2 #include "run-command.h"
4 #include "gpg-interface.h"
8 static char *configured_signing_key
;
9 static const char *gpg_program
= "gpg";
11 #define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
12 #define PGP_MESSAGE "-----BEGIN PGP MESSAGE-----"
14 void signature_check_clear(struct signature_check
*sigc
)
16 FREE_AND_NULL(sigc
->payload
);
17 FREE_AND_NULL(sigc
->gpg_output
);
18 FREE_AND_NULL(sigc
->gpg_status
);
19 FREE_AND_NULL(sigc
->signer
);
20 FREE_AND_NULL(sigc
->key
);
26 } sigcheck_gpg_status
[] = {
27 { 'G', "\n[GNUPG:] GOODSIG " },
28 { 'B', "\n[GNUPG:] BADSIG " },
29 { 'U', "\n[GNUPG:] TRUST_NEVER" },
30 { 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
31 { 'E', "\n[GNUPG:] ERRSIG "},
32 { 'X', "\n[GNUPG:] EXPSIG "},
33 { 'Y', "\n[GNUPG:] EXPKEYSIG "},
34 { 'R', "\n[GNUPG:] REVKEYSIG "},
37 void parse_gpg_output(struct signature_check
*sigc
)
39 const char *buf
= sigc
->gpg_status
;
42 /* Iterate over all search strings */
43 for (i
= 0; i
< ARRAY_SIZE(sigcheck_gpg_status
); i
++) {
44 const char *found
, *next
;
46 if (!skip_prefix(buf
, sigcheck_gpg_status
[i
].check
+ 1, &found
)) {
47 found
= strstr(buf
, sigcheck_gpg_status
[i
].check
);
50 found
+= strlen(sigcheck_gpg_status
[i
].check
);
52 sigc
->result
= sigcheck_gpg_status
[i
].result
;
53 /* The trust messages are not followed by key/signer information */
54 if (sigc
->result
!= 'U') {
55 sigc
->key
= xmemdupz(found
, 16);
56 /* The ERRSIG message is not followed by signer information */
57 if (sigc
-> result
!= 'E') {
59 next
= strchrnul(found
, '\n');
60 sigc
->signer
= xmemdupz(found
, next
- found
);
66 int check_signature(const char *payload
, size_t plen
, const char *signature
,
67 size_t slen
, struct signature_check
*sigc
)
69 struct strbuf gpg_output
= STRBUF_INIT
;
70 struct strbuf gpg_status
= STRBUF_INIT
;
75 status
= verify_signed_buffer(payload
, plen
, signature
, slen
,
76 &gpg_output
, &gpg_status
);
77 if (status
&& !gpg_output
.len
)
79 sigc
->payload
= xmemdupz(payload
, plen
);
80 sigc
->gpg_output
= strbuf_detach(&gpg_output
, NULL
);
81 sigc
->gpg_status
= strbuf_detach(&gpg_status
, NULL
);
82 parse_gpg_output(sigc
);
85 strbuf_release(&gpg_status
);
86 strbuf_release(&gpg_output
);
88 return sigc
->result
!= 'G' && sigc
->result
!= 'U';
91 void print_signature_buffer(const struct signature_check
*sigc
, unsigned flags
)
93 const char *output
= flags
& GPG_VERIFY_RAW
?
94 sigc
->gpg_status
: sigc
->gpg_output
;
96 if (flags
& GPG_VERIFY_VERBOSE
&& sigc
->payload
)
97 fputs(sigc
->payload
, stdout
);
100 fputs(output
, stderr
);
104 * Look at GPG signed content (e.g. a signed tag object), whose
105 * payload is followed by a detached signature on it. Return the
106 * offset where the embedded detached signature begins, or the end of
107 * the data when there is no such signature.
109 size_t parse_signature(const char *buf
, unsigned long size
)
113 while (len
< size
&& !starts_with(buf
+ len
, PGP_SIGNATURE
) &&
114 !starts_with(buf
+ len
, PGP_MESSAGE
)) {
115 eol
= memchr(buf
+ len
, '\n', size
- len
);
116 len
+= eol
? eol
- (buf
+ len
) + 1 : size
- len
;
121 void set_signing_key(const char *key
)
123 free(configured_signing_key
);
124 configured_signing_key
= xstrdup(key
);
127 int git_gpg_config(const char *var
, const char *value
, void *cb
)
129 if (!strcmp(var
, "user.signingkey")) {
130 set_signing_key(value
);
132 if (!strcmp(var
, "gpg.program")) {
134 return config_error_nonbool(var
);
135 gpg_program
= xstrdup(value
);
140 const char *get_signing_key(void)
142 if (configured_signing_key
)
143 return configured_signing_key
;
144 return git_committer_info(IDENT_STRICT
|IDENT_NO_DATE
);
148 * Create a detached signature for the contents of "buffer" and append
149 * it after "signature"; "buffer" and "signature" can be the same
150 * strbuf instance, which would cause the detached signature appended
153 int sign_buffer(struct strbuf
*buffer
, struct strbuf
*signature
, const char *signing_key
)
155 struct child_process gpg
= CHILD_PROCESS_INIT
;
158 struct strbuf gpg_status
= STRBUF_INIT
;
160 argv_array_pushl(&gpg
.args
,
163 "-bsau", signing_key
,
166 bottom
= signature
->len
;
169 * When the username signingkey is bad, program could be terminated
170 * because gpg exits without reading and then write gets SIGPIPE.
172 sigchain_push(SIGPIPE
, SIG_IGN
);
173 ret
= pipe_command(&gpg
, buffer
->buf
, buffer
->len
,
174 signature
, 1024, &gpg_status
, 0);
175 sigchain_pop(SIGPIPE
);
177 ret
|= !strstr(gpg_status
.buf
, "\n[GNUPG:] SIG_CREATED ");
178 strbuf_release(&gpg_status
);
180 return error(_("gpg failed to sign the data"));
182 /* Strip CR from the line endings, in case we are on Windows. */
183 for (i
= j
= bottom
; i
< signature
->len
; i
++)
184 if (signature
->buf
[i
] != '\r') {
186 signature
->buf
[j
] = signature
->buf
[i
];
189 strbuf_setlen(signature
, j
);
195 * Run "gpg" to see if the payload matches the detached signature.
196 * gpg_output, when set, receives the diagnostic output from GPG.
197 * gpg_status, when set, receives the status output from GPG.
199 int verify_signed_buffer(const char *payload
, size_t payload_size
,
200 const char *signature
, size_t signature_size
,
201 struct strbuf
*gpg_output
, struct strbuf
*gpg_status
)
203 struct child_process gpg
= CHILD_PROCESS_INIT
;
204 static struct tempfile temp
;
206 struct strbuf buf
= STRBUF_INIT
;
208 fd
= mks_tempfile_t(&temp
, ".git_vtag_tmpXXXXXX");
210 return error_errno(_("could not create temporary file"));
211 if (write_in_full(fd
, signature
, signature_size
) < 0) {
212 error_errno(_("failed writing detached signature to '%s'"),
214 delete_tempfile(&temp
);
219 argv_array_pushl(&gpg
.args
,
222 "--keyid-format=long",
223 "--verify", temp
.filename
.buf
, "-",
229 sigchain_push(SIGPIPE
, SIG_IGN
);
230 ret
= pipe_command(&gpg
, payload
, payload_size
,
231 gpg_status
, 0, gpg_output
, 0);
232 sigchain_pop(SIGPIPE
);
234 delete_tempfile(&temp
);
236 ret
|= !strstr(gpg_status
->buf
, "\n[GNUPG:] GOODSIG ");
237 strbuf_release(&buf
); /* no matter it was used or not */