1 /*-
2 * Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org>
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25 #include "config.h"
26
27 #include <sys/types.h>
28
29 #include <inttypes.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <time.h>
34 #include <unistd.h>
35
36 #include "verify.h"
37
38 /* print the time nicely */
39 static void
ptime(int64_t secs)40 ptime(int64_t secs)
41 {
42 time_t t;
43
44 t = (time_t)secs;
45 printf("%s", ctime(&t));
46 }
47
48 /* print entry n */
49 static void
pentry(pgpv_t * pgp,int n,const char * modifiers)50 pentry(pgpv_t *pgp, int n, const char *modifiers)
51 {
52 size_t cc;
53 char *s;
54
55 cc = pgpv_get_entry(pgp, (unsigned)n, &s, modifiers);
56 fwrite(s, 1, cc, stdout);
57 free(s);
58 }
59
60 #define MB(x) ((x) * 1024 * 1024)
61
62 /* get stdin into memory so we can verify it */
63 static char *
getstdin(ssize_t * cc,size_t * size)64 getstdin(ssize_t *cc, size_t *size)
65 {
66 size_t newsize;
67 char *newin;
68 char *in;
69 int rc;
70
71 *cc = 0;
72 *size = 0;
73 in = NULL;
74 do {
75 newsize = *size + MB(1);
76 if ((newin = realloc(in, newsize)) == NULL) {
77 break;
78 }
79 in = newin;
80 *size = newsize;
81 if ((rc = read(STDIN_FILENO, &in[*cc], newsize - *cc)) > 0) {
82 *cc += rc;
83 }
84 } while (rc > 0);
85 return in;
86 }
87
88 /* verify memory or file */
89 static int
verify_data(pgpv_t * pgp,const char * cmd,const char * inname,char * in,ssize_t cc)90 verify_data(pgpv_t *pgp, const char *cmd, const char *inname, char *in, ssize_t cc)
91 {
92 pgpv_cursor_t *cursor;
93 const char *modifiers;
94 size_t size;
95 size_t cookie;
96 char *data;
97 int el;
98 int ok;
99
100 cursor = pgpv_new_cursor();
101 ok = 0;
102 if (strcasecmp(cmd, "cat") == 0) {
103 if ((cookie = pgpv_verify(cursor, pgp, in, cc)) != 0) {
104 if ((size = pgpv_get_verified(cursor, cookie, &data)) > 0) {
105 write(STDOUT_FILENO, data, size);
106 }
107 ok = 1;
108 }
109 } else if (strcasecmp(cmd, "dump") == 0) {
110 if ((cookie = pgpv_verify(cursor, pgp, in, cc)) != 0) {
111 size = pgpv_dump(pgp, &data);
112 write(STDOUT_FILENO, data, size);
113 ok = 1;
114 }
115 } else if (strcasecmp(cmd, "verify") == 0 || strcasecmp(cmd, "trust") == 0) {
116 modifiers = (strcasecmp(cmd, "trust") == 0) ? "trust" : NULL;
117 if (pgpv_verify(cursor, pgp, in, cc)) {
118 printf("Good signature for %s made ", inname);
119 ptime(pgpv_get_cursor_num(cursor, "sigtime"));
120 el = pgpv_get_cursor_element(cursor, 0);
121 pentry(pgp, el, modifiers);
122 ok = 1;
123 } else {
124 fprintf(stderr, "Signature did not match contents -- %s\n",
125 pgpv_get_cursor_str(cursor, "why"));
126 }
127 } else {
128 fprintf(stderr, "unrecognised command \"%s\"\n", cmd);
129 }
130 pgpv_cursor_close(cursor);
131 return ok;
132 }
133
134 int
main(int argc,char ** argv)135 main(int argc, char **argv)
136 {
137 const char *keyring;
138 const char *cmd;
139 ssize_t cc;
140 size_t size;
141 pgpv_t *pgp;
142 char *in;
143 int ssh;
144 int ok;
145 int i;
146
147 pgp = pgpv_new();
148 keyring = NULL;
149 ssh = 0;
150 ok = 1;
151 cmd = "verify";
152 while ((i = getopt(argc, argv, "S:c:k:v")) != -1) {
153 switch(i) {
154 case 'S':
155 ssh = 1;
156 keyring = optarg;
157 break;
158 case 'c':
159 cmd = optarg;
160 break;
161 case 'k':
162 keyring = optarg;
163 break;
164 case 'v':
165 printf("%s\n", NETPGPVERIFY_VERSION);
166 exit(EXIT_SUCCESS);
167 default:
168 break;
169 }
170 }
171 if (ssh) {
172 if (!pgpv_read_ssh_pubkeys(pgp, keyring, -1)) {
173 fprintf(stderr, "can't read ssh keyring\n");
174 exit(EXIT_FAILURE);
175 }
176 } else if (!pgpv_read_pubring(pgp, keyring, -1)) {
177 fprintf(stderr, "can't read keyring\n");
178 exit(EXIT_FAILURE);
179 }
180 if (optind == argc) {
181 in = getstdin(&cc, &size);
182 ok = verify_data(pgp, cmd, "[stdin]", in, cc);
183 } else {
184 for (ok = 1, i = optind ; i < argc ; i++) {
185 if (!verify_data(pgp, cmd, argv[i], argv[i], -1)) {
186 ok = 0;
187 }
188 }
189 }
190 pgpv_close(pgp);
191 exit((ok) ? EXIT_SUCCESS : EXIT_FAILURE);
192 }
193