xref: /netbsd-src/crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c (revision b7b7574d3bf8eeb51a1fa3977b59142ec6434a55) 
1 /*-
2  * Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org>
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 #include "config.h"
26 
27 #include <sys/types.h>
28 
29 #include <inttypes.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <time.h>
34 #include <unistd.h>
35 
36 #include "verify.h"
37 
38 #include "array.h"
39 
40 /* print the time nicely */
41 static void
42 ptime(int64_t secs)
43 {
44 	time_t	t;
45 
46 	t = (time_t)secs;
47 	printf("%s", ctime(&t));
48 }
49 
50 /* print entry n */
51 static void
52 pentry(pgpv_t *pgp, int n, const char *modifiers)
53 {
54 	char	*s;
55 
56 	pgpv_get_entry(pgp, (unsigned)n, &s, modifiers);
57 	printf("%s", s);
58 	free(s);
59 }
60 
61 #define MB(x)	((x) * 1024 * 1024)
62 
63 /* get stdin into memory so we can verify it */
64 static char *
65 getstdin(ssize_t *cc, size_t *size)
66 {
67 	size_t	 newsize;
68 	char	*newin;
69 	char	*in;
70 	int	 rc;
71 
72 	*cc = 0;
73 	*size = 0;
74 	in = NULL;
75 	do {
76 		newsize = *size + MB(1);
77 		if ((newin = realloc(in, newsize)) == NULL) {
78 			break;
79 		}
80 		in = newin;
81 		*size = newsize;
82 		if ((rc = read(STDIN_FILENO, &in[*cc], newsize - *cc)) > 0) {
83 			*cc += rc;
84 		}
85 	} while (rc > 0);
86 	return in;
87 }
88 
89 /* verify memory or file */
90 static int
91 verify_data(pgpv_t *pgp, const char *cmd, const char *inname, char *in, ssize_t cc)
92 {
93 	pgpv_cursor_t	 cursor;
94 	const char	*modifiers;
95 	size_t		 size;
96 	size_t		 cookie;
97 	char		*data;
98 
99 	memset(&cursor, 0x0, sizeof(cursor));
100 	if (strcasecmp(cmd, "cat") == 0) {
101 		if ((cookie = pgpv_verify(&cursor, pgp, in, cc)) != 0) {
102 			if ((size = pgpv_get_verified(&cursor, cookie, &data)) > 0) {
103 				write(STDOUT_FILENO, data, size);
104 			}
105 			return 1;
106 		}
107 	} else if (strcasecmp(cmd, "verify") == 0 || strcasecmp(cmd, "trust") == 0) {
108 		modifiers = (strcasecmp(cmd, "trust") == 0) ? "trust" : NULL;
109 		if (pgpv_verify(&cursor, pgp, in, cc)) {
110 			printf("Good signature for %s made ", inname);
111 			ptime(cursor.sigtime);
112 			pentry(pgp, ARRAY_ELEMENT(cursor.found, 0), modifiers);
113 			return 1;
114 		}
115 		fprintf(stderr, "Signature did not match contents -- %s\n", cursor.why);
116 	} else {
117 		fprintf(stderr, "unrecognised command \"%s\"\n", cmd);
118 	}
119 	return 0;
120 }
121 
122 int
123 main(int argc, char **argv)
124 {
125 	const char	*keyring;
126 	const char	*cmd;
127 	ssize_t		 cc;
128 	size_t		 size;
129 	pgpv_t		 pgp;
130 	char		*in;
131 	int		 ssh;
132 	int		 ok;
133 	int		 i;
134 
135 	memset(&pgp, 0x0, sizeof(pgp));
136 	keyring = NULL;
137 	ssh = 0;
138 	ok = 1;
139 	cmd = "verify";
140 	while ((i = getopt(argc, argv, "S:c:k:v")) != -1) {
141 		switch(i) {
142 		case 'S':
143 			ssh = 1;
144 			keyring = optarg;
145 			break;
146 		case 'c':
147 			cmd = optarg;
148 			break;
149 		case 'k':
150 			keyring = optarg;
151 			break;
152 		case 'v':
153 			printf("%s\n", NETPGPVERIFY_VERSION);
154 			exit(EXIT_SUCCESS);
155 		default:
156 			break;
157 		}
158 	}
159 	if (ssh) {
160 		if (!pgpv_read_ssh_pubkeys(&pgp, keyring, -1)) {
161 			fprintf(stderr, "can't read ssh keyring\n");
162 			exit(EXIT_FAILURE);
163 		}
164 	} else if (!pgpv_read_pubring(&pgp, keyring, -1)) {
165 		fprintf(stderr, "can't read keyring\n");
166 		exit(EXIT_FAILURE);
167 	}
168 	if (optind == argc) {
169 		in = getstdin(&cc, &size);
170 		ok = verify_data(&pgp, cmd, "[stdin]", in, cc);
171 	} else {
172 		for (ok = 1, i = optind ; i < argc ; i++) {
173 			if (!verify_data(&pgp, cmd, argv[i], argv[i], -1)) {
174 				ok = 0;
175 			}
176 		}
177 	}
178 	pgpv_close(&pgp);
179 	exit((ok) ? EXIT_SUCCESS : EXIT_FAILURE);
180 }
181