package main import ( "context" "flag" "fmt" "io/ioutil" "log" "strings" "dim13.org/signify/b64file" "dim13.org/signify/key" "dim13.org/signify/zsig" "github.com/google/subcommands" ) // Usage: signify -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message type verifyCmd struct { embed bool quiet bool zip bool pubFile string keyFile string sigFile string msgFile string } func (m *verifyCmd) Name() string { return "verify" } func (m *verifyCmd) Synopsis() string { return "verify signature" } func (m *verifyCmd) Usage() string { return "verify [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message\n" } func (m *verifyCmd) SetFlags(f *flag.FlagSet) { f.BoolVar(&m.embed, "e", false, "embed message") f.BoolVar(&m.quiet, "q", false, "quiet mode") f.BoolVar(&m.zip, "z", false, "verify gzip archive") // TODO f.StringVar(&m.pubFile, "p", "", "public key file") f.StringVar(&m.keyFile, "t", "", "key type") // TODO f.StringVar(&m.sigFile, "x", "", "signature file") f.StringVar(&m.msgFile, "m", "", "message file (required)") } func (m *verifyCmd) Execute(ctx context.Context, f *flag.FlagSet, args ...interface{}) subcommands.ExitStatus { if m.msgFile == "" { f.Usage() return subcommands.ExitUsageError } if m.sigFile == "" { m.sigFile = SigName(m.msgFile) } // TODO keyType var err error switch { case m.zip && m.embed: f.Usage() return subcommands.ExitUsageError case m.zip: err = m.zipped() case m.embed: err = m.embedded() default: err = m.plain() } if err != nil { log.Println(err) return subcommands.ExitFailure } if !m.quiet { fmt.Println("Signature Verified") } return subcommands.ExitSuccess } func (m *verifyCmd) plain() error { msg, err := ioutil.ReadFile(m.msgFile) if err != nil { return err } sig, _, verifyWith, err := openSig(m.sigFile) if err != nil { return err } if m.pubFile == "" { m.pubFile = verifyWith } pub, err := openPub(m.pubFile) if err != nil { return err } return sig.Verify(msg, pub) } func (m *verifyCmd) embedded() error { sig, msg, verifyWith, err := openSig(m.sigFile) if err != nil { return err } if m.pubFile == "" { m.pubFile = verifyWith } pub, err := openPub(m.pubFile) if err != nil { return err } return sig.Verify(msg, pub) } // TODO ugly work-in-progress func (m *verifyCmd) zipped() error { fd, err := Open(m.sigFile) if err != nil { return err } defer fd.Close() z, err := zsig.NewReader(fd) if err != nil { return err } sig := new(key.Sig) _, msg, err := b64file.Decode(strings.NewReader(z.Comment), sig) if err != nil { return err } if err := sig.Validate(); err != nil { return err } pub, err := openPub(m.pubFile) if err != nil { return err } if err := sig.Verify(msg, pub); err != nil { return err } zhead, err := zsig.ParseBytes(msg) if err != nil { return err } return zhead.Verify(z) } func openPub(fname string) (*key.Pub, error) { pub := new(key.Pub) fd, err := Open(fname) if err != nil { return nil, err } defer fd.Close() if _, _, err := b64file.Decode(fd, pub); err != nil { return nil, err } if err := pub.Validate(); err != nil { return nil, err } return pub, nil } func openSig(fname string) (*key.Sig, []byte, string, error) { sig := new(key.Sig) fd, err := Open(fname) if err != nil { return nil, nil, "", err } defer fd.Close() comment, msg, err := b64file.Decode(fd, sig) if err != nil { return nil, nil, "", err } if err := sig.Validate(); err != nil { return nil, nil, "", err } pubKey := CommentPubFile(comment) return sig, msg, pubKey, nil }