[v6,0/9] ssh signing: verify key lifetime

Message ID	20211209085249.13587-1-fs@gigacodes.de (mailing list archive)
Headers	show Return-Path: <git-owner@kernel.org> From: Fabian Stelzer <fs@gigacodes.de> To: git@vger.kernel.org Cc: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= <avarab@gmail.com>, Junio C Hamano <gitster@pobox.com>, =?utf-8?q?SZEDER_G=C3=A1bor?= <szeder.dev@gmail.com>, Fabian Stelzer <fs@gigacodes.de> Subject: [PATCH v6 0/9] ssh signing: verify key lifetime Date: Thu, 9 Dec 2021 09:52:40 +0100 Message-Id: <20211209085249.13587-1-fs@gigacodes.de> In-Reply-To: <20211208163335.1231795-1-fs@gigacodes.de> References: <20211208163335.1231795-1-fs@gigacodes.de> Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 Precedence: bulk
Series	ssh signing: verify key lifetime \| expand [v6,0/9] ssh signing: verify key lifetime [v6,1/9] t/fmt-merge-msg: do not redirect stderr [v6,2/9] t/fmt-merge-msg: make gpgssh tests more specific [v6,3/9] ssh signing: use sigc struct to pass payload [v6,4/9] ssh signing: add key lifetime test prereqs [v6,5/9] ssh signing: make verify-commit consider key lifetime [v6,6/9] ssh signing: make git log verify key lifetime [v6,7/9] ssh signing: make verify-tag consider key lifetime [v6,8/9] ssh signing: make fmt-merge-msg consider key lifetime [v6,9/9] ssh signing: verify ssh-keygen in test prereq

Message ID

20211209085249.13587-1-fs@gigacodes.de (mailing list archive)

Headers

From: Fabian Stelzer <fs@gigacodes.de>
To: git@vger.kernel.org
Cc: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?=  <avarab@gmail.com>,
 Junio C Hamano <gitster@pobox.com>,
 =?utf-8?q?SZEDER_G=C3=A1bor?= <szeder.dev@gmail.com>,
 Fabian Stelzer <fs@gigacodes.de>
Subject: [PATCH v6 0/9] ssh signing: verify key lifetime
Date: Thu,  9 Dec 2021 09:52:40 +0100
Message-Id: <20211209085249.13587-1-fs@gigacodes.de>
In-Reply-To: <20211208163335.1231795-1-fs@gigacodes.de>
References: <20211208163335.1231795-1-fs@gigacodes.de>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 G4lCpX6gGbZsL0HhUI3BTEuNDyzSHDwwL+wJyJVNfyUTLK1YLU5kBaUfefLD/5abM3mhWQFpYgoNyQL6ekwjlDk2kDr/oF9io6Ks8ZeP5X63QESL++rtuAHJS+1tM4wvcstLxe0/i+ysgHRf9bnZgMaJ9PQ0o+Z/u/xGd/EkMlvgmpWtKn2pN18qzT1C6LMj5q59w7j/DRiFMwk9FyxtqpAjXwBKbCVMF2vcKToohgTkWTQn9GojztVuuei321KNxXZ2VfHaJcUkLYG5pbmYmU2iRunJFs/B50thT09QPrOwidzm54yOCxzHaTYuY/J8L3K+owtyX3xBHWpam72fDYGpyBtkf+x8u4J1PDVObtb61Ej9iWJ0WPouZmFxiwnAeU4vg8b/rXNHO6W7qR/c/SqUOhlG4s11WUNvuAks3zdGjdMAjskCkCvZnIBz9ngnF7rlZVpuL4x5bLn2b2Iuy8TyRJhAvfbPlsfD2SDfM2ReE3YqVd1M4gNgcTwApIKvkOSz/kVqQaB2CaV3KK43slIlb6AF9BPviQ2ZFikh6uxZBkl6vN82w1Ly8Hxf5JXsyIsq/O3lomOZfrXjFjf2NRf11RTq1Eor/zYvZCEE9WB/wq22H7g45DjWHqhuhfE7IgQjc1atYDM8lWvhfhU8NMDSAOz6fUKjxAKXIiZJU1SY7XAKpmDitaigp1Yn60o4D9gMtw6T109icRAv0OQs4hXWfNYmYl3aappI6SjLSKdVhxM3SPGfGYJKARtjYOuWsjdSvaTbEx0J3mLmyHEhTbCFfidWQgMcKsddgUzkzDtcw69DGTrp+EwPqHV378cVEeNsBEsym1L6vFg4UyZmx/SO78MjaEsvW7d2laPCguY++xTNKlaVMJ9rMJ4Pxiocg+sCsZ1yH0qhxeDpq4Z3MhxrIs3spt8YwatfJypMHqLQZp639kqMKdfNYYhNFRquJDAF2EbsT1GbIKTq0NW60VLK3T927vDFLLBW6vaF/nXPMReE3Pfhj6EjyV1P8v0ttKee/+ACYDO7ZgeiQSBbrjaCadn1o4goKTEmtqUhGcC24Dnefi7zJEMO0HV5jaVGvMolucL6DqHLa6KgO8t36EcJqIgMpWbjrj0D6tqgj56m/ZE5ROhEbEJwNACMNqx06yiqIfVASmRkjdUmPxa3VXptD99sstyw8aO8mJmdhh1Z8JQwLOEk2jQyOgRYz5WEiXk1fBEhkNFr0oHNVF2Qj+FyH9UXJtW6kxeYShYQ3+jdOiagwDN2z9tsVujxq8B1MUHOyw/XXV/abHj+P9AnDUXHtBmLvSb9CUKUM009tNq1dheh0J5pdFakZm9CzEjuQQUo3IQiXQLENAKh1nMJrHZhV7fKREjwx62HRqccfGnou0iPvnrud83wyTRpRItihRX/g6YI6QTp2XtmawsFwzVz2MVEDa1ceHrXWt22PmVh98T25rZtuIeslALeNKuyEDYP7MXpKZvz2E42gGBRedh343e5NZ7uKzjyXnuW/rO8COIJIMkKwASz20+ECjLRwjycJbZvTS/vf66mpjbqSbQ6YjrGK59GLQg89Aa3u1oMdmEk/e4GV1G9ivB7urfQdW6alt07uVPXXcDeJ4kQWQIPloPNgCBFR25DkwVYvwqd+BR5x4GoOJWcus9kviQ8djj1+k5qK62JvI8JWryhpUT/a+C8SS3spqMlwyFmBeS6uI6bLR/e++yw/wPZS2TW5sR0offDgUpFSL1njQqLmV1BKe2Fvu6lPbf3EZYYMJU=
X-OriginatorOrg: gigacodes.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 8f2881d0-6c70-4065-9969-08d9baf14878
X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Dec 2021 08:52:51.6956
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 80e41b3b-ea1f-4dbc-91eb-225a572951fb
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 s9mZqhT9SQstCzsGe2JQE/mXqSel7cJZ++8SMWNTVPJ5ijeY1qk1/mVGmHZc0xmcmeF1VIG66Ick01IQPZhRwo3G08wl/uXTxGc8u6du4VU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR10MB4110
Precedence: bulk
List-ID: <git.vger.kernel.org>
X-Mailing-List: git@vger.kernel.org

Series

ssh signing: verify key lifetime | expand

Message

Fabian Stelzer Dec. 9, 2021, 8:52 a.m. UTC

changes since v5:
 - moved the fixes to existing test to the first two commits and merged
   those fixing new tests into the corresponding commit

changes since v4:
 - removed unneccessary io redir in merge-msg tests
 - added grep for merged tag to gpgssh merge-msg tests

changes since v3:
 - improve readability of prereq setup code by using heredoc and some
   variables

changes since v2:
 - fix swich/case indentation
 - BUG() on unknown payload types
 - improve test prereq by actually validating ssh-keygen functionality

changes since v1:
 - struct signature_check is now used to input payload data into
   check_function
 - payload metadata parsing is completely internal to check_signature.
   the caller only need to set the payload type in the sigc struct
 - small nits and readability fixes
 - removed payload_signer parameter. since we now use the struct we can
   extend
   this later.

Fabian Stelzer (9):
  t/fmt-merge-msg: do not redirect stderr
  t/fmt-merge-msg: make gpgssh tests more specific
  ssh signing: use sigc struct to pass payload
  ssh signing: add key lifetime test prereqs
  ssh signing: make verify-commit consider key lifetime
  ssh signing: make git log verify key lifetime
  ssh signing: make verify-tag consider key lifetime
  ssh signing: make fmt-merge-msg consider key lifetime
  ssh signing: verify ssh-keygen in test prereq

 Documentation/config/gpg.txt     |  5 ++
 builtin/receive-pack.c           |  6 ++-
 commit.c                         |  6 ++-
 fmt-merge-msg.c                  |  5 +-
 gpg-interface.c                  | 90 +++++++++++++++++++++++++-------
 gpg-interface.h                  | 15 ++++--
 log-tree.c                       | 10 ++--
 t/lib-gpg.sh                     | 62 ++++++++++++++++++----
 t/t4202-log.sh                   | 43 +++++++++++++++
 t/t6200-fmt-merge-msg.sh         | 68 ++++++++++++++++++++++--
 t/t7031-verify-tag-signed-ssh.sh | 42 +++++++++++++++
 t/t7528-signed-commit-ssh.sh     | 42 +++++++++++++++
 tag.c                            |  5 +-
 13 files changed, 351 insertions(+), 48 deletions(-)

Range-diff against v5:
 -:  ---------- >  1:  0b3848d23b t/fmt-merge-msg: do not redirect stderr
 -:  ---------- >  2:  f29d838574 t/fmt-merge-msg: make gpgssh tests more specific
 1:  c4447d30f2 =  3:  b065dcb7fb ssh signing: use sigc struct to pass payload
 2:  0bb1617529 =  4:  c37d33db31 ssh signing: add key lifetime test prereqs
 3:  f60bd1efd0 =  5:  640e9a4a99 ssh signing: make verify-commit consider key lifetime
 4:  5fc0ad5c37 =  6:  2e98307c18 ssh signing: make git log verify key lifetime
 5:  f1c225871f =  7:  75d213ab15 ssh signing: make verify-tag consider key lifetime
 6:  1cbd4dbb6b !  8:  498821af14 ssh signing: make fmt-merge-msg consider key lifetime
    @@ t/t6200-fmt-merge-msg.sh: test_expect_success GPGSSH 'message for merging local
     +	test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
     +	git checkout main &&
     +	git fetch . expired-signed &&
    -+	git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
    ++	git fmt-merge-msg <.git/FETCH_HEAD >actual &&
    ++	grep "^Merge tag ${apos}expired-signed${apos}" actual &&
     +	! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
     +'
     +
    @@ t/t6200-fmt-merge-msg.sh: test_expect_success GPGSSH 'message for merging local
     +	test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
     +	git checkout main &&
     +	git fetch . notyetvalid-signed &&
    -+	git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
    ++	git fmt-merge-msg <.git/FETCH_HEAD >actual &&
    ++	grep "^Merge tag ${apos}notyetvalid-signed${apos}" actual &&
     +	! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
     +'
     +
    @@ t/t6200-fmt-merge-msg.sh: test_expect_success GPGSSH 'message for merging local
     +	test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
     +	git checkout main &&
     +	git fetch . timeboxedvalid-signed &&
    -+	git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
    ++	git fmt-merge-msg <.git/FETCH_HEAD >actual &&
    ++	grep "^Merge tag ${apos}timeboxedvalid-signed${apos}" actual &&
     +	grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual &&
     +	! grep "${GPGSSH_BAD_SIGNATURE}" actual
     +'
    @@ t/t6200-fmt-merge-msg.sh: test_expect_success GPGSSH 'message for merging local
     +	test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
     +	git checkout main &&
     +	git fetch . timeboxedinvalid-signed &&
    -+	git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
    ++	git fmt-merge-msg <.git/FETCH_HEAD >actual &&
    ++	grep "^Merge tag ${apos}timeboxedinvalid-signed${apos}" actual &&
     +	! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
     +'
     +
 7:  d60f4ec82c =  9:  0816dd2ec8 ssh signing: verify ssh-keygen in test prereq