added support for authenticated hashes

src/encryption.c

@@ -360,9 +360,19 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
   return 1;
 }
 
-void pcpchecksum(char **files, int filenum) {
+void pcpchecksum(char **files, int filenum, char *key) {
   int i;
   byte *checksum = ucmalloc(crypto_generichash_BYTES_MAX);
+  byte *keyhash = NULL;
+  size_t hashlen = 0;
+
+  if(key != NULL) {
+    keyhash = ucmalloc(crypto_generichash_BYTES);
+    crypto_generichash(keyhash, crypto_generichash_BYTES,
+		       (byte *)key, strlen(key),
+		       NULL, crypto_generichash_BYTES);
+    hashlen = crypto_generichash_BYTES;
+  }
   
   for(i=0; i<filenum; i++) {
     FILE *in;
@@ -377,9 +387,9 @@ void pcpchecksum(char **files, int filenum) {
       }
     }
     Pcpstream *pin = ps_new_file(in);
-    if(pcp_checksum(ptx, pin, checksum) > 0) {
+    if(pcp_checksum(ptx, pin, checksum, keyhash, hashlen) > 0) {
       char *hex = _bin2hex(checksum, crypto_generichash_BYTES_MAX);
-      fprintf(stdout, "BLAKE2 (%s) = %s\n", files[i], hex);
+      fprintf(stdout, "BLAKE2b (%s) = %s\n", files[i], hex);
       free(hex);
     }
     else
@@ -387,4 +397,7 @@ void pcpchecksum(char **files, int filenum) {
   }
 
   free(checksum);
+
+  if(keyhash != NULL)
+    free(keyhash);
 }

src/encryption.h

@@ -40,6 +40,6 @@
 
 int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, int verify);
 int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *recipient, int signcrypt, int armor, int anon);
-void pcpchecksum(char **files, int filenum);
+void pcpchecksum(char **files, int filenum, char *key);
 
 #endif /*  _HAVE_ENCRYPTION_H */

src/pcp.c

@@ -114,7 +114,7 @@ int main (int argc, char **argv)  {
     { "decrypt",         no_argument,       NULL,           'd' },
     { "anonymous",       no_argument,       NULL,           'A' },
     { "add-myself",      no_argument,       NULL,           'M' },
-    { "checksum",        no_argument,       NULL,           'C' },
+    { "checksum",        optional_argument, NULL,           'C' },
 
     /*  encoding */
     { "z85-encode",      no_argument,       NULL,           'z' },
@@ -136,7 +136,7 @@ int main (int argc, char **argv)  {
     { NULL,              0,                 NULL,            0 }
   };
 
-  while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcmf:b1F:0KAMX:jC",
+  while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcmf:b1F:0KAMX:jC:",
 			    longopts, NULL)) != -1) {
   
     switch (opt)  {
@@ -233,6 +233,10 @@ int main (int argc, char **argv)  {
 	break;
       case 'C':
 	mode += PCP_MODE_CHECKSUM;
+	if(strlen(optarg) > 0 && strncmp(optarg, "--", 3) > 0) {
+	  xpass = smalloc(strlen(optarg)+1);
+	  strncpy(xpass, optarg, strlen(optarg)+1);
+	}
 	break;	
       case 'f':
 	sigfile = ucmalloc(strlen(optarg)+1);
@@ -612,16 +616,16 @@ int main (int argc, char **argv)  {
 	if(argc == 0) {
 	  char *list[1];
 	  list[0] = NULL;
-	  pcpchecksum(list, 1);
+	  pcpchecksum(list, 1, xpass);
 	}
 	else {
-	  pcpchecksum(argv, argc);
+	  pcpchecksum(argv, argc, xpass);
 	}
       }
       else {
 	char *list[1];
 	list[0] = infile;
-	pcpchecksum(list, 1);
+	pcpchecksum(list, 1, xpass);
       }
       break;
       

src/usage.h

@@ -51,7 +51,7 @@
 "-a --armor --textmode     same as -z\n" \
 "\n" \
 "Misc Options:\n" \
-"-C --checksum             calculate a Blake2 checksum of one or more files.\n" \
+"-C --checksum [<key>]     calculate a Blake2 checksum of one or more files.\n" \
 "\n" \
 "Arguments:\n" \
 "Extra arguments after options are treated as filenames or\n" \

src/usage.txt

@@ -49,7 +49,7 @@ Encoding Options:
 -a --armor --textmode     same as -z
 
 Misc Options:
--C --checksum             calculate a Blake2 checksum of one or more files.
+-C --checksum [<key>]     calculate a Blake2 checksum of one or more files.
 
 Arguments:
 Extra arguments after options are treated as filenames or