From ca6d1ffd41f20fdaea517dd74492bbf2f635c859 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Wed, 6 Jun 2018 21:12:50 +0200 Subject: [PATCH] add usign-exec.c create C function wrappers calling the /usr/bin/usign executable and processing the results. usign_v() : usign -V ... usign_s() : usign -S ... usign_f_*() : usign -F ... Signed-off-by: Daniel Golle This work was sponsored by WIO (wiowireless.com) --- CMakeLists.txt | 2 +- ucert.c | 14 ++++- usign-exec.c | 162 +++++++++++++++++++++++++++++++++++++++++++++++++ usign.h | 10 +++ 4 files changed, 184 insertions(+), 4 deletions(-) create mode 100644 usign-exec.c create mode 100644 usign.h diff --git a/CMakeLists.txt b/CMakeLists.txt index 5b63312..c86c3bf 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -7,6 +7,6 @@ SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "") find_library(json NAMES json-c json) -ADD_EXECUTABLE(ucert ucert.c) +ADD_EXECUTABLE(ucert ucert.c usign-exec.c) TARGET_LINK_LIBRARIES(ucert ubox blobmsg_json ${json}) INSTALL(TARGETS ucert RUNTIME DESTINATION bin) diff --git a/ucert.c b/ucert.c index 9afca1c..06b46bb 100644 --- a/ucert.c +++ b/ucert.c @@ -33,6 +33,8 @@ #include #include +#include "usign.h" + #define CERT_BUF_LEN 4096 static enum { @@ -107,9 +109,7 @@ static int cert_load(const char *certfile, struct blob_attr *certtb[]) { if (ret) return 1; - blob_parse(certbuf.head, certtb, cert_policy, CERT_ATTR_MAX); - - return 0; + return (blob_parse(certbuf.head, certtb, cert_policy, CERT_ATTR_MAX) != 0); } static int cert_append(const char *certfile, const char *pubkeyfile, const char *sigfile) { @@ -129,6 +129,14 @@ static int cert_dump(const char *certfile) { } static int cert_issue(const char *certfile, const char *pubkeyfile, const char *seckeyfile) { + struct blob_buf certbuf; + struct blob_buf payloadbuf; + + blob_buf_init(&payloadbuf, 0); +/* usign_s() */ + + blob_buf_init(&certbuf, 0); + fprintf(stderr, "not implemented\n"); return 1; } diff --git a/usign-exec.c b/usign-exec.c new file mode 100644 index 0000000..d25f9b6 --- /dev/null +++ b/usign-exec.c @@ -0,0 +1,162 @@ +#include +#include +#include +#include + +#include "usign.h" + +int usign_v(const char *msgfile, const char *pubkeyfile, + const char *pubkeydir, const char *sigfile, bool quiet) { + pid_t pid; + int status; + const char *usign_argv[16] = {0}; + unsigned int usign_argc = 0; + + usign_argv[usign_argc++] = "/usr/bin/usign"; + usign_argv[usign_argc++] = "-V"; + usign_argv[usign_argc++] = "-m"; + usign_argv[usign_argc++] = msgfile; + + if (quiet) + usign_argv[usign_argc++] = "-q"; + + if (pubkeyfile) { + usign_argv[usign_argc++] = "-p"; + usign_argv[usign_argc++] = pubkeyfile; + } + + if (pubkeydir) { + usign_argv[usign_argc++] = "-P"; + usign_argv[usign_argc++] = pubkeydir; + } + + pid = fork(); + switch (pid) { + case -1: + return -1; + + case 0: + if (execv(usign_argv[0], usign_argv)) + return -1; + + break; + + default: + waitpid(pid, &status, 0); + return WEXITSTATUS(status); + } + + return -1; +} + +int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) { + pid_t pid; + int status; + const char *usign_argv[16] = {0}; + unsigned int usign_argc = 0; + + usign_argv[usign_argc++] = "/usr/bin/usign"; + usign_argv[usign_argc++] = "-S"; + usign_argv[usign_argc++] = "-m"; + usign_argv[usign_argc++] = msgfile; + usign_argv[usign_argc++] = "-s"; + usign_argv[usign_argc++] = seckeyfile; + usign_argv[usign_argc++] = "-x"; + usign_argv[usign_argc++] = sigfile; + + if (quiet) + usign_argv[usign_argc++] = "-q"; + + pid = fork(); + switch (pid) { + case -1: + return -1; + + case 0: + if (execv(usign_argv[0], usign_argv)) + return -1; + + break; + + default: + waitpid(pid, &status, 0); + return WEXITSTATUS(status); + } + + return -1; +} + +static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckeyfile, const char *sigfile) { + int fds[2]; + pid_t pid; + int status; + const char *usign_argv[16] = {0}; + unsigned int usign_argc = 0; + + if (pipe(fds)) + return -1; + + usign_argv[usign_argc++] = "/usr/bin/usign"; + usign_argv[usign_argc++] = "-F"; + + if (pubkeyfile) { + usign_argv[usign_argc++] = "-p"; + usign_argv[usign_argc++] = pubkeyfile; + } + + if (seckeyfile) { + usign_argv[usign_argc++] = "-s"; + usign_argv[usign_argc++] = seckeyfile; + } + + if (sigfile) { + usign_argv[usign_argc++] = "-x"; + usign_argv[usign_argc++] = sigfile; + } + + pid = fork(); + switch (pid) { + case -1: + return -1; + + case 0: + uloop_done(); + + dup2(fds[1], 1); + + close(0); + close(2); + close(fds[0]); + close(fds[1]); + + if (execv(usign_argv[0], usign_argv)) + return -1; + + break; + + default: + waitpid(pid, &status, 0); + if (fingerprint && !WEXITSTATUS(status)) { + memset(fingerprint, 0, 16); + read(fds[0], fingerprint, 16); + fingerprint[16] = '\0'; + } + close(fds[0]); + close(fds[1]); + return WEXITSTATUS(status); + } + + return -1; +} + +int usign_f_pubkey(char *fingerprint, const char *pubkeyfile) { + return usign_f(fingerprint, pubkeyfile, NULL, NULL); +} + +int usign_f_seckey(char *fingerprint, const char *seckeyfile) { + return usign_f(fingerprint, NULL, seckeyfile, NULL); +} + +int usign_f_sig(char *fingerprint, const char *sigfile) { + return usign_f(fingerprint, NULL, NULL, sigfile); +} diff --git a/usign.h b/usign.h new file mode 100644 index 0000000..e2f8e21 --- /dev/null +++ b/usign.h @@ -0,0 +1,10 @@ +int usign_v(const char *msgfile, const char *pubkeyfile, + const char *pubkeydir, const char *sigfile, bool quiet); + +int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet); + +int usign_f_pubkey(char *fingerprint, const char *pubkeyfile); + +int usign_f_seckey(char *fingerprint, const char *seckeyfile); + +int usign_f_sig(char *fingerprint, const char *sigfile); -- 2.25.1