1/*- 2 * Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25#include "config.h" 26 27#include <sys/types.h> 28 29#include <inttypes.h> 30#include <stdio.h> 31#include <stdlib.h> 32#include <string.h> 33#include <time.h> 34#include <unistd.h> 35 36#include "verify.h" 37 38/* print the time nicely */ 39static void 40ptime(int64_t secs) 41{ 42 time_t t; 43 44 t = (time_t)secs; 45 printf("%s", ctime(&t)); 46} 47 48/* print entry n */ 49static void 50pentry(pgpv_t *pgp, int n, const char *modifiers) 51{ 52 size_t cc; 53 char *s; 54 55 cc = pgpv_get_entry(pgp, (unsigned)n, &s, modifiers); 56 fwrite(s, 1, cc, stdout); 57 free(s); 58} 59 60#define MB(x) ((x) * 1024 * 1024) 61 62/* get stdin into memory so we can verify it */ 63static char * 64getstdin(ssize_t *cc, size_t *size) 65{ 66 size_t newsize; 67 char *newin; 68 char *in; 69 int rc; 70 71 *cc = 0; 72 *size = 0; 73 in = NULL; 74 do { 75 newsize = *size + MB(1); 76 if ((newin = realloc(in, newsize)) == NULL) { 77 break; 78 } 79 in = newin; 80 *size = newsize; 81 if ((rc = read(STDIN_FILENO, &in[*cc], newsize - *cc)) > 0) { 82 *cc += rc; 83 } 84 } while (rc > 0); 85 return in; 86} 87 88/* verify memory or file */ 89static int 90verify_data(pgpv_t *pgp, const char *cmd, const char *inname, char *in, ssize_t cc) 91{ 92 pgpv_cursor_t *cursor; 93 const char *modifiers; 94 size_t size; 95 size_t cookie; 96 char *data; 97 int el; 98 int ok; 99 100 cursor = pgpv_new_cursor(); 101 ok = 0; 102 if (strcasecmp(cmd, "cat") == 0) { 103 if ((cookie = pgpv_verify(cursor, pgp, in, cc)) != 0) { 104 if ((size = pgpv_get_verified(cursor, cookie, &data)) > 0) { 105 write(STDOUT_FILENO, data, size); 106 } 107 ok = 1; 108 } 109 } else if (strcasecmp(cmd, "dump") == 0) { 110 if ((cookie = pgpv_verify(cursor, pgp, in, cc)) != 0) { 111 size = pgpv_dump(pgp, &data); 112 write(STDOUT_FILENO, data, size); 113 ok = 1; 114 } 115 } else if (strcasecmp(cmd, "verify") == 0 || strcasecmp(cmd, "trust") == 0) { 116 modifiers = (strcasecmp(cmd, "trust") == 0) ? "trust" : NULL; 117 if (pgpv_verify(cursor, pgp, in, cc)) { 118 printf("Good signature for %s made ", inname); 119 ptime(pgpv_get_cursor_num(cursor, "sigtime")); 120 el = pgpv_get_cursor_element(cursor, 0); 121 pentry(pgp, el, modifiers); 122 ok = 1; 123 } else { 124 fprintf(stderr, "Signature did not match contents -- %s\n", 125 pgpv_get_cursor_str(cursor, "why")); 126 } 127 } else { 128 fprintf(stderr, "unrecognised command \"%s\"\n", cmd); 129 } 130 pgpv_cursor_close(cursor); 131 return ok; 132} 133 134int 135main(int argc, char **argv) 136{ 137 const char *keyring; 138 const char *cmd; 139 ssize_t cc; 140 size_t size; 141 pgpv_t *pgp; 142 char *in; 143 int ssh; 144 int ok; 145 int i; 146 147 pgp = pgpv_new(); 148 keyring = NULL; 149 ssh = 0; 150 ok = 1; 151 cmd = "verify"; 152 while ((i = getopt(argc, argv, "S:c:k:v")) != -1) { 153 switch(i) { 154 case 'S': 155 ssh = 1; 156 keyring = optarg; 157 break; 158 case 'c': 159 cmd = optarg; 160 break; 161 case 'k': 162 keyring = optarg; 163 break; 164 case 'v': 165 printf("%s\n", NETPGPVERIFY_VERSION); 166 exit(EXIT_SUCCESS); 167 default: 168 break; 169 } 170 } 171 if (ssh) { 172 if (!pgpv_read_ssh_pubkeys(pgp, keyring, -1)) { 173 fprintf(stderr, "can't read ssh keyring\n"); 174 exit(EXIT_FAILURE); 175 } 176 } else if (!pgpv_read_pubring(pgp, keyring, -1)) { 177 fprintf(stderr, "can't read keyring\n"); 178 exit(EXIT_FAILURE); 179 } 180 if (optind == argc) { 181 in = getstdin(&cc, &size); 182 ok = verify_data(pgp, cmd, "[stdin]", in, cc); 183 } else { 184 for (ok = 1, i = optind ; i < argc ; i++) { 185 if (!verify_data(pgp, cmd, argv[i], argv[i], -1)) { 186 ok = 0; 187 } 188 } 189 } 190 pgpv_close(pgp); 191 exit((ok) ? EXIT_SUCCESS : EXIT_FAILURE); 192} 193