summaryrefslogtreecommitdiffhomepage
path: root/Verify.hs
blob: c48568396b0ffdf3bad91c179c8b65adf01b9273 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
{- Copyright 2017 Joey Hess <id@joeyh.name>
 -
 - Licensed under the GNU AGPL version 3 or higher.
 -}

module Verify (verify) where

import Types
import Log
import CmdLine
import Crypto
import Gpg
import Hash
import PrevActivity
import Output

import Control.Concurrent.STM
import Data.Maybe
import Data.ByteString.UTF8 (toString)

verify :: VerifyOpts -> IO ()
verify opts = go 1 startState =<< streamLog (verifyLogFile opts)
  where
	go _ _ [] = putStrLn "Log file verified. All signatures and hashes are valid."
	go lineno st (Right lmsg:rest) = do
		-- The log may have hashes removed, as it went over the
		-- wire; restore hashes.
		let ra = mkRecentActivity st
		msg <- atomically $ restoreHashes ra $ 
				MissingHashes $ loggedMessage lmsg

		-- Learn session keys before verifying signatures.
		st' <- case msg of
			User (ControlMessage (Control { control = SessionKey sk _ })) ->
				addSessionKey lineno sk st
			Developer (ControlMessage (Control { control = SessionKey sk _ })) ->
				addSessionKey lineno sk st
			_ -> return st

		case (verifySigned (sigVerifier st') msg, verifyHashChain msg st') of
			(True, True) -> return ()
			(False, _) -> lineError lineno 
				"Failed to verify message signature."
			(_, False) -> lineError lineno
				"Invalid hash chain."

		go (succ lineno) (addPrevHash msg st') rest
	go lineno _ (Left l:_) = lineError lineno $
		"Failed to parse a line of the log: " ++ l

lineError :: Integer -> String -> a
lineError lineno err = error $ "Line " ++ show lineno ++ ": " ++ err

data State = State
	{ sigVerifier :: SigVerifier
	, prevHashes :: [Hash]
	}
	deriving (Show)

startState :: State
startState = State
	{ sigVerifier = mempty
	, prevHashes = mempty -- ^ in reverse order
	}

mkRecentActivity :: State -> RecentActivity
mkRecentActivity st = return (sigVerifier st, prevHashes st)

addSessionKey :: Integer -> PerhapsSigned PublicKey -> State -> IO State
addSessionKey lineno p@(GpgSigned pk _ _) st = do
	(mkid, gpgoutput) <- gpgVerify p
	putStr $ unlines $ map sanitizeForDisplay $ lines $ toString gpgoutput
	case mkid of
		Nothing -> lineError lineno "Bad GnuPG signature."
		Just _ -> do
			putStrLn "The person above participated in the debug-me session."
			addSessionKey lineno (UnSigned pk) st
addSessionKey _lineno (UnSigned pk) st = do
	let v = mkSigVerifier pk
	return $ st { sigVerifier = sigVerifier st `mappend` v }

-- | Add the hash of the message to the state.
addPrevHash :: AnyMessage -> State -> State
addPrevHash am s = case mh of
	Just h -> s { prevHashes = h : prevHashes s }
	Nothing -> s
  where
	mh = case am of
		User (ActivityMessage m) -> Just (hash m)
		User (ControlMessage _) -> Nothing
		Developer (ActivityMessage m) -> Just (hash m)
		Developer (ControlMessage _) -> Nothing

-- | Verify that prevActivity and prevEntered point to previously
-- seen hashes.
--
-- While Role.User and Role.Developer enforce rules about which
-- hashes they may point to, here we don't check such rules. If the log
-- continues with other messages referring to this one, then this message
-- must have met the rules, and if it did not, then this message is
-- irrelevant.
verifyHashChain :: AnyMessage -> State -> Bool
verifyHashChain am s = case am of
	User (ControlMessage _) -> True
	Developer (ControlMessage _) -> True
	User (ActivityMessage m) -> checkm m
	Developer (ActivityMessage m) -> checkm m
  where
	checkm m = all (\h -> h `elem` prevHashes s)
		(catMaybes [prevActivity m, prevEntered m])