X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/b42d45c07b5355d3359a552f3e627c7498ac644c..152a2182891fe22eb16f2de6b05574d7b041df5f:/keys/tripe-keys.in diff --git a/keys/tripe-keys.in b/keys/tripe-keys.in index 58c36279..db577b62 100644 --- a/keys/tripe-keys.in +++ b/keys/tripe-keys.in @@ -1,45 +1,101 @@ #! @PYTHON@ -# -*-python-*- - -### External dependencies +### -*-python-*- +### +### Key management and distribution +### +### (c) 2006 Straylight/Edgeware +### + +###----- Licensing notice --------------------------------------------------- +### +### This file is part of Trivial IP Encryption (TrIPE). +### +### TrIPE is free software; you can redistribute it and/or modify +### it under the terms of the GNU General Public License as published by +### the Free Software Foundation; either version 2 of the License, or +### (at your option) any later version. +### +### TrIPE is distributed in the hope that it will be useful, +### but WITHOUT ANY WARRANTY; without even the implied warranty of +### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +### GNU General Public License for more details. +### +### You should have received a copy of the GNU General Public License +### along with TrIPE; if not, write to the Free Software Foundation, +### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +###-------------------------------------------------------------------------- +### External dependencies. import catacomb as C import os as OS import sys as SYS -import sre as RX +import re as RX import getopt as O import shutil as SH +import time as T import filecmp as FC from cStringIO import StringIO from errno import * from stat import * +###-------------------------------------------------------------------------- ### Useful regular expressions +## Match a comment or blank line. rx_comment = RX.compile(r'^\s*(#|$)') + +## Match a KEY = VALUE assignment. rx_keyval = RX.compile(r'^\s*([-\w]+)(?:\s+(?!=)|\s*=\s*)(|\S|\S.*\S)\s*$') + +## Match a ${KEY} substitution. rx_dollarsubst = RX.compile(r'\$\{([-\w]+)\}') + +## Match a @TAG@ substitution. rx_atsubst = RX.compile(r'@([-\w]+)@') + +## Match a single non-alphanumeric character. rx_nonalpha = RX.compile(r'\W') + +## Match the literal string "". rx_seq = RX.compile(r'\') -### Utility functions +## Match a shell metacharacter. +rx_shmeta = RX.compile('[\\s`!"#$&*()\\[\\];\'|<>?\\\\]') +## Match a character which needs escaping in a shell double-quoted string. +rx_shquote = RX.compile(r'["`$\\]') + +###-------------------------------------------------------------------------- +### Utility functions. + +## Exceptions. class SubprocessError (Exception): pass class VerifyError (Exception): pass +## Program name and identification. quis = OS.path.basename(SYS.argv[0]) PACKAGE = "@PACKAGE@" VERSION = "@VERSION@" def moan(msg): + """Report MSG to standard error.""" SYS.stderr.write('%s: %s\n' % (quis, msg)) def die(msg, rc = 1): + """Report MSG to standard error, and exit with code RC.""" moan(msg) SYS.exit(rc) def subst(s, rx, map): + """ + Substitute values into a string. + + Repeatedly match RX (a compiled regular expression) against the string S. + For each match, extract group 1, and use it as a key to index the MAP; + replace the match by the result. Finally, return the fully-substituted + string. + """ out = StringIO() i = 0 for m in rx.finditer(s): @@ -48,7 +104,22 @@ def subst(s, rx, map): out.write(s[i:]) return out.getvalue() +def shell_quotify(arg): + """ + Quotify ARG to keep the shell happy. + + This isn't actually used for invoking commands, just for presentation + purposes; but correctness is still nice. + """ + if not rx_shmeta.search(arg): + return arg + elif arg.find("'") == -1: + return "'%s'" % arg + else: + return '"%s"' % rx_shquote.sub(lambda m: '\\' + m.group(0), arg) + def rmtree(path): + """Delete the directory tree given by PATH.""" try: st = OS.lstat(path) except OSError, err: @@ -68,6 +139,7 @@ def rmtree(path): OS.rmdir(path) def zap(file): + """Delete the named FILE if it exists; otherwise do nothing.""" try: OS.unlink(file) except OSError, err: @@ -75,6 +147,14 @@ def zap(file): raise def run(args): + """ + Run a subprocess whose arguments are given by the string ARGS. + + The ARGS are split at word boundaries, and then subjected to configuration + variable substitution (see conf_subst). Individual argument elements + beginning with `!' are split again into multiple arguments at word + boundaries. + """ args = map(conf_subst, args.split()) nargs = [] for a in args: @@ -83,12 +163,16 @@ def run(args): else: nargs += a[1:].split() args = nargs - print '+ %s' % ' '.join(args) + print '+ %s' % ' '.join([shell_quotify(arg) for arg in args]) + SYS.stdout.flush() rc = OS.spawnvp(OS.P_WAIT, args[0], args) if rc != 0: raise SubprocessError, rc def hexhyphens(bytes): + """ + Convert a byte string BYTES into hex, with hyphens at each 4-byte boundary. + """ out = StringIO() for i in xrange(0, len(bytes)): if i > 0 and i % 4 == 0: out.write('-') @@ -96,19 +180,37 @@ def hexhyphens(bytes): return out.getvalue() def fingerprint(kf, ktag): + """ + Compute the fingerprint of a key, using the user's selected hash. + + KF is the name of a keyfile; KTAG is the tag of the key. + """ h = C.gchashes[conf['fingerprint-hash']]() k = C.KeyFile(kf)[ktag].fingerprint(h, '-secret') return h.done() -### Read configuration +###-------------------------------------------------------------------------- +### The configuration file. +## Exceptions. class ConfigFileError (Exception): pass + +## The configuration dictionary. conf = {} -def conf_subst(s): return subst(s, rx_dollarsubst, conf) +def conf_subst(s): + """ + Apply configuration substitutions to S. + + That is, for each ${KEY} in S, replace it with the current value of the + configuration variable KEY. + """ + return subst(s, rx_dollarsubst, conf) -## Read the file def conf_read(f): + """ + Read the file F and insert assignments into the configuration dictionary. + """ lno = 0 for line in file(f): lno += 1 @@ -120,8 +222,13 @@ def conf_read(f): k, v = match.groups() conf[k] = conf_subst(v) -## Sift the wreckage def conf_defaults(): + """ + Apply defaults to the configuration dictionary. + + Fill in all the interesting configuration variables based on the existing + contents, as described in the manual. + """ for k, v in [('repos-base', 'tripe-keys.tar.gz'), ('sig-base', 'tripe-keys.sig-'), ('repos-url', '${base-url}${repos-base}'), @@ -129,12 +236,15 @@ def conf_defaults(): ('sig-file', '${base-dir}${sig-base}'), ('repos-file', '${base-dir}${repos-base}'), ('conf-file', '${base-dir}tripe-keys.conf'), + ('upload-hook', ': run upload hook'), ('kx', 'dh'), - ('kx-param', lambda: {'dh': '-LS -b2048 -B256', + ('kx-param', lambda: {'dh': '-LS -b3072 -B256', 'ec': '-Cnist-p256'}[conf['kx']]), ('kx-expire', 'now + 1 year'), - ('cipher', 'blowfish-cbc'), + ('kx-warn-days', '28'), + ('cipher', 'rijndael-cbc'), ('hash', 'sha256'), + ('master-keygen-flags', '-l'), ('mgf', '${hash}-mgf'), ('mac', lambda: '%s-hmac/%d' % (conf['hash'], @@ -147,10 +257,10 @@ def conf_defaults(): 'rsapss': 'rsa', 'ecdsa': 'ec', 'eckcdsa': 'ec'}[conf['sig']]), - ('sig-param', lambda: {'dh': '-LS -b2048 -B256', - 'dsa': '-b2048 -B256', + ('sig-param', lambda: {'dh': '-LS -b3072 -B256', + 'dsa': '-b3072 -B256', 'ec': '-Cnist-p256', - 'rsa': '-b2048'}[conf['sig-genalg']]), + 'rsa': '-b3072'}[conf['sig-genalg']]), ('sig-hash', '${hash}'), ('sig-expire', 'forever'), ('fingerprint-hash', '${hash}')]: @@ -164,7 +274,50 @@ def conf_defaults(): if len(exc.args) == 0: raise conf[k] = '' % exc.args[0] -### Commands +###-------------------------------------------------------------------------- +### Key-management utilities. + +def master_keys(): + """ + Iterate over the master keys. + """ + if not OS.path.exists('master'): + return + for k in C.KeyFile('master').itervalues(): + if (k.type != 'tripe-keys-master' or + k.expiredp or + not k.tag.startswith('master-')): + continue #?? + yield k + +def master_sequence(k): + """ + Return the sequence number of the given master key as an integer. + + No checking is done that K is really a master key. + """ + return int(k.tag[7:]) + +def max_master_sequence(): + """ + Find the master key with the highest sequence number and return this + sequence number. + """ + seq = -1 + for k in master_keys(): + q = master_sequence(k) + if q > seq: seq = q + return seq + +def seqsubst(x, q): + """ + Return the value of the configuration variable X, with replaced by + the value Q. + """ + return rx_seq.sub(str(q), conf[x]) + +###-------------------------------------------------------------------------- +### Commands: help [COMMAND...] def version(fp = SYS.stdout): fp.write('%s, %s version %s\n' % (quis, PACKAGE, VERSION)) @@ -191,45 +344,35 @@ Subcommands available: args = commands.keys() args.sort() for c in args: - func, min, max, help = commands[c] - print '%s %s' % (c, help) + try: func, min, max, help = commands[c] + except KeyError: die("unknown command `%s'" % c) + print '%s%s%s' % (c, help and ' ', help) -def master_keys(): - if not OS.path.exists('master'): - return - for k in C.KeyFile('master').itervalues(): - if (k.type != 'tripe-keys-master' or - k.expiredp or - not k.tag.startswith('master-')): - continue #?? - yield k -def master_sequence(k): - return int(k.tag[7:]) -def max_master_sequence(): - seq = -1 - for k in master_keys(): - q = master_sequence(k) - if q > seq: seq = q - return seq -def seqsubst(x, q): - return rx_seq.sub(str(q), conf[x]) +###-------------------------------------------------------------------------- +### Commands: newmaster def cmd_newmaster(args): seq = max_master_sequence() + 1 run('''key -kmaster add -a${sig-genalg} !${sig-param} - -e${sig-expire} -l -tmaster-%d tripe-keys-master + -e${sig-expire} !${master-keygen-flags} -tmaster-%d tripe-keys-master sig=${sig} hash=${sig-hash}''' % seq) run('key -kmaster extract -f-secret repos/master.pub') +###-------------------------------------------------------------------------- +### Commands: setup + def cmd_setup(args): OS.mkdir('repos') run('''key -krepos/param add -a${kx}-param !${kx-param} - -eforever -tparam tripe-${kx}-param - cipher=${cipher} hash=${hash} mac=${mac} mgf=${mgf}''') + -eforever -tparam tripe-param + kx-group=${kx} cipher=${cipher} hash=${hash} mac=${mac} mgf=${mgf}''') cmd_newmaster(args) +###-------------------------------------------------------------------------- +### Commands: upload + def cmd_upload(args): ## Sanitize the repository directory @@ -280,6 +423,19 @@ def cmd_upload(args): finally: OS.chdir(cwd) rmtree('tmp') + run('sh -c ${upload-hook}') + +###-------------------------------------------------------------------------- +### Commands: rebuild + +def cmd_rebuild(args): + zap('keyring.pub') + for i in OS.listdir('repos'): + if i.startswith('peer-') and i.endswith('.pub'): + run('key -kkeyring.pub merge %s' % OS.path.join('repos', i)) + +###-------------------------------------------------------------------------- +### Commands: update def cmd_update(args): cwd = OS.getcwd() @@ -305,7 +461,7 @@ def cmd_update(args): OS.chdir(cwd) if OS.path.exists('repos'): OS.rename('repos', 'repos.old') OS.rename('tmp/repos', 'repos') - if not FC.cmp('tmp/tripe-keys.conf', 'tripe-keys.conf'): + if not FC.cmp('tmp/tripe-keys.conf', 'tripe-keys.conf', False): moan('configuration file changed: recommend running another update') OS.rename('tmp/tripe-keys.conf', 'tripe-keys.conf') rmtree('repos.old') @@ -315,21 +471,21 @@ def cmd_update(args): rmtree('tmp') cmd_rebuild(args) -def cmd_rebuild(args): - zap('keyring.pub') - for i in OS.listdir('repos'): - if i.startswith('peer-') and i.endswith('.pub'): - run('key -kkeyring.pub merge %s' % OS.path.join('repos', i)) +###-------------------------------------------------------------------------- +### Commands: generate TAG def cmd_generate(args): tag, = args keyring_pub = 'peer-%s.pub' % tag zap('keyring'); zap(keyring_pub) run('key -kkeyring merge repos/param') - run('key -kkeyring add -a${kx} -pparam -e${kx-expire} -t%s tripe-${kx}' % + run('key -kkeyring add -a${kx} -pparam -e${kx-expire} -t%s tripe' % tag) run('key -kkeyring extract -f-secret %s %s' % (keyring_pub, tag)) +###-------------------------------------------------------------------------- +### Commands: clean + def cmd_clean(args): rmtree('repos') rmtree('tmp') @@ -340,9 +496,64 @@ def cmd_clean(args): r == 'keyring' or r == 'keyring.pub' or r.startswith('peer-')): zap(i) -### Main driver +###-------------------------------------------------------------------------- +### Commands: check + +def check_key(k): + now = T.time() + thresh = int(conf['kx-warn-days']) * 86400 + if k.exptime == C.KEXP_FOREVER: return None + elif k.exptime == C.KEXP_EXPIRE: left = -1 + else: left = k.exptime - now + if left < 0: + return "key `%s' HAS EXPIRED" % k.tag + elif left < thresh: + if left >= 86400: n, u, uu = left // 86400, 'day', 'days' + else: n, u, uu = left // 3600, 'hour', 'hours' + return "key `%s' EXPIRES in %d %s" % (k.tag, n, n == 1 and u or uu) + else: + return None + +def cmd_check(args): + if OS.path.exists('keyring.pub'): + for k in C.KeyFile('keyring.pub').itervalues(): + whinge = check_key(k) + if whinge is not None: print whinge + if OS.path.exists('master'): + whinges = [] + for k in C.KeyFile('master').itervalues(): + whinge = check_key(k) + if whinge is None: break + whinges.append(whinge) + else: + for whinge in whinges: print whinge + +###-------------------------------------------------------------------------- +### Commands: mtu + +def cmd_mtu(args): + mtu, = (lambda mtu = '1500': (mtu,))(*args) + mtu = int(mtu) + + blksz = C.gcciphers[conf['cipher']].blksz + + index = conf['mac'].find('/') + if index == -1: + tagsz = C.gcmacs[conf['mac']].tagsz + else: + tagsz = int(conf['mac'][index + 1:])/8 + + mtu -= 20 # Minimum IP header + mtu -= 8 # UDP header + mtu -= 1 # TrIPE packet type octet + mtu -= tagsz # MAC tag + mtu -= 4 # Sequence number + mtu -= blksz # Initialization vector + + print mtu -class UsageError (Exception): pass +###-------------------------------------------------------------------------- +### Main driver. commands = {'help': (cmd_help, 0, 1, ''), 'newmaster': (cmd_newmaster, 0, 0, ''), @@ -350,16 +561,26 @@ commands = {'help': (cmd_help, 0, 1, ''), 'upload': (cmd_upload, 0, 0, ''), 'update': (cmd_update, 0, 0, ''), 'clean': (cmd_clean, 0, 0, ''), + 'mtu': (cmd_mtu, 0, 1, '[PATH-MTU]'), + 'check': (cmd_check, 0, 0, ''), 'generate': (cmd_generate, 1, 1, 'TAG'), 'rebuild': (cmd_rebuild, 0, 0, '')} def init(): + """ + Load the appropriate configuration file and set up the configuration + dictionary. + """ for f in ['tripe-keys.master', 'tripe-keys.conf']: if OS.path.exists(f): conf_read(f) break conf_defaults() + def main(argv): + """ + Main program: parse options and dispatch to appropriate command handler. + """ try: opts, args = O.getopt(argv[1:], 'hvu', ['help', 'version', 'usage']) @@ -381,11 +602,16 @@ def main(argv): cmd_help([]) else: c = argv[1] - func, min, max, help = commands[c] + try: func, min, max, help = commands[c] + except KeyError: die("unknown command `%s'" % c) args = argv[2:] - if len(args) < min or (max > 0 and len(args) > max): - raise UsageError, (c, help) + if len(args) < min or (max is not None and len(args) > max): + SYS.stderr.write('Usage: %s %s%s%s\n' % (quis, c, help and ' ', help)) + SYS.exit(1) func(args) -init() -main(SYS.argv) +###----- That's all, folks -------------------------------------------------- + +if __name__ == '__main__': + init() + main(SYS.argv)