chiark / gitweb /
Add set -e.
[catacomb] / dsig.c
CommitLineData
4bedc99b 1/* -*-c-*-
2 *
e9026a0a 3 * $Id: dsig.c,v 1.8 2004/04/04 19:42:59 mdw Exp $
4bedc99b 4 *
5 * Verify signatures on distribuitions of files
6 *
7 * (c) 2000 Straylight/Edgeware
8 */
9
10/*----- Licensing notice --------------------------------------------------*
11 *
12 * This file is part of Catacomb.
13 *
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
18 *
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
23 *
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
27 * MA 02111-1307, USA.
28 */
29
30/*----- Revision history --------------------------------------------------*
31 *
32 * $Log: dsig.c,v $
e9026a0a 33 * Revision 1.8 2004/04/04 19:42:59 mdw
34 * Add set -e.
35 *
bd5efd74 36 * Revision 1.7 2001/02/23 09:04:17 mdw
37 * Add new hash functions. Provide full help for subcommands. Run the
38 * hash function over parts of the header in a canonical order.
39 *
16efd15b 40 * Revision 1.6 2000/12/06 20:33:27 mdw
41 * Make flags be macros rather than enumerations, to ensure that they're
42 * unsigned.
43 *
e45700eb 44 * Revision 1.5 2000/10/08 12:12:09 mdw
45 * Shut up some warnings.
46 *
d470270a 47 * Revision 1.4 2000/08/04 23:23:44 mdw
48 * Various <ctype.h> fixes.
49 *
365c07f5 50 * Revision 1.3 2000/07/15 20:53:23 mdw
51 * More hash functions. Bug fix in getstring.
52 *
82fa9679 53 * Revision 1.2 2000/07/01 11:27:22 mdw
54 * Use new PKCS#1 padding functions rather than rolling by hand.
55 *
4bedc99b 56 * Revision 1.1 2000/06/17 10:54:29 mdw
57 * Program to generate and verify signatures on multiple files.
58 *
59 */
60
61/*----- Header files ------------------------------------------------------*/
62
63#include "config.h"
64
65#include <ctype.h>
66#include <errno.h>
67#include <stdio.h>
68#include <stdlib.h>
69#include <string.h>
70
71#include <mLib/alloc.h>
72#include <mLib/base64.h>
73#include <mLib/mdwopt.h>
74#include <mLib/quis.h>
75#include <mLib/report.h>
76#include <mLib/sub.h>
77
4bedc99b 78#include "getdate.h"
79#include "grand.h"
80#include "ghash.h"
81#include "key.h"
82#include "key-data.h"
4bedc99b 83#include "noise.h"
365c07f5 84
85#include "dsa.h"
86#include "rsa.h"
82fa9679 87#include "pkcs1.h"
365c07f5 88
4bedc99b 89/*----- Digital signature algorithm ---------------------------------------*/
90
91static int dsasign(key *k, const void *m, size_t msz, dstr *d)
92{
93 dsa_priv dp;
94 key_packstruct ks[DSA_PRIVFETCHSZ];
95 key_packdef *kp;
96 size_t sz;
97 octet *p;
98 int e;
99
100 kp = key_fetchinit(dsa_privfetch, ks, &dp);
101 if ((e = key_fetch(kp, k)) != 0) {
102 key_fetchdone(kp);
103 return (e);
104 }
105 sz = mp_octets(dp.dp.q);
365c07f5 106 if (sz < msz)
107 die(EXIT_FAILURE, "hash function too wide for this signing key");
4bedc99b 108 DENSURE(d, sz * 2);
e45700eb 109 p = (octet *)d->buf + d->len;
4bedc99b 110 rand_get(RAND_GLOBAL, p, sz);
111 dsa_sign(&dp.dp, dp.x, m, msz, p, sz, p, sz, p + sz, sz);
112 d->len += sz * 2;
113 key_fetchdone(kp);
114 return (0);
115}
116
117static int dsaverify(key *k, const void *m, size_t msz,
118 const void *s, size_t ssz)
119{
120 dsa_pub dp;
121 key_packstruct ks[DSA_PUBFETCHSZ];
122 key_packdef *kp;
123 size_t sz;
e45700eb 124 const octet *p = s;
4bedc99b 125 int e;
126
127 kp = key_fetchinit(dsa_pubfetch, ks, &dp);
128 if ((e = key_fetch(kp, k)) != 0) {
129 key_fetchdone(kp);
130 return (e);
131 }
132 sz = ssz / 2;
e45700eb 133 e = dsa_verify(&dp.dp, dp.y, m, msz, p, sz, p + sz, sz);
4bedc99b 134 key_fetchdone(kp);
135 return (e);
136}
137
138/*----- RSA signing -------------------------------------------------------*/
139
140static int rsasign(key *k, const void *m, size_t msz, dstr *d)
141{
142 rsa_priv rp;
82fa9679 143 rsa_privctx rpc;
144 pkcs1 pk = { 0, 0, 0 };
4bedc99b 145 key_packstruct ks[RSA_PRIVFETCHSZ];
146 key_packdef *kp;
4bedc99b 147 int e;
148
149 kp = key_fetchinit(rsa_privfetch, ks, &rp);
150 if ((e = key_fetch(kp, k)) != 0) {
151 key_fetchdone(kp);
152 return (e);
153 }
82fa9679 154 rsa_privcreate(&rpc, &rp, &rand_global);
155 if (rsa_sign(&rpc, m, msz, d, pkcs1_sigencode, &pk) < 0)
156 die(EXIT_FAILURE, "internal error in rsasign (key too small?)");
157 rsa_privdestroy(&rpc);
4bedc99b 158 key_fetchdone(kp);
159 return (0);
160}
161
162static int rsaverify(key *k, const void *m, size_t msz,
163 const void *s, size_t ssz)
164{
165 rsa_pub rp;
82fa9679 166 rsa_pubctx rpc;
167 pkcs1 pk = { 0, 0, 0 };
4bedc99b 168 key_packstruct ks[RSA_PUBFETCHSZ];
169 key_packdef *kp;
4bedc99b 170 int ok = 0;
82fa9679 171 dstr d = DSTR_INIT;
4bedc99b 172 int e;
4bedc99b 173
174 kp = key_fetchinit(rsa_pubfetch, ks, &rp);
175 if ((e = key_fetch(kp, k)) != 0) {
176 key_fetchdone(kp);
177 return (e);
178 }
82fa9679 179 rsa_pubcreate(&rpc, &rp);
180 if (rsa_verify(&rpc, s, ssz, &d, pkcs1_sigdecode, &pk) > 0 &&
181 msz == d.len && memcmp(d.buf, m, msz) == 0)
182 ok = 1;
183 dstr_destroy(&d);
184 rsa_pubdestroy(&rpc);
4bedc99b 185 key_fetchdone(kp);
4bedc99b 186 return (ok);
187}
188
189/*----- Algorithm choice --------------------------------------------------*/
190
191typedef struct sig {
192 const char *name;
193 const char *type;
194 int (*sign)(key */*k*/, const void */*m*/, size_t /*msz*/, dstr */*d*/);
195 int (*verify)(key */*k*/, const void */*m*/, size_t /*msz*/,
196 const void */*s*/, size_t /*ssz*/);
197} sig;
198
4bedc99b 199static sig sigtab[] = {
200 { "dsa", "dsig-dsa", dsasign, dsaverify },
201 { "rsa", "dsig-rsa", rsasign, rsaverify },
202 { 0, 0, 0 }
203};
204
205/* --- @gethash@ --- *
206 *
207 * Arguments: @const char *name@ = pointer to name string
208 *
209 * Returns: Pointer to appropriate hash class.
210 *
211 * Use: Chooses a hash function by name.
212 */
213
214static const gchash *gethash(const char *name)
215{
e9026a0a 216 const gchash *const *g, *gg = 0;
4bedc99b 217 size_t sz = strlen(name);
e9026a0a 218 for (g = ghashtab; *g; g++) {
4bedc99b 219 if (strncmp(name, (*g)->name, sz) == 0) {
220 if ((*g)->name[sz] == 0) {
221 gg = *g;
222 break;
223 } else if (gg)
224 return (0);
225 else
226 gg = *g;
227 }
228 }
229 return (gg);
230}
231
232/* --- @getsig@ --- *
233 *
234 * Arguments: @const char *name@ = pointer to name string
235 *
236 * Returns: Pointer to appropriate signature type.
237 *
238 * Use: Chooses a signature algorithm by name.
239 */
240
241static sig *getsig(const char *name)
242{
243 sig *s, *ss = 0;
244 size_t sz = strlen(name);
245 for (s = sigtab; s->name; s++) {
246 if (strncmp(name, s->name, sz) == 0) {
247 if (s->name[sz] == 0) {
248 ss = s;
249 break;
250 } else if (ss)
251 return (0);
252 else
253 ss = s;
254 }
255 }
256 return (ss);
257}
258
259/*----- Data formatting ---------------------------------------------------*/
260
261/* --- Binary data structure --- *
262 *
263 * The binary format, which is used for hashing and for the optional binary
264 * output, consists of a sequence of tagged blocks. The tag describes the
265 * format and meaining of the following data.
266 */
267
268enum {
269 /* --- Block tags --- */
270
271 T_IDENT = 0, /* An identifying marker */
272 T_SIGALG, /* Signature algorithm used */
273 T_HASHALG, /* Hash algorithm used */
274 T_KEYID, /* Key identifier */
275 T_BEGIN, /* Begin hashing here */
276 T_COMMENT = T_BEGIN, /* A textual comment */
277 T_DATE, /* Creation date of signature */
278 T_EXPIRE, /* Expiry date of signature */
279 T_FILE, /* File and corresponding hash */
280 T_SIGNATURE, /* Final signature block */
281
282 /* --- Error messages --- */
283
284 E_EOF = -1,
285 E_BIN = -2,
286 E_TAG = -3,
287 E_DATE = -4
288};
289
290/* --- Name translation table --- */
291
292static const char *tagtab[] = {
293 "ident:", "sigalg:", "hashalg:", "keyid:",
294 "comment:", "date:", "expires:", "file:",
295 "signature:",
296 0
297};
298
299static const char *errtab[] = {
300 "Off-by-one bug",
301 "Unexpected end-of-file",
302 "Binary object too large",
303 "Unrecognized tag",
304 "Bad date string"
305};
306
307/* --- Memory representation of block types --- */
308
309typedef struct block {
310 int tag; /* Type tag */
311 dstr d; /* String data */
312 dstr b; /* Binary data */
313 time_t t; /* Timestamp */
314 uint32 k; /* Keyid */
315} block;
316
317/* --- @getstring@ --- *
318 *
319 * Arguments: @FILE *fp@ = stream from which to read
320 * @dstr *d@ = destination string
321 * @unsigned raw@ = raw or cooked read
322 *
323 * Returns: Zero if OK, nonzero on end-of-file.
324 *
325 * Use: Reads a filename (or something similar) from a stream.
326 */
327
328static int getstring(FILE *fp, dstr *d, unsigned raw)
329{
330 int ch;
331 int q = 0;
332
333 /* --- Raw: just read exactly what's written up to a null byte --- */
334
335 if (raw) {
336 if ((ch = getc(fp)) == EOF)
337 return (EOF);
338 for (;;) {
339 if (!ch)
340 break;
341 DPUTC(d, ch);
342 if ((ch = getc(fp)) == EOF)
343 break;
344 }
345 DPUTZ(d);
346 return (0);
347 }
348
349 /* --- Skip as far as whitespace --- *
350 *
351 * Also skip past comments.
352 */
353
354again:
355 ch = getc(fp);
d470270a 356 while (isspace(ch))
4bedc99b 357 ch = getc(fp);
358 if (ch == '#') {
359 do ch = getc(fp); while (ch != '\n' && ch != EOF);
360 goto again;
361 }
362 if (ch == EOF)
363 return (EOF);
364
365 /* --- If the character is a quote then read a quoted string --- */
366
367 switch (ch) {
368 case '`':
369 ch = '\'';
370 case '\'':
371 case '\"':
372 q = ch;
373 ch = getc(fp);
374 break;
375 }
376
377 /* --- Now read all sorts of interesting things --- */
378
379 for (;;) {
380
381 /* --- Handle an escaped thing --- */
382
383 if (ch == '\\') {
384 ch = getc(fp);
385 if (ch == EOF)
386 break;
387 switch (ch) {
365c07f5 388 case 'a': ch = '\a'; break;
4bedc99b 389 case 'b': ch = '\b'; break;
390 case 'f': ch = '\f'; break;
391 case 'n': ch = '\n'; break;
392 case 'r': ch = '\r'; break;
393 case 't': ch = '\t'; break;
394 case 'v': ch = '\v'; break;
395 }
396 DPUTC(d, ch);
365c07f5 397 ch = getc(fp);
4bedc99b 398 continue;
399 }
400
401 /* --- If it's a quote or some other end marker then stop --- */
402
403 if (ch == q || (!q && isspace((unsigned char)ch)))
404 break;
405
406 /* --- Otherwise contribute and continue --- */
407
408 DPUTC(d, ch);
409 if ((ch = getc(fp)) == EOF)
410 break;
411 }
412
413 /* --- Done --- */
414
415 DPUTZ(d);
416 return (0);
417}
418
419/* --- @putstring@ --- *
420 *
421 * Arguments: @FILE *fp@ = stream to write on
422 * @const char *p@ = pointer to text
423 * @unsigned raw@ = whether the string is to be written raw
424 *
425 * Returns: ---
426 *
427 * Use: Emits a string to a stream.
428 */
429
430static void putstring(FILE *fp, const char *p, unsigned raw)
431{
432 size_t sz = strlen(p);
433 unsigned qq;
434 const char *q;
435
436 /* --- Just write the string null terminated if raw --- */
437
438 if (raw) {
439 fwrite(p, 1, sz + 1, fp);
440 return;
441 }
442
443 /* --- Check for any dodgy characters --- */
444
445 qq = 0;
446 for (q = p; *q; q++) {
447 if (isspace((unsigned char)*q)) {
448 qq = '\"';
449 break;
450 }
451 }
452
453 if (qq)
454 putc(qq, fp);
455
456 /* --- Emit the string --- */
457
458 for (q = p; *q; q++) {
459 switch (*q) {
460 case '\a': fputc('\\', fp); fputc('a', fp); break;
461 case '\b': fputc('\\', fp); fputc('b', fp); break;
462 case '\f': fputc('\\', fp); fputc('f', fp); break;
463 case '\n': fputc('\\', fp); fputc('n', fp); break;
464 case '\r': fputc('\\', fp); fputc('r', fp); break;
465 case '\t': fputc('\\', fp); fputc('t', fp); break;
466 case '\v': fputc('\\', fp); fputc('v', fp); break;
467 case '`': fputc('\\', fp); fputc('`', fp); break;
468 case '\'': fputc('\\', fp); fputc('\'', fp); break;
469 case '\"': fputc('\\', fp); fputc('\"', fp); break;
470 default:
471 putc(*q, fp);
472 break;
473 }
474 }
475
476 /* --- Done --- */
477
478 if (qq)
479 putc(qq, fp);
480}
481
482/* --- @timestring@ --- *
483 *
484 * Arguments: @time_t t@ = a timestamp
485 * @dstr *d@ = a string to write on
486 *
487 * Returns: ---
488 *
489 * Use: Writes a textual representation of the timestamp to the
490 * string.
491 */
492
493static void timestring(time_t t, dstr *d)
494{
495 if (t == KEXP_FOREVER)
496 DPUTS(d, "forever");
497 else {
498 struct tm *tm = localtime(&t);
499 DENSURE(d, 32);
500 d->len += strftime(d->buf + d->len, 32, "%Y-%m-%d %H:%M:%S %Z", tm);
501 DPUTZ(d);
502 }
503}
504
505/* --- @breset@ --- *
506 *
507 * Arguments: @block *b@ = block to reset
508 *
509 * Returns: ---
510 *
511 * Use: Resets a block so that more stuff can be put in it.
512 */
513
514static void breset(block *b)
515{
516 b->tag = 0;
517 DRESET(&b->d);
518 DRESET(&b->b);
519 b->k = 0;
520 b->t = KEXP_EXPIRE;
521}
522
523/* --- @binit@ --- *
524 *
525 * Arguments: @block *b@ = block to initialize
526 *
527 * Returns: ---
528 *
529 * Use: Initializes a block as something to read into.
530 */
531
532static void binit(block *b)
533{
534 dstr_create(&b->d);
535 dstr_create(&b->b);
536 breset(b);
537}
538
539/* --- @bdestroy@ --- *
540 *
541 * Arguments: @block *b@ = block to destroy
542 *
543 * Returns: ---
544 *
545 * Use: Destroys a block's contents.
546 */
547
548static void bdestroy(block *b)
549{
550 dstr_destroy(&b->d);
551 dstr_destroy(&b->b);
552}
553
554/* --- @bget@ --- *
555 *
556 * Arguments: @block *b@ = pointer to block
557 * @FILE *fp@ = stream to read from
558 * @unsigned bin@ = binary switch
559 *
560 * Returns: Tag of block, or an error tag.
561 *
562 * Use: Reads a block from a stream.
563 */
564
565static int bget(block *b, FILE *fp, unsigned bin)
566{
567 int tag;
568
569 /* --- Read the tag --- */
570
571 if (bin)
572 tag = getc(fp);
573 else {
574 dstr d = DSTR_INIT;
575 if (getstring(fp, &d, 0))
576 return (E_EOF);
577 for (tag = 0; tagtab[tag]; tag++) {
578 if (strcmp(tagtab[tag], d.buf) == 0)
579 goto done;
580 }
581 return (E_TAG);
582 done:;
583 }
584
585 /* --- Decide what to do next --- */
586
587 breset(b);
588 b->tag = tag;
589 switch (tag) {
590
591 /* --- Reading of strings --- */
592
593 case T_IDENT:
594 case T_COMMENT:
595 case T_SIGALG:
596 case T_HASHALG:
597 if (getstring(fp, &b->d, bin))
598 return (E_EOF);
599 break;
600
601 /* --- Timestamps --- */
602
603 case T_DATE:
604 case T_EXPIRE:
605 if (bin) {
606 octet buf[8];
607 if (fread(buf, sizeof(buf), 1, fp) < 1)
608 return (E_EOF);
609 b->t = ((time_t)(((LOAD32(buf + 0) << 16) << 16) & ~MASK32) |
610 (time_t)LOAD32(buf + 4));
611 } else {
612 if (getstring(fp, &b->d, 0))
613 return (E_EOF);
614 if (strcmp(b->d.buf, "forever") == 0)
615 b->t = KEXP_FOREVER;
616 else if ((b->t = get_date(b->d.buf, 0)) == -1)
617 return (E_DATE);
618 }
619 break;
620
621 /* --- Key ids --- */
622
623 case T_KEYID:
624 if (bin) {
625 octet buf[4];
626 if (fread(buf, sizeof(buf), 1, fp) < 1)
627 return (E_EOF);
628 b->k = LOAD32(buf);
629 } else {
630 if (getstring(fp, &b->d, 0))
631 return (E_EOF);
632 b->k = strtoul(b->d.buf, 0, 16);
633 }
634 break;
635
636 /* --- Reading of binary data --- */
637
638 case T_FILE:
639 case T_SIGNATURE:
640 if (bin) {
641 octet buf[2];
642 uint32 sz;
643 if (fread(buf, sizeof(buf), 1, fp) < 1)
644 return (E_EOF);
645 sz = LOAD16(buf);
646 if (sz > 4096)
647 return (E_BIN);
648 DENSURE(&b->b, sz);
649 if (fread(b->b.buf + b->b.len, 1, sz, fp) < sz)
650 return (E_EOF);
651 b->b.len += sz;
652 } else {
653 base64_ctx b64;
654 if (getstring(fp, &b->d, 0))
655 return (E_EOF);
656 base64_init(&b64);
657 base64_decode(&b64, b->d.buf, b->d.len, &b->b);
658 base64_decode(&b64, 0, 0, &b->b);
659 DRESET(&b->d);
660 }
661 if (tag == T_FILE && getstring(fp, &b->d, bin))
662 return (E_EOF);
663 break;
664
665 /* --- Anything else --- */
666
667 default:
668 return (E_TAG);
669 }
670
671 return (tag);
672}
673
674/* --- @blob@ --- *
675 *
676 * Arguments: @block *b@ = pointer to block to emit
677 * @dstr *d@ = output buffer
678 *
679 * Returns: ---
680 *
681 * Use: Encodes a block in a binary format.
682 */
683
684static void blob(block *b, dstr *d)
685{
686 DPUTC(d, b->tag);
687 switch (b->tag) {
688 case T_IDENT:
689 case T_SIGALG:
690 case T_HASHALG:
691 case T_COMMENT:
692 DPUTD(d, &b->d);
693 DPUTC(d, 0);
694 break;
695 case T_DATE:
696 case T_EXPIRE:
697 DENSURE(d, 8);
698 STORE32(d->buf + d->len, ((b->t & ~MASK32) >> 16) >> 16);
699 STORE32(d->buf + d->len + 4, b->t);
700 d->len += 8;
701 break;
702 case T_KEYID:
703 DENSURE(d, 4);
704 STORE32(d->buf + d->len, b->k);
705 d->len += 4;
706 break;
707 case T_FILE:
708 case T_SIGNATURE:
709 DENSURE(d, 2);
710 STORE16(d->buf + d->len, b->b.len);
711 d->len += 2;
712 DPUTD(d, &b->b);
713 if (b->tag == T_FILE) {
714 DPUTD(d, &b->d);
715 DPUTC(d, 0);
716 }
717 break;
718 }
719}
720
721/* --- @bwrite@ --- *
722 *
723 * Arguments: @block *b@ = pointer to block to write
724 * @FILE *fp@ = stream to write on
725 *
726 * Returns: ---
727 *
728 * Use: Writes a block on a stream in a textual format.
729 */
730
731static void bwrite(block *b, FILE *fp)
732{
733 fputs(tagtab[b->tag], fp);
734 putc(' ', fp);
735 switch (b->tag) {
736 case T_IDENT:
737 case T_SIGALG:
738 case T_HASHALG:
739 case T_COMMENT:
740 putstring(fp, b->d.buf, 0);
741 break;
742 case T_DATE:
743 case T_EXPIRE: {
744 dstr d = DSTR_INIT;
745 timestring(b->t, &d);
746 putstring(fp, d.buf, 0);
747 dstr_destroy(&d);
748 } break;
749 case T_KEYID:
750 fprintf(fp, "%08lx", (unsigned long)b->k);
751 break;
752 case T_FILE:
753 case T_SIGNATURE: {
754 dstr d = DSTR_INIT;
755 base64_ctx b64;
756 base64_init(&b64);
757 b64.maxline = 0;
758 base64_encode(&b64, b->b.buf, b->b.len, &d);
759 base64_encode(&b64, 0, 0, &d);
760 dstr_write(&d, fp);
761 if (b->tag == T_FILE) {
762 putc(' ', fp);
763 putstring(fp, b->d.buf, 0);
764 }
765 } break;
766 }
767 putc('\n', fp);
768}
769
770/* --- @bemit@ --- *
771 *
772 * Arguments: @block *b@ = pointer to block to write
773 * @FILE *fp@ = file to write on
774 * @ghash *h@ = pointer to hash function
775 * @unsigned bin@ = binary/text flag
776 *
777 * Returns: ---
778 *
779 * Use: Spits out a block properly.
780 */
781
782static void bemit(block *b, FILE *fp, ghash *h, unsigned bin)
783{
784 if (h || (fp && bin)) {
785 dstr d = DSTR_INIT;
786 blob(b, &d);
787 if (h)
788 h->ops->hash(h, d.buf, d.len);
789 if (fp && bin)
790 fwrite(d.buf, d.len, 1, fp);
791 }
792 if (fp && !bin)
793 bwrite(b, fp);
794}
795
796/*----- Static variables --------------------------------------------------*/
797
798static const char *keyring = "keyring";
799
800/*----- Other shared functions --------------------------------------------*/
801
802/* --- @keyreport@ --- *
803 *
804 * Arguments: @const char *file@ = filename containing the error
805 * @int line@ = line number in file
806 * @const char *err@ = error text message
807 * @void *p@ = unimportant pointer
808 *
809 * Returns: ---
810 *
811 * Use: Reports errors during the opening of a key file.
812 */
813
814static void keyreport(const char *file, int line, const char *err, void *p)
815{
816 moan("error in keyring `%s' at line `%s': %s", file, line, err);
817}
818
819/* --- @fhash@ --- *
820 *
821 * Arguments: @const gchash *c@ = pointer to hash class
822 * @const char *file@ = file to hash
e45700eb 823 * @void *b@ = pointer to output buffer
4bedc99b 824 *
825 * Returns: Zero if it worked, or nonzero for a system error.
826 *
827 * Use: Hashes a file.
828 */
829
e45700eb 830static int fhash(const gchash *c, const char *file, void *b)
4bedc99b 831{
832 FILE *fp = fopen(file, "rb");
833 ghash *h = c->init();
834 char buf[4096];
835 size_t sz;
836 int rc = 0;
837
838 if (!fp)
839 return (-1);
840 while ((sz = fread(buf, 1, sizeof(buf), fp)) > 0)
841 h->ops->hash(h, buf, sz);
842 if (ferror(fp))
843 rc = -1;
844 h->ops->done(h, b);
845 h->ops->destroy(h);
846 fclose(fp);
847 return (rc);
848}
849
850/* --- @fhex@ --- *
851 *
852 * Arguments: @FILE *fp@ = file to write on
853 * @const void *p@ = pointer to data to be written
854 * @size_t sz@ = size of the data to write
855 *
856 * Returns: ---
857 *
858 * Use: Emits a hex dump to a stream.
859 */
860
861static void fhex(FILE *fp, const void *p, size_t sz)
862{
863 const octet *q = p;
864 if (!sz)
865 return;
866 for (;;) {
867 fprintf(fp, "%02x", *q++);
868 sz--;
869 if (!sz)
870 break;
871/* putc(' ', fp); */
872 }
873}
874
875/*----- Signature generation ----------------------------------------------*/
876
877static int sign(int argc, char *argv[])
878{
16efd15b 879#define f_raw 1u
880#define f_bin 2u
881#define f_bogus 4u
4bedc99b 882
883 unsigned f = 0;
884 const char *kt = 0;
885 const char *ki = 0;
886 key_file kf;
887 key *k;
888 const sig *s = sigtab;
889 const gchash *gch = &rmd160;
890 ghash *h;
891 time_t exp = KEXP_EXPIRE;
892 unsigned verb = 0;
893 const char *ifile = 0;
894 const char *ofile = 0;
895 const char *c = 0;
896 FILE *ifp, *ofp;
897 dstr d = DSTR_INIT;
898 block b;
899 int e;
900
901 for (;;) {
902 static struct option opts[] = {
903 { "null", 0, 0, '0' },
904 { "binary", 0, 0, 'b' },
905 { "verbose", 0, 0, 'v' },
906 { "quiet", 0, 0, 'q' },
907 { "algorithm", OPTF_ARGREQ, 0, 'a' },
908 { "hash", OPTF_ARGREQ, 0, 'h' },
909 { "comment", OPTF_ARGREQ, 0, 'c' },
910 { "file", OPTF_ARGREQ, 0, 'f' },
911 { "output", OPTF_ARGREQ, 0, 'o' },
912 { "keytype", OPTF_ARGREQ, 0, 't' },
913 { "keyid", OPTF_ARGREQ, 0, 'i' },
914 { "key", OPTF_ARGREQ, 0, 'i' },
915 { "expire", OPTF_ARGREQ, 0, 'e' },
916 { 0, 0, 0, 0 }
917 };
918 int i = mdwopt(argc, argv, "+0vqb a:h:c: f:o: t:i:k:e:", opts, 0, 0, 0);
919 if (i < 0)
920 break;
921 switch (i) {
922 case '0':
923 f |= f_raw;
924 break;
925 case 'b':
926 f |= f_bin;
927 break;
928 case 'v':
929 verb++;
930 break;
931 case 'q':
932 if (verb > 0)
933 verb--;
934 break;
935 case 'a':
936 if ((s = getsig(optarg)) == 0) {
937 die(EXIT_FAILURE, "unknown or ambiguous signature algorithm `%s'",
938 optarg);
939 }
940 break;
941 case 'h':
942 if ((gch = gethash(optarg)) == 0) {
943 die(EXIT_FAILURE, "unknown or ambiguous hash function `%s'",
944 optarg);
945 }
946 break;
947 case 'c':
948 c = optarg;
949 break;
950 case 'f':
951 ifile = optarg;
952 break;
953 case 'o':
954 ofile = optarg;
955 break;
956 case 't':
957 kt = optarg;
958 break;
959 case 'i':
960 case 'k':
961 ki = optarg;
962 break;
963 case 'e':
964 if (strcmp(optarg, "forever") == 0)
965 exp = KEXP_FOREVER;
966 else if ((exp = get_date(optarg, 0)) == -1)
967 die(EXIT_FAILURE, "bad expiry time");
968 break;
969 default:
970 f |= f_bogus;
971 break;
972 }
973 }
974 if (optind != argc || (f & f_bogus))
975 die(EXIT_FAILURE, "Usage: sign [-options]");
976
977 /* --- Locate the signing key --- */
978
979 if (key_open(&kf, keyring, KOPEN_WRITE, keyreport, 0))
980 die(EXIT_FAILURE, "couldn't open keyring `%s'", keyring);
981 if (ki) {
982 if ((k = key_bytag(&kf, ki)) == 0)
983 die(EXIT_FAILURE, "couldn't find key `%s'", ki);
984 } else {
985 if (!kt)
986 kt = s->type;
987 if ((k = key_bytype(&kf, kt)) == 0)
988 die(EXIT_FAILURE, "no appropriate key of type `%s'", kt);
989 }
990 key_fulltag(k, &d);
991 if (exp == KEXP_FOREVER && k->exp != KEXP_FOREVER) {
992 die(EXIT_FAILURE, "key `%s' expires: can't create nonexpiring signature",
993 d.buf);
994 }
995
996 /* --- Open files --- */
997
998 if (!ifile)
999 ifp = stdin;
1000 else if ((ifp = fopen(ifile, (f & f_raw) ? "rb" : "r")) == 0) {
1001 die(EXIT_FAILURE, "couldn't open input file `%s': %s",
1002 ifile, strerror(errno));
1003 }
1004
1005 if (!ofile)
1006 ofp = stdout;
1007 else if ((ofp = fopen(ofile, (f & f_bin) ? "wb" : "w")) == 0) {
1008 die(EXIT_FAILURE, "couldn't open output file `%s': %s",
1009 ofile, strerror(errno));
1010 }
1011
bd5efd74 1012 h = gch->init();
1013
4bedc99b 1014 /* --- Emit the start of the output --- */
1015
1016 binit(&b); b.tag = T_IDENT;
1017 dstr_putf(&b.d, "%s, Catacomb version " VERSION, QUIS);
1018 bemit(&b, ofp, 0, f & f_bin);
1019
1020 breset(&b); b.tag = T_SIGALG; DPUTS(&b.d, s->name);
bd5efd74 1021 bemit(&b, ofp, h, f & f_bin);
4bedc99b 1022
1023 breset(&b); b.tag = T_HASHALG; DPUTS(&b.d, gch->name);
bd5efd74 1024 bemit(&b, ofp, h, f & f_bin);
4bedc99b 1025
1026 breset(&b); b.tag = T_KEYID; b.k = k->id;
bd5efd74 1027 bemit(&b, ofp, h, f & f_bin);
4bedc99b 1028
1029 /* --- Start hashing, and emit the datestamps and things --- */
1030
1031 {
1032 time_t now = time(0);
1033
4bedc99b 1034 breset(&b); b.tag = T_DATE; b.t = now; bemit(&b, ofp, h, f & f_bin);
1035 if (exp == KEXP_EXPIRE)
1036 exp = now + 86400 * 28;
1037 breset(&b); b.tag = T_EXPIRE; b.t = exp; bemit(&b, ofp, h, f & f_bin);
1038 if (c) {
1039 breset(&b); b.tag = T_COMMENT; DPUTS(&b.d, c);
1040 bemit(&b, ofp, h, f & f_bin);
1041 }
1042
1043 if (!(f & f_bin))
1044 putc('\n', ofp);
1045 }
1046
1047 /* --- Now hash the various files --- */
1048
1049 for (;;) {
1050
1051 /* --- Stop on an output error --- */
1052
1053 if (ferror(ofp)) {
1054 f |= f_bogus;
1055 break;
1056 }
1057
1058 /* --- Read the next filename to hash --- */
1059
1060 breset(&b);
1061 if (getstring(ifp, &b.d, f & f_raw))
1062 break;
1063 b.tag = T_FILE;
1064 DENSURE(&b.b, h->ops->c->hashsz);
1065 if (fhash(gch, b.d.buf, b.b.buf)) {
1066 moan("Error reading `%s': %s", b.d.buf, strerror(errno));
1067 f |= f_bogus;
1068 } else {
1069 b.b.len += h->ops->c->hashsz;
1070 if (verb) {
1071 fhex(stderr, b.b.buf, b.b.len);
1072 fprintf(stderr, " %s\n", b.d.buf);
1073 }
1074 bemit(&b, ofp, h, f & f_bin);
1075 }
1076 }
1077
1078 /* --- Create the signature --- */
1079
1080 if (!(f & f_bogus)) {
1081 breset(&b);
1082 b.tag = T_SIGNATURE;
1083 DENSURE(&b.d, h->ops->c->hashsz);
1084 h->ops->done(h, b.d.buf);
1085 if ((e = s->sign(k, b.d.buf, h->ops->c->hashsz, &b.b)) != 0) {
1086 moan("error creating signature: %s", key_strerror(e));
1087 f |= f_bogus;
1088 }
1089 if (!(f & f_bogus)) {
1090 bemit(&b, ofp, 0, f & f_bin);
1091 key_used(&kf, k, exp);
1092 }
1093 }
1094
1095 /* --- Tidy up at the end --- */
1096
1097 bdestroy(&b);
1098 if (ifile)
1099 fclose(ifp);
1100 if (ofile) {
1101 if (fclose(ofp))
1102 f |= f_bogus;
1103 } else {
1104 if (fflush(ofp))
1105 f |= f_bogus;
1106 }
1107 if ((e = key_close(&kf)) != 0) {
1108 switch (e) {
1109 case KWRITE_FAIL:
1110 die(EXIT_FAILURE, "couldn't write file `%s': %s",
1111 keyring, strerror(errno));
1112 case KWRITE_BROKEN:
1113 die(EXIT_FAILURE, "keyring file `%s' broken: %s (repair manually)",
1114 keyring, strerror(errno));
1115 }
1116 }
1117 if (f & f_bogus)
1118 die(EXIT_FAILURE, "error(s) occurred while creating signature");
1119 return (EXIT_SUCCESS);
16efd15b 1120
1121#undef f_raw
1122#undef f_bin
1123#undef f_bogus
4bedc99b 1124}
1125
1126/*----- Signature verification --------------------------------------------*/
1127
1128static int verify(int argc, char *argv[])
1129{
16efd15b 1130#define f_bogus 1u
1131#define f_bin 2u
1132#define f_ok 4u
4bedc99b 1133
1134 unsigned f = 0;
1135 unsigned verb = 1;
1136 key_file kf;
1137 key *k = 0;
1138 sig *s = sigtab;
1139 const gchash *gch = &rmd160;
1140 dstr d = DSTR_INIT;
e45700eb 1141 ghash *h = 0;
4bedc99b 1142 FILE *fp;
1143 block b;
1144 int e;
1145
1146 /* --- Parse the options --- */
1147
1148 for (;;) {
1149 static struct option opts[] = {
1150 { "verbose", 0, 0, 'v' },
1151 { "quiet", 0, 0, 'q' },
1152 { 0, 0, 0, 0 }
1153 };
1154 int i = mdwopt(argc, argv, "+vq", opts, 0, 0, 0);
1155 if (i < 0)
1156 break;
1157 switch (i) {
1158 case 'v':
1159 verb++;
1160 break;
1161 case 'q':
1162 if (verb)
1163 verb--;
1164 break;
1165 default:
1166 f |= f_bogus;
1167 break;
1168 }
1169 }
1170 argc -= optind;
1171 argv += optind;
1172 if ((f & f_bogus) || argc > 1)
1173 die(EXIT_FAILURE, "Usage: verify [-qv] [file]");
1174
1175 /* --- Open the key file, and start reading the input file --- */
1176
1177 if (key_open(&kf, keyring, KOPEN_READ, keyreport, 0))
1178 die(EXIT_FAILURE, "couldn't open keyring `%s'\n", keyring);
1179 if (argc < 1)
1180 fp = stdin;
1181 else {
1182 if ((fp = fopen(argv[0], "rb")) == 0) {
1183 die(EXIT_FAILURE, "couldn't open file `%s': %s\n",
1184 argv[0], strerror(errno));
1185 }
1186 if (getc(fp) == 0) {
1187 ungetc(0, fp);
1188 f |= f_bin;
1189 } else {
1190 fclose(fp);
1191 if ((fp = fopen(argv[0], "r")) == 0) {
1192 die(EXIT_FAILURE, "couldn't open file `%s': %s\n",
1193 argv[0], strerror(errno));
1194 }
1195 }
1196 }
1197
1198 /* --- Read the introductory matter --- */
1199
1200 binit(&b);
1201 for (;;) {
1202 breset(&b);
1203 e = bget(&b, fp, f & f_bin);
1204 if (e < 0)
1205 die(EXIT_FAILURE, "error reading packet: %s\n", errtab[-e]);
1206 if (e >= T_BEGIN)
1207 break;
1208 switch (e) {
1209 case T_IDENT:
1210 if (verb > 2)
1211 printf("INFO ident: `%s'\n", b.d.buf);
1212 break;
1213 case T_SIGALG:
1214 if ((s = getsig(b.d.buf)) == 0) {
1215 if (verb)
1216 printf("FAIL unknown signature algorithm `%s'\n", b.d.buf);
1217 exit(EXIT_FAILURE);
1218 }
1219 if (verb > 2)
1220 printf("INFO signature algorithm: %s\n", s->name);
1221 break;
1222 case T_HASHALG:
1223 if ((gch = gethash(b.d.buf)) == 0) {
1224 if (verb)
1225 printf("FAIL unknown hash function `%s'\n", b.d.buf);
1226 exit(EXIT_FAILURE);
1227 }
1228 if (verb > 2)
1229 printf("INFO hash function algorithm: %s\n", gch->name);
1230 break;
1231 case T_KEYID:
1232 if ((k = key_byid(&kf, b.k)) == 0) {
1233 if (verb)
1234 printf("FAIL key %08lx not found\n", (unsigned long)b.k);
1235 exit(EXIT_FAILURE);
1236 }
1237 if (verb > 2) {
1238 DRESET(&b.d);
1239 key_fulltag(k, &b.d);
1240 printf("INFO key: %s\n", b.d.buf);
1241 }
1242 break;
1243 default:
1244 die(EXIT_FAILURE, "(internal) unknown packet type\n");
1245 break;
1246 }
1247 }
1248
1249 /* --- Initialize the hash function and start reading hashed packets --- */
1250
1251 h = gch->init();
bd5efd74 1252
4bedc99b 1253 if (!k) {
1254 if (verb)
1255 puts("FAIL no keyid packet found");
1256 exit(EXIT_FAILURE);
1257 }
bd5efd74 1258
1259 {
1260 block bb;
1261 binit(&bb);
1262 breset(&bb); bb.tag = T_SIGALG; DPUTS(&bb.d, s->name);
1263 bemit(&bb, 0, h, 0);
1264 breset(&bb); bb.tag = T_HASHALG; DPUTS(&bb.d, gch->name);
1265 bemit(&bb, 0, h, 0);
1266 breset(&bb); bb.tag = T_KEYID; bb.k = k->id;
1267 bemit(&bb, 0, h, 0);
1268 bdestroy(&bb);
1269 }
1270
4bedc99b 1271 for (;;) {
1272 switch (e) {
1273 case T_COMMENT:
1274 if (verb > 1)
1275 printf("INFO comment: `%s'\n", b.d.buf);
1276 bemit(&b, 0, h, 0);
1277 break;
1278 case T_DATE:
1279 if (verb > 2) {
1280 DRESET(&b.d);
1281 timestring(b.t, &b.d);
1282 printf("INFO date: %s\n", b.d.buf);
1283 }
1284 bemit(&b, 0, h, 0);
1285 break;
1286 case T_EXPIRE: {
1287 time_t now = time(0);
1288 if (b.t < now) {
1289 if (verb > 1)
1290 puts("BAD signature has expired");
1291 f |= f_bogus;
1292 }
1293 if (verb > 2) {
1294 DRESET(&b.d);
1295 timestring(b.t, &b.d);
1296 printf("INFO expires: %s\n", b.d.buf);
1297 }
1298 bemit(&b, 0, h, 0);
1299 } break;
1300 case T_FILE:
1301 DRESET(&d);
1302 DENSURE(&d, gch->hashsz);
1303 if (fhash(gch, b.d.buf, d.buf)) {
1304 if (verb > 1) {
1305 printf("BAD error reading file `%s': %s\n",
1306 b.d.buf, strerror(errno));
1307 }
1308 f |= f_bogus;
1309 } else if (b.b.len != gch->hashsz ||
1310 memcmp(d.buf, b.b.buf, b.b.len) != 0) {
1311 if (verb > 1)
1312 printf("BAD file `%s' has incorrect hash\n", b.d.buf);
1313 f |= f_bogus;
1314 } else if (verb > 3) {
1315 fputs("INFO hash: ", stdout);
1316 fhex(stdout, b.b.buf, b.b.len);
1317 printf(" %s\n", b.d.buf);
1318 }
1319 bemit(&b, 0, h, 0);
1320 break;
1321 case T_SIGNATURE:
1322 DRESET(&b.d);
1323 DENSURE(&b.d, h->ops->c->hashsz);
1324 b.d.len += h->ops->c->hashsz;
1325 h->ops->done(h, b.d.buf);
1326 e = s->verify(k, b.d.buf, b.d.len, b.b.buf, b.b.len);
1327 if (e != 1) {
1328 if (verb > 1) {
1329 if (e < 0) {
1330 printf("BAD error unpacking key: %s\n", key_strerror(e));
1331 } else
1332 puts("BAD bad signature");
1333 }
1334 f |= f_bogus;
1335 } else if (verb > 2)
1336 puts("INFO good signature");
1337 goto done;
1338 default:
1339 if (verb)
1340 printf("FAIL invalid packet type %i\n", e);
1341 exit(EXIT_FAILURE);
1342 break;
1343 }
1344 breset(&b);
1345 e = bget(&b, fp, f & f_bin);
1346 if (e < 0) {
1347 if (verb)
1348 printf("FAIL error reading packet: %s\n", errtab[-e]);
1349 exit(EXIT_FAILURE);
1350 }
1351 }
1352done:
1353 bdestroy(&b);
1354 dstr_destroy(&d);
1355 key_close(&kf);
1356 if (fp != stdin)
1357 fclose(fp);
1358 if (verb) {
1359 if (f & f_bogus)
1360 puts("FAIL signature invalid");
1361 else
1362 puts("OK signature verified");
1363 }
1364 return (f & f_bogus ? EXIT_FAILURE : EXIT_SUCCESS);
16efd15b 1365
1366#undef f_bogus
1367#undef f_bin
1368#undef f_ok
4bedc99b 1369}
1370
1371/*----- Main code ---------------------------------------------------------*/
1372
1373typedef struct cmd {
1374 const char *name;
1375 int (*func)(int /*argc*/, char */*argv*/[]);
bd5efd74 1376 const char *usage;
4bedc99b 1377 const char *help;
1378} cmd;
1379
1380static cmd cmdtab[] = {
1381/* { "manifest", manifest, */
1382/* "manifest [-0] [-o output]" }, */
1383 { "sign", sign,
1384 "sign [-options]\n\
bd5efd74 1385 [-0bqv] [-a alg] [-h hash] [-t keytype] [-i keyid]\n\
1386 [-e expire] [-f file] [-o output]", "\
1387Options:\n\
1388\n\
1389-0, --null Read null-terminated filenames from stdin.\n\
1390-b, --binary Produce a binary output file.\n\
1391-q, --quiet Produce fewer messages while working.\n\
1392-v, --verbose Produce more messages while working.\n\
1393-a, --algorithm=SIGALG Use the SIGALG signature algorithm.\n\
1394-h, --hash=HASHASL Use the HASHALG message digest algorithm.\n\
1395-c, --comment=COMMENT Include COMMENT in the output file.\n\
1396-f, --file=FILE Read filenames to hash from FILE.\n\
1397-o, --output=FILE Write the signed result to FILE.\n\
1398-t, --keytype=TYPE Use a key with type TYPE to do the signing.\n\
1399-i, --keyid=ID Use the key with the given ID to do the signing.\n\
1400-e, --expire=TIME The signature should expire after TIME.\n\
1401" },
4bedc99b 1402 { "verify", verify,
bd5efd74 1403 "verify [-qv] [file]", "\
1404Options:\n\
1405\n\
1406-q, --quiet Produce fewer messages while working.\n\
1407-v, --verbose Produce more messages while working.\n\
1408" },
4bedc99b 1409 { 0, 0, 0 }
1410};
1411
bd5efd74 1412/* --- @findcmd@ --- *
1413 *
1414 * Arguments: @const char *name@ = a command name
1415 *
1416 * Returns: Pointer to the command structure.
1417 *
1418 * Use: Looks up a command by name. If the command isn't found, an
1419 * error is reported and the program is terminated.
1420 */
1421
1422static cmd *findcmd(const char *name)
1423{
1424 cmd *c, *chosen = 0;
1425 size_t sz = strlen(name);
1426
1427 for (c = cmdtab; c->name; c++) {
1428 if (strncmp(name, c->name, sz) == 0) {
1429 if (c->name[sz] == 0) {
1430 chosen = c;
1431 break;
1432 } else if (chosen)
1433 die(EXIT_FAILURE, "ambiguous command name `%s'", name);
1434 else
1435 chosen = c;
1436 }
1437 }
1438 if (!chosen)
1439 die(EXIT_FAILURE, "unknown command name `%s'", name);
1440 return (chosen);
1441}
1442
4bedc99b 1443static void version(FILE *fp)
1444{
1445 pquis(fp, "$, Catacomb version " VERSION "\n");
1446}
1447
1448static void usage(FILE *fp)
1449{
1450 pquis(fp, "Usage: $ [-k keyring] command [args]\n");
1451}
1452
bd5efd74 1453static void help(FILE *fp, char **argv)
4bedc99b 1454{
1455 cmd *c;
bd5efd74 1456
1457 if (*argv) {
1458 c = findcmd(*argv);
1459 fprintf(fp, "Usage: %s [-k keyring] %s\n", QUIS, c->usage);
1460 if (c->help) {
1461 fputc('\n', fp);
1462 fputs(c->help, fp);
1463 }
1464 } else {
1465 version(fp);
1466 fputc('\n', fp);
1467 usage(fp);
1468 fputs("\n\
4bedc99b 1469Create and verify signatures on lists of files.\n\
1470\n", fp);
bd5efd74 1471 for (c = cmdtab; c->name; c++)
1472 fprintf(fp, "%s\n", c->usage);
1473 }
4bedc99b 1474}
1475
1476/* --- @main@ --- *
1477 *
1478 * Arguments: @int argc@ = number of command line arguments
1479 * @char *argv[]@ = vector of command line arguments
1480 *
1481 * Returns: Zero if successful, nonzero otherwise.
1482 *
1483 * Use: Signs or verifies signatures on lists of files. Useful for
1484 * ensuring that a distribution is unmolested.
1485 */
1486
1487int main(int argc, char *argv[])
1488{
1489 unsigned f = 0;
4bedc99b 1490
16efd15b 1491#define f_bogus 1u
4bedc99b 1492
1493 /* --- Initialize the library --- */
1494
1495 ego(argv[0]);
1496 sub_init();
1497 rand_noisesrc(RAND_GLOBAL, &noise_source);
1498 rand_seed(RAND_GLOBAL, 160);
1499
1500 /* --- Parse options --- */
1501
1502 for (;;) {
1503 static struct option opts[] = {
1504 { "help", 0, 0, 'h' },
1505 { "version", 0, 0, 'v' },
1506 { "usage", 0, 0, 'u' },
1507 { "keyring", OPTF_ARGREQ, 0, 'k' },
1508 { 0, 0, 0, 0 }
1509 };
1510 int i = mdwopt(argc, argv, "+hvu k:", opts, 0, 0, 0);
1511 if (i < 0)
1512 break;
1513 switch (i) {
1514 case 'h':
bd5efd74 1515 help(stdout, argv + optind);
4bedc99b 1516 exit(0);
1517 break;
1518 case 'v':
1519 version(stdout);
1520 exit(0);
1521 break;
1522 case 'u':
1523 usage(stdout);
1524 exit(0);
1525 case 'k':
1526 keyring = optarg;
1527 break;
1528 default:
1529 f |= f_bogus;
1530 break;
1531 }
1532 }
1533
1534 argc -= optind;
1535 argv += optind;
1536 optind = 0;
1537 if (f & f_bogus || argc < 1) {
1538 usage(stderr);
1539 exit(EXIT_FAILURE);
1540 }
1541
1542 /* --- Dispatch to the correct subcommand handler --- */
1543
bd5efd74 1544 return (findcmd(argv[0])->func(argc, argv));
16efd15b 1545
1546#undef f_bogus
4bedc99b 1547}
1548
1549/*----- That's all, folks -------------------------------------------------*/