Commit | Line | Data |
---|---|---|
53263601 MW |
1 | ### -*-sh-*- |
2 | ### | |
3 | ### Common key management functions. | |
4 | ### | |
5 | ### (c) 2011 Mark Wooding | |
6 | ### | |
7 | ||
8 | ###----- Licensing notice --------------------------------------------------- | |
9 | ### | |
599c8f75 MW |
10 | ### This file is part of the distorted.org.uk key management suite. |
11 | ### | |
12 | ### distorted-keys is free software; you can redistribute it and/or modify | |
53263601 MW |
13 | ### it under the terms of the GNU General Public License as published by |
14 | ### the Free Software Foundation; either version 2 of the License, or | |
15 | ### (at your option) any later version. | |
16 | ### | |
599c8f75 | 17 | ### distorted-keys is distributed in the hope that it will be useful, |
53263601 MW |
18 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of |
19 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | ### GNU General Public License for more details. | |
21 | ### | |
22 | ### You should have received a copy of the GNU General Public License | |
599c8f75 | 23 | ### along with distorted-keys; if not, write to the Free Software Foundation, |
53263601 MW |
24 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
25 | ||
26 | quis=${0##*/} | |
27 | ||
28 | ###-------------------------------------------------------------------------- | |
29 | ### Configuration variables. | |
30 | ||
e787e19c | 31 | ## Automatically configured pathnames. |
53263601 | 32 | PACKAGE="@PACKAGE@" VERSION="@VERSION@" |
53263601 MW |
33 | bindir="@bindir@" |
34 | ||
e787e19c | 35 | ## Read user configuration. |
c47f2aba | 36 | if [ -f $ETC/keys.conf ]; then . $ETC/keys.conf; fi |
599c8f75 | 37 | |
e787e19c | 38 | ## Maybe turn on debugging. |
599c8f75 MW |
39 | case "${KEYS_DEBUG+t}" in t) set -x ;; esac |
40 | ||
ec208149 MW |
41 | ## Fake up caller credentials if not called via userv. |
42 | case "${USERV_USER+t}" in | |
43 | t) ;; | |
44 | *) USERV_USER=${LOGNAME-${USER-$(id -un)}} USERV_UID=$(id -u) ;; | |
45 | esac | |
46 | case "${USERV_GROUP+t}" in | |
47 | t) ;; | |
48 | *) USERV_GROUP=$(id -Gn) USERV_GID=$(id -gn) ;; | |
49 | esac | |
50 | ||
53263601 MW |
51 | ###-------------------------------------------------------------------------- |
52 | ### Cleanup handling. | |
53 | ||
54 | cleanups="" | |
c47f2aba MW |
55 | cleanup () { cleanups=${cleanups+$cleanups }$1; } |
56 | runcleanups () { for i in $cleanups; do $i; done; } | |
57 | trap 'rc=$?; runcleanups; exit $rc' EXIT | |
58 | trap 'trap "" EXIT; runcleanups; exit 127' INT TERM | |
53263601 MW |
59 | |
60 | ###-------------------------------------------------------------------------- | |
61 | ### Utility functions. | |
62 | ||
c47f2aba MW |
63 | reqsafe () { |
64 | ## Fail unless a safe directory is set. | |
65 | ||
66 | err="$quis: (CONFIGURATION ERROR)" | |
67 | case ${SAFE+t} in | |
68 | t) ;; | |
69 | *) echo >&2 "$err: no SAFE directory"; exit 1 ;; | |
70 | esac | |
71 | if [ ! -d "$SAFE" ]; then | |
72 | echo >&2 "$err: SAFE path \`$SAFE' isn't a directory" | |
73 | exit 1 | |
74 | fi | |
75 | case "$SAFE" in | |
76 | [!/]* | *[][[:space:]*?]*) | |
77 | echo >&2 "$err: SAFE path \`$SAFE' contains bad characters" | |
78 | exit 1 | |
79 | ;; | |
80 | esac | |
81 | ls -ld "$SAFE" | { | |
82 | me=$(id -un) | |
83 | read perm _ user stuff | |
84 | case "$perm:$user" in | |
85 | d???------:"$me") ;; | |
86 | *) | |
87 | echo >&2 "$err: SAFE path \`$SAFE' has bad owner or permissions" | |
88 | exit 1 | |
89 | ;; | |
90 | esac | |
91 | } | |
92 | } | |
93 | ||
53263601 MW |
94 | ## Temporary directory. |
95 | unset tmp | |
c47f2aba MW |
96 | rmtmp () { case ${tmp+t} in t) cd /; rm -rf $tmp ;; esac; } |
97 | cleanup rmtmp | |
53263601 | 98 | mktmp () { |
c47f2aba | 99 | ## Make a temporary directory and store its name in `tmp'. |
53263601 | 100 | |
c47f2aba MW |
101 | case "${tmp+t}" in t) return ;; esac |
102 | reqsafe | |
103 | tmp="$SAFE/keys.tmp.$$" | |
53263601 MW |
104 | rm -rf "$tmp" |
105 | mkdir -m700 "$tmp" | |
53263601 MW |
106 | } |
107 | ||
c47f2aba MW |
108 | reqtmp () { |
109 | ## Fail unless a temporary directory is set. | |
53263601 | 110 | |
c47f2aba MW |
111 | case ${tmp+t} in |
112 | t) ;; | |
113 | *) echo >&2 "$quis (INTERNAL): no tmp directory set"; exit 127 ;; | |
53263601 MW |
114 | esac |
115 | } | |
116 | ||
c47f2aba MW |
117 | parse_keylabel () { |
118 | key=$1 | |
119 | ## Parse the key label string KEY. Set `kdir' to the base path to use for | |
120 | ## the key's storage, and `kowner' to the key owner's name. | |
121 | ||
122 | case "$key" in | |
123 | *:*) kowner=${key%%:*} klabel=${key#*:} ;; | |
124 | *) kowner=$USERV_USER klabel=$key ;; | |
53263601 | 125 | esac |
c47f2aba MW |
126 | checkword "key owner name" "$kowner" |
127 | checklabel "key" "$klabel" | |
128 | kdir=$KEYS/store/$kowner/$klabel | |
129 | knub=$KEYS/nub/$kowner/$klabel | |
53263601 MW |
130 | } |
131 | ||
4c8c4065 MW |
132 | runas () { |
133 | user=$1 service=$2; shift 2 | |
134 | ## If the current (effective) user is not USER then reinvoke via `userv', | |
135 | ## as the specified service, with the remaining arguments. | |
136 | ||
137 | case $(id -un) in | |
138 | "$user") ;; | |
139 | *) exec userv "$user" "$service" "$@" ;; | |
140 | esac | |
141 | } | |
142 | ||
c47f2aba MW |
143 | ###-------------------------------------------------------------------------- |
144 | ### Input validation functions. | |
145 | ||
146 | nl=" | |
147 | " | |
148 | check () { | |
149 | ckwhat=$1 ckpat=$2 thing=$3 | |
150 | ## Verify that THING matches the (anchored, basic) regular expression | |
151 | ## CKPAT. Since matching newlines is hard to do portably, also check that | |
152 | ## THING doesn't contain any. If the checks fail, report an error and | |
153 | ## exit. | |
154 | ||
155 | validp=t | |
599c8f75 | 156 | case "$thing" in |
ec3628d8 MW |
157 | *"$nl"*) |
158 | validp=nil | |
159 | ;; | |
160 | *) | |
161 | if ! expr >/dev/null "Q$thing" : "\(Q$ckpat\)\$"; then | |
162 | validp=nil | |
163 | fi | |
164 | ;; | |
c47f2aba MW |
165 | esac |
166 | case $validp in | |
167 | nil) echo >&2 "$quis: bad $ckwhat \`$thing'"; exit 1 ;; | |
599c8f75 MW |
168 | esac |
169 | } | |
170 | ||
c47f2aba MW |
171 | ## Regular expressions for validating input. |
172 | R_IDENTCHARS="A-Za-z0-9_" | |
09c56d3e MW |
173 | R_GOODPUNCT="!%@+=" |
174 | R_WORDCHARS="-$R_IDENTCHARS$R_GOODPUNCT" | |
c47f2aba MW |
175 | R_IDENT="[$R_IDENTCHARS][$R_IDENTCHARS]*" |
176 | R_WORD="[$R_WORDCHARS][$R_WORDCHARS]*" | |
09c56d3e | 177 | R_ACLCHARS="][$R_IDENTCHARS$R_GOODPUNCT*?:.#" |
c47f2aba | 178 | R_WORDSEQ="[$R_WORDCHARS[:space:]][$R_WORDCHARS[:space:]]*" |
09c56d3e | 179 | R_ACL="[$R_ACLCHARS[:space:]-][$R_ACLCHARS[:space:]-]*" |
c47f2aba MW |
180 | R_NUMERIC='\(\([1-9][0-9]*\)\{0,1\}0\{0,1\}\)' |
181 | R_LABEL="\($R_WORD\(/$R_WORD\)*\)" | |
182 | R_LINE=".*" | |
183 | ||
184 | ## Various validation functions. | |
185 | checknumber () { check "$1" "$R_NUMERIC" "$2"; } | |
186 | checkident () { check "$1" "$R_IDENT" "$2"; } | |
187 | checkword () { check "$1" "$R_WORD" "$2"; } | |
188 | checklabel () { check "$1 label" "$R_LABEL" "$2"; } | |
189 | ||
53263601 | 190 | ###-------------------------------------------------------------------------- |
c47f2aba MW |
191 | ### Key storage and properties. |
192 | ||
193 | getsysprofile () { | |
194 | profile=$1 | |
195 | ## Write the named system PROFILE to standard output. | |
196 | ||
b65e1f93 | 197 | $bindir/extract-profile "$profile" $ETC/profile.d/ |
c47f2aba MW |
198 | } |
199 | ||
200 | setprops () { | |
201 | what=$1 prefix=$2; shift 2 | |
202 | ## Set variables based on the NAME=VALUE assignments in the arguments. The | |
203 | ## value for property NAME is stored in the shell variable PREFIX_NAME. | |
204 | ||
205 | for assg in "$@"; do | |
206 | goodp=t | |
207 | case "$assg" in | |
208 | *\=*) name=${assg%%=*} value=${assg#*=} ;; | |
209 | *) goodp=nil ;; | |
210 | esac | |
211 | case "$goodp,$name" in t,*[!0-9A-Za-z_]*=*) goodp=nil ;; esac | |
212 | case "$goodp" in | |
213 | nil) echo >&2 "$quis: bad $what assignment \`$assg'"; exit 1 ;; | |
214 | esac | |
215 | eval "$prefix$name=\$value" | |
216 | done | |
217 | } | |
53263601 | 218 | |
c47f2aba MW |
219 | checkprops () { |
220 | whatprop=$1 prefix=$2; shift 2 | |
221 | ## Check that property variables are set in accordance with the remaining | |
222 | ## TABLE arguments. Each row of TABLE has the form | |
53263601 | 223 | ## |
c47f2aba MW |
224 | ## NAME OMIT PAT |
225 | ## | |
226 | ## A table row is satisfied if there is a variable PREFIXNAME whose value | |
227 | ## matces the (basic) regular expression PAT, or if the variable is unset | |
228 | ## and OMIT is `t'. | |
229 | ||
230 | for table in "$@"; do | |
231 | case "$table" in ?*) ;; *) continue ;; esac | |
232 | while read -r name omit pat; do | |
233 | eval foundp=\${$prefix$name+t} | |
234 | case "$foundp,$omit" in | |
235 | ,t) continue ;; | |
236 | ,nil) | |
237 | echo >&2 "$quis: missing $whatprop \`$name' required" | |
238 | exit 1 | |
239 | ;; | |
240 | esac | |
241 | eval value=\$$prefix$name | |
242 | check "value for $whatprop \`$name'" "$pat" "$value" | |
243 | done <<EOF | |
244 | $table | |
245 | EOF | |
246 | done | |
247 | } | |
53263601 | 248 | |
f9431707 MW |
249 | dumpprops () { |
250 | prefix=$1 | |
251 | ## Write the properties stored in the variables beginning with PREFIX. | |
252 | ||
253 | set | sed -n "/^$prefix/{s/=.*\$//;p}" | sort | while read name; do | |
254 | eval value=\$$name | |
255 | echo "${name#$prefix}=$value" | |
256 | done | |
257 | } | |
258 | ||
c47f2aba MW |
259 | defprops () { |
260 | name=$1 | |
261 | ## Define a properties table NAME. | |
262 | ||
263 | table=$(cat) | |
264 | eval $name=\$table | |
265 | } | |
266 | ||
267 | defprops g_props <<EOF | |
268 | type nil $R_IDENT | |
269 | recovery t $R_WORDSEQ | |
270 | random t $R_WORD | |
2a877b7f MW |
271 | nub_hash t $R_WORD |
272 | nubid_hash t $R_WORD | |
273 | nub_random_bytes t $R_NUMERIC | |
09c56d3e MW |
274 | acl_encrypt t $R_ACL |
275 | acl_decrypt t $R_ACL | |
276 | acl_sign t $R_ACL | |
277 | acl_verify t $R_ACL | |
278 | acl_info t $R_ACL | |
c47f2aba MW |
279 | EOF |
280 | ||
281 | readprops () { | |
282 | file=$1 | |
283 | ## Read a profile from a file. This doesn't check the form of the | |
284 | ## filename, so it's not suitable for unchecked input. Properties are set | |
285 | ## using `setprops' with prefix `kprop_'. | |
286 | ||
287 | ## Parse the settings from the file. | |
288 | exec 3<"$file" | |
289 | while read line; do | |
290 | case "$line" in "" | \#*) continue ;; esac | |
291 | setprops "property" kprop_ "$line" | |
292 | done <&3 | |
293 | exec 3>&- | |
294 | checkprops "property" kprop_ "$g_props" | |
295 | ||
296 | ## Fetch the key-type handling library. | |
297 | if [ ! -f $KEYSLIB/ktype.$kprop_type ]; then | |
298 | echo >&2 "$quis: unknown key type \`$kprop_type'" | |
299 | exit 1 | |
300 | fi | |
301 | . $KEYSLIB/ktype.$kprop_type | |
302 | checkprops "property" kprop_ "$k_props" | |
303 | } | |
304 | ||
305 | readmeta () { | |
306 | kdir=$1 | |
307 | ## Read key metadata from KDIR. | |
308 | ||
309 | { read profile; } <"$kdir"/meta | |
310 | } | |
311 | ||
312 | makenub () { | |
313 | ## Generate a key nub in the default way, and write it to standard output. | |
2a877b7f MW |
314 | ## The properties `random', `nub_random_bytes' and `nub_hash' are referred |
315 | ## to. | |
c47f2aba MW |
316 | |
317 | dd 2>/dev/null \ | |
2a877b7f MW |
318 | if=/dev/${kprop_random-random} bs=1 count=${kprop_nub_random_bytes-64} | |
319 | openssl dgst -${kprop_nub_hash-sha256} -binary | | |
c47f2aba MW |
320 | openssl base64 |
321 | } | |
322 | ||
323 | nubid () { | |
324 | ## Compute a hash of the key nub in stdin, and write it to stdout in hex. | |
2a877b7f | 325 | ## The property `nubid_hash' is used. |
c47f2aba | 326 | |
21a21fff MW |
327 | ## Stupid dance because the output incompatibly grew a filename, in order |
328 | ## to demonstrate the same idiocy as GNU mumblesum. | |
329 | set _ $({ echo "distorted-keys nubid"; cat -; } | | |
330 | openssl dgst -${kprop_nubid_hash-sha256}) | |
37ba6d05 | 331 | if [ $# -gt 2 ]; then shift; fi |
21a21fff | 332 | echo $2 |
c47f2aba MW |
333 | } |
334 | ||
335 | subst () { | |
336 | what=$1 templ=$2 prefix=$3 pat=$4 | |
337 | ## Substitute option values into the template TEMPL. Each occurrence of | |
338 | ## %{VAR} is replaced by the value of the variable PREFIXVAR. Finally, an | |
339 | ## error is reported unless the final value matches the regular expression | |
340 | ## PAT. | |
341 | ||
342 | out="" | |
343 | rest=$templ | |
344 | while :; do | |
345 | ||
346 | ## If there are no more markers to substitute, then finish. | |
347 | case "$rest" in *"%{"*"}"*) ;; *) out=$out$rest; break ;; esac | |
348 | ||
349 | ## Split the template into three parts. | |
350 | left=${rest%%\%\{*} right=${rest#*\%\{} | |
351 | var=${right%%\}*} rest=${right#*\}} | |
352 | case "$var" in | |
353 | *-*) default=${var#*-} var=${var%%-*} defaultp=t ;; | |
354 | *) defaultp=nil ;; | |
355 | esac | |
356 | ||
357 | ## Find the variable value. | |
358 | checkident "template variable name" "$var" | |
359 | eval foundp=\${$prefix$var+t} | |
360 | case $foundp,$defaultp in | |
361 | t,*) eval value=\$$prefix$var ;; | |
362 | ,t) value=$default ;; | |
363 | *) | |
364 | echo >&2 "$quis: option \`$var' unset, used in template \`$templ'" | |
365 | exit 1 | |
366 | ;; | |
367 | esac | |
368 | ||
369 | ## Do the substitution. | |
370 | out=$out$left$value | |
371 | done | |
372 | ||
373 | ## Check the final result. | |
374 | check "$what" "$pat" "$out" | |
375 | ||
376 | ## Done. | |
377 | echo "$out" | |
378 | } | |
379 | ||
380 | read_profile () { | |
e9cf7079 | 381 | owner=$1 profile=$2 |
c47f2aba | 382 | ## Read property settings from a profile. The PROFILE name has the form |
e9cf7079 MW |
383 | ## [USER:]LABEL; USER defaults to OWNER. Properties are set using |
384 | ## `setprops' with prefix `kprop_'. | |
c47f2aba MW |
385 | |
386 | reqtmp | |
387 | case "$profile" in | |
388 | :*) | |
389 | label=${profile#:} uservp=nil | |
390 | ;; | |
53263601 | 391 | *) |
e9cf7079 | 392 | user=$kowner label=$profile uservp=t |
c47f2aba MW |
393 | ;; |
394 | *:*) | |
395 | user=${profile%%:*} label=${profile#*:} uservp=t | |
396 | ;; | |
397 | esac | |
398 | checkword "profile label" "$label" | |
399 | ||
400 | ## Fetch the profile settings from the user. | |
401 | reqtmp | |
402 | case $uservp in | |
403 | t) | |
404 | checkword "profile user" "$user" | |
21a21fff | 405 | userv "$user" cryptop-profile "$label" >$tmp/profile </dev/null |
c47f2aba MW |
406 | ;; |
407 | nil) | |
b65e1f93 | 408 | $bindir/extract-profile "$label" $ETC/profile.d/ >$tmp/profile |
53263601 MW |
409 | ;; |
410 | esac | |
411 | ||
c47f2aba MW |
412 | ## Read the file. |
413 | readprops $tmp/profile | |
53263601 MW |
414 | } |
415 | ||
c47f2aba MW |
416 | ###-------------------------------------------------------------------------- |
417 | ### General crypto operations. | |
418 | ||
419 | c_genkey () { | |
420 | profile=$1 kdir=$2 knub=$3 hook=$4; shift 4 | |
421 | ## Generate a key, and associate it with the named PROFILE (which is | |
422 | ## assumed already to have been read!); store the main data in KDIR, and | |
423 | ## the nub separately in the file KNUB; run HOOK after generation, passing | |
424 | ## it the working key directory and nub file. Remaining arguments are | |
425 | ## options to the key type. | |
426 | ||
427 | ## Set options and check them. | |
428 | setprops "option" kopt_ "$@" | |
429 | checkprops "option" kopt_ "$k_genopts" | |
430 | ||
431 | ## Create directory structure and start writing metadata. | |
432 | rm -rf "$kdir.new" | |
433 | mkdir -m755 -p "$kdir.new" | |
434 | case "$knub" in */*) mkdir -m700 -p "${knub%/*}" ;; esac | |
435 | cat >"$kdir.new/meta" <<EOF | |
436 | $profile | |
437 | EOF | |
53263601 | 438 | |
c47f2aba MW |
439 | ## Generate the key. |
440 | umask=$(umask); umask 077; >"$knub.new"; umask $umask | |
441 | k_generate "$kdir.new" "$knub.new" | |
442 | $hook "$kdir.new" "$knub.new" | |
443 | ||
444 | ## Hash the nub. | |
445 | nubid <"$knub.new" >"$kdir.new/nubid" | |
446 | ||
447 | ## Juggle everything into place. Doing this atomically is very difficult, | |
448 | ## and requires more machinery than I can really justify here. If | |
449 | ## something goes wrong halfway, it should always be possible to fix it, | |
450 | ## either by backing out (if $kdir.new still exists) or pressing on | |
451 | ## forwards (if not). | |
452 | rm -rf "$kdir.old" | |
453 | if [ -e "$kdir" ]; then mv "$kdir" "$kdir.old"; fi | |
454 | mv "$kdir.new" "$kdir" | |
455 | mv "$knub.new" "$knub" | |
456 | rm -rf "$kdir.old" | |
53263601 MW |
457 | } |
458 | ||
c47f2aba MW |
459 | c_encrypt () { k_encrypt "$@"; } |
460 | c_decrypt () { | |
461 | if k_decrypt "$@" >$tmp/plain; then cat $tmp/plain | |
462 | else return $? | |
463 | fi | |
464 | } | |
465 | c_sign () { k_sign "$@"; } | |
466 | c_verify () { k_verify "$@"; } | |
467 | ||
468 | ## Stub implementations. | |
469 | notsupp () { op=$1; echo >&2 "$quis: operation \`$op' not supported"; } | |
470 | k_info () { :; } | |
fff6c653 | 471 | k_import () { :; } |
c47f2aba MW |
472 | k_encrypt () { notsupp encrypt; } |
473 | k_decrypt () { notsupp decrypt; } | |
474 | k_sign () { notsupp sign; } | |
475 | k_verify () { notsupp verify; } | |
476 | ||
477 | prepare () { | |
478 | key=$1 op=$2 | |
479 | ## Prepare for a crypto operation OP, using the KEY. This validates the | |
5cff41ea MW |
480 | ## key label, reads the profile, and checks the access-control list. If OP |
481 | ## is `-' then allow the operation unconditionally. | |
c47f2aba MW |
482 | |
483 | ## Find the key properties. | |
484 | parse_keylabel "$key" | |
485 | if [ ! -d $kdir ]; then echo >&2 "$quis: unknown key \`$key'"; exit 1; fi | |
486 | readmeta $kdir | |
e9cf7079 | 487 | read_profile $kowner "$profile" |
c47f2aba MW |
488 | |
489 | ## Check whether we're allowed to do this thing. This is annoyingly | |
490 | ## fiddly. | |
5cff41ea | 491 | case $op in -) return ;; esac |
c47f2aba MW |
492 | eval acl=\${kprop_acl_$op-!owner} |
493 | verdict=forbid | |
494 | while :; do | |
495 | ||
496 | ## Remove leading whitespace. | |
497 | while :; do | |
498 | case "$acl" in | |
499 | [[:space:]]*) acl=${acl#?} ;; | |
500 | *) break ;; | |
501 | esac | |
502 | done | |
503 | ||
504 | ## If there's nothing left, leave. | |
505 | case "$acl" in ?*) ;; *) break ;; esac | |
506 | ||
507 | ## Split off the leading word. | |
508 | case "$acl" in | |
509 | *[[:space:]]*) word=${acl%%[[:space:]]*} acl=${acl#*[[:space:]]} ;; | |
510 | *) word=$acl acl="" ;; | |
511 | esac | |
512 | ||
513 | ## See what sense it has if it matches. | |
514 | case "$word" in | |
515 | -*) sense=forbid rest=${word#-} ;; | |
516 | *) sense=allow rest=$word ;; | |
517 | esac | |
518 | ||
519 | ## See whether the calling user matches. | |
520 | case "$rest" in | |
521 | !owner) pat=$kowner list=$USERV_USER ;; | |
522 | !*) echo >&2 "$quis: unknown ACL token \`$word'" ;; | |
523 | %*) pat=${rest#%} list="$USERV_GROUP $USERV_GID" ;; | |
524 | *) pat=$rest list="$USERV_USER $USERV_UID" ;; | |
525 | esac | |
526 | matchp=nil | |
527 | for i in $list; do case "$i" in $pat) matchp=t; break ;; esac; done | |
528 | case $matchp in t) verdict=$sense; break ;; esac | |
529 | done | |
530 | ||
531 | case $verdict in | |
68023101 | 532 | forbid) echo >&2 "$quis: $op access to key \`$key' forbidden"; exit 1 ;; |
c47f2aba | 533 | esac |
53263601 MW |
534 | } |
535 | ||
c47f2aba MW |
536 | ###-------------------------------------------------------------------------- |
537 | ### Crypto operations for infrastructure purposes. | |
538 | ||
539 | c_sysprofile () { | |
540 | profile=$1 | |
541 | ## Select the profile in FILE for future crypto operations. | |
53263601 | 542 | |
c47f2aba MW |
543 | unset $(set | sed -n '/^kprop_/s/=.*$//p') |
544 | reqtmp | |
545 | getsysprofile "$profile" >$tmp/profile | |
546 | readprops $tmp/profile | |
53263601 MW |
547 | } |
548 | ||
c47f2aba MW |
549 | c_gensyskey () { |
550 | profile=$1 kdir=$2 knub=$3; shift 3 | |
551 | ## Generate a system key using PROFILE; store the data in KDIR and the nub | |
552 | ## in KNUB. Remaining arguments are options. | |
53263601 | 553 | |
c47f2aba MW |
554 | c_sysprofile "$profile" |
555 | c_genkey "$profile" "$kdir" "$knub" : "$@" | |
53263601 MW |
556 | } |
557 | ||
c47f2aba MW |
558 | c_sysprepare () { |
559 | kdir=$1 | |
560 | readmeta "$kdir" | |
561 | c_sysprofile "$profile" | |
562 | } | |
599c8f75 | 563 | |
c47f2aba MW |
564 | c_sysop () { |
565 | op=$1 kdir=$2; shift 1 | |
566 | c_sysprepare "$kdir" | |
567 | c_$op "$@" | |
599c8f75 MW |
568 | } |
569 | ||
c47f2aba MW |
570 | c_sysencrypt () { c_sysop encrypt "$1" /dev/null; } |
571 | c_sysdecrypt () { c_sysop decrypt "$1" "$2"; } | |
572 | c_syssign () { c_sysop sign "$1" "$2"; } | |
573 | c_sysverify () { c_sysop verify "$1" /dev/null; } | |
574 | ||
575 | ###-------------------------------------------------------------------------- | |
576 | ### Recovery operations. | |
577 | ||
2661d8aa MW |
578 | sharethresh () { |
579 | pf=$1 | |
580 | ## Return the sharing threshold from the parameter file PARAM. | |
581 | ||
582 | read param <"$pf" | |
583 | case "$param" in | |
584 | shamir-params:*) ;; | |
585 | *) | |
586 | echo >&2 "$quis: secret sharing parameter file damaged (wrong header)" | |
587 | exit 1 | |
588 | ;; | |
589 | esac | |
590 | t=";${param#*:}" | |
591 | case "$t" in | |
592 | *";t="*) ;; | |
593 | *) | |
594 | echo >&2 "$quis: secret sharing parameter file damaged (missing t)" | |
595 | exit 1 | |
596 | ;; | |
597 | esac | |
598 | t=${t#*;t=} | |
599 | t=${t%%;*} | |
600 | echo "$t" | |
601 | } | |
602 | ||
c47f2aba MW |
603 | stash () { |
604 | recov=$1 label=$2 | |
605 | ## Stash a copy of stdin encrypted under the recovery key RECOV, with a | |
606 | ## given LABEL. | |
607 | checkword "recovery key label" "$recov" | |
608 | checklabel "secret" "$label" | |
609 | ||
610 | rdir=$KEYS/recov/$recov/current | |
611 | if [ ! -d $rdir/store ]; then | |
612 | echo >&2 "$quis: unknown recovery key \`$recov'" | |
613 | exit 1 | |
614 | fi | |
615 | case $label in */*) mkdir -m755 -p $rdir/${label%/*} ;; esac | |
616 | (c_sysencrypt $rdir/store >$rdir/$label.new) | |
617 | mv $rdir/$label.new $rdir/$label.recov | |
618 | } | |
599c8f75 | 619 | |
c47f2aba | 620 | recover () { |
ae0eb898 | 621 | recov=$1 inst=$2 label=$3 |
c47f2aba MW |
622 | ## Recover a stashed secret, protected by RECOV and stored as LABEL, and |
623 | ## write it to stdout. | |
624 | checkword "recovery key label" "$recov" | |
ae0eb898 | 625 | checkword "recovery instance" "$inst" |
c47f2aba MW |
626 | checklabel "secret" "$label" |
627 | ||
ae0eb898 | 628 | rdir=$KEYS/recov/$recov/$inst |
c47f2aba | 629 | if [ ! -f $rdir/$label.recov ]; then |
1581d63e | 630 | echo >&2 "$quis: recovery key \`$recov/$inst' has no blob for \`$label'" |
c47f2aba MW |
631 | exit 1 |
632 | fi | |
633 | reqsafe | |
ae0eb898 MW |
634 | tag=$recov.$inst |
635 | nub=$SAFE/keys.reveal/$tag/nub | |
c47f2aba | 636 | if [ ! -f $nub ]; then |
1581d63e | 637 | echo >&2 "$quis: recovery key \`$recov/$inst' not revealed" |
c47f2aba MW |
638 | exit 1; |
639 | fi | |
640 | mktmp | |
641 | c_sysdecrypt $rdir/store $nub <$rdir/$label.recov | |
599c8f75 MW |
642 | } |
643 | ||
53263601 MW |
644 | ###-------------------------------------------------------------------------- |
645 | ### Help text. | |
646 | ||
c47f2aba MW |
647 | defhelp () { |
648 | read umsg | |
865fd3f4 | 649 | usage=$umsg |
c47f2aba MW |
650 | help=$(cat) |
651 | case "$KEYS_HELP" in t) help; exit ;; esac | |
53263601 MW |
652 | } |
653 | ||
53263601 MW |
654 | help () { showhelp; } |
655 | showhelp () { | |
656 | cat <<EOF | |
865fd3f4 | 657 | Usage: $quis${usage:+ $usage} |
53263601 MW |
658 | |
659 | $help | |
660 | EOF | |
661 | } | |
662 | ||
865fd3f4 MW |
663 | usage () { |
664 | : ${cmdargs=$usage} | |
665 | echo "usage: $quis${cmdname:+ $cmdname}${cmdargs:+ $cmdargs}" | |
666 | } | |
667 | usage_err () { usage >&2; exit 1; } | |
c47f2aba MW |
668 | |
669 | ###-------------------------------------------------------------------------- | |
670 | ### Subcommand handling. | |
671 | ||
672 | version () { | |
1d0c984e | 673 | echo "$quis, $PACKAGE version $VERSION" |
c47f2aba MW |
674 | } |
675 | ||
865fd3f4 MW |
676 | unset cmdargs |
677 | unset cmdname | |
678 | cmds="" | |
679 | defcmd () { | |
680 | cmd=$1; shift; args=$* | |
681 | help=$(cat) | |
682 | eval help_$cmd=\$help | |
683 | cmds="${cmds:+$cmds | |
684 | }$cmd $args" | |
685 | } | |
686 | ||
687 | defcmd help "[COMMAND ...]" <<EOF | |
688 | Show help about the COMMANDs, or about $quis if none are named. | |
689 | EOF | |
c47f2aba MW |
690 | cmd_help () { |
691 | rc=0 | |
692 | version | |
693 | case $# in | |
694 | 0) | |
695 | cat <<EOF | |
696 | ||
865fd3f4 | 697 | Usage: $quis${usage:+ $usage} |
c47f2aba MW |
698 | |
699 | Options: | |
700 | -h Show this help text. | |
701 | -v Show the program version number. | |
702 | ||
865fd3f4 | 703 | Commands provided: |
c47f2aba | 704 | EOF |
865fd3f4 MW |
705 | while read cmd args; do echo " $cmd${args:+ $args}"; done <<EOF |
706 | $cmds | |
707 | EOF | |
708 | case ${prefix+t} in | |
709 | t) | |
710 | cd $KEYSLIB | |
711 | for i in $prefix.*; do | |
712 | if [ ! -x "$i" ]; then continue; fi | |
713 | sed -n "/<<HELP/{n;s/^/ ${i#$prefix.} /;p;q;}" "$i" | |
714 | done | |
715 | ;; | |
716 | esac | |
c47f2aba MW |
717 | ;; |
718 | *) | |
865fd3f4 | 719 | for cmd in "$@"; do |
c47f2aba | 720 | echo |
865fd3f4 MW |
721 | foundp=nil |
722 | while read cmdname cmdargs; do | |
723 | case $cmdname in "$cmd") foundp=t; break ;; esac | |
724 | done <<EOF | |
725 | $cmds | |
726 | EOF | |
727 | case $foundp in | |
728 | t) | |
0bc47568 | 729 | usage; echo |
865fd3f4 MW |
730 | eval help=\$help_$cmdname; echo "$help" |
731 | ;; | |
732 | nil) | |
733 | if [ ! -x "$KEYSLIB/$prefix.$cmd" ]; then | |
734 | echo >&2 "$quis: unrecognized command \`$cmd'" | |
735 | rc=1 | |
736 | continue | |
737 | elif ! KEYS_HELP=t "$KEYSLIB/$prefix.$cmd"; then | |
738 | rc=1 | |
739 | fi | |
740 | ;; | |
741 | esac | |
c47f2aba MW |
742 | done |
743 | ;; | |
744 | esac | |
745 | return $rc | |
746 | } | |
747 | ||
748 | dispatch () { | |
865fd3f4 | 749 | case $# in 0) usage_err ;; esac |
c47f2aba | 750 | cmd=$1; shift |
865fd3f4 MW |
751 | foundp=nil |
752 | while read cmdname cmdargs; do | |
753 | case $cmdname in "$cmd") foundp=t; break ;; esac | |
754 | done <<EOF | |
755 | $cmds | |
756 | EOF | |
757 | case $foundp in | |
758 | t) | |
759 | OPTIND=1 | |
760 | cmd_$cmdname "$@" | |
761 | ;; | |
762 | nil) | |
763 | if [ ! -x "$KEYSLIB/$prefix.$cmd" ]; then | |
764 | echo >&2 "$quis: unrecognized command \`$cmd'" | |
765 | exit 1 | |
766 | fi | |
767 | unset KEYS_HELP | |
768 | exec "$KEYSLIB/$prefix.$cmd" "$@" | |
769 | ;; | |
770 | esac | |
c47f2aba MW |
771 | } |
772 | ||
53263601 | 773 | ###----- That's all, folks -------------------------------------------------- |