--verify mode

This commit was sponsored by Thom May on Patreon.

6 files changed, 28 insertions, 0 deletions

diff --git a/CmdLine.hs b/CmdLine.hs
index 0046b4c..2a64b6c 100644
--- a/CmdLine.hs
+++ b/CmdLine.hs
@@ -25,6 +25,7 @@ data Mode
 	| WatchMode WatchOpts
 	| GraphvizMode GraphvizOpts
 	| ReplayMode ReplayOpts
+	| VerifyMode VerifyOpts
 	| ServerMode ServerOpts
 	| ControlMode ControlOpts
 
@@ -54,6 +55,10 @@ data ReplayOpts = ReplayOpts
 	{ replayLogFile :: FilePath
 	}
 
+data VerifyOpts = VerifyOpts
+	{ verifyLogFile :: FilePath
+	}
+
 data ServerOpts = ServerOpts
 	{ serverDirectory :: FilePath
 	, serverPort :: Port
@@ -72,6 +77,7 @@ parseMode :: Parser Mode
 parseMode = (UserMode <$> parseuser)
 	<|> (DeveloperMode <$> parsedeveloper)
 	<|> (ReplayMode <$> parsereplay)
+	<|> (VerifyMode <$> parseverify)
 	<|> (DownloadMode <$> parsedownload)
 	<|> (WatchMode <$> parsewatch)
 	<|> (GraphvizMode <$> parsegraphviz)
@@ -112,6 +118,12 @@ parseMode = (UserMode <$> parseuser)
 			<> metavar "logfile"
 			<> help "replay log file"
 			)
+	parseverify = VerifyOpts
+		<$> option str
+			( long "verify"
+			<> metavar "logfile"
+			<> help "verify log file"
+			)
 	parsedownload = DownloadOpts
 		<$> option readurl
 			( long "download"
diff --git a/Crypto.hs b/Crypto.hs
index 8a3bd70..efc754f 100644
--- a/Crypto.hs
+++ b/Crypto.hs
@@ -44,6 +44,12 @@ instance Hashable t => Signed (Message t) where
 	hashExceptSignature (ActivityMessage a) = hashExceptSignature a
 	hashExceptSignature (ControlMessage c) = hashExceptSignature c
 
+instance Signed AnyMessage where
+	getSignature (User m) = getSignature m
+	getSignature (Developer m) = getSignature m
+	hashExceptSignature (User m) = hashExceptSignature m
+	hashExceptSignature (Developer m) = hashExceptSignature m
+
 sign :: Signed v => MySessionKey -> v -> Signature
 sign (MySessionKey sk pk) v = Ed25519Signature $ Val $ convert $
 	Ed25519.sign sk pk (toSign v)
diff --git a/debug-me.1 b/debug-me.1
index 242955b..bd1cfb0 100644
--- a/debug-me.1
+++ b/debug-me.1
@@ -72,6 +72,10 @@ Replay a debug-me log file with realistic pauses.
 While this is running, you can press Space to skip forward in the
 recording to the next point, which is useful when there are long pauses in
 the recording.
+.IP "--verify logfile"
+Verify that the log file contains a valid chain of hashes, and valid
+signatures. Will exit nonzero if any problem is detected. Displays the
+gpg public keys of any developers who interacted with the debug-me session.
 .IP "--graphviz logfile"
 Uses graphviz to generate a visualization of a debug-me log file.
 .IP "--show-hashes"
diff --git a/debug-me.hs b/debug-me.hs
index c9bbd22..42931c6 100644
--- a/debug-me.hs
+++ b/debug-me.hs
@@ -8,6 +8,7 @@ module Main where
 import CmdLine
 import Graphviz
 import Replay
+import Verify
 import Server
 import ControlWindow
 import qualified Role.User
@@ -28,5 +29,6 @@ main = withSocketsDo $ do
 		WatchMode o -> Role.Watcher.run o
 		GraphvizMode o -> graphviz o
 		ReplayMode o -> replay o
+		VerifyMode o -> verify o
 		ServerMode o -> server o
 		ControlMode o -> controlWindow o
diff --git a/doc/todo/log_file_analysis_mode.mdwn b/doc/todo/log_file_analysis_mode.mdwn
index 9520ae7..09ebccb 100644
--- a/doc/todo/log_file_analysis_mode.mdwn
+++ b/doc/todo/log_file_analysis_mode.mdwn
@@ -1,3 +1,5 @@
 Add a mode that, given a log file, displays what developer(s) gpg keys
 signed activity in the log file. For use when a developer did
 something wrong, to examine the proof.
+
+> [[done]]; --verify --[[Joey]]
diff --git a/doc/todo/verify_hash_chain_in_loadLog.mdwn b/doc/todo/verify_hash_chain_in_loadLog.mdwn
index 92f9741..c056e89 100644
--- a/doc/todo/verify_hash_chain_in_loadLog.mdwn
+++ b/doc/todo/verify_hash_chain_in_loadLog.mdwn
@@ -6,3 +6,5 @@ refuse to use logs that are not valid proofs of a session.
 Everything else in debug-me checks a session's proof as it goes.
 And, everything that saves a log file checks the proof as it goes,
 so perhaps this is not actually necessary?
+
+> Yeah, let's not. Instead, --verify can be used. [[done]] --[[Joey]]