From 123c444ffd7a2ad2af58b62caad3ec7ae451256e Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Wed, 13 Apr 2022 16:54:25 +0200 Subject: clean-up sigsum tool structure --- cmd/sigsum/bundle/bundle.go | 98 ++++++++++++++++++++++++++++ cmd/sigsum/cmd.go | 134 -------------------------------------- cmd/sigsum/format/format.go | 27 ++++++++ cmd/sigsum/main.go | 65 ++++++++---------- cmd/sigsum/namespace/namespace.go | 16 +++++ cmd/sigsum/signify_test.sh | 55 ++++++++++++++++ cmd/sigsum/ssh_test.sh | 53 +++++++++++++++ cmd/sigsum/test/keys/signify.pub | 2 - cmd/sigsum/test/keys/signify.sec | 2 - cmd/sigsum/test/keys/ssh | 7 -- cmd/sigsum/test/keys/ssh.pub | 1 - cmd/sigsum/test/signify.sh | 55 ---------------- cmd/sigsum/test/ssh.sh | 53 --------------- cmd/sigsum/testonly/signify.pub | 2 + cmd/sigsum/testonly/signify.sec | 2 + cmd/sigsum/testonly/ssh | 7 ++ cmd/sigsum/testonly/ssh.pub | 1 + cmd/sigsum/verify/verify.go | 11 ++++ 18 files changed, 299 insertions(+), 292 deletions(-) create mode 100644 cmd/sigsum/bundle/bundle.go delete mode 100644 cmd/sigsum/cmd.go create mode 100644 cmd/sigsum/format/format.go create mode 100644 cmd/sigsum/namespace/namespace.go create mode 100755 cmd/sigsum/signify_test.sh create mode 100755 cmd/sigsum/ssh_test.sh delete mode 100644 cmd/sigsum/test/keys/signify.pub delete mode 100644 cmd/sigsum/test/keys/signify.sec delete mode 100644 cmd/sigsum/test/keys/ssh delete mode 100644 cmd/sigsum/test/keys/ssh.pub delete mode 100755 cmd/sigsum/test/signify.sh delete mode 100755 cmd/sigsum/test/ssh.sh create mode 100644 cmd/sigsum/testonly/signify.pub create mode 100644 cmd/sigsum/testonly/signify.sec create mode 100644 cmd/sigsum/testonly/ssh create mode 100644 cmd/sigsum/testonly/ssh.pub create mode 100644 cmd/sigsum/verify/verify.go diff --git a/cmd/sigsum/bundle/bundle.go b/cmd/sigsum/bundle/bundle.go new file mode 100644 index 0000000..d0ce207 --- /dev/null +++ b/cmd/sigsum/bundle/bundle.go @@ -0,0 +1,98 @@ +package bundle + +import ( + "bytes" + "context" + "fmt" + "io/ioutil" + "time" + + "git.sigsum.org/sigsum-go/pkg/requests" + "git.sigsum.org/sigsum-go/pkg/types" + "git.sigsum.org/sigsum-tools-go/internal/util" + "git.sigsum.org/sigsum-tools-go/pkg/client" + "git.sigsum.org/sigsum-tools-go/pkg/policy" + "git.sigsum.org/sigsum-tools-go/pkg/signatures" + "git.sigsum.org/sigsum-tools-go/pkg/signatures/minisign" + "git.sigsum.org/sigsum-tools-go/pkg/signatures/signify" + "git.sigsum.org/sigsum-tools-go/pkg/signatures/ssh" +) + +func Main(args []string, policy policy.Policy, optType, optKey, optDomainHint string) error { + if len(args) == 0 { + return fmt.Errorf("bundle: need at least one input file") + } + b, err := ioutil.ReadFile(optKey) + if err != nil { + return fmt.Errorf("bundle: read key %q: %v", optKey, err) + } + parser, err := signatureParser(optType) + if err != nil { + return fmt.Errorf("bundle: %v", err) + } + pub, err := parser.PublicKey(bytes.NewBuffer(b)) + if err != nil { + return fmt.Errorf("bundle: %v", err) + } + // TODO: check that domain hint is valid for public key + + var reqs []requests.Leaf + for _, path := range args { + preimage, err := util.FileHash(path) + if err != nil { + return fmt.Errorf("bundle: %v", err) + } + + sigPath := path + parser.SignatureSuffix() + b, err := ioutil.ReadFile(sigPath) + if err != nil { + return fmt.Errorf("bundle: failed reading file %q: %v", sigPath, err) + } + sig, err := parser.Signature(bytes.NewBuffer(b)) + if err != nil { + return fmt.Errorf("bundle: %v", err) + } + + req := requests.Leaf{ + ShardHint: policy.ShardHint(), + Preimage: *preimage, + Signature: *sig, + VerificationKey: *pub, + DomainHint: optDomainHint, + } + + sd := types.Statement{ + ShardHint: req.ShardHint, + Checksum: *types.HashFn(req.Preimage[:]), + } + if !sd.Verify(&req.VerificationKey, &req.Signature) { + return fmt.Errorf("bundle: invalid signature for file %q", path) + } + reqs = append(reqs, req) + } + + sc := client.NewSubmitClient(policy) + ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute) + defer cancel() + bundles, err := sc.AddLeaves(ctx, reqs) + if err != nil { + return fmt.Errorf("bundle: %v", err) + } + + // TODO: verify bundles + // TODO: write to files + fmt.Printf("got %d bundles\n", len(bundles)) + return nil +} + +func signatureParser(optType string) (signatures.Parser, error) { + switch optType { + case "signify": + return &signify.Parser{}, nil + case "minisign": + return &minisign.Parser{}, nil + case "ssh": + return &ssh.Parser{}, nil + } + return nil, fmt.Errorf("invalid key type %q", optType) +} diff --git a/cmd/sigsum/cmd.go b/cmd/sigsum/cmd.go deleted file mode 100644 index 7b9450a..0000000 --- a/cmd/sigsum/cmd.go +++ /dev/null @@ -1,134 +0,0 @@ -package main - -import ( - "bytes" - "context" - "fmt" - "io/ioutil" - "time" - - "git.sigsum.org/sigsum-go/pkg/requests" - "git.sigsum.org/sigsum-go/pkg/types" - "git.sigsum.org/sigsum-tools-go/pkg/client" - "git.sigsum.org/sigsum-tools-go/pkg/policy" - "git.sigsum.org/sigsum-tools-go/pkg/signatures" - "git.sigsum.org/sigsum-tools-go/pkg/signatures/minisign" - "git.sigsum.org/sigsum-tools-go/pkg/signatures/signify" - "git.sigsum.org/sigsum-tools-go/pkg/signatures/ssh" -) - -func cmdVerify(args []string, policy policy.Policy, optVerifyType, optVerifyKey string) error { - return fmt.Errorf("TODO") -} - -func cmdBundle(args []string, policy policy.Policy, optBundleType, optBundleKey, optBundleDomainHint string) error { - if len(args) == 0 { - return fmt.Errorf("bundle: need at least one file") - } - - var parser signatures.Parser - switch optBundleType { - case "signify": - parser = &signify.Parser{} - case "minisign": - parser = &minisign.Parser{} - case "ssh": - parser = &ssh.Parser{} - default: - return fmt.Errorf("bundle: invalid key type %q", optBundleType) - } - - b, err := ioutil.ReadFile(optBundleKey) - if err != nil { - return fmt.Errorf("bundle: failed reading file %q: %v", optBundleKey, err) - } - pub, err := parser.PublicKey(bytes.NewBuffer(b)) - if err != nil { - return fmt.Errorf("bundle: %v", err) - } - // TODO: check that domain hint is valid for public key - - var reqs []requests.Leaf - for _, path := range args { - preimage, err := fileHash(path) - if err != nil { - return fmt.Errorf("bundle: %v", err) - } - - sigPath := path + parser.SignatureSuffix() - b, err := ioutil.ReadFile(sigPath) - if err != nil { - return fmt.Errorf("bundle: failed reading file %q: %v", sigPath, err) - } - sig, err := parser.Signature(bytes.NewBuffer(b)) - if err != nil { - return fmt.Errorf("bundle: %v", err) - } - - req := requests.Leaf{ - ShardHint: policy.ShardHint(), - Preimage: *preimage, - Signature: *sig, - VerificationKey: *pub, - DomainHint: optBundleDomainHint, - } - - sd := types.Statement{ - ShardHint: req.ShardHint, - Checksum: *types.HashFn(req.Preimage[:]), - } - if !sd.Verify(&req.VerificationKey, &req.Signature) { - return fmt.Errorf("bundle: invalid signature for file %q", path) - } - reqs = append(reqs, req) - } - - sc := client.NewSubmitClient(policy) - ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute) - defer cancel() - bundles, err := sc.AddLeaves(ctx, reqs) - if err != nil { - return fmt.Errorf("bundle: %v", err) - } - - // TODO: verify bundles - // TODO: write to files - fmt.Printf("got %d bundles\n", len(bundles)) - return nil -} - -func cmdFormat(args []string, policy policy.Policy) error { - if len(args) != 1 { - return fmt.Errorf("format: need exactly one file") - } - - preimage, err := fileHash(args[0]) - if err != nil { - return fmt.Errorf("format: %v", err) - } - sd := types.Statement{ - ShardHint: policy.ShardHint(), - Checksum: *types.HashFn(preimage[:]), - } - - fmt.Printf("%s", sd.ToBinary()) - return nil -} - -func cmdNamespace(args []string, policy policy.Policy) error { - if len(args) != 0 { - return fmt.Errorf("namespace: got trailing arguments") - } - - fmt.Printf("tree_leaf:v0:%d@sigsum.org", policy.ShardHint()) - return nil -} - -// TODO: don't read full file into memory at once -func fileHash(path string) (*types.Hash, error) { - b, err := ioutil.ReadFile(path) - if err != nil { - return nil, fmt.Errorf("failed reading file %q", path) - } - return types.HashFn(b), nil -} diff --git a/cmd/sigsum/format/format.go b/cmd/sigsum/format/format.go new file mode 100644 index 0000000..eff7b3e --- /dev/null +++ b/cmd/sigsum/format/format.go @@ -0,0 +1,27 @@ +package format + +import ( + "fmt" + + "git.sigsum.org/sigsum-go/pkg/types" + "git.sigsum.org/sigsum-tools-go/internal/util" + "git.sigsum.org/sigsum-tools-go/pkg/policy" +) + +func Main(args []string, policy policy.Policy) error { + if len(args) != 1 { + return fmt.Errorf("format: must have one input file") + } + + preimage, err := util.FileHash(args[0]) + if err != nil { + return fmt.Errorf("format: preparing checksum: %v", err) + } + stm := types.Statement{ + ShardHint: policy.ShardHint(), + Checksum: *types.HashFn(preimage[:]), + } + + fmt.Printf("%s", stm.ToBinary()) + return nil +} diff --git a/cmd/sigsum/main.go b/cmd/sigsum/main.go index 146dadb..5c39f51 100644 --- a/cmd/sigsum/main.go +++ b/cmd/sigsum/main.go @@ -1,12 +1,13 @@ -// package main provides a tool named `sigsum`. +// package main provides a tool named sigsum. // // Build as follows: // // $ go build -ldflags="-X 'main.someVersion=git commit $(git rev-list -1 HEAD)'" +// $ mv sigsum $GOPATH/bin/ // -// Install as follows: +// Usage: // -// $ go install -ldflags="-X 'main.someVersion=git commit $(git rev-list -1 HEAD)'" +// $ sigsum help // package main @@ -16,6 +17,12 @@ import ( "log" "os" + "git.sigsum.org/sigsum-tools-go/cmd/sigsum/bundle" + "git.sigsum.org/sigsum-tools-go/cmd/sigsum/format" + "git.sigsum.org/sigsum-tools-go/cmd/sigsum/namespace" + "git.sigsum.org/sigsum-tools-go/cmd/sigsum/verify" + + "git.sigsum.org/sigsum-tools-go/internal/options" "git.sigsum.org/sigsum-tools-go/pkg/policy" ) @@ -48,10 +55,11 @@ Signatures must be located at $FILE.{sig,minisig}, depending on -t TYPE. ` var ( - optBundleType, optBundleKey, optBundleDomainHint string - optVerifyType, optVerifyKey string + optType string + optDomainHint string + optPublicKey string - someVersion = "unknown" + someVersion = "devel" ) func main() { @@ -59,17 +67,17 @@ func main() { var err error var defaultPolicy policy.DefaultPolicy - switch cmd := parseCommand(); cmd.Name() { + switch cmd := options.Parse(printUsage, setOptions); cmd.Name() { case "help": cmd.Usage() case "verify": - err = cmdVerify(cmd.Args(), &defaultPolicy, optVerifyType, optVerifyKey) + err = verify.Main(cmd.Args(), &defaultPolicy, optType, optPublicKey) case "bundle": - err = cmdBundle(cmd.Args(), &defaultPolicy, optBundleType, optBundleKey, optBundleDomainHint) + err = bundle.Main(cmd.Args(), &defaultPolicy, optType, optPublicKey, optDomainHint) case "format": - err = cmdFormat(cmd.Args(), &defaultPolicy) + err = format.Main(cmd.Args(), &defaultPolicy) case "namespace": - err = cmdNamespace(cmd.Args(), &defaultPolicy) + err = namespace.Main(cmd.Args(), &defaultPolicy) default: err = fmt.Errorf("invalid command %q, try %q", cmd.Name(), "sigsum help") } @@ -80,37 +88,18 @@ func main() { } } -func parseCommand() (fs *flag.FlagSet) { - args := os.Args - if len(args) < 2 { - args = append(args, "") - } - defer func() { - registerOptions(fs) - fs.Usage = func() { - log.Printf(usage, someVersion) - } - fs.Parse(args) - }() - - fs = flag.NewFlagSet(args[1], flag.ExitOnError) - args = args[2:] - return +func printUsage() { + log.Printf(usage, someVersion) } -func registerOptions(fs *flag.FlagSet) { +func setOptions(fs *flag.FlagSet) { switch cmd := fs.Name(); cmd { case "verify": - registerStringOption(fs, &optVerifyType, "t", "type", "") - registerStringOption(fs, &optVerifyKey, "k", "key", "") + options.AddString(fs, &optType, "t", "type", "") + options.AddString(fs, &optPublicKey, "k", "key", "") case "bundle": - registerStringOption(fs, &optBundleType, "t", "type", "") - registerStringOption(fs, &optBundleKey, "k", "key", "") - registerStringOption(fs, &optBundleDomainHint, "d", "domain-hint", "") + options.AddString(fs, &optType, "t", "type", "") + options.AddString(fs, &optPublicKey, "k", "key", "") + options.AddString(fs, &optDomainHint, "d", "domain-hint", "") } } - -func registerStringOption(fs *flag.FlagSet, opt *string, short, long, value string) { - fs.StringVar(opt, short, value, "") - fs.StringVar(opt, long, value, "") -} diff --git a/cmd/sigsum/namespace/namespace.go b/cmd/sigsum/namespace/namespace.go new file mode 100644 index 0000000..3fbaf14 --- /dev/null +++ b/cmd/sigsum/namespace/namespace.go @@ -0,0 +1,16 @@ +package namespace + +import ( + "fmt" + + "git.sigsum.org/sigsum-tools-go/pkg/policy" +) + +func Main(args []string, policy policy.Policy) error { + if len(args) != 0 { + return fmt.Errorf("namespace: trailing arguments") + } + + fmt.Printf("tree_leaf:v0:%d@sigsum.org", policy.ShardHint()) + return nil +} diff --git a/cmd/sigsum/signify_test.sh b/cmd/sigsum/signify_test.sh new file mode 100755 index 0000000..7ff26ec --- /dev/null +++ b/cmd/sigsum/signify_test.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +set -e +trap cleanup EXIT + +pass=1234 +priv=testonly/signify.sec +pub=testonly/signify.pub +domain_hint=_sigsum_v0.test-only.rgdd.se +msg=msg-$(date +%s) +num_msg=3 + +function cleanup() { + set +e + + rm -f sigsum + for i in $(seq 1 $num_msg); do + rm -f $msg-$i{,.trunnel,.sig} + done + + exit +} + +go build . + +files="" +for i in $(seq 1 $num_msg); do + echo $msg-$i > $msg-$i + if ! ./sigsum format $msg-$i > $msg-$i.trunnel; then + echo "[FAIL] format for $num_msg signify message(s)" >&2 + exit 1 + fi + if ! echo $pass | signify-openbsd -Ss $priv -m $msg-$i.trunnel -x $msg-$i.sig; then + echo "[FAIL] sign for $num_msg signify message(s)" >&2 + exit 1 + fi + files=$(echo -n $files $msg-$i) +done + +echo "[PASS] format for $num_msg signify message(s)" >&2 +echo "[PASS] sign for $num_msg signify message(s)" >&2 + +if ! ./sigsum bundle -t signify -k $pub -d $domain_hint $files; then + echo "[FAIL] bundle for $num_msg signify message(s)" >&2 + exit 1 +fi + +echo "[PASS] bundle for $num_msg signify message(s)" >&2 + +if ! ./sigsum verify -t signify -k $pub $files; then + echo "[FAIL] verify for $num_msg signify message(s)" >&2 + exit 1 +fi + +echo "[PASS] verify for $num_msg signify message(s)" >&2 diff --git a/cmd/sigsum/ssh_test.sh b/cmd/sigsum/ssh_test.sh new file mode 100755 index 0000000..224d20c --- /dev/null +++ b/cmd/sigsum/ssh_test.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +set -eu +trap cleanup EXIT + +priv=testonly/ssh +pub=testonly/ssh.pub +domain_hint=_sigsum_v0.ssh.test.sigsum.org +msg=msg-$(date +%s) +num_msg=3 + +function cleanup() { + set +e + + rm -f sigsum + for i in $(seq 1 $num_msg); do + rm -f $msg-$i{,.trunnel,.sig} + done + + exit +} + +go build . + +files="" +for i in $(seq 1 $num_msg); do + echo $msg-$i > $msg-$i + if ! openssl dgst -binary $msg-$i | ssh-keygen \ + -Y sign \ + -O hashalg=sha256 \ + -f $priv \ + -n $(./sigsum namespace) > $msg-$i.sig ; then + echo "[FAIL] sign for $num_msg ssh message(s)" >&2 + exit 1 + fi + files=$(echo -n $files $msg-$i) +done + +echo "[PASS] sign for $num_msg ssh message(s)" >&2 + +if ! ./sigsum bundle -t ssh -k $pub -d $domain_hint $files; then + echo "[FAIL] bundle for $num_msg ssh message(s)" >&2 + exit 1 +fi + +echo "[PASS] bundle for $num_msg ssh message(s)" >&2 + +if ! ./sigsum verify -t ssh -k $pub $files; then + echo "[FAIL] verify for $num_msg ssh message(s)" >&2 + exit 1 +fi + +echo "[PASS] verify for $num_msg ssh message(s)" >&2 diff --git a/cmd/sigsum/test/keys/signify.pub b/cmd/sigsum/test/keys/signify.pub deleted file mode 100644 index 742a66a..0000000 --- a/cmd/sigsum/test/keys/signify.pub +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: signify public key -RWQhuW/GnP7W13NSC8qzkpnB1BJXk96/GhaWe6f/OpBvMRHFdwuUIYGb diff --git a/cmd/sigsum/test/keys/signify.sec b/cmd/sigsum/test/keys/signify.sec deleted file mode 100644 index 57cdf84..0000000 --- a/cmd/sigsum/test/keys/signify.sec +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: signify secret key -RWRCSwAAACrUdp2uXyio8Rdwv0W6PLGiUQei6JeOZAYhuW/GnP7W1655JdycJo4tbOh/ba1OxA7QyVSdNFBs5SyF4eM5yIE98xhTAtizBDxki1Y3sqcFvWFH8ZlKzRjY8rUrTYaaCQE= diff --git a/cmd/sigsum/test/keys/ssh b/cmd/sigsum/test/keys/ssh deleted file mode 100644 index 2bbd974..0000000 --- a/cmd/sigsum/test/keys/ssh +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW -QyNTUxOQAAACC/0wdPezO/W1upVq2RduQ/ieEHn0r6LgwkXEINfJ52fQAAAJCRqZKpkamS -qQAAAAtzc2gtZWQyNTUxOQAAACC/0wdPezO/W1upVq2RduQ/ieEHn0r6LgwkXEINfJ52fQ -AAAEClIbTUqSPBTrfD9MCpwTF1Fwit4NXU2ci3R57uq4Aic7/TB097M79bW6lWrZF25D+J -4QefSvouDCRcQg18nnZ9AAAACmxpbnVzQGJlc2sBAgM= ------END OPENSSH PRIVATE KEY----- diff --git a/cmd/sigsum/test/keys/ssh.pub b/cmd/sigsum/test/keys/ssh.pub deleted file mode 100644 index 14588ac..0000000 --- a/cmd/sigsum/test/keys/ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/TB097M79bW6lWrZF25D+J4QefSvouDCRcQg18nnZ9 linus@besk diff --git a/cmd/sigsum/test/signify.sh b/cmd/sigsum/test/signify.sh deleted file mode 100755 index 8e86e8d..0000000 --- a/cmd/sigsum/test/signify.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash - -set -e -trap cleanup EXIT - -pass=1234 -priv=keys/signify.sec -pub=keys/signify.pub -domain_hint=_sigsum_v0.test-only.rgdd.se -msg=msg-$(date +%s) -num_msg=3 - -function cleanup() { - set +e - - rm -f sigsum - for i in $(seq 1 $num_msg); do - rm -f $msg-$i{,.trunnel,.sig} - done - - exit -} - -go build ../ - -files="" -for i in $(seq 1 $num_msg); do - echo $msg-$i > $msg-$i - if ! ./sigsum format $msg-$i > $msg-$i.trunnel; then - echo "[FAIL] format for $num_msg signify message(s)" >&2 - exit 1 - fi - if ! echo $pass | signify-openbsd -Ss $priv -m $msg-$i.trunnel -x $msg-$i.sig; then - echo "[FAIL] sign for $num_msg signify message(s)" >&2 - exit 1 - fi - files=$(echo -n $files $msg-$i) -done - -echo "[PASS] format for $num_msg signify message(s)" >&2 -echo "[PASS] sign for $num_msg signify message(s)" >&2 - -if ! ./sigsum bundle -t signify -k $pub -d $domain_hint $files; then - echo "[FAIL] bundle for $num_msg signify message(s)" >&2 - exit 1 -fi - -echo "[PASS] bundle for $num_msg signify message(s)" >&2 - -if ! ./sigsum verify -t signify -k $pub $files; then - echo "[FAIL] verify for $num_msg signify message(s)" >&2 - exit 1 -fi - -echo "[PASS] verify for $num_msg signify message(s)" >&2 diff --git a/cmd/sigsum/test/ssh.sh b/cmd/sigsum/test/ssh.sh deleted file mode 100755 index 56cae70..0000000 --- a/cmd/sigsum/test/ssh.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash - -set -eu -trap cleanup EXIT - -priv=keys/ssh -pub=keys/ssh.pub -domain_hint=_sigsum_v0.ssh.test.sigsum.org -msg=msg-$(date +%s) -num_msg=3 - -function cleanup() { - set +e - - rm -f sigsum - for i in $(seq 1 $num_msg); do - rm -f $msg-$i{,.trunnel,.sig} - done - - exit -} - -go build ../ - -files="" -for i in $(seq 1 $num_msg); do - echo $msg-$i > $msg-$i - if ! openssl dgst -binary $msg-$i | ssh-keygen \ - -Y sign \ - -O hashalg=sha256 \ - -f $priv \ - -n $(./sigsum namespace) > $msg-$i.sig ; then - echo "[FAIL] sign for $num_msg ssh message(s)" >&2 - exit 1 - fi - files=$(echo -n $files $msg-$i) -done - -echo "[PASS] sign for $num_msg ssh message(s)" >&2 - -if ! ./sigsum bundle -t ssh -k $pub -d $domain_hint $files; then - echo "[FAIL] bundle for $num_msg ssh message(s)" >&2 - exit 1 -fi - -echo "[PASS] bundle for $num_msg ssh message(s)" >&2 - -if ! ./sigsum verify -t ssh -k $pub $files; then - echo "[FAIL] verify for $num_msg ssh message(s)" >&2 - exit 1 -fi - -echo "[PASS] verify for $num_msg ssh message(s)" >&2 diff --git a/cmd/sigsum/testonly/signify.pub b/cmd/sigsum/testonly/signify.pub new file mode 100644 index 0000000..742a66a --- /dev/null +++ b/cmd/sigsum/testonly/signify.pub @@ -0,0 +1,2 @@ +untrusted comment: signify public key +RWQhuW/GnP7W13NSC8qzkpnB1BJXk96/GhaWe6f/OpBvMRHFdwuUIYGb diff --git a/cmd/sigsum/testonly/signify.sec b/cmd/sigsum/testonly/signify.sec new file mode 100644 index 0000000..57cdf84 --- /dev/null +++ b/cmd/sigsum/testonly/signify.sec @@ -0,0 +1,2 @@ +untrusted comment: signify secret key +RWRCSwAAACrUdp2uXyio8Rdwv0W6PLGiUQei6JeOZAYhuW/GnP7W1655JdycJo4tbOh/ba1OxA7QyVSdNFBs5SyF4eM5yIE98xhTAtizBDxki1Y3sqcFvWFH8ZlKzRjY8rUrTYaaCQE= diff --git a/cmd/sigsum/testonly/ssh b/cmd/sigsum/testonly/ssh new file mode 100644 index 0000000..2bbd974 --- /dev/null +++ b/cmd/sigsum/testonly/ssh @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACC/0wdPezO/W1upVq2RduQ/ieEHn0r6LgwkXEINfJ52fQAAAJCRqZKpkamS +qQAAAAtzc2gtZWQyNTUxOQAAACC/0wdPezO/W1upVq2RduQ/ieEHn0r6LgwkXEINfJ52fQ +AAAEClIbTUqSPBTrfD9MCpwTF1Fwit4NXU2ci3R57uq4Aic7/TB097M79bW6lWrZF25D+J +4QefSvouDCRcQg18nnZ9AAAACmxpbnVzQGJlc2sBAgM= +-----END OPENSSH PRIVATE KEY----- diff --git a/cmd/sigsum/testonly/ssh.pub b/cmd/sigsum/testonly/ssh.pub new file mode 100644 index 0000000..14588ac --- /dev/null +++ b/cmd/sigsum/testonly/ssh.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/TB097M79bW6lWrZF25D+J4QefSvouDCRcQg18nnZ9 linus@besk diff --git a/cmd/sigsum/verify/verify.go b/cmd/sigsum/verify/verify.go new file mode 100644 index 0000000..619ddcd --- /dev/null +++ b/cmd/sigsum/verify/verify.go @@ -0,0 +1,11 @@ +package verify + +import ( + "fmt" + + "git.sigsum.org/sigsum-tools-go/pkg/policy" +) + +func Main(_ []string, policy policy.Policy, optType, optKey string) error { + return fmt.Errorf("TODO") +} -- cgit v1.2.3