From ce917e7348213dfc8809ba19862dce88dfc9c077 Mon Sep 17 00:00:00 2001
From: _ <_@_>
Date: Tue, 19 Jan 2021 18:16:43 -0600
Subject: [PATCH] :heavy_plus_sign: update: add `--file` command for debugging
 artifacts from BMC

---
 .gitattributes                       |  1 +
 bare_minimum_crypto/cpp/bmc_main.cpp | 63 +++++++++++++++++++++++++++-
 2 files changed, 63 insertions(+), 1 deletion(-)
 create mode 100644 .gitattributes

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..0641ec5
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+bare_minimum_crypto/cpp/json.hpp linguist-vendored
diff --git a/bare_minimum_crypto/cpp/bmc_main.cpp b/bare_minimum_crypto/cpp/bmc_main.cpp
index 5a0c3e6..d018960 100644
--- a/bare_minimum_crypto/cpp/bmc_main.cpp
+++ b/bare_minimum_crypto/cpp/bmc_main.cpp
@@ -1,4 +1,5 @@
 #include <chrono>
+#include <fstream>
 #include <iostream>
 #include <optional>
 #include <stdint.h>
@@ -20,6 +21,62 @@ using namespace std;
 using nlohmann::json;
 using namespace BareMinimumCrypto;
 
+int file (const string & file_path) {
+	cout << "Reading `" << file_path << "`" << endl;
+	ifstream f;
+	f.open (file_path, ifstream::binary);
+	if (! f.is_open ()) {
+		cerr << "Can't open file." << endl;
+		return 1;
+	}
+	
+	f.seekg (0, ifstream::end);
+	const auto len = f.tellg ();
+	f.seekg (0, ifstream::beg);
+	
+	vector <uint8_t> bytes;
+	bytes.resize (len);
+	
+	f.read ((char *)bytes.data (), bytes.size ());
+	
+	// All our files are msgpack, so parse it first.
+	
+	const auto j = json::from_msgpack (bytes);
+	
+	const string schema = j ["schema"];
+	
+	cout << "Schema: " << schema << endl;
+	
+	if (schema == "3T6XF5DZ") {
+		cout << "File is a passphrase-protected secret key" << endl;
+		
+		const Instant time_created (j ["time_created"]);
+		const auto pubkey = j ["pubkey"].get_binary ();
+		const string key_machine_id = j ["machine_id"];
+		
+		const auto our_machine_id = get_machine_id ();
+		const auto now = Instant::now ();
+		
+		cout << "Generated at Unix time " << time_created.x 
+		<< " (" << now.x - time_created.x << " seconds ago)"
+		<< endl;
+		cout << "Generated on machine ID " << key_machine_id << endl;
+		cout << "Claims to have Base64 pubkey " << base64_encode (pubkey) << endl;
+		
+		if (now.x < time_created.x) {
+			cout << "The key was generated in the past. Someone's clock is wrong." << endl;
+		}
+		if (our_machine_id != key_machine_id) {
+			cout << "The key was generated on another machine. You should report this." << endl;
+		}
+	}
+	else {
+		cout << "Unknown schema. Maybe this file is from a newer version of BMC?" << endl;
+	}
+	
+	return 0;
+}
+
 int test () {
 	if (test_base64 () != 0) {
 		return 1;
@@ -72,7 +129,7 @@ int main (int argc, char ** argv) {
 	cxxopts::Options options ("BareMinimumCrypto", "Simple crypto things you might need.");
 	options.add_options ()
 		("generate-ca-key", "Generate a passphrase-protected certificate authority key", cxxopts::value <string> ())
-		("check-ca-key", "Read information from a CA key without decrypting it")
+		("file", "Print info about any file generated by BMC", cxxopts::value <string> ())
 		("test", "Run self-test")
 		("help", "Print usage")
 	;
@@ -95,6 +152,10 @@ int main (int argc, char ** argv) {
 		}
 		cout << "The pubkey is `" << base64_encode (key_opt->pubkey ()) << "`" << endl;
 	}
+	else if (result.count ("file")) {
+		const auto file_path = result ["file"].as <string> ();
+		return file (file_path);
+	}
 	else if (result.count ("test")) {
 		if (test () != 0) {
 			return 1;