]>
git.ipfire.org Git - thirdparty/git.git/blob - gpg-interface.c
3 #include "run-command.h"
5 #include "gpg-interface.h"
9 static char *configured_signing_key
;
10 static const char *gpg_program
= "gpg";
12 #define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
13 #define PGP_MESSAGE "-----BEGIN PGP MESSAGE-----"
15 void signature_check_clear(struct signature_check
*sigc
)
17 FREE_AND_NULL(sigc
->payload
);
18 FREE_AND_NULL(sigc
->gpg_output
);
19 FREE_AND_NULL(sigc
->gpg_status
);
20 FREE_AND_NULL(sigc
->signer
);
21 FREE_AND_NULL(sigc
->key
);
27 } sigcheck_gpg_status
[] = {
28 { 'G', "\n[GNUPG:] GOODSIG " },
29 { 'B', "\n[GNUPG:] BADSIG " },
30 { 'U', "\n[GNUPG:] TRUST_NEVER" },
31 { 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
32 { 'E', "\n[GNUPG:] ERRSIG "},
33 { 'X', "\n[GNUPG:] EXPSIG "},
34 { 'Y', "\n[GNUPG:] EXPKEYSIG "},
35 { 'R', "\n[GNUPG:] REVKEYSIG "},
38 void parse_gpg_output(struct signature_check
*sigc
)
40 const char *buf
= sigc
->gpg_status
;
43 /* Iterate over all search strings */
44 for (i
= 0; i
< ARRAY_SIZE(sigcheck_gpg_status
); i
++) {
45 const char *found
, *next
;
47 if (!skip_prefix(buf
, sigcheck_gpg_status
[i
].check
+ 1, &found
)) {
48 found
= strstr(buf
, sigcheck_gpg_status
[i
].check
);
51 found
+= strlen(sigcheck_gpg_status
[i
].check
);
53 sigc
->result
= sigcheck_gpg_status
[i
].result
;
54 /* The trust messages are not followed by key/signer information */
55 if (sigc
->result
!= 'U') {
56 sigc
->key
= xmemdupz(found
, 16);
57 /* The ERRSIG message is not followed by signer information */
58 if (sigc
-> result
!= 'E') {
60 next
= strchrnul(found
, '\n');
61 sigc
->signer
= xmemdupz(found
, next
- found
);
67 int check_signature(const char *payload
, size_t plen
, const char *signature
,
68 size_t slen
, struct signature_check
*sigc
)
70 struct strbuf gpg_output
= STRBUF_INIT
;
71 struct strbuf gpg_status
= STRBUF_INIT
;
76 status
= verify_signed_buffer(payload
, plen
, signature
, slen
,
77 &gpg_output
, &gpg_status
);
78 if (status
&& !gpg_output
.len
)
80 sigc
->payload
= xmemdupz(payload
, plen
);
81 sigc
->gpg_output
= strbuf_detach(&gpg_output
, NULL
);
82 sigc
->gpg_status
= strbuf_detach(&gpg_status
, NULL
);
83 parse_gpg_output(sigc
);
86 strbuf_release(&gpg_status
);
87 strbuf_release(&gpg_output
);
89 return sigc
->result
!= 'G' && sigc
->result
!= 'U';
92 void print_signature_buffer(const struct signature_check
*sigc
, unsigned flags
)
94 const char *output
= flags
& GPG_VERIFY_RAW
?
95 sigc
->gpg_status
: sigc
->gpg_output
;
97 if (flags
& GPG_VERIFY_VERBOSE
&& sigc
->payload
)
98 fputs(sigc
->payload
, stdout
);
101 fputs(output
, stderr
);
105 * Look at GPG signed content (e.g. a signed tag object), whose
106 * payload is followed by a detached signature on it. Return the
107 * offset where the embedded detached signature begins, or the end of
108 * the data when there is no such signature.
110 size_t parse_signature(const char *buf
, unsigned long size
)
114 while (len
< size
&& !starts_with(buf
+ len
, PGP_SIGNATURE
) &&
115 !starts_with(buf
+ len
, PGP_MESSAGE
)) {
116 eol
= memchr(buf
+ len
, '\n', size
- len
);
117 len
+= eol
? eol
- (buf
+ len
) + 1 : size
- len
;
122 void set_signing_key(const char *key
)
124 free(configured_signing_key
);
125 configured_signing_key
= xstrdup(key
);
128 int git_gpg_config(const char *var
, const char *value
, void *cb
)
130 if (!strcmp(var
, "user.signingkey")) {
131 set_signing_key(value
);
133 if (!strcmp(var
, "gpg.program")) {
135 return config_error_nonbool(var
);
136 gpg_program
= xstrdup(value
);
141 const char *get_signing_key(void)
143 if (configured_signing_key
)
144 return configured_signing_key
;
145 return git_committer_info(IDENT_STRICT
|IDENT_NO_DATE
);
149 * Create a detached signature for the contents of "buffer" and append
150 * it after "signature"; "buffer" and "signature" can be the same
151 * strbuf instance, which would cause the detached signature appended
154 int sign_buffer(struct strbuf
*buffer
, struct strbuf
*signature
, const char *signing_key
)
156 struct child_process gpg
= CHILD_PROCESS_INIT
;
159 struct strbuf gpg_status
= STRBUF_INIT
;
161 argv_array_pushl(&gpg
.args
,
164 "-bsau", signing_key
,
167 bottom
= signature
->len
;
170 * When the username signingkey is bad, program could be terminated
171 * because gpg exits without reading and then write gets SIGPIPE.
173 sigchain_push(SIGPIPE
, SIG_IGN
);
174 ret
= pipe_command(&gpg
, buffer
->buf
, buffer
->len
,
175 signature
, 1024, &gpg_status
, 0);
176 sigchain_pop(SIGPIPE
);
178 ret
|= !strstr(gpg_status
.buf
, "\n[GNUPG:] SIG_CREATED ");
179 strbuf_release(&gpg_status
);
181 return error(_("gpg failed to sign the data"));
183 /* Strip CR from the line endings, in case we are on Windows. */
184 for (i
= j
= bottom
; i
< signature
->len
; i
++)
185 if (signature
->buf
[i
] != '\r') {
187 signature
->buf
[j
] = signature
->buf
[i
];
190 strbuf_setlen(signature
, j
);
196 * Run "gpg" to see if the payload matches the detached signature.
197 * gpg_output, when set, receives the diagnostic output from GPG.
198 * gpg_status, when set, receives the status output from GPG.
200 int verify_signed_buffer(const char *payload
, size_t payload_size
,
201 const char *signature
, size_t signature_size
,
202 struct strbuf
*gpg_output
, struct strbuf
*gpg_status
)
204 struct child_process gpg
= CHILD_PROCESS_INIT
;
205 static struct tempfile temp
;
207 struct strbuf buf
= STRBUF_INIT
;
209 fd
= mks_tempfile_t(&temp
, ".git_vtag_tmpXXXXXX");
211 return error_errno(_("could not create temporary file"));
212 if (write_in_full(fd
, signature
, signature_size
) < 0) {
213 error_errno(_("failed writing detached signature to '%s'"),
215 delete_tempfile(&temp
);
220 argv_array_pushl(&gpg
.args
,
223 "--keyid-format=long",
224 "--verify", temp
.filename
.buf
, "-",
230 sigchain_push(SIGPIPE
, SIG_IGN
);
231 ret
= pipe_command(&gpg
, payload
, payload_size
,
232 gpg_status
, 0, gpg_output
, 0);
233 sigchain_pop(SIGPIPE
);
235 delete_tempfile(&temp
);
237 ret
|= !strstr(gpg_status
->buf
, "\n[GNUPG:] GOODSIG ");
238 strbuf_release(&buf
); /* no matter it was used or not */