projects / project / ucert.git / blob
? search:


c9aecf99f9c05965157b92732bdd865391c01ab4
[project/ucert.git] / usign-exec.c
1 /*
2 * wrapper functions around the usign executable
3 * Copyright (C) 2018 Daniel Golle <daniel@makrotopia.org>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 3
7 * as published by the Free Software Foundation
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 */
14
15 #include <stdbool.h>
16 #include <stdio.h>
17 #include <string.h>
18 #include <unistd.h>
19 #include <sys/wait.h>
20
21 #include "usign.h"
22
23 #ifdef UCERT_HOST_BUILD
24 #define USIGN_EXEC "usign"
25 #else
26 #define USIGN_EXEC "/usr/bin/usign"
27 #endif
28
29 /*
30 * check for revoker deadlink in pubkeydir
31 * return true if a revoker exists, false otherwise
32 */
33 int _usign_key_is_revoked(const char *fingerprint, const char *pubkeydir) {
34 char tml[64] = {0};
35 char rfname[256] = {0};
36
37 snprintf(rfname, sizeof(rfname)-1, "%s/%s", pubkeydir, fingerprint);
38 if (readlink(rfname, tml, sizeof(tml)) > 0 &&
39 !strcmp(tml, ".revoked.")) {
40 return true;
41 };
42
43 return false;
44 }
45
46 #ifdef UCERT_FULL
47 /*
48 * call usign -S ...
49 * return WEXITSTATUS or -1 if fork fails
50 */
51 int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) {
52 pid_t pid;
53 int status;
54 const char *usign_argv[16] = {0};
55 unsigned int usign_argc = 0;
56
57 usign_argv[usign_argc++] = USIGN_EXEC;
58 usign_argv[usign_argc++] = "-S";
59 usign_argv[usign_argc++] = "-m";
60 usign_argv[usign_argc++] = msgfile;
61 usign_argv[usign_argc++] = "-s";
62 usign_argv[usign_argc++] = seckeyfile;
63 usign_argv[usign_argc++] = "-x";
64 usign_argv[usign_argc++] = sigfile;
65
66 if (quiet)
67 usign_argv[usign_argc++] = "-q";
68
69 pid = fork();
70 switch (pid) {
71 case -1:
72 return -1;
73
74 case 0:
75 execvp(usign_argv[0], (char *const *)usign_argv);
76 if (!quiet)
77 perror("Failed to execute usign");
78 _exit(1);
79 }
80
81 waitpid(pid, &status, 0);
82 return WEXITSTATUS(status);
83 }
84 #else
85 int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) {
86 return -1;
87 };
88 #endif
89
90 /*
91 * call usign -F ... and set fingerprint returned
92 * return WEXITSTATUS or -1 if fork fails
93 */
94 static int usign_f(char fingerprint[17], const char *pubkeyfile, const char *seckeyfile, const char *sigfile, bool quiet) {
95 int fds[2];
96 pid_t pid;
97 int status;
98 const char *usign_argv[16] = {0};
99 unsigned int usign_argc = 0;
100
101 if (pipe(fds))
102 return -1;
103
104 usign_argv[usign_argc++] = USIGN_EXEC;
105 usign_argv[usign_argc++] = "-F";
106
107 if (pubkeyfile) {
108 usign_argv[usign_argc++] = "-p";
109 usign_argv[usign_argc++] = pubkeyfile;
110 }
111
112 if (seckeyfile) {
113 usign_argv[usign_argc++] = "-s";
114 usign_argv[usign_argc++] = seckeyfile;
115 }
116
117 if (sigfile) {
118 usign_argv[usign_argc++] = "-x";
119 usign_argv[usign_argc++] = sigfile;
120 }
121
122 pid = fork();
123 switch (pid) {
124 case -1:
125 return -1;
126
127 case 0:
128 dup2(fds[1], 1);
129
130 close(fds[0]);
131 close(fds[1]);
132
133 execvp(usign_argv[0], (char *const *)usign_argv);
134 if (!quiet)
135 perror("Failed to execute usign");
136 _exit(1);
137 }
138
139 waitpid(pid, &status, 0);
140 status = WEXITSTATUS(status);
141 if (fingerprint && !WEXITSTATUS(status)) {
142 ssize_t r;
143 memset(fingerprint, 0, 17);
144 r = read(fds[0], fingerprint, 17);
145 if (r < 16)
146 status = -1;
147
148 fingerprint[16] = '\0';
149
150 }
151 close(fds[0]);
152 close(fds[1]);
153 return status;
154 }
155
156 /*
157 * call usign -F -p ...
158 */
159 int usign_f_pubkey(char fingerprint[17], const char *pubkeyfile, bool quiet) {
160 return usign_f(fingerprint, pubkeyfile, NULL, NULL, quiet);
161 }
162
163 /*
164 * call usign -F -s ...
165 */
166 int usign_f_seckey(char fingerprint[17], const char *seckeyfile, bool quiet) {
167 return usign_f(fingerprint, NULL, seckeyfile, NULL, quiet);
168 }
169
170 /*
171 * call usign -F -x ...
172 */
173 int usign_f_sig(char fingerprint[17], const char *sigfile, bool quiet) {
174 return usign_f(fingerprint, NULL, NULL, sigfile, quiet);
175 }
176
177
178 /*
179 * call usign -V ...
180 * return WEXITSTATUS or -1 if fork fails
181 */
182 int usign_v(const char *msgfile, const char *pubkeyfile,
183 const char *pubkeydir, const char *sigfile, bool quiet) {
184 pid_t pid;
185 int status;
186 const char *usign_argv[16] = {0};
187 unsigned int usign_argc = 0;
188 char fingerprint[17];
189
190 if (usign_f_sig(fingerprint, sigfile, quiet)) {
191 if (!quiet)
192 fprintf(stderr, "cannot get signing key fingerprint\n");
193 return 1;
194 }
195
196 if (pubkeydir && _usign_key_is_revoked(fingerprint, pubkeydir)) {
197 if (!quiet)
198 fprintf(stderr, "key %s has been revoked!\n", fingerprint);
199 return 1;
200 }
201 usign_argv[usign_argc++] = USIGN_EXEC;
202 usign_argv[usign_argc++] = "-V";
203 usign_argv[usign_argc++] = "-m";
204 usign_argv[usign_argc++] = msgfile;
205
206 if (quiet)
207 usign_argv[usign_argc++] = "-q";
208
209 if (pubkeyfile) {
210 usign_argv[usign_argc++] = "-p";
211 usign_argv[usign_argc++] = pubkeyfile;
212 }
213
214 if (pubkeydir) {
215 usign_argv[usign_argc++] = "-P";
216 usign_argv[usign_argc++] = pubkeydir;
217 }
218
219 if (sigfile) {
220 usign_argv[usign_argc++] = "-x";
221 usign_argv[usign_argc++] = sigfile;
222 }
223
224 pid = fork();
225 switch (pid) {
226 case -1:
227 return -1;
228
229 case 0:
230 execvp(usign_argv[0], (char *const *)usign_argv);
231 if (!quiet)
232 perror("Failed to execute usign");
233 _exit(1);
234 }
235
236 waitpid(pid, &status, 0);
237 return WEXITSTATUS(status);
238 }
OpenWrt usign certificate wrapper