123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267 |
- /*
- * wrapper functions around the usign executable
- * Copyright (C) 2018 Daniel Golle <daniel@makrotopia.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 3
- * as published by the Free Software Foundation
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- */
- #include <stdbool.h>
- #include <stdio.h>
- #include <string.h>
- #include <unistd.h>
- #include <sys/wait.h>
- #include "usign.h"
- #ifdef UCERT_HOST_BUILD
- #define USIGN_EXEC "usign"
- #else
- #define USIGN_EXEC "/usr/bin/usign"
- #endif
- /*
- * check for revoker deadlink in pubkeydir
- * return true if a revoker exists, false otherwise
- */
- int _usign_key_is_revoked(const char *fingerprint, const char *pubkeydir) {
- char tml[64] = {0};
- char rfname[256] = {0};
- snprintf(rfname, sizeof(rfname)-1, "%s/%s", pubkeydir, fingerprint);
- if (readlink(rfname, tml, sizeof(tml)) > 0 &&
- !strcmp(tml, ".revoked.")) {
- return true;
- };
- return false;
- }
- #ifdef UCERT_FULL
- /*
- * call usign -S ...
- * return WEXITSTATUS or -1 if fork or execv fails
- */
- int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) {
- pid_t pid;
- int status;
- const char *usign_argv[16] = {0};
- unsigned int usign_argc = 0;
- usign_argv[usign_argc++] = USIGN_EXEC;
- usign_argv[usign_argc++] = "-S";
- usign_argv[usign_argc++] = "-m";
- usign_argv[usign_argc++] = msgfile;
- usign_argv[usign_argc++] = "-s";
- usign_argv[usign_argc++] = seckeyfile;
- usign_argv[usign_argc++] = "-x";
- usign_argv[usign_argc++] = sigfile;
- if (quiet)
- usign_argv[usign_argc++] = "-q";
- pid = fork();
- switch (pid) {
- case -1:
- return -1;
- case 0:
- if (
- #ifdef UCERT_HOST_BUILD
- execvp(usign_argv[0], (char *const *)usign_argv)
- #else
- execv(usign_argv[0], (char *const *)usign_argv)
- #endif
- )
- return -1;
- break;
- default:
- waitpid(pid, &status, 0);
- return WEXITSTATUS(status);
- }
- return -1;
- }
- #else
- int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) {
- return -1;
- };
- #endif
- /*
- * call usign -F ... and set fingerprint returned
- * return WEXITSTATUS or -1 if fork or execv fails
- */
- static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckeyfile, const char *sigfile) {
- int fds[2];
- pid_t pid;
- int status;
- const char *usign_argv[16] = {0};
- unsigned int usign_argc = 0;
- if (pipe(fds))
- return -1;
- usign_argv[usign_argc++] = USIGN_EXEC;
- usign_argv[usign_argc++] = "-F";
- if (pubkeyfile) {
- usign_argv[usign_argc++] = "-p";
- usign_argv[usign_argc++] = pubkeyfile;
- }
- if (seckeyfile) {
- usign_argv[usign_argc++] = "-s";
- usign_argv[usign_argc++] = seckeyfile;
- }
- if (sigfile) {
- usign_argv[usign_argc++] = "-x";
- usign_argv[usign_argc++] = sigfile;
- }
- pid = fork();
- switch (pid) {
- case -1:
- return -1;
- case 0:
- dup2(fds[1], 1);
- close(0);
- close(2);
- close(fds[0]);
- close(fds[1]);
- if (
- #ifdef UCERT_HOST_BUILD
- execvp(usign_argv[0], (char *const *)usign_argv)
- #else
- execv(usign_argv[0], (char *const *)usign_argv)
- #endif
- )
- return -1;
- break;
- default:
- waitpid(pid, &status, 0);
- status = WEXITSTATUS(status);
- if (fingerprint && !WEXITSTATUS(status)) {
- ssize_t r;
- memset(fingerprint, 0, 17);
- r = read(fds[0], fingerprint, 17);
- if (r < 16)
- status = -1;
- fingerprint[16] = '\0';
- }
- close(fds[0]);
- close(fds[1]);
- return status;
- }
- return -1;
- }
- /*
- * call usign -F -p ...
- */
- int usign_f_pubkey(char *fingerprint, const char *pubkeyfile) {
- return usign_f(fingerprint, pubkeyfile, NULL, NULL);
- }
- /*
- * call usign -F -s ...
- */
- int usign_f_seckey(char *fingerprint, const char *seckeyfile) {
- return usign_f(fingerprint, NULL, seckeyfile, NULL);
- }
- /*
- * call usign -F -x ...
- */
- int usign_f_sig(char *fingerprint, const char *sigfile) {
- return usign_f(fingerprint, NULL, NULL, sigfile);
- }
- /*
- * call usign -V ...
- * return WEXITSTATUS or -1 if fork or execv fails
- */
- int usign_v(const char *msgfile, const char *pubkeyfile,
- const char *pubkeydir, const char *sigfile, bool quiet) {
- pid_t pid;
- int status;
- const char *usign_argv[16] = {0};
- unsigned int usign_argc = 0;
- char fingerprint[17];
- if (usign_f_sig(fingerprint, sigfile)) {
- if (!quiet)
- fprintf(stdout, "cannot get signing key fingerprint\n");
- return 1;
- }
- if (pubkeydir && _usign_key_is_revoked(fingerprint, pubkeydir)) {
- if (!quiet)
- fprintf(stdout, "key %s has been revoked!\n", fingerprint);
- return 1;
- }
- usign_argv[usign_argc++] = USIGN_EXEC;
- usign_argv[usign_argc++] = "-V";
- usign_argv[usign_argc++] = "-m";
- usign_argv[usign_argc++] = msgfile;
- if (quiet)
- usign_argv[usign_argc++] = "-q";
- if (pubkeyfile) {
- usign_argv[usign_argc++] = "-p";
- usign_argv[usign_argc++] = pubkeyfile;
- }
- if (pubkeydir) {
- usign_argv[usign_argc++] = "-P";
- usign_argv[usign_argc++] = pubkeydir;
- }
- if (sigfile) {
- usign_argv[usign_argc++] = "-x";
- usign_argv[usign_argc++] = sigfile;
- }
- pid = fork();
- switch (pid) {
- case -1:
- return -1;
- case 0:
- if (
- #ifdef UCERT_HOST_BUILD
- execvp(usign_argv[0], (char *const *)usign_argv)
- #else
- execv(usign_argv[0], (char *const *)usign_argv)
- #endif
- )
- return -1;
- break;
- default:
- waitpid(pid, &status, 0);
- return WEXITSTATUS(status);
- }
- return -1;
- }
|