From: Daniel Golle Date: Thu, 7 Jun 2018 19:28:50 +0000 (+0200) Subject: take care of revokers in verify path X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=b0a87a068a887f2cab43b6e48a94468804ee977c;p=oweals%2Fucert.git take care of revokers in verify path Signed-off-by: Daniel Golle This work was sponsored by WIO (wiowireless.com) --- diff --git a/ucert.c b/ucert.c index 13975d1..8887a53 100644 --- a/ucert.c +++ b/ucert.c @@ -226,6 +226,7 @@ static int chain_verify(const char *msgfile, const char *pubkeyfile, struct blob_attr *payloadtb[CERT_PL_ATTR_MAX]; char tmpdir[] = "/tmp/ucert-XXXXXX"; char chainedpubkey[256] = {0}; + char chainedfp[17] = {0}; char extsigfile[256] = {0}; int ret = 1; int checkmsg = 0; @@ -295,6 +296,19 @@ static int chain_verify(const char *msgfile, const char *pubkeyfile, blobmsg_data(payloadtb[CERT_PL_ATTR_PUBKEY]), blobmsg_data_len(payloadtb[CERT_PL_ATTR_PUBKEY]), false); + + if (usign_f_pubkey(chainedfp, chainedpubkey)) { + if (!quiet) + fprintf(stderr, "cannot get fingerprint for chained key\n"); + ret = 2; + goto clean_and_return; + } + if (pubkeydir && _usign_key_is_revoked(chainedfp, pubkeydir)) { + if (!quiet) + fprintf(stderr, "key %s has been revoked!\n", chainedfp); + ret = 4; + goto clean_and_return; + } } else { /* blob doesn't have payload, verify message using signature */ if (msgfile) { @@ -500,9 +514,9 @@ static int cert_process_revoker(const char *certfile, const char *pubkeydir) { if (!payloadtb[CERT_PL_ATTR_CERTTYPE] || !payloadtb[CERT_PL_ATTR_VALIDFROMTIME] || !payloadtb[CERT_PL_ATTR_KEY_FINGERPRINT]) { - fprintf(stderr, "missing mandatory ucert attributes\n"); - return 2; - } + fprintf(stderr, "missing mandatory ucert attributes\n"); + return 2; + } certtype = blobmsg_get_u32(payloadtb[CERT_PL_ATTR_CERTTYPE]); validfrom = blobmsg_get_u64(payloadtb[CERT_PL_ATTR_VALIDFROMTIME]); @@ -521,10 +535,7 @@ static int cert_process_revoker(const char *certfile, const char *pubkeydir) { snprintf(rfname, sizeof(rfname)-1, "%s/%s", pubkeydir, fingerprint); /* check if entry in pubkeydir exists */ if (stat(rfname, &st) == 0) { - char tml[64] = {0}; - /* if it's an existing revoker deadlink we are happy */ - if (readlink(rfname, tml, sizeof(tml)) > 0 && - !strcmp(tml, ".revoked.")) { + if (_usign_key_is_revoked(fingerprint, pubkeydir)) { if (!quiet) fprintf(stdout, "existing revoker deadlink for key %s\n", fingerprint); continue; diff --git a/usign-exec.c b/usign-exec.c index 9112988..d88f750 100644 --- a/usign-exec.c +++ b/usign-exec.c @@ -1,59 +1,11 @@ #include +#include #include #include #include #include "usign.h" -int usign_v(const char *msgfile, const char *pubkeyfile, - const char *pubkeydir, const char *sigfile, bool quiet) { - pid_t pid; - int status; - const char *usign_argv[16] = {0}; - unsigned int usign_argc = 0; - - usign_argv[usign_argc++] = "/usr/bin/usign"; - usign_argv[usign_argc++] = "-V"; - usign_argv[usign_argc++] = "-m"; - usign_argv[usign_argc++] = msgfile; - - if (quiet) - usign_argv[usign_argc++] = "-q"; - - if (pubkeyfile) { - usign_argv[usign_argc++] = "-p"; - usign_argv[usign_argc++] = pubkeyfile; - } - - if (pubkeydir) { - usign_argv[usign_argc++] = "-P"; - usign_argv[usign_argc++] = pubkeydir; - } - - if (sigfile) { - usign_argv[usign_argc++] = "-x"; - usign_argv[usign_argc++] = sigfile; - } - - pid = fork(); - switch (pid) { - case -1: - return -1; - - case 0: - if (execv(usign_argv[0], usign_argv)) - return -1; - - break; - - default: - waitpid(pid, &status, 0); - return WEXITSTATUS(status); - } - - return -1; -} - int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) { pid_t pid; int status; @@ -163,3 +115,72 @@ int usign_f_seckey(char *fingerprint, const char *seckeyfile) { int usign_f_sig(char *fingerprint, const char *sigfile) { return usign_f(fingerprint, NULL, NULL, sigfile); } + +int _usign_key_is_revoked(const char *fingerprint, const char *pubkeydir) { + char tml[64] = {0}; + char rfname[256] = {0}; + + snprintf(rfname, sizeof(rfname)-1, "%s/%s", pubkeydir, fingerprint); + if (readlink(rfname, tml, sizeof(tml)) > 0 && + !strcmp(tml, ".revoked.")) { + return true; + }; + + return false; +} + +int usign_v(const char *msgfile, const char *pubkeyfile, + const char *pubkeydir, const char *sigfile, bool quiet) { + pid_t pid; + int status; + const char *usign_argv[16] = {0}; + unsigned int usign_argc = 0; + char fingerprint[17]; + + if (usign_f_sig(fingerprint, sigfile)) + return 1; + + if (pubkeydir && _usign_key_is_revoked(fingerprint, pubkeydir)) + return 1; + + usign_argv[usign_argc++] = "/usr/bin/usign"; + usign_argv[usign_argc++] = "-V"; + usign_argv[usign_argc++] = "-m"; + usign_argv[usign_argc++] = msgfile; + + if (quiet) + usign_argv[usign_argc++] = "-q"; + + if (pubkeyfile) { + usign_argv[usign_argc++] = "-p"; + usign_argv[usign_argc++] = pubkeyfile; + } + + if (pubkeydir) { + usign_argv[usign_argc++] = "-P"; + usign_argv[usign_argc++] = pubkeydir; + } + + if (sigfile) { + usign_argv[usign_argc++] = "-x"; + usign_argv[usign_argc++] = sigfile; + } + + pid = fork(); + switch (pid) { + case -1: + return -1; + + case 0: + if (execv(usign_argv[0], usign_argv)) + return -1; + + break; + + default: + waitpid(pid, &status, 0); + return WEXITSTATUS(status); + } + + return -1; +} diff --git a/usign.h b/usign.h index e2f8e21..de52f17 100644 --- a/usign.h +++ b/usign.h @@ -8,3 +8,5 @@ int usign_f_pubkey(char *fingerprint, const char *pubkeyfile); int usign_f_seckey(char *fingerprint, const char *seckeyfile); int usign_f_sig(char *fingerprint, const char *sigfile); + +int _usign_key_is_revoked(const char *fingerprint, const char *pubkeydir);