1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
{- Copyright 2017 Joey Hess <id@joeyh.name>
-
- Licensed under the GNU AGPL version 3 or higher.
-}
module Verify (verify) where
import Types
import Log
import CmdLine
import Crypto
import Gpg
import Hash
import PrevActivity
import Control.Concurrent.STM
import Data.Maybe
verify :: VerifyOpts -> IO ()
verify opts = go 1 startState =<< streamLog (verifyLogFile opts)
where
go _ _ [] = putStrLn "Log file verified. All signatures and hashes are valid."
go lineno st (Right lmsg:rest) = do
-- The log may have hashes removed, as it went over the
-- wire; restore hashes.
let ra = mkRecentActivity st
msg <- atomically $ restoreHashes ra $
MissingHashes $ loggedMessage lmsg
-- Learn session keys before verifying signatures.
st' <- case msg of
User (ControlMessage (Control { control = SessionKey sk })) ->
addSessionKey lineno sk st
Developer (ControlMessage (Control { control = SessionKey sk })) ->
addSessionKey lineno sk st
_ -> return st
case (verifySigned (sigVerifier st') msg, verifyHashChain msg st') of
(True, True) -> return ()
(False, _) -> lineError lineno
"Failed to verify message signature."
(_, False) -> lineError lineno
"Invalid hash chain."
go (succ lineno) (addPrevHash msg st') rest
go lineno _ (Left l:_) = lineError lineno $
"Failed to parse a line of the log: " ++ l
lineError :: Integer -> String -> a
lineError lineno err = error $ "Line " ++ show lineno ++ ": " ++ err
data State = State
{ sigVerifier :: SigVerifier
, prevHashes :: [Hash]
}
deriving (Show)
startState :: State
startState = State
{ sigVerifier = mempty
, prevHashes = mempty -- ^ in reverse order
}
mkRecentActivity :: State -> RecentActivity
mkRecentActivity st = return (sigVerifier st, prevHashes st)
addSessionKey :: Integer -> PerhapsSigned PublicKey -> State -> IO State
addSessionKey lineno p@(GpgSigned pk _ _) st = do
mkid <- gpgVerify p
case mkid of
Nothing -> lineError lineno "Bad GnuPG signature."
Just _ -> do
putStrLn "The person above participated in the debug-me session."
addSessionKey lineno (UnSigned pk) st
addSessionKey _lineno (UnSigned pk) st = do
let v = mkSigVerifier pk
return $ st { sigVerifier = sigVerifier st `mappend` v }
-- | Add the hash of the message to the state.
addPrevHash :: AnyMessage -> State -> State
addPrevHash am s = case mh of
Just h -> s { prevHashes = h : prevHashes s }
Nothing -> s
where
mh = case am of
User (ActivityMessage m) -> Just (hash m)
User (ControlMessage _) -> Nothing
Developer (ActivityMessage m) -> Just (hash m)
Developer (ControlMessage _) -> Nothing
-- | Verify that prevActivity and prevEntered point to previously
-- seen hashes.
--
-- While Role.User and Role.Developer enforce rules about which
-- hashes they may point to, here we don't check such rules. If the log
-- continues with other messages referring to this one, then this message
-- must have met the rules, and if it did not, then this message is
-- irrelevant.
verifyHashChain :: AnyMessage -> State -> Bool
verifyHashChain am s = case am of
User (ControlMessage _) -> True
Developer (ControlMessage _) -> True
User (ActivityMessage m) -> checkm m
Developer (ActivityMessage m) -> checkm m
where
checkm m = all (\h -> h `elem` prevHashes s)
(catMaybes [prevActivity m, prevEntered m])
|