ucert.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760
  1. /*
  2. * Copyright (C) 2018 Daniel Golle <daniel@makrotopia.org>
  3. *
  4. * This program is free software; you can redistribute it and/or modify
  5. * it under the terms of the GNU General Public License version 3
  6. * as published by the Free Software Foundation
  7. *
  8. * This program is distributed in the hope that it will be useful,
  9. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  10. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  11. * GNU General Public License for more details.
  12. */
  13. #define _GNU_SOURCE
  14. #include <fcntl.h>
  15. #include <dlfcn.h>
  16. #include <stdio.h>
  17. #include <stdbool.h>
  18. #include <stdlib.h>
  19. #include <string.h>
  20. #include <getopt.h>
  21. #include <stdint.h>
  22. #include <unistd.h>
  23. #include <inttypes.h>
  24. #include <sys/stat.h>
  25. #include <sys/wait.h>
  26. #include <json-c/json.h>
  27. #include <libubox/blob.h>
  28. #include <libubox/utils.h>
  29. #include <libubox/list.h>
  30. #include <libubox/vlist.h>
  31. #include <libubox/blobmsg_json.h>
  32. #include "usign.h"
  33. #define CERT_BUF_LEN 4096
  34. static enum {
  35. CMD_APPEND,
  36. CMD_DUMP,
  37. CMD_ISSUE,
  38. CMD_REVOKE,
  39. CMD_VERIFY,
  40. CMD_NONE,
  41. } cmd = CMD_NONE;
  42. static bool quiet;
  43. #ifndef UCERT_STRIP_MESSAGES
  44. #define DPRINTF(format, ...) \
  45. do { \
  46. if (!quiet) \
  47. fprintf(stderr, "%s(%d): " format, __func__, __LINE__, ## __VA_ARGS__); \
  48. } while (0)
  49. #else
  50. #define DPRINTF(format, ...) do { } while (0)
  51. #endif
  52. /*
  53. * ucert structure
  54. * | BLOB |
  55. * | SIGNATURE | PAYLOAD |
  56. * | |[ BLOBMSG CONTAINER ]|
  57. * | |[[T,i,v,e,f,pubkey ]]|
  58. */
  59. enum cert_attr {
  60. CERT_ATTR_SIGNATURE,
  61. CERT_ATTR_PAYLOAD,
  62. CERT_ATTR_MAX
  63. };
  64. static const struct blob_attr_info cert_policy[CERT_ATTR_MAX] = {
  65. [CERT_ATTR_SIGNATURE] = { .type = BLOB_ATTR_BINARY },
  66. [CERT_ATTR_PAYLOAD] = { .type = BLOB_ATTR_NESTED },
  67. };
  68. enum cert_cont_attr {
  69. CERT_CT_ATTR_PAYLOAD,
  70. CERT_CT_ATTR_MAX
  71. };
  72. static const struct blobmsg_policy cert_cont_policy[CERT_CT_ATTR_MAX] = {
  73. [CERT_CT_ATTR_PAYLOAD] = { .name = "ucert", .type = BLOBMSG_TYPE_TABLE },
  74. };
  75. enum cert_payload_attr {
  76. CERT_PL_ATTR_CERTTYPE,
  77. CERT_PL_ATTR_CERTID,
  78. CERT_PL_ATTR_VALIDFROMTIME,
  79. CERT_PL_ATTR_EXPIRETIME,
  80. CERT_PL_ATTR_PUBKEY,
  81. CERT_PL_ATTR_KEY_FINGERPRINT,
  82. CERT_PL_ATTR_MAX
  83. };
  84. enum certtype_id {
  85. CERTTYPE_UNSPEC,
  86. CERTTYPE_AUTH,
  87. CERTTYPE_REVOKE
  88. };
  89. static const struct blobmsg_policy cert_payload_policy[CERT_PL_ATTR_MAX] = {
  90. [CERT_PL_ATTR_CERTTYPE] = { .name = "certtype", .type = BLOBMSG_TYPE_INT32 },
  91. [CERT_PL_ATTR_CERTID] = { .name = "certid", .type = BLOBMSG_TYPE_INT32 },
  92. [CERT_PL_ATTR_VALIDFROMTIME] = { .name = "validfrom", .type = BLOBMSG_TYPE_INT64 },
  93. [CERT_PL_ATTR_EXPIRETIME] = { .name = "expiresat", .type = BLOBMSG_TYPE_INT64 },
  94. [CERT_PL_ATTR_PUBKEY] = { .name = "pubkey", .type = BLOBMSG_TYPE_STRING },
  95. [CERT_PL_ATTR_KEY_FINGERPRINT] = { .name = "fingerprint", .type = BLOBMSG_TYPE_STRING },
  96. };
  97. /* list to store certificate chain at runtime */
  98. struct cert_object {
  99. struct list_head list;
  100. struct blob_attr *cert[CERT_ATTR_MAX];
  101. };
  102. /* write buffer to file */
  103. static int write_file(const char *filename, void *buf, size_t len, bool append) {
  104. FILE *f;
  105. size_t outlen;
  106. f = fopen(filename, append?"a":"w");
  107. if (!f)
  108. return 1;
  109. outlen = fwrite(buf, 1, len, f);
  110. fclose(f);
  111. return (outlen == len);
  112. }
  113. /* load certfile into list */
  114. static int cert_load(const char *certfile, struct list_head *chain) {
  115. FILE *f;
  116. struct blob_attr *certtb[CERT_ATTR_MAX];
  117. struct blob_attr *bufpt;
  118. struct cert_object *cobj;
  119. char filebuf[CERT_BUF_LEN];
  120. int ret = 0, pret = 0;
  121. size_t len, pos = 0;
  122. f = fopen(certfile, "r");
  123. if (!f)
  124. return 1;
  125. len = fread(&filebuf, 1, CERT_BUF_LEN - 1, f);
  126. if (len < 64)
  127. return 1;
  128. ret = ferror(f) || !feof(f);
  129. fclose(f);
  130. if (ret)
  131. return 1;
  132. bufpt = (struct blob_attr *)filebuf;
  133. do {
  134. pret = blob_parse_untrusted(bufpt, len, certtb, cert_policy, CERT_ATTR_MAX);
  135. if (pret <= 0)
  136. /* no attributes found */
  137. break;
  138. if (pos + blob_pad_len(bufpt) > len)
  139. /* blob exceeds filebuffer */
  140. break;
  141. else
  142. pos += blob_pad_len(bufpt);
  143. if (!certtb[CERT_ATTR_SIGNATURE])
  144. /* no signature -> drop */
  145. break;
  146. cobj = calloc(1, sizeof(*cobj));
  147. cobj->cert[CERT_ATTR_SIGNATURE] = blob_memdup(certtb[CERT_ATTR_SIGNATURE]);
  148. if (certtb[CERT_ATTR_PAYLOAD])
  149. cobj->cert[CERT_ATTR_PAYLOAD] = blob_memdup(certtb[CERT_ATTR_PAYLOAD]);
  150. list_add_tail(&cobj->list, chain);
  151. ret += pret;
  152. /* repeat parsing while there is still enough remaining data in buffer */
  153. } while(len > pos + sizeof(struct blob_attr) && (bufpt = blob_next(bufpt)));
  154. return (ret <= 0);
  155. }
  156. #ifdef UCERT_FULL
  157. /* append signature to certfile */
  158. static int cert_append(const char *certfile, const char *sigfile) {
  159. FILE *fs;
  160. char filebuf[CERT_BUF_LEN];
  161. struct blob_buf sigbuf = {0};
  162. int len;
  163. int ret;
  164. fs = fopen(sigfile, "r");
  165. if (!fs)
  166. return 1;
  167. len = fread(&filebuf, 1, CERT_BUF_LEN - 1, fs);
  168. ret = ferror(fs) || !feof(fs) || (len < 64);
  169. fclose(fs);
  170. if (ret)
  171. return 1;
  172. blob_buf_init(&sigbuf, 0);
  173. blob_put(&sigbuf, CERT_ATTR_SIGNATURE, filebuf, len);
  174. ret = write_file(certfile, sigbuf.head, blob_raw_len(sigbuf.head), true);
  175. blob_buf_free(&sigbuf);
  176. return ret;
  177. }
  178. #endif
  179. /* verify the signature of a single chain element */
  180. static int cert_verify_blob(struct blob_attr *cert[CERT_ATTR_MAX],
  181. const char *pubkeyfile, const char *pubkeydir) {
  182. int i;
  183. char msgfname[256], sigfname[256];
  184. int ret;
  185. char tmpdir[] = "/tmp/ucert-XXXXXX";
  186. if (mkdtemp(tmpdir) == NULL)
  187. return errno;
  188. snprintf(msgfname, sizeof(msgfname) - 1, "%s/%s", tmpdir, "payload");
  189. snprintf(sigfname, sizeof(sigfname) - 1, "%s/%s", tmpdir, "payload.sig");
  190. for (i = 0; i < CERT_ATTR_MAX; i++) {
  191. struct blob_attr *v = cert[i];
  192. if (!v)
  193. break;
  194. switch(cert_policy[i].type) {
  195. case BLOB_ATTR_BINARY:
  196. write_file(sigfname, blob_data(v), blob_len(v), false);
  197. break;
  198. case BLOB_ATTR_NESTED:
  199. write_file(msgfname, blob_data(v), blob_len(v), false);
  200. break;
  201. }
  202. }
  203. ret = usign_v(msgfname, pubkeyfile, pubkeydir, sigfname, quiet);
  204. unlink(msgfname);
  205. unlink(sigfname);
  206. rmdir(tmpdir);
  207. return ret;
  208. }
  209. /* verify cert chain (and message) */
  210. static int chain_verify(const char *msgfile, const char *pubkeyfile,
  211. const char *pubkeydir, struct list_head *chain) {
  212. struct cert_object *cobj;
  213. struct blob_attr *containertb[CERT_CT_ATTR_MAX];
  214. struct blob_attr *payloadtb[CERT_PL_ATTR_MAX];
  215. char tmpdir[] = "/tmp/ucert-XXXXXX";
  216. char chainedpubkey[256] = {0};
  217. char chainedfp[17] = {0};
  218. char extsigfile[256] = {0};
  219. int ret = 1;
  220. int checkmsg = 0;
  221. struct timeval tv;
  222. if (mkdtemp(tmpdir) == NULL)
  223. return errno;
  224. if (msgfile)
  225. checkmsg = -1;
  226. gettimeofday(&tv, NULL);
  227. list_for_each_entry(cobj, chain, list) {
  228. /* blob has payload, verify that using signature */
  229. if (cobj->cert[CERT_ATTR_PAYLOAD]) {
  230. time_t validfrom;
  231. time_t expiresat;
  232. uint32_t certtype;
  233. ret = cert_verify_blob(cobj->cert, chainedpubkey[0]?chainedpubkey:pubkeyfile, pubkeydir);
  234. if (ret)
  235. goto clean_and_return;
  236. blobmsg_parse(cert_cont_policy,
  237. ARRAY_SIZE(cert_cont_policy),
  238. containertb,
  239. blob_data(cobj->cert[CERT_ATTR_PAYLOAD]),
  240. blob_len(cobj->cert[CERT_ATTR_PAYLOAD]));
  241. if (!containertb[CERT_CT_ATTR_PAYLOAD]) {
  242. ret = 1;
  243. DPRINTF("no ucert in signed payload\n");
  244. goto clean_and_return;
  245. }
  246. blobmsg_parse(cert_payload_policy,
  247. ARRAY_SIZE(cert_payload_policy),
  248. payloadtb,
  249. blobmsg_data(containertb[CERT_CT_ATTR_PAYLOAD]),
  250. blobmsg_data_len(containertb[CERT_CT_ATTR_PAYLOAD]));
  251. if (!payloadtb[CERT_PL_ATTR_CERTTYPE] ||
  252. !payloadtb[CERT_PL_ATTR_VALIDFROMTIME] ||
  253. !payloadtb[CERT_PL_ATTR_EXPIRETIME] ||
  254. !payloadtb[CERT_PL_ATTR_PUBKEY]) {
  255. ret = 1;
  256. DPRINTF("missing mandatory ucert attributes\n");
  257. goto clean_and_return;
  258. }
  259. certtype = blobmsg_get_u32(payloadtb[CERT_PL_ATTR_CERTTYPE]);
  260. validfrom = blobmsg_get_u64(payloadtb[CERT_PL_ATTR_VALIDFROMTIME]);
  261. expiresat = blobmsg_get_u64(payloadtb[CERT_PL_ATTR_EXPIRETIME]);
  262. if (certtype != CERTTYPE_AUTH) {
  263. ret = 2;
  264. DPRINTF("wrong certificate type\n");
  265. goto clean_and_return;
  266. }
  267. if (tv.tv_sec < validfrom ||
  268. tv.tv_sec >= expiresat) {
  269. ret = 3;
  270. DPRINTF("certificate expired\n");
  271. goto clean_and_return;
  272. }
  273. snprintf(chainedpubkey, sizeof(chainedpubkey) - 1, "%s/%s", tmpdir, "chained-pubkey");
  274. write_file(chainedpubkey,
  275. blobmsg_data(payloadtb[CERT_PL_ATTR_PUBKEY]),
  276. blobmsg_data_len(payloadtb[CERT_PL_ATTR_PUBKEY]),
  277. false);
  278. if (usign_f_pubkey(chainedfp, chainedpubkey)) {
  279. DPRINTF("cannot get fingerprint for chained key\n");
  280. ret = 2;
  281. goto clean_and_return;
  282. }
  283. if (pubkeydir && _usign_key_is_revoked(chainedfp, pubkeydir)) {
  284. DPRINTF("key %s has been revoked!\n", chainedfp);
  285. ret = 4;
  286. goto clean_and_return;
  287. }
  288. } else {
  289. /* blob doesn't have payload, verify message using signature */
  290. if (msgfile) {
  291. snprintf(extsigfile, sizeof(extsigfile) - 1, "%s/%s", tmpdir, "ext-sig");
  292. write_file(extsigfile,
  293. blob_data(cobj->cert[CERT_ATTR_SIGNATURE]),
  294. blob_len(cobj->cert[CERT_ATTR_SIGNATURE]),
  295. false);
  296. checkmsg = ret = usign_v(msgfile,
  297. chainedpubkey[0]?chainedpubkey:pubkeyfile,
  298. pubkeydir, extsigfile, quiet);
  299. unlink(extsigfile);
  300. } else {
  301. DPRINTF("stray trailing signature without anything to verify!\n");
  302. ret = 1;
  303. };
  304. }
  305. }
  306. if (checkmsg == -1)
  307. DPRINTF("missing signature to verify message!\n");
  308. clean_and_return:
  309. if (chainedpubkey[0])
  310. unlink(chainedpubkey);
  311. rmdir(tmpdir);
  312. return ret | checkmsg;
  313. }
  314. #ifdef UCERT_FULL
  315. /* dump single chain element to console */
  316. static void cert_dump_blob(struct blob_attr *cert[CERT_ATTR_MAX]) {
  317. int i;
  318. char *json = NULL;
  319. for (i = 0; i < CERT_ATTR_MAX; i++) {
  320. struct blob_attr *v = cert[i];
  321. if (!v)
  322. continue;
  323. switch(cert_policy[i].type) {
  324. case BLOB_ATTR_BINARY:
  325. fprintf(stdout, "signature:\n---\n%s---\n", (char *) blob_data(v));
  326. break;
  327. case BLOB_ATTR_NESTED:
  328. json = blobmsg_format_json_indent(blob_data(v), false, 0);
  329. if (!json) {
  330. DPRINTF("cannot parse payload\n");
  331. continue;
  332. }
  333. fprintf(stdout, "payload:\n---\n%s\n---\n", json);
  334. free(json);
  335. break;
  336. }
  337. }
  338. }
  339. /* dump certfile to console */
  340. static int cert_dump(const char *certfile) {
  341. struct cert_object *cobj;
  342. static LIST_HEAD(certchain);
  343. unsigned int count = 0;
  344. if (cert_load(certfile, &certchain)) {
  345. DPRINTF("cannot parse cert\n");
  346. return 1;
  347. }
  348. list_for_each_entry(cobj, &certchain, list) {
  349. fprintf(stdout, "=== CHAIN ELEMENT %02u ===\n", ++count);
  350. cert_dump_blob(cobj->cert);
  351. }
  352. return 0;
  353. }
  354. /* issue an auth certificate for pubkey */
  355. static int cert_issue(const char *certfile, const char *pubkeyfile, const char *seckeyfile) {
  356. struct blob_buf payloadbuf = {0};
  357. struct blob_buf certbuf = {0};
  358. struct timeval tv;
  359. int pklen, siglen;
  360. int revoker = 1;
  361. void *c;
  362. FILE *pkf, *sigf;
  363. char pkb[512];
  364. char sigb[1024];
  365. char fname[256], sfname[256];
  366. char pkfp[17];
  367. char tmpdir[] = "/tmp/ucert-XXXXXX";
  368. pkf = fopen(pubkeyfile, "r");
  369. if (!pkf)
  370. return -1;
  371. pklen = fread(pkb, 1, 512, pkf);
  372. pkb[pklen] = '\0';
  373. if (pklen < 32)
  374. return -1;
  375. fclose(pkf);
  376. if (usign_f_pubkey(pkfp, pubkeyfile))
  377. return -1;
  378. gettimeofday(&tv, NULL);
  379. if (mkdtemp(tmpdir) == NULL)
  380. return errno;
  381. while (revoker >= 0) {
  382. blob_buf_init(&payloadbuf, 0);
  383. c = blobmsg_open_table(&payloadbuf, "ucert");
  384. blobmsg_add_u32(&payloadbuf, "certtype", revoker?CERTTYPE_REVOKE:CERTTYPE_AUTH);
  385. blobmsg_add_u64(&payloadbuf, "validfrom", tv.tv_sec);
  386. if (!revoker) {
  387. blobmsg_add_u64(&payloadbuf, "expiresat", tv.tv_sec + 60 * 60 * 24 * 365);
  388. blobmsg_add_string(&payloadbuf, "pubkey", pkb);
  389. } else {
  390. blobmsg_add_string(&payloadbuf, "fingerprint", pkfp);
  391. }
  392. blobmsg_close_table(&payloadbuf, c);
  393. snprintf(fname, sizeof(fname) - 1, "%s/%s", tmpdir, revoker?"revoker":"payload");
  394. write_file(fname, blob_data(payloadbuf.head), blob_len(payloadbuf.head), false);
  395. snprintf(sfname, sizeof(sfname) - 1, "%s/%s", tmpdir, revoker?"revoker.sig":"payload.sig");
  396. if (usign_s(fname, seckeyfile, sfname, quiet))
  397. return 1;
  398. sigf = fopen(sfname, "r");
  399. if (!sigf)
  400. return 1;
  401. siglen = fread(sigb, 1, 1024, sigf);
  402. if (siglen < 1)
  403. return 1;
  404. sigb[siglen] = '\0';
  405. fclose(sigf);
  406. unlink(fname);
  407. unlink(sfname);
  408. blob_buf_init(&certbuf, 0);
  409. blob_put(&certbuf, CERT_ATTR_SIGNATURE, sigb, siglen);
  410. blob_put(&certbuf, CERT_ATTR_PAYLOAD, blob_data(payloadbuf.head), blob_len(payloadbuf.head));
  411. snprintf(fname, sizeof(fname) - 1, "%s%s", certfile, revoker?".revoke":"");
  412. write_file(fname, certbuf.head, blob_raw_len(certbuf.head), true);
  413. blob_buf_free(&certbuf);
  414. blob_buf_free(&payloadbuf);
  415. revoker--;
  416. }
  417. rmdir(tmpdir);
  418. return 0;
  419. }
  420. #endif
  421. /* process revoker certificate */
  422. static int cert_process_revoker(const char *certfile, const char *pubkeydir) {
  423. static LIST_HEAD(certchain);
  424. struct cert_object *cobj;
  425. struct blob_attr *containertb[CERT_CT_ATTR_MAX];
  426. struct blob_attr *payloadtb[CERT_PL_ATTR_MAX];
  427. struct stat st;
  428. struct timeval tv;
  429. time_t validfrom;
  430. enum certtype_id certtype;
  431. char *fingerprint;
  432. char rfname[512];
  433. int ret = -1;
  434. if (cert_load(certfile, &certchain)) {
  435. DPRINTF("cannot parse cert\n");
  436. return 1;
  437. }
  438. gettimeofday(&tv, NULL);
  439. list_for_each_entry(cobj, &certchain, list) {
  440. if (!cobj->cert[CERT_ATTR_PAYLOAD])
  441. return 2;
  442. /* blob has payload, verify that using signature */
  443. ret = cert_verify_blob(cobj->cert, NULL, pubkeydir);
  444. if (ret)
  445. return ret;
  446. blobmsg_parse(cert_cont_policy,
  447. ARRAY_SIZE(cert_cont_policy),
  448. containertb,
  449. blob_data(cobj->cert[CERT_ATTR_PAYLOAD]),
  450. blob_len(cobj->cert[CERT_ATTR_PAYLOAD]));
  451. if (!containertb[CERT_CT_ATTR_PAYLOAD]) {
  452. DPRINTF("no ucert in signed payload\n");
  453. return 2;
  454. }
  455. blobmsg_parse(cert_payload_policy,
  456. ARRAY_SIZE(cert_payload_policy),
  457. payloadtb,
  458. blobmsg_data(containertb[CERT_CT_ATTR_PAYLOAD]),
  459. blobmsg_data_len(containertb[CERT_CT_ATTR_PAYLOAD]));
  460. if (!payloadtb[CERT_PL_ATTR_CERTTYPE] ||
  461. !payloadtb[CERT_PL_ATTR_VALIDFROMTIME] ||
  462. !payloadtb[CERT_PL_ATTR_KEY_FINGERPRINT]) {
  463. DPRINTF("missing mandatory ucert attributes\n");
  464. return 2;
  465. }
  466. certtype = blobmsg_get_u32(payloadtb[CERT_PL_ATTR_CERTTYPE]);
  467. validfrom = blobmsg_get_u64(payloadtb[CERT_PL_ATTR_VALIDFROMTIME]);
  468. fingerprint = blobmsg_get_string(payloadtb[CERT_PL_ATTR_KEY_FINGERPRINT]);
  469. if (certtype != CERTTYPE_REVOKE) {
  470. DPRINTF("wrong certificate type\n");
  471. return 2;
  472. }
  473. if (tv.tv_sec < validfrom) {
  474. return 3;
  475. }
  476. snprintf(rfname, sizeof(rfname)-1, "%s/%s", pubkeydir, fingerprint);
  477. /* check if entry in pubkeydir exists */
  478. if (stat(rfname, &st) == 0) {
  479. if (_usign_key_is_revoked(fingerprint, pubkeydir)) {
  480. DPRINTF("existing revoker deadlink for key %s\n", fingerprint);
  481. continue;
  482. };
  483. /* remove any other entry */
  484. if (unlink(rfname))
  485. return -1;
  486. }
  487. ret = symlink(".revoked.", rfname);
  488. if (ret)
  489. return ret;
  490. DPRINTF("created revoker deadlink for key %s\n", fingerprint);
  491. };
  492. return ret;
  493. }
  494. /* load and verify certfile (and message) */
  495. static int cert_verify(const char *certfile, const char *pubkeyfile, const char *pubkeydir, const char *msgfile) {
  496. static LIST_HEAD(certchain);
  497. if (cert_load(certfile, &certchain)) {
  498. DPRINTF("cannot parse cert\n");
  499. return 1;
  500. }
  501. return chain_verify(msgfile, pubkeyfile, pubkeydir, &certchain);
  502. }
  503. /* output help */
  504. static int usage(const char *cmd)
  505. {
  506. #ifndef UCERT_STRIP_MESSAGES
  507. fprintf(stderr,
  508. "Usage: %s <command> <options>\n"
  509. "Commands:\n"
  510. #ifdef UCERT_FULL
  511. " -A: append signature (needs -c and -x)\n"
  512. " -D: dump (needs -c)\n"
  513. " -I: issue cert and revoker (needs -c and -p and -s)\n"
  514. #endif /* UCERT_FULL */
  515. " -R: process revoker certificate (needs -c and -P)\n"
  516. " -V: verify (needs -c and -p|-P, may have -m)\n"
  517. "Options:\n"
  518. " -c <file>: certificate file\n"
  519. " -m <file>: message file (verify only)\n"
  520. " -p <file>: public key file\n"
  521. " -P <path>: public key directory (verify only)\n"
  522. " -q: quiet (do not print verification result, use return code only)\n"
  523. #ifdef UCERT_FULL
  524. " -s <file>: secret key file (issue only)\n"
  525. " -x <file>: signature file (append only)\n"
  526. #endif /* UCERT_FULL */
  527. "\n",
  528. cmd);
  529. #endif /* UCERT_STRIP_MESSAGES */
  530. return 1;
  531. }
  532. /* parse command line options and call functions */
  533. int main(int argc, char *argv[]) {
  534. int ch;
  535. const char *msgfile = NULL;
  536. const char *pubkeyfile = NULL;
  537. const char *pubkeydir = NULL;
  538. const char *certfile = NULL;
  539. #ifdef UCERT_FULL
  540. const char *sigfile = NULL;
  541. const char *seckeyfile = NULL;
  542. #endif
  543. quiet = false;
  544. while ((ch = getopt(argc, argv,
  545. "RVc:m:p:P:q"
  546. #ifdef UCERT_FULL
  547. "ADIs:x:"
  548. #endif
  549. )) != -1) {
  550. switch (ch) {
  551. #ifdef UCERT_FULL
  552. case 'A':
  553. if (cmd != CMD_NONE)
  554. return usage(argv[0]);
  555. cmd = CMD_APPEND;
  556. break;
  557. case 'D':
  558. if (cmd != CMD_NONE)
  559. return usage(argv[0]);
  560. cmd = CMD_DUMP;
  561. break;
  562. case 'I':
  563. if (cmd != CMD_NONE)
  564. return usage(argv[0]);
  565. cmd = CMD_ISSUE;
  566. break;
  567. #endif
  568. case 'R':
  569. if (cmd != CMD_NONE)
  570. return usage(argv[0]);
  571. cmd = CMD_REVOKE;
  572. break;
  573. case 'V':
  574. if (cmd != CMD_NONE)
  575. return usage(argv[0]);
  576. cmd = CMD_VERIFY;
  577. break;
  578. case 'c':
  579. if (certfile || cmd == CMD_NONE)
  580. return usage(argv[0]);
  581. certfile = optarg;
  582. break;
  583. case 'm':
  584. if (msgfile || cmd != CMD_VERIFY)
  585. return usage(argv[0]);
  586. msgfile = optarg;
  587. break;
  588. case 'p':
  589. if (pubkeyfile || (cmd != CMD_VERIFY && cmd != CMD_ISSUE) || cmd == CMD_NONE)
  590. return usage(argv[0]);
  591. pubkeyfile = optarg;
  592. break;
  593. case 'P':
  594. if (pubkeydir || (cmd != CMD_VERIFY && cmd != CMD_REVOKE) || cmd == CMD_NONE)
  595. return usage(argv[0]);
  596. pubkeydir = optarg;
  597. break;
  598. case 'q':
  599. if (quiet)
  600. return usage(argv[0]);
  601. quiet = true;
  602. break;
  603. #ifdef UCERT_FULL
  604. case 's':
  605. if (seckeyfile || cmd != CMD_ISSUE || cmd == CMD_NONE)
  606. return usage(argv[0]);
  607. seckeyfile = optarg;
  608. break;
  609. case 'x':
  610. if (sigfile || cmd != CMD_APPEND || cmd == CMD_NONE)
  611. return usage(argv[0]);
  612. sigfile = optarg;
  613. break;
  614. #endif
  615. default:
  616. return usage(argv[0]);
  617. }
  618. }
  619. switch (cmd) {
  620. #ifdef UCERT_FULL
  621. case CMD_APPEND:
  622. if (certfile && sigfile)
  623. return cert_append(certfile, sigfile);
  624. else
  625. return usage(argv[0]);
  626. case CMD_DUMP:
  627. if (certfile)
  628. return cert_dump(certfile);
  629. else
  630. return usage(argv[0]);
  631. case CMD_ISSUE:
  632. if (certfile && pubkeyfile && seckeyfile)
  633. return cert_issue(certfile, pubkeyfile, seckeyfile);
  634. else
  635. return usage(argv[0]);
  636. #endif
  637. case CMD_REVOKE:
  638. if (certfile && pubkeydir)
  639. return cert_process_revoker(certfile, pubkeydir);
  640. else
  641. return usage(argv[0]);
  642. case CMD_VERIFY:
  643. if (certfile && (pubkeyfile || pubkeydir))
  644. return cert_verify(certfile, pubkeyfile, pubkeydir, msgfile);
  645. else
  646. return usage(argv[0]);
  647. default:
  648. return usage(argv[0]);
  649. }
  650. /* unreachable */
  651. return usage(argv[0]);
  652. }