Make signing optional for compilation

[stokito]

The usign is part of base but most users just need to verify a signature but not sign. So the key generation -G and signing -S options can be disabled for build.

On my router the usign takes 20483 bytes and that's half of uhttpd. On a amd64 laptop the usign size is 183736. Without signing the size is 172000 i.e. 11736 bytes saved.

Looks like it will makes sense to disable the signing by default. Will you accept a patch that makes it conditional? Here is patch to remove the signing to test size reduction:

Author: Sergey Ponomarev <stokito@gmail.com>
Date:   Wed Oct 4 23:23:19 2023 +0300

    Remove signing

diff --git a/main.c b/main.c
index ebfdfb0..14563eb 100644
--- a/main.c
+++ b/main.c
@@ -62,9 +62,7 @@ static bool quiet;
 static enum {
    CMD_NONE,
    CMD_VERIFY,
-   CMD_SIGN,
    CMD_FINGERPRINT,
-   CMD_GENERATE,
 } cmd = CMD_NONE;

 static uint64_t fingerprint_u64(const uint8_t *data)
@@ -139,22 +137,6 @@ get_base64_file(const char *file, void *dest, int size, void *buf, int buflen)
    return b64_decode(buf, dest, size) == size;
 }

-static void write_file(const char *name, const uint8_t *fingerprint,
-              const char *prefix, char *buf)
-{
-   FILE *f;
-
-   f = open_file(name, false);
-   fputs("untrusted comment: ", f);
-   if (comment)
-       fputs(comment, f);
-   else
-       fprintf(f, "%s %016"PRIx64, prefix,
-           fingerprint_u64(fingerprint));
-   fprintf(f, "\n%s\n", buf);
-   fclose(f);
-}
-
 static int verify(const char *msgfile)
 {
    struct pubkey pkey;
@@ -208,54 +190,6 @@ static int verify(const char *msgfile)
    return 0;
 }

-static int sign(const char *msgfile)
-{
-   struct seckey skey;
-   struct sig sig = {
-       .pkalg = "Ed",
-   };
-   struct stat st;
-   char buf[512];
-   void *pubkey = buf;
-   long mlen;
-   void *m;
-   int mfd;
-
-   if (!get_base64_file(seckeyfile, &skey, sizeof(skey), buf, sizeof(buf)) ||
-       memcmp(skey.pkalg, "Ed", 2) != 0) {
-       fprintf(stderr, "Failed to decode secret key\n");
-       return 1;
-   }
-
-   if (skey.kdfrounds) {
-       fprintf(stderr, "Password protected secret keys are not supported\n");
-       return 1;
-   }
-
-   mfd = open(msgfile, O_RDONLY, 0);
-   if (mfd < 0 || fstat(mfd, &st) < 0 ||
-       (m = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, mfd, 0)) == MAP_FAILED) {
-       if (mfd >= 0)
-           close(mfd);
-       perror("Cannot open message file");
-       return 1;
-   }
-   mlen = st.st_size;
-
-   memcpy(sig.fingerprint, skey.fingerprint, sizeof(sig.fingerprint));
-   edsign_sec_to_pub(pubkey, skey.seckey);
-   edsign_sign(sig.sig, pubkey, skey.seckey, m, mlen);
-   munmap(m, mlen);
-   close(mfd);
-
-   if (b64_encode(&sig, sizeof(sig), buf, sizeof(buf)) < 0)
-       return 1;
-
-   write_file(sigfile, sig.fingerprint, "signed by key", buf);
-
-   return 0;
-}
-
 static int fingerprint(void)
 {
    struct seckey skey;
@@ -280,58 +214,6 @@ static int fingerprint(void)
    return 0;
 }

-static int generate(void)
-{
-   struct seckey skey = {
-       .pkalg = "Ed",
-       .kdfalg = "BK",
-       .kdfrounds = 0,
-   };
-   struct pubkey pkey = {
-       .pkalg = "Ed",
-   };
-   struct sha512_state s;
-   char buf[512];
-   FILE *f;
-
-   f = fopen("/dev/urandom", "r");
-   if (!f) {
-       fprintf(stderr, "Can't open /dev/urandom\n");
-       return 1;
-   }
-
-   if (fread(skey.fingerprint, sizeof(skey.fingerprint), 1, f) != 1 ||
-       fread(skey.seckey, EDSIGN_SECRET_KEY_SIZE, 1, f) != 1 ||
-       fread(skey.salt, sizeof(skey.salt), 1, f) != 1) {
-       fprintf(stderr, "Can't read data from /dev/urandom\n");
-       fclose(f);
-       return 1;
-   }
-   if (f)
-       fclose(f);
-
-   ed25519_prepare(skey.seckey);
-   edsign_sec_to_pub(skey.seckey + 32, skey.seckey);
-
-   sha512_init(&s);
-   sha512_add(&s, skey.seckey, sizeof(skey.seckey));
-   memcpy(skey.checksum, sha512_final_get(&s), sizeof(skey.checksum));
-
-   if (b64_encode(&skey, sizeof(skey), buf, sizeof(buf)) < 0)
-       return 1;
-
-   write_file(seckeyfile, skey.fingerprint, "private key", buf);
-
-   memcpy(pkey.fingerprint, skey.fingerprint, sizeof(pkey.fingerprint));
-   memcpy(pkey.pubkey, skey.seckey + 32, sizeof(pkey.pubkey));
-
-   if (b64_encode(&pkey, sizeof(pkey), buf, sizeof(buf)) < 0)
-       return 1;
-
-   write_file(pubkeyfile, pkey.fingerprint, "public key", buf);
-
-   return 0;
-}

 static int usage(const char *cmd)
 {
@@ -341,7 +223,6 @@ static int usage(const char *cmd)
        "  -V:          verify (needs at least -m and -p|-P)\n"
        "  -S:          sign (needs at least -m and -s)\n"
        "  -F:          print key fingerprint of public/secret key or signature\n"
-       "  -G:          generate a new keypair (needs at least -p and -s)\n"
        "Options:\n"
        "  -c <comment>:    add comment to keys\n"
        "  -m <file>:       message file\n"
@@ -373,15 +254,9 @@ int main(int argc, char **argv)
        case 'V':
            set_cmd(argv[0], CMD_VERIFY);
            break;
-       case 'S':
-           set_cmd(argv[0], CMD_SIGN);
-           break;
        case 'F':
            set_cmd(argv[0], CMD_FINGERPRINT);
            break;
-       case 'G':
-           set_cmd(argv[0], CMD_GENERATE);
-           break;
        case 'c':
            comment = optarg;
            break;
@@ -425,20 +300,12 @@ int main(int argc, char **argv)
        if ((!pubkeyfile && !pubkeydir) || !msgfile)
            return usage(argv[0]);
        return verify(msgfile);
-   case CMD_SIGN:
-       if (!seckeyfile || !msgfile || !sigfile)
-           return usage(argv[0]);
-       return sign(msgfile);
    case CMD_FINGERPRINT:
        if (!!seckeyfile + !!pubkeyfile + !!sigfile != 1) {
            fprintf(stderr, "Need one secret/public key or signature\n");
            return usage(argv[0]);
        }
        return fingerprint();
-   case CMD_GENERATE:
-       if (!seckeyfile || !pubkeyfile)
-           return usage(argv[0]);
-       return generate();
    default:
        return usage(argv[0]);
    }