a02db765807dfdcd14054b3641040e0e77256516
1#include "cache.h"
2#include "config.h"
3#include "run-command.h"
4#include "strbuf.h"
5#include "gpg-interface.h"
6#include "sigchain.h"
7#include "tempfile.h"
8static char *configured_signing_key;
10struct gpg_format {
11 const char *name;
12 const char *program;
13 const char **verify_args;
14 const char **sigs;
15};
16static const char *openpgp_verify_args[] = {
18 "--keyid-format=long",
19 NULL
20};
21static const char *openpgp_sigs[] = {
22 "-----BEGIN PGP SIGNATURE-----",
23 "-----BEGIN PGP MESSAGE-----",
24 NULL
25};
26static struct gpg_format gpg_format[] = {
28 { .name = "openpgp", .program = "gpg",
29 .verify_args = openpgp_verify_args,
30 .sigs = openpgp_sigs
31 },
32};
33static struct gpg_format *use_format = &gpg_format[0];
35static struct gpg_format *get_format_by_name(const char *str)
37{
38 int i;
39 for (i = 0; i < ARRAY_SIZE(gpg_format); i++)
41 if (!strcmp(gpg_format[i].name, str))
42 return gpg_format + i;
43 return NULL;
44}
45static struct gpg_format *get_format_by_sig(const char *sig)
47{
48 int i, j;
49 for (i = 0; i < ARRAY_SIZE(gpg_format); i++)
51 for (j = 0; gpg_format[i].sigs[j]; j++)
52 if (starts_with(sig, gpg_format[i].sigs[j]))
53 return gpg_format + i;
54 return NULL;
55}
56void signature_check_clear(struct signature_check *sigc)
58{
59 FREE_AND_NULL(sigc->payload);
60 FREE_AND_NULL(sigc->gpg_output);
61 FREE_AND_NULL(sigc->gpg_status);
62 FREE_AND_NULL(sigc->signer);
63 FREE_AND_NULL(sigc->key);
64}
65static struct {
67 char result;
68 const char *check;
69} sigcheck_gpg_status[] = {
70 { 'G', "\n[GNUPG:] GOODSIG " },
71 { 'B', "\n[GNUPG:] BADSIG " },
72 { 'U', "\n[GNUPG:] TRUST_NEVER" },
73 { 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
74 { 'E', "\n[GNUPG:] ERRSIG "},
75 { 'X', "\n[GNUPG:] EXPSIG "},
76 { 'Y', "\n[GNUPG:] EXPKEYSIG "},
77 { 'R', "\n[GNUPG:] REVKEYSIG "},
78};
79static void parse_gpg_output(struct signature_check *sigc)
81{
82 const char *buf = sigc->gpg_status;
83 int i;
84 /* Iterate over all search strings */
86 for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_status); i++) {
87 const char *found, *next;
88 if (!skip_prefix(buf, sigcheck_gpg_status[i].check + 1, &found)) {
90 found = strstr(buf, sigcheck_gpg_status[i].check);
91 if (!found)
92 continue;
93 found += strlen(sigcheck_gpg_status[i].check);
94 }
95 sigc->result = sigcheck_gpg_status[i].result;
96 /* The trust messages are not followed by key/signer information */
97 if (sigc->result != 'U') {
98 sigc->key = xmemdupz(found, 16);
99 /* The ERRSIG message is not followed by signer information */
100 if (sigc-> result != 'E') {
101 found += 17;
102 next = strchrnul(found, '\n');
103 sigc->signer = xmemdupz(found, next - found);
104 }
105 }
106 }
107}
108int check_signature(const char *payload, size_t plen, const char *signature,
110 size_t slen, struct signature_check *sigc)
111{
112 struct strbuf gpg_output = STRBUF_INIT;
113 struct strbuf gpg_status = STRBUF_INIT;
114 int status;
115 sigc->result = 'N';
117 status = verify_signed_buffer(payload, plen, signature, slen,
119 &gpg_output, &gpg_status);
120 if (status && !gpg_output.len)
121 goto out;
122 sigc->payload = xmemdupz(payload, plen);
123 sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
124 sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
125 parse_gpg_output(sigc);
126 out:
128 strbuf_release(&gpg_status);
129 strbuf_release(&gpg_output);
130 return sigc->result != 'G' && sigc->result != 'U';
132}
133void print_signature_buffer(const struct signature_check *sigc, unsigned flags)
135{
136 const char *output = flags & GPG_VERIFY_RAW ?
137 sigc->gpg_status : sigc->gpg_output;
138 if (flags & GPG_VERIFY_VERBOSE && sigc->payload)
140 fputs(sigc->payload, stdout);
141 if (output)
143 fputs(output, stderr);
144}
145size_t parse_signature(const char *buf, size_t size)
147{
148 size_t len = 0;
149 size_t match = size;
150 while (len < size) {
151 const char *eol;
152 if (get_format_by_sig(buf + len))
154 match = len;
155 eol = memchr(buf + len, '\n', size - len);
157 len += eol ? eol - (buf + len) + 1 : size - len;
158 }
159 return match;
160}
161void set_signing_key(const char *key)
163{
164 free(configured_signing_key);
165 configured_signing_key = xstrdup(key);
166}
167int git_gpg_config(const char *var, const char *value, void *cb)
169{
170 struct gpg_format *fmt = NULL;
171 char *fmtname = NULL;
172 if (!strcmp(var, "user.signingkey")) {
174 if (!value)
175 return config_error_nonbool(var);
176 set_signing_key(value);
177 return 0;
178 }
179 if (!strcmp(var, "gpg.format")) {
181 if (!value)
182 return config_error_nonbool(var);
183 fmt = get_format_by_name(value);
184 if (!fmt)
185 return error("unsupported value for %s: %s",
186 var, value);
187 use_format = fmt;
188 return 0;
189 }
190 if (!strcmp(var, "gpg.program"))
192 fmtname = "openpgp";
193 if (fmtname) {
195 fmt = get_format_by_name(fmtname);
196 return git_config_string(&fmt->program, var, value);
197 }
198 return 0;
200}
201const char *get_signing_key(void)
203{
204 if (configured_signing_key)
205 return configured_signing_key;
206 return git_committer_info(IDENT_STRICT|IDENT_NO_DATE);
207}
208int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key)
210{
211 struct child_process gpg = CHILD_PROCESS_INIT;
212 int ret;
213 size_t i, j, bottom;
214 struct strbuf gpg_status = STRBUF_INIT;
215 argv_array_pushl(&gpg.args,
217 use_format->program,
218 "--status-fd=2",
219 "-bsau", signing_key,
220 NULL);
221 bottom = signature->len;
223 /*
225 * When the username signingkey is bad, program could be terminated
226 * because gpg exits without reading and then write gets SIGPIPE.
227 */
228 sigchain_push(SIGPIPE, SIG_IGN);
229 ret = pipe_command(&gpg, buffer->buf, buffer->len,
230 signature, 1024, &gpg_status, 0);
231 sigchain_pop(SIGPIPE);
232 ret |= !strstr(gpg_status.buf, "\n[GNUPG:] SIG_CREATED ");
234 strbuf_release(&gpg_status);
235 if (ret)
236 return error(_("gpg failed to sign the data"));
237 /* Strip CR from the line endings, in case we are on Windows. */
239 for (i = j = bottom; i < signature->len; i++)
240 if (signature->buf[i] != '\r') {
241 if (i != j)
242 signature->buf[j] = signature->buf[i];
243 j++;
244 }
245 strbuf_setlen(signature, j);
246 return 0;
248}
249int verify_signed_buffer(const char *payload, size_t payload_size,
251 const char *signature, size_t signature_size,
252 struct strbuf *gpg_output, struct strbuf *gpg_status)
253{
254 struct child_process gpg = CHILD_PROCESS_INIT;
255 struct gpg_format *fmt;
256 struct tempfile *temp;
257 int ret;
258 struct strbuf buf = STRBUF_INIT;
259 temp = mks_tempfile_t(".git_vtag_tmpXXXXXX");
261 if (!temp)
262 return error_errno(_("could not create temporary file"));
263 if (write_in_full(temp->fd, signature, signature_size) < 0 ||
264 close_tempfile_gently(temp) < 0) {
265 error_errno(_("failed writing detached signature to '%s'"),
266 temp->filename.buf);
267 delete_tempfile(&temp);
268 return -1;
269 }
270 fmt = get_format_by_sig(signature);
272 if (!fmt)
273 BUG("bad signature '%s'", signature);
274 argv_array_push(&gpg.args, fmt->program);
276 argv_array_pushv(&gpg.args, fmt->verify_args);
277 argv_array_pushl(&gpg.args,
278 "--status-fd=1",
279 "--verify", temp->filename.buf, "-",
280 NULL);
281 if (!gpg_status)
283 gpg_status = &buf;
284 sigchain_push(SIGPIPE, SIG_IGN);
286 ret = pipe_command(&gpg, payload, payload_size,
287 gpg_status, 0, gpg_output, 0);
288 sigchain_pop(SIGPIPE);
289 delete_tempfile(&temp);
291 ret |= !strstr(gpg_status->buf, "\n[GNUPG:] GOODSIG ");
293 strbuf_release(&buf); /* no matter it was used or not */
294 return ret;
296}