3 * Verify signatures on distribuitions of files
5 * (c) 2000 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU Library General Public License as
14 * published by the Free Software Foundation; either version 2 of the
15 * License, or (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb; if not, write to the Free
24 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
28 /*----- Header files ------------------------------------------------------*/
30 #define _FILE_OFFSET_BITS 64
40 #include <mLib/alloc.h>
41 #include <mLib/base64.h>
42 #include <mLib/macros.h>
43 #include <mLib/mdwopt.h>
44 #include <mLib/quis.h>
45 #include <mLib/report.h>
56 /*----- Data formatting ---------------------------------------------------*/
58 /* --- Binary data structure --- *
60 * The binary format, which is used for hashing and for the optional binary
61 * output, consists of a sequence of tagged blocks. The tag describes the
62 * format and meaining of the following data.
66 /* --- Block tags --- */
68 T_IDENT = 0, /* An identifying marker */
69 T_KEYID, /* Key identifier */
70 T_BEGIN, /* Begin hashing here */
71 T_COMMENT = T_BEGIN, /* A textual comment */
72 T_DATE, /* Creation date of signature */
73 T_EXPIRE, /* Expiry date of signature */
74 T_FILE, /* File and corresponding hash */
75 T_SIGNATURE, /* Final signature block */
77 /* --- Error messages --- */
85 /* --- Name translation table --- */
87 static const char *tagtab[] = {
89 "comment:", "date:", "expires:", "file:",
94 static const char *errtab[] = {
96 "Unexpected end-of-file",
97 "Binary object too large",
102 /* --- Memory representation of block types --- */
104 typedef struct block {
105 int tag; /* Type tag */
106 dstr d; /* String data */
107 dstr b; /* Binary data */
108 time_t t; /* Timestamp */
109 uint32 k; /* Keyid */
112 /* --- @timestring@ --- *
114 * Arguments: @time_t t@ = a timestamp
115 * @dstr *d@ = a string to write on
119 * Use: Writes a textual representation of the timestamp to the
123 static void timestring(time_t t, dstr *d)
125 if (t == KEXP_FOREVER)
128 struct tm *tm = localtime(&t);
130 d->len += strftime(d->buf + d->len, 32, "%Y-%m-%d %H:%M:%S %Z", tm);
135 /* --- @breset@ --- *
137 * Arguments: @block *b@ = block to reset
141 * Use: Resets a block so that more stuff can be put in it.
144 static void breset(block *b)
155 * Arguments: @block *b@ = block to initialize
159 * Use: Initializes a block as something to read into.
162 static void binit(block *b)
169 /* --- @bdestroy@ --- *
171 * Arguments: @block *b@ = block to destroy
175 * Use: Destroys a block's contents.
178 static void bdestroy(block *b)
186 * Arguments: @block *b@ = pointer to block
187 * @FILE *fp@ = stream to read from
188 * @unsigned bin@ = binary switch
190 * Returns: Tag of block, or an error tag.
192 * Use: Reads a block from a stream.
195 static int bget(block *b, FILE *fp, unsigned bin)
199 /* --- Read the tag --- */
205 if (getstring(fp, &d, GSF_FILE))
207 for (tag = 0; tagtab[tag]; tag++) {
208 if (STRCMP(tagtab[tag], ==, d.buf))
215 /* --- Decide what to do next --- */
221 /* --- Reading of strings --- */
225 if (getstring(fp, &b->d, GSF_FILE | (bin ? GSF_RAW : 0)))
229 /* --- Timestamps --- */
235 if (fread(buf, sizeof(buf), 1, fp) < 1)
237 b->t = ((time_t)(((LOAD32(buf + 0) << 16) << 16) &
238 ~(unsigned long)MASK32) |
239 (time_t)LOAD32(buf + 4));
241 if (getstring(fp, &b->d, GSF_FILE))
243 if (STRCMP(b->d.buf, ==, "forever"))
245 else if ((b->t = get_date(b->d.buf, 0)) == -1)
250 /* --- Key ids --- */
255 if (fread(buf, sizeof(buf), 1, fp) < 1)
259 if (getstring(fp, &b->d, GSF_FILE))
261 b->k = strtoul(b->d.buf, 0, 16);
265 /* --- Reading of binary data --- */
272 if (fread(buf, sizeof(buf), 1, fp) < 1)
278 if (fread(b->b.buf + b->b.len, 1, sz, fp) < sz)
283 if (getstring(fp, &b->d, GSF_FILE))
286 base64_decode(&b64, b->d.buf, b->d.len, &b->b);
287 base64_decode(&b64, 0, 0, &b->b);
291 getstring(fp, &b->d, GSF_FILE | (bin ? GSF_RAW : 0)))
295 /* --- Anything else --- */
306 * Arguments: @block *b@ = pointer to block to emit
307 * @dstr *d@ = output buffer
311 * Use: Encodes a block in a binary format.
314 static void blob(block *b, dstr *d)
326 if (b->t == KEXP_FOREVER) {
327 STORE32(d->buf + d->len, 0xffffffff);
328 STORE32(d->buf + d->len + 4, 0xffffffff);
330 STORE32(d->buf + d->len,
331 ((b->t & ~(unsigned long)MASK32) >> 16) >> 16);
332 STORE32(d->buf + d->len + 4, b->t);
338 STORE32(d->buf + d->len, b->k);
344 STORE16(d->buf + d->len, b->b.len);
347 if (b->tag == T_FILE) {
355 /* --- @bwrite@ --- *
357 * Arguments: @block *b@ = pointer to block to write
358 * @FILE *fp@ = stream to write on
362 * Use: Writes a block on a stream in a textual format.
365 static void bwrite(block *b, FILE *fp)
367 fputs(tagtab[b->tag], fp);
372 putstring(fp, b->d.buf, 0);
377 timestring(b->t, &d);
378 putstring(fp, d.buf, 0);
382 fprintf(fp, "%08lx", (unsigned long)b->k);
390 base64_encode(&b64, b->b.buf, b->b.len, &d);
391 base64_encode(&b64, 0, 0, &d);
393 if (b->tag == T_FILE) {
395 putstring(fp, b->d.buf, 0);
404 * Arguments: @block *b@ = pointer to block to write
405 * @FILE *fp@ = file to write on
406 * @ghash *h@ = pointer to hash function
407 * @unsigned bin@ = binary/text flag
411 * Use: Spits out a block properly.
414 static void bemit(block *b, FILE *fp, ghash *h, unsigned bin)
416 if (h || (fp && bin)) {
420 GH_HASH(h, d.buf, d.len);
422 fwrite(d.buf, d.len, 1, fp);
428 /*----- Static variables --------------------------------------------------*/
430 static const char *keyring = "keyring";
432 /*----- Other shared functions --------------------------------------------*/
436 * Arguments: @FILE *fp@ = file to write on
437 * @const void *p@ = pointer to data to be written
438 * @size_t sz@ = size of the data to write
442 * Use: Emits a hex dump to a stream.
445 static void fhex(FILE *fp, const void *p, size_t sz)
451 fprintf(fp, "%02x", *q++);
458 /*----- Signature generation ----------------------------------------------*/
460 static int sign(int argc, char *argv[])
467 const char *ki = "dsig";
472 time_t exp = KEXP_EXPIRE;
474 const char *ifile = 0, *hfile = 0;
475 const char *ofile = 0;
485 static struct option opts[] = {
486 { "null", 0, 0, '0' },
487 { "binary", 0, 0, 'b' },
488 { "verbose", 0, 0, 'v' },
489 { "progress", 0, 0, 'p' },
490 { "quiet", 0, 0, 'q' },
491 { "comment", OPTF_ARGREQ, 0, 'c' },
492 { "file", OPTF_ARGREQ, 0, 'f' },
493 { "hashes", OPTF_ARGREQ, 0, 'h' },
494 { "output", OPTF_ARGREQ, 0, 'o' },
495 { "key", OPTF_ARGREQ, 0, 'k' },
496 { "expire", OPTF_ARGREQ, 0, 'e' },
497 { "nocheck", OPTF_ARGREQ, 0, 'C' },
500 int i = mdwopt(argc, argv, "+0vpqbC" "c:" "f:h:o:" "k:e:",
540 if (STRCMP(optarg, ==, "forever"))
542 else if ((exp = get_date(optarg, 0)) == -1)
543 die(EXIT_FAILURE, "bad expiry time");
550 if (optind != argc || (f & f_bogus))
551 die(EXIT_FAILURE, "Usage: sign [-OPTIONS]");
553 die(EXIT_FAILURE, "Inconsistent options `-h' and `-f'");
555 /* --- Locate the signing key --- */
557 if (key_open(&kf, keyring, KOPEN_WRITE, key_moan, 0))
558 die(EXIT_FAILURE, "couldn't open keyring `%s'", keyring);
559 if ((k = key_bytag(&kf, ki)) == 0)
560 die(EXIT_FAILURE, "couldn't find key `%s'", ki);
562 if (exp == KEXP_FOREVER && k->exp != KEXP_FOREVER) {
563 die(EXIT_FAILURE, "key `%s' expires: can't create nonexpiring signature",
566 s = getsig(k, "dsig", 1);
568 /* --- Check the key --- */
570 if (!(f & f_nocheck) && (err = s->ops->check(s)) != 0)
571 moan("key `%s' fails check: %s", d.buf, err);
573 /* --- Open files --- */
575 if (hfile) ifile = hfile;
576 if (!ifile || STRCMP(ifile, ==, "-"))
578 else if ((ifp = fopen(ifile, (f & f_bin) ? "rb" : "r")) == 0) {
579 die(EXIT_FAILURE, "couldn't open input file `%s': %s",
580 ifile, strerror(errno));
583 if (!ofile || STRCMP(ofile, ==, "-"))
585 else if ((ofp = fopen(ofile, (f & f_bin) ? "wb" : "w")) == 0) {
586 die(EXIT_FAILURE, "couldn't open output file `%s': %s",
587 ofile, strerror(errno));
590 /* --- Emit the start of the output --- */
592 binit(&b); b.tag = T_IDENT;
593 dstr_putf(&b.d, "%s, Catacomb version " VERSION, QUIS);
594 bemit(&b, ofp, 0, f & f_bin);
596 breset(&b); b.tag = T_KEYID; b.k = k->id;
597 bemit(&b, ofp, 0, f & f_bin);
599 /* --- Start hashing, and emit the datestamps and things --- */
602 time_t now = time(0);
604 breset(&b); b.tag = T_DATE; b.t = now; bemit(&b, ofp, s->h, f & f_bin);
605 if (exp == KEXP_EXPIRE)
606 exp = now + 86400 * 28;
607 breset(&b); b.tag = T_EXPIRE; b.t = exp; bemit(&b, ofp, s->h, f & f_bin);
609 breset(&b); b.tag = T_COMMENT; DPUTS(&b.d, c);
610 bemit(&b, ofp, s->h, f & f_bin);
617 /* --- Now hash the various files --- */
622 hfp.ee = &encodingtab[ENC_HEX];
623 hfp.gch = GH_CLASS(s->h);
630 DENSURE(&b.b, hfp.gch->hashsz);
631 hfp.hbuf = (octet *)b.b.buf;
632 if (ferror(ofp)) { f |= f_bogus; break; }
633 if ((hf = hfparse(&hfp)) == HF_EOF) break;
638 if (hfp.gch != GH_CLASS(s->h)) {
639 moan("%s:%d: incorrect hash function `%s' (should be `%s')",
640 hfile, n, hfp.gch->name, GH_CLASS(s->h)->name);
645 moan("%s:%d: invalid hash-file line", hfile, n);
650 b.b.len += hfp.gch->hashsz;
651 bemit(&b, ofp, s->h, f & f_bin);
658 /* --- Stop on an output error --- */
665 /* --- Read the next filename to hash --- */
667 fhash_init(&fh, GH_CLASS(s->h), f | FHF_BINARY);
669 if (getstring(ifp, &b.d, GSF_FILE | f))
672 DENSURE(&b.b, GH_CLASS(s->h)->hashsz);
673 if (fhash(&fh, b.d.buf, b.b.buf)) {
674 moan("error reading `%s': %s", b.d.buf, strerror(errno));
677 b.b.len += GH_CLASS(s->h)->hashsz;
679 fhex(stderr, b.b.buf, b.b.len);
680 fprintf(stderr, " %s\n", b.d.buf);
682 bemit(&b, ofp, s->h, f & f_bin);
688 /* --- Create the signature --- */
690 if (!(f & f_bogus)) {
693 if ((e = s->ops->doit(s, &b.b)) != 0) {
694 moan("error creating signature: %s", key_strerror(e));
697 if (!(f & f_bogus)) {
698 bemit(&b, ofp, 0, f & f_bin);
699 key_used(&kf, k, exp);
703 /* --- Tidy up at the end --- */
716 if ((e = key_close(&kf)) != 0) {
719 die(EXIT_FAILURE, "couldn't write file `%s': %s",
720 keyring, strerror(errno));
722 die(EXIT_FAILURE, "keyring file `%s' broken: %s (repair manually)",
723 keyring, strerror(errno));
727 die(EXIT_FAILURE, "error(s) occurred while creating signature");
728 return (EXIT_SUCCESS);
735 /*----- Signature verification --------------------------------------------*/
737 static int checkjunk(const char *path, const struct stat *st, void *p)
739 if (!st) printf("JUNK (error %s) %s\n", strerror(errno), path);
740 else printf("JUNK %s %s\n", describefile(st), path);
744 static int verify(int argc, char *argv[])
763 /* --- Parse the options --- */
766 static struct option opts[] = {
767 { "verbose", 0, 0, 'v' },
768 { "progress", 0, 0, 'p' },
769 { "quiet", 0, 0, 'q' },
770 { "nocheck", 0, 0, 'C' },
771 { "junk", 0, 0, 'j' },
774 int i = mdwopt(argc, argv, "+vpqCj", opts, 0, 0, 0);
801 if ((f & f_bogus) || argc > 1)
802 die(EXIT_FAILURE, "Usage: verify [-qvC] [FILE]");
804 /* --- Open the key file, and start reading the input file --- */
806 if (key_open(&kf, keyring, KOPEN_READ, key_moan, 0))
807 die(EXIT_FAILURE, "couldn't open keyring `%s'\n", keyring);
811 if ((fp = fopen(argv[0], "rb")) == 0) {
812 die(EXIT_FAILURE, "couldn't open file `%s': %s\n",
813 argv[0], strerror(errno));
820 if ((fp = fopen(argv[0], "r")) == 0) {
821 die(EXIT_FAILURE, "couldn't open file `%s': %s\n",
822 argv[0], strerror(errno));
827 /* --- Read the introductory matter --- */
832 e = bget(&b, fp, f & f_bin);
834 die(EXIT_FAILURE, "error reading packet: %s", errtab[-e]);
840 printf("INFO ident: `%s'\n", b.d.buf);
843 if ((k = key_byid(&kf, b.k)) == 0) {
845 printf("FAIL key %08lx not found\n", (unsigned long)b.k);
850 key_fulltag(k, &b.d);
851 printf("INFO key: %s\n", b.d.buf);
855 die(EXIT_FAILURE, "(internal) unknown packet type\n");
860 /* --- Initialize the hash function and start reading hashed packets --- */
864 puts("FAIL no keyid packet found");
868 s = getsig(k, "dsig", 0);
869 if (!(f & f_nocheck) && verb && (err = s->ops->check(s)) != 0)
870 printf("WARN public key fails check: %s", err);
872 fhash_init(&fh, GH_CLASS(s->h), f | FHF_BINARY);
877 printf("INFO comment: `%s'\n", b.d.buf);
878 bemit(&b, 0, s->h, 0);
883 timestring(b.t, &b.d);
884 printf("INFO date: %s\n", b.d.buf);
886 bemit(&b, 0, s->h, 0);
889 time_t now = time(0);
890 if (b.t != KEXP_FOREVER && b.t < now) {
892 puts("BAD signature has expired");
897 timestring(b.t, &b.d);
898 printf("INFO expires: %s\n", b.d.buf);
900 bemit(&b, 0, s->h, 0);
904 DENSURE(&d, GH_CLASS(s->h)->hashsz);
905 if (fhash(&fh, b.d.buf, d.buf)) {
907 printf("BAD error reading file `%s': %s\n",
908 b.d.buf, strerror(errno));
911 } else if (b.b.len != GH_CLASS(s->h)->hashsz ||
912 MEMCMP(d.buf, !=, b.b.buf, b.b.len)) {
914 printf("BAD file `%s' has incorrect hash\n", b.d.buf);
916 } else if (verb > 3) {
917 fputs("INFO hash: ", stdout);
918 fhex(stdout, b.b.buf, b.b.len);
919 printf(" %s\n", b.d.buf);
921 bemit(&b, 0, s->h, 0);
924 if (s->ops->doit(s, &b.b)) {
926 puts("BAD bad signature");
929 puts("INFO good signature");
933 printf("FAIL invalid packet type %i\n", e);
938 e = bget(&b, fp, f & f_bin);
941 printf("FAIL error reading packet: %s\n", errtab[-e]);
946 if ((f & FHF_JUNK) && fhash_junk(&fh, checkjunk, 0))
957 puts("FAIL signature invalid");
959 puts("OK signature verified");
961 return (f & f_bogus ? EXIT_FAILURE : EXIT_SUCCESS);
969 /*----- Main code ---------------------------------------------------------*/
973 listtab[i].name, listtab[i].name) \
974 LI("Signature schemes", sig, \
975 sigtab[i].name, sigtab[i].name) \
976 LI("Hash functions", hash, \
977 ghashtab[i], ghashtab[i]->name)
979 MAKELISTTAB(listtab, LISTS)
981 int cmd_show(int argc, char *argv[])
983 return (displaylists(listtab, argv + 1));
986 static int cmd_help(int, char **);
988 static cmd cmdtab[] = {
989 { "help", cmd_help, "help [COMMAND...]" },
990 { "show", cmd_show, "show [ITEM...]" },
992 "sign [-0bpqvC] [-c COMMENT] [-k TAG] [-e EXPIRE]\n\t\
993 [-f FILE] [-h FILE] [-o OUTPUT]",
997 -0, --null Read null-terminated filenames from stdin.\n\
998 -b, --binary Produce a binary output file.\n\
999 -q, --quiet Produce fewer messages while working.\n\
1000 -v, --verbose Produce more messages while working.\n\
1001 -p, --progress Show progress on large files.\n\
1002 -C, --nocheck Don't check the private key.\n\
1003 -c, --comment=COMMENT Include COMMENT in the output file.\n\
1004 -f, --file=FILE Read filenames to hash from FILE.\n\
1005 -h, --hashes=FILE Read precomputed hashes from FILE.\n\
1006 -o, --output=FILE Write the signed result to FILE.\n\
1007 -k, --key=TAG Use a key named by TAG.\n\
1008 -e, --expire=TIME The signature should expire after TIME.\n\
1011 "verify [-pqvC] [FILE]", "\
1014 -q, --quiet Produce fewer messages while working.\n\
1015 -v, --verbose Produce more messages while working.\n\
1016 -p, --progress Show progress on large files.\n\
1017 -C, --nocheck Don't check the public key.\n\
1022 static int cmd_help(int argc, char **argv)
1024 sc_help(cmdtab, stdout, argv + 1);
1028 void version(FILE *fp)
1030 pquis(fp, "$, Catacomb version " VERSION "\n");
1033 static void usage(FILE *fp)
1035 pquis(fp, "Usage: $ [-k KEYRING] COMMAND [ARGS]\n");
1038 void help_global(FILE *fp)
1042 Create and verify signatures on lists of files.\n\
1044 Global command-line options:\n\
1046 -h, --help [COMMAND...] Show this help message, or help for COMMANDs.\n\
1047 -v, --version Show program version number.\n\
1048 -u, --usage Show a terse usage message.\n\
1050 -k, --keyring=FILE Read keys from FILE.\n",
1056 * Arguments: @int argc@ = number of command line arguments
1057 * @char *argv[]@ = vector of command line arguments
1059 * Returns: Zero if successful, nonzero otherwise.
1061 * Use: Signs or verifies signatures on lists of files. Useful for
1062 * ensuring that a distribution is unmolested.
1065 int main(int argc, char *argv[])
1071 /* --- Initialize the library --- */
1075 rand_noisesrc(RAND_GLOBAL, &noise_source);
1076 rand_seed(RAND_GLOBAL, 160);
1078 /* --- Parse options --- */
1081 static struct option opts[] = {
1082 { "help", 0, 0, 'h' },
1083 { "version", 0, 0, 'v' },
1084 { "usage", 0, 0, 'u' },
1085 { "keyring", OPTF_ARGREQ, 0, 'k' },
1088 int i = mdwopt(argc, argv, "+hvu k:", opts, 0, 0, 0);
1093 sc_help(cmdtab, stdout, argv + optind);
1115 if (f & f_bogus || argc < 1) {
1120 /* --- Dispatch to the correct subcommand handler --- */
1122 return (findcmd(cmdtab, argv[0])->cmd(argc, argv));
1127 /*----- That's all, folks -------------------------------------------------*/