add VERIFY and SIGN$

Author: braindigitalis

docpages/basic-language-reference/functions/integer/02_INDEX.md

@@ -77,6 +77,7 @@ The following functions operate on or return **integer values** in Retro Rocket
 * \subpage SGN
 * \subpage SHL
 * \subpage SHR
+* \subpage SIGN
 * \subpage SPECTRUM
 * \subpage SPRITECOLLIDE
 * \subpage SPRITEHEIGHT

docpages/basic-language-reference/functions/integer/VERIFY.md

@@ -0,0 +1,70 @@
+\page VERIFY VERIFY Function
+
+```basic
+check = VERIFY(file$, sig$, cert$)
+```
+
+Verifies a signed file against a detached signature and package signing certificate.
+
+The package certificate is validated against the built-in Retro Rocket package root certificate before the file signature is checked.
+
+Returns non-zero if the signature and certificate chain are valid, otherwise returns zero.
+
+---
+
+### Examples
+
+```basic
+REM Verify a downloaded package
+
+IF VERIFY("/ramdisk/editor.gz", "/ramdisk/editor.gz.sig", "/ramdisk/packages.pem") = TRUE THEN
+	PRINT "Package verified"
+ELSE
+	PRINT "Package verification failed"
+ENDIF
+```
+
+```basic
+REM Refuse to install invalid packages
+
+IF VERIFY(PKG$, SIG$, CERT$) THEN
+	PRINT "Package is not trusted"
+	END
+ENDIF
+```
+
+---
+
+### Notes
+
+* `file$` is the file to verify.
+* `sig$` is the detached package signature file.
+* `cert$` is the PEM package signing certificate.
+* Detached signatures are generated using \ref SIGNS "SIGN$".
+* The trusted package root certificate is loaded automatically from `/system/ssl/package_root_ca.pem`.
+* Detached signatures are expected to contain escaped binary signature data.
+* Verification checks:
+
+  * certificate chain validity
+  * certificate validity dates
+  * detached Ed25519 signature validity
+
+---
+
+### Errors
+
+* File not found
+* Error reading file
+* Error reading signature
+* Error reading certificate
+* Error reading root certificate
+* Out of memory reading file
+* Out of memory reading signature
+* Out of memory reading certificate
+* Out of memory reading root certificate
+
+---
+
+**See also:**
+\ref SIGNS "SIGN$" · \ref BINWRITE "BINWRITE"
+

docpages/basic-language-reference/functions/string/04_INDEX.md

@@ -47,6 +47,7 @@ The following functions return or manipulate **string values** in Retro Rocket B
 * \subpage RJUST
 * \subpage RTRIM
 * \subpage SECSTR
+* \subpage SIGNS
 * \subpage SOCKERRORS
 * \subpage STR
 * \subpage TIME

docpages/basic-language-reference/functions/string/SIGNS.md

@@ -0,0 +1,66 @@
+\page SIGNS SIGN$ Function
+
+```basic id="5m0q0q"
+SIGN$(file$, privatekey$)
+```
+
+Signs a file using a PEM private key and returns a detached escaped binary signature string.
+
+The returned signature may be written to disk using \ref BINWRITE "BINWRITE" and later verified using \ref VERIFY "VERIFY".
+
+---
+
+### Examples
+
+```basic id="m7z8v2"
+REM Sign a package
+
+SIG$ = SIGN$("editor.gz", "packages.key")
+
+F = OPENOUT("editor.gz.sig")
+BINWRITE F, SIG$
+CLOSE #F
+```
+
+```basic id="yv9m2q"
+REM Sign and immediately verify a package
+
+SIG$ = SIGN$("game.gz", "packages.key")
+
+F = OPENOUT("game.gz.sig")
+BINWRITE F, SIG$
+CLOSE #F
+
+IF VERIFY("game.gz", "game.gz.sig", "packages.pem") THEN
+{
+	PRINT "Signature valid"
+}
+```
+
+---
+
+### Notes
+
+* `file$` is the file to sign.
+* `privatekey$` is a PEM private key file.
+* Returns an escaped detached Ed25519 signature string.
+* The returned string is safe to store using normal BASIC file functions.
+* Detached signatures are normally stored with a `.sig` extension.
+* Signatures generated by `SIGN$` may be verified using \ref VERIFY "VERIFY".
+
+---
+
+### Errors
+
+* File not found
+* Error reading file
+* Error reading private key
+* Error signing package
+* Out of memory reading file
+* Out of memory reading private key
+
+---
+
+**See also:**
+\ref VERIFY "VERIFY" · \ref BINWRITE "BINWRITE"
+

docs/ACS.html

@@ -126,7 +126,7 @@
 <div class="textblock"><div class="fragment"><div class="line">ACS(real-expression)</div>
 </div><!-- fragment --><p>Returns the <b>arc cosine</b> (inverse cosine) of the given expression, in <b>radians</b>. The input must be between <span class="tt">-1</span> and <span class="tt">1</span>.</p>
 <hr  />
-<h3 class="doxsection"><a class="anchor" id="examples-91"></a>
+<h3 class="doxsection"><a class="anchor" id="examples-92"></a>
 Examples</h3>
 <div class="fragment"><div class="line">PRINT ACS(1)</div>
 </div><!-- fragment --><p>Produces <span class="tt">0</span>.</p>
@@ -139,7 +139,7 @@ <h3 class="doxsection"><a class="anchor" id="examples-91"></a>
 <div class="line">PRINT ACS(COS(angle#))</div>
 </div><!-- fragment --><p>Produces the original angle (within floating point accuracy).</p>
 <hr  />
-<h3 class="doxsection"><a class="anchor" id="notes-87"></a>
+<h3 class="doxsection"><a class="anchor" id="notes-88"></a>
 Notes</h3>
 <ul>
 <li>Argument range: <span class="tt">-1 ≤ x ≤ 1</span>. Values outside this range cause an error.</li>

docs/ADFSIMAGE.html

@@ -126,14 +126,14 @@
 <div class="textblock"><div class="fragment"><div class="line">ADFSIMAGE$(path$)</div>
 </div><!-- fragment --><p>Creates a <b>RAM-backed block device from an ADFS disk image</b>. The parameter is the path to an ADFS S/M/L image file. Returns the device name on success.</p>
 <hr  />
-<h3 class="doxsection"><a class="anchor" id="examples-112"></a>
+<h3 class="doxsection"><a class="anchor" id="examples-113"></a>
 Examples</h3>
 <div class="fragment"><div class="line">REM Load an ADFS disk image into RAM</div>
 <div class="line">RD$ = ADFSIMAGE$(&quot;chukie-egg.adl&quot;)</div>
 <div class="line">MOUNT &quot;/games&quot;, RD$, &quot;adfs&quot;</div>
 <div class="line">PRINT &quot;ADFS image mounted&quot;</div>
 </div><!-- fragment --><hr  />
-<h3 class="doxsection"><a class="anchor" id="notes-108"></a>
+<h3 class="doxsection"><a class="anchor" id="notes-109"></a>
 Notes</h3>
 <ul>
 <li>The image must be a valid ADFS S/M/L disk image</li>

docs/ANIMATE.html

@@ -159,7 +159,7 @@ <h3 class="doxsection"><a class="anchor" id="example-7"></a>
 <div class="line">CLS</div>
 <div class="line">END</div>
 </div><!-- fragment --><hr  />
-<h3 class="doxsection"><a class="anchor" id="notes-155"></a>
+<h3 class="doxsection"><a class="anchor" id="notes-157"></a>
 Notes</h3>
 <ul>
 <li>If the sprite is not animated (single-frame image), <span class="tt">ANIMATE</span> statements are silent no-ops.</li>

docs/ARRAYFIND.html

@@ -137,7 +137,7 @@
 </li>
 </ul>
 <hr  />
-<h5 class="doxsection"><a class="anchor" id="examples-157"></a>
+<h5 class="doxsection"><a class="anchor" id="examples-159"></a>
 Examples</h5>
 <p><b>Integer array</b></p>
 <div class="fragment"><div class="line">DIM N,5</div>
@@ -180,7 +180,7 @@ <h5 class="doxsection"><a class="anchor" id="examples-157"></a>
 <div class="fragment"><div class="line">0</div>
 <div class="line">-1</div>
 </div><!-- fragment --><hr  />
-<h5 class="doxsection"><a class="anchor" id="notes-156"></a>
+<h5 class="doxsection"><a class="anchor" id="notes-158"></a>
 Notes</h5>
 <ul>
 <li><span class="tt">dest-array</span> is <b>automatically created or resized</b>:<ul>

docs/ARRSORT.html

@@ -136,7 +136,7 @@
 </li>
 </ul>
 <hr  />
-<h5 class="doxsection"><a class="anchor" id="examples-158"></a>
+<h5 class="doxsection"><a class="anchor" id="examples-160"></a>
 Examples</h5>
 <p><b>Integer array (ascending)</b></p>
 <div class="fragment"><div class="line">DIM N,5</div>
@@ -189,7 +189,7 @@ <h5 class="doxsection"><a class="anchor" id="examples-158"></a>
 <div class="line"> </div>
 <div class="line">ARRSORT D#</div>
 </div><!-- fragment --><hr  />
-<h5 class="doxsection"><a class="anchor" id="notes-157"></a>
+<h5 class="doxsection"><a class="anchor" id="notes-159"></a>
 Notes</h5>
 <ul>
 <li>Sorting is <b>in place</b>; the original order is replaced</li>

docs/ARRSORTBY.html

@@ -138,7 +138,7 @@
 </ul>
 <p>The values in <span class="tt">key-array</span> are <b>not modified</b>.</p>
 <hr  />
-<h5 class="doxsection"><a class="anchor" id="examples-159"></a>
+<h5 class="doxsection"><a class="anchor" id="examples-161"></a>
 Examples</h5>
 <p><b>Sort indices by real key (depth sort)</b></p>
 <div class="fragment"><div class="line">DIM DEPTH#,6</div>
@@ -194,7 +194,7 @@ <h5 class="doxsection"><a class="anchor" id="examples-159"></a>
 <div class="line">    PRINT IDX(I), NAMES$(IDX(I))</div>
 <div class="line">NEXT</div>
 </div><!-- fragment --><hr  />
-<h5 class="doxsection"><a class="anchor" id="notes-158"></a>
+<h5 class="doxsection"><a class="anchor" id="notes-160"></a>
 Notes</h5>
 <ul>
 <li>Only <span class="tt">index-array</span> is reordered; <span class="tt">key-array</span> remains unchanged</li>