@@ -769,8 +769,9 @@ static void prepare_push_cert_sha1(struct child_process *proc)
memset(&sigcheck, '\0', sizeof(sigcheck));
bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
- check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
- push_cert.len - bogs, &sigcheck);
+ check_signature(push_cert.buf, bogs, 0, NULL,
+ push_cert.buf + bogs, push_cert.len - bogs,
+ &sigcheck);
nonce_status = check_nonce(push_cert.buf, bogs);
}
@@ -1212,7 +1212,7 @@ int check_commit_signature(const struct commit *commit, struct signature_check *
if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0)
goto out;
- ret = check_signature(payload.buf, payload.len, signature.buf,
+ ret = check_signature(payload.buf, payload.len, 0, NULL, signature.buf,
signature.len, sigc);
out:
@@ -533,8 +533,8 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
else {
buf = payload.buf;
len = payload.len;
- if (check_signature(payload.buf, payload.len, sig.buf,
- sig.len, &sigc) &&
+ if (check_signature(payload.buf, payload.len, 0, NULL,
+ sig.buf, sig.len, &sigc) &&
!sigc.output)
strbuf_addstr(&sig, "gpg verification failed.\n");
else
@@ -20,8 +20,9 @@ struct gpg_format {
const char **sigs;
int (*verify_signed_buffer)(struct signature_check *sigc,
struct gpg_format *fmt, const char *payload,
- size_t payload_size, const char *signature,
- size_t signature_size);
+ size_t payload_size, timestamp_t payload_timestamp,
+ struct strbuf *payload_signer,
+ const char *signature, size_t signature_size);
int (*sign_buffer)(struct strbuf *buffer, struct strbuf *signature,
const char *signing_key);
const char *(*get_default_key)(void);
@@ -54,12 +55,14 @@ static const char *ssh_sigs[] = {
static int verify_gpg_signed_buffer(struct signature_check *sigc,
struct gpg_format *fmt, const char *payload,
- size_t payload_size, const char *signature,
- size_t signature_size);
+ size_t payload_size, timestamp_t payload_timestamp,
+ struct strbuf *payload_signer,
+ const char *signature, size_t signature_size);
static int verify_ssh_signed_buffer(struct signature_check *sigc,
struct gpg_format *fmt, const char *payload,
- size_t payload_size, const char *signature,
- size_t signature_size);
+ size_t payload_size, timestamp_t payload_timestamp,
+ struct strbuf *payload_signer,
+ const char *signature, size_t signature_size);
static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature,
const char *signing_key);
static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
@@ -315,8 +318,9 @@ static void parse_gpg_output(struct signature_check *sigc)
static int verify_gpg_signed_buffer(struct signature_check *sigc,
struct gpg_format *fmt, const char *payload,
- size_t payload_size, const char *signature,
- size_t signature_size)
+ size_t payload_size, timestamp_t payload_timestamp,
+ struct strbuf *payload_signer,
+ const char *signature, size_t signature_size)
{
struct child_process gpg = CHILD_PROCESS_INIT;
struct tempfile *temp;
@@ -421,8 +425,9 @@ static void parse_ssh_output(struct signature_check *sigc)
static int verify_ssh_signed_buffer(struct signature_check *sigc,
struct gpg_format *fmt, const char *payload,
- size_t payload_size, const char *signature,
- size_t signature_size)
+ size_t payload_size, timestamp_t payload_timestamp,
+ struct strbuf *payload_signer,
+ const char *signature, size_t signature_size)
{
struct child_process ssh_keygen = CHILD_PROCESS_INIT;
struct tempfile *buffer_file;
@@ -556,8 +561,9 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
return ret;
}
-int check_signature(const char *payload, size_t plen, const char *signature,
- size_t slen, struct signature_check *sigc)
+int check_signature(const char *payload, size_t plen, timestamp_t payload_timestamp,
+ struct strbuf *payload_signer, const char *signature,
+ size_t slen, struct signature_check *sigc)
{
struct gpg_format *fmt;
int status;
@@ -569,8 +575,9 @@ int check_signature(const char *payload, size_t plen, const char *signature,
if (!fmt)
die(_("bad/incompatible signature '%s'"), signature);
- status = fmt->verify_signed_buffer(sigc, fmt, payload, plen, signature,
- slen);
+ status = fmt->verify_signed_buffer(sigc, fmt, payload, plen,
+ payload_timestamp, payload_signer,
+ signature, slen);
if (status && !sigc->output)
return !!status;
@@ -71,6 +71,7 @@ const char *get_signing_key(void);
*/
const char *get_signing_key_id(void);
int check_signature(const char *payload, size_t plen,
+ timestamp_t payload_timestamp, struct strbuf *payload_signer,
const char *signature, size_t slen,
struct signature_check *sigc);
void print_signature_buffer(const struct signature_check *sigc,
@@ -513,7 +513,7 @@ static void show_signature(struct rev_info *opt, struct commit *commit)
if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0)
goto out;
- status = check_signature(payload.buf, payload.len, signature.buf,
+ status = check_signature(payload.buf, payload.len, 0, NULL, signature.buf,
signature.len, &sigc);
if (status && !sigc.output)
show_sig_lines(opt, status, "No signature\n");
@@ -583,7 +583,7 @@ static int show_one_mergetag(struct commit *commit,
status = -1;
if (parse_signature(extra->value, extra->len, &payload, &signature)) {
/* could have a good signature */
- status = check_signature(payload.buf, payload.len,
+ status = check_signature(payload.buf, payload.len, 0, NULL,
signature.buf, signature.len, &sigc);
if (sigc.output)
strbuf_addstr(&verify_message, sigc.output);
@@ -25,7 +25,7 @@ static int run_gpg_verify(const char *buf, unsigned long size, unsigned flags)
return error("no signature found");
}
- ret = check_signature(payload.buf, payload.len, signature.buf,
+ ret = check_signature(payload.buf, payload.len, 0, NULL, signature.buf,
signature.len, &sigc);
if (!(flags & GPG_VERIFY_OMIT_STATUS))
Adds two new parameters to the check_signature api and passes them to the internal verification ssh/gpg methods. A payload timestamp that will be used to verify signatures at the time of their objects creation if the signing method supports it (only ssh for now). And a signer strbuf containing ident information about the signer that we will need for implementing "Trust on first use" in a future patch series. Adding the ident info right now instead of a later patch series makes certain choices in this patch series clearer. Only passing the timestamp could be done a bit simpler on some call sites but i am certain that we will need the ident info for "Trust on first use" no matter how exactly it will be implemented later. To start with we pass 0, NULL on all invocations to keep the current behaviour as is. Signed-off-by: Fabian Stelzer <fs@gigacodes.de> --- builtin/receive-pack.c | 5 +++-- commit.c | 2 +- fmt-merge-msg.c | 4 ++-- gpg-interface.c | 35 +++++++++++++++++++++-------------- gpg-interface.h | 1 + log-tree.c | 4 ++-- tag.c | 2 +- 7 files changed, 31 insertions(+), 22 deletions(-)