commit 8bb38c433a084050325dc7f8648aa8d536a63bd9 parent f2534555f31e5f17e41e0d2f5d0a26092a2500fb Author: Michael Savage <mikejsavage@gmail.com> Date: Sun Apr 2 23:55:33 +0300 Release signing Diffstat:
.gitignore | | | 6 | ++++++ |
scripts/make_release.sh | | | 8 | +++++++- |
utils/genkeys/genkeys.cc | | | 70 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
utils/genkeys/sign.cc | | | 26 | ++++++++++++++++++++++++++ |
diff --git a/.gitignore b/.gitignore @@ -3,11 +3,17 @@ pp sound srv test_lockfree + launcher/launcher +utils/genkeys/genkeys +utils/genkeys/sign + logs models +secret_key.h + *.o *.a *.so diff --git a/scripts/make_release.sh b/scripts/make_release.sh @@ -3,9 +3,15 @@ version=$(basename $(pwd)) find . -type f | xargs chmod 644 mkdir release + +# create manifest for f in $(find * -type f); do sha=$(sha256sum -b "$f" | head -c 64) size=$(stat -c "%s" "$f") cp "$f" "release/$sha" - echo "$f $sha $size" >> "release/$version.txt" + echo "$f $sha $size" >> "release/manifest.txt" done + +# sign manifest +../utils/genkeys/sign "release/manifest.txt" | cat - "release/manifest.txt" > "release/$version.txt" +rm release/manifest.txt diff --git a/utils/genkeys/genkeys.cc b/utils/genkeys/genkeys.cc @@ -0,0 +1,70 @@ +#include <sys/random.h> + +#include <stdio.h> + +#include "intrinsics.h" +#include "log.h" +#include "libs/monocypher/monocypher.h" + +int main( int argc, char ** argv ) { + u8 secret_key[ 32 ]; + if( argc == 1 ) { + int ok = getentropy( secret_key, sizeof( secret_key ) ); + if( ok == -1 ) { + FATAL( "getentropy" ); + } + } + else if( argc == 2 ) { + size_t key_len; + u8 * key = file_get_contents( argv[ 1 ], &key_len ); + if( key_len != sizeof( secret_key ) ) { + FATAL( "secret key should be 32 bytes" ); + } + memcpy( secret_key, key, sizeof( secret_key ) ); + } + else { + fprintf( stderr, "usage: %s [path/to/secret_key]\n", argv[ 0 ] ); + return 1; + } + + u8 public_key[ 32 ]; + crypto_sign_public_key( public_key, secret_key ); + + printf( "const u8 public_key[] = {" ); + + for( size_t i = 0; i < sizeof( public_key ); i++ ) { + if( i % 8 == 0 ) { + ggprint( "\n\t" ); + } + else { + ggprint( " " ); + } + + ggprint( "0x{02x},", public_key[ i ] ); + } + + printf( "\n};\n" ); + + ggprint( "secret key: " ); + for( size_t i = 0; i < sizeof( secret_key ); i++ ) { + ggprint( "{02x}", secret_key[ i ] ); + } + ggprint( "\n" ); + + printf( "const u8 secret_key[] = {" ); + + for( size_t i = 0; i < sizeof( secret_key ); i++ ) { + if( i % 8 == 0 ) { + ggprint( "\n\t" ); + } + else { + ggprint( " " ); + } + + ggprint( "0x{02x},", secret_key[ i ] ); + } + + printf( "\n};\n" ); + + return 0; +} diff --git a/utils/genkeys/sign.cc b/utils/genkeys/sign.cc @@ -0,0 +1,26 @@ +#include <stdio.h> + +#include "intrinsics.h" +#include "utils/genkeys/secret_key.h" +#include "libs/monocypher/monocypher.h" + +int main( int argc, char ** argv ) { + if( argc != 2 ) { + fprintf( stderr, "usage: %s <path/to/manifest.txt>\n", argv[ 0 ] ); + return 1; + } + + size_t manifest_len; + const u8 * manifest = file_get_contents( argv[ 1 ], &manifest_len ); + + u8 signature[ 64 ]; + crypto_sign( signature, secret_key, NULL, manifest, manifest_len ); + + for( size_t i = 0; i < sizeof( signature ); i++ ) { + printf( "%02x", signature[ i ] ); + } + + printf( "\n" ); + + return 0; +}