tree checksum vpatch file split hunks

all signers: bvt diana_coman asciilifeform

antecedents: ffa_ch20_litmus.kv

press order:

ffa_ch1_genesis.kvasciilifeform bvt diana_coman
ffa_ch2_logicals.kvasciilifeform bvt diana_coman
ffa_ch3_shifts.kvasciilifeform bvt diana_coman
ffa_ch4_ffacalc.kvasciilifeform bvt diana_coman
ffa_ch5_egypt.kvasciilifeform bvt diana_coman
ffa_ch6_simplest_rsa.kvasciilifeform bvt diana_coman
ffa_ch7_turbo_egyptians.kvasciilifeform bvt diana_coman
ffa_ch8_randomism.kvasciilifeform bvt diana_coman
ffa_ch9_exodus.kvasciilifeform bvt diana_coman
ffa_ch10_karatsuba.kvasciilifeform bvt diana_coman
ffa_ch11_tuning_and_api.kvasciilifeform bvt diana_coman
ffa_ch12_karatsuba_redux.kvasciilifeform diana_coman
ffa_w_borrow_expr.kvasciilifeform diana_coman
ffa_ch13_measure_and_qshifts.kvasciilifeform diana_coman
ffa_ch14_barrett.kvasciilifeform diana_coman
ffa_ch15_gcd.kvasciilifeform diana_coman
ffa_ch16_miller_rabin.kvasciilifeform diana_coman
ffa_ch17_peh.kvasciilifeform diana_coman
ffa_ch18_subroutines.kvasciilifeform diana_coman
ffa_ch19_peh_tuning_and_demos.kvasciilifeform diana_coman
ffa_ch20_litmus.kvasciilifeform
ffa_ch20b_litmus_legacy_hashes.kvasciilifeform

patch:

- 1A6410AAF0AFEEEC5F62DFB6120AB51DF6467D5C370FEA8DD517F186D61AC0B07C0425D03F3A47E7C81450961F76B23EF51087255AF88CE3899B1B966240D643
+ F744632A28817FDBB938352B58B697341FCD593AFEC07B8C22B5E332145A212BC0F19784D8B876EBAD15446814191297B469733FA151750B4894129A23259278
ffa/MANIFEST.TXT
(19 . 3)(19 . 4)
  5  569234 ffa_ch18_subroutines           "Subroutines in Peh."
  6  578827 ffa_ch19_peh_tuning_and_demos  "Peh Tuning and Demo Tapes."
  7  611618 ffa_ch20_litmus                "A Peh-powered verifier for traditional GPG signatures."
  8  611775 ffa_ch20b_litmus_legacy_hashes "Support for certain ancient hash algos in Litmus."
- 846F886E12E3E1D467D315B666917F6177038986280F655F19CC5EA61873A6C7F9517718963C294AD00F77B7BA507C39AB8E2402588F8AAC7511A8960EEF3292
+ E53145647493DD0343293F522C93FE9668147DD05B5AD4C3AF763856126ED03BD6A53C51ED76CEB233678EB480E73175ADA59AF4A71A0D3DA4FBC32392F2C5BD
ffa/contrib/litmus/litmus.sh
(5 . 7)(5 . 9)
 13 #                                                                          #
 14 # Usage: ./litmus.sh publickey.peh signature.sig datafile                  #
 15 #                                                                          #
 16 # Currently, supports only RSA 'detached' signatures that use SHA512 hash. #
 17 # Currently, supports only RSA 'detached' sigs made with the following     #
 18 # hashes: SHA1 (warns: known-breakable!), SHA224, SHA256, SHA384, SHA512.  #
 19 #                                                                          #
 20 # See instructions re: converting traditional GPG public keys for use with #
 21 # this program.                                                            #
 22 #                                                                          #
(66 . 6)(68 . 12)
 24     exit $RET_EGGOG
 25 }
 26 
 27 # If Sig was made with an unsupported hash algo:
 28 eggog_unsupported_hash() {
 29     algo=$1
 30     echo "This sig uses an unsupported Digest Algo: $1 !" >&2
 31     exit $RET_EGGOG
 32 }
 33 
 34 # Failure from bad Peh :
 35 eggog_peh() {
(73 . 6)(81 . 11)
 37     exit $RET_EGGOG
 38 }
 39 
 40 # Warnings:
 41 achtung() {
 42     echo "WARNING: $1" >&2
 43 }
 44 
 45 
 46 # Number of Arguments required by this program:
 47 REQD_ARGS=3
(84 . 18)(97 . 11)
 49 fi
 50 
 51 
 52 # We only support SHA512. Parameters for it:
 53 HASHER="shasum -a 512 -b"
 54 
 55 # For 'PKCS' encoding, the ASN magic turd corresponding to SHA512:
 56 ASN="3051300D060960864801650304020305000440"
 57 ASN_LEN=$((${#ASN} / 2))
 58 MD_LEN=64 # 512 / 8 == 64 bytes
 59 
 60 
 61 # Minimal Peh Width (used for non-arithmetical ops, e.g. 'Owner')
 62 MIN_PEH_WIDTH=256
 63 
 64 # Peh RNG (NOT USED in verifications, but needed to silence warning)
 65 PEH_RNG_DEV="/dev/random"
 66 
 67 # The given public key file (a Peh tape, see docs)
 68 PUBFILE=$1
(148 . 7)(154 . 7)
 70     
 71     # Execute the tape:
 72     peh_res=$((cat $PUBFILE; echo $tape) | \
 73         peh $peh_width $peh_height $tape_len $peh_life);
 74         peh $peh_width $peh_height $tape_len $peh_life $PEH_RNG_DEV);
 75     peh_code=$?
 76 
 77     # # If Peh returned PEH_EGGOG:
(159 . 11)(165 . 11)
 79     fi
 80 }
 81 
 82 # Ask the public key about the Owner:
 83 # Ask the public key about Algo Type:
 84 run_peh_tape "@Algo!QY" $MIN_PEH_WIDTH 1
 85 pubkey_algo=$peh_res
 86 
 87 # Ask the public key about Algo Type:
 88 # Ask the public key about the Owner:
 89 run_peh_tape "@Owner!QY" $MIN_PEH_WIDTH 1
 90 pubkey_owner=$peh_res
 91 
(240 . 7)(246 . 6)
 93     then
 94         reason="$f_name must equal $f_mandate; instead is $f_value."
 95         echo "$SIGFILE is UNSUPPORTED : $reason" >&2
 96         echo "Only RSA and SHA512 hash are supported !" >&2
 97         exit $RET_EGGOG
 98     fi
 99 }
(307 . 11)(312 . 68)
101 sig_pk_algo=$r
102 sig_field_mandatory "Public Key Algo" $sig_pk_algo 01
103 
104 # Digest Algo (only SHA512 is supported)
105 # Digest Algo (only certain hash algos are supported)
106 get_sig_bytes 1
107 turd+=$r
108 hex_to_int
109 sig_digest_algo=$r
110 sig_field_mandatory "Digest Algo" $sig_digest_algo 0A
111 
112 # If hash algo is supported, get ASN turd and MD_LEN; and if not, eggog:
113 case $sig_digest_algo in
114     1)  ## MD5 -- NOT SUPPORTED ##
115         eggog_unsupported_hash "MD5"
116         ;;
117     
118     2)  ## SHA1 ##
119         achtung "This sig was made with SHA-1, which is cheaply breakable!"
120         achtung "Please contact the signer ($pubkey_owner) !"
121         HASHER="shasum -a 1 -b"
122         ASN="3021300906052b0e03021a05000414"
123         MD_LEN=20
124         ;;
125     
126     3)  ## RIPE-MD/160 -- NOT SUPPORTED ##
127         eggog_unsupported_hash "RIPE-MD/160"
128         ;;
129     
130     8)  ## SHA256 ##
131         achtung "This sig was made with SHA-256; GPG supports SHA-512."
132         achtung "Please contact the signer ($pubkey_owner) !"
133         HASHER="shasum -a 256 -b"
134         ASN="3031300d060960864801650304020105000420"
135         MD_LEN=32
136         ;;
137     
138     9)  ## SHA384 ##
139         achtung "This sig was made with SHA-384; GPG supports SHA-512."
140         achtung "Please contact the signer ($pubkey_owner) !"
141         HASHER="shasum -a 384 -b"
142         ASN="3041300d060960864801650304020205000430"
143         MD_LEN=48
144         ;;
145     
146     10) ## SHA512 ##
147         HASHER="shasum -a 512 -b"
148         ASN="3051300D060960864801650304020305000440"
149         MD_LEN=64 # 512 / 8 == 64 bytes
150         ;;
151     
152     11) ## SHA224 ##
153         achtung "This sig was made with SHA-224; GPG supports SHA-512."
154         achtung "Please contact the signer ($pubkey_owner) !"
155         HASHER="shasum -a 224 -b"
156         ASN="302D300d06096086480165030402040500041C"
157         MD_LEN=28
158         ;;
159     
160     *)  ## Unknown Digest Type ##
161         eggog_unsupported_hash "UNKNOWN (type $sig_digest_algo)"
162         ;;
163 esac
164 
165 # Calculate length (bytes) of the ASN turd for the digest used in the sig:
166 ASN_LEN=$((${#ASN} / 2))
167 
168 
169 # Hashed Section Length
170 get_sig_bytes 2