git.oblomov.eu Git - git/blob - gpg-interface.c

   1 #include "cache.h"
   2 #include "run-command.h"
   3 #include "strbuf.h"
   4 #include "gpg-interface.h"
   5 #include "sigchain.h"
   6 #include "tempfile.h"
   7
   8 static char *configured_signing_key;
   9 static const char *gpg_program = "gpg";
  10
  11 #define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
  12 #define PGP_MESSAGE "-----BEGIN PGP MESSAGE-----"
  13
  14 void signature_check_clear(struct signature_check *sigc)
  15 {
  16         free(sigc->payload);
  17         free(sigc->gpg_output);
  18         free(sigc->gpg_status);
  19         free(sigc->signer);
  20         free(sigc->key);
  21         sigc->payload = NULL;
  22         sigc->gpg_output = NULL;
  23         sigc->gpg_status = NULL;
  24         sigc->signer = NULL;
  25         sigc->key = NULL;
  26 }
  27
  28 static struct {
  29         char result;
  30         const char *check;
  31 } sigcheck_gpg_status[] = {
  32         { 'G', "\n[GNUPG:] GOODSIG " },
  33         { 'B', "\n[GNUPG:] BADSIG " },
  34         { 'U', "\n[GNUPG:] TRUST_NEVER" },
  35         { 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
  36 };
  37
  38 void parse_gpg_output(struct signature_check *sigc)
  39 {
  40         const char *buf = sigc->gpg_status;
  41         int i;
  42
  43         /* Iterate over all search strings */
  44         for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_status); i++) {
  45                 const char *found, *next;
  46
  47                 if (!skip_prefix(buf, sigcheck_gpg_status[i].check + 1, &found)) {
  48                         found = strstr(buf, sigcheck_gpg_status[i].check);
  49                         if (!found)
  50                                 continue;
  51                         found += strlen(sigcheck_gpg_status[i].check);
  52                 }
  53                 sigc->result = sigcheck_gpg_status[i].result;
  54                 /* The trust messages are not followed by key/signer information */
  55                 if (sigc->result != 'U') {
  56                         sigc->key = xmemdupz(found, 16);
  57                         found += 17;
  58                         next = strchrnul(found, '\n');
  59                         sigc->signer = xmemdupz(found, next - found);
  60                 }
  61         }
  62 }
  63
  64 int check_signature(const char *payload, size_t plen, const char *signature,
  65         size_t slen, struct signature_check *sigc)
  66 {
  67         struct strbuf gpg_output = STRBUF_INIT;
  68         struct strbuf gpg_status = STRBUF_INIT;
  69         int status;
  70
  71         sigc->result = 'N';
  72
  73         status = verify_signed_buffer(payload, plen, signature, slen,
  74                                       &gpg_output, &gpg_status);
  75         if (status && !gpg_output.len)
  76                 goto out;
  77         sigc->payload = xmemdupz(payload, plen);
  78         sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
  79         sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
  80         parse_gpg_output(sigc);
  81
  82  out:
  83         strbuf_release(&gpg_status);
  84         strbuf_release(&gpg_output);
  85
  86         return sigc->result != 'G' && sigc->result != 'U';
  87 }
  88
  89 void print_signature_buffer(const struct signature_check *sigc, unsigned flags)
  90 {
  91         const char *output = flags & GPG_VERIFY_RAW ?
  92                 sigc->gpg_status : sigc->gpg_output;
  93
  94         if (flags & GPG_VERIFY_VERBOSE && sigc->payload)
  95                 fputs(sigc->payload, stdout);
  96
  97         if (output)
  98                 fputs(output, stderr);
  99 }
 100
 101 /*
 102  * Look at GPG signed content (e.g. a signed tag object), whose
 103  * payload is followed by a detached signature on it.  Return the
 104  * offset where the embedded detached signature begins, or the end of
 105  * the data when there is no such signature.
 106  */
 107 size_t parse_signature(const char *buf, unsigned long size)
 108 {
 109         char *eol;
 110         size_t len = 0;
 111         while (len < size && !starts_with(buf + len, PGP_SIGNATURE) &&
 112                         !starts_with(buf + len, PGP_MESSAGE)) {
 113                 eol = memchr(buf + len, '\n', size - len);
 114                 len += eol ? eol - (buf + len) + 1 : size - len;
 115         }
 116         return len;
 117 }
 118
 119 void set_signing_key(const char *key)
 120 {
 121         free(configured_signing_key);
 122         configured_signing_key = xstrdup(key);
 123 }
 124
 125 int git_gpg_config(const char *var, const char *value, void *cb)
 126 {
 127         if (!strcmp(var, "user.signingkey")) {
 128                 set_signing_key(value);
 129         }
 130         if (!strcmp(var, "gpg.program")) {
 131                 if (!value)
 132                         return config_error_nonbool(var);
 133                 gpg_program = xstrdup(value);
 134         }
 135         return 0;
 136 }
 137
 138 const char *get_signing_key(void)
 139 {
 140         if (configured_signing_key)
 141                 return configured_signing_key;
 142         return git_committer_info(IDENT_STRICT|IDENT_NO_DATE);
 143 }
 144
 145 /*
 146  * Create a detached signature for the contents of "buffer" and append
 147  * it after "signature"; "buffer" and "signature" can be the same
 148  * strbuf instance, which would cause the detached signature appended
 149  * at the end.
 150  */
 151 int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key)
 152 {
 153         struct child_process gpg = CHILD_PROCESS_INIT;
 154         int ret;
 155         size_t i, j, bottom;
 156         struct strbuf gpg_status = STRBUF_INIT;
 157
 158         argv_array_pushl(&gpg.args,
 159                          gpg_program,
 160                          "--status-fd=2",
 161                          "-bsau", signing_key,
 162                          NULL);
 163
 164         bottom = signature->len;
 165
 166         /*
 167          * When the username signingkey is bad, program could be terminated
 168          * because gpg exits without reading and then write gets SIGPIPE.
 169          */
 170         sigchain_push(SIGPIPE, SIG_IGN);
 171         ret = pipe_command(&gpg, buffer->buf, buffer->len,
 172                            signature, 1024, &gpg_status, 0);
 173         sigchain_pop(SIGPIPE);
 174
 175         ret |= !strstr(gpg_status.buf, "\n[GNUPG:] SIG_CREATED ");
 176         strbuf_release(&gpg_status);
 177         if (ret)
 178                 return error(_("gpg failed to sign the data"));
 179
 180         /* Strip CR from the line endings, in case we are on Windows. */
 181         for (i = j = bottom; i < signature->len; i++)
 182                 if (signature->buf[i] != '\r') {
 183                         if (i != j)
 184                                 signature->buf[j] = signature->buf[i];
 185                         j++;
 186                 }
 187         strbuf_setlen(signature, j);
 188
 189         return 0;
 190 }
 191
 192 /*
 193  * Run "gpg" to see if the payload matches the detached signature.
 194  * gpg_output, when set, receives the diagnostic output from GPG.
 195  * gpg_status, when set, receives the status output from GPG.
 196  */
 197 int verify_signed_buffer(const char *payload, size_t payload_size,
 198                          const char *signature, size_t signature_size,
 199                          struct strbuf *gpg_output, struct strbuf *gpg_status)
 200 {
 201         struct child_process gpg = CHILD_PROCESS_INIT;
 202         static struct tempfile temp;
 203         int fd, ret;
 204         struct strbuf buf = STRBUF_INIT;
 205
 206         fd = mks_tempfile_t(&temp, ".git_vtag_tmpXXXXXX");
 207         if (fd < 0)
 208                 return error_errno(_("could not create temporary file"));
 209         if (write_in_full(fd, signature, signature_size) < 0) {
 210                 error_errno(_("failed writing detached signature to '%s'"),
 211                             temp.filename.buf);
 212                 delete_tempfile(&temp);
 213                 return -1;
 214         }
 215         close(fd);
 216
 217         argv_array_pushl(&gpg.args,
 218                          gpg_program,
 219                          "--status-fd=1",
 220                          "--keyid-format=long",
 221                          "--verify", temp.filename.buf, "-",
 222                          NULL);
 223
 224         if (!gpg_status)
 225                 gpg_status = &buf;
 226
 227         sigchain_push(SIGPIPE, SIG_IGN);
 228         ret = pipe_command(&gpg, payload, payload_size,
 229                            gpg_status, 0, gpg_output, 0);
 230         sigchain_pop(SIGPIPE);
 231
 232         delete_tempfile(&temp);
 233
 234         ret |= !strstr(gpg_status->buf, "\n[GNUPG:] GOODSIG ");
 235         strbuf_release(&buf); /* no matter it was used or not */
 236
 237         return ret;
 238 }