git.oblomov.eu Git - git/blob - gpg-interface.c

   1 #include "cache.h"
   2 #include "config.h"
   3 #include "run-command.h"
   4 #include "strbuf.h"
   5 #include "gpg-interface.h"
   6 #include "sigchain.h"
   7 #include "tempfile.h"
   8
   9 static char *configured_signing_key;
  10 struct gpg_format {
  11         const char *name;
  12         const char *program;
  13         const char **verify_args;
  14         const char **sigs;
  15 };
  16
  17 static const char *openpgp_verify_args[] = {
  18         "--keyid-format=long",
  19         NULL
  20 };
  21 static const char *openpgp_sigs[] = {
  22         "-----BEGIN PGP SIGNATURE-----",
  23         "-----BEGIN PGP MESSAGE-----",
  24         NULL
  25 };
  26
  27 static struct gpg_format gpg_format[] = {
  28         { .name = "openpgp", .program = "gpg",
  29           .verify_args = openpgp_verify_args,
  30           .sigs = openpgp_sigs
  31         },
  32 };
  33
  34 static struct gpg_format *use_format = &gpg_format[0];
  35
  36 static struct gpg_format *get_format_by_name(const char *str)
  37 {
  38         int i;
  39
  40         for (i = 0; i < ARRAY_SIZE(gpg_format); i++)
  41                 if (!strcmp(gpg_format[i].name, str))
  42                         return gpg_format + i;
  43         return NULL;
  44 }
  45
  46 static struct gpg_format *get_format_by_sig(const char *sig)
  47 {
  48         int i, j;
  49
  50         for (i = 0; i < ARRAY_SIZE(gpg_format); i++)
  51                 for (j = 0; gpg_format[i].sigs[j]; j++)
  52                         if (starts_with(sig, gpg_format[i].sigs[j]))
  53                                 return gpg_format + i;
  54         return NULL;
  55 }
  56
  57 void signature_check_clear(struct signature_check *sigc)
  58 {
  59         FREE_AND_NULL(sigc->payload);
  60         FREE_AND_NULL(sigc->gpg_output);
  61         FREE_AND_NULL(sigc->gpg_status);
  62         FREE_AND_NULL(sigc->signer);
  63         FREE_AND_NULL(sigc->key);
  64 }
  65
  66 static struct {
  67         char result;
  68         const char *check;
  69 } sigcheck_gpg_status[] = {
  70         { 'G', "\n[GNUPG:] GOODSIG " },
  71         { 'B', "\n[GNUPG:] BADSIG " },
  72         { 'U', "\n[GNUPG:] TRUST_NEVER" },
  73         { 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
  74         { 'E', "\n[GNUPG:] ERRSIG "},
  75         { 'X', "\n[GNUPG:] EXPSIG "},
  76         { 'Y', "\n[GNUPG:] EXPKEYSIG "},
  77         { 'R', "\n[GNUPG:] REVKEYSIG "},
  78 };
  79
  80 static void parse_gpg_output(struct signature_check *sigc)
  81 {
  82         const char *buf = sigc->gpg_status;
  83         int i;
  84
  85         /* Iterate over all search strings */
  86         for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_status); i++) {
  87                 const char *found, *next;
  88
  89                 if (!skip_prefix(buf, sigcheck_gpg_status[i].check + 1, &found)) {
  90                         found = strstr(buf, sigcheck_gpg_status[i].check);
  91                         if (!found)
  92                                 continue;
  93                         found += strlen(sigcheck_gpg_status[i].check);
  94                 }
  95                 sigc->result = sigcheck_gpg_status[i].result;
  96                 /* The trust messages are not followed by key/signer information */
  97                 if (sigc->result != 'U') {
  98                         next = strchrnul(found, ' ');
  99                         sigc->key = xmemdupz(found, next - found);
 100                         /* The ERRSIG message is not followed by signer information */
 101                         if (*next && sigc-> result != 'E') {
 102                                 found = next + 1;
 103                                 next = strchrnul(found, '\n');
 104                                 sigc->signer = xmemdupz(found, next - found);
 105                         }
 106                 }
 107         }
 108 }
 109
 110 int check_signature(const char *payload, size_t plen, const char *signature,
 111         size_t slen, struct signature_check *sigc)
 112 {
 113         struct strbuf gpg_output = STRBUF_INIT;
 114         struct strbuf gpg_status = STRBUF_INIT;
 115         int status;
 116
 117         sigc->result = 'N';
 118
 119         status = verify_signed_buffer(payload, plen, signature, slen,
 120                                       &gpg_output, &gpg_status);
 121         if (status && !gpg_output.len)
 122                 goto out;
 123         sigc->payload = xmemdupz(payload, plen);
 124         sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
 125         sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
 126         parse_gpg_output(sigc);
 127
 128  out:
 129         strbuf_release(&gpg_status);
 130         strbuf_release(&gpg_output);
 131
 132         return sigc->result != 'G' && sigc->result != 'U';
 133 }
 134
 135 void print_signature_buffer(const struct signature_check *sigc, unsigned flags)
 136 {
 137         const char *output = flags & GPG_VERIFY_RAW ?
 138                 sigc->gpg_status : sigc->gpg_output;
 139
 140         if (flags & GPG_VERIFY_VERBOSE && sigc->payload)
 141                 fputs(sigc->payload, stdout);
 142
 143         if (output)
 144                 fputs(output, stderr);
 145 }
 146
 147 size_t parse_signature(const char *buf, size_t size)
 148 {
 149         size_t len = 0;
 150         size_t match = size;
 151         while (len < size) {
 152                 const char *eol;
 153
 154                 if (get_format_by_sig(buf + len))
 155                         match = len;
 156
 157                 eol = memchr(buf + len, '\n', size - len);
 158                 len += eol ? eol - (buf + len) + 1 : size - len;
 159         }
 160         return match;
 161 }
 162
 163 void set_signing_key(const char *key)
 164 {
 165         free(configured_signing_key);
 166         configured_signing_key = xstrdup(key);
 167 }
 168
 169 int git_gpg_config(const char *var, const char *value, void *cb)
 170 {
 171         struct gpg_format *fmt = NULL;
 172         char *fmtname = NULL;
 173
 174         if (!strcmp(var, "user.signingkey")) {
 175                 if (!value)
 176                         return config_error_nonbool(var);
 177                 set_signing_key(value);
 178                 return 0;
 179         }
 180
 181         if (!strcmp(var, "gpg.format")) {
 182                 if (!value)
 183                         return config_error_nonbool(var);
 184                 fmt = get_format_by_name(value);
 185                 if (!fmt)
 186                         return error("unsupported value for %s: %s",
 187                                      var, value);
 188                 use_format = fmt;
 189                 return 0;
 190         }
 191
 192         if (!strcmp(var, "gpg.program"))
 193                 fmtname = "openpgp";
 194
 195         if (fmtname) {
 196                 fmt = get_format_by_name(fmtname);
 197                 return git_config_string(&fmt->program, var, value);
 198         }
 199
 200         return 0;
 201 }
 202
 203 const char *get_signing_key(void)
 204 {
 205         if (configured_signing_key)
 206                 return configured_signing_key;
 207         return git_committer_info(IDENT_STRICT|IDENT_NO_DATE);
 208 }
 209
 210 int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key)
 211 {
 212         struct child_process gpg = CHILD_PROCESS_INIT;
 213         int ret;
 214         size_t i, j, bottom;
 215         struct strbuf gpg_status = STRBUF_INIT;
 216
 217         argv_array_pushl(&gpg.args,
 218                          use_format->program,
 219                          "--status-fd=2",
 220                          "-bsau", signing_key,
 221                          NULL);
 222
 223         bottom = signature->len;
 224
 225         /*
 226          * When the username signingkey is bad, program could be terminated
 227          * because gpg exits without reading and then write gets SIGPIPE.
 228          */
 229         sigchain_push(SIGPIPE, SIG_IGN);
 230         ret = pipe_command(&gpg, buffer->buf, buffer->len,
 231                            signature, 1024, &gpg_status, 0);
 232         sigchain_pop(SIGPIPE);
 233
 234         ret |= !strstr(gpg_status.buf, "\n[GNUPG:] SIG_CREATED ");
 235         strbuf_release(&gpg_status);
 236         if (ret)
 237                 return error(_("gpg failed to sign the data"));
 238
 239         /* Strip CR from the line endings, in case we are on Windows. */
 240         for (i = j = bottom; i < signature->len; i++)
 241                 if (signature->buf[i] != '\r') {
 242                         if (i != j)
 243                                 signature->buf[j] = signature->buf[i];
 244                         j++;
 245                 }
 246         strbuf_setlen(signature, j);
 247
 248         return 0;
 249 }
 250
 251 int verify_signed_buffer(const char *payload, size_t payload_size,
 252                          const char *signature, size_t signature_size,
 253                          struct strbuf *gpg_output, struct strbuf *gpg_status)
 254 {
 255         struct child_process gpg = CHILD_PROCESS_INIT;
 256         struct gpg_format *fmt;
 257         struct tempfile *temp;
 258         int ret;
 259         struct strbuf buf = STRBUF_INIT;
 260
 261         temp = mks_tempfile_t(".git_vtag_tmpXXXXXX");
 262         if (!temp)
 263                 return error_errno(_("could not create temporary file"));
 264         if (write_in_full(temp->fd, signature, signature_size) < 0 ||
 265             close_tempfile_gently(temp) < 0) {
 266                 error_errno(_("failed writing detached signature to '%s'"),
 267                             temp->filename.buf);
 268                 delete_tempfile(&temp);
 269                 return -1;
 270         }
 271
 272         fmt = get_format_by_sig(signature);
 273         if (!fmt)
 274                 BUG("bad signature '%s'", signature);
 275
 276         argv_array_push(&gpg.args, fmt->program);
 277         argv_array_pushv(&gpg.args, fmt->verify_args);
 278         argv_array_pushl(&gpg.args,
 279                          "--status-fd=1",
 280                          "--verify", temp->filename.buf, "-",
 281                          NULL);
 282
 283         if (!gpg_status)
 284                 gpg_status = &buf;
 285
 286         sigchain_push(SIGPIPE, SIG_IGN);
 287         ret = pipe_command(&gpg, payload, payload_size,
 288                            gpg_status, 0, gpg_output, 0);
 289         sigchain_pop(SIGPIPE);
 290
 291         delete_tempfile(&temp);
 292
 293         ret |= !strstr(gpg_status->buf, "\n[GNUPG:] GOODSIG ");
 294         strbuf_release(&buf); /* no matter it was used or not */
 295
 296         return ret;
 297 }