usign-exec.c

   1 /*
   2  * wrapper functions around the usign executable
   3  * Copyright (C) 2018 Daniel Golle <daniel@makrotopia.org>
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License version 3
   7  * as published by the Free Software Foundation
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU General Public License for more details.
  13  */
  14
  15 #include <stdbool.h>
  16 #include <stdio.h>
  17 #include <string.h>
  18 #include <unistd.h>
  19 #include <sys/wait.h>
  20
  21 #include "usign.h"
  22
  23 #ifdef UCERT_HOST_BUILD
  24 #define USIGN_EXEC "usign"
  25 #else
  26 #define USIGN_EXEC "/usr/bin/usign"
  27 #endif
  28
  29 /*
  30  * check for revoker deadlink in pubkeydir
  31  * return true if a revoker exists, false otherwise
  32  */
  33 int _usign_key_is_revoked(const char *fingerprint, const char *pubkeydir) {
  34         char tml[64] = {0};
  35         char rfname[256] = {0};
  36
  37         snprintf(rfname, sizeof(rfname)-1, "%s/%s", pubkeydir, fingerprint);
  38         if (readlink(rfname, tml, sizeof(tml)) > 0 &&
  39             !strcmp(tml, ".revoked.")) {
  40                 return true;
  41         };
  42
  43         return false;
  44 }
  45
  46 #ifdef UCERT_FULL
  47 /*
  48  * call usign -S ...
  49  * return WEXITSTATUS or -1 if fork or execv fails
  50  */
  51 int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) {
  52         pid_t pid;
  53         int status;
  54         const char *usign_argv[16] = {0};
  55         unsigned int usign_argc = 0;
  56
  57         usign_argv[usign_argc++] = USIGN_EXEC;
  58         usign_argv[usign_argc++] = "-S";
  59         usign_argv[usign_argc++] = "-m";
  60         usign_argv[usign_argc++] = msgfile;
  61         usign_argv[usign_argc++] = "-s";
  62         usign_argv[usign_argc++] = seckeyfile;
  63         usign_argv[usign_argc++] = "-x";
  64         usign_argv[usign_argc++] = sigfile;
  65
  66         if (quiet)
  67                 usign_argv[usign_argc++] = "-q";
  68
  69         pid = fork();
  70         switch (pid) {
  71         case -1:
  72                 return -1;
  73
  74         case 0:
  75                 if (
  76 #ifdef UCERT_HOST_BUILD
  77                         execvp(usign_argv[0], usign_argv)
  78 #else
  79                         execv(usign_argv[0], usign_argv)
  80 #endif
  81                    )
  82                         return -1;
  83
  84                 break;
  85
  86         default:
  87                 waitpid(pid, &status, 0);
  88                 return WEXITSTATUS(status);
  89         }
  90
  91         return -1;
  92 }
  93 #else
  94 int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) {
  95         return -1;
  96 };
  97 #endif
  98
  99 /*
 100  * call usign -F ... and set fingerprint returned
 101  * return WEXITSTATUS or -1 if fork or execv fails
 102  */
 103 static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckeyfile, const char *sigfile) {
 104         int fds[2];
 105         pid_t pid;
 106         int status;
 107         const char *usign_argv[16] = {0};
 108         unsigned int usign_argc = 0;
 109
 110         if (pipe(fds))
 111                 return -1;
 112
 113         usign_argv[usign_argc++] = USIGN_EXEC;
 114         usign_argv[usign_argc++] = "-F";
 115
 116         if (pubkeyfile) {
 117                 usign_argv[usign_argc++] = "-p";
 118                 usign_argv[usign_argc++] = pubkeyfile;
 119         }
 120
 121         if (seckeyfile) {
 122                 usign_argv[usign_argc++] = "-s";
 123                 usign_argv[usign_argc++] = seckeyfile;
 124         }
 125
 126         if (sigfile) {
 127                 usign_argv[usign_argc++] = "-x";
 128                 usign_argv[usign_argc++] = sigfile;
 129         }
 130
 131         pid = fork();
 132         switch (pid) {
 133         case -1:
 134                 return -1;
 135
 136         case 0:
 137                 dup2(fds[1], 1);
 138
 139                 close(0);
 140                 close(2);
 141                 close(fds[0]);
 142                 close(fds[1]);
 143
 144                 if (
 145 #ifdef UCERT_HOST_BUILD
 146                     execvp(usign_argv[0], usign_argv)
 147 #else
 148                     execv(usign_argv[0], usign_argv)
 149 #endif
 150                    )
 151                         return -1;
 152
 153                 break;
 154
 155         default:
 156                 waitpid(pid, &status, 0);
 157                 status = WEXITSTATUS(status);
 158                 if (fingerprint && !WEXITSTATUS(status)) {
 159                         memset(fingerprint, 0, 17);
 160                         read(fds[0], fingerprint, 17);
 161                         if (fingerprint[16] != '\n')
 162                                 status = -1;
 163
 164                         fingerprint[16] = '\0';
 165
 166                 }
 167                 close(fds[0]);
 168                 close(fds[1]);
 169                 return status;
 170         }
 171
 172         return -1;
 173 }
 174
 175 /*
 176  * call usign -F -p ...
 177  */
 178 int usign_f_pubkey(char *fingerprint, const char *pubkeyfile) {
 179         return usign_f(fingerprint, pubkeyfile, NULL, NULL);
 180 }
 181
 182 /*
 183  * call usign -F -s ...
 184  */
 185 int usign_f_seckey(char *fingerprint, const char *seckeyfile) {
 186         return usign_f(fingerprint, NULL, seckeyfile, NULL);
 187 }
 188
 189 /*
 190  * call usign -F -x ...
 191  */
 192 int usign_f_sig(char *fingerprint, const char *sigfile) {
 193         return usign_f(fingerprint, NULL, NULL, sigfile);
 194 }
 195
 196
 197 /*
 198  * call usign -V ...
 199  * return WEXITSTATUS or -1 if fork or execv fails
 200  */
 201 int usign_v(const char *msgfile, const char *pubkeyfile,
 202             const char *pubkeydir, const char *sigfile, bool quiet) {
 203         pid_t pid;
 204         int status;
 205         const char *usign_argv[16] = {0};
 206         unsigned int usign_argc = 0;
 207         char fingerprint[17];
 208
 209         if (usign_f_sig(fingerprint, sigfile)) {
 210                 if (!quiet)
 211                         fprintf(stdout, "cannot get signing key fingerprint\n");
 212                 return 1;
 213         }
 214
 215         if (pubkeydir && _usign_key_is_revoked(fingerprint, pubkeydir)) {
 216                 if (!quiet)
 217                         fprintf(stdout, "key %s has been revoked!\n", fingerprint);
 218                 return 1;
 219         }
 220         usign_argv[usign_argc++] = USIGN_EXEC;
 221         usign_argv[usign_argc++] = "-V";
 222         usign_argv[usign_argc++] = "-m";
 223         usign_argv[usign_argc++] = msgfile;
 224
 225         if (quiet)
 226                 usign_argv[usign_argc++] = "-q";
 227
 228         if (pubkeyfile) {
 229                 usign_argv[usign_argc++] = "-p";
 230                 usign_argv[usign_argc++] = pubkeyfile;
 231         }
 232
 233         if (pubkeydir) {
 234                 usign_argv[usign_argc++] = "-P";
 235                 usign_argv[usign_argc++] = pubkeydir;
 236         }
 237
 238         if (sigfile) {
 239                 usign_argv[usign_argc++] = "-x";
 240                 usign_argv[usign_argc++] = sigfile;
 241         }
 242
 243         pid = fork();
 244         switch (pid) {
 245         case -1:
 246                 return -1;
 247
 248         case 0:
 249                 if (
 250 #ifdef UCERT_HOST_BUILD
 251                     execvp(usign_argv[0], usign_argv)
 252 #else
 253                     execv(usign_argv[0], usign_argv)
 254 #endif
 255                    )
 256                         return -1;
 257
 258                 break;
 259
 260         default:
 261                 waitpid(pid, &status, 0);
 262                 return WEXITSTATUS(status);
 263         }
 264
 265         return -1;
 266 }