take care of revokers in verify path
authorDaniel Golle <daniel@makrotopia.org>
Thu, 7 Jun 2018 19:28:50 +0000 (21:28 +0200)
committerDaniel Golle <daniel@makrotopia.org>
Thu, 14 Jun 2018 16:51:22 +0000 (18:51 +0200)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

ucert.c
usign-exec.c
usign.h

diff --git a/ucert.c b/ucert.c
index 13975d10e97dacc3b2645feb2f75bb29407472d9..8887a53766f2d8d94264dc1fd8c225709bd7cbd4 100644 (file)
--- a/ucert.c
+++ b/ucert.c
@@ -226,6 +226,7 @@ static int chain_verify(const char *msgfile, const char *pubkeyfile,
        struct blob_attr *payloadtb[CERT_PL_ATTR_MAX];
        char tmpdir[] = "/tmp/ucert-XXXXXX";
        char chainedpubkey[256] = {0};
+       char chainedfp[17] = {0};
        char extsigfile[256] = {0};
        int ret = 1;
        int checkmsg = 0;
@@ -295,6 +296,19 @@ static int chain_verify(const char *msgfile, const char *pubkeyfile,
                                   blobmsg_data(payloadtb[CERT_PL_ATTR_PUBKEY]),
                                   blobmsg_data_len(payloadtb[CERT_PL_ATTR_PUBKEY]),
                                   false);
+
+                       if (usign_f_pubkey(chainedfp, chainedpubkey)) {
+                               if (!quiet)
+                                       fprintf(stderr, "cannot get fingerprint for chained key\n");
+                               ret = 2;
+                               goto clean_and_return;
+                       }
+                       if (pubkeydir && _usign_key_is_revoked(chainedfp, pubkeydir)) {
+                               if (!quiet)
+                                       fprintf(stderr, "key %s has been revoked!\n", chainedfp);
+                               ret = 4;
+                               goto clean_and_return;
+                       }
                } else {
                /* blob doesn't have payload, verify message using signature */
                        if (msgfile) {
@@ -500,9 +514,9 @@ static int cert_process_revoker(const char *certfile, const char *pubkeydir) {
                if (!payloadtb[CERT_PL_ATTR_CERTTYPE] ||
                    !payloadtb[CERT_PL_ATTR_VALIDFROMTIME] ||
                    !payloadtb[CERT_PL_ATTR_KEY_FINGERPRINT]) {
-                               fprintf(stderr, "missing mandatory ucert attributes\n");
-                               return 2;
-                       }
+                       fprintf(stderr, "missing mandatory ucert attributes\n");
+                       return 2;
+               }
 
                certtype = blobmsg_get_u32(payloadtb[CERT_PL_ATTR_CERTTYPE]);
                validfrom = blobmsg_get_u64(payloadtb[CERT_PL_ATTR_VALIDFROMTIME]);
@@ -521,10 +535,7 @@ static int cert_process_revoker(const char *certfile, const char *pubkeydir) {
                snprintf(rfname, sizeof(rfname)-1, "%s/%s", pubkeydir, fingerprint);
                /* check if entry in pubkeydir exists */
                if (stat(rfname, &st) == 0) {
-                       char tml[64] = {0};
-                       /* if it's an existing revoker deadlink we are happy */
-                       if (readlink(rfname, tml, sizeof(tml)) > 0 &&
-                           !strcmp(tml, ".revoked.")) {
+                       if (_usign_key_is_revoked(fingerprint, pubkeydir)) {
                                if (!quiet)
                                        fprintf(stdout, "existing revoker deadlink for key %s\n", fingerprint);
                                continue;
index 91129883d25ad332ed519b0c50e526709b1fc75c..d88f750fb43f39e75be98fa1bc45fd6369889acd 100644 (file)
@@ -1,59 +1,11 @@
 #include <stdbool.h>
+#include <stdio.h>
 #include <string.h>
 #include <unistd.h>
 #include <sys/wait.h>
 
 #include "usign.h"
 
-int usign_v(const char *msgfile, const char *pubkeyfile,
-           const char *pubkeydir, const char *sigfile, bool quiet) {
-       pid_t pid;
-       int status;
-       const char *usign_argv[16] = {0};
-       unsigned int usign_argc = 0;
-
-       usign_argv[usign_argc++] = "/usr/bin/usign";
-       usign_argv[usign_argc++] = "-V";
-       usign_argv[usign_argc++] = "-m";
-       usign_argv[usign_argc++] = msgfile;
-
-       if (quiet)
-               usign_argv[usign_argc++] = "-q";
-
-       if (pubkeyfile) {
-               usign_argv[usign_argc++] = "-p";
-               usign_argv[usign_argc++] = pubkeyfile;
-       }
-
-       if (pubkeydir) {
-               usign_argv[usign_argc++] = "-P";
-               usign_argv[usign_argc++] = pubkeydir;
-       }
-
-       if (sigfile) {
-               usign_argv[usign_argc++] = "-x";
-               usign_argv[usign_argc++] = sigfile;
-       }
-
-       pid = fork();
-       switch (pid) {
-       case -1:
-               return -1;
-
-       case 0:
-               if (execv(usign_argv[0], usign_argv))
-                       return -1;
-
-               break;
-
-       default:
-               waitpid(pid, &status, 0);
-               return WEXITSTATUS(status);
-       }
-
-       return -1;
-}
-
 int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) {
        pid_t pid;
        int status;
@@ -163,3 +115,72 @@ int usign_f_seckey(char *fingerprint, const char *seckeyfile) {
 int usign_f_sig(char *fingerprint, const char *sigfile) {
        return usign_f(fingerprint, NULL, NULL, sigfile);
 }
+
+int _usign_key_is_revoked(const char *fingerprint, const char *pubkeydir) {
+       char tml[64] = {0};
+       char rfname[256] = {0};
+
+       snprintf(rfname, sizeof(rfname)-1, "%s/%s", pubkeydir, fingerprint);
+       if (readlink(rfname, tml, sizeof(tml)) > 0 &&
+           !strcmp(tml, ".revoked.")) {
+               return true;
+       };
+
+       return false;
+}
+
+int usign_v(const char *msgfile, const char *pubkeyfile,
+           const char *pubkeydir, const char *sigfile, bool quiet) {
+       pid_t pid;
+       int status;
+       const char *usign_argv[16] = {0};
+       unsigned int usign_argc = 0;
+       char fingerprint[17];
+
+       if (usign_f_sig(fingerprint, sigfile))
+               return 1;
+
+       if (pubkeydir && _usign_key_is_revoked(fingerprint, pubkeydir))
+               return 1;
+
+       usign_argv[usign_argc++] = "/usr/bin/usign";
+       usign_argv[usign_argc++] = "-V";
+       usign_argv[usign_argc++] = "-m";
+       usign_argv[usign_argc++] = msgfile;
+
+       if (quiet)
+               usign_argv[usign_argc++] = "-q";
+
+       if (pubkeyfile) {
+               usign_argv[usign_argc++] = "-p";
+               usign_argv[usign_argc++] = pubkeyfile;
+       }
+
+       if (pubkeydir) {
+               usign_argv[usign_argc++] = "-P";
+               usign_argv[usign_argc++] = pubkeydir;
+       }
+
+       if (sigfile) {
+               usign_argv[usign_argc++] = "-x";
+               usign_argv[usign_argc++] = sigfile;
+       }
+
+       pid = fork();
+       switch (pid) {
+       case -1:
+               return -1;
+
+       case 0:
+               if (execv(usign_argv[0], usign_argv))
+                       return -1;
+
+               break;
+
+       default:
+               waitpid(pid, &status, 0);
+               return WEXITSTATUS(status);
+       }
+
+       return -1;
+}
diff --git a/usign.h b/usign.h
index e2f8e21d124726a3e51de519b8aa506f60054330..de52f1783e59a028a92e5a98ccb64b2f3c5e8888 100644 (file)
--- a/usign.h
+++ b/usign.h
@@ -8,3 +8,5 @@ int usign_f_pubkey(char *fingerprint, const char *pubkeyfile);
 int usign_f_seckey(char *fingerprint, const char *seckeyfile);
 
 int usign_f_sig(char *fingerprint, const char *sigfile);
+
+int _usign_key_is_revoked(const char *fingerprint, const char *pubkeydir);