usign-exec.c

   1 /*
   2  * wrapper functions around the usign executable
   3  * Copyright (C) 2018 Daniel Golle <daniel@makrotopia.org>
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License version 3
   7  * as published by the Free Software Foundation
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU General Public License for more details.
  13  */
  14
  15 #include <stdbool.h>
  16 #include <stdio.h>
  17 #include <string.h>
  18 #include <unistd.h>
  19 #include <sys/wait.h>
  20
  21 #include "usign.h"
  22
  23 #ifdef UCERT_HOST_BUILD
  24 #define USIGN_EXEC "usign"
  25 #else
  26 #define USIGN_EXEC "/usr/bin/usign"
  27 #endif
  28
  29 /*
  30  * check for revoker deadlink in pubkeydir
  31  * return true if a revoker exists, false otherwise
  32  */
  33 int _usign_key_is_revoked(const char *fingerprint, const char *pubkeydir) {
  34         char tml[64] = {0};
  35         char rfname[256] = {0};
  36
  37         snprintf(rfname, sizeof(rfname)-1, "%s/%s", pubkeydir, fingerprint);
  38         if (readlink(rfname, tml, sizeof(tml)) > 0 &&
  39             !strcmp(tml, ".revoked.")) {
  40                 return true;
  41         };
  42
  43         return false;
  44 }
  45
  46 #ifdef UCERT_FULL
  47 /*
  48  * call usign -S ...
  49  * return WEXITSTATUS or -1 if fork fails
  50  */
  51 int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) {
  52         pid_t pid;
  53         int status;
  54         const char *usign_argv[16] = {0};
  55         unsigned int usign_argc = 0;
  56
  57         usign_argv[usign_argc++] = USIGN_EXEC;
  58         usign_argv[usign_argc++] = "-S";
  59         usign_argv[usign_argc++] = "-m";
  60         usign_argv[usign_argc++] = msgfile;
  61         usign_argv[usign_argc++] = "-s";
  62         usign_argv[usign_argc++] = seckeyfile;
  63         usign_argv[usign_argc++] = "-x";
  64         usign_argv[usign_argc++] = sigfile;
  65
  66         if (quiet)
  67                 usign_argv[usign_argc++] = "-q";
  68
  69         pid = fork();
  70         switch (pid) {
  71         case -1:
  72                 return -1;
  73
  74         case 0:
  75                 execvp(usign_argv[0], (char *const *)usign_argv);
  76                 if (!quiet)
  77                         perror("Failed to execute usign");
  78                 _exit(1);
  79         }
  80
  81         waitpid(pid, &status, 0);
  82         return WIFEXITED(status) ? WEXITSTATUS(status) : -1;
  83 }
  84 #else
  85 int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) {
  86         return -1;
  87 };
  88 #endif
  89
  90 /*
  91  * call usign -F ... and set fingerprint returned
  92  * return WEXITSTATUS or -1 if fork fails
  93  */
  94 static int usign_f(char fingerprint[17], const char *pubkeyfile, const char *seckeyfile, const char *sigfile, bool quiet) {
  95         int fds[2];
  96         pid_t pid;
  97         int status;
  98         const char *usign_argv[16] = {0};
  99         unsigned int usign_argc = 0;
 100
 101         if (pipe(fds))
 102                 return -1;
 103
 104         usign_argv[usign_argc++] = USIGN_EXEC;
 105         usign_argv[usign_argc++] = "-F";
 106
 107         if (pubkeyfile) {
 108                 usign_argv[usign_argc++] = "-p";
 109                 usign_argv[usign_argc++] = pubkeyfile;
 110         }
 111
 112         if (seckeyfile) {
 113                 usign_argv[usign_argc++] = "-s";
 114                 usign_argv[usign_argc++] = seckeyfile;
 115         }
 116
 117         if (sigfile) {
 118                 usign_argv[usign_argc++] = "-x";
 119                 usign_argv[usign_argc++] = sigfile;
 120         }
 121
 122         pid = fork();
 123         switch (pid) {
 124         case -1:
 125                 return -1;
 126
 127         case 0:
 128                 dup2(fds[1], 1);
 129
 130                 close(fds[0]);
 131                 close(fds[1]);
 132
 133                 execvp(usign_argv[0], (char *const *)usign_argv);
 134                 if (!quiet)
 135                         perror("Failed to execute usign");
 136                 _exit(1);
 137         }
 138
 139         close(fds[1]);
 140
 141         waitpid(pid, &status, 0);
 142         status = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
 143
 144         if (fingerprint && !status) {
 145                 ssize_t r;
 146                 memset(fingerprint, 0, 17);
 147                 r = read(fds[0], fingerprint, 17);
 148                 if (r < 16)
 149                         status = -1;
 150
 151                 fingerprint[16] = '\0';
 152
 153         }
 154         close(fds[0]);
 155         return status;
 156 }
 157
 158 /*
 159  * call usign -F -p ...
 160  */
 161 int usign_f_pubkey(char fingerprint[17], const char *pubkeyfile, bool quiet) {
 162         return usign_f(fingerprint, pubkeyfile, NULL, NULL, quiet);
 163 }
 164
 165 /*
 166  * call usign -F -s ...
 167  */
 168 int usign_f_seckey(char fingerprint[17], const char *seckeyfile, bool quiet) {
 169         return usign_f(fingerprint, NULL, seckeyfile, NULL, quiet);
 170 }
 171
 172 /*
 173  * call usign -F -x ...
 174  */
 175 int usign_f_sig(char fingerprint[17], const char *sigfile, bool quiet) {
 176         return usign_f(fingerprint, NULL, NULL, sigfile, quiet);
 177 }
 178
 179
 180 /*
 181  * call usign -V ...
 182  * return WEXITSTATUS or -1 if fork fails
 183  */
 184 int usign_v(const char *msgfile, const char *pubkeyfile,
 185             const char *pubkeydir, const char *sigfile, bool quiet) {
 186         pid_t pid;
 187         int status;
 188         const char *usign_argv[16] = {0};
 189         unsigned int usign_argc = 0;
 190         char fingerprint[17];
 191
 192         if (usign_f_sig(fingerprint, sigfile, quiet)) {
 193                 if (!quiet)
 194                         fprintf(stderr, "cannot get signing key fingerprint\n");
 195                 return 1;
 196         }
 197
 198         if (pubkeydir && _usign_key_is_revoked(fingerprint, pubkeydir)) {
 199                 if (!quiet)
 200                         fprintf(stderr, "key %s has been revoked!\n", fingerprint);
 201                 return 1;
 202         }
 203         usign_argv[usign_argc++] = USIGN_EXEC;
 204         usign_argv[usign_argc++] = "-V";
 205         usign_argv[usign_argc++] = "-m";
 206         usign_argv[usign_argc++] = msgfile;
 207
 208         if (quiet)
 209                 usign_argv[usign_argc++] = "-q";
 210
 211         if (pubkeyfile) {
 212                 usign_argv[usign_argc++] = "-p";
 213                 usign_argv[usign_argc++] = pubkeyfile;
 214         }
 215
 216         if (pubkeydir) {
 217                 usign_argv[usign_argc++] = "-P";
 218                 usign_argv[usign_argc++] = pubkeydir;
 219         }
 220
 221         if (sigfile) {
 222                 usign_argv[usign_argc++] = "-x";
 223                 usign_argv[usign_argc++] = sigfile;
 224         }
 225
 226         pid = fork();
 227         switch (pid) {
 228         case -1:
 229                 return -1;
 230
 231         case 0:
 232                 execvp(usign_argv[0], (char *const *)usign_argv);
 233                 if (!quiet)
 234                         perror("Failed to execute usign");
 235                 _exit(1);
 236         }
 237
 238         waitpid(pid, &status, 0);
 239         return WIFEXITED(status) ? WEXITSTATUS(status) : -1;
 240 }