git.oblomov.eu Git - git/blob - gpg-interface.c

   1 #include "cache.h"
   2 #include "config.h"
   3 #include "run-command.h"
   4 #include "strbuf.h"
   5 #include "gpg-interface.h"
   6 #include "sigchain.h"
   7 #include "tempfile.h"
   8
   9 static char *configured_signing_key;
  10 static const char *gpg_format = "openpgp";
  11 static const char *gpg_program = "gpg";
  12
  13 #define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
  14 #define PGP_MESSAGE "-----BEGIN PGP MESSAGE-----"
  15
  16 void signature_check_clear(struct signature_check *sigc)
  17 {
  18         FREE_AND_NULL(sigc->payload);
  19         FREE_AND_NULL(sigc->gpg_output);
  20         FREE_AND_NULL(sigc->gpg_status);
  21         FREE_AND_NULL(sigc->signer);
  22         FREE_AND_NULL(sigc->key);
  23 }
  24
  25 static struct {
  26         char result;
  27         const char *check;
  28 } sigcheck_gpg_status[] = {
  29         { 'G', "\n[GNUPG:] GOODSIG " },
  30         { 'B', "\n[GNUPG:] BADSIG " },
  31         { 'U', "\n[GNUPG:] TRUST_NEVER" },
  32         { 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
  33         { 'E', "\n[GNUPG:] ERRSIG "},
  34         { 'X', "\n[GNUPG:] EXPSIG "},
  35         { 'Y', "\n[GNUPG:] EXPKEYSIG "},
  36         { 'R', "\n[GNUPG:] REVKEYSIG "},
  37 };
  38
  39 static void parse_gpg_output(struct signature_check *sigc)
  40 {
  41         const char *buf = sigc->gpg_status;
  42         int i;
  43
  44         /* Iterate over all search strings */
  45         for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_status); i++) {
  46                 const char *found, *next;
  47
  48                 if (!skip_prefix(buf, sigcheck_gpg_status[i].check + 1, &found)) {
  49                         found = strstr(buf, sigcheck_gpg_status[i].check);
  50                         if (!found)
  51                                 continue;
  52                         found += strlen(sigcheck_gpg_status[i].check);
  53                 }
  54                 sigc->result = sigcheck_gpg_status[i].result;
  55                 /* The trust messages are not followed by key/signer information */
  56                 if (sigc->result != 'U') {
  57                         sigc->key = xmemdupz(found, 16);
  58                         /* The ERRSIG message is not followed by signer information */
  59                         if (sigc-> result != 'E') {
  60                                 found += 17;
  61                                 next = strchrnul(found, '\n');
  62                                 sigc->signer = xmemdupz(found, next - found);
  63                         }
  64                 }
  65         }
  66 }
  67
  68 int check_signature(const char *payload, size_t plen, const char *signature,
  69         size_t slen, struct signature_check *sigc)
  70 {
  71         struct strbuf gpg_output = STRBUF_INIT;
  72         struct strbuf gpg_status = STRBUF_INIT;
  73         int status;
  74
  75         sigc->result = 'N';
  76
  77         status = verify_signed_buffer(payload, plen, signature, slen,
  78                                       &gpg_output, &gpg_status);
  79         if (status && !gpg_output.len)
  80                 goto out;
  81         sigc->payload = xmemdupz(payload, plen);
  82         sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
  83         sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
  84         parse_gpg_output(sigc);
  85
  86  out:
  87         strbuf_release(&gpg_status);
  88         strbuf_release(&gpg_output);
  89
  90         return sigc->result != 'G' && sigc->result != 'U';
  91 }
  92
  93 void print_signature_buffer(const struct signature_check *sigc, unsigned flags)
  94 {
  95         const char *output = flags & GPG_VERIFY_RAW ?
  96                 sigc->gpg_status : sigc->gpg_output;
  97
  98         if (flags & GPG_VERIFY_VERBOSE && sigc->payload)
  99                 fputs(sigc->payload, stdout);
 100
 101         if (output)
 102                 fputs(output, stderr);
 103 }
 104
 105 static int is_gpg_start(const char *line)
 106 {
 107         return starts_with(line, PGP_SIGNATURE) ||
 108                 starts_with(line, PGP_MESSAGE);
 109 }
 110
 111 size_t parse_signature(const char *buf, size_t size)
 112 {
 113         size_t len = 0;
 114         size_t match = size;
 115         while (len < size) {
 116                 const char *eol;
 117
 118                 if (is_gpg_start(buf + len))
 119                         match = len;
 120
 121                 eol = memchr(buf + len, '\n', size - len);
 122                 len += eol ? eol - (buf + len) + 1 : size - len;
 123         }
 124         return match;
 125 }
 126
 127 void set_signing_key(const char *key)
 128 {
 129         free(configured_signing_key);
 130         configured_signing_key = xstrdup(key);
 131 }
 132
 133 int git_gpg_config(const char *var, const char *value, void *cb)
 134 {
 135         if (!strcmp(var, "user.signingkey")) {
 136                 if (!value)
 137                         return config_error_nonbool(var);
 138                 set_signing_key(value);
 139                 return 0;
 140         }
 141
 142         if (!strcmp(var, "gpg.format")) {
 143                 if (!value)
 144                         return config_error_nonbool(var);
 145                 if (strcmp(value, "openpgp"))
 146                         return error("unsupported value for %s: %s",
 147                                      var, value);
 148                 return git_config_string(&gpg_format, var, value);
 149         }
 150
 151         if (!strcmp(var, "gpg.program")) {
 152                 if (!value)
 153                         return config_error_nonbool(var);
 154                 gpg_program = xstrdup(value);
 155                 return 0;
 156         }
 157
 158         return 0;
 159 }
 160
 161 const char *get_signing_key(void)
 162 {
 163         if (configured_signing_key)
 164                 return configured_signing_key;
 165         return git_committer_info(IDENT_STRICT|IDENT_NO_DATE);
 166 }
 167
 168 int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key)
 169 {
 170         struct child_process gpg = CHILD_PROCESS_INIT;
 171         int ret;
 172         size_t i, j, bottom;
 173         struct strbuf gpg_status = STRBUF_INIT;
 174
 175         argv_array_pushl(&gpg.args,
 176                          gpg_program,
 177                          "--status-fd=2",
 178                          "-bsau", signing_key,
 179                          NULL);
 180
 181         bottom = signature->len;
 182
 183         /*
 184          * When the username signingkey is bad, program could be terminated
 185          * because gpg exits without reading and then write gets SIGPIPE.
 186          */
 187         sigchain_push(SIGPIPE, SIG_IGN);
 188         ret = pipe_command(&gpg, buffer->buf, buffer->len,
 189                            signature, 1024, &gpg_status, 0);
 190         sigchain_pop(SIGPIPE);
 191
 192         ret |= !strstr(gpg_status.buf, "\n[GNUPG:] SIG_CREATED ");
 193         strbuf_release(&gpg_status);
 194         if (ret)
 195                 return error(_("gpg failed to sign the data"));
 196
 197         /* Strip CR from the line endings, in case we are on Windows. */
 198         for (i = j = bottom; i < signature->len; i++)
 199                 if (signature->buf[i] != '\r') {
 200                         if (i != j)
 201                                 signature->buf[j] = signature->buf[i];
 202                         j++;
 203                 }
 204         strbuf_setlen(signature, j);
 205
 206         return 0;
 207 }
 208
 209 int verify_signed_buffer(const char *payload, size_t payload_size,
 210                          const char *signature, size_t signature_size,
 211                          struct strbuf *gpg_output, struct strbuf *gpg_status)
 212 {
 213         struct child_process gpg = CHILD_PROCESS_INIT;
 214         struct tempfile *temp;
 215         int ret;
 216         struct strbuf buf = STRBUF_INIT;
 217
 218         temp = mks_tempfile_t(".git_vtag_tmpXXXXXX");
 219         if (!temp)
 220                 return error_errno(_("could not create temporary file"));
 221         if (write_in_full(temp->fd, signature, signature_size) < 0 ||
 222             close_tempfile_gently(temp) < 0) {
 223                 error_errno(_("failed writing detached signature to '%s'"),
 224                             temp->filename.buf);
 225                 delete_tempfile(&temp);
 226                 return -1;
 227         }
 228
 229         argv_array_pushl(&gpg.args,
 230                          gpg_program,
 231                          "--status-fd=1",
 232                          "--keyid-format=long",
 233                          "--verify", temp->filename.buf, "-",
 234                          NULL);
 235
 236         if (!gpg_status)
 237                 gpg_status = &buf;
 238
 239         sigchain_push(SIGPIPE, SIG_IGN);
 240         ret = pipe_command(&gpg, payload, payload_size,
 241                            gpg_status, 0, gpg_output, 0);
 242         sigchain_pop(SIGPIPE);
 243
 244         delete_tempfile(&temp);
 245
 246         ret |= !strstr(gpg_status->buf, "\n[GNUPG:] GOODSIG ");
 247         strbuf_release(&buf); /* no matter it was used or not */
 248
 249         return ret;
 250 }