search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
sync distfile list
[got-portable.git] / lib / sigs.c
blob0be7b40c436b25c52c79c9243bc2f90dc70d9d21
1 /*
2 * Copyright (c) 2022 Josh Rickmar <jrick@zettaport.com>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17 #include <sys/time.h>
18 #include <sys/types.h>
19 #include <sys/stat.h>
20 #include <sys/socket.h>
21 #include <sys/wait.h>
22
23 #include <stdlib.h>
24 #include <stdio.h>
25 #include <fcntl.h>
26 #include <unistd.h>
27 #include <string.h>
28 #include <err.h>
29 #include <assert.h>
30
31 #include "got_error.h"
32 #include "got_date.h"
33 #include "got_object.h"
34 #include "got_opentemp.h"
35
36 #include "got_sigs.h"
37 #include "got_compat.h"
38 #include "buf.h"
39
40 #ifndef MIN
41 #define MIN(_a,_b) ((_a) < (_b) ? (_a) : (_b))
42 #endif
43
44 #ifndef nitems
45 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
46 #endif
47
48 #ifndef GOT_TAG_PATH_SSH_KEYGEN
49 #define GOT_TAG_PATH_SSH_KEYGEN "/usr/bin/ssh-keygen"
50 #endif
51
52 #ifndef GOT_TAG_PATH_SIGNIFY
53 #define GOT_TAG_PATH_SIGNIFY "/usr/bin/signify"
54 #endif
55
56 const struct got_error *
57 got_sigs_apply_unveil()
58 {
59 if (unveil(GOT_TAG_PATH_SSH_KEYGEN, "x") != 0) {
60 return got_error_from_errno2("unveil",
61 GOT_TAG_PATH_SSH_KEYGEN);
62 }
63 if (unveil(GOT_TAG_PATH_SIGNIFY, "x") != 0) {
64 return got_error_from_errno2("unveil",
65 GOT_TAG_PATH_SIGNIFY);
66 }
67
68 return NULL;
69 }
70
71 const struct got_error *
72 got_sigs_sign_tag_ssh(pid_t *newpid, int *in_fd, int *out_fd,
73 const char* key_file, int verbosity)
74 {
75 const struct got_error *error = NULL;
76 int pid, in_pfd[2], out_pfd[2];
77 const char* argv[11];
78 int i = 0, j;
79
80 *newpid = -1;
81 *in_fd = -1;
82 *out_fd = -1;
83
84 argv[i++] = GOT_TAG_PATH_SSH_KEYGEN;
85 argv[i++] = "-Y";
86 argv[i++] = "sign";
87 argv[i++] = "-f";
88 argv[i++] = key_file;
89 argv[i++] = "-n";
90 argv[i++] = "git";
91 if (verbosity <= 0) {
92 argv[i++] = "-q";
93 } else {
94 /* ssh(1) allows up to 3 "-v" options. */
95 for (j = 0; j < MIN(3, verbosity); j++)
96 argv[i++] = "-v";
97 }
98 argv[i++] = NULL;
99 assert(i <= nitems(argv));
100
101 if (pipe(in_pfd) == -1)
102 return got_error_from_errno("pipe");
103 if (pipe(out_pfd) == -1)
104 return got_error_from_errno("pipe");
105
106 pid = fork();
107 if (pid == -1) {
108 error = got_error_from_errno("fork");
109 close(in_pfd[0]);
110 close(in_pfd[1]);
111 close(out_pfd[0]);
112 close(out_pfd[1]);
113 return error;
114 } else if (pid == 0) {
115 if (close(in_pfd[1]) == -1)
116 err(1, "close");
117 if (close(out_pfd[1]) == -1)
118 err(1, "close");
119 if (dup2(in_pfd[0], 0) == -1)
120 err(1, "dup2");
121 if (dup2(out_pfd[0], 1) == -1)
122 err(1, "dup2");
123 if (execv(GOT_TAG_PATH_SSH_KEYGEN, (char **const)argv) == -1)
124 err(1, "execv");
125 abort(); /* not reached */
126 }
127 if (close(in_pfd[0]) == -1)
128 return got_error_from_errno("close");
129 if (close(out_pfd[0]) == -1)
130 return got_error_from_errno("close");
131 *newpid = pid;
132 *in_fd = in_pfd[1];
133 *out_fd = out_pfd[1];
134 return NULL;
135 }
136
137 static char *
138 signer_identity(const char *tagger)
139 {
140 char *lt, *gt;
141
142 lt = strstr(tagger, " <");
143 gt = strrchr(tagger, '>');
144 if (lt && gt && lt+1 < gt)
145 return strndup(lt+2, gt-lt-2);
146 return NULL;
147 }
148
149 static const char* BEGIN_SSH_SIG = "-----BEGIN SSH SIGNATURE-----\n";
150 static const char* END_SSH_SIG = "-----END SSH SIGNATURE-----\n";
151
152 const char *
153 got_sigs_get_tagmsg_ssh_signature(const char *tagmsg)
154 {
155 const char *s = tagmsg, *begin = NULL, *end = NULL;
156
157 while ((s = strstr(s, BEGIN_SSH_SIG)) != NULL) {
158 begin = s;
159 s += strlen(BEGIN_SSH_SIG);
160 }
161 if (begin)
162 end = strstr(begin+strlen(BEGIN_SSH_SIG), END_SSH_SIG);
163 if (end == NULL)
164 return NULL;
165 return (end[strlen(END_SSH_SIG)] == '\0') ? begin : NULL;
166 }
167
168 static const struct got_error *
169 got_tag_write_signed_data(BUF *buf, struct got_tag_object *tag,
170 const char *start_sig)
171 {
172 const struct got_error *err = NULL;
173 struct got_object_id *id;
174 char *id_str = NULL;
175 char *tagger = NULL;
176 const char *tagmsg;
177 char gmtoff[6];
178 size_t len;
179
180 id = got_object_tag_get_object_id(tag);
181 err = got_object_id_str(&id_str, id);
182 if (err)
183 goto done;
184
185 const char *type_label = NULL;
186 switch (got_object_tag_get_object_type(tag)) {
187 case GOT_OBJ_TYPE_BLOB:
188 type_label = GOT_OBJ_LABEL_BLOB;
189 break;
190 case GOT_OBJ_TYPE_TREE:
191 type_label = GOT_OBJ_LABEL_TREE;
192 break;
193 case GOT_OBJ_TYPE_COMMIT:
194 type_label = GOT_OBJ_LABEL_COMMIT;
195 break;
196 case GOT_OBJ_TYPE_TAG:
197 type_label = GOT_OBJ_LABEL_TAG;
198 break;
199 default:
200 break;
201 }
202 got_date_format_gmtoff(gmtoff, sizeof(gmtoff),
203 got_object_tag_get_tagger_gmtoff(tag));
204 if (asprintf(&tagger, "%s %lld %s", got_object_tag_get_tagger(tag),
205 got_object_tag_get_tagger_time(tag), gmtoff) == -1) {
206 err = got_error_from_errno("asprintf");
207 goto done;
208 }
209
210 err = buf_puts(&len, buf, GOT_TAG_LABEL_OBJECT);
211 if (err)
212 goto done;
213 err = buf_puts(&len, buf, id_str);
214 if (err)
215 goto done;
216 err = buf_putc(buf, '\n');
217 if (err)
218 goto done;
219 err = buf_puts(&len, buf, GOT_TAG_LABEL_TYPE);
220 if (err)
221 goto done;
222 err = buf_puts(&len, buf, type_label);
223 if (err)
224 goto done;
225 err = buf_putc(buf, '\n');
226 if (err)
227 goto done;
228 err = buf_puts(&len, buf, GOT_TAG_LABEL_TAG);
229 if (err)
230 goto done;
231 err = buf_puts(&len, buf, got_object_tag_get_name(tag));
232 if (err)
233 goto done;
234 err = buf_putc(buf, '\n');
235 if (err)
236 goto done;
237 err = buf_puts(&len, buf, GOT_TAG_LABEL_TAGGER);
238 if (err)
239 goto done;
240 err = buf_puts(&len, buf, tagger);
241 if (err)
242 goto done;
243 err = buf_puts(&len, buf, "\n");
244 if (err)
245 goto done;
246 tagmsg = got_object_tag_get_message(tag);
247 err = buf_append(&len, buf, tagmsg, start_sig-tagmsg);
248 if (err)
249 goto done;
250
251 done:
252 free(id_str);
253 free(tagger);
254 return err;
255 }
256
257 const struct got_error *
258 got_sigs_verify_tag_ssh(char **msg, struct got_tag_object *tag,
259 const char *start_sig, const char* allowed_signers, const char* revoked,
260 int verbosity)
261 {
262 const struct got_error *error = NULL;
263 const char* argv[17];
264 int pid, status, in_pfd[2], out_pfd[2];
265 char* parsed_identity = NULL;
266 const char *identity;
267 char* tmppath = NULL;
268 FILE *tmpsig, *out = NULL;
269 BUF *buf;
270 int i = 0, j;
271
272 *msg = NULL;
273
274 error = got_opentemp_named(&tmppath, &tmpsig,
275 GOT_TMPDIR_STR "/got-tagsig");
276 if (error)
277 goto done;
278
279 identity = got_object_tag_get_tagger(tag);
280 parsed_identity = signer_identity(identity);
281 if (parsed_identity != NULL)
282 identity = parsed_identity;
283
284 if (fputs(start_sig, tmpsig) == EOF) {
285 error = got_error_from_errno("fputs");
286 goto done;
287 }
288 if (fflush(tmpsig) == EOF) {
289 error = got_error_from_errno("fflush");
290 goto done;
291 }
292
293 error = buf_alloc(&buf, 0);
294 if (error)
295 goto done;
296 error = got_tag_write_signed_data(buf, tag, start_sig);
297 if (error)
298 goto done;
299
300 argv[i++] = GOT_TAG_PATH_SSH_KEYGEN;
301 argv[i++] = "-Y";
302 argv[i++] = "verify";
303 argv[i++] = "-f";
304 argv[i++] = allowed_signers;
305 argv[i++] = "-I";
306 argv[i++] = identity;
307 argv[i++] = "-n";
308 argv[i++] = "git";
309 argv[i++] = "-s";
310 argv[i++] = tmppath;
311 if (revoked) {
312 argv[i++] = "-r";
313 argv[i++] = revoked;
314 }
315 if (verbosity > 0) {
316 /* ssh(1) allows up to 3 "-v" options. */
317 for (j = 0; j < MIN(3, verbosity); j++)
318 argv[i++] = "-v";
319 }
320 argv[i++] = NULL;
321 assert(i <= nitems(argv));
322
323 if (pipe(in_pfd) == -1) {
324 error = got_error_from_errno("pipe");
325 goto done;
326 }
327 if (pipe(out_pfd) == -1) {
328 error = got_error_from_errno("pipe");
329 goto done;
330 }
331
332 pid = fork();
333 if (pid == -1) {
334 error = got_error_from_errno("fork");
335 close(in_pfd[0]);
336 close(in_pfd[1]);
337 close(out_pfd[0]);
338 close(out_pfd[1]);
339 return error;
340 } else if (pid == 0) {
341 if (close(in_pfd[1]) == -1)
342 err(1, "close");
343 if (close(out_pfd[1]) == -1)
344 err(1, "close");
345 if (dup2(in_pfd[0], 0) == -1)
346 err(1, "dup2");
347 if (dup2(out_pfd[0], 1) == -1)
348 err(1, "dup2");
349 if (execv(GOT_TAG_PATH_SSH_KEYGEN, (char **const)argv) == -1)
350 err(1, "execv");
351 abort(); /* not reached */
352 }
353 if (close(in_pfd[0]) == -1) {
354 error = got_error_from_errno("close");
355 goto done;
356 }
357 if (close(out_pfd[0]) == -1) {
358 error = got_error_from_errno("close");
359 goto done;
360 }
361 if (buf_write_fd(buf, in_pfd[1]) == -1) {
362 error = got_error_from_errno("write");
363 goto done;
364 }
365 if (close(in_pfd[1]) == -1) {
366 error = got_error_from_errno("close");
367 goto done;
368 }
369 if (waitpid(pid, &status, 0) == -1) {
370 error = got_error_from_errno("waitpid");
371 goto done;
372 }
373 if (!WIFEXITED(status)) {
374 error = got_error(GOT_ERR_BAD_TAG_SIGNATURE);
375 goto done;
376 }
377
378 out = fdopen(out_pfd[1], "r");
379 if (out == NULL) {
380 error = got_error_from_errno("fdopen");
381 goto done;
382 }
383 error = buf_load(&buf, out);
384 if (error)
385 goto done;
386 error = buf_putc(buf, '\0');
387 if (error)
388 goto done;
389 if (close(out_pfd[1]) == -1) {
390 error = got_error_from_errno("close");
391 goto done;
392 }
393 out = NULL;
394 *msg = buf_get(buf);
395 if (WEXITSTATUS(status) != 0)
396 error = got_error(GOT_ERR_BAD_TAG_SIGNATURE);
397
398 done:
399 free(parsed_identity);
400 free(tmppath);
401 if (tmpsig && fclose(tmpsig) == EOF && error == NULL)
402 error = got_error_from_errno("fclose");
403 if (out && fclose(out) == EOF && error == NULL)
404 error = got_error_from_errno("fclose");
405 return error;
406 }
portable version of Game of Trees