From: Daniel Golle Date: Thu, 7 Jun 2018 20:12:06 +0000 (+0200) Subject: add comments and license headers X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=493cc9a83702904369eade4b9b62ea492dae3600;p=project%2Fucert.git add comments and license headers Signed-off-by: Daniel Golle This work was sponsored by WIO (wiowireless.com) --- diff --git a/ucert.c b/ucert.c index 8887a53..12b42a8 100644 --- a/ucert.c +++ b/ucert.c @@ -48,6 +48,13 @@ static enum { static bool quiet; +/* + * ucert structure + * | BLOB | + * | SIGNATURE | PAYLOAD | + * | |[ BLOBMSG CONTAINER ]| + * | |[[T,i,v,e,f,pubkey ]]| + */ enum cert_attr { CERT_ATTR_SIGNATURE, CERT_ATTR_PAYLOAD, @@ -93,11 +100,13 @@ static const struct blobmsg_policy cert_payload_policy[CERT_PL_ATTR_MAX] = { [CERT_PL_ATTR_KEY_FINGERPRINT] = { .name = "fingerprint", .type = BLOBMSG_TYPE_STRING }, }; +/* list to store certificate chain at runtime */ struct cert_object { struct list_head list; struct blob_attr *cert[CERT_ATTR_MAX]; }; +/* write buffer to file */ static int write_file(const char *filename, void *buf, size_t len, bool append) { FILE *f; size_t outlen; @@ -111,6 +120,7 @@ static int write_file(const char *filename, void *buf, size_t len, bool append) return (outlen == len); } +/* load certfile into list */ static int cert_load(const char *certfile, struct list_head *chain) { FILE *f; struct blob_attr *certtb[CERT_ATTR_MAX]; @@ -157,6 +167,7 @@ static int cert_load(const char *certfile, struct list_head *chain) { return (ret <= 0); } +/* append signature to certfile */ static int cert_append(const char *certfile, const char *sigfile) { FILE *fs; char filebuf[CERT_BUF_LEN]; @@ -181,6 +192,7 @@ static int cert_append(const char *certfile, const char *sigfile) { return ret; } +/* verify the signature of a single chain element */ static int cert_verify_blob(struct blob_attr *cert[CERT_ATTR_MAX], const char *pubkeyfile, const char *pubkeydir) { int i; @@ -219,6 +231,7 @@ static int cert_verify_blob(struct blob_attr *cert[CERT_ATTR_MAX], return ret; } +/* verify cert chain (and message) */ static int chain_verify(const char *msgfile, const char *pubkeyfile, const char *pubkeydir, struct list_head *chain) { struct cert_object *cobj; @@ -338,6 +351,7 @@ clean_and_return: return ret | checkmsg; } +/* dump single chain element to console */ static void cert_dump_blob(struct blob_attr *cert[CERT_ATTR_MAX]) { int i; @@ -358,6 +372,7 @@ static void cert_dump_blob(struct blob_attr *cert[CERT_ATTR_MAX]) { } } +/* dump certfile to console */ static int cert_dump(const char *certfile) { struct cert_object *cobj; static LIST_HEAD(certchain); @@ -377,6 +392,7 @@ static int cert_dump(const char *certfile) { return 0; } +/* issue an auth certificate for pubkey */ static int cert_issue(const char *certfile, const char *pubkeyfile, const char *seckeyfile) { struct blob_buf certbuf; struct blob_buf payloadbuf; @@ -468,6 +484,7 @@ static int cert_issue(const char *certfile, const char *pubkeyfile, const char * return 0; } +/* process revoker certificate */ static int cert_process_revoker(const char *certfile, const char *pubkeydir) { static LIST_HEAD(certchain); struct cert_object *cobj; @@ -557,6 +574,7 @@ static int cert_process_revoker(const char *certfile, const char *pubkeydir) { return ret; } +/* load and verify certfile (and message) */ static int cert_verify(const char *certfile, const char *pubkeyfile, const char *pubkeydir, const char *msgfile) { static LIST_HEAD(certchain); @@ -568,6 +586,7 @@ static int cert_verify(const char *certfile, const char *pubkeyfile, const char return chain_verify(msgfile, pubkeyfile, pubkeydir, &certchain); } +/* output help */ static int usage(const char *cmd) { fprintf(stderr, @@ -591,6 +610,7 @@ static int usage(const char *cmd) return 1; } +/* parse command line options and call functions */ int main(int argc, char *argv[]) { int ch; const char *msgfile = NULL; diff --git a/usign-exec.c b/usign-exec.c index d88f750..fe24f69 100644 --- a/usign-exec.c +++ b/usign-exec.c @@ -1,3 +1,17 @@ +/* + * wrapper functions around the usign executable + * Copyright (C) 2018 Daniel Golle + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + #include #include #include diff --git a/usign.h b/usign.h index de52f17..d57d09e 100644 --- a/usign.h +++ b/usign.h @@ -1,12 +1,49 @@ +/* + * usign/signify API header + * Copyright (C) 2018 Daniel Golle + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef _USIGN_H +#define _USIGN_H + +/** + * Verify + * + * calls: usign -V ... + */ int usign_v(const char *msgfile, const char *pubkeyfile, const char *pubkeydir, const char *sigfile, bool quiet); +/** + * Sign + * + * calls: usign -S ... + */ int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet); +/** + * Fingerprint {pubkey, seckey, sig} + * + * calls: usign -F ... + */ int usign_f_pubkey(char *fingerprint, const char *pubkeyfile); int usign_f_seckey(char *fingerprint, const char *seckeyfile); int usign_f_sig(char *fingerprint, const char *sigfile); +/** + * custom extension to check for revokers + */ int _usign_key_is_revoked(const char *fingerprint, const char *pubkeydir); + +#endif /* _USIGN_H */