1#include "cache.h"
2#include "config.h"
3#include "run-command.h"
4#include "strbuf.h"
5#include "gpg-interface.h"
6#include "sigchain.h"
7#include "tempfile.h"
8static char *configured_signing_key;
10struct gpg_format {
11 const char *name;
12 const char *program;
13 const char **verify_args;
14 const char **sigs;
15};
16static const char *openpgp_verify_args[] = {
18 "--keyid-format=long",
19 NULL
20};
21static const char *openpgp_sigs[] = {
22 "-----BEGIN PGP SIGNATURE-----",
23 "-----BEGIN PGP MESSAGE-----",
24 NULL
25};
26static struct gpg_format gpg_format[] = {
28 { .name = "openpgp", .program = "gpg",
29 .verify_args = openpgp_verify_args,
30 .sigs = openpgp_sigs
31 },
32};
33static struct gpg_format *use_format = &gpg_format[0];
35static struct gpg_format *get_format_by_name(const char *str)
37{
38 int i;
39 for (i = 0; i < ARRAY_SIZE(gpg_format); i++)
41 if (!strcmp(gpg_format[i].name, str))
42 return gpg_format + i;
43 return NULL;
44}
45static struct gpg_format *get_format_by_sig(const char *sig)
47{
48 int i, j;
49 for (i = 0; i < ARRAY_SIZE(gpg_format); i++)
51 for (j = 0; gpg_format[i].sigs[j]; j++)
52 if (starts_with(sig, gpg_format[i].sigs[j]))
53 return gpg_format + i;
54 return NULL;
55}
56void signature_check_clear(struct signature_check *sigc)
58{
59 FREE_AND_NULL(sigc->payload);
60 FREE_AND_NULL(sigc->gpg_output);
61 FREE_AND_NULL(sigc->gpg_status);
62 FREE_AND_NULL(sigc->signer);
63 FREE_AND_NULL(sigc->key);
64}
65static struct {
67 char result;
68 const char *check;
69} sigcheck_gpg_status[] = {
70 { 'G', "\n[GNUPG:] GOODSIG " },
71 { 'B', "\n[GNUPG:] BADSIG " },
72 { 'U', "\n[GNUPG:] TRUST_NEVER" },
73 { 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
74 { 'E', "\n[GNUPG:] ERRSIG "},
75 { 'X', "\n[GNUPG:] EXPSIG "},
76 { 'Y', "\n[GNUPG:] EXPKEYSIG "},
77 { 'R', "\n[GNUPG:] REVKEYSIG "},
78};
79static void parse_gpg_output(struct signature_check *sigc)
81{
82 const char *buf = sigc->gpg_status;
83 int i;
84 /* Iterate over all search strings */
86 for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_status); i++) {
87 const char *found, *next;
88 if (!skip_prefix(buf, sigcheck_gpg_status[i].check + 1, &found)) {
90 found = strstr(buf, sigcheck_gpg_status[i].check);
91 if (!found)
92 continue;
93 found += strlen(sigcheck_gpg_status[i].check);
94 }
95 sigc->result = sigcheck_gpg_status[i].result;
96 /* The trust messages are not followed by key/signer information */
97 if (sigc->result != 'U') {
98 next = strchrnul(found, ' ');
99 sigc->key = xmemdupz(found, next - found);
100 /* The ERRSIG message is not followed by signer information */
101 if (*next && sigc-> result != 'E') {
102 found = next + 1;
103 next = strchrnul(found, '\n');
104 sigc->signer = xmemdupz(found, next - found);
105 }
106 }
107 }
108}
109int check_signature(const char *payload, size_t plen, const char *signature,
111 size_t slen, struct signature_check *sigc)
112{
113 struct strbuf gpg_output = STRBUF_INIT;
114 struct strbuf gpg_status = STRBUF_INIT;
115 int status;
116 sigc->result = 'N';
118 status = verify_signed_buffer(payload, plen, signature, slen,
120 &gpg_output, &gpg_status);
121 if (status && !gpg_output.len)
122 goto out;
123 sigc->payload = xmemdupz(payload, plen);
124 sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
125 sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
126 parse_gpg_output(sigc);
127 out:
129 strbuf_release(&gpg_status);
130 strbuf_release(&gpg_output);
131 return sigc->result != 'G' && sigc->result != 'U';
133}
134void print_signature_buffer(const struct signature_check *sigc, unsigned flags)
136{
137 const char *output = flags & GPG_VERIFY_RAW ?
138 sigc->gpg_status : sigc->gpg_output;
139 if (flags & GPG_VERIFY_VERBOSE && sigc->payload)
141 fputs(sigc->payload, stdout);
142 if (output)
144 fputs(output, stderr);
145}
146size_t parse_signature(const char *buf, size_t size)
148{
149 size_t len = 0;
150 size_t match = size;
151 while (len < size) {
152 const char *eol;
153 if (get_format_by_sig(buf + len))
155 match = len;
156 eol = memchr(buf + len, '\n', size - len);
158 len += eol ? eol - (buf + len) + 1 : size - len;
159 }
160 return match;
161}
162void set_signing_key(const char *key)
164{
165 free(configured_signing_key);
166 configured_signing_key = xstrdup(key);
167}
168int git_gpg_config(const char *var, const char *value, void *cb)
170{
171 struct gpg_format *fmt = NULL;
172 char *fmtname = NULL;
173 if (!strcmp(var, "user.signingkey")) {
175 if (!value)
176 return config_error_nonbool(var);
177 set_signing_key(value);
178 return 0;
179 }
180 if (!strcmp(var, "gpg.format")) {
182 if (!value)
183 return config_error_nonbool(var);
184 fmt = get_format_by_name(value);
185 if (!fmt)
186 return error("unsupported value for %s: %s",
187 var, value);
188 use_format = fmt;
189 return 0;
190 }
191 if (!strcmp(var, "gpg.program"))
193 fmtname = "openpgp";
194 if (fmtname) {
196 fmt = get_format_by_name(fmtname);
197 return git_config_string(&fmt->program, var, value);
198 }
199 return 0;
201}
202const char *get_signing_key(void)
204{
205 if (configured_signing_key)
206 return configured_signing_key;
207 return git_committer_info(IDENT_STRICT|IDENT_NO_DATE);
208}
209int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key)
211{
212 struct child_process gpg = CHILD_PROCESS_INIT;
213 int ret;
214 size_t i, j, bottom;
215 struct strbuf gpg_status = STRBUF_INIT;
216 argv_array_pushl(&gpg.args,
218 use_format->program,
219 "--status-fd=2",
220 "-bsau", signing_key,
221 NULL);
222 bottom = signature->len;
224 /*
226 * When the username signingkey is bad, program could be terminated
227 * because gpg exits without reading and then write gets SIGPIPE.
228 */
229 sigchain_push(SIGPIPE, SIG_IGN);
230 ret = pipe_command(&gpg, buffer->buf, buffer->len,
231 signature, 1024, &gpg_status, 0);
232 sigchain_pop(SIGPIPE);
233 ret |= !strstr(gpg_status.buf, "\n[GNUPG:] SIG_CREATED ");
235 strbuf_release(&gpg_status);
236 if (ret)
237 return error(_("gpg failed to sign the data"));
238 /* Strip CR from the line endings, in case we are on Windows. */
240 for (i = j = bottom; i < signature->len; i++)
241 if (signature->buf[i] != '\r') {
242 if (i != j)
243 signature->buf[j] = signature->buf[i];
244 j++;
245 }
246 strbuf_setlen(signature, j);
247 return 0;
249}
250int verify_signed_buffer(const char *payload, size_t payload_size,
252 const char *signature, size_t signature_size,
253 struct strbuf *gpg_output, struct strbuf *gpg_status)
254{
255 struct child_process gpg = CHILD_PROCESS_INIT;
256 struct gpg_format *fmt;
257 struct tempfile *temp;
258 int ret;
259 struct strbuf buf = STRBUF_INIT;
260 temp = mks_tempfile_t(".git_vtag_tmpXXXXXX");
262 if (!temp)
263 return error_errno(_("could not create temporary file"));
264 if (write_in_full(temp->fd, signature, signature_size) < 0 ||
265 close_tempfile_gently(temp) < 0) {
266 error_errno(_("failed writing detached signature to '%s'"),
267 temp->filename.buf);
268 delete_tempfile(&temp);
269 return -1;
270 }
271 fmt = get_format_by_sig(signature);
273 if (!fmt)
274 BUG("bad signature '%s'", signature);
275 argv_array_push(&gpg.args, fmt->program);
277 argv_array_pushv(&gpg.args, fmt->verify_args);
278 argv_array_pushl(&gpg.args,
279 "--status-fd=1",
280 "--verify", temp->filename.buf, "-",
281 NULL);
282 if (!gpg_status)
284 gpg_status = &buf;
285 sigchain_push(SIGPIPE, SIG_IGN);
287 ret = pipe_command(&gpg, payload, payload_size,
288 gpg_status, 0, gpg_output, 0);
289 sigchain_pop(SIGPIPE);
290 delete_tempfile(&temp);
292 ret |= !strstr(gpg_status->buf, "\n[GNUPG:] GOODSIG ");
294 strbuf_release(&buf); /* no matter it was used or not */
295 return ret;
297}