gpg-interface: introduce new config to select per gpg format program
[git/git.git] / gpg-interface.c
CommitLineData
2f47eae2 1#include "cache.h"
b2141fc1 2#include "config.h"
2f47eae2
JH
3#include "run-command.h"
4#include "strbuf.h"
5#include "gpg-interface.h"
6#include "sigchain.h"
4322353b 7#include "tempfile.h"
2f47eae2
JH
8
9static char *configured_signing_key;
58af57e1
HS
10struct gpg_format {
11 const char *name;
12 const char *program;
13 const char **verify_args;
14 const char **sigs;
15};
16
17static const char *openpgp_verify_args[] = {
18 "--keyid-format=long",
19 NULL
20};
21static const char *openpgp_sigs[] = {
22 "-----BEGIN PGP SIGNATURE-----",
23 "-----BEGIN PGP MESSAGE-----",
24 NULL
25};
26
27static struct gpg_format gpg_format[] = {
28 { .name = "openpgp", .program = "gpg",
29 .verify_args = openpgp_verify_args,
30 .sigs = openpgp_sigs
31 },
32};
33
34static struct gpg_format *use_format = &gpg_format[0];
2f47eae2 35
58af57e1
HS
36static struct gpg_format *get_format_by_name(const char *str)
37{
38 int i;
39
40 for (i = 0; i < ARRAY_SIZE(gpg_format); i++)
41 if (!strcmp(gpg_format[i].name, str))
42 return gpg_format + i;
43 return NULL;
44}
45
46static struct gpg_format *get_format_by_sig(const char *sig)
47{
48 int i, j;
49
50 for (i = 0; i < ARRAY_SIZE(gpg_format); i++)
51 for (j = 0; gpg_format[i].sigs[j]; j++)
52 if (starts_with(sig, gpg_format[i].sigs[j]))
53 return gpg_format + i;
54 return NULL;
55}
d7c67668 56
01e57b5d
MG
57void signature_check_clear(struct signature_check *sigc)
58{
88ce3ef6
ÆAB
59 FREE_AND_NULL(sigc->payload);
60 FREE_AND_NULL(sigc->gpg_output);
61 FREE_AND_NULL(sigc->gpg_status);
62 FREE_AND_NULL(sigc->signer);
63 FREE_AND_NULL(sigc->key);
01e57b5d
MG
64}
65
a50e7ca3
JH
66static struct {
67 char result;
68 const char *check;
69} sigcheck_gpg_status[] = {
70 { 'G', "\n[GNUPG:] GOODSIG " },
71 { 'B', "\n[GNUPG:] BADSIG " },
72 { 'U', "\n[GNUPG:] TRUST_NEVER" },
73 { 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
661a1806
MG
74 { 'E', "\n[GNUPG:] ERRSIG "},
75 { 'X', "\n[GNUPG:] EXPSIG "},
76 { 'Y', "\n[GNUPG:] EXPKEYSIG "},
77 { 'R', "\n[GNUPG:] REVKEYSIG "},
a50e7ca3
JH
78};
79
fbd0f166 80static void parse_gpg_output(struct signature_check *sigc)
a50e7ca3
JH
81{
82 const char *buf = sigc->gpg_status;
83 int i;
84
85 /* Iterate over all search strings */
86 for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_status); i++) {
87 const char *found, *next;
88
89 if (!skip_prefix(buf, sigcheck_gpg_status[i].check + 1, &found)) {
90 found = strstr(buf, sigcheck_gpg_status[i].check);
91 if (!found)
92 continue;
93 found += strlen(sigcheck_gpg_status[i].check);
94 }
95 sigc->result = sigcheck_gpg_status[i].result;
96 /* The trust messages are not followed by key/signer information */
97 if (sigc->result != 'U') {
42149d7f
HS
98 next = strchrnul(found, ' ');
99 sigc->key = xmemdupz(found, next - found);
661a1806 100 /* The ERRSIG message is not followed by signer information */
42149d7f
HS
101 if (*next && sigc-> result != 'E') {
102 found = next + 1;
661a1806
MG
103 next = strchrnul(found, '\n');
104 sigc->signer = xmemdupz(found, next - found);
105 }
a50e7ca3
JH
106 }
107 }
108}
109
434060ec 110int check_signature(const char *payload, size_t plen, const char *signature,
a4cc18f2 111 size_t slen, struct signature_check *sigc)
112{
113 struct strbuf gpg_output = STRBUF_INIT;
114 struct strbuf gpg_status = STRBUF_INIT;
115 int status;
116
117 sigc->result = 'N';
118
119 status = verify_signed_buffer(payload, plen, signature, slen,
120 &gpg_output, &gpg_status);
121 if (status && !gpg_output.len)
122 goto out;
123 sigc->payload = xmemdupz(payload, plen);
124 sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
125 sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
126 parse_gpg_output(sigc);
127
128 out:
129 strbuf_release(&gpg_status);
130 strbuf_release(&gpg_output);
434060ec 131
132 return sigc->result != 'G' && sigc->result != 'U';
a4cc18f2 133}
134
ca194d50 135void print_signature_buffer(const struct signature_check *sigc, unsigned flags)
136{
aeff29dd 137 const char *output = flags & GPG_VERIFY_RAW ?
138 sigc->gpg_status : sigc->gpg_output;
139
ca194d50 140 if (flags & GPG_VERIFY_VERBOSE && sigc->payload)
141 fputs(sigc->payload, stdout);
142
aeff29dd 143 if (output)
144 fputs(output, stderr);
ca194d50 145}
146
e6fa6cde 147size_t parse_signature(const char *buf, size_t size)
d7c67668 148{
d7c67668 149 size_t len = 0;
8b44b2be
JK
150 size_t match = size;
151 while (len < size) {
152 const char *eol;
153
58af57e1 154 if (get_format_by_sig(buf + len))
8b44b2be
JK
155 match = len;
156
157 eol = memchr(buf + len, '\n', size - len);
d7c67668
JH
158 len += eol ? eol - (buf + len) + 1 : size - len;
159 }
8b44b2be 160 return match;
d7c67668
JH
161}
162
2f47eae2
JH
163void set_signing_key(const char *key)
164{
165 free(configured_signing_key);
166 configured_signing_key = xstrdup(key);
167}
168
169int git_gpg_config(const char *var, const char *value, void *cb)
170{
58af57e1
HS
171 struct gpg_format *fmt = NULL;
172 char *fmtname = NULL;
173
2f47eae2 174 if (!strcmp(var, "user.signingkey")) {
1b0eeec3
JK
175 if (!value)
176 return config_error_nonbool(var);
0c5e70f0 177 set_signing_key(value);
1b0eeec3 178 return 0;
0c5e70f0 179 }
1b0eeec3 180
57a8dd75
HS
181 if (!strcmp(var, "gpg.format")) {
182 if (!value)
183 return config_error_nonbool(var);
58af57e1
HS
184 fmt = get_format_by_name(value);
185 if (!fmt)
57a8dd75
HS
186 return error("unsupported value for %s: %s",
187 var, value);
58af57e1
HS
188 use_format = fmt;
189 return 0;
57a8dd75
HS
190 }
191
b02f51b1 192 if (!strcmp(var, "gpg.program") || !strcmp(var, "gpg.openpgp.program"))
58af57e1
HS
193 fmtname = "openpgp";
194
195 if (fmtname) {
196 fmt = get_format_by_name(fmtname);
197 return git_config_string(&fmt->program, var, value);
2f47eae2 198 }
1b0eeec3 199
2f47eae2
JH
200 return 0;
201}
202
203const char *get_signing_key(void)
204{
205 if (configured_signing_key)
206 return configured_signing_key;
f9bc573f 207 return git_committer_info(IDENT_STRICT|IDENT_NO_DATE);
2f47eae2
JH
208}
209
2f47eae2
JH
210int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key)
211{
d3180279 212 struct child_process gpg = CHILD_PROCESS_INIT;
0581b546 213 int ret;
2f47eae2 214 size_t i, j, bottom;
efee9553 215 struct strbuf gpg_status = STRBUF_INIT;
2f47eae2 216
aedb5dc3 217 argv_array_pushl(&gpg.args,
58af57e1 218 use_format->program,
efee9553 219 "--status-fd=2",
aedb5dc3
JK
220 "-bsau", signing_key,
221 NULL);
2f47eae2 222
0581b546 223 bottom = signature->len;
2f47eae2
JH
224
225 /*
226 * When the username signingkey is bad, program could be terminated
227 * because gpg exits without reading and then write gets SIGPIPE.
228 */
229 sigchain_push(SIGPIPE, SIG_IGN);
0581b546 230 ret = pipe_command(&gpg, buffer->buf, buffer->len,
efee9553 231 signature, 1024, &gpg_status, 0);
2f47eae2
JH
232 sigchain_pop(SIGPIPE);
233
efee9553
MG
234 ret |= !strstr(gpg_status.buf, "\n[GNUPG:] SIG_CREATED ");
235 strbuf_release(&gpg_status);
236 if (ret)
2f47eae2
JH
237 return error(_("gpg failed to sign the data"));
238
239 /* Strip CR from the line endings, in case we are on Windows. */
240 for (i = j = bottom; i < signature->len; i++)
241 if (signature->buf[i] != '\r') {
242 if (i != j)
243 signature->buf[j] = signature->buf[i];
244 j++;
245 }
246 strbuf_setlen(signature, j);
247
248 return 0;
249}
250
2f47eae2
JH
251int verify_signed_buffer(const char *payload, size_t payload_size,
252 const char *signature, size_t signature_size,
9cc4ac8f 253 struct strbuf *gpg_output, struct strbuf *gpg_status)
2f47eae2 254{
d3180279 255 struct child_process gpg = CHILD_PROCESS_INIT;
58af57e1 256 struct gpg_format *fmt;
076aa2cb
JK
257 struct tempfile *temp;
258 int ret;
b60b7566 259 struct strbuf buf = STRBUF_INIT;
2f47eae2 260
076aa2cb
JK
261 temp = mks_tempfile_t(".git_vtag_tmpXXXXXX");
262 if (!temp)
4322353b 263 return error_errno(_("could not create temporary file"));
076aa2cb
JK
264 if (write_in_full(temp->fd, signature, signature_size) < 0 ||
265 close_tempfile_gently(temp) < 0) {
4322353b 266 error_errno(_("failed writing detached signature to '%s'"),
076aa2cb 267 temp->filename.buf);
4322353b
JK
268 delete_tempfile(&temp);
269 return -1;
270 }
2f47eae2 271
58af57e1
HS
272 fmt = get_format_by_sig(signature);
273 if (!fmt)
274 BUG("bad signature '%s'", signature);
275
276 argv_array_push(&gpg.args, fmt->program);
277 argv_array_pushv(&gpg.args, fmt->verify_args);
aedb5dc3 278 argv_array_pushl(&gpg.args,
aedb5dc3 279 "--status-fd=1",
076aa2cb 280 "--verify", temp->filename.buf, "-",
aedb5dc3 281 NULL);
2f47eae2 282
c752fcc8
JK
283 if (!gpg_status)
284 gpg_status = &buf;
b60b7566 285
0d2b664e
JK
286 sigchain_push(SIGPIPE, SIG_IGN);
287 ret = pipe_command(&gpg, payload, payload_size,
288 gpg_status, 0, gpg_output, 0);
d281b45d 289 sigchain_pop(SIGPIPE);
2f47eae2 290
4322353b 291 delete_tempfile(&temp);
2f47eae2 292
c752fcc8 293 ret |= !strstr(gpg_status->buf, "\n[GNUPG:] GOODSIG ");
9cc4ac8f 294 strbuf_release(&buf); /* no matter it was used or not */
b60b7566 295
2f47eae2
JH
296 return ret;
297}