projects / project / ucert.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
usign-exec: simplify usign execv calls
[project/ucert.git] / usign-exec.c
1 /*
2 * wrapper functions around the usign executable
3 * Copyright (C) 2018 Daniel Golle <daniel@makrotopia.org>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 3
7 * as published by the Free Software Foundation
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 */
14
15 #include <stdbool.h>
16 #include <stdio.h>
17 #include <string.h>
18 #include <unistd.h>
19 #include <sys/wait.h>
20
21 #include "usign.h"
22
23 #ifdef UCERT_HOST_BUILD
24 #define USIGN_EXEC "usign"
25 #else
26 #define USIGN_EXEC "/usr/bin/usign"
27 #endif
28
29 /*
30 * check for revoker deadlink in pubkeydir
31 * return true if a revoker exists, false otherwise
32 */
33 int _usign_key_is_revoked(const char *fingerprint, const char *pubkeydir) {
34 char tml[64] = {0};
35 char rfname[256] = {0};
36
37 snprintf(rfname, sizeof(rfname)-1, "%s/%s", pubkeydir, fingerprint);
38 if (readlink(rfname, tml, sizeof(tml)) > 0 &&
39 !strcmp(tml, ".revoked.")) {
40 return true;
41 };
42
43 return false;
44 }
45
46 #ifdef UCERT_FULL
47 /*
48 * call usign -S ...
49 * return WEXITSTATUS or -1 if fork or execv fails
50 */
51 int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) {
52 pid_t pid;
53 int status;
54 const char *usign_argv[16] = {0};
55 unsigned int usign_argc = 0;
56
57 usign_argv[usign_argc++] = USIGN_EXEC;
58 usign_argv[usign_argc++] = "-S";
59 usign_argv[usign_argc++] = "-m";
60 usign_argv[usign_argc++] = msgfile;
61 usign_argv[usign_argc++] = "-s";
62 usign_argv[usign_argc++] = seckeyfile;
63 usign_argv[usign_argc++] = "-x";
64 usign_argv[usign_argc++] = sigfile;
65
66 if (quiet)
67 usign_argv[usign_argc++] = "-q";
68
69 pid = fork();
70 switch (pid) {
71 case -1:
72 return -1;
73
74 case 0:
75 if (execvp(usign_argv[0], (char *const *)usign_argv))
76 return -1;
77
78 break;
79
80 default:
81 waitpid(pid, &status, 0);
82 return WEXITSTATUS(status);
83 }
84
85 return -1;
86 }
87 #else
88 int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) {
89 return -1;
90 };
91 #endif
92
93 /*
94 * call usign -F ... and set fingerprint returned
95 * return WEXITSTATUS or -1 if fork or execv fails
96 */
97 static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckeyfile, const char *sigfile) {
98 int fds[2];
99 pid_t pid;
100 int status;
101 const char *usign_argv[16] = {0};
102 unsigned int usign_argc = 0;
103
104 if (pipe(fds))
105 return -1;
106
107 usign_argv[usign_argc++] = USIGN_EXEC;
108 usign_argv[usign_argc++] = "-F";
109
110 if (pubkeyfile) {
111 usign_argv[usign_argc++] = "-p";
112 usign_argv[usign_argc++] = pubkeyfile;
113 }
114
115 if (seckeyfile) {
116 usign_argv[usign_argc++] = "-s";
117 usign_argv[usign_argc++] = seckeyfile;
118 }
119
120 if (sigfile) {
121 usign_argv[usign_argc++] = "-x";
122 usign_argv[usign_argc++] = sigfile;
123 }
124
125 pid = fork();
126 switch (pid) {
127 case -1:
128 return -1;
129
130 case 0:
131 dup2(fds[1], 1);
132
133 close(0);
134 close(2);
135 close(fds[0]);
136 close(fds[1]);
137
138 if (execvp(usign_argv[0], (char *const *)usign_argv))
139 return -1;
140
141 break;
142
143 default:
144 waitpid(pid, &status, 0);
145 status = WEXITSTATUS(status);
146 if (fingerprint && !WEXITSTATUS(status)) {
147 ssize_t r;
148 memset(fingerprint, 0, 17);
149 r = read(fds[0], fingerprint, 17);
150 if (r < 16)
151 status = -1;
152
153 fingerprint[16] = '\0';
154
155 }
156 close(fds[0]);
157 close(fds[1]);
158 return status;
159 }
160
161 return -1;
162 }
163
164 /*
165 * call usign -F -p ...
166 */
167 int usign_f_pubkey(char *fingerprint, const char *pubkeyfile) {
168 return usign_f(fingerprint, pubkeyfile, NULL, NULL);
169 }
170
171 /*
172 * call usign -F -s ...
173 */
174 int usign_f_seckey(char *fingerprint, const char *seckeyfile) {
175 return usign_f(fingerprint, NULL, seckeyfile, NULL);
176 }
177
178 /*
179 * call usign -F -x ...
180 */
181 int usign_f_sig(char *fingerprint, const char *sigfile) {
182 return usign_f(fingerprint, NULL, NULL, sigfile);
183 }
184
185
186 /*
187 * call usign -V ...
188 * return WEXITSTATUS or -1 if fork or execv fails
189 */
190 int usign_v(const char *msgfile, const char *pubkeyfile,
191 const char *pubkeydir, const char *sigfile, bool quiet) {
192 pid_t pid;
193 int status;
194 const char *usign_argv[16] = {0};
195 unsigned int usign_argc = 0;
196 char fingerprint[17];
197
198 if (usign_f_sig(fingerprint, sigfile)) {
199 if (!quiet)
200 fprintf(stderr, "cannot get signing key fingerprint\n");
201 return 1;
202 }
203
204 if (pubkeydir && _usign_key_is_revoked(fingerprint, pubkeydir)) {
205 if (!quiet)
206 fprintf(stderr, "key %s has been revoked!\n", fingerprint);
207 return 1;
208 }
209 usign_argv[usign_argc++] = USIGN_EXEC;
210 usign_argv[usign_argc++] = "-V";
211 usign_argv[usign_argc++] = "-m";
212 usign_argv[usign_argc++] = msgfile;
213
214 if (quiet)
215 usign_argv[usign_argc++] = "-q";
216
217 if (pubkeyfile) {
218 usign_argv[usign_argc++] = "-p";
219 usign_argv[usign_argc++] = pubkeyfile;
220 }
221
222 if (pubkeydir) {
223 usign_argv[usign_argc++] = "-P";
224 usign_argv[usign_argc++] = pubkeydir;
225 }
226
227 if (sigfile) {
228 usign_argv[usign_argc++] = "-x";
229 usign_argv[usign_argc++] = sigfile;
230 }
231
232 pid = fork();
233 switch (pid) {
234 case -1:
235 return -1;
236
237 case 0:
238 if (execvp(usign_argv[0], (char *const *)usign_argv))
239 return -1;
240
241 break;
242
243 default:
244 waitpid(pid, &status, 0);
245 return WEXITSTATUS(status);
246 }
247
248 return -1;
249 }
OpenWrt usign certificate wrapper