(seckey_struct->kdf_alg, KDFALG, sizeof seckey_struct->kdf_alg) == 0) { decrypt_key(seckey_struct, chk); + } else if (memcmp(seckey_struct->kdf_alg, KDFNONE, sizeof seckey_struct->kdf_alg) != 0) { + exit_msg("Unsupported key derivation function"); } return seckey_struct; } @@ -680,8 +679,10 @@ generate(const char *pk_file, const char *sk_file, const char *comment, int forc abort_on_existing_key_files(pk_file, sk_file, force); randombytes_buf(seckey_struct->keynum_sk.keynum, sizeof seckey_struct->keynum_sk.keynum); crypto_sign_keypair(pubkey_struct->keynum_pk.pk, seckey_struct->keynum_sk.sk); + memset(seckey_struct, 0, sizeof(SeckeyStruct)); memcpy(seckey_struct->sig_alg, SIGALG, sizeof seckey_struct->sig_alg); - memcpy(seckey_struct->kdf_alg, KDFALG, sizeof seckey_struct->kdf_alg); + memcpy(seckey_struct->kdf_alg, unencrypted_key ? KDFNONE : KDFALG, + sizeof seckey_struct->kdf_alg); memcpy(seckey_struct->chk_alg, CHKALG, sizeof seckey_struct->chk_alg); memcpy(pubkey_struct->keynum_pk.keynum, seckey_struct->keynum_sk.keynum, sizeof pubkey_struct->keynum_pk.keynum); @@ -715,7 +716,7 @@ generate(const char *pk_file, const char *sk_file, const char *comment, int forc } static int -recreate_pk(const char *pk_file, const char *sk_file, int force, int unencrypted_key) +recreate_pk(const char *pk_file, const char *sk_file, int force) { SeckeyStruct *seckey_struct; PubkeyStruct pubkey_struct; @@ -723,7 +724,7 @@ recreate_pk(const char *pk_file, const char *sk_file, int force, int unencrypted if (force == 0) { abort_on_existing_key_file(pk_file); } - if ((seckey_struct = seckey_load(sk_file, NULL, unencrypted_key)) == NULL) { + if ((seckey_struct = seckey_load(sk_file, NULL)) == NULL) { return -1; } memcpy(pubkey_struct.sig_alg, seckey_struct->sig_alg, sizeof pubkey_struct.sig_alg); @@ -750,15 +751,16 @@ update_password(const char *sk_file, int unencrypted_key) size_t sk_comment_line_len; sk_comment_line = xsodium_malloc(COMMENTMAXBYTES); - if (unencrypted_key == 0) { - printf("Enter the current password for [%s].\n", sk_file); - } else { - printf("Assuming the secret key in [%s] is unencrypted.\n", sk_file); - } - if ((seckey_struct = seckey_load(sk_file, sk_comment_line, unencrypted_key)) == NULL) { + if ((seckey_struct = seckey_load(sk_file, sk_comment_line)) == NULL) { return -1; } - encrypt_key(seckey_struct); + memcpy(seckey_struct->kdf_alg, unencrypted_key ? KDFNONE : KDFALG, + sizeof seckey_struct->kdf_alg); + if (unencrypted_key == 0) { + encrypt_key(seckey_struct); + } else { + printf("You are about to remove key encryption for [%s].\n", sk_file); + } if ((fp = fopen_create_useronly(sk_file)) == NULL) { exit_err(sk_file); } @@ -961,7 +963,7 @@ main(int argc, char **argv) comment = DEFAULT_COMMENT; } return sign_all( - seckey_load(sk_file, NULL, unencrypted_key), + seckey_load(sk_file, NULL), ((pk_file != NULL || pubkey_s != NULL) ? pubkey_load(pk_file, pubkey_s) : NULL), message_file, (const char **) &argv[optind], argc - optind, sig_file, comment, trusted_comment, sign_legacy) != 0; @@ -969,7 +971,7 @@ main(int argc, char **argv) if (pk_file == NULL) { pk_file = SIG_DEFAULT_PKFILE; } - return recreate_pk(pk_file, sk_file, force, unencrypted_key) != 0; + return recreate_pk(pk_file, sk_file, force) != 0; case ACTION_UPDATE_PASSWORD: return update_password(sk_file, unencrypted_key) != 0; #endif diff --git a/src/minisign.h b/src/minisign.h index c870b43..629b1fd 100644 --- a/src/minisign.h +++ b/src/minisign.h @@ -9,6 +9,7 @@ #define SIGALG "Ed" #define SIGALG_HASHED "ED" #define KDFALG "Sc" +#define KDFNONE "\0\0" #define CHKALG "B2" #define COMMENT_PREFIX "untrusted comment: " #define DEFAULT_COMMENT "signature from minisign secret key" From 3f1df52db4ddbe49517dc9182d662026c81b8121 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 21:13:44 +0100 Subject: [PATCH 23/70] Warn about -C -W implications before it's too late --- src/minisign.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/minisign.c b/src/minisign.c index 8343bf4..daa992b 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -42,7 +42,7 @@ usage(void) #ifndef VERIFY_ONLY "-G generate a new key pair\n" "-R recreate a public key file from a secret key file\n" - "-C change the password of the secret key\n" + "-C change/remove the password of the secret key\n" "-S sign files\n" #endif "-V verify that a signature is valid for a given file\n" @@ -750,6 +750,9 @@ update_password(const char *sk_file, int unencrypted_key) FILE *fp; size_t sk_comment_line_len; + if (unencrypted_key != 0) { + printf("Key encryption for [%s] is going to be removed.\n", sk_file); + } sk_comment_line = xsodium_malloc(COMMENTMAXBYTES); if ((seckey_struct = seckey_load(sk_file, sk_comment_line)) == NULL) { return -1; @@ -758,8 +761,6 @@ update_password(const char *sk_file, int unencrypted_key) sizeof seckey_struct->kdf_alg); if (unencrypted_key == 0) { encrypt_key(seckey_struct); - } else { - printf("You are about to remove key encryption for [%s].\n", sk_file); } if ((fp = fopen_create_useronly(sk_file)) == NULL) { exit_err(sk_file); @@ -771,8 +772,11 @@ update_password(const char *sk_file, int unencrypted_key) xfclose(fp); sodium_free(seckey_struct); - puts("Password updated."); - + if (unencrypted_key == 0) { + puts("Password updated."); + } else { + puts("Password removed."); + } return 0; } From ef445ab9281c97b67810f31c82871c092aecf134 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 21:16:52 +0100 Subject: [PATCH 24/70] 2023 --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 786feb4..4373ba9 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ ISC LICENSE. /* - * Copyright (c) 2015-2021 + * Copyright (c) 2015-2023 * Frank Denis * * Permission to use, copy, modify, and/or distribute this software for any From 12fd90b6fe4cb02f43c3ffd39765df63c3074252 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 21:18:39 +0100 Subject: [PATCH 25/70] Update man page --- share/man/man1/minisign.1 | 6 +++--- src/manpage.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/share/man/man1/minisign.1 b/share/man/man1/minisign.1 index 1fd51de..f7ef624 100644 --- a/share/man/man1/minisign.1 +++ b/share/man/man1/minisign.1 @@ -10,13 +10,13 @@ \fBminisign\fR \-G [\-p pubkey_file] [\-s seckey_file] [\-W] . .P -\fBminisign\fR \-R [\-s seckey_file] [\-W] [\-p pubkey_file] +\fBminisign\fR \-R [\-s seckey_file] [\-p pubkey_file] . .P \fBminisign\fR \-C [\-s seckey_file] [\-W] . .P -\fBminisign\fR \-S [\-H] [\-x sig_file] [\-s seckey_file] [\-W] [\-c untrusted_comment] [\-t trusted_comment] \-m file [file \.\.\.] +\fBminisign\fR \-S [\-H] [\-x sig_file] [\-s seckey_file] [\-c untrusted_comment] [\-t trusted_comment] \-m file [file \.\.\.] . .P \fBminisign\fR \-V [\-x sig_file] [\-p pubkey_file | \-P pubkey] [\-o] [\-q] \-m file @@ -36,7 +36,7 @@ Generate a new key pair . .TP \fB\-C\fR -Change the password of a secret key +Change/remove the password of a secret key . .TP \fB\-R\fR diff --git a/src/manpage.md b/src/manpage.md index 654af00..800aacc 100644 --- a/src/manpage.md +++ b/src/manpage.md @@ -8,11 +8,11 @@ minisign(1) -- A dead simple tool to sign files and verify signatures. `minisign` -G [-p pubkey_file] [-s seckey_file] [-W] -`minisign` -R [-s seckey_file] [-W] [-p pubkey_file] +`minisign` -R [-s seckey_file] [-p pubkey_file] `minisign` -C [-s seckey_file] [-W] -`minisign` -S [-H] [-x sig_file] [-s seckey_file] [-W] [-c untrusted_comment] [-t trusted_comment] -m file [file ...] +`minisign` -S [-H] [-x sig_file] [-s seckey_file] [-c untrusted_comment] [-t trusted_comment] -m file [file ...] `minisign` -V [-x sig_file] [-p pubkey_file | -P pubkey] [-o] [-q] -m file @@ -29,7 +29,7 @@ These options control the actions of `minisign`. * `-G`: Generate a new key pair * `-C`: - Change the password of a secret key + Change/remove the password of a secret key * `-R`: Recreate a public key file from a secret key file * `-S`: From ee4661522626f8170efd78a13fc875355120eeb8 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 21:24:08 +0100 Subject: [PATCH 26/70] Zeroize seckey_struct early --- src/minisign.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/minisign.c b/src/minisign.c index daa992b..2ce7431 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -677,9 +677,9 @@ generate(const char *pk_file, const char *sk_file, const char *comment, int forc FILE *fp; abort_on_existing_key_files(pk_file, sk_file, force); + memset(seckey_struct, 0, sizeof(SeckeyStruct)); randombytes_buf(seckey_struct->keynum_sk.keynum, sizeof seckey_struct->keynum_sk.keynum); crypto_sign_keypair(pubkey_struct->keynum_pk.pk, seckey_struct->keynum_sk.sk); - memset(seckey_struct, 0, sizeof(SeckeyStruct)); memcpy(seckey_struct->sig_alg, SIGALG, sizeof seckey_struct->sig_alg); memcpy(seckey_struct->kdf_alg, unencrypted_key ? KDFNONE : KDFALG, sizeof seckey_struct->kdf_alg); From 444ef2dca9d756b2c7d2e0799739e3584bf8ccd3 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 16 Jan 2023 22:42:27 +0100 Subject: [PATCH 27/70] Remove unused var --- src/minisign.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/minisign.c b/src/minisign.c index 2ce7431..cd14fd4 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -748,7 +748,6 @@ update_password(const char *sk_file, int unencrypted_key) SeckeyStruct *seckey_struct; char *sk_comment_line; FILE *fp; - size_t sk_comment_line_len; if (unencrypted_key != 0) { printf("Key encryption for [%s] is going to be removed.\n", sk_file); From 05a0cd435d386d1ec0b53b0a8d164650732eaa99 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 17 Jan 2023 11:40:20 +0100 Subject: [PATCH 28/70] Remove Travis --- .travis.yml | 43 ------------------------------------------- 1 file changed, 43 deletions(-) delete mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 309f589..0000000 --- a/.travis.yml +++ /dev/null @@ -1,43 +0,0 @@ -sudo: required - -language: c - -os: - - linux - -compiler: - - gcc - -before_script: - - git clone https://github.com/jedisct1/libsodium.git --branch=stable - - cd libsodium - - env CPPFLAGS=-DED25519_NONDETERMINISTIC ./configure --disable-dependency-tracking - - make -j$(nproc) - - sudo make install - - sudo ldconfig - - cd .. - -script: - - rm -fr build - - mkdir build - - cd build - - cmake .. - - make -j$(nproc) - - cd .. - - - rm -fr build - - mkdir build - - cd build - - cmake -D STATIC_LIBSODIUM=1 .. - - make -j$(nproc) - - cd .. - - - rm -fr build - - mkdir build - - cd build - - cmake -D BUILD_STATIC_EXECUTABLES=1 .. - - make -j$(nproc) - - cd .. - -matrix: - - fast_finish: true From 709fed6b739422f62dafce048669430fbc956770 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 17 Jan 2023 11:43:15 +0100 Subject: [PATCH 29/70] Build script --- build-dist-package.sh | 5 +++++ 1 file changed, 5 insertions(+) create mode 100755 build-dist-package.sh diff --git a/build-dist-package.sh b/build-dist-package.sh new file mode 100755 index 0000000..0e13208 --- /dev/null +++ b/build-dist-package.sh @@ -0,0 +1,5 @@ +#! /bin/sh + +tar czpvf minisign-0.11.tar.gz $(git ls-files) +minisign -Sm minisign-0.11.tar.gz + From 8aef0181829ff5c87468add66ed07d1a65982867 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 12 Aug 2023 11:21:37 +0200 Subject: [PATCH 30/70] Update for Zig 0.11 --- README.md | 2 +- build.zig | 25 ++++++++++++++----------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 23f6196..95ea170 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ Dependencies: Compilation: - $ zig build -Drelease-safe + $ zig build -Drelease ## Using cmake and gcc or clang: diff --git a/build.zig b/build.zig index afa2612..1e87e11 100644 --- a/build.zig +++ b/build.zig @@ -1,21 +1,24 @@ const std = @import("std"); pub fn build(b: *std.build.Builder) !void { - var target = b.standardTargetOptions(.{}); - const mode = b.standardReleaseOptions(); + const target = b.standardTargetOptions(.{}); + const optimize = b.standardOptimizeOption(.{ .preferred_optimize_mode = .ReleaseSmall }); - const minisign = b.addExecutable("minisign", null); - minisign.setTarget(target); - minisign.setBuildMode(mode); - minisign.install(); + const minisign = b.addExecutable(.{ + .name = "minisign", + .target = target, + .optimize = optimize, + }); minisign.linkLibC(); - minisign.addLibraryPath("/opt/homebrew/lib"); - minisign.addLibraryPath("/usr/local/lib"); + minisign.addLibraryPath(.{ .path = "/opt/homebrew/lib" }); + minisign.addLibraryPath(.{ .path = "/usr/local/lib" }); minisign.linkSystemLibrary("sodium"); - minisign.addIncludePath("src"); - minisign.addSystemIncludePath("/opt/homebrew/include"); - minisign.addSystemIncludePath("/usr/local/include"); + minisign.addIncludePath(.{ .path = "src" }); + minisign.addSystemIncludePath(.{ .path = "/opt/homebrew/include" }); + minisign.addSystemIncludePath(.{ .path = "/usr/local/include" }); minisign.defineCMacro("_GNU_SOURCE", "1"); minisign.addCSourceFiles(&.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" }, &.{}); + + b.installArtifact(minisign); } From 7d1116c5cc9b71086359ead2ace0d0d8a215b3a3 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 20 Nov 2023 19:13:22 +0100 Subject: [PATCH 31/70] Zig 0.12 compat --- build.zig | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/build.zig b/build.zig index 1e87e11..c10ffe0 100644 --- a/build.zig +++ b/build.zig @@ -18,7 +18,12 @@ pub fn build(b: *std.build.Builder) !void { minisign.addSystemIncludePath(.{ .path = "/opt/homebrew/include" }); minisign.addSystemIncludePath(.{ .path = "/usr/local/include" }); minisign.defineCMacro("_GNU_SOURCE", "1"); - minisign.addCSourceFiles(&.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" }, &.{}); + const source_files = &.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" }; + if (@hasDecl(std.Build.Step.Compile, "AddCSourceFilesOptions")) { + minisign.addCSourceFiles(.{ .files = source_files }); + } else { + minisign.addCSourceFiles(source_files, &.{}); + } b.installArtifact(minisign); } From ef2db96ae036f568330c3f2e33450fd367d26b73 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 17 Dec 2023 22:04:32 +0100 Subject: [PATCH 32/70] Breaking: wero-pad key identifiers Fixes #137 --- src/minisign.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/minisign.c b/src/minisign.c index cd14fd4..257a31a 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -461,9 +461,9 @@ verify(PubkeyStruct *pubkey_struct, const char *message_file, const char *sig_fi if (memcmp(sig_struct->keynum, pubkey_struct->keynum_pk.keynum, sizeof sig_struct->keynum) != 0) { fprintf(stderr, - "Signature key id in %s is %" PRIX64 + "Signature key id in %s is %016" PRIX64 "\n" - "but the key id in the public key is %" PRIX64 "\n", + "but the key id in the public key is %016" PRIX64 "\n", sig_file, le64_load(sig_struct->keynum), le64_load(pubkey_struct->keynum_pk.keynum)); exit(1); @@ -662,7 +662,7 @@ write_pk_file(const char *pk_file, const PubkeyStruct *pubkey_struct) if ((fp = fopen(pk_file, "w")) == NULL) { exit_err(pk_file); } - xfprintf(fp, COMMENT_PREFIX "minisign public key %" PRIX64 "\n", + xfprintf(fp, COMMENT_PREFIX "minisign public key %016" PRIX64 "\n", le64_load(pubkey_struct->keynum_pk.keynum)); xfput_b64(fp, (const unsigned char *) (const void *) pubkey_struct, sizeof *pubkey_struct); xfclose(fp); From 5f96819f441e9bcd330701132a25d8657cb9bca7 Mon Sep 17 00:00:00 2001 From: Isaac Yonemoto Date: Mon, 18 Dec 2023 11:50:08 -0600 Subject: [PATCH 33/70] Add Elixir to minisign implementations (#138) --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 95ea170..20ecb27 100644 --- a/README.md +++ b/README.md @@ -102,6 +102,8 @@ WAPM. * [minisign-php](https://github.com/soatok/minisign-php) is a PHP implementation. * [py-minisign](https://github.com/x13a/py-minisign) is a Python implementation. +* [minisign](https://hexdocs.pm/minisign/Minisign.html) is an Elixir implementation + (verification only) Signature determinism --------------------- From 573988d2355172b6e050fa3fdc974abd3e476988 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 4 Jan 2024 12:24:31 +0100 Subject: [PATCH 34/70] Update for zig-master --- build.zig | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/build.zig b/build.zig index c10ffe0..6ba16c0 100644 --- a/build.zig +++ b/build.zig @@ -1,6 +1,6 @@ const std = @import("std"); -pub fn build(b: *std.build.Builder) !void { +pub fn build(b: *std.Build) !void { const target = b.standardTargetOptions(.{}); const optimize = b.standardOptimizeOption(.{ .preferred_optimize_mode = .ReleaseSmall }); @@ -8,6 +8,7 @@ pub fn build(b: *std.build.Builder) !void { .name = "minisign", .target = target, .optimize = optimize, + .strip = true, }); minisign.linkLibC(); minisign.addLibraryPath(.{ .path = "/opt/homebrew/lib" }); @@ -19,11 +20,7 @@ pub fn build(b: *std.build.Builder) !void { minisign.addSystemIncludePath(.{ .path = "/usr/local/include" }); minisign.defineCMacro("_GNU_SOURCE", "1"); const source_files = &.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" }; - if (@hasDecl(std.Build.Step.Compile, "AddCSourceFilesOptions")) { - minisign.addCSourceFiles(.{ .files = source_files }); - } else { - minisign.addCSourceFiles(source_files, &.{}); - } + minisign.addCSourceFiles(.{ .files = source_files }); b.installArtifact(minisign); } From 996ea4fee35217667c5e7e6a8984d8eab87049a0 Mon Sep 17 00:00:00 2001 From: Ryan Castellucci Date: Tue, 2 Apr 2024 07:11:27 +0100 Subject: [PATCH 35/70] exclude other unneeded code for VERIFY_ONLY (#139) --- src/minisign.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/minisign.c b/src/minisign.c index 257a31a..588ab7c 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -289,6 +289,7 @@ pubkey_load(const char *pk_file, const char *pubkey_s) exit_msg("A public key is required"); } +#ifndef VERIFY_ONLY static void seckey_compute_chk(unsigned char chk[crypto_generichash_BYTES], const SeckeyStruct *seckey_struct) { @@ -302,7 +303,6 @@ seckey_compute_chk(unsigned char chk[crypto_generichash_BYTES], const SeckeyStru crypto_generichash_final(&hs, chk, sizeof seckey_struct->keynum_sk.chk); } -#ifndef VERIFY_ONLY static void decrypt_key(SeckeyStruct *const seckey_struct, unsigned char chk[crypto_generichash_BYTES]) { @@ -831,17 +831,25 @@ main(int argc, char **argv) #endif const char *sig_file = NULL; const char *message_file = NULL; +#ifndef VERIFY_ONLY const char *comment = NULL; +#endif const char *pubkey_s = NULL; +#ifndef VERIFY_ONLY const char *trusted_comment = NULL; +#endif unsigned char opt_seen[16] = { 0 }; int opt_flag; int quiet = 0; int output = 0; +#ifndef VERIFY_ONLY int force = 0; +#endif int allow_legacy = 1; +#ifndef VERIFY_ONLY int sign_legacy = 0; int unencrypted_key = 0; +#endif Action action = ACTION_NONE; while ((opt_flag = getopt(argc, argv, getopt_options)) != -1) { @@ -891,9 +899,11 @@ main(int argc, char **argv) case 'H': allow_legacy = 0; break; +#ifndef VERIFY_ONLY case 'l': sign_legacy = 1; break; +#endif case 'm': message_file = optarg; break; From 45478e1dd669623c810b7a406f0b13a45460f3df Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 9 May 2024 21:46:20 +0200 Subject: [PATCH 36/70] Udpate for Zig 0.13 --- build.zig | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/build.zig b/build.zig index 6ba16c0..887e977 100644 --- a/build.zig +++ b/build.zig @@ -11,13 +11,13 @@ pub fn build(b: *std.Build) !void { .strip = true, }); minisign.linkLibC(); - minisign.addLibraryPath(.{ .path = "/opt/homebrew/lib" }); - minisign.addLibraryPath(.{ .path = "/usr/local/lib" }); + minisign.addLibraryPath(.{ .cwd_relative = "/opt/homebrew/lib" }); + minisign.addLibraryPath(.{ .cwd_relative = "/usr/local/lib" }); minisign.linkSystemLibrary("sodium"); - minisign.addIncludePath(.{ .path = "src" }); - minisign.addSystemIncludePath(.{ .path = "/opt/homebrew/include" }); - minisign.addSystemIncludePath(.{ .path = "/usr/local/include" }); + minisign.addIncludePath(b.path("src")); + minisign.addSystemIncludePath(.{ .cwd_relative = "/opt/homebrew/include" }); + minisign.addSystemIncludePath(.{ .cwd_relative = "/usr/local/include" }); minisign.defineCMacro("_GNU_SOURCE", "1"); const source_files = &.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" }; minisign.addCSourceFiles(.{ .files = source_files }); From 868785690f64f6c5d7098fc14de256a04c8f89cc Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 11 Dec 2024 18:45:20 +0100 Subject: [PATCH 37/70] Add a Docker usage example Fixes #132 --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 20ecb27..e76098a 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,13 @@ Minisign is also available with docker: $ docker run -i --rm jedisct1/minisign +For example, verifying a signature using the docker image can be done +with: + + $ docker run -v .:/minisign -e HOME=/minisign -w /minisign \ + -it --rm jedisct1/minisign \ + -Vm file_to_verify -p minisign.pub + The image can be verified with the following cosign public key: ```text From 55320cc84c72f68ee3e7391b6090f51ae9696e52 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 11 Dec 2024 18:46:14 +0100 Subject: [PATCH 38/70] 2024 --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 4373ba9..5bc5e3f 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ ISC LICENSE. /* - * Copyright (c) 2015-2023 + * Copyright (c) 2015-2024 * Frank Denis * * Permission to use, copy, modify, and/or distribute this software for any From cbc79b3ece5095cd2d8e192a441e3e72d888eb5f Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Fri, 20 Dec 2024 12:21:03 +0100 Subject: [PATCH 39/70] defineCMacro -> root_module.addCMacro --- build.zig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.zig b/build.zig index 887e977..94f09cd 100644 --- a/build.zig +++ b/build.zig @@ -18,7 +18,7 @@ pub fn build(b: *std.Build) !void { minisign.addIncludePath(b.path("src")); minisign.addSystemIncludePath(.{ .cwd_relative = "/opt/homebrew/include" }); minisign.addSystemIncludePath(.{ .cwd_relative = "/usr/local/include" }); - minisign.defineCMacro("_GNU_SOURCE", "1"); + minisign.root_module.addCMacro("_GNU_SOURCE", "1"); const source_files = &.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" }; minisign.addCSourceFiles(.{ .files = source_files }); From 28612a431a27380d64179a94811f3b14ee363b20 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 31 Dec 2024 14:58:15 +0100 Subject: [PATCH 40/70] Add issues.yml --- .github/workflows/issues.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/workflows/issues.yml diff --git a/.github/workflows/issues.yml b/.github/workflows/issues.yml new file mode 100644 index 0000000..c5bf530 --- /dev/null +++ b/.github/workflows/issues.yml @@ -0,0 +1,17 @@ +name: Close inactive issues +on: + schedule: + - cron: "30 1 * * *" + +jobs: + close-issues: + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write + steps: + - uses: actions/stale@v9 + with: + stale-issue-message: "This issue is stale because it has been open for 30 days with no activity." + close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale." + repo-token: ${{ secrets.GITHUB_TOKEN }} From 285b53d52c3f5d4a7030ca0d307fc9948e218591 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 15 Jan 2025 21:03:49 +0100 Subject: [PATCH 41/70] Mention where the compiled binary is --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index e76098a..162de96 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,8 @@ Compilation: $ zig build -Drelease +The resulting binary can be found in `zig-out/bin/minisign`. + ## Using cmake and gcc or clang: * [libsodium](https://libsodium.org/) From a1c07cc27718ed921bd0d1e13937a64132deb502 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 15 Jan 2025 21:03:56 +0100 Subject: [PATCH 42/70] Leverage root_module.linkSystemLibrary() --- build.zig | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build.zig b/build.zig index 94f09cd..f1e04fb 100644 --- a/build.zig +++ b/build.zig @@ -11,10 +11,10 @@ pub fn build(b: *std.Build) !void { .strip = true, }); minisign.linkLibC(); - minisign.addLibraryPath(.{ .cwd_relative = "/opt/homebrew/lib" }); - minisign.addLibraryPath(.{ .cwd_relative = "/usr/local/lib" }); - minisign.linkSystemLibrary("sodium"); - + minisign.root_module.linkSystemLibrary( + "sodium", + .{ .use_pkg_config = .yes }, + ); minisign.addIncludePath(b.path("src")); minisign.addSystemIncludePath(.{ .cwd_relative = "/opt/homebrew/include" }); minisign.addSystemIncludePath(.{ .cwd_relative = "/usr/local/include" }); From e640be4b8f408a79cc0d9a40d3717661edf6a504 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 15 Jan 2025 22:07:37 +0100 Subject: [PATCH 43/70] Indent --- .clang-format | 2 +- src/base64.c | 2 +- src/get_line.c | 26 +++++++++++++------------- src/helpers.h | 6 +++--- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.clang-format b/.clang-format index 91fa8f2..1d831c8 100644 --- a/.clang-format +++ b/.clang-format @@ -94,7 +94,7 @@ IncludeIsMainSourceRegex: "" IndentCaseLabels: false IndentCaseBlocks: false IndentGotoLabels: true -IndentPPDirectives: None +IndentPPDirectives: AfterHash IndentExternBlock: AfterExternBlock IndentRequires: false IndentWidth: 4 diff --git a/src/base64.c b/src/base64.c index 42a8429..c06a4cb 100644 --- a/src/base64.c +++ b/src/base64.c @@ -52,7 +52,7 @@ b64_to_bin(unsigned char *const bin, const char *b64, size_t bin_maxlen, size_t REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE }; const unsigned char *b64_u = (const unsigned char *) b64; - unsigned char * bin_w = bin; + unsigned char *bin_w = bin; unsigned char mask = 0U; unsigned char t0 = 0, t1 = 0, t2 = 0, t3 = 0; uint32_t t = 0; diff --git a/src/get_line.c b/src/get_line.c index 328de78..e29e2eb 100644 --- a/src/get_line.c +++ b/src/get_line.c @@ -1,6 +1,6 @@ #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) -#include +# include #endif #include @@ -10,19 +10,19 @@ #include #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) -#include -#include -#include -#include +# include +# include +# include +# include #elif defined(_WIN32) -#include +# include #endif #include "get_line.h" #include "helpers.h" #ifndef TCSAFLUSH -#define TCSAFLUSH 0 +# define TCSAFLUSH 0 #endif #ifndef VERIFY_ONLY @@ -33,7 +33,7 @@ disable_echo(void) fflush(stdout); fflush(stderr); -#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) +# if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) { struct termios p; @@ -43,7 +43,7 @@ disable_echo(void) p.c_lflag &= ~ECHO; tcsetattr(0, TCSAFLUSH, &p); } -#elif defined(_WIN32) +# elif defined(_WIN32) { HANDLE handle = GetStdHandle(STD_INPUT_HANDLE); DWORD mode = 0; @@ -51,7 +51,7 @@ disable_echo(void) GetConsoleMode(handle, &mode); SetConsoleMode(handle, mode & ~ENABLE_ECHO_INPUT); } -#endif +# endif } static void @@ -60,7 +60,7 @@ enable_echo(void) fflush(stdout); fflush(stderr); -#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) +# if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) { struct termios p; @@ -70,7 +70,7 @@ enable_echo(void) p.c_lflag |= ECHO; tcsetattr(0, TCSAFLUSH, &p); } -#elif defined(_WIN32) +# elif defined(_WIN32) { HANDLE handle = GetStdHandle(STD_INPUT_HANDLE); DWORD mode = 0; @@ -78,7 +78,7 @@ enable_echo(void) GetConsoleMode(handle, &mode); SetConsoleMode(handle, mode | ENABLE_ECHO_INPUT); } -#endif +# endif } int diff --git a/src/helpers.h b/src/helpers.h index ec76326..5ef815d 100644 --- a/src/helpers.h +++ b/src/helpers.h @@ -6,12 +6,12 @@ #include #if !defined(__GNUC__) && !defined(__attribute__) -#define __attribute__(X) +# define __attribute__(X) #endif #ifdef _WIN32 -#define DIR_SEP '\\' +# define DIR_SEP '\\' #else -#define DIR_SEP '/' +# define DIR_SEP '/' #endif uint64_t le64_load(const unsigned char *p); From e43b9ff13bbdec755505b42bfca647c8cf609c9c Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 15 Jan 2025 22:11:52 +0100 Subject: [PATCH 44/70] Make libsodium optional --- README.md | 13 +++-- build.zig | 27 +++++++++-- src/helpers.c | 22 +++++---- src/libzodium.zig | 120 ++++++++++++++++++++++++++++++++++++++++++++++ src/minisign.c | 32 +++++++------ 5 files changed, 184 insertions(+), 30 deletions(-) create mode 100644 src/libzodium.zig diff --git a/README.md b/README.md index 162de96..0aa9b58 100644 --- a/README.md +++ b/README.md @@ -20,17 +20,24 @@ Compilation / installation Dependencies: -* [libsodium](https://libsodium.org/) +* [libsodium](https://libsodium.org/) (*optional*) +* [zig](https://ziglang.org) -Compilation: +Compilation with libsodium: $ zig build -Drelease +Compilation without libsodium: + + $ zig build -Drelease -Dwithout_libsodium + The resulting binary can be found in `zig-out/bin/minisign`. ## Using cmake and gcc or clang: -* [libsodium](https://libsodium.org/) +Dependencies: + +* [libsodium](https://libsodium.org/) (*required*) * cmake * pkg-config * gcc or clang diff --git a/build.zig b/build.zig index f1e04fb..f0a655a 100644 --- a/build.zig +++ b/build.zig @@ -4,6 +4,8 @@ pub fn build(b: *std.Build) !void { const target = b.standardTargetOptions(.{}); const optimize = b.standardOptimizeOption(.{ .preferred_optimize_mode = .ReleaseSmall }); + const use_libzodium = b.option(bool, "without_libsodium", "Use the zig standard library instead of libsodium") orelse false; + const minisign = b.addExecutable(.{ .name = "minisign", .target = target, @@ -11,10 +13,27 @@ pub fn build(b: *std.Build) !void { .strip = true, }); minisign.linkLibC(); - minisign.root_module.linkSystemLibrary( - "sodium", - .{ .use_pkg_config = .yes }, - ); + if (use_libzodium) { + const libzodium_mod = b.createModule(.{ + .root_source_file = b.path("src/libzodium.zig"), + .target = target, + .optimize = optimize, + }); + const libzodium = b.addStaticLibrary(.{ + .name = "zodium", + .root_module = libzodium_mod, + .strip = true, + }); + libzodium.linkLibC(); + b.installArtifact(libzodium); + minisign.root_module.addCMacro("LIBZODIUM", "1"); + minisign.linkLibrary(libzodium); + } else { + minisign.root_module.linkSystemLibrary( + "sodium", + .{ .use_pkg_config = .yes }, + ); + } minisign.addIncludePath(b.path("src")); minisign.addSystemIncludePath(.{ .cwd_relative = "/opt/homebrew/include" }); minisign.addSystemIncludePath(.{ .cwd_relative = "/usr/local/include" }); diff --git a/src/helpers.c b/src/helpers.c index a151603..d8a04c6 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -1,10 +1,10 @@ #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) -#include -#include -#include +# include +# include +# include #elif defined(_WIN32) -#include +# include #endif #include @@ -14,7 +14,11 @@ #include #include -#include +#ifdef LIBZODIUM +# include "zodium.h" +#else +# include +#endif #include "base64.h" #include "helpers.h" @@ -100,7 +104,7 @@ xor_buf(unsigned char *dst, const unsigned char *src, size_t len) int xfprintf(FILE *fp, const char *format, ...) { - char * out; + char *out; size_t out_maxlen = 4096U; int len; va_list va; @@ -126,7 +130,7 @@ int xfput_b64(FILE *fp, const unsigned char *bin, size_t bin_len) { const size_t b64_maxlen = (bin_len + 2) * 4 / 3 + 1; - char * b64; + char *b64; b64 = xsodium_malloc(b64_maxlen); if (bin_to_b64(b64, bin, b64_maxlen, bin_len) == NULL) { @@ -160,7 +164,7 @@ trim(char *str) while (i-- > (size_t) 0U) { if (str[i] == '\n') { str[i] = 0; - t = 1; + t = 1; } else if (str[i] == '\r') { str[i] = 0; } @@ -198,7 +202,7 @@ int basedir_create_useronly(const char *file) { const char *basename; - char * dir; + char *dir; int ret = -1; dir = xstrdup(file); diff --git a/src/libzodium.zig b/src/libzodium.zig new file mode 100644 index 0000000..c5c8ec9 --- /dev/null +++ b/src/libzodium.zig @@ -0,0 +1,120 @@ +const std = @import("std"); +const crypto = std.crypto; +const mem = std.mem; +const Ed25519 = crypto.sign.Ed25519; + +export fn sodium_init() callconv(.C) c_int { + return 0; +} + +export fn sodium_memzero(pnt: [*c]u8, len: usize) callconv(.C) void { + crypto.utils.secureZero(u8, pnt[0..len]); +} + +export fn randombytes_buf(pnt: [*c]u8, len: usize) callconv(.C) void { + crypto.random.bytes(pnt[0..len]); +} + +export fn sodium_malloc(len: usize) callconv(.C) ?*anyopaque { + return std.c.malloc(len); +} + +export fn sodium_free(pnt: ?*anyopaque) callconv(.C) void { + return std.c.free(pnt); +} + +export fn crypto_pwhash_scryptsalsa208sha256( + out: [*c]u8, + outlen: c_ulonglong, + passwd: [*c]const u8, + passwdlen: c_ulonglong, + salt: [*c]const u8, + opslimit: c_ulonglong, + memlimit: usize, +) callconv(.C) c_int { + crypto.pwhash.scrypt.kdf( + std.heap.c_allocator, + out[0..outlen], + passwd[0..passwdlen], + salt[0..32], + crypto.pwhash.scrypt.Params.fromLimits(opslimit, memlimit), + ) catch return -1; + return 0; +} + +const crypto_generichash_state = crypto.hash.blake2.Blake2b512; + +export fn crypto_generichash_init( + state: *crypto_generichash_state, + _: [*c]const u8, + _: usize, + outlen: usize, +) c_int { + state.* = crypto.hash.blake2.Blake2b512.init(.{ .expected_out_bits = outlen * 8 }); + return 0; +} + +export fn crypto_generichash_update( + state: *crypto_generichash_state, + in: [*c]const u8, + inlen: c_ulonglong, +) c_int { + state.*.update(in[0..inlen]); + return 0; +} + +export fn crypto_generichash_final( + state: *crypto_generichash_state, + out: [*c]u8, + outlen: usize, +) c_int { + var h: [64]u8 = undefined; + state.*.final(&h); + @memcpy(out[0..outlen], h[0..outlen]); + return 0; +} + +export fn crypto_sign_keypair(pk: [*c]u8, sk: [*c]u8) callconv(.C) c_int { + const kp = Ed25519.KeyPair.generate(); + pk[0..32].* = kp.public_key.toBytes(); + sk[0..64].* = kp.secret_key.toBytes(); + return 0; +} + +export fn crypto_sign_detached( + sig_bytes: [*c]u8, + _: [*c]c_ulonglong, + m: [*c]const u8, + mlen: c_ulonglong, + sk_bytes: [*c]const u8, +) callconv(.C) c_int { + const sk = Ed25519.SecretKey.fromBytes(sk_bytes[0..64].*) catch return -1; + const kp = Ed25519.KeyPair.fromSecretKey(sk) catch return -1; + var noise: [Ed25519.noise_length]u8 = undefined; + crypto.random.bytes(&noise); + const s = kp.sign(m[0..mlen], noise) catch return -1; + sig_bytes[0..64].* = s.toBytes(); + return 0; +} + +export fn crypto_sign_verify_detached( + sig_bytes: [*c]const u8, + m: [*c]const u8, + mlen: c_ulonglong, + pk_bytes: [*c]const u8, +) callconv(.C) c_int { + const pk = Ed25519.PublicKey.fromBytes(pk_bytes[0..32].*) catch return -1; + const sig = Ed25519.Signature.fromBytes(sig_bytes[0..64].*); + sig.verify(m[0..mlen], pk) catch return 1; + return 0; +} + +export fn sodium_bin2hex( + hex: [*c]u8, + hex_maxlen: usize, + bin: [*c]const u8, + bin_len: usize, +) callconv(.C) [*c]u8 { + _ = std.fmt.bufPrint(hex[0..hex_maxlen], "{s}", .{std.fmt.fmtSliceHexLower(bin[0..bin_len])}) catch return null; + return hex; +} diff --git a/src/minisign.c b/src/minisign.c index 588ab7c..f0e3a0c 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -10,7 +10,11 @@ #include #include -#include +#ifdef LIBZODIUM +# include "zodium.h" +#else +# include +#endif #include "base64.h" #include "get_line.h" @@ -829,28 +833,28 @@ main(int argc, char **argv) #ifndef VERIFY_ONLY char *sk_file = sig_default_skfile(); #endif - const char *sig_file = NULL; - const char *message_file = NULL; + const char *sig_file = NULL; + const char *message_file = NULL; #ifndef VERIFY_ONLY - const char *comment = NULL; + const char *comment = NULL; #endif - const char *pubkey_s = NULL; + const char *pubkey_s = NULL; #ifndef VERIFY_ONLY - const char *trusted_comment = NULL; + const char *trusted_comment = NULL; #endif - unsigned char opt_seen[16] = { 0 }; + unsigned char opt_seen[16] = { 0 }; int opt_flag; - int quiet = 0; - int output = 0; + int quiet = 0; + int output = 0; #ifndef VERIFY_ONLY - int force = 0; + int force = 0; #endif - int allow_legacy = 1; + int allow_legacy = 1; #ifndef VERIFY_ONLY - int sign_legacy = 0; - int unencrypted_key = 0; + int sign_legacy = 0; + int unencrypted_key = 0; #endif - Action action = ACTION_NONE; + Action action = ACTION_NONE; while ((opt_flag = getopt(argc, argv, getopt_options)) != -1) { switch (opt_flag) { From 952225f9b79ad8a72007affac097f70454f6e21a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 15 Jan 2025 22:46:01 +0100 Subject: [PATCH 45/70] Import zodium.h --- src/zodium.h | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 src/zodium.h diff --git a/src/zodium.h b/src/zodium.h new file mode 100644 index 0000000..5a1bc8d --- /dev/null +++ b/src/zodium.h @@ -0,0 +1,62 @@ +#pragma once + +#include + +int sodium_init(void) __attribute__((warn_unused_result)); +; + +void sodium_memzero(void* const pnt, const size_t len); + +void randombytes_buf(void* const buf, const size_t size) __attribute__((nonnull)); + +void* sodium_malloc(const size_t size) __attribute__((malloc)); + +void sodium_free(void* ptr); + +#define crypto_pwhash_scryptsalsa208sha256_SALTBYTES 32U +#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN 32768U +#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN 16777216U +#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE 33554432U +#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE 1073741824U + +int crypto_pwhash_scryptsalsa208sha256(unsigned char* const out, + unsigned long long outlen, + const char* const passwd, + unsigned long long passwdlen, + const unsigned char* const salt, + unsigned long long opslimit, + size_t memlimit) __attribute__((warn_unused_result)) +__attribute__((nonnull)); + +typedef struct crypto_generichash_state { + unsigned char opaque[512]; +} crypto_generichash_state; + +#define crypto_generichash_BYTES_MAX 64U +#define crypto_generichash_BYTES 32U + +int crypto_generichash_init(crypto_generichash_state* state, const unsigned char* key, + const size_t keylen, const size_t outlen) __attribute__((nonnull(1))); + +int crypto_generichash_update(crypto_generichash_state* state, + const unsigned char* in, + unsigned long long inlen) __attribute__((nonnull(1))); + +int crypto_generichash_final(crypto_generichash_state* state, unsigned char* out, + const size_t outlen) __attribute__((nonnull)); + +#define crypto_sign_SECRETKEYBYTES 64 +#define crypto_sign_PUBLICKEYBYTES 32 +#define crypto_sign_BYTES 64 + +int crypto_sign_keypair(unsigned char* pk, unsigned char* sk) __attribute__((nonnull)); + +int crypto_sign_detached(unsigned char* sig, unsigned long long* siglen_p, const unsigned char* m, + unsigned long long mlen, const unsigned char* sk) + __attribute__((nonnull(1, 5))); + +int crypto_sign_verify_detached(const unsigned char* sig, + const unsigned char* m, + unsigned long long mlen, + const unsigned char* pk) __attribute__((warn_unused_result)) +__attribute__((nonnull(1, 4))); \ No newline at end of file From 12333fd7d11180e90a473331fcd628452af061ed Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 15 Jan 2025 22:12:43 +0100 Subject: [PATCH 46/70] Minisign is 10 years old --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 5bc5e3f..3b5a8b8 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ ISC LICENSE. /* - * Copyright (c) 2015-2024 + * Copyright (c) 2015-2025 * Frank Denis * * Permission to use, copy, modify, and/or distribute this software for any From e0e86b4e4f2bcc2c39084994d6e28d90d4feff05 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 15 Jan 2025 22:19:16 +0100 Subject: [PATCH 47/70] Add -Dstatic --- README.md | 8 ++++++-- build.zig | 6 +++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0aa9b58..e664a73 100644 --- a/README.md +++ b/README.md @@ -23,11 +23,15 @@ Dependencies: * [libsodium](https://libsodium.org/) (*optional*) * [zig](https://ziglang.org) -Compilation with libsodium: +Compilation with libsodium, dynamically linked (libsodium will need to be installed on the system for the command to run): $ zig build -Drelease -Compilation without libsodium: +Compilation with libsodium, statically linked (libsodium will only be needed for compilation): + + $ zig build -Drelease -Dstatic + +Compilation without libsodium, no dependencies: $ zig build -Drelease -Dwithout_libsodium diff --git a/build.zig b/build.zig index f0a655a..111fb5b 100644 --- a/build.zig +++ b/build.zig @@ -5,6 +5,7 @@ pub fn build(b: *std.Build) !void { const optimize = b.standardOptimizeOption(.{ .preferred_optimize_mode = .ReleaseSmall }); const use_libzodium = b.option(bool, "without_libsodium", "Use the zig standard library instead of libsodium") orelse false; + const use_static_linking = b.option(bool, "static", "Statically link the binary") orelse false; const minisign = b.addExecutable(.{ .name = "minisign", @@ -31,7 +32,10 @@ pub fn build(b: *std.Build) !void { } else { minisign.root_module.linkSystemLibrary( "sodium", - .{ .use_pkg_config = .yes }, + .{ + .use_pkg_config = .yes, + .preferred_link_mode = if (use_static_linking) .static else .dynamic, + }, ); } minisign.addIncludePath(b.path("src")); From c1c452560f714a6fe4e9123b4b3f6dff9e7eb938 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 15 Jan 2025 22:20:07 +0100 Subject: [PATCH 48/70] Nits --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e664a73..041ccf7 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ public key: Compilation / installation -------------------------- -## Using [Zig](https://ziglang.org): +## Building with Zig Dependencies: @@ -31,13 +31,13 @@ Compilation with libsodium, statically linked (libsodium will only be needed for $ zig build -Drelease -Dstatic -Compilation without libsodium, no dependencies: +Compilation without libsodium, no dependencies required: $ zig build -Drelease -Dwithout_libsodium The resulting binary can be found in `zig-out/bin/minisign`. -## Using cmake and gcc or clang: +## Building with cmake and gcc or clang: Dependencies: From c084f9ca3821211cc122bd83b94c4f066db29e22 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 15 Jan 2025 22:25:48 +0100 Subject: [PATCH 49/70] without_libsodium -> without-libsodium --- README.md | 2 +- build.zig | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 041ccf7..a7176e6 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ Compilation with libsodium, statically linked (libsodium will only be needed for Compilation without libsodium, no dependencies required: - $ zig build -Drelease -Dwithout_libsodium + $ zig build -Drelease -Dwithout-libsodium The resulting binary can be found in `zig-out/bin/minisign`. diff --git a/build.zig b/build.zig index 111fb5b..de6cb7c 100644 --- a/build.zig +++ b/build.zig @@ -4,7 +4,7 @@ pub fn build(b: *std.Build) !void { const target = b.standardTargetOptions(.{}); const optimize = b.standardOptimizeOption(.{ .preferred_optimize_mode = .ReleaseSmall }); - const use_libzodium = b.option(bool, "without_libsodium", "Use the zig standard library instead of libsodium") orelse false; + const use_libzodium = b.option(bool, "without-libsodium", "Use the zig standard library instead of libsodium") orelse false; const use_static_linking = b.option(bool, "static", "Statically link the binary") orelse false; const minisign = b.addExecutable(.{ From b393ff47b1c0a310e0f320505f40f8746ff3cbca Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 15 Jan 2025 22:29:18 +0100 Subject: [PATCH 50/70] Let people compile with ReleaseFast if they want to --- README.md | 8 +++++--- build.zig | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a7176e6..ed05078 100644 --- a/README.md +++ b/README.md @@ -25,18 +25,20 @@ Dependencies: Compilation with libsodium, dynamically linked (libsodium will need to be installed on the system for the command to run): - $ zig build -Drelease + $ zig build -Doptimize=ReleaseSmall Compilation with libsodium, statically linked (libsodium will only be needed for compilation): - $ zig build -Drelease -Dstatic + $ zig build -Doptimize=ReleaseSmall -Dstatic Compilation without libsodium, no dependencies required: - $ zig build -Drelease -Dwithout-libsodium + $ zig build -Doptimize=ReleaseSmall -Dwithout-libsodium The resulting binary can be found in `zig-out/bin/minisign`. +In all these examples, `ReleaseFast` can be replaced with `ReleaseSmall` to favor speed over size. + ## Building with cmake and gcc or clang: Dependencies: diff --git a/build.zig b/build.zig index de6cb7c..0951668 100644 --- a/build.zig +++ b/build.zig @@ -2,7 +2,7 @@ const std = @import("std"); pub fn build(b: *std.Build) !void { const target = b.standardTargetOptions(.{}); - const optimize = b.standardOptimizeOption(.{ .preferred_optimize_mode = .ReleaseSmall }); + const optimize = b.standardOptimizeOption(.{}); const use_libzodium = b.option(bool, "without-libsodium", "Use the zig standard library instead of libsodium") orelse false; const use_static_linking = b.option(bool, "static", "Statically link the binary") orelse false; From 9896d072d4e2a2e7185c87225ea1ed7a12b66a07 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 15 Jan 2025 22:24:21 +0100 Subject: [PATCH 51/70] Bump --- CMakeLists.txt | 4 ++-- build-dist-package.sh | 5 ++--- src/minisign.h | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 7157da4..851156d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 2.8.12) +cmake_minimum_required(VERSION 3.10) project(minisign C) @@ -7,7 +7,7 @@ set(CPACK_PACKAGE_VENDOR "Frank Denis") set(CPACK_PACKAGE_DESCRIPTION_FILE "${CMAKE_CURRENT_SOURCE_DIR}/README.md") set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/LICENSE") set(CPACK_PACKAGE_VERSION_MAJOR "0") -set(CPACK_PACKAGE_VERSION_MINOR "11") +set(CPACK_PACKAGE_VERSION_MINOR "12") set(CPACK_PACKAGE_VERSION_PATCH "0") set( CPACK_SOURCE_PACKAGE_FILE_NAME diff --git a/build-dist-package.sh b/build-dist-package.sh index 0e13208..3762743 100755 --- a/build-dist-package.sh +++ b/build-dist-package.sh @@ -1,5 +1,4 @@ #! /bin/sh -tar czpvf minisign-0.11.tar.gz $(git ls-files) -minisign -Sm minisign-0.11.tar.gz - +tar czpvf minisign-0.12.tar.gz $(git ls-files) +minisign -Sm minisign-0.12.tar.gz diff --git a/src/minisign.h b/src/minisign.h index 629b1fd..9495f29 100644 --- a/src/minisign.h +++ b/src/minisign.h @@ -20,7 +20,7 @@ #define SIG_DEFAULT_PKFILE "minisign.pub" #define SIG_DEFAULT_SKFILE "minisign.key" #define SIG_SUFFIX ".minisig" -#define VERSION_STRING "minisign 0.11" +#define VERSION_STRING "minisign 0.12" typedef struct KeynumSK_ { unsigned char keynum[KEYNUMBYTES]; From b85e15d45ac9eab34e44596fd309f5b07db9545c Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 15 Jan 2025 22:33:36 +0100 Subject: [PATCH 52/70] Add build.zig.zon --- build.zig.zon | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 build.zig.zon diff --git a/build.zig.zon b/build.zig.zon new file mode 100644 index 0000000..6b8cd38 --- /dev/null +++ b/build.zig.zon @@ -0,0 +1,12 @@ +.{ + .name = "minisign", + .version = "0.12.0", + .paths = .{ + "LICEMSE", + "README.md", + "build.zig", + "build.zig.zon", + "src", + "share", + }, +} From 3c889ce7f3e17211d5c64da0ee5394b79fcedcb2 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 15 Jan 2025 23:27:20 +0100 Subject: [PATCH 53/70] Add a section title --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index ed05078..b63da9d 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,8 @@ or: $ cmake -D BUILD_STATIC_EXECUTABLES=1 .. +## Pre-built packages + Minisign is also available in Homebrew: $ brew install minisign From 1c44ef601ef995efce2c80ef267f4b3a8c626d33 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 15 Jan 2025 23:42:04 +0100 Subject: [PATCH 54/70] Regen man page --- share/man/man1/minisign.1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/share/man/man1/minisign.1 b/share/man/man1/minisign.1 index f7ef624..989a731 100644 --- a/share/man/man1/minisign.1 +++ b/share/man/man1/minisign.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "MINISIGN" "1" "January 2023" "" "" +.TH "MINISIGN" "1" "August 2024" "" "" . .SH "NAME" \fBminisign\fR \- A dead simple tool to sign files and verify signatures\. From c16536238571f4678d812007bf11b7df087aaaf2 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 15 Jan 2025 23:42:24 +0100 Subject: [PATCH 55/70] Move libzodium files to a dedicated directory --- build.zig | 2 +- src/helpers.c | 2 +- src/{ => libzodium}/libzodium.zig | 0 src/{zodium.h => libzodium/sodium.h} | 0 src/minisign.c | 2 +- 5 files changed, 3 insertions(+), 3 deletions(-) rename src/{ => libzodium}/libzodium.zig (100%) rename src/{zodium.h => libzodium/sodium.h} (100%) diff --git a/build.zig b/build.zig index 0951668..bc20591 100644 --- a/build.zig +++ b/build.zig @@ -16,7 +16,7 @@ pub fn build(b: *std.Build) !void { minisign.linkLibC(); if (use_libzodium) { const libzodium_mod = b.createModule(.{ - .root_source_file = b.path("src/libzodium.zig"), + .root_source_file = b.path("src/libzodium/libzodium.zig"), .target = target, .optimize = optimize, }); diff --git a/src/helpers.c b/src/helpers.c index d8a04c6..5a1b2fc 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -15,7 +15,7 @@ #include #ifdef LIBZODIUM -# include "zodium.h" +# include "libzodium/sodium.h" #else # include #endif diff --git a/src/libzodium.zig b/src/libzodium/libzodium.zig similarity index 100% rename from src/libzodium.zig rename to src/libzodium/libzodium.zig diff --git a/src/zodium.h b/src/libzodium/sodium.h similarity index 100% rename from src/zodium.h rename to src/libzodium/sodium.h diff --git a/src/minisign.c b/src/minisign.c index f0e3a0c..0444716 100644 --- a/src/minisign.c +++ b/src/minisign.c @@ -11,7 +11,7 @@ #include #ifdef LIBZODIUM -# include "zodium.h" +# include "libzodium/sodium.h" #else # include #endif From 101e90a668ce68365d4a0b292c06525d6d8919c0 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 16 Jan 2025 00:54:22 +0100 Subject: [PATCH 56/70] Allow compilation with Zig 0.13 as well as 0.14 Fixes #150 --- build.zig | 38 +++++++++++++++++++++++++++---------- src/libzodium/libzodium.zig | 2 +- 2 files changed, 29 insertions(+), 11 deletions(-) diff --git a/build.zig b/build.zig index bc20591..5f27ab0 100644 --- a/build.zig +++ b/build.zig @@ -1,3 +1,4 @@ +const builtin = @import("builtin"); const std = @import("std"); pub fn build(b: *std.Build) !void { @@ -15,21 +16,38 @@ pub fn build(b: *std.Build) !void { }); minisign.linkLibC(); if (use_libzodium) { - const libzodium_mod = b.createModule(.{ - .root_source_file = b.path("src/libzodium/libzodium.zig"), - .target = target, - .optimize = optimize, - }); - const libzodium = b.addStaticLibrary(.{ - .name = "zodium", - .root_module = libzodium_mod, - .strip = true, - }); + var libzodium = lib: { + if (builtin.zig_version.major == 0 and builtin.zig_version.minor < 13) { + @compileError("Building requires Zig 0.13.0 or later"); + } + if (builtin.zig_version.major == 0 and builtin.zig_version.minor == 13) { + break :lib b.addStaticLibrary(.{ + .name = "zodium", + .strip = true, + .root_source_file = b.path("src/libzodium/libzodium.zig"), + .target = target, + .optimize = optimize, + }); + } else { + const libzodium_mod = b.createModule(.{ + .root_source_file = b.path("src/libzodium/libzodium.zig"), + .target = target, + .optimize = optimize, + }); + break :lib b.addStaticLibrary(.{ + .name = "zodium", + .root_module = libzodium_mod, + .strip = true, + }); + } + }; libzodium.linkLibC(); b.installArtifact(libzodium); minisign.root_module.addCMacro("LIBZODIUM", "1"); minisign.linkLibrary(libzodium); } else { + minisign.addLibraryPath(.{ .cwd_relative = "/opt/homebrew/lib" }); + minisign.addLibraryPath(.{ .cwd_relative = "/usr/local/lib" }); minisign.root_module.linkSystemLibrary( "sodium", .{ diff --git a/src/libzodium/libzodium.zig b/src/libzodium/libzodium.zig index c5c8ec9..72f1912 100644 --- a/src/libzodium/libzodium.zig +++ b/src/libzodium/libzodium.zig @@ -75,7 +75,7 @@ export fn crypto_generichash_final( } export fn crypto_sign_keypair(pk: [*c]u8, sk: [*c]u8) callconv(.C) c_int { - const kp = Ed25519.KeyPair.generate(); + const kp = if (std.meta.hasFn(Ed25519.KeyPair, "generate")) Ed25519.KeyPair.generate() else (Ed25519.KeyPair.create(null) catch return -1); pk[0..32].* = kp.public_key.toBytes(); sk[0..64].* = kp.secret_key.toBytes(); return 0; From 90d46db2406f001cb5017a275fa2902ec6bc51f9 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 16 Jan 2025 12:55:52 +0100 Subject: [PATCH 57/70] Add the ability to override the libsodium install dirs --- build.zig | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/build.zig b/build.zig index 5f27ab0..da609af 100644 --- a/build.zig +++ b/build.zig @@ -46,12 +46,21 @@ pub fn build(b: *std.Build) !void { minisign.root_module.addCMacro("LIBZODIUM", "1"); minisign.linkLibrary(libzodium); } else { + var override_pkgconfig = false; + if (std.posix.getenv("LIBSODIUM_INCLUDE_PATH")) |path| { + minisign.addSystemIncludePath(.{ .cwd_relative = path }); + override_pkgconfig = true; + } + if (std.posix.getenv("LIBSODIUM_LIB_PATH")) |path| { + minisign.addLibraryPath(.{ .cwd_relative = path }); + override_pkgconfig = true; + } minisign.addLibraryPath(.{ .cwd_relative = "/opt/homebrew/lib" }); minisign.addLibraryPath(.{ .cwd_relative = "/usr/local/lib" }); minisign.root_module.linkSystemLibrary( "sodium", .{ - .use_pkg_config = .yes, + .use_pkg_config = if (override_pkgconfig) .no else .yes, .preferred_link_mode = if (use_static_linking) .static else .dynamic, }, ); From 29a07eade033981289ada3ac96d25b2318916dea Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 16 Jan 2025 13:36:56 +0100 Subject: [PATCH 58/70] Add compatibility with 32-bit targets (webassembly) --- src/libzodium/libzodium.zig | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/libzodium/libzodium.zig b/src/libzodium/libzodium.zig index 72f1912..919252d 100644 --- a/src/libzodium/libzodium.zig +++ b/src/libzodium/libzodium.zig @@ -34,8 +34,8 @@ export fn crypto_pwhash_scryptsalsa208sha256( ) callconv(.C) c_int { crypto.pwhash.scrypt.kdf( std.heap.c_allocator, - out[0..outlen], - passwd[0..passwdlen], + out[0..@intCast(outlen)], + passwd[0..@intCast(passwdlen)], salt[0..32], crypto.pwhash.scrypt.Params.fromLimits(opslimit, memlimit), ) catch return -1; @@ -59,7 +59,7 @@ export fn crypto_generichash_update( in: [*c]const u8, inlen: c_ulonglong, ) c_int { - state.*.update(in[0..inlen]); + state.*.update(in[0..@intCast(inlen)]); return 0; } @@ -92,7 +92,7 @@ export fn crypto_sign_detached( const kp = Ed25519.KeyPair.fromSecretKey(sk) catch return -1; var noise: [Ed25519.noise_length]u8 = undefined; crypto.random.bytes(&noise); - const s = kp.sign(m[0..mlen], noise) catch return -1; + const s = kp.sign(m[0..@intCast(mlen)], noise) catch return -1; sig_bytes[0..64].* = s.toBytes(); return 0; } @@ -105,7 +105,7 @@ export fn crypto_sign_verify_detached( ) callconv(.C) c_int { const pk = Ed25519.PublicKey.fromBytes(pk_bytes[0..32].*) catch return -1; const sig = Ed25519.Signature.fromBytes(sig_bytes[0..64].*); - sig.verify(m[0..mlen], pk) catch return 1; + sig.verify(m[0..@intCast(mlen)], pk) catch return 1; return 0; } From c684406e21c988864d24f3fcb515c08a13fcbcc4 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 18 Jan 2025 13:50:47 +0100 Subject: [PATCH 59/70] Don't include nonexistent library paths Introduced in 101e90a668ce68365d4a0b292c06525d6d8919c0 to make Minisign build with Zig 0.13. Fixes #153 --- build.zig | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/build.zig b/build.zig index da609af..8e376e3 100644 --- a/build.zig +++ b/build.zig @@ -55,8 +55,12 @@ pub fn build(b: *std.Build) !void { minisign.addLibraryPath(.{ .cwd_relative = path }); override_pkgconfig = true; } - minisign.addLibraryPath(.{ .cwd_relative = "/opt/homebrew/lib" }); - minisign.addLibraryPath(.{ .cwd_relative = "/usr/local/lib" }); + minisign.addSystemIncludePath(.{ .cwd_relative = "/opt/homebrew/include" }); + minisign.addSystemIncludePath(.{ .cwd_relative = "/usr/local/include" }); + for ([_][]const u8{ "/opt/homebrew/lib", "/usr/local/lib" }) |path| { + std.fs.accessAbsolute(path, .{}) catch continue; + minisign.addLibraryPath(.{ .cwd_relative = path }); + } minisign.root_module.linkSystemLibrary( "sodium", .{ @@ -66,8 +70,7 @@ pub fn build(b: *std.Build) !void { ); } minisign.addIncludePath(b.path("src")); - minisign.addSystemIncludePath(.{ .cwd_relative = "/opt/homebrew/include" }); - minisign.addSystemIncludePath(.{ .cwd_relative = "/usr/local/include" }); + minisign.root_module.addCMacro("_GNU_SOURCE", "1"); const source_files = &.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" }; minisign.addCSourceFiles(.{ .files = source_files }); From b5cf334b42bf338b89642b2f19ef82e6ba33398f Mon Sep 17 00:00:00 2001 From: Rui Chen Date: Wed, 29 Jan 2025 12:27:25 -0500 Subject: [PATCH 60/70] build: fix mach-o relocation (#155) Signed-off-by: Rui Chen --- build.zig | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/build.zig b/build.zig index 8e376e3..cc4c41a 100644 --- a/build.zig +++ b/build.zig @@ -14,6 +14,10 @@ pub fn build(b: *std.Build) !void { .optimize = optimize, .strip = true, }); + + // fix Mach-O relocation + minisign.headerpad_max_install_names = true; + minisign.linkLibC(); if (use_libzodium) { var libzodium = lib: { From 090cc4752c3d3d92d4ee95530f25fd5803038236 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 29 Jan 2025 18:27:40 +0100 Subject: [PATCH 61/70] Set headerpad_max_install_names only when linking libsodium --- build.zig | 1 + 1 file changed, 1 insertion(+) diff --git a/build.zig b/build.zig index cc4c41a..b8898bc 100644 --- a/build.zig +++ b/build.zig @@ -65,6 +65,7 @@ pub fn build(b: *std.Build) !void { std.fs.accessAbsolute(path, .{}) catch continue; minisign.addLibraryPath(.{ .cwd_relative = path }); } + minisign.headerpad_max_install_names = true; // required to compile using Homebrew, see https://github.com/jedisct1/minisign/pull/155 minisign.root_module.linkSystemLibrary( "sodium", .{ From 41306e3e42400321944b4119c49c219f44ea07ff Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 29 Jan 2025 18:28:41 +0100 Subject: [PATCH 62/70] No need to set headerpad_max_install_names when linking statically --- build.zig | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/build.zig b/build.zig index b8898bc..ecefe62 100644 --- a/build.zig +++ b/build.zig @@ -65,7 +65,9 @@ pub fn build(b: *std.Build) !void { std.fs.accessAbsolute(path, .{}) catch continue; minisign.addLibraryPath(.{ .cwd_relative = path }); } - minisign.headerpad_max_install_names = true; // required to compile using Homebrew, see https://github.com/jedisct1/minisign/pull/155 + if (!use_static_linking) { + minisign.headerpad_max_install_names = true; // required to compile using Homebrew, see https://github.com/jedisct1/minisign/pull/155 + } minisign.root_module.linkSystemLibrary( "sodium", .{ From 4dd6fbf632012c04d296c84ed5cb9b59beb1a6bb Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 29 Jan 2025 23:02:34 +0100 Subject: [PATCH 63/70] Use a list for possible include paths to be consistent with libraries --- build.zig | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/build.zig b/build.zig index ecefe62..caa7bdf 100644 --- a/build.zig +++ b/build.zig @@ -59,8 +59,11 @@ pub fn build(b: *std.Build) !void { minisign.addLibraryPath(.{ .cwd_relative = path }); override_pkgconfig = true; } - minisign.addSystemIncludePath(.{ .cwd_relative = "/opt/homebrew/include" }); - minisign.addSystemIncludePath(.{ .cwd_relative = "/usr/local/include" }); + + for ([_][]const u8{ "/opt/homebrew/include", "/usr/local/include" }) |path| { + std.fs.accessAbsolute(path, .{}) catch continue; + minisign.addSystemIncludePath(.{ .cwd_relative = path }); + } for ([_][]const u8{ "/opt/homebrew/lib", "/usr/local/lib" }) |path| { std.fs.accessAbsolute(path, .{}) catch continue; minisign.addLibraryPath(.{ .cwd_relative = path }); From d5a2f02bc077f1b83597f0d441d1b98598ee7e2a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 29 Jan 2025 23:05:34 +0100 Subject: [PATCH 64/70] Look at possible include/lib paths for linuxbrew Fixes #156 --- build.zig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.zig b/build.zig index caa7bdf..080790a 100644 --- a/build.zig +++ b/build.zig @@ -60,11 +60,11 @@ pub fn build(b: *std.Build) !void { override_pkgconfig = true; } - for ([_][]const u8{ "/opt/homebrew/include", "/usr/local/include" }) |path| { + for ([_][]const u8{ "/opt/homebrew/include", "/home/linuxbrew/.linuxbrew/include", "/usr/local/include" }) |path| { std.fs.accessAbsolute(path, .{}) catch continue; minisign.addSystemIncludePath(.{ .cwd_relative = path }); } - for ([_][]const u8{ "/opt/homebrew/lib", "/usr/local/lib" }) |path| { + for ([_][]const u8{ "/opt/homebrew/lib", "/home/linuxbrew/.linuxbrew/lib", "/usr/local/lib" }) |path| { std.fs.accessAbsolute(path, .{}) catch continue; minisign.addLibraryPath(.{ .cwd_relative = path }); } From 74365c0f5178d6143ab2c2fe1e4ecb5cb7c1df6d Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 11 Mar 2025 18:31:14 +0100 Subject: [PATCH 65/70] Normalize Markdown files --- README.md | 76 ++++++++++++++++++++--------------------- src/manpage.md | 91 +++++++++++++++++++++++++------------------------- 2 files changed, 81 insertions(+), 86 deletions(-) diff --git a/README.md b/README.md index b63da9d..bfd82f4 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ ![CodeQL scan](https://github.com/jedisct1/minisign/workflows/CodeQL%20scan/badge.svg) -Minisign -======== +# Minisign Minisign is a dead simple tool to sign files and verify signatures. @@ -13,15 +12,14 @@ public key: RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3 -Compilation / installation --------------------------- +## Compilation / installation ## Building with Zig Dependencies: -* [libsodium](https://libsodium.org/) (*optional*) -* [zig](https://ziglang.org) +- [libsodium](https://libsodium.org/) (_optional_) +- [zig](https://ziglang.org) Compilation with libsodium, dynamically linked (libsodium will need to be installed on the system for the command to run): @@ -43,10 +41,10 @@ In all these examples, `ReleaseFast` can be replaced with `ReleaseSmall` to favo Dependencies: -* [libsodium](https://libsodium.org/) (*required*) -* cmake -* pkg-config -* gcc or clang +- [libsodium](https://libsodium.org/) (_required_) +- cmake +- pkg-config +- gcc or clang Compilation: @@ -98,39 +96,37 @@ OQTDtJeciX9LF9hEbs1J1fzZHRdRhV4OTqcq0jTW9PXnrSSZlk1fbkE/5w== -----END PUBLIC KEY----- ``` -Additional tools, libraries and implementations ------------------------------------------------ +## Additional tools, libraries and implementations -* [minizign](https://github.com/jedisct1/zig-minisign) is a compact -implementation in Zig, that can also use ssh-encoded keys. -* [minisign-misc](https://github.com/JayBrown/minisign-misc) is a very -nice set of workflows and scripts for macOS to verify and sign files -with minisign. -* [go-minisign](https://github.com/jedisct1/go-minisign) is a small module -in Go to verify Minisign signatures. -* [rust-minisign](https://github.com/jedisct1/rust-minisign) is a Minisign -library written in pure Rust, that can be embedded in other applications. -* [rsign2](https://github.com/jedisct1/rsign2) is a reimplementation of -the command-line tool in Rust. -* [minisign (go)](https://github.com/aead/minisign) is a rewrite of Minisign -in the Go language. It reimplements the CLI but can also be used as a library. -* [minisign-verify](https://github.com/jedisct1/rust-minisign-verify) is -a small Rust crate to verify Minisign signatures. -* [minisign-net](https://github.com/bitbeans/minisign-net) is a .NET library -to handle and create Minisign signatures. -* [minisign](https://github.com/chm-diederichs/minisign) a Javascript -implementation. -* WebAssembly implementations of [rsign2](https://wapm.io/package/jedisct1/rsign2) -and [minisign-cli](https://wapm.io/package/jedisct1/minisign) are available on -WAPM. -* [minisign-php](https://github.com/soatok/minisign-php) is a PHP implementation. -* [py-minisign](https://github.com/x13a/py-minisign) is a Python -implementation. -* [minisign](https://hexdocs.pm/minisign/Minisign.html) is an Elixir implementation +- [minizign](https://github.com/jedisct1/zig-minisign) is a compact + implementation in Zig, that can also use ssh-encoded keys. +- [minisign-misc](https://github.com/JayBrown/minisign-misc) is a very + nice set of workflows and scripts for macOS to verify and sign files + with minisign. +- [go-minisign](https://github.com/jedisct1/go-minisign) is a small module + in Go to verify Minisign signatures. +- [rust-minisign](https://github.com/jedisct1/rust-minisign) is a Minisign + library written in pure Rust, that can be embedded in other applications. +- [rsign2](https://github.com/jedisct1/rsign2) is a reimplementation of + the command-line tool in Rust. +- [minisign (go)](https://github.com/aead/minisign) is a rewrite of Minisign + in the Go language. It reimplements the CLI but can also be used as a library. +- [minisign-verify](https://github.com/jedisct1/rust-minisign-verify) is + a small Rust crate to verify Minisign signatures. +- [minisign-net](https://github.com/bitbeans/minisign-net) is a .NET library + to handle and create Minisign signatures. +- [minisign](https://github.com/chm-diederichs/minisign) a Javascript + implementation. +- WebAssembly implementations of [rsign2](https://wapm.io/package/jedisct1/rsign2) + and [minisign-cli](https://wapm.io/package/jedisct1/minisign) are available on + WAPM. +- [minisign-php](https://github.com/soatok/minisign-php) is a PHP implementation. +- [py-minisign](https://github.com/x13a/py-minisign) is a Python + implementation. +- [minisign](https://hexdocs.pm/minisign/Minisign.html) is an Elixir implementation (verification only) -Signature determinism ---------------------- +## Signature determinism This implementation uses deterministic signatures, unless libsodium was compiled with the `ED25519_NONDETERMINISTIC` macro defined. This diff --git a/src/manpage.md b/src/manpage.md index 800aacc..eb06f25 100644 --- a/src/manpage.md +++ b/src/manpage.md @@ -1,8 +1,8 @@ -minisign(1) -- A dead simple tool to sign files and verify signatures. -====================================================================== + +# minisign(1) -- A dead simple tool to sign files and verify signatures. ## SYNOPSIS @@ -26,47 +26,46 @@ It is portable, lightweight, and uses the highly secure [Ed25519](http://ed25519 These options control the actions of `minisign`. - * `-G`: - Generate a new key pair - * `-C`: - Change/remove the password of a secret key - * `-R`: - Recreate a public key file from a secret key file - * `-S`: - Sign files - * `-V`: - Verify that a signature is valid for a given file - * `-H`: - Requires the input to be prehashed - * `-l`: - Sign using the legacy format - * `-m `: - File to sign/verify - * `-o`: - Combined with -V, output the file content after verification - * `-p `: - Public key file (default: ./minisign.pub) - * `-P `: - Public key, as a base64 string - * `-s `: - Secret key file (default: ~/.minisign/minisign.key) - * `-W`: - Do not encrypt/decrypt the secret key with a password - * `-x `: - Signature file (default: <file>.minisig) - * `-c `: - Add a one-line untrusted comment - * `-t `: - Add a one-line trusted comment - * `-q`: - Quiet mode, suppress output - * `-Q`: - Pretty quiet mode, only print the trusted comment - * `-f`: - Force. Combined with -G, overwrite a previous key pair - * `-v`: - Display version number - +- `-G`: + Generate a new key pair +- `-C`: + Change/remove the password of a secret key +- `-R`: + Recreate a public key file from a secret key file +- `-S`: + Sign files +- `-V`: + Verify that a signature is valid for a given file +- `-H`: + Requires the input to be prehashed +- `-l`: + Sign using the legacy format +- `-m `: + File to sign/verify +- `-o`: + Combined with -V, output the file content after verification +- `-p `: + Public key file (default: ./minisign.pub) +- `-P `: + Public key, as a base64 string +- `-s `: + Secret key file (default: ~/.minisign/minisign.key) +- `-W`: + Do not encrypt/decrypt the secret key with a password +- `-x `: + Signature file (default: <file>.minisig) +- `-c `: + Add a one-line untrusted comment +- `-t `: + Add a one-line trusted comment +- `-q`: + Quiet mode, suppress output +- `-Q`: + Pretty quiet mode, only print the trusted comment +- `-f`: + Force. Combined with -G, overwrite a previous key pair +- `-v`: + Display version number ## EXAMPLES @@ -79,7 +78,7 @@ The public key is printed and put into the `minisign.pub` file. The secret key i Signing files $ `minisign` -Sm myfile.txt -$ `minisign` -Sm myfile.txt myfile2.txt *.c +$ `minisign` -Sm myfile.txt myfile2.txt \*.c Or to include a comment in the signature, that will be verified and displayed when verifying the file: @@ -89,7 +88,7 @@ The secret key is loaded from `${MINISIGN_CONFIG_DIR}/minisign.key`, `~/.minisig Verifying a file -$ `minisign` -Vm myfile.txt -P <pubkey> +$ `minisign` -Vm myfile.txt -P <pubkey> or @@ -99,7 +98,7 @@ This requires the signature `myfile.txt.minisig` to be present in the same direc The public key can either reside in a file (`./minisign.pub` by default) or be directly specified on the command line. -## Notes +## NOTES Signature files include an untrusted comment line that can be freely modified, even after signature creation. From e9631e8c67ac96cfa9500b6c01dfda9e5550442c Mon Sep 17 00:00:00 2001 From: Chad Dougherty Date: Tue, 11 Mar 2025 13:40:49 -0400 Subject: [PATCH 66/70] Add a note in the man page about signify compatibility (#159) based nearly verbatim on @jedisct1's explanation in the discussion of #59 --- share/man/man1/minisign.1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/share/man/man1/minisign.1 b/share/man/man1/minisign.1 index 989a731..ac35616 100644 --- a/share/man/man1/minisign.1 +++ b/share/man/man1/minisign.1 @@ -152,7 +152,7 @@ This requires the signature \fBmyfile\.txt\.minisig\fR to be present in the same .P The public key can either reside in a file (\fB\./minisign\.pub\fR by default) or be directly specified on the command line\. . -.SH "Notes" +.SH "NOTES" Signature files include an untrusted comment line that can be freely modified, even after signature creation\. . .P @@ -161,5 +161,8 @@ They also include a second comment line, that cannot be modified without the sec .P Trusted comments can be used to add instructions or application\-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks)\. . +.P +OpenBSD's signify(1) is conceptually similar to Minisign\. Minisign creates signatures that can be verified by signify, but signatures created by signify \fBcannot\fR be verified with minisign because minisign expects the trusted comment section to be present\. Trusted comments are important to describe what has been signed in addition to the fact that something has been signed\. +. .SH "AUTHOR" Frank Denis (github [at] pureftpd [dot] org) From 32038530b7bf17915cc449934799924850b41b94 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 11 Mar 2025 18:43:41 +0100 Subject: [PATCH 67/70] Add a note about signify compatibility Fixes #159 --- share/man/man1/minisign.1 | 10 +++++----- src/manpage.md | 8 +++++--- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/share/man/man1/minisign.1 b/share/man/man1/minisign.1 index ac35616..346581b 100644 --- a/share/man/man1/minisign.1 +++ b/share/man/man1/minisign.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "MINISIGN" "1" "August 2024" "" "" +.TH "MINISIGN" "1" "March 2025" "" "" . .SH "NAME" \fBminisign\fR \- A dead simple tool to sign files and verify signatures\. @@ -153,16 +153,16 @@ This requires the signature \fBmyfile\.txt\.minisig\fR to be present in the same The public key can either reside in a file (\fB\./minisign\.pub\fR by default) or be directly specified on the command line\. . .SH "NOTES" -Signature files include an untrusted comment line that can be freely modified, even after signature creation\. +Signature files include an untrusted comment line that can be freely modified even after the signature is created\. . .P -They also include a second comment line, that cannot be modified without the secret key\. +They also include a second comment line that cannot be modified without the secret key\. . .P -Trusted comments can be used to add instructions or application\-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks)\. +Trusted comments can be used to add instructions or application\-specific metadata such as the intended file name, timestamps, resource identifiers, or version numbers to prevent downgrade attacks\. . .P -OpenBSD's signify(1) is conceptually similar to Minisign\. Minisign creates signatures that can be verified by signify, but signatures created by signify \fBcannot\fR be verified with minisign because minisign expects the trusted comment section to be present\. Trusted comments are important to describe what has been signed in addition to the fact that something has been signed\. +OpenBSD\'s \fBsignify(1)\fR is conceptually similar to Minisign\. Minisign creates signatures that can be verified by \fBsignify\fR; however, signatures created by \fBsignify\fR cannot be verified with Minisign because Minisign expects a trusted comment section to be present\. Trusted comments are crucial for describing what has been signed, in addition to merely confirming that a signature exists\. . .SH "AUTHOR" Frank Denis (github [at] pureftpd [dot] org) diff --git a/src/manpage.md b/src/manpage.md index eb06f25..c85e140 100644 --- a/src/manpage.md +++ b/src/manpage.md @@ -100,11 +100,13 @@ The public key can either reside in a file (`./minisign.pub` by default) or be d ## NOTES -Signature files include an untrusted comment line that can be freely modified, even after signature creation. +Signature files include an untrusted comment line that can be freely modified even after the signature is created. -They also include a second comment line, that cannot be modified without the secret key. +They also include a second comment line that cannot be modified without the secret key. -Trusted comments can be used to add instructions or application-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks). +Trusted comments can be used to add instructions or application-specific metadata such as the intended file name, timestamps, resource identifiers, or version numbers to prevent downgrade attacks. + +OpenBSD's `signify(1)` is conceptually similar to Minisign. Minisign creates signatures that can be verified by `signify`; however, signatures created by `signify` cannot be verified with Minisign because Minisign expects a trusted comment section to be present. Trusted comments are crucial for describing what has been signed, in addition to merely confirming that a signature exists. ## AUTHOR From 428c18e08a3fa704348e0c437747e4d4dd6612a9 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 11 Mar 2025 19:04:40 +0100 Subject: [PATCH 68/70] Zig 0.14 compat --- build.zig.zon | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build.zig.zon b/build.zig.zon index 6b8cd38..ec67418 100644 --- a/build.zig.zon +++ b/build.zig.zon @@ -1,6 +1,7 @@ .{ - .name = "minisign", + .name = .minisign, .version = "0.12.0", + .fingerprint = 0x280456c1fd373c55, .paths = .{ "LICEMSE", "README.md", From c7d965e43a1a97c2a78ca69a79ecc2c6500804c7 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 11 Mar 2025 19:04:58 +0100 Subject: [PATCH 69/70] Update .gitignore --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 16f0f34..a7bba71 100644 --- a/.gitignore +++ b/.gitignore @@ -23,5 +23,5 @@ CMakeFiles Makefile cmake_install.cmake minisign -zig-cache +.zig-cache zig-out From 108ea640ba92f1486841e747573017c282df7280 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 11 Mar 2025 19:06:46 +0100 Subject: [PATCH 70/70] Require Zig 0.14 --- build.zig | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/build.zig b/build.zig index 080790a..410a936 100644 --- a/build.zig +++ b/build.zig @@ -15,35 +15,26 @@ pub fn build(b: *std.Build) !void { .strip = true, }); + if (builtin.zig_version.major == 0 and builtin.zig_version.minor < 14) { + @compileError("Building requires Zig 0.14.0 or later"); + } + // fix Mach-O relocation minisign.headerpad_max_install_names = true; minisign.linkLibC(); if (use_libzodium) { var libzodium = lib: { - if (builtin.zig_version.major == 0 and builtin.zig_version.minor < 13) { - @compileError("Building requires Zig 0.13.0 or later"); - } - if (builtin.zig_version.major == 0 and builtin.zig_version.minor == 13) { - break :lib b.addStaticLibrary(.{ - .name = "zodium", - .strip = true, - .root_source_file = b.path("src/libzodium/libzodium.zig"), - .target = target, - .optimize = optimize, - }); - } else { - const libzodium_mod = b.createModule(.{ - .root_source_file = b.path("src/libzodium/libzodium.zig"), - .target = target, - .optimize = optimize, - }); - break :lib b.addStaticLibrary(.{ - .name = "zodium", - .root_module = libzodium_mod, - .strip = true, - }); - } + const libzodium_mod = b.createModule(.{ + .root_source_file = b.path("src/libzodium/libzodium.zig"), + .target = target, + .optimize = optimize, + }); + break :lib b.addStaticLibrary(.{ + .name = "zodium", + .root_module = libzodium_mod, + .strip = true, + }); }; libzodium.linkLibC(); b.installArtifact(libzodium);