usign-exec.c

   1 /*
   2  * wrapper functions around the usign executable
   3  * Copyright (C) 2018 Daniel Golle <daniel@makrotopia.org>
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License version 3
   7  * as published by the Free Software Foundation
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU General Public License for more details.
  13  */
  14
  15 #include <stdbool.h>
  16 #include <stdio.h>
  17 #include <string.h>
  18 #include <unistd.h>
  19 #include <sys/wait.h>
  20
  21 #include "usign.h"
  22
  23 #define USIGN_EXEC "/usr/bin/usign"
  24
  25 /*
  26  * check for revoker deadlink in pubkeydir
  27  * return true if a revoker exists, false otherwise
  28  */
  29 int _usign_key_is_revoked(const char *fingerprint, const char *pubkeydir) {
  30         char tml[64] = {0};
  31         char rfname[256] = {0};
  32
  33         snprintf(rfname, sizeof(rfname)-1, "%s/%s", pubkeydir, fingerprint);
  34         if (readlink(rfname, tml, sizeof(tml)) > 0 &&
  35             !strcmp(tml, ".revoked.")) {
  36                 return true;
  37         };
  38
  39         return false;
  40 }
  41
  42 #ifdef UCERT_FULL
  43 /*
  44  * call usign -S ...
  45  * return WEXITSTATUS or -1 if fork or execv fails
  46  */
  47 int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) {
  48         pid_t pid;
  49         int status;
  50         const char *usign_argv[16] = {0};
  51         unsigned int usign_argc = 0;
  52
  53         usign_argv[usign_argc++] = USIGN_EXEC;
  54         usign_argv[usign_argc++] = "-S";
  55         usign_argv[usign_argc++] = "-m";
  56         usign_argv[usign_argc++] = msgfile;
  57         usign_argv[usign_argc++] = "-s";
  58         usign_argv[usign_argc++] = seckeyfile;
  59         usign_argv[usign_argc++] = "-x";
  60         usign_argv[usign_argc++] = sigfile;
  61
  62         if (quiet)
  63                 usign_argv[usign_argc++] = "-q";
  64
  65         pid = fork();
  66         switch (pid) {
  67         case -1:
  68                 return -1;
  69
  70         case 0:
  71                 if (execv(usign_argv[0], usign_argv))
  72                         return -1;
  73
  74                 break;
  75
  76         default:
  77                 waitpid(pid, &status, 0);
  78                 return WEXITSTATUS(status);
  79         }
  80
  81         return -1;
  82 }
  83 #else
  84 int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) {
  85         return -1;
  86 };
  87 #endif
  88
  89 /*
  90  * call usign -F ... and set fingerprint returned
  91  * return WEXITSTATUS or -1 if fork or execv fails
  92  */
  93 static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckeyfile, const char *sigfile) {
  94         int fds[2];
  95         pid_t pid;
  96         int status;
  97         const char *usign_argv[16] = {0};
  98         unsigned int usign_argc = 0;
  99
 100         if (pipe(fds))
 101                 return -1;
 102
 103         usign_argv[usign_argc++] = USIGN_EXEC;
 104         usign_argv[usign_argc++] = "-F";
 105
 106         if (pubkeyfile) {
 107                 usign_argv[usign_argc++] = "-p";
 108                 usign_argv[usign_argc++] = pubkeyfile;
 109         }
 110
 111         if (seckeyfile) {
 112                 usign_argv[usign_argc++] = "-s";
 113                 usign_argv[usign_argc++] = seckeyfile;
 114         }
 115
 116         if (sigfile) {
 117                 usign_argv[usign_argc++] = "-x";
 118                 usign_argv[usign_argc++] = sigfile;
 119         }
 120
 121         pid = fork();
 122         switch (pid) {
 123         case -1:
 124                 return -1;
 125
 126         case 0:
 127                 dup2(fds[1], 1);
 128
 129                 close(0);
 130                 close(2);
 131                 close(fds[0]);
 132                 close(fds[1]);
 133
 134                 if (execv(usign_argv[0], usign_argv))
 135                         return -1;
 136
 137                 break;
 138
 139         default:
 140                 waitpid(pid, &status, 0);
 141                 status = WEXITSTATUS(status);
 142                 if (fingerprint && !WEXITSTATUS(status)) {
 143                         memset(fingerprint, 0, 17);
 144                         read(fds[0], fingerprint, 17);
 145                         if (fingerprint[16] != '\n')
 146                                 status = -1;
 147
 148                         fingerprint[16] = '\0';
 149
 150                 }
 151                 close(fds[0]);
 152                 close(fds[1]);
 153                 return status;
 154         }
 155
 156         return -1;
 157 }
 158
 159 /*
 160  * call usign -F -p ...
 161  */
 162 int usign_f_pubkey(char *fingerprint, const char *pubkeyfile) {
 163         return usign_f(fingerprint, pubkeyfile, NULL, NULL);
 164 }
 165
 166 /*
 167  * call usign -F -s ...
 168  */
 169 int usign_f_seckey(char *fingerprint, const char *seckeyfile) {
 170         return usign_f(fingerprint, NULL, seckeyfile, NULL);
 171 }
 172
 173 /*
 174  * call usign -F -x ...
 175  */
 176 int usign_f_sig(char *fingerprint, const char *sigfile) {
 177         return usign_f(fingerprint, NULL, NULL, sigfile);
 178 }
 179
 180
 181 /*
 182  * call usign -V ...
 183  * return WEXITSTATUS or -1 if fork or execv fails
 184  */
 185 int usign_v(const char *msgfile, const char *pubkeyfile,
 186             const char *pubkeydir, const char *sigfile, bool quiet) {
 187         pid_t pid;
 188         int status;
 189         const char *usign_argv[16] = {0};
 190         unsigned int usign_argc = 0;
 191         char fingerprint[17];
 192
 193         if (usign_f_sig(fingerprint, sigfile)) {
 194                 if (!quiet)
 195                         fprintf(stdout, "cannot get signing key fingerprint\n");
 196                 return 1;
 197         }
 198
 199         if (pubkeydir && _usign_key_is_revoked(fingerprint, pubkeydir)) {
 200                 if (!quiet)
 201                         fprintf(stdout, "key %s has been revoked!\n", fingerprint);
 202                 return 1;
 203         }
 204         usign_argv[usign_argc++] = USIGN_EXEC;
 205         usign_argv[usign_argc++] = "-V";
 206         usign_argv[usign_argc++] = "-m";
 207         usign_argv[usign_argc++] = msgfile;
 208
 209         if (quiet)
 210                 usign_argv[usign_argc++] = "-q";
 211
 212         if (pubkeyfile) {
 213                 usign_argv[usign_argc++] = "-p";
 214                 usign_argv[usign_argc++] = pubkeyfile;
 215         }
 216
 217         if (pubkeydir) {
 218                 usign_argv[usign_argc++] = "-P";
 219                 usign_argv[usign_argc++] = pubkeydir;
 220         }
 221
 222         if (sigfile) {
 223                 usign_argv[usign_argc++] = "-x";
 224                 usign_argv[usign_argc++] = sigfile;
 225         }
 226
 227         pid = fork();
 228         switch (pid) {
 229         case -1:
 230                 return -1;
 231
 232         case 0:
 233                 if (execv(usign_argv[0], usign_argv))
 234                         return -1;
 235
 236                 break;
 237
 238         default:
 239                 waitpid(pid, &status, 0);
 240                 return WEXITSTATUS(status);
 241         }
 242
 243         return -1;
 244 }