1/*-
2 * Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org>
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25#include "config.h"
26
27#include <sys/types.h>
28
29#include <inttypes.h>
30#include <stdio.h>
31#include <stdlib.h>
32#include <string.h>
33#include <time.h>
34#include <unistd.h>
35
36#include "verify.h"
37
38/* print the time nicely */
39static void
40ptime(int64_t secs)
41{
42	time_t	t;
43
44	t = (time_t)secs;
45	printf("%s", ctime(&t));
46}
47
48/* print entry n */
49static void
50pentry(pgpv_t *pgp, int n, const char *modifiers)
51{
52	size_t	 cc;
53	char	*s;
54
55	cc = pgpv_get_entry(pgp, (unsigned)n, &s, modifiers);
56	fwrite(s, 1, cc, stdout);
57	free(s);
58}
59
60#define MB(x)	((x) * 1024 * 1024)
61
62/* get stdin into memory so we can verify it */
63static char *
64getstdin(ssize_t *cc, size_t *size)
65{
66	size_t	 newsize;
67	char	*newin;
68	char	*in;
69	int	 rc;
70
71	*cc = 0;
72	*size = 0;
73	in = NULL;
74	do {
75		newsize = *size + MB(1);
76		if ((newin = realloc(in, newsize)) == NULL) {
77			break;
78		}
79		in = newin;
80		*size = newsize;
81		if ((rc = read(STDIN_FILENO, &in[*cc], newsize - *cc)) > 0) {
82			*cc += rc;
83		}
84	} while (rc > 0);
85	return in;
86}
87
88/* verify memory or file */
89static int
90verify_data(pgpv_t *pgp, const char *cmd, const char *inname, char *in, ssize_t cc)
91{
92	pgpv_cursor_t	*cursor;
93	const char	*modifiers;
94	size_t		 size;
95	size_t		 cookie;
96	char		*data;
97	int		 el;
98	int		 ok;
99
100	cursor = pgpv_new_cursor();
101	ok = 0;
102	if (strcasecmp(cmd, "cat") == 0) {
103		if ((cookie = pgpv_verify(cursor, pgp, in, cc)) != 0) {
104			if ((size = pgpv_get_verified(cursor, cookie, &data)) > 0) {
105				write(STDOUT_FILENO, data, size);
106			}
107			ok = 1;
108		}
109	} else if (strcasecmp(cmd, "dump") == 0) {
110		if ((cookie = pgpv_verify(cursor, pgp, in, cc)) != 0) {
111			size = pgpv_dump(pgp, &data);
112			write(STDOUT_FILENO, data, size);
113			ok = 1;
114		}
115	} else if (strcasecmp(cmd, "verify") == 0 || strcasecmp(cmd, "trust") == 0) {
116		modifiers = (strcasecmp(cmd, "trust") == 0) ? "trust" : NULL;
117		if (pgpv_verify(cursor, pgp, in, cc)) {
118			printf("Good signature for %s made ", inname);
119			ptime(pgpv_get_cursor_num(cursor, "sigtime"));
120			el = pgpv_get_cursor_element(cursor, 0);
121			pentry(pgp, el, modifiers);
122			ok = 1;
123		} else {
124			fprintf(stderr, "Signature did not match contents -- %s\n",
125				pgpv_get_cursor_str(cursor, "why"));
126		}
127	} else {
128		fprintf(stderr, "unrecognised command \"%s\"\n", cmd);
129	}
130	pgpv_cursor_close(cursor);
131	return ok;
132}
133
134int
135main(int argc, char **argv)
136{
137	const char	*keyring;
138	const char	*cmd;
139	ssize_t		 cc;
140	size_t		 size;
141	pgpv_t		*pgp;
142	char		*in;
143	int		 ssh;
144	int		 ok;
145	int		 i;
146
147	pgp = pgpv_new();
148	keyring = NULL;
149	ssh = 0;
150	ok = 1;
151	cmd = "verify";
152	while ((i = getopt(argc, argv, "S:c:k:v")) != -1) {
153		switch(i) {
154		case 'S':
155			ssh = 1;
156			keyring = optarg;
157			break;
158		case 'c':
159			cmd = optarg;
160			break;
161		case 'k':
162			keyring = optarg;
163			break;
164		case 'v':
165			printf("%s\n", NETPGPVERIFY_VERSION);
166			exit(EXIT_SUCCESS);
167		default:
168			break;
169		}
170	}
171	if (ssh) {
172		if (!pgpv_read_ssh_pubkeys(pgp, keyring, -1)) {
173			fprintf(stderr, "can't read ssh keyring\n");
174			exit(EXIT_FAILURE);
175		}
176	} else if (!pgpv_read_pubring(pgp, keyring, -1)) {
177		fprintf(stderr, "can't read keyring\n");
178		exit(EXIT_FAILURE);
179	}
180	if (optind == argc) {
181		in = getstdin(&cc, &size);
182		ok = verify_data(pgp, cmd, "[stdin]", in, cc);
183	} else {
184		for (ok = 1, i = optind ; i < argc ; i++) {
185			if (!verify_data(pgp, cmd, argv[i], argv[i], -1)) {
186				ok = 0;
187			}
188		}
189	}
190	pgpv_close(pgp);
191	exit((ok) ? EXIT_SUCCESS : EXIT_FAILURE);
192}
193