tree checksum vpatch file split hunks
all signers: bvt diana_coman asciilifeform
antecedents: ffa_ch20_litmus.kv
press order:
patch:
(19 . 3)(19 . 4)
5 569234 ffa_ch18_subroutines "Subroutines in Peh."
6 578827 ffa_ch19_peh_tuning_and_demos "Peh Tuning and Demo Tapes."
7 611618 ffa_ch20_litmus "A Peh-powered verifier for traditional GPG signatures."
8 611775 ffa_ch20b_litmus_legacy_hashes "Support for certain ancient hash algos in Litmus."
- 846F886E12E3E1D467D315B666917F6177038986280F655F19CC5EA61873A6C7F9517718963C294AD00F77B7BA507C39AB8E2402588F8AAC7511A8960EEF3292(5 . 7)(5 . 9)
13 # #
14 # Usage: ./litmus.sh publickey.peh signature.sig datafile #
15 # #
16 # Currently, supports only RSA 'detached' signatures that use SHA512 hash. #
17 # Currently, supports only RSA 'detached' sigs made with the following #
18 # hashes: SHA1 (warns: known-breakable!), SHA224, SHA256, SHA384, SHA512. #
19 # #
20 # See instructions re: converting traditional GPG public keys for use with #
21 # this program. #
22 # #
(66 . 6)(68 . 12)
24 exit $RET_EGGOG
25 }
26
27 # If Sig was made with an unsupported hash algo:
28 eggog_unsupported_hash() {
29 algo=$1
30 echo "This sig uses an unsupported Digest Algo: $1 !" >&2
31 exit $RET_EGGOG
32 }
33
34 # Failure from bad Peh :
35 eggog_peh() {
(73 . 6)(81 . 11)
37 exit $RET_EGGOG
38 }
39
40 # Warnings:
41 achtung() {
42 echo "WARNING: $1" >&2
43 }
44
45
46 # Number of Arguments required by this program:
47 REQD_ARGS=3
(84 . 18)(97 . 11)
49 fi
50
51
52 # We only support SHA512. Parameters for it:
53 HASHER="shasum -a 512 -b"
54
55 # For 'PKCS' encoding, the ASN magic turd corresponding to SHA512:
56 ASN="3051300D060960864801650304020305000440"
57 ASN_LEN=$((${#ASN} / 2))
58 MD_LEN=64 # 512 / 8 == 64 bytes
59
60
61 # Minimal Peh Width (used for non-arithmetical ops, e.g. 'Owner')
62 MIN_PEH_WIDTH=256
63
64 # Peh RNG (NOT USED in verifications, but needed to silence warning)
65 PEH_RNG_DEV="/dev/random"
66
67 # The given public key file (a Peh tape, see docs)
68 PUBFILE=$1
(148 . 7)(154 . 7)
70
71 # Execute the tape:
72 peh_res=$((cat $PUBFILE; echo $tape) | \
73 peh $peh_width $peh_height $tape_len $peh_life);
74 peh $peh_width $peh_height $tape_len $peh_life $PEH_RNG_DEV);
75 peh_code=$?
76
77 # # If Peh returned PEH_EGGOG:
(159 . 11)(165 . 11)
79 fi
80 }
81
82 # Ask the public key about the Owner:
83 # Ask the public key about Algo Type:
84 run_peh_tape "@Algo!QY" $MIN_PEH_WIDTH 1
85 pubkey_algo=$peh_res
86
87 # Ask the public key about Algo Type:
88 # Ask the public key about the Owner:
89 run_peh_tape "@Owner!QY" $MIN_PEH_WIDTH 1
90 pubkey_owner=$peh_res
91
(240 . 7)(246 . 6)
93 then
94 reason="$f_name must equal $f_mandate; instead is $f_value."
95 echo "$SIGFILE is UNSUPPORTED : $reason" >&2
96 echo "Only RSA and SHA512 hash are supported !" >&2
97 exit $RET_EGGOG
98 fi
99 }
(307 . 11)(312 . 68)
101 sig_pk_algo=$r
102 sig_field_mandatory "Public Key Algo" $sig_pk_algo 01
103
104 # Digest Algo (only SHA512 is supported)
105 # Digest Algo (only certain hash algos are supported)
106 get_sig_bytes 1
107 turd+=$r
108 hex_to_int
109 sig_digest_algo=$r
110 sig_field_mandatory "Digest Algo" $sig_digest_algo 0A
111
112 # If hash algo is supported, get ASN turd and MD_LEN; and if not, eggog:
113 case $sig_digest_algo in
114 1) ## MD5 -- NOT SUPPORTED ##
115 eggog_unsupported_hash "MD5"
116 ;;
117
118 2) ## SHA1 ##
119 achtung "This sig was made with SHA-1, which is cheaply breakable!"
120 achtung "Please contact the signer ($pubkey_owner) !"
121 HASHER="shasum -a 1 -b"
122 ASN="3021300906052b0e03021a05000414"
123 MD_LEN=20
124 ;;
125
126 3) ## RIPE-MD/160 -- NOT SUPPORTED ##
127 eggog_unsupported_hash "RIPE-MD/160"
128 ;;
129
130 8) ## SHA256 ##
131 achtung "This sig was made with SHA-256; GPG supports SHA-512."
132 achtung "Please contact the signer ($pubkey_owner) !"
133 HASHER="shasum -a 256 -b"
134 ASN="3031300d060960864801650304020105000420"
135 MD_LEN=32
136 ;;
137
138 9) ## SHA384 ##
139 achtung "This sig was made with SHA-384; GPG supports SHA-512."
140 achtung "Please contact the signer ($pubkey_owner) !"
141 HASHER="shasum -a 384 -b"
142 ASN="3041300d060960864801650304020205000430"
143 MD_LEN=48
144 ;;
145
146 10) ## SHA512 ##
147 HASHER="shasum -a 512 -b"
148 ASN="3051300D060960864801650304020305000440"
149 MD_LEN=64 # 512 / 8 == 64 bytes
150 ;;
151
152 11) ## SHA224 ##
153 achtung "This sig was made with SHA-224; GPG supports SHA-512."
154 achtung "Please contact the signer ($pubkey_owner) !"
155 HASHER="shasum -a 224 -b"
156 ASN="302D300d06096086480165030402040500041C"
157 MD_LEN=28
158 ;;
159
160 *) ## Unknown Digest Type ##
161 eggog_unsupported_hash "UNKNOWN (type $sig_digest_algo)"
162 ;;
163 esac
164
165 # Calculate length (bytes) of the ASN turd for the digest used in the sig:
166 ASN_LEN=$((${#ASN} / 2))
167
168
169 # Hashed Section Length
170 get_sig_bytes 2