4 ### Key management and distribution
6 ### (c) 2006 Straylight/Edgeware
9 ###----- Licensing notice ---------------------------------------------------
11 ### This file is part of Trivial IP Encryption (TrIPE).
13 ### TrIPE is free software; you can redistribute it and/or modify
14 ### it under the terms of the GNU General Public License as published by
15 ### the Free Software Foundation; either version 2 of the License, or
16 ### (at your option) any later version.
18 ### TrIPE is distributed in the hope that it will be useful,
19 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
20 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 ### GNU General Public License for more details.
23 ### You should have received a copy of the GNU General Public License
24 ### along with TrIPE; if not, write to the Free Software Foundation,
25 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 ###--------------------------------------------------------------------------
28 ### External dependencies.
37 from cStringIO import StringIO
41 ###--------------------------------------------------------------------------
42 ### Useful regular expressions
44 ## Match a comment or blank line.
45 rx_comment = RX.compile(r'^\s*(#|$)')
47 ## Match a KEY = VALUE assignment.
48 rx_keyval = RX.compile(r'^\s*([-\w]+)(?:\s+(?!=)|\s*=\s*)(|\S|\S.*\S)\s*$')
50 ## Match a ${KEY} substitution.
51 rx_dollarsubst = RX.compile(r'\$\{([-\w]+)\}')
53 ## Match a @TAG@ substitution.
54 rx_atsubst = RX.compile(r'@([-\w]+)@')
56 ## Match a single non-alphanumeric character.
57 rx_nonalpha = RX.compile(r'\W')
59 ## Match the literal string "<SEQ>".
60 rx_seq = RX.compile(r'\<SEQ\>')
62 ###--------------------------------------------------------------------------
63 ### Utility functions.
66 class SubprocessError (Exception): pass
67 class VerifyError (Exception): pass
69 ## Program name and identification.
70 quis = OS.path.basename(SYS.argv[0])
75 """Report MSG to standard error."""
76 SYS.stderr.write('%s: %s\n' % (quis, msg))
79 """Report MSG to standard error, and exit with code RC."""
83 def subst(s, rx, map):
85 Substitute values into a string.
87 Repeatedly match RX (a compiled regular expression) against the string S.
88 For each match, extract group 1, and use it as a key to index the MAP;
89 replace the match by the result. Finally, return the fully-substituted
94 for m in rx.finditer(s):
95 out.write(s[i:m.start()] + map[m.group(1)])
101 """Delete the directory tree given by PATH."""
105 if err.errno == ENOENT:
108 if not S_ISDIR(st.st_mode):
114 for i in OS.listdir('.'):
121 """Delete the named FILE if it exists; otherwise do nothing."""
125 if err.errno == ENOENT: return
130 Run a subprocess whose arguments are given by the string ARGS.
132 The ARGS are split at word boundaries, and then subjected to configuration
133 variable substitution (see conf_subst). Individual argument elements
134 beginning with `!' are split again into multiple arguments at word
137 args = map(conf_subst, args.split())
140 if len(a) > 0 and a[0] != '!':
143 nargs += a[1:].split()
145 print '+ %s' % ' '.join(args)
146 rc = OS.spawnvp(OS.P_WAIT, args[0], args)
148 raise SubprocessError, rc
150 def hexhyphens(bytes):
152 Convert a byte string BYTES into hex, with hyphens at each 4-byte boundary.
155 for i in xrange(0, len(bytes)):
156 if i > 0 and i % 4 == 0: out.write('-')
157 out.write('%02x' % ord(bytes[i]))
158 return out.getvalue()
160 def fingerprint(kf, ktag):
162 Compute the fingerprint of a key, using the user's selected hash.
164 KF is the name of a keyfile; KTAG is the tag of the key.
166 h = C.gchashes[conf['fingerprint-hash']]()
167 k = C.KeyFile(kf)[ktag].fingerprint(h, '-secret')
170 ###--------------------------------------------------------------------------
171 ### The configuration file.
174 class ConfigFileError (Exception): pass
176 ## The configuration dictionary.
181 Apply configuration substitutions to S.
183 That is, for each ${KEY} in S, replace it with the current value of the
184 configuration variable KEY.
186 return subst(s, rx_dollarsubst, conf)
190 Read the file F and insert assignments into the configuration dictionary.
195 if rx_comment.match(line): continue
196 if line[-1] == '\n': line = line[:-1]
197 match = rx_keyval.match(line)
199 raise ConfigFileError, "%s:%d: bad line `%s'" % (f, lno, line)
200 k, v = match.groups()
201 conf[k] = conf_subst(v)
205 Apply defaults to the configuration dictionary.
207 Fill in all the interesting configuration variables based on the existing
208 contents, as described in the manual.
210 for k, v in [('repos-base', 'tripe-keys.tar.gz'),
211 ('sig-base', 'tripe-keys.sig-<SEQ>'),
212 ('repos-url', '${base-url}${repos-base}'),
213 ('sig-url', '${base-url}${sig-base}'),
214 ('sig-file', '${base-dir}${sig-base}'),
215 ('repos-file', '${base-dir}${repos-base}'),
216 ('conf-file', '${base-dir}tripe-keys.conf'),
217 ('upload-hook', ': run upload hook'),
219 ('kx-param', lambda: {'dh': '-LS -b2048 -B256',
220 'ec': '-Cnist-p256'}[conf['kx']]),
221 ('kx-expire', 'now + 1 year'),
222 ('cipher', 'blowfish-cbc'),
224 ('master-keygen-flags', '-l'),
225 ('mgf', '${hash}-mgf'),
226 ('mac', lambda: '%s-hmac/%d' %
228 C.gchashes[conf['hash']].hashsz * 4)),
229 ('sig', lambda: {'dh': 'dsa', 'ec': 'ecdsa'}[conf['kx']]),
230 ('sig-fresh', 'always'),
231 ('sig-genalg', lambda: {'kcdsa': 'dh',
236 'eckcdsa': 'ec'}[conf['sig']]),
237 ('sig-param', lambda: {'dh': '-LS -b2048 -B256',
238 'dsa': '-b2048 -B256',
240 'rsa': '-b2048'}[conf['sig-genalg']]),
241 ('sig-hash', '${hash}'),
242 ('sig-expire', 'forever'),
243 ('fingerprint-hash', '${hash}')]:
245 if k in conf: continue
247 conf[k] = conf_subst(v)
250 except KeyError, exc:
251 if len(exc.args) == 0: raise
252 conf[k] = '<missing-var %s>' % exc.args[0]
254 ###--------------------------------------------------------------------------
255 ### Key-management utilities.
259 Iterate over the master keys.
261 if not OS.path.exists('master'):
263 for k in C.KeyFile('master').itervalues():
264 if (k.type != 'tripe-keys-master' or
266 not k.tag.startswith('master-')):
270 def master_sequence(k):
272 Return the sequence number of the given master key as an integer.
274 No checking is done that K is really a master key.
276 return int(k.tag[7:])
278 def max_master_sequence():
280 Find the master key with the highest sequence number and return this
284 for k in master_keys():
285 q = master_sequence(k)
291 Return the value of the configuration variable X, with <SEQ> replaced by
294 return rx_seq.sub(str(q), conf[x])
296 ###--------------------------------------------------------------------------
297 ### Commands: help [COMMAND...]
299 def version(fp = SYS.stdout):
300 fp.write('%s, %s version %s\n' % (quis, PACKAGE, VERSION))
303 fp.write('Usage: %s SUBCOMMAND [ARGS...]\n' % quis)
311 Key management utility for TrIPE.
315 -h, --help Show this help message.
316 -v, --version Show the version number.
317 -u, --usage Show pointlessly short usage string.
319 Subcommands available:
321 args = commands.keys()
324 func, min, max, help = commands[c]
325 print '%s %s' % (c, help)
327 ###--------------------------------------------------------------------------
328 ### Commands: newmaster
330 def cmd_newmaster(args):
331 seq = max_master_sequence() + 1
332 run('''key -kmaster add
333 -a${sig-genalg} !${sig-param}
334 -e${sig-expire} !${master-keygen-flags} -tmaster-%d tripe-keys-master
335 sig=${sig} hash=${sig-hash}''' % seq)
336 run('key -kmaster extract -f-secret repos/master.pub')
338 ###--------------------------------------------------------------------------
343 run('''key -krepos/param add
344 -a${kx}-param !${kx-param}
345 -eforever -tparam tripe-${kx}-param
346 cipher=${cipher} hash=${hash} mac=${mac} mgf=${mgf}''')
349 ###--------------------------------------------------------------------------
352 def cmd_upload(args):
354 ## Sanitize the repository directory
355 umask = OS.umask(0); OS.umask(umask)
357 for f in OS.listdir('repos'):
358 ff = OS.path.join('repos', f)
359 if (f.startswith('master') or f.startswith('peer-')) \
360 and f.endswith('.old'):
367 OS.symlink('../repos', 'tmp/repos')
371 ## Build the configuration file
372 seq = max_master_sequence()
373 v = {'MASTER-SEQUENCE': str(seq),
374 'HK-MASTER': hexhyphens(fingerprint('repos/master.pub',
376 fin = file('tripe-keys.master')
377 fout = file('tmp/tripe-keys.conf', 'w')
379 fout.write(subst(line, rx_atsubst, v))
380 fin.close(); fout.close()
381 SH.copyfile('tmp/tripe-keys.conf', conf_subst('${conf-file}.new'))
382 commit = [conf['repos-file'], conf['conf-file']]
384 ## Make and sign the repository archive
386 run('tar chozf ${repos-file}.new .')
388 for k in master_keys():
389 seq = master_sequence(k)
390 sigfile = seqsubst('sig-file', seq)
391 run('''catsign -kmaster sign -abdC -kmaster-%d
392 -o%s.new ${repos-file}.new''' % (seq, sigfile))
393 commit.append(sigfile)
395 ## Commit the changes
397 new = '%s.new' % base
402 run('sh -c ${upload-hook}')
404 ###--------------------------------------------------------------------------
405 ### Commands: rebuild
407 def cmd_rebuild(args):
409 for i in OS.listdir('repos'):
410 if i.startswith('peer-') and i.endswith('.pub'):
411 run('key -kkeyring.pub merge %s' % OS.path.join('repos', i))
413 ###--------------------------------------------------------------------------
416 def cmd_update(args):
421 ## Fetch a new distribution
424 seq = int(conf['master-sequence'])
425 run('curl -s -o tripe-keys.tar.gz ${repos-url}')
426 run('curl -s -o tripe-keys.sig %s' % seqsubst('sig-url', seq))
427 run('tar xfz tripe-keys.tar.gz')
429 ## Verify the signature
430 want = C.bytes(rx_nonalpha.sub('', conf['hk-master']))
431 got = fingerprint('repos/master.pub', 'master-%d' % seq)
432 if want != got: raise VerifyError
433 run('''catsign -krepos/master.pub verify -avC -kmaster-%d
434 -t${sig-fresh} tripe-keys.sig tripe-keys.tar.gz''' % seq)
436 ## OK: update our copy
438 if OS.path.exists('repos'): OS.rename('repos', 'repos.old')
439 OS.rename('tmp/repos', 'repos')
440 if not FC.cmp('tmp/tripe-keys.conf', 'tripe-keys.conf'):
441 moan('configuration file changed: recommend running another update')
442 OS.rename('tmp/tripe-keys.conf', 'tripe-keys.conf')
450 ###--------------------------------------------------------------------------
451 ### Commands: generate TAG
453 def cmd_generate(args):
455 keyring_pub = 'peer-%s.pub' % tag
456 zap('keyring'); zap(keyring_pub)
457 run('key -kkeyring merge repos/param')
458 run('key -kkeyring add -a${kx} -pparam -e${kx-expire} -t%s tripe-${kx}' %
460 run('key -kkeyring extract -f-secret %s %s' % (keyring_pub, tag))
462 ###--------------------------------------------------------------------------
468 for i in OS.listdir('.'):
470 if r.endswith('.old'): r = r[:-4]
471 if (r == 'master' or r == 'param' or
472 r == 'keyring' or r == 'keyring.pub' or r.startswith('peer-')):
475 ###--------------------------------------------------------------------------
479 class UsageError (Exception): pass
481 commands = {'help': (cmd_help, 0, 1, ''),
482 'newmaster': (cmd_newmaster, 0, 0, ''),
483 'setup': (cmd_setup, 0, 0, ''),
484 'upload': (cmd_upload, 0, 0, ''),
485 'update': (cmd_update, 0, 0, ''),
486 'clean': (cmd_clean, 0, 0, ''),
487 'generate': (cmd_generate, 1, 1, 'TAG'),
488 'rebuild': (cmd_rebuild, 0, 0, '')}
492 Load the appropriate configuration file and set up the configuration
495 for f in ['tripe-keys.master', 'tripe-keys.conf']:
496 if OS.path.exists(f):
503 Main program: parse options and dispatch to appropriate command handler.
506 opts, args = O.getopt(argv[1:], 'hvu',
507 ['help', 'version', 'usage'])
508 except O.GetoptError, exc:
513 if o in ('-h', '--help'):
516 elif o in ('-v', '--version'):
519 elif o in ('-u', '--usage'):
526 func, min, max, help = commands[c]
528 if len(args) < min or (max > 0 and len(args) > max):
529 raise UsageError, (c, help)
532 ###----- That's all, folks --------------------------------------------------
534 if __name__ == '__main__':