From: Fabian Stelzer <fs@gigacodes.de>
To: git@vger.kernel.org
Cc: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Junio C Hamano" <gitster@pobox.com>,
"SZEDER Gábor" <szeder.dev@gmail.com>,
"Fabian Stelzer" <fs@gigacodes.de>
Subject: [PATCH v6 3/9] ssh signing: use sigc struct to pass payload
Date: Thu, 9 Dec 2021 09:52:43 +0100 [thread overview]
Message-ID: <20211209085249.13587-4-fs@gigacodes.de> (raw)
In-Reply-To: <20211209085249.13587-1-fs@gigacodes.de>
To be able to extend the payload metadata with things like its creation
timestamp or the creators ident we remove the payload parameters to
check_signature() and use the already existing sigc->payload field
instead, only adding the length field to the struct. This also allows
us to get rid of the xmemdupz() calls in the verify functions. Since
sigc is now used to input data as well as output the result move it to
the front of the function list.
- Add payload_length to struct signature_check
- Populate sigc.payload/payload_len on all call sites
- Remove payload parameters to check_signature()
- Remove payload parameters to internal verify_* functions and use sigc
instead
- Remove xmemdupz() used for verbose output since payload is now already
populated.
Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
---
builtin/receive-pack.c | 6 ++++--
commit.c | 5 +++--
fmt-merge-msg.c | 4 ++--
gpg-interface.c | 37 +++++++++++++++++--------------------
gpg-interface.h | 6 +++---
log-tree.c | 8 ++++----
tag.c | 4 ++--
7 files changed, 35 insertions(+), 35 deletions(-)
diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c
index 49b846d960..61ab63c2ea 100644
--- a/builtin/receive-pack.c
+++ b/builtin/receive-pack.c
@@ -769,8 +769,10 @@ static void prepare_push_cert_sha1(struct child_process *proc)
memset(&sigcheck, '\0', sizeof(sigcheck));
bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
- check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
- push_cert.len - bogs, &sigcheck);
+ sigcheck.payload = xmemdupz(push_cert.buf, bogs);
+ sigcheck.payload_len = bogs;
+ check_signature(&sigcheck, push_cert.buf + bogs,
+ push_cert.len - bogs);
nonce_status = check_nonce(push_cert.buf, bogs);
}
diff --git a/commit.c b/commit.c
index 551de4903c..64e040a99b 100644
--- a/commit.c
+++ b/commit.c
@@ -1212,8 +1212,9 @@ int check_commit_signature(const struct commit *commit, struct signature_check *
if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0)
goto out;
- ret = check_signature(payload.buf, payload.len, signature.buf,
- signature.len, sigc);
+
+ sigc->payload = strbuf_detach(&payload, &sigc->payload_len);
+ ret = check_signature(sigc, signature.buf, signature.len);
out:
strbuf_release(&payload);
diff --git a/fmt-merge-msg.c b/fmt-merge-msg.c
index 5216191488..deca1ea3a3 100644
--- a/fmt-merge-msg.c
+++ b/fmt-merge-msg.c
@@ -533,8 +533,8 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
else {
buf = payload.buf;
len = payload.len;
- if (check_signature(payload.buf, payload.len, sig.buf,
- sig.len, &sigc) &&
+ sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
+ if (check_signature(&sigc, sig.buf, sig.len) &&
!sigc.output)
strbuf_addstr(&sig, "gpg verification failed.\n");
else
diff --git a/gpg-interface.c b/gpg-interface.c
index 3e7255a2a9..75ab6faacb 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -19,8 +19,8 @@ struct gpg_format {
const char **verify_args;
const char **sigs;
int (*verify_signed_buffer)(struct signature_check *sigc,
- struct gpg_format *fmt, const char *payload,
- size_t payload_size, const char *signature,
+ struct gpg_format *fmt,
+ const char *signature,
size_t signature_size);
int (*sign_buffer)(struct strbuf *buffer, struct strbuf *signature,
const char *signing_key);
@@ -53,12 +53,12 @@ static const char *ssh_sigs[] = {
};
static int verify_gpg_signed_buffer(struct signature_check *sigc,
- struct gpg_format *fmt, const char *payload,
- size_t payload_size, const char *signature,
+ struct gpg_format *fmt,
+ const char *signature,
size_t signature_size);
static int verify_ssh_signed_buffer(struct signature_check *sigc,
- struct gpg_format *fmt, const char *payload,
- size_t payload_size, const char *signature,
+ struct gpg_format *fmt,
+ const char *signature,
size_t signature_size);
static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature,
const char *signing_key);
@@ -314,8 +314,8 @@ static void parse_gpg_output(struct signature_check *sigc)
}
static int verify_gpg_signed_buffer(struct signature_check *sigc,
- struct gpg_format *fmt, const char *payload,
- size_t payload_size, const char *signature,
+ struct gpg_format *fmt,
+ const char *signature,
size_t signature_size)
{
struct child_process gpg = CHILD_PROCESS_INIT;
@@ -343,14 +343,13 @@ static int verify_gpg_signed_buffer(struct signature_check *sigc,
NULL);
sigchain_push(SIGPIPE, SIG_IGN);
- ret = pipe_command(&gpg, payload, payload_size, &gpg_stdout, 0,
+ ret = pipe_command(&gpg, sigc->payload, sigc->payload_len, &gpg_stdout, 0,
&gpg_stderr, 0);
sigchain_pop(SIGPIPE);
delete_tempfile(&temp);
ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG ");
- sigc->payload = xmemdupz(payload, payload_size);
sigc->output = strbuf_detach(&gpg_stderr, NULL);
sigc->gpg_status = strbuf_detach(&gpg_stdout, NULL);
@@ -426,8 +425,8 @@ static void parse_ssh_output(struct signature_check *sigc)
}
static int verify_ssh_signed_buffer(struct signature_check *sigc,
- struct gpg_format *fmt, const char *payload,
- size_t payload_size, const char *signature,
+ struct gpg_format *fmt,
+ const char *signature,
size_t signature_size)
{
struct child_process ssh_keygen = CHILD_PROCESS_INIT;
@@ -480,7 +479,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
"-n", "git",
"-s", buffer_file->filename.buf,
NULL);
- pipe_command(&ssh_keygen, payload, payload_size,
+ pipe_command(&ssh_keygen, sigc->payload, sigc->payload_len,
&ssh_keygen_out, 0, &ssh_keygen_err, 0);
/*
@@ -526,7 +525,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
}
sigchain_push(SIGPIPE, SIG_IGN);
- ret = pipe_command(&ssh_keygen, payload, payload_size,
+ ret = pipe_command(&ssh_keygen, sigc->payload, sigc->payload_len,
&ssh_keygen_out, 0, &ssh_keygen_err, 0);
sigchain_pop(SIGPIPE);
@@ -540,7 +539,6 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
}
}
- sigc->payload = xmemdupz(payload, payload_size);
strbuf_stripspace(&ssh_keygen_out, 0);
strbuf_stripspace(&ssh_keygen_err, 0);
/* Add stderr outputs to show the user actual ssh-keygen errors */
@@ -562,8 +560,8 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
return ret;
}
-int check_signature(const char *payload, size_t plen, const char *signature,
- size_t slen, struct signature_check *sigc)
+int check_signature(struct signature_check *sigc,
+ const char *signature, size_t slen)
{
struct gpg_format *fmt;
int status;
@@ -575,8 +573,7 @@ int check_signature(const char *payload, size_t plen, const char *signature,
if (!fmt)
die(_("bad/incompatible signature '%s'"), signature);
- status = fmt->verify_signed_buffer(sigc, fmt, payload, plen, signature,
- slen);
+ status = fmt->verify_signed_buffer(sigc, fmt, signature, slen);
if (status && !sigc->output)
return !!status;
@@ -593,7 +590,7 @@ void print_signature_buffer(const struct signature_check *sigc, unsigned flags)
sigc->output;
if (flags & GPG_VERIFY_VERBOSE && sigc->payload)
- fputs(sigc->payload, stdout);
+ fwrite(sigc->payload, 1, sigc->payload_len, stdout);
if (output)
fputs(output, stderr);
diff --git a/gpg-interface.h b/gpg-interface.h
index beefacbb1e..5ee7d8b6b9 100644
--- a/gpg-interface.h
+++ b/gpg-interface.h
@@ -17,6 +17,7 @@ enum signature_trust_level {
struct signature_check {
char *payload;
+ size_t payload_len;
char *output;
char *gpg_status;
@@ -70,9 +71,8 @@ const char *get_signing_key(void);
* Either a GPG KeyID or a SSH Key Fingerprint
*/
const char *get_signing_key_id(void);
-int check_signature(const char *payload, size_t plen,
- const char *signature, size_t slen,
- struct signature_check *sigc);
+int check_signature(struct signature_check *sigc,
+ const char *signature, size_t slen);
void print_signature_buffer(const struct signature_check *sigc,
unsigned flags);
diff --git a/log-tree.c b/log-tree.c
index 644893fd8c..a46cf60e1e 100644
--- a/log-tree.c
+++ b/log-tree.c
@@ -513,8 +513,8 @@ static void show_signature(struct rev_info *opt, struct commit *commit)
if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0)
goto out;
- status = check_signature(payload.buf, payload.len, signature.buf,
- signature.len, &sigc);
+ sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
+ status = check_signature(&sigc, signature.buf, signature.len);
if (status && !sigc.output)
show_sig_lines(opt, status, "No signature\n");
else
@@ -583,8 +583,8 @@ static int show_one_mergetag(struct commit *commit,
status = -1;
if (parse_signature(extra->value, extra->len, &payload, &signature)) {
/* could have a good signature */
- status = check_signature(payload.buf, payload.len,
- signature.buf, signature.len, &sigc);
+ sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
+ status = check_signature(&sigc, signature.buf, signature.len);
if (sigc.output)
strbuf_addstr(&verify_message, sigc.output);
else
diff --git a/tag.c b/tag.c
index 3e18a41841..62fb09f5a5 100644
--- a/tag.c
+++ b/tag.c
@@ -25,8 +25,8 @@ static int run_gpg_verify(const char *buf, unsigned long size, unsigned flags)
return error("no signature found");
}
- ret = check_signature(payload.buf, payload.len, signature.buf,
- signature.len, &sigc);
+ sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
+ ret = check_signature(&sigc, signature.buf, signature.len);
if (!(flags & GPG_VERIFY_OMIT_STATUS))
print_signature_buffer(&sigc, flags);
--
2.31.1
next prev parent reply other threads:[~2021-12-09 8:53 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-27 8:06 [PATCH v2 0/6] ssh signing: verify key lifetime Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 1/6] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 2/6] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 3/6] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-10-27 20:30 ` Junio C Hamano
2021-10-28 8:01 ` Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 0/7] ssh signing: verify " Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 1/7] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 2/7] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 3/7] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 4/7] ssh signing: make git log verify " Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 5/7] ssh signing: make verify-tag consider " Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 6/7] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 7/7] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-11-19 6:15 ` Junio C Hamano
2021-11-30 14:11 ` [PATCH v4 0/7] ssh signing: verify key lifetime Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 1/7] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 2/7] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 3/7] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 4/7] ssh signing: make git log verify " Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 5/7] ssh signing: make verify-tag consider " Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 6/7] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-12-05 19:23 ` SZEDER Gábor
2021-12-08 15:59 ` Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 7/7] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-12-02 0:18 ` Junio C Hamano
2021-12-02 9:31 ` Fabian Stelzer
2021-12-02 17:10 ` Junio C Hamano
2021-12-03 11:07 ` Ævar Arnfjörð Bjarmason
2021-12-03 12:20 ` Fabian Stelzer
2021-12-03 18:46 ` Junio C Hamano
2021-12-08 16:33 ` [PATCH v5 0/8] ssh signing: verify key lifetime Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 1/8] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 2/8] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 3/8] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 4/8] ssh signing: make git log verify " Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 5/8] ssh signing: make verify-tag consider " Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 6/8] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 7/8] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 8/8] t/fmt-merge-msg: make gpg/ssh tests more specific Fabian Stelzer
2021-12-08 23:20 ` Junio C Hamano
2021-12-09 8:36 ` Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 0/9] ssh signing: verify key lifetime Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 1/9] t/fmt-merge-msg: do not redirect stderr Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 2/9] t/fmt-merge-msg: make gpgssh tests more specific Fabian Stelzer
2021-12-09 8:52 ` Fabian Stelzer [this message]
2021-12-09 8:52 ` [PATCH v6 4/9] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 5/9] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 6/9] ssh signing: make git log verify " Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 7/9] ssh signing: make verify-tag consider " Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 8/9] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 9/9] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 4/6] ssh signing: make git log verify key lifetime Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 5/6] ssh signing: make verify-tag consider " Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 6/6] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-11-03 19:27 ` [PATCH v2 0/6] ssh signing: verify " Adam Dinwoodie
2021-11-03 19:45 ` Fabian Stelzer
2021-11-04 16:31 ` Adam Dinwoodie
2021-11-04 16:54 ` Fabian Stelzer
2021-11-04 17:22 ` Adam Dinwoodie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211209085249.13587-4-fs@gigacodes.de \
--to=fs@gigacodes.de \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=szeder.dev@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.