3 * $Id: dsig.c,v 1.3 2000/07/15 20:53:23 mdw Exp $
5 * Verify signatures on distribuitions of files
7 * (c) 2000 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.3 2000/07/15 20:53:23 mdw
34 * More hash functions. Bug fix in getstring.
36 * Revision 1.2 2000/07/01 11:27:22 mdw
37 * Use new PKCS#1 padding functions rather than rolling by hand.
39 * Revision 1.1 2000/06/17 10:54:29 mdw
40 * Program to generate and verify signatures on multiple files.
44 /*----- Header files ------------------------------------------------------*/
54 #include <mLib/alloc.h>
55 #include <mLib/base64.h>
56 #include <mLib/mdwopt.h>
57 #include <mLib/quis.h>
58 #include <mLib/report.h>
81 /*----- Digital signature algorithm ---------------------------------------*/
83 static int dsasign(key *k, const void *m, size_t msz, dstr *d)
86 key_packstruct ks[DSA_PRIVFETCHSZ];
92 kp = key_fetchinit(dsa_privfetch, ks, &dp);
93 if ((e = key_fetch(kp, k)) != 0) {
97 sz = mp_octets(dp.dp.q);
99 die(EXIT_FAILURE, "hash function too wide for this signing key");
102 rand_get(RAND_GLOBAL, p, sz);
103 dsa_sign(&dp.dp, dp.x, m, msz, p, sz, p, sz, p + sz, sz);
109 static int dsaverify(key *k, const void *m, size_t msz,
110 const void *s, size_t ssz)
113 key_packstruct ks[DSA_PUBFETCHSZ];
118 kp = key_fetchinit(dsa_pubfetch, ks, &dp);
119 if ((e = key_fetch(kp, k)) != 0) {
124 e = dsa_verify(&dp.dp, dp.y, m, msz, s, sz, s + sz, sz);
129 /*----- RSA signing -------------------------------------------------------*/
131 static int rsasign(key *k, const void *m, size_t msz, dstr *d)
135 pkcs1 pk = { 0, 0, 0 };
136 key_packstruct ks[RSA_PRIVFETCHSZ];
140 kp = key_fetchinit(rsa_privfetch, ks, &rp);
141 if ((e = key_fetch(kp, k)) != 0) {
145 rsa_privcreate(&rpc, &rp, &rand_global);
146 if (rsa_sign(&rpc, m, msz, d, pkcs1_sigencode, &pk) < 0)
147 die(EXIT_FAILURE, "internal error in rsasign (key too small?)");
148 rsa_privdestroy(&rpc);
153 static int rsaverify(key *k, const void *m, size_t msz,
154 const void *s, size_t ssz)
158 pkcs1 pk = { 0, 0, 0 };
159 key_packstruct ks[RSA_PUBFETCHSZ];
165 kp = key_fetchinit(rsa_pubfetch, ks, &rp);
166 if ((e = key_fetch(kp, k)) != 0) {
170 rsa_pubcreate(&rpc, &rp);
171 if (rsa_verify(&rpc, s, ssz, &d, pkcs1_sigdecode, &pk) > 0 &&
172 msz == d.len && memcmp(d.buf, m, msz) == 0)
175 rsa_pubdestroy(&rpc);
180 /*----- Algorithm choice --------------------------------------------------*/
185 int (*sign)(key */*k*/, const void */*m*/, size_t /*msz*/, dstr */*d*/);
186 int (*verify)(key */*k*/, const void */*m*/, size_t /*msz*/,
187 const void */*s*/, size_t /*ssz*/);
190 static const gchash *hashtab[] = {
191 &rmd160, &tiger, &sha, &rmd128, &rmd256, &rmd320, &md5, &md4, 0 };
192 static sig sigtab[] = {
193 { "dsa", "dsig-dsa", dsasign, dsaverify },
194 { "rsa", "dsig-rsa", rsasign, rsaverify },
198 /* --- @gethash@ --- *
200 * Arguments: @const char *name@ = pointer to name string
202 * Returns: Pointer to appropriate hash class.
204 * Use: Chooses a hash function by name.
207 static const gchash *gethash(const char *name)
209 const gchash **g, *gg = 0;
210 size_t sz = strlen(name);
211 for (g = hashtab; *g; g++) {
212 if (strncmp(name, (*g)->name, sz) == 0) {
213 if ((*g)->name[sz] == 0) {
225 /* --- @getsig@ --- *
227 * Arguments: @const char *name@ = pointer to name string
229 * Returns: Pointer to appropriate signature type.
231 * Use: Chooses a signature algorithm by name.
234 static sig *getsig(const char *name)
237 size_t sz = strlen(name);
238 for (s = sigtab; s->name; s++) {
239 if (strncmp(name, s->name, sz) == 0) {
240 if (s->name[sz] == 0) {
252 /*----- Data formatting ---------------------------------------------------*/
254 /* --- Binary data structure --- *
256 * The binary format, which is used for hashing and for the optional binary
257 * output, consists of a sequence of tagged blocks. The tag describes the
258 * format and meaining of the following data.
262 /* --- Block tags --- */
264 T_IDENT = 0, /* An identifying marker */
265 T_SIGALG, /* Signature algorithm used */
266 T_HASHALG, /* Hash algorithm used */
267 T_KEYID, /* Key identifier */
268 T_BEGIN, /* Begin hashing here */
269 T_COMMENT = T_BEGIN, /* A textual comment */
270 T_DATE, /* Creation date of signature */
271 T_EXPIRE, /* Expiry date of signature */
272 T_FILE, /* File and corresponding hash */
273 T_SIGNATURE, /* Final signature block */
275 /* --- Error messages --- */
283 /* --- Name translation table --- */
285 static const char *tagtab[] = {
286 "ident:", "sigalg:", "hashalg:", "keyid:",
287 "comment:", "date:", "expires:", "file:",
292 static const char *errtab[] = {
294 "Unexpected end-of-file",
295 "Binary object too large",
300 /* --- Memory representation of block types --- */
302 typedef struct block {
303 int tag; /* Type tag */
304 dstr d; /* String data */
305 dstr b; /* Binary data */
306 time_t t; /* Timestamp */
307 uint32 k; /* Keyid */
310 /* --- @getstring@ --- *
312 * Arguments: @FILE *fp@ = stream from which to read
313 * @dstr *d@ = destination string
314 * @unsigned raw@ = raw or cooked read
316 * Returns: Zero if OK, nonzero on end-of-file.
318 * Use: Reads a filename (or something similar) from a stream.
321 static int getstring(FILE *fp, dstr *d, unsigned raw)
326 /* --- Raw: just read exactly what's written up to a null byte --- */
329 if ((ch = getc(fp)) == EOF)
335 if ((ch = getc(fp)) == EOF)
342 /* --- Skip as far as whitespace --- *
344 * Also skip past comments.
349 while (isspace((unsigned char)ch))
352 do ch = getc(fp); while (ch != '\n' && ch != EOF);
358 /* --- If the character is a quote then read a quoted string --- */
370 /* --- Now read all sorts of interesting things --- */
374 /* --- Handle an escaped thing --- */
381 case 'a': ch = '\a'; break;
382 case 'b': ch = '\b'; break;
383 case 'f': ch = '\f'; break;
384 case 'n': ch = '\n'; break;
385 case 'r': ch = '\r'; break;
386 case 't': ch = '\t'; break;
387 case 'v': ch = '\v'; break;
394 /* --- If it's a quote or some other end marker then stop --- */
396 if (ch == q || (!q && isspace((unsigned char)ch)))
399 /* --- Otherwise contribute and continue --- */
402 if ((ch = getc(fp)) == EOF)
412 /* --- @putstring@ --- *
414 * Arguments: @FILE *fp@ = stream to write on
415 * @const char *p@ = pointer to text
416 * @unsigned raw@ = whether the string is to be written raw
420 * Use: Emits a string to a stream.
423 static void putstring(FILE *fp, const char *p, unsigned raw)
425 size_t sz = strlen(p);
429 /* --- Just write the string null terminated if raw --- */
432 fwrite(p, 1, sz + 1, fp);
436 /* --- Check for any dodgy characters --- */
439 for (q = p; *q; q++) {
440 if (isspace((unsigned char)*q)) {
449 /* --- Emit the string --- */
451 for (q = p; *q; q++) {
453 case '\a': fputc('\\', fp); fputc('a', fp); break;
454 case '\b': fputc('\\', fp); fputc('b', fp); break;
455 case '\f': fputc('\\', fp); fputc('f', fp); break;
456 case '\n': fputc('\\', fp); fputc('n', fp); break;
457 case '\r': fputc('\\', fp); fputc('r', fp); break;
458 case '\t': fputc('\\', fp); fputc('t', fp); break;
459 case '\v': fputc('\\', fp); fputc('v', fp); break;
460 case '`': fputc('\\', fp); fputc('`', fp); break;
461 case '\'': fputc('\\', fp); fputc('\'', fp); break;
462 case '\"': fputc('\\', fp); fputc('\"', fp); break;
475 /* --- @timestring@ --- *
477 * Arguments: @time_t t@ = a timestamp
478 * @dstr *d@ = a string to write on
482 * Use: Writes a textual representation of the timestamp to the
486 static void timestring(time_t t, dstr *d)
488 if (t == KEXP_FOREVER)
491 struct tm *tm = localtime(&t);
493 d->len += strftime(d->buf + d->len, 32, "%Y-%m-%d %H:%M:%S %Z", tm);
498 /* --- @breset@ --- *
500 * Arguments: @block *b@ = block to reset
504 * Use: Resets a block so that more stuff can be put in it.
507 static void breset(block *b)
518 * Arguments: @block *b@ = block to initialize
522 * Use: Initializes a block as something to read into.
525 static void binit(block *b)
532 /* --- @bdestroy@ --- *
534 * Arguments: @block *b@ = block to destroy
538 * Use: Destroys a block's contents.
541 static void bdestroy(block *b)
549 * Arguments: @block *b@ = pointer to block
550 * @FILE *fp@ = stream to read from
551 * @unsigned bin@ = binary switch
553 * Returns: Tag of block, or an error tag.
555 * Use: Reads a block from a stream.
558 static int bget(block *b, FILE *fp, unsigned bin)
562 /* --- Read the tag --- */
568 if (getstring(fp, &d, 0))
570 for (tag = 0; tagtab[tag]; tag++) {
571 if (strcmp(tagtab[tag], d.buf) == 0)
578 /* --- Decide what to do next --- */
584 /* --- Reading of strings --- */
590 if (getstring(fp, &b->d, bin))
594 /* --- Timestamps --- */
600 if (fread(buf, sizeof(buf), 1, fp) < 1)
602 b->t = ((time_t)(((LOAD32(buf + 0) << 16) << 16) & ~MASK32) |
603 (time_t)LOAD32(buf + 4));
605 if (getstring(fp, &b->d, 0))
607 if (strcmp(b->d.buf, "forever") == 0)
609 else if ((b->t = get_date(b->d.buf, 0)) == -1)
614 /* --- Key ids --- */
619 if (fread(buf, sizeof(buf), 1, fp) < 1)
623 if (getstring(fp, &b->d, 0))
625 b->k = strtoul(b->d.buf, 0, 16);
629 /* --- Reading of binary data --- */
636 if (fread(buf, sizeof(buf), 1, fp) < 1)
642 if (fread(b->b.buf + b->b.len, 1, sz, fp) < sz)
647 if (getstring(fp, &b->d, 0))
650 base64_decode(&b64, b->d.buf, b->d.len, &b->b);
651 base64_decode(&b64, 0, 0, &b->b);
654 if (tag == T_FILE && getstring(fp, &b->d, bin))
658 /* --- Anything else --- */
669 * Arguments: @block *b@ = pointer to block to emit
670 * @dstr *d@ = output buffer
674 * Use: Encodes a block in a binary format.
677 static void blob(block *b, dstr *d)
691 STORE32(d->buf + d->len, ((b->t & ~MASK32) >> 16) >> 16);
692 STORE32(d->buf + d->len + 4, b->t);
697 STORE32(d->buf + d->len, b->k);
703 STORE16(d->buf + d->len, b->b.len);
706 if (b->tag == T_FILE) {
714 /* --- @bwrite@ --- *
716 * Arguments: @block *b@ = pointer to block to write
717 * @FILE *fp@ = stream to write on
721 * Use: Writes a block on a stream in a textual format.
724 static void bwrite(block *b, FILE *fp)
726 fputs(tagtab[b->tag], fp);
733 putstring(fp, b->d.buf, 0);
738 timestring(b->t, &d);
739 putstring(fp, d.buf, 0);
743 fprintf(fp, "%08lx", (unsigned long)b->k);
751 base64_encode(&b64, b->b.buf, b->b.len, &d);
752 base64_encode(&b64, 0, 0, &d);
754 if (b->tag == T_FILE) {
756 putstring(fp, b->d.buf, 0);
765 * Arguments: @block *b@ = pointer to block to write
766 * @FILE *fp@ = file to write on
767 * @ghash *h@ = pointer to hash function
768 * @unsigned bin@ = binary/text flag
772 * Use: Spits out a block properly.
775 static void bemit(block *b, FILE *fp, ghash *h, unsigned bin)
777 if (h || (fp && bin)) {
781 h->ops->hash(h, d.buf, d.len);
783 fwrite(d.buf, d.len, 1, fp);
789 /*----- Static variables --------------------------------------------------*/
791 static const char *keyring = "keyring";
793 /*----- Other shared functions --------------------------------------------*/
795 /* --- @keyreport@ --- *
797 * Arguments: @const char *file@ = filename containing the error
798 * @int line@ = line number in file
799 * @const char *err@ = error text message
800 * @void *p@ = unimportant pointer
804 * Use: Reports errors during the opening of a key file.
807 static void keyreport(const char *file, int line, const char *err, void *p)
809 moan("error in keyring `%s' at line `%s': %s", file, line, err);
814 * Arguments: @const gchash *c@ = pointer to hash class
815 * @const char *file@ = file to hash
816 * @octet *b@ = pointer to output buffer
818 * Returns: Zero if it worked, or nonzero for a system error.
820 * Use: Hashes a file.
823 static int fhash(const gchash *c, const char *file, octet *b)
825 FILE *fp = fopen(file, "rb");
826 ghash *h = c->init();
833 while ((sz = fread(buf, 1, sizeof(buf), fp)) > 0)
834 h->ops->hash(h, buf, sz);
845 * Arguments: @FILE *fp@ = file to write on
846 * @const void *p@ = pointer to data to be written
847 * @size_t sz@ = size of the data to write
851 * Use: Emits a hex dump to a stream.
854 static void fhex(FILE *fp, const void *p, size_t sz)
860 fprintf(fp, "%02x", *q++);
868 /*----- Signature generation ----------------------------------------------*/
870 static int sign(int argc, char *argv[])
883 const sig *s = sigtab;
884 const gchash *gch = &rmd160;
886 time_t exp = KEXP_EXPIRE;
888 const char *ifile = 0;
889 const char *ofile = 0;
897 static struct option opts[] = {
898 { "null", 0, 0, '0' },
899 { "binary", 0, 0, 'b' },
900 { "verbose", 0, 0, 'v' },
901 { "quiet", 0, 0, 'q' },
902 { "algorithm", OPTF_ARGREQ, 0, 'a' },
903 { "hash", OPTF_ARGREQ, 0, 'h' },
904 { "comment", OPTF_ARGREQ, 0, 'c' },
905 { "file", OPTF_ARGREQ, 0, 'f' },
906 { "output", OPTF_ARGREQ, 0, 'o' },
907 { "keytype", OPTF_ARGREQ, 0, 't' },
908 { "keyid", OPTF_ARGREQ, 0, 'i' },
909 { "key", OPTF_ARGREQ, 0, 'i' },
910 { "expire", OPTF_ARGREQ, 0, 'e' },
913 int i = mdwopt(argc, argv, "+0vqb a:h:c: f:o: t:i:k:e:", opts, 0, 0, 0);
931 if ((s = getsig(optarg)) == 0) {
932 die(EXIT_FAILURE, "unknown or ambiguous signature algorithm `%s'",
937 if ((gch = gethash(optarg)) == 0) {
938 die(EXIT_FAILURE, "unknown or ambiguous hash function `%s'",
959 if (strcmp(optarg, "forever") == 0)
961 else if ((exp = get_date(optarg, 0)) == -1)
962 die(EXIT_FAILURE, "bad expiry time");
969 if (optind != argc || (f & f_bogus))
970 die(EXIT_FAILURE, "Usage: sign [-options]");
972 /* --- Locate the signing key --- */
974 if (key_open(&kf, keyring, KOPEN_WRITE, keyreport, 0))
975 die(EXIT_FAILURE, "couldn't open keyring `%s'", keyring);
977 if ((k = key_bytag(&kf, ki)) == 0)
978 die(EXIT_FAILURE, "couldn't find key `%s'", ki);
982 if ((k = key_bytype(&kf, kt)) == 0)
983 die(EXIT_FAILURE, "no appropriate key of type `%s'", kt);
986 if (exp == KEXP_FOREVER && k->exp != KEXP_FOREVER) {
987 die(EXIT_FAILURE, "key `%s' expires: can't create nonexpiring signature",
991 /* --- Open files --- */
995 else if ((ifp = fopen(ifile, (f & f_raw) ? "rb" : "r")) == 0) {
996 die(EXIT_FAILURE, "couldn't open input file `%s': %s",
997 ifile, strerror(errno));
1002 else if ((ofp = fopen(ofile, (f & f_bin) ? "wb" : "w")) == 0) {
1003 die(EXIT_FAILURE, "couldn't open output file `%s': %s",
1004 ofile, strerror(errno));
1007 /* --- Emit the start of the output --- */
1009 binit(&b); b.tag = T_IDENT;
1010 dstr_putf(&b.d, "%s, Catacomb version " VERSION, QUIS);
1011 bemit(&b, ofp, 0, f & f_bin);
1013 breset(&b); b.tag = T_SIGALG; DPUTS(&b.d, s->name);
1014 bemit(&b, ofp, 0, f & f_bin);
1016 breset(&b); b.tag = T_HASHALG; DPUTS(&b.d, gch->name);
1017 bemit(&b, ofp, 0, f & f_bin);
1019 breset(&b); b.tag = T_KEYID; b.k = k->id;
1020 bemit(&b, ofp, 0, f & f_bin);
1022 /* --- Start hashing, and emit the datestamps and things --- */
1025 time_t now = time(0);
1028 breset(&b); b.tag = T_DATE; b.t = now; bemit(&b, ofp, h, f & f_bin);
1029 if (exp == KEXP_EXPIRE)
1030 exp = now + 86400 * 28;
1031 breset(&b); b.tag = T_EXPIRE; b.t = exp; bemit(&b, ofp, h, f & f_bin);
1033 breset(&b); b.tag = T_COMMENT; DPUTS(&b.d, c);
1034 bemit(&b, ofp, h, f & f_bin);
1041 /* --- Now hash the various files --- */
1045 /* --- Stop on an output error --- */
1052 /* --- Read the next filename to hash --- */
1055 if (getstring(ifp, &b.d, f & f_raw))
1058 DENSURE(&b.b, h->ops->c->hashsz);
1059 if (fhash(gch, b.d.buf, b.b.buf)) {
1060 moan("Error reading `%s': %s", b.d.buf, strerror(errno));
1063 b.b.len += h->ops->c->hashsz;
1065 fhex(stderr, b.b.buf, b.b.len);
1066 fprintf(stderr, " %s\n", b.d.buf);
1068 bemit(&b, ofp, h, f & f_bin);
1072 /* --- Create the signature --- */
1074 if (!(f & f_bogus)) {
1076 b.tag = T_SIGNATURE;
1077 DENSURE(&b.d, h->ops->c->hashsz);
1078 h->ops->done(h, b.d.buf);
1079 if ((e = s->sign(k, b.d.buf, h->ops->c->hashsz, &b.b)) != 0) {
1080 moan("error creating signature: %s", key_strerror(e));
1083 if (!(f & f_bogus)) {
1084 bemit(&b, ofp, 0, f & f_bin);
1085 key_used(&kf, k, exp);
1089 /* --- Tidy up at the end --- */
1101 if ((e = key_close(&kf)) != 0) {
1104 die(EXIT_FAILURE, "couldn't write file `%s': %s",
1105 keyring, strerror(errno));
1107 die(EXIT_FAILURE, "keyring file `%s' broken: %s (repair manually)",
1108 keyring, strerror(errno));
1112 die(EXIT_FAILURE, "error(s) occurred while creating signature");
1113 return (EXIT_SUCCESS);
1116 /*----- Signature verification --------------------------------------------*/
1118 static int verify(int argc, char *argv[])
1131 const gchash *gch = &rmd160;
1138 /* --- Parse the options --- */
1141 static struct option opts[] = {
1142 { "verbose", 0, 0, 'v' },
1143 { "quiet", 0, 0, 'q' },
1146 int i = mdwopt(argc, argv, "+vq", opts, 0, 0, 0);
1164 if ((f & f_bogus) || argc > 1)
1165 die(EXIT_FAILURE, "Usage: verify [-qv] [file]");
1167 /* --- Open the key file, and start reading the input file --- */
1169 if (key_open(&kf, keyring, KOPEN_READ, keyreport, 0))
1170 die(EXIT_FAILURE, "couldn't open keyring `%s'\n", keyring);
1174 if ((fp = fopen(argv[0], "rb")) == 0) {
1175 die(EXIT_FAILURE, "couldn't open file `%s': %s\n",
1176 argv[0], strerror(errno));
1178 if (getc(fp) == 0) {
1183 if ((fp = fopen(argv[0], "r")) == 0) {
1184 die(EXIT_FAILURE, "couldn't open file `%s': %s\n",
1185 argv[0], strerror(errno));
1190 /* --- Read the introductory matter --- */
1195 e = bget(&b, fp, f & f_bin);
1197 die(EXIT_FAILURE, "error reading packet: %s\n", errtab[-e]);
1203 printf("INFO ident: `%s'\n", b.d.buf);
1206 if ((s = getsig(b.d.buf)) == 0) {
1208 printf("FAIL unknown signature algorithm `%s'\n", b.d.buf);
1212 printf("INFO signature algorithm: %s\n", s->name);
1215 if ((gch = gethash(b.d.buf)) == 0) {
1217 printf("FAIL unknown hash function `%s'\n", b.d.buf);
1221 printf("INFO hash function algorithm: %s\n", gch->name);
1224 if ((k = key_byid(&kf, b.k)) == 0) {
1226 printf("FAIL key %08lx not found\n", (unsigned long)b.k);
1231 key_fulltag(k, &b.d);
1232 printf("INFO key: %s\n", b.d.buf);
1236 die(EXIT_FAILURE, "(internal) unknown packet type\n");
1241 /* --- Initialize the hash function and start reading hashed packets --- */
1246 puts("FAIL no keyid packet found");
1253 printf("INFO comment: `%s'\n", b.d.buf);
1259 timestring(b.t, &b.d);
1260 printf("INFO date: %s\n", b.d.buf);
1265 time_t now = time(0);
1268 puts("BAD signature has expired");
1273 timestring(b.t, &b.d);
1274 printf("INFO expires: %s\n", b.d.buf);
1280 DENSURE(&d, gch->hashsz);
1281 if (fhash(gch, b.d.buf, d.buf)) {
1283 printf("BAD error reading file `%s': %s\n",
1284 b.d.buf, strerror(errno));
1287 } else if (b.b.len != gch->hashsz ||
1288 memcmp(d.buf, b.b.buf, b.b.len) != 0) {
1290 printf("BAD file `%s' has incorrect hash\n", b.d.buf);
1292 } else if (verb > 3) {
1293 fputs("INFO hash: ", stdout);
1294 fhex(stdout, b.b.buf, b.b.len);
1295 printf(" %s\n", b.d.buf);
1301 DENSURE(&b.d, h->ops->c->hashsz);
1302 b.d.len += h->ops->c->hashsz;
1303 h->ops->done(h, b.d.buf);
1304 e = s->verify(k, b.d.buf, b.d.len, b.b.buf, b.b.len);
1308 printf("BAD error unpacking key: %s\n", key_strerror(e));
1310 puts("BAD bad signature");
1313 } else if (verb > 2)
1314 puts("INFO good signature");
1318 printf("FAIL invalid packet type %i\n", e);
1323 e = bget(&b, fp, f & f_bin);
1326 printf("FAIL error reading packet: %s\n", errtab[-e]);
1338 puts("FAIL signature invalid");
1340 puts("OK signature verified");
1342 return (f & f_bogus ? EXIT_FAILURE : EXIT_SUCCESS);
1345 /*----- Main code ---------------------------------------------------------*/
1347 typedef struct cmd {
1349 int (*func)(int /*argc*/, char */*argv*/[]);
1353 static cmd cmdtab[] = {
1354 /* { "manifest", manifest, */
1355 /* "manifest [-0] [-o output]" }, */
1358 [-0v] [-a alg] [-h hash] [-t keytype] [-i keyid]\n\
1359 [-e expire] [-f file] [-o output]" },
1361 "verify [-qv] [file]" },
1365 static void version(FILE *fp)
1367 pquis(fp, "$, Catacomb version " VERSION "\n");
1370 static void usage(FILE *fp)
1372 pquis(fp, "Usage: $ [-k keyring] command [args]\n");
1375 static void help(FILE *fp)
1382 Create and verify signatures on lists of files.\n\
1384 for (c = cmdtab; c->name; c++)
1385 fprintf(fp, "%s\n", c->help);
1390 * Arguments: @int argc@ = number of command line arguments
1391 * @char *argv[]@ = vector of command line arguments
1393 * Returns: Zero if successful, nonzero otherwise.
1395 * Use: Signs or verifies signatures on lists of files. Useful for
1396 * ensuring that a distribution is unmolested.
1399 int main(int argc, char *argv[])
1402 cmd *c = 0, *cc = 0;
1409 /* --- Initialize the library --- */
1413 rand_noisesrc(RAND_GLOBAL, &noise_source);
1414 rand_seed(RAND_GLOBAL, 160);
1416 /* --- Parse options --- */
1419 static struct option opts[] = {
1420 { "help", 0, 0, 'h' },
1421 { "version", 0, 0, 'v' },
1422 { "usage", 0, 0, 'u' },
1423 { "keyring", OPTF_ARGREQ, 0, 'k' },
1426 int i = mdwopt(argc, argv, "+hvu k:", opts, 0, 0, 0);
1453 if (f & f_bogus || argc < 1) {
1458 /* --- Dispatch to the correct subcommand handler --- */
1460 n = strlen(argv[0]);
1461 for (c = cmdtab; c->name; c++) {
1462 if (strncmp(argv[0], c->name, n) == 0) {
1463 if (c->name[n] == 0) {
1467 die(EXIT_FAILURE, "ambiguous command name `%s'", argv[0]);
1473 die(EXIT_FAILURE, "unknown command `%s'", argv[0]);
1474 return (cc->func(argc, argv));
1477 /*----- That's all, folks -------------------------------------------------*/