Home Explore Help
Register Sign In
Apq
/
syncthing
mirror of https://github.com/syncthing/syncthing.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

stsigtool should use the built in key by default

Jakob Borg 10 years ago
parent
d6e34761dc
commit
a27bc4ebea
2 changed files with 24 additions and 4 deletions
Split View Show Diff Stats
  1. 17 4
      cmd/stsigtool/main.go
  2. 7 0
      lib/signature/signature.go

+ 17 - 4
cmd/stsigtool/main.go
View File 

@@ -13,6 +13,7 @@ import (
 
 	"os"
 
 
 	"github.com/syncthing/syncthing/lib/signature"
 
+	"github.com/syncthing/syncthing/lib/upgrade"
 
 )
 
 
 func main() {
 
@@ -33,8 +34,11 @@ Where command is one of:
 
 	sign <privkeyfile> <datafile>
 
 		- sign a file
 
 
-	verify <pubkeyfile> <signaturefile> <datafile>
 
-		- verify a signature
 
+	verify <signaturefile> <datafile>
 
+		- verify a signature, using the built in public key
 
+
 
+	verify <signaturefile> <datafile> <pubkeyfile>
 
+		- verify a signature, using the specified public key file
 
 `)
 
 	}
 
 
@@ -44,7 +48,11 @@ Where command is one of:
 
 	case "sign":
 
 		sign(flag.Arg(1), flag.Arg(2))
 
 	case "verify":
 
-		verify(flag.Arg(1), flag.Arg(2), flag.Arg(3))
 
+		if flag.NArg() == 4 {
 
+			verifyWithFile(flag.Arg(1), flag.Arg(2), flag.Arg(3))
 
+		} else {
 
+			verifyWithKey(flag.Arg(1), flag.Arg(2), upgrade.SigningKey)
 
+		}
 
 	}
 
 }
 
 
@@ -78,12 +86,15 @@ func sign(keyname, dataname string) {
 
 	os.Stdout.Write(sig)
 
 }
 
 
-func verify(keyname, signame, dataname string) {
 
+func verifyWithFile(signame, dataname, keyname string) {
 
 	pubkey, err := ioutil.ReadFile(keyname)
 
 	if err != nil {
 
 		log.Fatal(err)
 
 	}
 
+	verifyWithKey(signame, dataname, pubkey)
 
+}
 
 
+func verifyWithKey(signame, dataname string, pubkey []byte) {
 
 	sig, err := ioutil.ReadFile(signame)
 
 	if err != nil {
 
 		log.Fatal(err)
 
@@ -99,4 +110,6 @@ func verify(keyname, signame, dataname string) {
 
 	if err != nil {
 
 		log.Fatal(err)
 
 	}
 
+
 
+	log.Println("correct signature")
 
 }

+ 7 - 0
lib/signature/signature.go
View File 

@@ -105,6 +105,10 @@ func Verify(pubKeyPEM []byte, signature []byte, data io.Reader) error {
 
 
 	// Parse the signature
 
 	block, _ := pem.Decode(signature)
 
+	if block == nil || block.Bytes == nil {
 
+		return errors.New("unsupported signature format")
 
+	}
 
+
 
 	r, s, err := unmarshalSignature(block.Bytes)
 
 	if err != nil {
 
 		return err
 
@@ -146,6 +150,9 @@ func loadPrivateKey(bs []byte) (*ecdsa.PrivateKey, error) {
 
 func loadPublicKey(bs []byte) (*ecdsa.PublicKey, error) {
 
 	// Decode and parse the public key PEM block
 
 	block, _ := pem.Decode(bs)
 
+	if block == nil || block.Bytes == nil {
 
+		return nil, errors.New("unsupported public key format")
 
+	}
 
 	intf, err := x509.ParsePKIXPublicKey(block.Bytes)
 
 	if err != nil {
 
 		return nil, err