gpg-interface.h

   1 #ifndef GPG_INTERFACE_H
   2 #define GPG_INTERFACE_H
   3
   4 struct strbuf;
   5
   6 #define GPG_VERIFY_VERBOSE              1
   7 #define GPG_VERIFY_RAW                  2
   8 #define GPG_VERIFY_OMIT_STATUS  4
   9
  10 enum signature_trust_level {
  11         TRUST_UNDEFINED,
  12         TRUST_NEVER,
  13         TRUST_MARGINAL,
  14         TRUST_FULLY,
  15         TRUST_ULTIMATE,
  16 };
  17
  18 enum payload_type {
  19         SIGNATURE_PAYLOAD_UNDEFINED,
  20         SIGNATURE_PAYLOAD_COMMIT,
  21         SIGNATURE_PAYLOAD_TAG,
  22         SIGNATURE_PAYLOAD_PUSH_CERT,
  23 };
  24
  25 struct signature_check {
  26         char *payload;
  27         size_t payload_len;
  28         enum payload_type payload_type;
  29         timestamp_t payload_timestamp;
  30         char *output;
  31         char *gpg_status;
  32
  33         /*
  34          * possible "result":
  35          * 0 (not checked)
  36          * N (checked but no further result)
  37          * G (good)
  38          * B (bad)
  39          */
  40         char result;
  41         char *signer;
  42         char *key;
  43         char *fingerprint;
  44         char *primary_key_fingerprint;
  45         enum signature_trust_level trust_level;
  46 };
  47
  48 void signature_check_clear(struct signature_check *sigc);
  49
  50 /*
  51  * Look at a GPG signed tag object.  If such a signature exists, store it in
  52  * signature and the signed content in payload.  Return 1 if a signature was
  53  * found, and 0 otherwise.
  54  */
  55 int parse_signature(const char *buf, size_t size, struct strbuf *payload, struct strbuf *signature);
  56
  57 /*
  58  * Look at GPG signed content (e.g. a signed tag object), whose
  59  * payload is followed by a detached signature on it.  Return the
  60  * offset where the embedded detached signature begins, or the end of
  61  * the data when there is no such signature.
  62  */
  63 size_t parse_signed_buffer(const char *buf, size_t size);
  64
  65 /*
  66  * Create a detached signature for the contents of "buffer" and append
  67  * it after "signature"; "buffer" and "signature" can be the same
  68  * strbuf instance, which would cause the detached signature appended
  69  * at the end.  Returns 0 on success, non-zero on failure.
  70  */
  71 int sign_buffer(struct strbuf *buffer, struct strbuf *signature,
  72                 const char *signing_key);
  73
  74
  75 /*
  76  * Returns corresponding string in lowercase for a given member of
  77  * enum signature_trust_level. For example, `TRUST_ULTIMATE` will
  78  * return "ultimate".
  79  */
  80 const char *gpg_trust_level_to_str(enum signature_trust_level level);
  81
  82 void set_signing_key(const char *);
  83 const char *get_signing_key(void);
  84
  85 /*
  86  * Returns a textual unique representation of the signing key in use
  87  * Either a GPG KeyID or a SSH Key Fingerprint
  88  */
  89 const char *get_signing_key_id(void);
  90 int check_signature(struct signature_check *sigc,
  91                     const char *signature, size_t slen);
  92 void print_signature_buffer(const struct signature_check *sigc,
  93                             unsigned flags);
  94
  95 #endif