2 * wrapper functions around the usign executable
3 * Copyright (C) 2018 Daniel Golle <daniel@makrotopia.org>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 3
7 * as published by the Free Software Foundation
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
23 #ifdef UCERT_HOST_BUILD
24 #define USIGN_EXEC "usign"
26 #define USIGN_EXEC "/usr/bin/usign"
30 * check for revoker deadlink in pubkeydir
31 * return true if a revoker exists, false otherwise
33 int _usign_key_is_revoked(const char *fingerprint
, const char *pubkeydir
) {
35 char rfname
[256] = {0};
37 snprintf(rfname
, sizeof(rfname
)-1, "%s/%s", pubkeydir
, fingerprint
);
38 if (readlink(rfname
, tml
, sizeof(tml
)) > 0 &&
39 !strcmp(tml
, ".revoked.")) {
49 * return WEXITSTATUS or -1 if fork fails
51 int usign_s(const char *msgfile
, const char *seckeyfile
, const char *sigfile
, bool quiet
) {
54 const char *usign_argv
[16] = {0};
55 unsigned int usign_argc
= 0;
57 usign_argv
[usign_argc
++] = USIGN_EXEC
;
58 usign_argv
[usign_argc
++] = "-S";
59 usign_argv
[usign_argc
++] = "-m";
60 usign_argv
[usign_argc
++] = msgfile
;
61 usign_argv
[usign_argc
++] = "-s";
62 usign_argv
[usign_argc
++] = seckeyfile
;
63 usign_argv
[usign_argc
++] = "-x";
64 usign_argv
[usign_argc
++] = sigfile
;
67 usign_argv
[usign_argc
++] = "-q";
75 execvp(usign_argv
[0], (char *const *)usign_argv
);
77 perror("Failed to execute usign");
81 waitpid(pid
, &status
, 0);
82 return WIFEXITED(status
) ? WEXITSTATUS(status
) : -1;
85 int usign_s(const char *msgfile
, const char *seckeyfile
, const char *sigfile
, bool quiet
) {
91 * call usign -F ... and set fingerprint returned
92 * return WEXITSTATUS or -1 if fork fails
94 static int usign_f(char fingerprint
[17], const char *pubkeyfile
, const char *seckeyfile
, const char *sigfile
, bool quiet
) {
99 const char *usign_argv
[16] = {0};
100 unsigned int usign_argc
= 0;
105 usign_argv
[usign_argc
++] = USIGN_EXEC
;
106 usign_argv
[usign_argc
++] = "-F";
109 usign_argv
[usign_argc
++] = "-p";
110 usign_argv
[usign_argc
++] = pubkeyfile
;
114 usign_argv
[usign_argc
++] = "-s";
115 usign_argv
[usign_argc
++] = seckeyfile
;
119 usign_argv
[usign_argc
++] = "-x";
120 usign_argv
[usign_argc
++] = sigfile
;
134 execvp(usign_argv
[0], (char *const *)usign_argv
);
136 perror("Failed to execute usign");
142 waitpid(pid
, &status
, 0);
143 status
= WIFEXITED(status
) ? WEXITSTATUS(status
) : -1;
145 if (!fingerprint
|| status
) {
150 f
= fdopen(fds
[0], "r");
151 if (fread(fingerprint
, 1, 16, f
) != 16)
157 fingerprint
[16] = '\0';
158 if (strspn(fingerprint
, "0123456789abcdefABCDEF") != 16)
165 * call usign -F -p ...
167 int usign_f_pubkey(char fingerprint
[17], const char *pubkeyfile
, bool quiet
) {
168 return usign_f(fingerprint
, pubkeyfile
, NULL
, NULL
, quiet
);
172 * call usign -F -s ...
174 int usign_f_seckey(char fingerprint
[17], const char *seckeyfile
, bool quiet
) {
175 return usign_f(fingerprint
, NULL
, seckeyfile
, NULL
, quiet
);
179 * call usign -F -x ...
181 int usign_f_sig(char fingerprint
[17], const char *sigfile
, bool quiet
) {
182 return usign_f(fingerprint
, NULL
, NULL
, sigfile
, quiet
);
188 * return WEXITSTATUS or -1 if fork fails
190 int usign_v(const char *msgfile
, const char *pubkeyfile
,
191 const char *pubkeydir
, const char *sigfile
, bool quiet
) {
194 const char *usign_argv
[16] = {0};
195 unsigned int usign_argc
= 0;
196 char fingerprint
[17];
198 if (usign_f_sig(fingerprint
, sigfile
, quiet
)) {
200 fprintf(stderr
, "cannot get signing key fingerprint\n");
204 if (pubkeydir
&& _usign_key_is_revoked(fingerprint
, pubkeydir
)) {
206 fprintf(stderr
, "key %s has been revoked!\n", fingerprint
);
209 usign_argv
[usign_argc
++] = USIGN_EXEC
;
210 usign_argv
[usign_argc
++] = "-V";
211 usign_argv
[usign_argc
++] = "-m";
212 usign_argv
[usign_argc
++] = msgfile
;
215 usign_argv
[usign_argc
++] = "-q";
218 usign_argv
[usign_argc
++] = "-p";
219 usign_argv
[usign_argc
++] = pubkeyfile
;
223 usign_argv
[usign_argc
++] = "-P";
224 usign_argv
[usign_argc
++] = pubkeydir
;
228 usign_argv
[usign_argc
++] = "-x";
229 usign_argv
[usign_argc
++] = sigfile
;
238 execvp(usign_argv
[0], (char *const *)usign_argv
);
240 perror("Failed to execute usign");
244 waitpid(pid
, &status
, 0);
245 return WIFEXITED(status
) ? WEXITSTATUS(status
) : -1;