2020-10-27 14:33:51 +00:00
|
|
|
/* run-keysign.c - Test tool to sign a key and to revoke a key signature
|
2016-09-14 16:44:33 +00:00
|
|
|
* Copyright (C) 2016 g10 Code GmbH
|
|
|
|
|
*
|
|
|
|
|
* This file is part of GPGME.
|
|
|
|
|
*
|
|
|
|
|
* GPGME is free software; you can redistribute it and/or modify it
|
|
|
|
|
* under the terms of the GNU Lesser General Public License as
|
|
|
|
|
* published by the Free Software Foundation; either version 2.1 of
|
|
|
|
|
* the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* GPGME is distributed in the hope that it will be useful, but
|
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
2018-11-16 12:27:33 +00:00
|
|
|
* License along with this program; if not, see <https://gnu.org/licenses/>.
|
|
|
|
|
* SPDX-License-Identifier: LGPL-2.1-or-later
|
2016-09-14 16:44:33 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/* We need to include config.h so that we know whether we are building
|
|
|
|
|
with large file system (LFS) support. */
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
|
#include <config.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <assert.h>
|
|
|
|
|
|
|
|
|
|
#include <gpgme.h>
|
|
|
|
|
|
|
|
|
|
#define PGM "run-keysign"
|
|
|
|
|
|
|
|
|
|
#include "run-support.h"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int verbose;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
status_cb (void *opaque, const char *keyword, const char *value)
|
|
|
|
|
{
|
|
|
|
|
(void)opaque;
|
|
|
|
|
fprintf (stderr, "status_cb: %s %s\n", nonnull(keyword), nonnull(value));
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static unsigned long
|
|
|
|
|
parse_expire_string (const char *string)
|
|
|
|
|
{
|
|
|
|
|
unsigned long seconds;
|
|
|
|
|
|
|
|
|
|
if (!string || !*string || !strcmp (string, "none")
|
|
|
|
|
|| !strcmp (string, "never") || !strcmp (string, "-"))
|
|
|
|
|
seconds = 0;
|
|
|
|
|
else if (strspn (string, "01234567890") == strlen (string))
|
|
|
|
|
seconds = strtoul (string, NULL, 10);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
fprintf (stderr, PGM ": invalid value '%s'\n", string);
|
|
|
|
|
exit (1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return seconds;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
show_usage (int ex)
|
|
|
|
|
{
|
|
|
|
|
fputs ("usage: " PGM " [options] FPR USERIDS\n\n"
|
|
|
|
|
"Options:\n"
|
|
|
|
|
" --verbose run in verbose mode\n"
|
|
|
|
|
" --status print status lines from the backend\n"
|
|
|
|
|
" --loopback use a loopback pinentry\n"
|
2020-10-27 14:33:51 +00:00
|
|
|
" --signer NAME use key NAME for signing/revoking\n"
|
2016-09-14 16:44:33 +00:00
|
|
|
" --local create a local signature\n"
|
|
|
|
|
" --noexpire force no expiration\n"
|
|
|
|
|
" --expire EPOCH expire the signature at EPOCH\n"
|
2020-10-27 14:33:51 +00:00
|
|
|
" --revoke revoke the signature(s)\n"
|
2021-03-11 10:49:07 +00:00
|
|
|
" --force pass --force-sign-key option\n"
|
2016-09-14 16:44:33 +00:00
|
|
|
, stderr);
|
|
|
|
|
exit (ex);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
main (int argc, char **argv)
|
|
|
|
|
{
|
|
|
|
|
int last_argc = -1;
|
|
|
|
|
gpgme_error_t err;
|
|
|
|
|
gpgme_ctx_t ctx;
|
|
|
|
|
gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
|
|
|
|
|
const char *signer_string = NULL;
|
|
|
|
|
int print_status = 0;
|
|
|
|
|
int use_loopback = 0;
|
|
|
|
|
const char *userid;
|
2020-10-27 14:33:51 +00:00
|
|
|
unsigned int keysign_flags = 0;
|
2016-09-14 16:44:33 +00:00
|
|
|
unsigned long expire = 0;
|
2020-10-27 14:33:51 +00:00
|
|
|
int revoke = 0;
|
|
|
|
|
unsigned int revoke_flags = 0;
|
2016-09-14 16:44:33 +00:00
|
|
|
gpgme_key_t thekey;
|
2020-10-27 14:33:51 +00:00
|
|
|
gpgme_key_t signing_key = NULL;
|
2016-09-14 16:44:33 +00:00
|
|
|
int i;
|
|
|
|
|
size_t n;
|
|
|
|
|
char *userid_buffer = NULL;
|
|
|
|
|
|
|
|
|
|
if (argc)
|
|
|
|
|
{ argc--; argv++; }
|
|
|
|
|
|
|
|
|
|
while (argc && last_argc != argc )
|
|
|
|
|
{
|
|
|
|
|
last_argc = argc;
|
|
|
|
|
if (!strcmp (*argv, "--"))
|
|
|
|
|
{
|
|
|
|
|
argc--; argv++;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
else if (!strcmp (*argv, "--help"))
|
|
|
|
|
show_usage (0);
|
|
|
|
|
else if (!strcmp (*argv, "--verbose"))
|
|
|
|
|
{
|
|
|
|
|
verbose = 1;
|
|
|
|
|
argc--; argv++;
|
|
|
|
|
}
|
|
|
|
|
else if (!strcmp (*argv, "--status"))
|
|
|
|
|
{
|
|
|
|
|
print_status = 1;
|
|
|
|
|
argc--; argv++;
|
|
|
|
|
}
|
|
|
|
|
else if (!strcmp (*argv, "--signer"))
|
|
|
|
|
{
|
|
|
|
|
argc--; argv++;
|
|
|
|
|
if (!argc)
|
|
|
|
|
show_usage (1);
|
|
|
|
|
signer_string = *argv;
|
|
|
|
|
argc--; argv++;
|
|
|
|
|
}
|
|
|
|
|
else if (!strcmp (*argv, "--loopback"))
|
|
|
|
|
{
|
|
|
|
|
use_loopback = 1;
|
|
|
|
|
argc--; argv++;
|
|
|
|
|
}
|
|
|
|
|
else if (!strcmp (*argv, "--local"))
|
|
|
|
|
{
|
2020-10-27 14:33:51 +00:00
|
|
|
keysign_flags |= GPGME_KEYSIGN_LOCAL;
|
2016-09-14 16:44:33 +00:00
|
|
|
argc--; argv++;
|
|
|
|
|
}
|
2021-03-11 10:49:07 +00:00
|
|
|
else if (!strcmp (*argv, "--force"))
|
|
|
|
|
{
|
|
|
|
|
keysign_flags |= GPGME_KEYSIGN_FORCE;
|
|
|
|
|
argc--; argv++;
|
|
|
|
|
}
|
2016-09-14 16:44:33 +00:00
|
|
|
else if (!strcmp (*argv, "--noexpire"))
|
|
|
|
|
{
|
2020-10-27 14:33:51 +00:00
|
|
|
keysign_flags |= GPGME_KEYSIGN_NOEXPIRE;
|
2016-09-14 16:44:33 +00:00
|
|
|
argc--; argv++;
|
|
|
|
|
}
|
|
|
|
|
else if (!strcmp (*argv, "--expire"))
|
|
|
|
|
{
|
|
|
|
|
argc--; argv++;
|
|
|
|
|
if (!argc)
|
|
|
|
|
show_usage (1);
|
|
|
|
|
expire = parse_expire_string (*argv);
|
|
|
|
|
argc--; argv++;
|
|
|
|
|
}
|
2020-10-27 14:33:51 +00:00
|
|
|
else if (!strcmp (*argv, "--revoke"))
|
|
|
|
|
{
|
|
|
|
|
revoke = 1;
|
|
|
|
|
argc--; argv++;
|
|
|
|
|
}
|
2016-09-14 16:44:33 +00:00
|
|
|
else if (!strncmp (*argv, "--", 2))
|
|
|
|
|
show_usage (1);
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-27 14:33:51 +00:00
|
|
|
if (revoke && !signer_string)
|
|
|
|
|
{
|
|
|
|
|
fprintf (stderr, PGM ": please specify the signer key\n");
|
|
|
|
|
exit (1);
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-14 16:44:33 +00:00
|
|
|
if (!argc)
|
|
|
|
|
show_usage (1);
|
|
|
|
|
userid = argv[0];
|
|
|
|
|
argc--; argv++;
|
|
|
|
|
|
|
|
|
|
init_gpgme (protocol);
|
|
|
|
|
|
|
|
|
|
err = gpgme_new (&ctx);
|
|
|
|
|
fail_if_err (err);
|
|
|
|
|
gpgme_set_protocol (ctx, protocol);
|
|
|
|
|
gpgme_set_armor (ctx, 1);
|
|
|
|
|
if (print_status)
|
|
|
|
|
{
|
|
|
|
|
gpgme_set_status_cb (ctx, status_cb, NULL);
|
|
|
|
|
gpgme_set_ctx_flag (ctx, "full-status", "1");
|
|
|
|
|
}
|
|
|
|
|
if (use_loopback)
|
|
|
|
|
{
|
|
|
|
|
gpgme_set_pinentry_mode (ctx, GPGME_PINENTRY_MODE_LOOPBACK);
|
|
|
|
|
gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (signer_string)
|
|
|
|
|
{
|
2020-10-27 14:33:51 +00:00
|
|
|
err = gpgme_get_key (ctx, signer_string, &signing_key, 1);
|
2016-09-14 16:44:33 +00:00
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
fprintf (stderr, PGM ": error getting signer key '%s': %s\n",
|
|
|
|
|
signer_string, gpg_strerror (err));
|
|
|
|
|
exit (1);
|
|
|
|
|
}
|
2020-10-27 14:33:51 +00:00
|
|
|
err = gpgme_signers_add (ctx, signing_key);
|
2016-09-14 16:44:33 +00:00
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
fprintf (stderr, PGM ": error adding signer key: %s\n",
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
exit (1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
err = gpgme_get_key (ctx, userid, &thekey, 0);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
fprintf (stderr, PGM ": error getting key for '%s': %s\n",
|
|
|
|
|
userid, gpg_strerror (err));
|
|
|
|
|
exit (1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (argc > 1)
|
|
|
|
|
{
|
|
|
|
|
/* Several user ids given */
|
|
|
|
|
for (i=0, n = 0; i < argc; i++)
|
|
|
|
|
n += strlen (argv[1]) + 1;
|
|
|
|
|
n++;
|
|
|
|
|
userid_buffer = malloc (n);
|
|
|
|
|
if (!userid_buffer)
|
|
|
|
|
{
|
|
|
|
|
fprintf (stderr, PGM ": malloc failed: %s\n",
|
|
|
|
|
gpg_strerror (gpg_error_from_syserror ()));
|
|
|
|
|
exit (1);
|
|
|
|
|
}
|
|
|
|
|
*userid_buffer = 0;
|
|
|
|
|
for (i=0; i < argc; i++)
|
|
|
|
|
{
|
|
|
|
|
strcat (userid_buffer, argv[i]);
|
|
|
|
|
strcat (userid_buffer, "\n");
|
|
|
|
|
}
|
|
|
|
|
userid = userid_buffer;
|
2020-10-27 14:33:51 +00:00
|
|
|
keysign_flags |= GPGME_KEYSIGN_LFSEP;
|
|
|
|
|
revoke_flags |= GPGME_REVSIG_LFSEP;
|
2016-09-14 16:44:33 +00:00
|
|
|
}
|
|
|
|
|
else if (argc)
|
|
|
|
|
{
|
|
|
|
|
/* One user id given */
|
|
|
|
|
userid = *argv;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* No user id given. */
|
|
|
|
|
userid = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-27 14:33:51 +00:00
|
|
|
if (revoke)
|
2016-09-14 16:44:33 +00:00
|
|
|
{
|
2020-10-27 14:33:51 +00:00
|
|
|
err = gpgme_op_revsig (ctx, thekey, signing_key, userid, revoke_flags);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
fprintf (stderr, PGM ": gpgme_op_revsig failed: %s\n",
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
exit (1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
err = gpgme_op_keysign (ctx, thekey, userid, expire, keysign_flags);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
fprintf (stderr, PGM ": gpgme_op_keysign failed: %s\n",
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
exit (1);
|
|
|
|
|
}
|
2016-09-14 16:44:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
free (userid_buffer);
|
2020-10-27 14:33:51 +00:00
|
|
|
gpgme_key_unref (signing_key);
|
2016-09-14 16:44:33 +00:00
|
|
|
gpgme_key_unref (thekey);
|
|
|
|
|
gpgme_release (ctx);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
