[v2,12/30] tag: sign both hashes

Message ID	20231002024034.2611-12-ebiederm@gmail.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <git-owner@vger.kernel.org> From: "Eric W. Biederman" <ebiederm@gmail.com> To: Junio C Hamano <gitster@pobox.com> Cc: git@vger.kernel.org, "brian m. carlson" <sandals@crustytoothpaste.net>, Eric Sunshine <sunshine@sunshineco.com>, "Eric W. Biederman" <ebiederm@xmission.com> Subject: [PATCH v2 12/30] tag: sign both hashes Date: Sun, 1 Oct 2023 21:40:16 -0500 Message-Id: <20231002024034.2611-12-ebiederm@gmail.com> In-Reply-To: <878r8l929e.fsf@gmail.froward.int.ebiederm.org> References: <878r8l929e.fsf@gmail.froward.int.ebiederm.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	initial support for multiple hash functions \| expand [v2,00/30] initial support for multiple hash functions [v2,01/30] object-file-convert: stubs for converting from one object format to another [v2,02/30] oid-array: teach oid-array to handle multiple kinds of oids [v2,03/30] object-names: support input of oids in any supported hash [v2,04/30] repository: add a compatibility hash algorithm [v2,05/30] loose: add a mapping between SHA-1 and SHA-256 for loose objects [v2,06/30] loose: compatibilty short name support [v2,07/30] object-file: update the loose object map when writing loose objects [v2,08/30] object-file: add a compat_oid_in parameter to write_object_file_flags [v2,09/30] commit: write commits for both hashes [v2,10/30] commit: convert mergetag before computing the signature of a commit [v2,11/30] commit: export add_header_signature to support handling signatures on tags [v2,12/30] tag: sign both hashes [v2,13/30] cache: add a function to read an OID of a specific algorithm [v2,14/30] object: factor out parse_mode out of fast-import and tree-walk into in object.h [v2,15/30] object-file-convert: add a function to convert trees between algorithms [v2,16/30] object-file-convert: convert tag objects when writing [v2,17/30] object-file-convert: don't leak when converting tag objects [v2,18/30] object-file-convert: convert commit objects when writing [v2,19/30] object-file-convert: convert commits that embed signed tags [v2,20/30] object-file: update object_info_extended to reencode objects [v2,21/30] repository: implement extensions.compatObjectFormat [v2,22/30] rev-parse: add an --output-object-format parameter [v2,23/30] builtin/cat-file: let the oid determine the output algorithm [v2,24/30] tree-walk: init_tree_desc take an oid to get the hash algorithm [v2,25/30] object-file: handle compat objects in check_object_signature [v2,26/30] builtin/ls-tree: let the oid determine the output algorithm [v2,27/30] test-lib: compute the compatibility hash so tests may use it [v2,28/30] t1006: rename sha1 to oid [v2,29/30] t1006: test oid compatibility with cat-file [v2,30/30] t1016-compatObjectFormat: add tests to verify the conversion between objects

Message ID

20231002024034.2611-12-ebiederm@gmail.com (mailing list archive)

State

New, archived

Headers

From: "Eric W. Biederman" <ebiederm@gmail.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org,
        "brian m. carlson" <sandals@crustytoothpaste.net>,
        Eric Sunshine <sunshine@sunshineco.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>
Subject: [PATCH v2 12/30] tag: sign both hashes
Date: Sun,  1 Oct 2023 21:40:16 -0500
Message-Id: <20231002024034.2611-12-ebiederm@gmail.com>
In-Reply-To: <878r8l929e.fsf@gmail.froward.int.ebiederm.org>
References: <878r8l929e.fsf@gmail.froward.int.ebiederm.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

initial support for multiple hash functions | expand

Commit Message

Eric W. Biederman Oct. 2, 2023, 2:40 a.m. UTC

From: "Eric W. Biederman" <ebiederm@xmission.com>

When we write a tag the object oid is specific to the hash algorithm.

This matters when a tag is signed.  The hash transition plan calls for
signatures on both the sha1 form and the sha256 form of the object,
and for both of those signatures to live in the tag object.

To generate tag object with multiple signatures, first compute the
unsigned form of the tag, and then if the tag is being signed compute
the unsigned form of the tag with the compatibilityr hash.  Then
compute compute the signatures of both buffers.

Once the signatures are computed add them to both buffers.  This
allows computing the compatibility hash in do_sign, saving
write_object_file the expense of recomputing the compatibility tag
just to compute it's hash.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
---
 builtin/tag.c | 45 +++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 41 insertions(+), 4 deletions(-)

diff --git a/builtin/tag.c b/builtin/tag.c
index 3918eacbb57b..8c4bc28952c2 100644
--- a/builtin/tag.c
+++ b/builtin/tag.c
@@ -28,6 +28,7 @@ 
 #include "ref-filter.h"
 #include "date.h"
 #include "write-or-die.h"
+#include "object-file-convert.h"
 
 static const char * const git_tag_usage[] = {
 	N_("git tag [-a | -s | -u <key-id>] [-f] [-m <msg> | -F <file>] [-e]\n"
@@ -174,9 +175,43 @@  static int verify_tag(const char *name, const char *ref UNUSED,
 	return 0;
 }
 
-static int do_sign(struct strbuf *buffer)
+static int do_sign(struct strbuf *buffer, struct object_id **compat_oid,
+		   struct object_id *compat_oid_buf)
 {
-	return sign_buffer(buffer, buffer, get_signing_key());
+	const struct git_hash_algo *compat = the_repository->compat_hash_algo;
+	struct strbuf sig = STRBUF_INIT, compat_sig = STRBUF_INIT;
+	struct strbuf compat_buf = STRBUF_INIT;
+	const char *keyid = get_signing_key();
+	int ret = -1;
+
+	if (sign_buffer(buffer, &sig, keyid))
+		return -1;
+
+	if (compat) {
+		const struct git_hash_algo *algo = the_repository->hash_algo;
+
+		if (convert_object_file(&compat_buf, algo, compat,
+					buffer->buf, buffer->len, OBJ_TAG, 1))
+			goto out;
+		if (sign_buffer(&compat_buf, &compat_sig, keyid))
+			goto out;
+		add_header_signature(&compat_buf, &sig, algo);
+		strbuf_addbuf(&compat_buf, &compat_sig);
+		hash_object_file(compat, compat_buf.buf, compat_buf.len,
+				 OBJ_TAG, compat_oid_buf);
+		*compat_oid = compat_oid_buf;
+	}
+
+	if (compat_sig.len)
+		add_header_signature(buffer, &compat_sig, compat);
+
+	strbuf_addbuf(buffer, &sig);
+	ret = 0;
+out:
+	strbuf_release(&sig);
+	strbuf_release(&compat_sig);
+	strbuf_release(&compat_buf);
+	return ret;
 }
 
 static const char tag_template[] =
@@ -249,9 +284,11 @@  static void write_tag_body(int fd, const struct object_id *oid)
 
 static int build_tag_object(struct strbuf *buf, int sign, struct object_id *result)
 {
-	if (sign && do_sign(buf) < 0)
+	struct object_id *compat_oid = NULL, compat_oid_buf;
+	if (sign && do_sign(buf, &compat_oid, &compat_oid_buf) < 0)
 		return error(_("unable to sign the tag"));
-	if (write_object_file(buf->buf, buf->len, OBJ_TAG, result) < 0)
+	if (write_object_file_flags(buf->buf, buf->len, OBJ_TAG, result,
+				    compat_oid, 0) < 0)
 		return error(_("unable to write tag file"));
 	return 0;
 }

[v2,12/30] tag: sign both hashes

Commit Message

Patch