From patchwork Wed Nov 17 09:35:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabian Stelzer X-Patchwork-Id: 12624121 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46FDBC433F5 for ; Wed, 17 Nov 2021 09:35:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 262B2619E5 for ; Wed, 17 Nov 2021 09:35:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235116AbhKQJiu (ORCPT ); Wed, 17 Nov 2021 04:38:50 -0500 Received: from mail-db5eur01hn2234.outbound.protection.outlook.com ([52.100.6.234]:20915 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S231797AbhKQJir (ORCPT ); Wed, 17 Nov 2021 04:38:47 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LSLxbAynILUUqoiK9q4l4/WuCB6XfkA4mDdn1WB5o/ykLtSlWl7APm1XMCVad9AGwN9V0KEpTnV3+9RZdbIC2fCcdsBsPUl/ybfI4tOwC+Wdri2WpQNqnCbp+XW0Jlhzx3Cbq4A9U4NNgP/Ey+SCLBg2U7ekBxlmcqWJwxJ01Q7prWY6pe9AtGHzuvgJTMZBvp/wZQkvsstI396ui7UOChXtnXxGpAfnzMNXRyCKcthxivGaTMdFsPV6kqO/TcsRLClj/a2mkfXbl9+qOSXJxqxBPTsnjjxLmQfwoJzmySBL0csOgsph/6qVP0QoqsygPIxTwtnPBD3Nr5V9s7xsqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IFWk7mStrYAR15pRt33iPZVLIawsSF5hY44xdMc4tQM=; b=Fv+VCmfZ2+CSkORGCa/Vf4gu1X8c9219nYfKneqXRmMkFEWTvQ2ecrMKBh/nNiTEtY0rqPP1apPLMe29bq+Z6W8nJCpMwLnDCcorxX+Hf/xLq01VEgkeCNMcIoPgTMD5c7dNf9rMYzqZMlV8UV17DZTzyGB13o7QvckjjIyyZurwwgXxz6nR8dBbjbWmYRzM+LkwVpd/nsIkA1AZaRbIiPNVIC4gcjHlRN1CJdSr0fGB7AR/R4TqLaBmR0aDTusfCCSzwg3Kkz/EQ1NFI+Fej8I+3lWhcffiQxaZlguU2RJY2KqUlbi3wILNVK0aeWUZWVc+YMBeeqT8LnYBlQ7HWQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=gigacodes.de; dmarc=pass action=none header.from=gigacodes.de; dkim=pass header.d=gigacodes.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gigacodes.de; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IFWk7mStrYAR15pRt33iPZVLIawsSF5hY44xdMc4tQM=; b=ZQMFCJHtEt+yUAhFxqkDpFhj3K8XDWdNIOQzT3nm7KfKogsCie+/6R1EDK9JZL20KxF0Is4+yqBIStmUADK1Zmwt7xlsGZqRzVjgmIVLTGm+vx+OT1XuCSr2tf1Qu3w9iH3ArKnSGruH9vdbyo9aWbJxYMFspx/WV4PqD2pxr2Q= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=gigacodes.de; Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) by PR3PR10MB3820.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:49::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.15; Wed, 17 Nov 2021 09:35:46 +0000 Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::f9d5:61ab:5756:b391]) by PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::f9d5:61ab:5756:b391%5]) with mapi id 15.20.4713.020; Wed, 17 Nov 2021 09:35:46 +0000 From: Fabian Stelzer To: git@vger.kernel.org Cc: Junio C Hamano , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= , Fabian Stelzer Subject: [PATCH v3 1/7] ssh signing: use sigc struct to pass payload Date: Wed, 17 Nov 2021 10:35:23 +0100 Message-Id: <20211117093529.13953-2-fs@gigacodes.de> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211117093529.13953-1-fs@gigacodes.de> References: <20211117093529.13953-1-fs@gigacodes.de> X-ClientProxiedBy: AS9PR0301CA0051.eurprd03.prod.outlook.com (2603:10a6:20b:469::28) To PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) MIME-Version: 1.0 Received: from localhost (2003:ea:5820:600:c042:75a0:fd5e:1472) by AS9PR0301CA0051.eurprd03.prod.outlook.com (2603:10a6:20b:469::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.19 via Frontend Transport; Wed, 17 Nov 2021 09:35:46 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9baf33ba-ddd0-4bf0-c4b8-08d9a9ada1f4 X-MS-TrafficTypeDiagnostic: PR3PR10MB3820: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:103; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Hcw4pUA4brOhG7txCXGnNkfkQZ7GhDT4AABEZbs90rTwOuniw+Z5smGEFBg2CVrxz5GwFMbeODSHfW5xoTuq6tMnAp1InAwse9TFsP5SiODZ1o0WNkqRzVz/EPGOtnh2zzz4dzHvRt+bxPWvI5AWNUAZR6qFJSKFZ4dTi2mdBI7SKKJAb0dUjcEkj8l9KLS53aVk4J2rNTUL5IpgYpBjAz71BOR7cdbrwqxYNwfopWR1UN1fy4aF81GDJiF1fdGyIu8EL0kG4A5lPiwy2eq2y5IDN4S8l/UB97FbBR1b8tq4Lk8SEwW+NB2n0mP1bFYZzm2UThDi947P6ltQ0Ybmt1xu6ABCxX7lorTTlCxCkJWe1oiMqhZhRdpBx7054XvZw+kqoOcz36lC3ZsjGT7ctBUMbUxNyfqKjhq46wJaUmxpcQ9kBaL76pPxiMt3rYp9Z2GQ4UXoBrXJ8p7t+Hp5ZsjPFc0fk4pEIu3ELck6Z/UPgIJS/os1PM0WeM8f5tb3NDo/2UGcm5ceBkX0YcBivrkAPj0OTZHKrpZ52p47rVBhDmLiVALwrJP8oXutKCywolZdevQHrFRpNBXwfNA+YKTvvafwMBRWXritDjjNMsAshAXIB9AnIYPmQE4HK8f6VHCTorJBaW0W+rgW3/xTuN3d+n8egMoUrwsdGGKsEm5BQdHIjje58ILFIKOZIbuZxboHHs7Bju2bYOlcSmlSC6J/t1kN65+Qj4JGDvtYKJKUsI1er+GLu+Q2CkcOyfNsnlztdf6MLd0HasWZ8a6MsSpbMgsYfqWVftYeQlRrcw56UBGmdrbj/faDyzdrS8+3kGqv68FpB9DS91iFDXLWEV9YYIdmLw0JWLDzYo6yoSh+cbmBaXYzwQvOQxpHwFT0xAlorFL0kCsOAHBzK5excDls7GIFDbIUnp8QxeXhfwGNW5VLX+xVmaNOiZBKWVOoejKrw9yGcUTNk2rvHEXZURkzNmOAf/1EbSVL6+8xTx3fjYt3tt4tVaWMX6SVXqWkbVez1Wa2XStrPuuO/6zCl+51juTKr8jgNTraPuCdKDRaeMJUdLxTcuI6vKC2vykE03/crRVN+rZhuJpBNBkl9lOg/rVOx07nnYEAXlYAEww= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:OSPM;SFS:(4636009)(136003)(376002)(346002)(39840400004)(396003)(366004)(66556008)(316002)(8676002)(1076003)(66476007)(66946007)(38100700002)(8936002)(83380400001)(86362001)(5660300002)(36756003)(54906003)(186003)(2906002)(6486002)(2616005)(6666004)(107886003)(6496006)(6916009)(52116002)(4326008)(508600001)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: XNDNigwFOC/MPvww8XKK43tE2zDluolrALednP79imdBsuwUCHFw4nY8MfnGAAZbxPCOzeymOZZVtAwso6ZzJjwj7w/28gxcyHojjc8xTTppXAfT/EiM+KaS87EiOXAUktyD3zetaa5OTE+uGQJGy9c95HJUPpZEdYS3mTq1UoDBuLet7mgoLofR7VStGL/cFycVtvzqPWm4qHmThN2rILI8GOJOljcKartffdBu9vzXFJYMvyS2DBSZMU50k2DKxBn/lUQOnmeN91yruP4hoFYGhe0rVwzpk3n1w+0fK/Rr4Zd6aL2rdCiFp/EVf2BrvhqUAKuuRyvGGYtCTI2h9qeNKHItyu58Gvk3pm5hDxySHTi5g8Je0bSKqkWdp/rRj3je1ckpIoE/XaA6qFmjQun6rMA8sLfDuasASiUuAFWfiE5mb5vu6DKegx1sMutNHvGedTfzqHs0Tz4+nm2n6E9zMoJxGOfOffPKsjiQXSi7OBwf9jskUZ4Tc3rM3gFpvveL8HikhQ5ebP1s/HDmSqO/8deabx5VO85OJx6jG6O8XWDuE5wJjkuYYizNC9mUGA2rlGGwT42yz6jaQR8AwbMVJxF9LYkbVc7dlYvFMWLMpTNj759MuV9gEc7XEBMWcL/XVldBLLKIqscbEbsBZqSmMAZHaWrmVj3e1Kp829Xuokh6GxyNn2J2B7g/ULG5uLX8wwCXbbq/5zltei6YYQIvYDgka1V4FHoYUz1o6BvlQ96WLFSUg04MEWuD70AEyzv89nU2Fz8ys33oIsUU4rpTej26Ln55RxWVMcRzUEbdMeJM7g5VN5qBuBj35X+IpwQKuxy5SZVd56KgYwZlzJjQnqKZFRWghWAnLmm3iICq+ociK+VwljuhMApC/tJErMdg3AuJSR4r76ErdY1I8Su5Bj2tDeaUesjpBxkHC5QmhU8Z9OtgqUe1fORk+DlI25cTqdXy5e5ku/hqOqAPezW+kQcps+xjtra7mXqmyHm5CzVTacZLYLDFG0hSb0m+dTtD5ShhseuVDD1poOAWWlh5OGRTELdWq95FkgE8ruiVFZFLnM3bMhMZ1GVx4L5PGjuUm9s/b30KSrlahLZ3g9u6gzSpnQ54w+HvOyxvdwGUJQsogjs7So1x13xq1WcJYvcX2/W5BXpGVvC9ZFWb6ieNfcqKncp28Wv3uWFCXfgYCimov9gfF63WRmNFGybtjfBU721cFdAvciwNoumUNHqWP8Q6TSk2M2dp4KLoCisGIxoLulwrscsf97JmtxKkXHlnGD7wAWXkfVMQwcKgvHDXmeBX4fhHRxr0YphTI/os3Fll2E6rbLoGGhBeVRelFSCoa04BlvjwyTCooNHTNBk7dxALAXkryFjhJCiPEjm0CKB65P2Bg7ZcGZ1zcnt3dlclYyMTGq+T1dJJX4ZmWcdmRq1ED7uVXrMXaoybRnEMuiK5wcN52vtNu/FFmibqBZ/R3AEuak+AmSi0nQ8sT5w52bUrDALyFTXQy3t82ywg6oyCXgE4VqL2FLZ6vCUEAQOfSGaias8mxbjHIAKKqOGFASCGiSksiANb8yT7A+SOBy+VEDZsntaGbPqs5bhw5q4DeoMKIkUAa0Edsk7Tb9JWT4YA15Ltqvcgo2SBQ2emJvsG1wEjwW4RJ2jDq9TE5ORA6G+DFUnTpH75lmvxUyXYxb57UuRYXmakCVl3CgTE+g28V2PjrI19Un/m5JAhLp7N160RuyoU9tmeOp9O11yR9/tLS+X+bJ/QzeWJZrk= X-OriginatorOrg: gigacodes.de X-MS-Exchange-CrossTenant-Network-Message-Id: 9baf33ba-ddd0-4bf0-c4b8-08d9a9ada1f4 X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2021 09:35:46.2330 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 80e41b3b-ea1f-4dbc-91eb-225a572951fb X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: +OAbHIAXtkCtv1dOukkmMY7rFXpHS+9msx6HFDPnyozp0QtjkStj3ud14HcJj3IK6H0u1jM+8ATjafLF1c+E4IXU0bxwXy918YQjlc7TV/s= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR10MB3820 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org To be able to extend the payload metadata with things like its creation timestamp or the creators ident we remove the payload parameters to check_signature() and use the already existing sigc->payload field instead, only adding the length field to the struct. This also allows us to get rid of the xmemdupz() calls in the verify functions. Since sigc is now used to input data as well as output the result move it to the front of the function list. - Add payload_length to struct signature_check - Populate sigc.payload/payload_len on all call sites - Remove payload parameters to check_signature() - Remove payload parameters to internal verify_* functions and use sigc instead - Remove xmemdupz() used for verbose output since payload is now already populated. Signed-off-by: Fabian Stelzer --- builtin/receive-pack.c | 6 ++++-- commit.c | 5 +++-- fmt-merge-msg.c | 4 ++-- gpg-interface.c | 37 +++++++++++++++++-------------------- gpg-interface.h | 6 +++--- log-tree.c | 8 ++++---- tag.c | 4 ++-- 7 files changed, 35 insertions(+), 35 deletions(-) diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c index 49b846d960..61ab63c2ea 100644 --- a/builtin/receive-pack.c +++ b/builtin/receive-pack.c @@ -769,8 +769,10 @@ static void prepare_push_cert_sha1(struct child_process *proc) memset(&sigcheck, '\0', sizeof(sigcheck)); bogs = parse_signed_buffer(push_cert.buf, push_cert.len); - check_signature(push_cert.buf, bogs, push_cert.buf + bogs, - push_cert.len - bogs, &sigcheck); + sigcheck.payload = xmemdupz(push_cert.buf, bogs); + sigcheck.payload_len = bogs; + check_signature(&sigcheck, push_cert.buf + bogs, + push_cert.len - bogs); nonce_status = check_nonce(push_cert.buf, bogs); } diff --git a/commit.c b/commit.c index 551de4903c..64e040a99b 100644 --- a/commit.c +++ b/commit.c @@ -1212,8 +1212,9 @@ int check_commit_signature(const struct commit *commit, struct signature_check * if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0) goto out; - ret = check_signature(payload.buf, payload.len, signature.buf, - signature.len, sigc); + + sigc->payload = strbuf_detach(&payload, &sigc->payload_len); + ret = check_signature(sigc, signature.buf, signature.len); out: strbuf_release(&payload); diff --git a/fmt-merge-msg.c b/fmt-merge-msg.c index 5216191488..deca1ea3a3 100644 --- a/fmt-merge-msg.c +++ b/fmt-merge-msg.c @@ -533,8 +533,8 @@ static void fmt_merge_msg_sigs(struct strbuf *out) else { buf = payload.buf; len = payload.len; - if (check_signature(payload.buf, payload.len, sig.buf, - sig.len, &sigc) && + sigc.payload = strbuf_detach(&payload, &sigc.payload_len); + if (check_signature(&sigc, sig.buf, sig.len) && !sigc.output) strbuf_addstr(&sig, "gpg verification failed.\n"); else diff --git a/gpg-interface.c b/gpg-interface.c index 3e7255a2a9..75ab6faacb 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -19,8 +19,8 @@ struct gpg_format { const char **verify_args; const char **sigs; int (*verify_signed_buffer)(struct signature_check *sigc, - struct gpg_format *fmt, const char *payload, - size_t payload_size, const char *signature, + struct gpg_format *fmt, + const char *signature, size_t signature_size); int (*sign_buffer)(struct strbuf *buffer, struct strbuf *signature, const char *signing_key); @@ -53,12 +53,12 @@ static const char *ssh_sigs[] = { }; static int verify_gpg_signed_buffer(struct signature_check *sigc, - struct gpg_format *fmt, const char *payload, - size_t payload_size, const char *signature, + struct gpg_format *fmt, + const char *signature, size_t signature_size); static int verify_ssh_signed_buffer(struct signature_check *sigc, - struct gpg_format *fmt, const char *payload, - size_t payload_size, const char *signature, + struct gpg_format *fmt, + const char *signature, size_t signature_size); static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature, const char *signing_key); @@ -314,8 +314,8 @@ static void parse_gpg_output(struct signature_check *sigc) } static int verify_gpg_signed_buffer(struct signature_check *sigc, - struct gpg_format *fmt, const char *payload, - size_t payload_size, const char *signature, + struct gpg_format *fmt, + const char *signature, size_t signature_size) { struct child_process gpg = CHILD_PROCESS_INIT; @@ -343,14 +343,13 @@ static int verify_gpg_signed_buffer(struct signature_check *sigc, NULL); sigchain_push(SIGPIPE, SIG_IGN); - ret = pipe_command(&gpg, payload, payload_size, &gpg_stdout, 0, + ret = pipe_command(&gpg, sigc->payload, sigc->payload_len, &gpg_stdout, 0, &gpg_stderr, 0); sigchain_pop(SIGPIPE); delete_tempfile(&temp); ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG "); - sigc->payload = xmemdupz(payload, payload_size); sigc->output = strbuf_detach(&gpg_stderr, NULL); sigc->gpg_status = strbuf_detach(&gpg_stdout, NULL); @@ -426,8 +425,8 @@ static void parse_ssh_output(struct signature_check *sigc) } static int verify_ssh_signed_buffer(struct signature_check *sigc, - struct gpg_format *fmt, const char *payload, - size_t payload_size, const char *signature, + struct gpg_format *fmt, + const char *signature, size_t signature_size) { struct child_process ssh_keygen = CHILD_PROCESS_INIT; @@ -480,7 +479,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc, "-n", "git", "-s", buffer_file->filename.buf, NULL); - pipe_command(&ssh_keygen, payload, payload_size, + pipe_command(&ssh_keygen, sigc->payload, sigc->payload_len, &ssh_keygen_out, 0, &ssh_keygen_err, 0); /* @@ -526,7 +525,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc, } sigchain_push(SIGPIPE, SIG_IGN); - ret = pipe_command(&ssh_keygen, payload, payload_size, + ret = pipe_command(&ssh_keygen, sigc->payload, sigc->payload_len, &ssh_keygen_out, 0, &ssh_keygen_err, 0); sigchain_pop(SIGPIPE); @@ -540,7 +539,6 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc, } } - sigc->payload = xmemdupz(payload, payload_size); strbuf_stripspace(&ssh_keygen_out, 0); strbuf_stripspace(&ssh_keygen_err, 0); /* Add stderr outputs to show the user actual ssh-keygen errors */ @@ -562,8 +560,8 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc, return ret; } -int check_signature(const char *payload, size_t plen, const char *signature, - size_t slen, struct signature_check *sigc) +int check_signature(struct signature_check *sigc, + const char *signature, size_t slen) { struct gpg_format *fmt; int status; @@ -575,8 +573,7 @@ int check_signature(const char *payload, size_t plen, const char *signature, if (!fmt) die(_("bad/incompatible signature '%s'"), signature); - status = fmt->verify_signed_buffer(sigc, fmt, payload, plen, signature, - slen); + status = fmt->verify_signed_buffer(sigc, fmt, signature, slen); if (status && !sigc->output) return !!status; @@ -593,7 +590,7 @@ void print_signature_buffer(const struct signature_check *sigc, unsigned flags) sigc->output; if (flags & GPG_VERIFY_VERBOSE && sigc->payload) - fputs(sigc->payload, stdout); + fwrite(sigc->payload, 1, sigc->payload_len, stdout); if (output) fputs(output, stderr); diff --git a/gpg-interface.h b/gpg-interface.h index beefacbb1e..5ee7d8b6b9 100644 --- a/gpg-interface.h +++ b/gpg-interface.h @@ -17,6 +17,7 @@ enum signature_trust_level { struct signature_check { char *payload; + size_t payload_len; char *output; char *gpg_status; @@ -70,9 +71,8 @@ const char *get_signing_key(void); * Either a GPG KeyID or a SSH Key Fingerprint */ const char *get_signing_key_id(void); -int check_signature(const char *payload, size_t plen, - const char *signature, size_t slen, - struct signature_check *sigc); +int check_signature(struct signature_check *sigc, + const char *signature, size_t slen); void print_signature_buffer(const struct signature_check *sigc, unsigned flags); diff --git a/log-tree.c b/log-tree.c index 644893fd8c..a46cf60e1e 100644 --- a/log-tree.c +++ b/log-tree.c @@ -513,8 +513,8 @@ static void show_signature(struct rev_info *opt, struct commit *commit) if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0) goto out; - status = check_signature(payload.buf, payload.len, signature.buf, - signature.len, &sigc); + sigc.payload = strbuf_detach(&payload, &sigc.payload_len); + status = check_signature(&sigc, signature.buf, signature.len); if (status && !sigc.output) show_sig_lines(opt, status, "No signature\n"); else @@ -583,8 +583,8 @@ static int show_one_mergetag(struct commit *commit, status = -1; if (parse_signature(extra->value, extra->len, &payload, &signature)) { /* could have a good signature */ - status = check_signature(payload.buf, payload.len, - signature.buf, signature.len, &sigc); + sigc.payload = strbuf_detach(&payload, &sigc.payload_len); + status = check_signature(&sigc, signature.buf, signature.len); if (sigc.output) strbuf_addstr(&verify_message, sigc.output); else diff --git a/tag.c b/tag.c index 3e18a41841..62fb09f5a5 100644 --- a/tag.c +++ b/tag.c @@ -25,8 +25,8 @@ static int run_gpg_verify(const char *buf, unsigned long size, unsigned flags) return error("no signature found"); } - ret = check_signature(payload.buf, payload.len, signature.buf, - signature.len, &sigc); + sigc.payload = strbuf_detach(&payload, &sigc.payload_len); + ret = check_signature(&sigc, signature.buf, signature.len); if (!(flags & GPG_VERIFY_OMIT_STATUS)) print_signature_buffer(&sigc, flags); From patchwork Wed Nov 17 09:35:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabian Stelzer X-Patchwork-Id: 12624123 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45A97C433F5 for ; Wed, 17 Nov 2021 09:35:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2F563619EC for ; Wed, 17 Nov 2021 09:35:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235168AbhKQJix (ORCPT ); Wed, 17 Nov 2021 04:38:53 -0500 Received: from mail-db5eur01hn2234.outbound.protection.outlook.com ([52.100.6.234]:20915 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S235103AbhKQJit (ORCPT ); Wed, 17 Nov 2021 04:38:49 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YfS6QSOy7nktcUzGFL0zd3AfWXVzvntOOcYOKX4QhwmfrTOEgQEAkZGYCtq9COwqKnyGWwDlhkfW/sh8R5DhG/SKILBY+C8soroZirqhakbeZClDotlUbbFypD+wa2IDHntPUHY/pyv3J5f23se6sIrIpB5fdzBdQ2aPKK5XIs5N+pFPiY4dquSaMrh7k/KL6Jy/oEcZHmttnQ0Uh+UDTCXWtjzuvoE1ChzEV+3tiza93qP8I0l9fTEFvHC8xTwLDw4Ig9radyFoMLuoIQ0kDLGLruSme5F75b0E0lt82IKGoRboVNtlGBzLoJWqo9v8Xe8UlENoEE7+48xnlEtWqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=K3sccrQyi7gwNykk7BAg8YyNI3Nho2xKTBAsNPAwDAE=; b=NeKrE7LbdcFHoKHjC6Z0q5lMdw0byMDHnSnK58SBIUzQqGAAn1BggxZCnhzV4h/wT/8ZT7brsG3dC/Kfhy6vGF67JUXJgrbnSggbw7KfZyhMcm9BTVBo5FYLJDtSJH/vhI3o9Ww/ZpMlwuG9VbOpsVTvln/5DjR6SPPnhf5qVXJsJ9sIuGGv1CKXV+WD0Jtj/lOCdQPtMYeEkjyQOndlP6/7xIpZfMioQPtFxMRcQnjHw0TMaHgc63KDOuqZD13JGa1r8n9R63Qt+wEHwRmlzZOiFODcW6sEzXKQr7RkaO1NDWl7pcseJpF012WwfFuRo8f2PUUD1rVu6mmn2uksLA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=gigacodes.de; dmarc=pass action=none header.from=gigacodes.de; dkim=pass header.d=gigacodes.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gigacodes.de; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K3sccrQyi7gwNykk7BAg8YyNI3Nho2xKTBAsNPAwDAE=; b=v8kIbqmM49RAzuhge00bmIrNwix+tFx8cb7W+AV6ibkwhrE+3gybii5CHc2MMWKBfomrNMqbC3Ysh7AFauOfdteKQqzmAhI14nfXaQTJCdS+6ZUyoJpSt8784h3aZCKnxUxQj35sfLwD9PGPkbUhVOaw2MR8OJBkrraQvtl2DfM= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=gigacodes.de; Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) by PR3PR10MB3820.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:49::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.15; Wed, 17 Nov 2021 09:35:47 +0000 Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::f9d5:61ab:5756:b391]) by PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::f9d5:61ab:5756:b391%5]) with mapi id 15.20.4713.020; Wed, 17 Nov 2021 09:35:47 +0000 From: Fabian Stelzer To: git@vger.kernel.org Cc: Junio C Hamano , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= , Fabian Stelzer Subject: [PATCH v3 2/7] ssh signing: add key lifetime test prereqs Date: Wed, 17 Nov 2021 10:35:24 +0100 Message-Id: <20211117093529.13953-3-fs@gigacodes.de> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211117093529.13953-1-fs@gigacodes.de> References: <20211117093529.13953-1-fs@gigacodes.de> X-ClientProxiedBy: AS9PR0301CA0045.eurprd03.prod.outlook.com (2603:10a6:20b:469::13) To PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) MIME-Version: 1.0 Received: from localhost (2003:ea:5820:600:c042:75a0:fd5e:1472) by AS9PR0301CA0045.eurprd03.prod.outlook.com (2603:10a6:20b:469::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.26 via Frontend Transport; Wed, 17 Nov 2021 09:35:46 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4bec2daa-dc42-4d9a-4776-08d9a9ada270 X-MS-TrafficTypeDiagnostic: PR3PR10MB3820: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1850; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ty/LT5Cb1o8SP8Lh8oYmDByIwDG3xLIud94EI6Yh+6g7GVzThCVixVuZBZPZg/SakBjd8m1RWqbk0kmvVrqwnvNMzoyQy7EtZLK4UzCmXVIuCUcOs5jdH8n3LArR3ETe84JD9s1zzpOhAgo3cvJt+tfO+2QDrKrq2uZiizXegzYl/JSkrbHIwjezHsHaYKNlpTOyYsZdhKFHgBi9SczKTlOVrYMZWYowBoPT5My3z8RMH19jaHq4rgPr9Wz0FXouhnWi5nbrJ+QD0G/sVZMXgTTFvfAjPz1kKpKx4iACLj1J47p9aEHY0FwwzqKhIRTra5oDvtIsYlO1vvizczbO17MNVw8/iRvGxwy+PobSMLoFTZe7oT1Wn8CWL5P95O6OtBQWHKi8RmQt3cqniqH7Zl5NwmKCAkTauPFT2sQvLsd7CDaCIlIIFPj8yRv7kAON9Vv3IRZEaeAr6SAGqM6plfOx3GyQnSM3gUkCC2Fnl9iFokfxIjVhBhaDvh8/eh/BtrlFFZYsJxPFXQzqvpCyLbomx/o/rviKcvuxFaZjBhtavajWG1kk/LaMAmyBqzt31jmBThu6RB3SvqpsR+IvPgpD2paRAOrmEBKf1VFd3ivgSxGzWCTSukRA7+DtQEfYHwnV6uvLFe9oaSVuAiKmkxNiz076ASAz6Plbu+pNKkOR3wksmUwQeMyrQuLa+FVbQ/xP9BgUJSViEwdaT56xueupz2jMYXRZPK4jZi+viCrz/AZ0okgTSP3BhqIRb++JUHoujsxXwiQh+Zs+iXY7+r9NlexSyvzVdPmImivfWUtIqxpxuI702V0eqD9ENBe9oLvoxHoI754GVm3vxuB38v0dxpvrR2E7QGDUsyNlj81/JflWk+3e7+lfp9iEmTRax3mcENioC8cP23BAEWCV7BSQKrhqMjeKURnWjKNbcbVg16ewVhKwoN6H85Q12uU5LV4jirPS0dUUeYcSQx3xBhnsRoMbdbExoBjfeYo8e7no+B7sfR9XOyzKLJtfGdgk77qvDn7NEhzNcRZQP0Y28A== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:OSPM;SFS:(4636009)(136003)(376002)(346002)(39840400004)(396003)(366004)(66556008)(316002)(8676002)(1076003)(66476007)(66946007)(38100700002)(8936002)(83380400001)(86362001)(5660300002)(36756003)(54906003)(186003)(2906002)(6486002)(2616005)(6666004)(107886003)(6496006)(6916009)(52116002)(4326008)(508600001)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: xCXR6V2FlE+XtPxZUl5QGRNXByuXyTdg7IQ+9JiolHZF39YopWay/yYEJjz6gFyFk2qMoYh2sSS5tAB4/bpC71PG15pDdeEqTcKTG19lzz89XIkg+Q6/+IU2uo6SK8wF2Wy8N1ginB6pqeoRj+iFWbANlEFCqoXKe0jK1PERUmfKCirQrqeogK2mdlgoC5FvI0PwCFCTLu7TYdWsX7tw05e4mKTDVw/j7AhdBvn3jro3o/WpwjoLBEXHMGbx36F84ACLkGjFCh/PjXKcj/bo9DN3AF7SHc1Dd6zxZ/Wb3xVZi+iajXymDPkmhHdFJt9XIb5H7phI5obflp4CWbddGp43mGnpQSQv70x29MbIztiYFRL3SxrdaGBqn4hkn61T7p7ZZpr/CKQPXTQnZba4GIp6rCnXOFzzTwaCbbzos8VniapD2N9xYZJOWbj5RtUQpbAj2s4uHoKLOeE1eWTlcddryVftDL+LELyHEJpru1rtRO8NAfH5PwMoAK2CvKEVJZIeMDT99ikgem5yOw72vUZzmWko+a/AOcRfBIpYO4Le1bskVqi+3NwCybuuypUT7aMOV2fRNzgix3/CrSvyk08SLvxuseX+rc9vDM8/oKh25Bjd76r7rXMcus62DnkA9TnfN/RYXzltVsKoWr2ztnMx0K/ZVjXSFnpQU0QE19jR+2rVpIx2CHx17d5l7AS/cgGs7Q+s8b9vKIiAgrrz1D/JlwhWrEtH/hTONX1MuDI1xqY0QP+kChN/V9Ykf7L1+4+x22X/kAaKiLmBKZINPlGhMqIzRN/vNdKMcpr56zpvuaN0yiX4oeG1qxYBURIFP3How6t+aaaPtdAiB71DCWoU9aSnYfZfHcdQ/R3gHNfxF902giYkAnqfsF0+pCdCjl+m5t5Re6ctZLG9TizBh87lQbGnpfJv6rWy+rw2pWfdIAKyFd5pWKFIm3otrnTBnOLGgnYT0e12zn7tYMtHLR9fPSrzxL6Rpu2/lQWW+7wOQf1DW2vrG3aedrFbGeunWDeiYdE2q0007g8freg3PIqSekZsIK/IEsIWWPZNOMrAb7I+VVmUgb+5dYeY3JHS8k5ucSsATBmF2PlpYFrn8N8gt2Ou/wEmkUKtvzFTYKi4bGg/Ty9Xa9TabKzeJN0P/1F1GFczvW568lXWBoCA4nVqj8JOfyaLvrgruP6UqGSGX4Om3WW2JqpE8MRkRv4m2r1S+AVPUctJo3VcDG+lbs4VFM+SDXU6aHcuVSxp3oAo0jpXy7L2joDEFg1b28OgArr25CbCEcNlRjbwdTI+iYpkegHVLYG6PeNU/diEC8ZauTym/QCps2sklWomUgR81ftI/uaA7WCPCj5B6grBIgS2weoO5U/UTzCbT9PTvzyOB/ZAN7wN7FN8aX6C1SFkVwRHx2rWb4iKkPmuIdvmXQWbHZf7AZMJGXKR4GziLix1/VGxF9pOeVtuUb2Vcs/rBI4b+x4m8V6W6bKRVdwqAMe8tcnBz9OzXsiLeU4Hm2zlZih8jziBwrzgXNLRjLvoq1AqW3DAgOWUHp3M+6CoOHlExPedsC3N7UJqzABP5qy03L+2WWB3C2m5Xsr8Ir3eUqOdL/RGQLySg3kUzHTYsZVIVrstCJneSlwyppnq44IGv3g40UfKby2omCCl92X9R9u78zoExFAKNtGdoWLFy6pw4Xfzhz44HqVvrZLZgjSr+f3X4wpXVWCsMbdGUXWnzKwPH606um8CTznkW2EY4dQjEowMBozvryhH0FuRGig= X-OriginatorOrg: gigacodes.de X-MS-Exchange-CrossTenant-Network-Message-Id: 4bec2daa-dc42-4d9a-4776-08d9a9ada270 X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2021 09:35:47.0086 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 80e41b3b-ea1f-4dbc-91eb-225a572951fb X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4jR0BDOMQ4x6rxrHZbLVkuE6YW3vWONwU+wlm4KitgRmQ5fDUxlx0Ay3PvVGniLblDqHlvJrv2yejstq/ycbAaRLpP0VnYC38Mp3fX6y5IE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR10MB3820 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org if ssh-keygen supports -Overify-time, add test keys marked as expired, not yet valid and valid both within the test_tick timeframe and outside of it. Signed-off-by: Fabian Stelzer --- t/lib-gpg.sh | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh index a3f285f515..fc03c8f89b 100644 --- a/t/lib-gpg.sh +++ b/t/lib-gpg.sh @@ -90,6 +90,10 @@ test_lazy_prereq RFC1991 ' GPGSSH_KEY_PRIMARY="${GNUPGHOME}/ed25519_ssh_signing_key" GPGSSH_KEY_SECONDARY="${GNUPGHOME}/rsa_2048_ssh_signing_key" GPGSSH_KEY_UNTRUSTED="${GNUPGHOME}/untrusted_ssh_signing_key" +GPGSSH_KEY_EXPIRED="${GNUPGHOME}/expired_ssh_signing_key" +GPGSSH_KEY_NOTYETVALID="${GNUPGHOME}/notyetvalid_ssh_signing_key" +GPGSSH_KEY_TIMEBOXEDVALID="${GNUPGHOME}/timeboxed_valid_ssh_signing_key" +GPGSSH_KEY_TIMEBOXEDINVALID="${GNUPGHOME}/timeboxed_invalid_ssh_signing_key" GPGSSH_KEY_WITH_PASSPHRASE="${GNUPGHOME}/protected_ssh_signing_key" GPGSSH_KEY_PASSPHRASE="super_secret" GPGSSH_ALLOWED_SIGNERS="${GNUPGHOME}/ssh.all_valid.allowedSignersFile" @@ -119,7 +123,20 @@ test_lazy_prereq GPGSSH ' echo "\"principal with number 2\" $(cat "${GPGSSH_KEY_SECONDARY}.pub")" >> "${GPGSSH_ALLOWED_SIGNERS}" && ssh-keygen -t ed25519 -N "${GPGSSH_KEY_PASSPHRASE}" -C "git ed25519 encrypted key" -f "${GPGSSH_KEY_WITH_PASSPHRASE}" >/dev/null && echo "\"principal with number 3\" $(cat "${GPGSSH_KEY_WITH_PASSPHRASE}.pub")" >> "${GPGSSH_ALLOWED_SIGNERS}" && - ssh-keygen -t ed25519 -N "" -f "${GPGSSH_KEY_UNTRUSTED}" >/dev/null + ssh-keygen -t ed25519 -N "" -C "git ed25519 key" -f "${GPGSSH_KEY_UNTRUSTED}" >/dev/null +' + +test_lazy_prereq GPGSSH_VERIFYTIME ' + # Check if ssh-keygen has a verify-time option by passing an invalid date to it + ssh-keygen -Overify-time=INVALID -Y check-novalidate -s doesnotmatter 2>&1 | grep -q -F "Invalid \"verify-time\"" && + ssh-keygen -t ed25519 -N "" -C "timeboxed valid key" -f "${GPGSSH_KEY_TIMEBOXEDVALID}" >/dev/null && + echo "\"timeboxed valid key\" valid-after=\"20050407000000\",valid-before=\"200504100000\" $(cat "${GPGSSH_KEY_TIMEBOXEDVALID}.pub")" >> "${GPGSSH_ALLOWED_SIGNERS}" && + ssh-keygen -t ed25519 -N "" -C "timeboxed invalid key" -f "${GPGSSH_KEY_TIMEBOXEDINVALID}" >/dev/null && + echo "\"timeboxed invalid key\" valid-after=\"20050401000000\",valid-before=\"20050402000000\" $(cat "${GPGSSH_KEY_TIMEBOXEDINVALID}.pub")" >> "${GPGSSH_ALLOWED_SIGNERS}" && + ssh-keygen -t ed25519 -N "" -C "expired key" -f "${GPGSSH_KEY_EXPIRED}" >/dev/null && + echo "\"principal with expired key\" valid-before=\"20000101000000\" $(cat "${GPGSSH_KEY_EXPIRED}.pub")" >> "${GPGSSH_ALLOWED_SIGNERS}" && + ssh-keygen -t ed25519 -N "" -C "not yet valid key" -f "${GPGSSH_KEY_NOTYETVALID}" >/dev/null && + echo "\"principal with not yet valid key\" valid-after=\"29990101000000\" $(cat "${GPGSSH_KEY_NOTYETVALID}.pub")" >> "${GPGSSH_ALLOWED_SIGNERS}" ' sanitize_pgp() { From patchwork Wed Nov 17 09:35:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabian Stelzer X-Patchwork-Id: 12624127 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB466C433FE for ; Wed, 17 Nov 2021 09:35:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8B56A619E5 for ; Wed, 17 Nov 2021 09:35:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235158AbhKQJiz (ORCPT ); Wed, 17 Nov 2021 04:38:55 -0500 Received: from mail-db5eur01hn2234.outbound.protection.outlook.com ([52.100.6.234]:20915 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S231797AbhKQJiw (ORCPT ); Wed, 17 Nov 2021 04:38:52 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H+Esp851Yajcf7sN1+4wrOxRKoMcfmGiXZBu2NZ++WDE3IOoKF+eXKzqAKE7mWj6xtIo60D0YpeHoWhYtzlLwv/M6gOs91Um2eE8iMY9P7050dhxR/I+7NBKuhedaOHUgfqe0GwAiQgRXn7BQ8oOvz6f0ZNipx8SGLGHV3HTseBxOu5ZMPI6GR5FcKzWsOVhjmHmf2nUX/FNWS3Uryn+QvGALrF8eYMcIglq2IvdEiDoKQA6oONLIUwwNzDxrNwuV9OXMAaPNgfEjg8IXEKDJHFuKRISlu9SXme2ASuIAYQRjZhRscu00zV3S+7fthEzHv9U06W51aGRVpfdD1wU0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xRZHm4oyw3rcqEpk5Et3zIGO7W3mYBS0JOU6Fk/tIkE=; b=hPY3WXxYq93dQGjEVu0BfY9l+EEUzy6/4drApDOttG5tI6v1k3SXAHh6hfs0GjM+NQC5UG0y8zoBiY87LD2hlju7HL5pTYCPCoYlR18CQKi9X8VHhQIaMAcLdLHne9Ia1kAbrH4UFPW025MVJ9yrJ8ONoabdScWsMQQC/iFiKMBXskxWGfvL81r4ehkpfaqi/K7YW6UnJFu6HezooyKQC7lmuzuVfrnkgHvrxnAISAeK7GVaGYNaFE/motgAC5CN3hQ7h3hn/DOadteHTU/5pGpNyW/eEeNIiRLGwS8pO2q0ip9DwQR4hr6Y14JkDRn2glepQcxgh28sHKgbwPo4Hw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=gigacodes.de; dmarc=pass action=none header.from=gigacodes.de; dkim=pass header.d=gigacodes.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gigacodes.de; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xRZHm4oyw3rcqEpk5Et3zIGO7W3mYBS0JOU6Fk/tIkE=; b=FVe4yZmYGMgSFuZTHfhYGDVt7Du0JTh2hm4V78iQpvxBkje/xxIUtGoKyZ2xpviX/fY1KargK1Ow7i5wzuAcWVyrl8cbKDYkyabhW3Zxbxwaatj6Jxm82h2ezgPIlkzCBo3b1dU4gLQjCLn+ng29GrxZQe3PZ9Q6LBOmnULzcb0= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=gigacodes.de; Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) by PR3PR10MB3820.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:49::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.15; Wed, 17 Nov 2021 09:35:48 +0000 Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::f9d5:61ab:5756:b391]) by PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::f9d5:61ab:5756:b391%5]) with mapi id 15.20.4713.020; Wed, 17 Nov 2021 09:35:47 +0000 From: Fabian Stelzer To: git@vger.kernel.org Cc: Junio C Hamano , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= , Fabian Stelzer Subject: [PATCH v3 3/7] ssh signing: make verify-commit consider key lifetime Date: Wed, 17 Nov 2021 10:35:25 +0100 Message-Id: <20211117093529.13953-4-fs@gigacodes.de> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211117093529.13953-1-fs@gigacodes.de> References: <20211117093529.13953-1-fs@gigacodes.de> X-ClientProxiedBy: AS9PR0301CA0040.eurprd03.prod.outlook.com (2603:10a6:20b:469::26) To PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) MIME-Version: 1.0 Received: from localhost (2003:ea:5820:600:c042:75a0:fd5e:1472) by AS9PR0301CA0040.eurprd03.prod.outlook.com (2603:10a6:20b:469::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.19 via Frontend Transport; Wed, 17 Nov 2021 09:35:47 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 32566ba6-076c-4ea6-d40d-08d9a9ada2ee X-MS-TrafficTypeDiagnostic: PR3PR10MB3820: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:883; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: azgZnyaFtzd6qT7u0nys9wCFMo1bOuBxeDq3CgdjyqF3DQhRDE/Yv7WTI3TQDNrxGLrJv0MOnnAVF8Mfe1POWkolT0MkGyslBkSITjndQLhd5g6gyJHZkVjpCdAXXTnYAECG/r9lktjIUrVQMQH4F4TrDEMmb0q/LFGzyfOmvARnqVayyQRvFfMuOMlo0eItTpE4jXRqYijkYN8ei0CNkFfQXaaQTTj2wMKf82G19xOqciCqMMlZS4VnzkhjjajqMg7wMojSzcDZgAVJhvm0ET8+RjiQUX32tfb9LcoojptVswM2OIiwG2awGtwAPpptHRZlZ3pFUC3ZcHKDbyNdEWvuQzYHGuCXs83kazSn7RKdGVy6djkm9yf1XYpIveDwxUmTxDj0ak8ezJVdVTchMRs7x+6LkQ8ST2nImwjz6BofkDNPM+T0tgb7xhFDkuBl5fo6L9yTMFk8LAaYOZLHLmG72xLbt+Cbw2QvvFF36QFxFia1mmJlK8xnle8I0mubN096+CVDPVogsrm/go8Y0Hx0S3tYVJDH+peBTx9tYFUhRvMOf+5hi2By0qkg7Vg4yCNE/O1YnxZJ4fFMid1m5/imPJag3xVfVb+rT3L6bF3yTuId2E0T3ud03hEBZxEnKIPcxgPfCmUtFL/ue9hknYK+1b/09CAkFaBZGa9N6v9oqtxDrS4ZB188ZnAtZ7+aMrErpL5d5B/jix3ovNBVmWojt8cRR3x9fg9B5W8KPoONtm1h8kVX2zHObGXR1dinMAF40lVMpeDHuMqhcOr9XzBvJHuDzmM9cwizTlXRAT9omcMZC+XpbJ+RwOsYacWDpjPLvae9cOJYPKtRlJ8+VmSSXBAVc7ri3D+UsYLrhq4BSGr2Us8SxPZwDIDKzJMakrFMpZrXWZD7ozte3dCrt3MfkB8sFFHtbE2mLQspOQ/xtXYQzz5oRluxXX6MDzl84NN7LqszJzAoT/AOlTRYikFqoyOb+aNHuSq4GqpVrLF2DD/ou96tFDaZKAjju6bxryho7cguLDYksr/dt2Rzcg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:OSPM;SFS:(4636009)(136003)(376002)(346002)(39840400004)(396003)(366004)(66556008)(316002)(8676002)(1076003)(66476007)(66946007)(38100700002)(8936002)(83380400001)(86362001)(5660300002)(36756003)(54906003)(15650500001)(186003)(2906002)(6486002)(2616005)(6666004)(107886003)(6496006)(6916009)(52116002)(4326008)(508600001)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: VSyfcOyQXSgJ6ErhlnyYiUYnzDsReEqJkSTdgz1osI49umXNOcCFyegYtkUF22OB1XQ3HePDSRHmT+5xECvsoASYzx9jnnSOaQPhewqNj59JGOgYQj1QXmTzWM2Qxr6Kg4BxdceEXZ+/MCutNsJnvQn8hoJoN18khBXSaijOGRIeiuo7ugYISznReDcMT8gikAqt40jenkeKH5njFoTecok5I8VUrbAbXJx0i8kiqNZdGPE9lpOSRy37/FRR6nXDfzXmkSlvNi83yCoiaOD9CA1C4R4b0cFnEC1A5ivFJTD4wmQ6JPfCsy+qOqFtTrOKyIaY0z9ajMEcBkRYXSDe/ECnmN0wiUPTrddmyoyfjs2EuiVAjn7ondE7Au3BkjIf8QKrIATD560Yb/6fu+VZbXsE1LOjbqmxWVPUS5quZDYsE/0KxOc9IuWvx7eXXglqogs1rAGTQznX7NiO1bB/kwkI2U90EcNCIHANyxKeq5K+JDtw0UVqfmw8VFVlVLJ9WgO7PHY/BjZyB5sEMfzHxLy4tL3sdBfG7XUXvFNvASLNVJrsmDPfB6JZrUxn1120RRWAyp47sQnGi28Z7hQ3IEZf78ozQi06yxHW/U7UfXCpwS9IM9kRPS0KH67Bdp1CZ+mnbJHhmzVtFc4AhjyQf4ZPEKyUum06rWf9KKoH0vfAYIbw9zqhQEbokEzn3XrKZsuHrjWQ9sgSgaDCO7f/SWxSxAIfZoKLJHNiTSl/b7L1twYFT0RTbh0VonVGeMWPvEbKI4Pum1tbXZp1kMenR/tsnTS2ZFkQ2ntRTRn54olhr1na1KAgcwRtwqG+uIc04ddGZwJV8OBLLpBC8JxjyX1eTQd6U9YpBZC/s/e6RJzQQw95qIqGM6nYmnCijg1mI0fi6G1D/mTA8cn5a+DnXtlY0+6mbOlO+c2t1BmupqXv5yUW2jeh4lbN0krkPmWEyXnsmL92cTrtTT6xzGlwDtQOixB+QI5H2tG2pazIHLkPipVvqVDcDY1gYHVVr+wM9EF0TFDV4KyqRC1FIdfBcJ2wUfO55oh1+eeqqrZZu+JVj00F7zO24vgSwOsaqWE/lZJ6NI4bXUDfMTVrJ/q/fwgQx7/pUWi6G9i097vOvLRPKWY+qycvezaig9VVwU6HjMCsqZkLK+J8x0tucf6+OojrZXdCQ2gLlTiAPUaImsy/YY+iPAHsuPK5uboIPis5jYIOHMAudUkFIpLaX3PtW/MfGUzu0gdz/yjLHqF7JZzLz/3AqsMA0x6TYJ7+iy0T9e+9A+O0eL+MDvdF4Drhsw2qT/MoJ4F86eu3pLDUyrxNQYFBt3pivXIdpOMkayctnMaoAMWxw6IEqu8yPdfJN1xIIey3THKP35EspKThqhDuMDid6SrMd5thZCwqUhepllRm5EpBjNk4MgIzm+wMHiPQoDIRBg7bhT5TrYqUd2OZ/8JMwozV4h7eAepDQyuq0LIXVifWX+PbOJkPUzy+NSYTIRz7eHvaIx2QLAiubyBqC96uVm3qCtwM4/OZuiNybeMJzGCv76+bwlHZWRQMpI2dWFuybRRX5U6PWRHu8YTZspkN/btc50x9KFff2fDnqx1ZIUUneMH+9PnoKkRnjZ+XS46crEP7WggHc3vZPaDq6U7wN0nABaRYdJUlqiK8Mt3cbbnpq9zcSFX9IKtKUquBLGBunuHHJEpxYxXmS+VkG9ncnvyqX7xgAbHgzZWNMDwEDfMyn5UDbn5+s25YTmYtBffi3l8WAqoGGYV7+i0= X-OriginatorOrg: gigacodes.de X-MS-Exchange-CrossTenant-Network-Message-Id: 32566ba6-076c-4ea6-d40d-08d9a9ada2ee X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2021 09:35:47.8777 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 80e41b3b-ea1f-4dbc-91eb-225a572951fb X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: iNJ7e9WMZiG7W2O5Stz7h6Jz9L0xmSxuipJO8rjteEcrotUNohEB7Q2y8a3YfcmOWidL2SJ8Gs48VbeZAqIXIN3e8c62rV1+G48SY+tNsGc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR10MB3820 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org If valid-before/after dates are configured for this signatures key in the allowedSigners file then the verification should check if the key was valid at the time the commit was made. This allows for graceful key rollover and revoking keys without invalidating all previous commits. This feature needs openssh > 8.8. Older ssh-keygen versions will simply ignore this flag and use the current time. Strictly speaking this feature is available in 8.7, but since 8.7 has a bug that makes it unusable in another needed call we require 8.8. Timestamp information is present on most invocations of check_signature. However signer ident is not. We will need the signer email / name to be able to implement "Trust on first use" functionality later. Since the payload contains all necessary information we can parse it from there. The caller only needs to provide us some info about the payload by setting payload_type in the signature_check struct. - Add payload_type field & enum and payload_timestamp to struct signature_check - Populate the timestamp when not already set if we know about the payload type - Pass -Overify-time={payload_timestamp} in the users timezone to all ssh-keygen verification calls - Set the payload type when verifying commits - Add tests for expired, not yet valid and keys having a commit date outside of key validity as well as within Signed-off-by: Fabian Stelzer --- Documentation/config/gpg.txt | 5 ++++ commit.c | 1 + gpg-interface.c | 53 ++++++++++++++++++++++++++++++++++++ gpg-interface.h | 9 ++++++ t/t7528-signed-commit-ssh.sh | 42 ++++++++++++++++++++++++++++ 5 files changed, 110 insertions(+) diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt index 4f30c7dbdd..c9be554c73 100644 --- a/Documentation/config/gpg.txt +++ b/Documentation/config/gpg.txt @@ -64,6 +64,11 @@ A repository that only allows signed commits can store the file in the repository itself using a path relative to the top-level of the working tree. This way only committers with an already valid key can add or change keys in the keyring. + +Since OpensSSH 8.8 this file allows specifying a key lifetime using valid-after & +valid-before options. Git will mark signatures as valid if the signing key was +valid at the time of the signatures creation. This allows users to change a +signing key without invalidating all previously made signatures. ++ Using a SSH CA key with the cert-authority option (see ssh-keygen(1) "CERTIFICATES") is also valid. diff --git a/commit.c b/commit.c index 64e040a99b..a348f085b2 100644 --- a/commit.c +++ b/commit.c @@ -1213,6 +1213,7 @@ int check_commit_signature(const struct commit *commit, struct signature_check * if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0) goto out; + sigc->payload_type = SIGNATURE_PAYLOAD_COMMIT; sigc->payload = strbuf_detach(&payload, &sigc->payload_len); ret = check_signature(sigc, signature.buf, signature.len); diff --git a/gpg-interface.c b/gpg-interface.c index 75ab6faacb..330cfc5845 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -439,6 +439,13 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc, struct strbuf ssh_principals_err = STRBUF_INIT; struct strbuf ssh_keygen_out = STRBUF_INIT; struct strbuf ssh_keygen_err = STRBUF_INIT; + struct strbuf verify_time = STRBUF_INIT; + const struct date_mode verify_date_mode = { + .type = DATE_STRFTIME, + .strftime_fmt = "%Y%m%d%H%M%S", + /* SSH signing key validity has no timezone information - Use the local timezone */ + .local = 1, + }; if (!ssh_allowed_signers) { error(_("gpg.ssh.allowedSignersFile needs to be configured and exist for ssh signature verification")); @@ -456,11 +463,16 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc, return -1; } + if (sigc->payload_timestamp) + strbuf_addf(&verify_time, "-Overify-time=%s", + show_date(sigc->payload_timestamp, 0, &verify_date_mode)); + /* Find the principal from the signers */ strvec_pushl(&ssh_keygen.args, fmt->program, "-Y", "find-principals", "-f", ssh_allowed_signers, "-s", buffer_file->filename.buf, + verify_time.buf, NULL); ret = pipe_command(&ssh_keygen, NULL, 0, &ssh_principals_out, 0, &ssh_principals_err, 0); @@ -478,6 +490,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc, "-Y", "check-novalidate", "-n", "git", "-s", buffer_file->filename.buf, + verify_time.buf, NULL); pipe_command(&ssh_keygen, sigc->payload, sigc->payload_len, &ssh_keygen_out, 0, &ssh_keygen_err, 0); @@ -512,6 +525,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc, "-f", ssh_allowed_signers, "-I", principal, "-s", buffer_file->filename.buf, + verify_time.buf, NULL); if (ssh_revocation_file) { @@ -556,10 +570,46 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc, strbuf_release(&ssh_principals_err); strbuf_release(&ssh_keygen_out); strbuf_release(&ssh_keygen_err); + strbuf_release(&verify_time); return ret; } +static int parse_payload_metadata(struct signature_check *sigc) +{ + const char *ident_line = NULL; + size_t ident_len; + struct ident_split ident; + const char *signer_header; + + switch (sigc->payload_type) { + case SIGNATURE_PAYLOAD_COMMIT: + signer_header = "committer"; + break; + case SIGNATURE_PAYLOAD_TAG: + signer_header = "tagger"; + break; + case SIGNATURE_PAYLOAD_UNDEFINED: + case SIGNATURE_PAYLOAD_PUSH_CERT: + /* Ignore payloads we don't want to parse */ + return 0; + default: + BUG("invalid value for sigc->payload_type"); + } + + ident_line = find_commit_header(sigc->payload, signer_header, &ident_len); + if (!ident_line || !ident_len) + return 1; + + if (split_ident_line(&ident, ident_line, ident_len)) + return 1; + + if (!sigc->payload_timestamp && ident.date_begin && ident.date_end) + sigc->payload_timestamp = parse_timestamp(ident.date_begin, NULL, 10); + + return 0; +} + int check_signature(struct signature_check *sigc, const char *signature, size_t slen) { @@ -573,6 +623,9 @@ int check_signature(struct signature_check *sigc, if (!fmt) die(_("bad/incompatible signature '%s'"), signature); + if (parse_payload_metadata(sigc)) + return 1; + status = fmt->verify_signed_buffer(sigc, fmt, signature, slen); if (status && !sigc->output) diff --git a/gpg-interface.h b/gpg-interface.h index 5ee7d8b6b9..b30cbdcd3d 100644 --- a/gpg-interface.h +++ b/gpg-interface.h @@ -15,9 +15,18 @@ enum signature_trust_level { TRUST_ULTIMATE, }; +enum payload_type { + SIGNATURE_PAYLOAD_UNDEFINED, + SIGNATURE_PAYLOAD_COMMIT, + SIGNATURE_PAYLOAD_TAG, + SIGNATURE_PAYLOAD_PUSH_CERT, +}; + struct signature_check { char *payload; size_t payload_len; + enum payload_type payload_type; + timestamp_t payload_timestamp; char *output; char *gpg_status; diff --git a/t/t7528-signed-commit-ssh.sh b/t/t7528-signed-commit-ssh.sh index badf3ed320..dae76ded0c 100755 --- a/t/t7528-signed-commit-ssh.sh +++ b/t/t7528-signed-commit-ssh.sh @@ -76,6 +76,23 @@ test_expect_success GPGSSH 'create signed commits' ' git tag twelfth-signed-alt $(cat oid) ' +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'create signed commits with keys having defined lifetimes' ' + test_when_finished "test_unconfig commit.gpgsign" && + test_config gpg.format ssh && + + echo expired >file && test_tick && git commit -a -m expired -S"${GPGSSH_KEY_EXPIRED}" && + git tag expired-signed && + + echo notyetvalid >file && test_tick && git commit -a -m notyetvalid -S"${GPGSSH_KEY_NOTYETVALID}" && + git tag notyetvalid-signed && + + echo timeboxedvalid >file && test_tick && git commit -a -m timeboxedvalid -S"${GPGSSH_KEY_TIMEBOXEDVALID}" && + git tag timeboxedvalid-signed && + + echo timeboxedinvalid >file && test_tick && git commit -a -m timeboxedinvalid -S"${GPGSSH_KEY_TIMEBOXEDINVALID}" && + git tag timeboxedinvalid-signed +' + test_expect_success GPGSSH 'verify and show signatures' ' test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && test_config gpg.mintrustlevel UNDEFINED && @@ -122,6 +139,31 @@ test_expect_success GPGSSH 'verify-commit exits failure on untrusted signature' grep "${GPGSSH_KEY_NOT_TRUSTED}" actual ' +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'verify-commit exits failure on expired signature key' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + test_must_fail git verify-commit expired-signed 2>actual && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual +' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'verify-commit exits failure on not yet valid signature key' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + test_must_fail git verify-commit notyetvalid-signed 2>actual && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual +' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'verify-commit succeeds with commit date and key validity matching' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + git verify-commit timeboxedvalid-signed 2>actual && + grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual && + ! grep "${GPGSSH_BAD_SIGNATURE}" actual +' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'verify-commit exits failure with commit date outside of key validity' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + test_must_fail git verify-commit timeboxedinvalid-signed 2>actual && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual +' + test_expect_success GPGSSH 'verify-commit exits success with matching minTrustLevel' ' test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && test_config gpg.minTrustLevel fully && From patchwork Wed Nov 17 09:35:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabian Stelzer X-Patchwork-Id: 12624129 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 72495C433EF for ; Wed, 17 Nov 2021 09:36:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 558D861A52 for ; Wed, 17 Nov 2021 09:36:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235221AbhKQJi4 (ORCPT ); Wed, 17 Nov 2021 04:38:56 -0500 Received: from mail-db5eur01hn2234.outbound.protection.outlook.com ([52.100.6.234]:20915 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S235132AbhKQJiz (ORCPT ); Wed, 17 Nov 2021 04:38:55 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JuDLFC9vc+7md/v+Xk3GPDFSIyzKdJrY1U8l2W19MlIhieAKHvdKx8ql0NSp81brfBG0xBOMchYeJdxK7tPDBpmUWsn9jJR4G81jLzdsRtcYv2ynwsbqgZCCtqK9kWMtksRjVp1Mdhny9jF8w4M0sL5Popog0RRPeMwQBxmGBYyeWiTOM1BsuSXQZ7R6/b0C4TsdWwOWiK697aYbBikFbkbuzYc8NpR7qhuNEgUKnVpV5F+LvrblODQ+2tTfWkA1X1Rtki1nF/X1fX2H0g9ZpJLqgfHX73zMlN3iBkFfFTC3XJCRZZ4P37KWdx++uTicuHEN3NDndtRMDK6J7/l5Yw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1l9qmJoDiqvIXf+fkiDiFP54F8XDYP7oD2aRaUktoYs=; b=Oo9PVE7mvdBGQNUi7GXLl6PgIxIajtV0kXSac7CMz46oFs9mR0evO0nQ9ogaBzJBUTOjNJJs/cYEa8lXlcKEznB69rGD3IpnwFzRmfq7CpVefCjCyr2SRHXdpeVrfID75OSjTY2Z67ZFHBqwWCKDBoevd54Ba5fBKfAKtk34dgq13Au6/0wSWVb2OtEbbIIzfzaruNyzSOTmgzmULPxrYquGuDOvZJp8hMA/eswvS1M3m2CXJt112Sj8YjHi01TpVSBvN/OZp1/STATo/lDqItGjeKjqCtEj1kwwjJtY0s1t1jlRBFOb3qlXOnPIucTWW6w89d4blhRA6Us3pR+uZA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=gigacodes.de; dmarc=pass action=none header.from=gigacodes.de; dkim=pass header.d=gigacodes.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gigacodes.de; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1l9qmJoDiqvIXf+fkiDiFP54F8XDYP7oD2aRaUktoYs=; b=fhqMjZ7OOTc0+zHy++5NXFb6sgV0clVJelu5BQ11Wxd8Fi83K0ha81W0faEh9daBba75kSbuevPvboVjl34Me+HgbHNdVPRZTPgc114ke+8J/mlv9osP6WXST8Aqjeo6VkMtQAUgzTsu5J8kHabVzu74mxiBAi++KMXV+7gS/dA= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=gigacodes.de; Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) by PR3PR10MB3820.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:49::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.15; Wed, 17 Nov 2021 09:35:48 +0000 Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::f9d5:61ab:5756:b391]) by PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::f9d5:61ab:5756:b391%5]) with mapi id 15.20.4713.020; Wed, 17 Nov 2021 09:35:48 +0000 From: Fabian Stelzer To: git@vger.kernel.org Cc: Junio C Hamano , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= , Fabian Stelzer Subject: [PATCH v3 4/7] ssh signing: make git log verify key lifetime Date: Wed, 17 Nov 2021 10:35:26 +0100 Message-Id: <20211117093529.13953-5-fs@gigacodes.de> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211117093529.13953-1-fs@gigacodes.de> References: <20211117093529.13953-1-fs@gigacodes.de> X-ClientProxiedBy: AS9PR0301CA0057.eurprd03.prod.outlook.com (2603:10a6:20b:469::11) To PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) MIME-Version: 1.0 Received: from localhost (2003:ea:5820:600:c042:75a0:fd5e:1472) by AS9PR0301CA0057.eurprd03.prod.outlook.com (2603:10a6:20b:469::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.26 via Frontend Transport; Wed, 17 Nov 2021 09:35:48 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e460e053-4f6b-4f4d-e19d-08d9a9ada35d X-MS-TrafficTypeDiagnostic: PR3PR10MB3820: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:655; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: uUG6sotvFeh1+kYGS3zCQ+PaXECutNOFv15UIPZx9JZCD8n1GGQz97CVEStbfV4wHpnBtZArtdjtfVzHGIKvD0YUQXhudFqFY1CGRXtUaRljTR8B8cu70kRiifnx9m64OB8ZxqinsQQpZSlMNuqkHSbuQ4XU8QfZy47ETdFpJMJn7mfX1RyXGfEKNZMCkTzAr9dBqSA1SaSR6i9ObtMDCvmgRIqMALJPZBfe58pslfIwKX5br/fg4k299Ilslzr6iEV523NgYsgtA9tL5F4BVQO0bq6xs6muQRXjbfMFYqaLaW3KmbpXrLRBKalzZwfmEuD+MXLVTACHnjYQmvEFzE4SOauLYQSiAj1vzyEWA8PcgZZj3lveSHT/ZuITJUbMWbsykD6bSFMoxlkyR3qKzTJnAE7ZnAZTfjf4DHICe5f01pXv05l0makLA/SlXlxInJXur+aerhO4Kbdq9/uh1hsQkC9PaqDGyGVsHXyB4jPthR4UWyvrms9TfzEW+ogI1V0X1LfeGk4PS33SkM3eCYBjO5LscstwsLPTPN0/WwTwlRzpbqrWDBa0WdO8P/3mZ/GJJ2nxeT+4LyJq07JGA1EvqE3Jwo2Onqc4mJQOez6H7px6BQ/iM3zmC55hDWh2dPekOwfe5GGIttMcpFXYcUmkrqAkAfn81k2zt3QqSe3KgiSEZ+RsPz1V60jJrZDD8l/Hl1gNUluZswj85LlafkQZoQ2QQImwTwIW89FJSx6+cNraKFX8VcUsD+OAkgafhN8ik1NteGGAuQRJVXS+qipbnczIaz4lZAdn3WDoEa/HAkBtZ/zs1e6qaGVsEHHilvrm9JHCXe8mc0Ed5H25mAfgvjeAwrJy4zNejz+b5wgTnOXirkmVkInv7lHMGUmFZdjFGjXobVNrj4d1Fz6OuVQ497WDxrqtLoWRkKgIxjnqs+JVDnB04F5hM38J9dmP3mzBeUtFRjwFz+GTVkAONEBU+iNUlDY++u+NnOa2FqqADMDKnOQsZvqlVpfNPvdTJ1tn1WWVUPcCszVdDz6aGw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:OSPM;SFS:(4636009)(136003)(376002)(346002)(39840400004)(396003)(366004)(66556008)(316002)(8676002)(1076003)(66476007)(66946007)(38100700002)(8936002)(83380400001)(86362001)(5660300002)(36756003)(54906003)(15650500001)(186003)(2906002)(6486002)(2616005)(6666004)(107886003)(6496006)(6916009)(52116002)(4326008)(508600001)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: VMEPZg2pZOL7k+3k3/D4Fbqm1qLU/PNGCmhpLJYEtJzghr5FTH1j7vvhi0LqKENW5WlJA40uo+9BADDErsgNnmedHKMvMjaxePBcCbChvTs4JW9FPdpd+WEmnCaWBkf9okpABM3LhAiHRwcAqY4jRgQ3oEbLEIYYb9yM979LBe+I74AmLnUbc7a1GUZq7Q+l992ZzJw26HFabW0Amh3MHk56pjxq9g9kscwhTSV1ZZD9+5klS7QpXbDCVvLyTh4OmSb0SA9Y9Ynxpu4hw8jUpsbmd4wtd0RdL2vzhXYpgSCDzjJP8pTEGcLxrksl7C6fY7S4Ny0/75uVRCN80DmyrWfJUxnqGvSaoe52cIrf1Ar8c5YvpBMQj/dY5SwNDIcMBGeprzRzHGZJPzrcmraKwcuvbshFrT8BgT7dNyEsT0EDCWQxfP0t2CxPXqgmYKN7PTX8HZvfA3F73PFYqbOJBPqLwRGhGvzY7RoPJhNB8on/RY/PT0DIExJWR3B34RxERQ/zMxx0xtqKuHltnPV8SjF4+h3zjTH4KKRdvRoW1ZPVck9M6rwXCPZY/IlaNKuLkQgixfesCyaGn4qVNcg+XwcdP3kinPifrbWCJxC5PSewtVTd6L7bDTKToqON9iAkKeDpRuNMVpsDVLttonNN0CMgCrtusST0MyR3ayAExYbjFZy6Jo93O3FgdQ4eHAX3IF4hzUQViOR5dvXzzjOIwQTPhs9jI4erYmyiHDXsmwPCCZJ2j6ty1Ik054S8CGmLppLEV9WBL+iPhmhk3PqZZLzkVL6n8Vo3B2px5UFotQ/RsUX1INGu8P35uHr+sd2b26sZCI+vB6OKtYSxzqsqa3YX1V0pO1Sz5VebkVt4dRjvzwC6FBnNFPbrEvC6DSA82giILGVsNsaGR+pOVK1U6XrxRJo1ktbpfdrwDHSFqaQCeI5oSYUbMF4tKxGYXrrsT4VaiOKKtwLutw0JeqOsr1AKcuKo1YXAvIlhRTxQheWhN0gGy/bDFnVPKpo4aUd5ywIqVkfOkZVL7j0gKYM6vzNfJ3WXQjhsYo4xUl5jk/PujvyMkdUSVLv2TSMH6GPyHmwSG+5jRgzAjKCo2xZiZe5wOd1e6ERXDq2izptT3C879NE74JRijnrbjEnoG9MHzQTGDbgWFOqZNQ40tIEy0sm+ZftViW4dWem44rYF/Dl3ndKe5s5oF8wrQKfH1mp9IUb3pmvnK+PaexiIpexadAiRNShhw8zeCu3Nuf0ajDIhTCB+mbzp8j+WmZNUReWdjEc9fsuAs3H2L+eohEvfFKNY0GcT8H6P8fTeaItNfj3POYSLHsie8ssqLPNIQOvu4XxPSx1acbKO8PlLrfiSp2DUyR7Pv8rTTve/IAsCfDWUlUyAJEtJVGDHYQT2YGPpq+b8X3oLIX7XQ5WkKOWNV3hNg/8gk1vAv3GsBOFXUdet+07tIe/CiW3kYk0WzsJC+JpsimXQOdJvmlWZzhdwk0970vi2nRmwYdmABQeoXaRx8QeDJN4Y5HsFdaKv8Lc78jBLxs234Pr3KIfcb+MeeyA5WUU8q7wgiTraXGWxZdY87Qbs7m08H422N6YoWO9AKQ5c4bUqIYHCcPiXjRasmtZRopDt4x2ZJKMpvho7BoWgSLA1zcHdZpeBZyQl0XjfpQDZo2nt79RR4kKgyi4bhAdkh+RkapWvygZEBDSlBa76bd04ZsgVEQIxUNPphvN+aacR0J5UT3eDNibZs6HzFtodkAQCLDaMcV2x1Xbzx2Q= X-OriginatorOrg: gigacodes.de X-MS-Exchange-CrossTenant-Network-Message-Id: e460e053-4f6b-4f4d-e19d-08d9a9ada35d X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2021 09:35:48.5717 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 80e41b3b-ea1f-4dbc-91eb-225a572951fb X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wYMsMvq/wi3sozRkEcD7JOIYfkBlhIhgv/KFnvpzTW0hE2wqW+JZe8q1M0Yc9hALsWKjeF9f8C9EB3yYBF/XOYpU2V0UAL1T1ZNKgVQ/Xqw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR10MB3820 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Set the payload_type for check_signature() when calling git log. Implements the same tests as for verify-commit. Signed-off-by: Fabian Stelzer --- log-tree.c | 2 ++ t/t4202-log.sh | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/log-tree.c b/log-tree.c index a46cf60e1e..d3e7a40b64 100644 --- a/log-tree.c +++ b/log-tree.c @@ -513,6 +513,7 @@ static void show_signature(struct rev_info *opt, struct commit *commit) if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0) goto out; + sigc.payload_type = SIGNATURE_PAYLOAD_COMMIT; sigc.payload = strbuf_detach(&payload, &sigc.payload_len); status = check_signature(&sigc, signature.buf, signature.len); if (status && !sigc.output) @@ -583,6 +584,7 @@ static int show_one_mergetag(struct commit *commit, status = -1; if (parse_signature(extra->value, extra->len, &payload, &signature)) { /* could have a good signature */ + sigc.payload_type = SIGNATURE_PAYLOAD_TAG; sigc.payload = strbuf_detach(&payload, &sigc.payload_len); status = check_signature(&sigc, signature.buf, signature.len); if (sigc.output) diff --git a/t/t4202-log.sh b/t/t4202-log.sh index 7884e3d46b..ba855ec893 100755 --- a/t/t4202-log.sh +++ b/t/t4202-log.sh @@ -1677,6 +1677,24 @@ test_expect_success GPGSSH 'setup sshkey signed branch' ' git commit -S -m signed_commit ' +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'create signed commits with keys having defined lifetimes' ' + test_config gpg.format ssh && + touch file && + git add file && + + echo expired >file && test_tick && git commit -a -m expired -S"${GPGSSH_KEY_EXPIRED}" && + git tag expired-signed && + + echo notyetvalid >file && test_tick && git commit -a -m notyetvalid -S"${GPGSSH_KEY_NOTYETVALID}" && + git tag notyetvalid-signed && + + echo timeboxedvalid >file && test_tick && git commit -a -m timeboxedvalid -S"${GPGSSH_KEY_TIMEBOXEDVALID}" && + git tag timeboxedvalid-signed && + + echo timeboxedinvalid >file && test_tick && git commit -a -m timeboxedinvalid -S"${GPGSSH_KEY_TIMEBOXEDINVALID}" && + git tag timeboxedinvalid-signed +' + test_expect_success GPGSM 'log x509 fingerprint' ' echo "F8BF62E0693D0694816377099909C779FA23FD65 | " >expect && git log -n1 --format="%GF | %GP" signed-x509 >actual && @@ -1714,6 +1732,31 @@ test_expect_success GPGSSH 'log --graph --show-signature ssh' ' grep "${GOOD_SIGNATURE_TRUSTED}" actual ' +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'log shows failure on expired signature key' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + git log --graph --show-signature -n1 expired-signed >actual && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual +' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'log shows failure on not yet valid signature key' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + git log --graph --show-signature -n1 notyetvalid-signed >actual && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual +' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'log show success with commit date and key validity matching' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + git log --graph --show-signature -n1 timeboxedvalid-signed >actual && + grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual && + ! grep "${GPGSSH_BAD_SIGNATURE}" actual +' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'log shows failure with commit date outside of key validity' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + git log --graph --show-signature -n1 timeboxedinvalid-signed >actual && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual +' + test_expect_success GPG 'log --graph --show-signature for merged tag' ' test_when_finished "git reset --hard && git checkout main" && git checkout -b plain main && From patchwork Wed Nov 17 09:35:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabian Stelzer X-Patchwork-Id: 12624131 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18F11C433F5 for ; Wed, 17 Nov 2021 09:36:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E5CCD619E5 for ; Wed, 17 Nov 2021 09:36:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235186AbhKQJjH (ORCPT ); Wed, 17 Nov 2021 04:39:07 -0500 Received: from mail-db5eur01hn2234.outbound.protection.outlook.com ([52.100.6.234]:20915 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S231797AbhKQJi6 (ORCPT ); Wed, 17 Nov 2021 04:38:58 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RBCcPSGHMbh/SZjS/j9MMU2bNSV4spAYVKBQkbK1rJkcdFu01ehDZ55j64YVoQyAlIPmHL3v8dIpZRqu4k67JByneeRyZXUBw/ST+StSFr+SlZryNd03jr1IpUTttXXc9UV0QqPhI5h6pD2dbkUxlLeG0cxJZbZW4+K1y/JlGrOCUti/kTV7XggCGTfZ3lnAjSPoVvFAKy/SVj3rCQN+P1NgowI4iURcpL0VW7dMUXmfVI/n5b6ot3h/WLn/LLGZrEtAMPlPMYJ0H6WY2NHyuye+wC4B/rc8GIUWXRS4xxGJcUHASwN6OMmB0JN1xQBsm0NqQzJjQEyTc1nRDPJfmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IW3HmvIC+coz5Fp1EH38QJ0Hs52tSu4XrwUA3cBq5Tc=; b=MOWP4I7d5PHVGpfcEMzR1wVWBjQSD8N7MZzTT3VlhD1wAHvwZZjFoBeOihOZ67cRITirnUuqn7/x8uHtEqwkdKhzpFnJsPap/jaUOm3wI8joXqpNOzTMcgn+/rhJktASDOcnu97SRBIaEvoujdbVj00CWfM3XvwXmoA0cjcwRQzXbHupk72ZOfmJHzrj63mtPeLD47XGOyVzT/U6OFjQW7FF9pzn/EYoTfhlI8Ss09MphGwBRlFJVSAeMjNIDQeeWSQ31mcmzVjzG5/VXqBYFkbR9jLZx6NkQL5f0/82S4CnmjEx0kCTafCP5ytxsWj+lv9HMdzsgdcpz3CVx3/FVQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=gigacodes.de; dmarc=pass action=none header.from=gigacodes.de; dkim=pass header.d=gigacodes.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gigacodes.de; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IW3HmvIC+coz5Fp1EH38QJ0Hs52tSu4XrwUA3cBq5Tc=; b=AsWPfvMOY1G3A4/7WmfoYhXSvhCWwHeDHz9IpabX9+izaBRyQu+iE5fmsNEVVdf/3wcZtZXmu2RHagnHAFlUFTT4Vm0L4IHK4GYCCP4m8EEI53yqOUUzgjraY7gc1dG8YKFmN1odEjNsXx0/BsA3R6inl++KyPX1LHT+8RE4gqo= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=gigacodes.de; Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) by PR3PR10MB3820.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:49::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.15; Wed, 17 Nov 2021 09:35:51 +0000 Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::f9d5:61ab:5756:b391]) by PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::f9d5:61ab:5756:b391%5]) with mapi id 15.20.4713.020; Wed, 17 Nov 2021 09:35:49 +0000 From: Fabian Stelzer To: git@vger.kernel.org Cc: Junio C Hamano , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= , Fabian Stelzer Subject: [PATCH v3 5/7] ssh signing: make verify-tag consider key lifetime Date: Wed, 17 Nov 2021 10:35:27 +0100 Message-Id: <20211117093529.13953-6-fs@gigacodes.de> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211117093529.13953-1-fs@gigacodes.de> References: <20211117093529.13953-1-fs@gigacodes.de> X-ClientProxiedBy: AS9PR0301CA0055.eurprd03.prod.outlook.com (2603:10a6:20b:469::25) To PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) MIME-Version: 1.0 Received: from localhost (2003:ea:5820:600:c042:75a0:fd5e:1472) by AS9PR0301CA0055.eurprd03.prod.outlook.com (2603:10a6:20b:469::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.26 via Frontend Transport; Wed, 17 Nov 2021 09:35:49 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: eb26ceeb-8061-435d-70b9-08d9a9ada3c9 X-MS-TrafficTypeDiagnostic: PR3PR10MB3820: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:54; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: KpDBG8aFNSO5bg40r52PqBR5y0JYCgIA2ggVhMhn9zeg2nBtbEIVfJu4SmbYHbqV+TPJABXx6jdonL0hjcPrGP1Hl1YkhD1Kwu2N3T3fyCHZDO4NDJQC7g9JnDnrlyFglTijVGNi+VGXy1umjfIQ72/UfBxebssGuCGuOsw8EU8FfECxA7zze8SV/+hNGQAHw/WVr9XTg9/7gt8z+dqtGCWndl/+AK8+fsCqAvXBcOTyuoBWa5JdMwMYIBGmk/B5xdq5udolJtJ4XAP/4nvgci8u8POALlmzmi83rNSExtj33RE3TOAfxjyTOS/uKGIt1TeIsjaEOpqtte2IQdDagzK7wazkdYyhJRP72BZnrsGTW6K9BdcVKHth4SDsHYHV6EqqGxhGsSfRPumoS6aRmRiLTEyWn5KKAX8Asf+5G8VgVchOC2b92LrSe7CXsqSvn9wJF0cFsaNZMCBqjEAjqM+Ii6CYUtjPg1gKxS+2+9NO8xRP7eQAEN7IZqPFB9QiLCd2XSs6WCiTgZoKp3LfwA3jY1gBNdvOZhZiCMgvoxcOipsnziktNBDYUoZkptQKah74ILObJxzlF0efI0zEy46D0ANXl3QOWVDOOjZh1ecRAbd6zGNBbqHBNxK293Qh0y2KjPVlxz6FRjq3SQnjWU8CMHsSIT8HCvG8QOcMhtc83HO5ngJTn3wTmWuCLloMY59DqU0UTaIr6aULyu7UX0zdvzNkGGGgY/UT3H3SNBsQavw8ikfzRfJFj4mxN0Z+HQV+eu4sTNTk8ej6bkWhFvOGSaZcmhOWewymJz9K2r+2zOdvPvxwqEkcJHl9HBSkD70tNqUdopJhn6nNcQQwpNFbsOwdMzfvnFjFwbojPJDt0TDlZNJATLr9JUt99zUc6IMbDodZ/01VIB5tsF53cXLpLyyJvDkZBz+iZ15DvyK3zLyIwp/jAhh+hXNrWBUUUjitvGPD199AH5yHPfyNmBMOEJYnMSzz3HlTEzPYMHuw1yFSwnbPAMAhz8eUDXppNK0sVkKlPKEYMIA6U/GnoQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:OSPM;SFS:(4636009)(136003)(376002)(346002)(39840400004)(396003)(366004)(66556008)(316002)(8676002)(1076003)(66476007)(66946007)(38100700002)(8936002)(83380400001)(86362001)(5660300002)(36756003)(54906003)(15650500001)(186003)(2906002)(6486002)(2616005)(6666004)(107886003)(6496006)(6916009)(52116002)(4326008)(508600001)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: joEloojX2WkYxVdZ7cCQf6yr7GPw+k9khR41ctlrwDfxZNWvalr5Ldy2Mb+KFwrdqAORQbRCHqbLISEoUqbUJgYgOuebgSrt528pGxtHHVI574dS+KYzLVdQAEyUNSk3NSm4fdRdJGcPlwaAj77T23mIAfxPbb+sv9aILctNiec0eQl4JCW4/ce88I1G68d7XHdT4OpqLRmcwMksCNJANhWhmT9rOt5k/taitZNegQ4/SvrOuHEZuedy+44+3UlkujUV001AljuDcTMfkl0+fphBhwzbt9d8nJCKRVKfq55+zqXD0TzpC7r1MDofC356e3o8rRBLD94w/578tzW6JqwQfiDiuTp1YXDjuaTcVEKv6g5cpsdqskUcs+VKREbYO8mYW2rv2r2M9v8bmqFe4NZ2wkYpqh2tFgog4L+ZXmiDiEvSLecyz8ezuQIi4MFKeW2AAOkYBIlz0UtmNURMwJsYBFwnwXGmMzmyb1jBs2lauRGC4dm0X0Fh2IDJ8LIHtrEhb6Qw+IFUqddT1F9ue9sYEgTE1cG46xgrerFrT9cp/GWZzdz5buJeuh5fMlGAT5AxncdTyYQlns2UtdaSX5ghxSmSl/XXS1ovXSDXwT1BAEX04gCJgFoKXhnXXqokFIEKDSdS2Sh/3U4dswat+W1Enhbf5NrXd9PlpIKXnuIJvYUaGFgmvLIk4kE5bDk3sByP691P2EEc/h7kij3QdQVgyOP/iCEk2W1oTNJXM4IVux4QETkaO5cAfCNJ+fYCg6SEL2FU5WPF9cwp9PBCT6yCyTN4z85YLo8OFGS6nvckuLa6HoNuWahzELKaAljNgsXK0SOa2ja5pcu8SYq6i8ETT5PEDGBOdAJaSrmndArfu7gfMbD47qMgVqQqqOJz84EpJkoeLQa5YIEn2CN42b3VyzgNEpfwokLrEQap4Kt9EfIhz4PI80DWn6B+lN1ux79AePzqOn90wD4wuSEhE8lFej39M3UO152espnF6croHmLnfR+6Jtl1YYsOV0aRdt72Lv+wi/xgUeCSR2Qc57HenZ8TP2qcYiubJTwebWk3nNBSYJyU/RKgrcl1siHQUyUXC6/We3jyp8IwBGwl7vqtalV28T2F0dR58z78tXnNs0lPgKhI5Wi12cxUK5O7HNhpGms7uVcK9E21Tqy0bgX7Rl5KsB1zqm1vguOFr3Wd9FU8XZWzmpWhG/54ufj0U0qZnxof0dMrfHzhFMiM1IoVDY4k08+f99cBTwPDxqHqeW8LlAruKL62/BBHiq1N+33ymerJHrbHL+AY1zRS/ItsSa4bNFg6b/lputf1ieOIulVDF8WZ5kqp/ZHF2s+4a+iAc2MiDohDTnG4HNcTVgk+uGhMvKUp3AVktQnTQdU+5Qw80wl1gSW9ZsWEm/HPO3D7hnIwPCjtNcqpqjG/dD3xjdci1Zc4xm21ifCqctcSlwcmmRInTRr6R9+WjThHwpbk5onTYW2WqD2APzkNOZq/GxDHKuyV4MQ+Yz8pFtc43pEnsxNuZIBv0IeTPam5BT4dilO1MuPzMiSvQChVLCCnqViV2tjkqUTB9UdM+N/COywbxRGXDPitefK6JCUrBBk6gR6ecCrcAFggHRjfXnoW3oUpmYQ3No0n2wPlimA8yPqDEZ5kSilAs9Weadfxx13wfWojYGDW07UIC2xj21liahV1D7gFLt5AYkryPyPUchU7OQ7V23I5Z/R2v+OqNM0JzbZ6yzTL1BGYRQ6PBOn7XbcIKGADepSxHrh02yk= X-OriginatorOrg: gigacodes.de X-MS-Exchange-CrossTenant-Network-Message-Id: eb26ceeb-8061-435d-70b9-08d9a9ada3c9 X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2021 09:35:49.3941 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 80e41b3b-ea1f-4dbc-91eb-225a572951fb X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: q5FEGsvzDOTkLW/Vu/Yqq2mdnzaW9naoeieY0mvH9uAdg5tELUEzVtqBn4cbejW8ax6lRnUhgyCgL6XC0PLaWx1/xEYZvtQ6QOljVhPayiQ= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR10MB3820 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Set the payload_type for check_signature() when calling verify-tag. Implements the same tests as for verify-commit. Signed-off-by: Fabian Stelzer --- t/t7031-verify-tag-signed-ssh.sh | 42 ++++++++++++++++++++++++++++++++ tag.c | 1 + 2 files changed, 43 insertions(+) diff --git a/t/t7031-verify-tag-signed-ssh.sh b/t/t7031-verify-tag-signed-ssh.sh index 06c9dd6c93..1cb36b9ab8 100755 --- a/t/t7031-verify-tag-signed-ssh.sh +++ b/t/t7031-verify-tag-signed-ssh.sh @@ -48,6 +48,23 @@ test_expect_success GPGSSH 'create signed tags ssh' ' git tag -u"${GPGSSH_KEY_UNTRUSTED}" -m eighth eighth-signed-alt ' +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'create signed tags with keys having defined lifetimes' ' + test_when_finished "test_unconfig commit.gpgsign" && + test_config gpg.format ssh && + + echo expired >file && test_tick && git commit -a -m expired -S"${GPGSSH_KEY_EXPIRED}" && + git tag -s -u "${GPGSSH_KEY_EXPIRED}" -m expired-signed expired-signed && + + echo notyetvalid >file && test_tick && git commit -a -m notyetvalid -S"${GPGSSH_KEY_NOTYETVALID}" && + git tag -s -u "${GPGSSH_KEY_NOTYETVALID}" -m notyetvalid-signed notyetvalid-signed && + + echo timeboxedvalid >file && test_tick && git commit -a -m timeboxedvalid -S"${GPGSSH_KEY_TIMEBOXEDVALID}" && + git tag -s -u "${GPGSSH_KEY_TIMEBOXEDVALID}" -m timeboxedvalid-signed timeboxedvalid-signed && + + echo timeboxedinvalid >file && test_tick && git commit -a -m timeboxedinvalid -S"${GPGSSH_KEY_TIMEBOXEDINVALID}" && + git tag -s -u "${GPGSSH_KEY_TIMEBOXEDINVALID}" -m timeboxedinvalid-signed timeboxedinvalid-signed +' + test_expect_success GPGSSH 'verify and show ssh signatures' ' test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && ( @@ -80,6 +97,31 @@ test_expect_success GPGSSH 'verify and show ssh signatures' ' ) ' +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'verify-tag exits failure on expired signature key' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + test_must_fail git verify-tag expired-signed 2>actual && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual +' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'verify-tag exits failure on not yet valid signature key' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + test_must_fail git verify-tag notyetvalid-signed 2>actual && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual +' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'verify-tag succeeds with tag date and key validity matching' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + git verify-tag timeboxedvalid-signed 2>actual && + grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual && + ! grep "${GPGSSH_BAD_SIGNATURE}" actual +' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'verify-tag failes with tag date outside of key validity' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + test_must_fail git verify-tag timeboxedinvalid-signed 2>actual && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual +' + test_expect_success GPGSSH 'detect fudged ssh signature' ' test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && git cat-file tag seventh-signed >raw && diff --git a/tag.c b/tag.c index 62fb09f5a5..dfbcd7fcc2 100644 --- a/tag.c +++ b/tag.c @@ -25,6 +25,7 @@ static int run_gpg_verify(const char *buf, unsigned long size, unsigned flags) return error("no signature found"); } + sigc.payload_type = SIGNATURE_PAYLOAD_TAG; sigc.payload = strbuf_detach(&payload, &sigc.payload_len); ret = check_signature(&sigc, signature.buf, signature.len); From patchwork Wed Nov 17 09:35:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabian Stelzer X-Patchwork-Id: 12624133 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 07A7EC433F5 for ; Wed, 17 Nov 2021 09:36:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D95BF6321A for ; Wed, 17 Nov 2021 09:36:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235310AbhKQJjL (ORCPT ); Wed, 17 Nov 2021 04:39:11 -0500 Received: from mail-db5eur01hn2234.outbound.protection.outlook.com ([52.100.6.234]:20915 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S235262AbhKQJjH (ORCPT ); Wed, 17 Nov 2021 04:39:07 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EMizy4YsMeZ7GC/J9EC5DNMjB+U/sm39i2mDdNFWfZbDCp+dqtOVqt2FaZy8+GRVEOOlVvSM2qMRdnVMFYIbqIHi7n5Ify8AkSBe4sutr8VTPsMx5snCiKlJZrM4O5dMjuU2GTRiIwn298kAYJCWTTMZuyOqmXY1xuHj+GzoCD+UTjPr4GzYIRGOucAuHdd2jon+/7zKX7TxJfjdvRo7pnkzWJRv8Vc7URXeGyCivfDiBuW8nAlW4GiAwK5pjH9mKGJMpKakq8IwvhnJR+mHacyRJ5WTJxYHY71ftd2rYLlJKUsRWUcrLC7dxJOiZkCUu3ifX0jPDZ1foM7QY0SxlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UqXAXvJxFfijWtIfXPjhBQEVCtCFbsViLD+T2fFn5LQ=; b=i1WOPGcU+83dT0hyw1KC5XlzWUrC6ZlAPXo8WfNLvMe0UvPcpAXj04zOotAUtzkeHaluelb/FLLrPoVdueFF7zCHV0e4vAaiHwDgNMJP98NcyZ1AWFBvbGlt7fPMZ3nd8wgjtpEBKLs7zIzoR937f0zmn7uoYWeXkxkGTx12Jsf5N1mpEPNUuHfxeuQuTTfWylQfAQ8eWRepl6CPI7sOrGoT1pS4x9ImF4lv6vlHUpI9/HDjav4RUmx/TWcMEZji0VOhJEjovqX4f7cQni07fd9Q08VwPooS3v6acszWjp1NltlT1ha+ZcfMXtMJV91hQq9I+HlY7qTc8JIYdwaeSA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=gigacodes.de; dmarc=pass action=none header.from=gigacodes.de; dkim=pass header.d=gigacodes.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gigacodes.de; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UqXAXvJxFfijWtIfXPjhBQEVCtCFbsViLD+T2fFn5LQ=; b=Qpv1IQ/UssGGSGRdaEu9ZtH7GWAuMu3+h1i1keZ/BFYmihv+HZpPTESTOBqYPYcnhhvVN0tD7Aro+SsPsSeQj/unJW1XRjVq1UWLVZNbeueb8EwYcVf7+B7LG82Nq6PzwyaEQERby6l0RmVE0bWQfiNkOsC/cMP3Wuw5EdlSP6A= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=gigacodes.de; Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) by PR3PR10MB3820.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:49::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.15; Wed, 17 Nov 2021 09:35:51 +0000 Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::f9d5:61ab:5756:b391]) by PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::f9d5:61ab:5756:b391%5]) with mapi id 15.20.4713.020; Wed, 17 Nov 2021 09:35:51 +0000 From: Fabian Stelzer To: git@vger.kernel.org Cc: Junio C Hamano , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= , Fabian Stelzer Subject: [PATCH v3 6/7] ssh signing: make fmt-merge-msg consider key lifetime Date: Wed, 17 Nov 2021 10:35:28 +0100 Message-Id: <20211117093529.13953-7-fs@gigacodes.de> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211117093529.13953-1-fs@gigacodes.de> References: <20211117093529.13953-1-fs@gigacodes.de> X-ClientProxiedBy: AS9PR05CA0019.eurprd05.prod.outlook.com (2603:10a6:20b:488::9) To PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) MIME-Version: 1.0 Received: from localhost (2003:ea:5820:600:c042:75a0:fd5e:1472) by AS9PR05CA0019.eurprd05.prod.outlook.com (2603:10a6:20b:488::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.19 via Frontend Transport; Wed, 17 Nov 2021 09:35:49 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2fd788b4-86cf-4c16-3dcf-08d9a9ada440 X-MS-TrafficTypeDiagnostic: PR3PR10MB3820: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:67; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ZUI+F0Vcf42ChqRBnh65twAmt6zlRTn1BMxhPhQLcl30PtqtjwkZmJ71aNmdwWQnIqlY7HYV7x33cXECuFtvHU26h2WC+0UL2V3ZTMxFhm3vACTC4KSyecoxCxlhVPRjXxAeRWhy/Nh5hLneVD0PDs+T4JMc4ERGnV3Lz+D8Obg0MK11LfQuOXPRgTnWntG6YgcYARX9C9LMiBTqP0QHwiyt40Vlm3C48j+VSpTZGMOVEj8Qlg/7P51fpy4WuPzBof88yQAoMuqudJkzb1lJRkMJCg7e3g/ukKr9K38grSwceYrjJmADMjhaNaC5Q+JTmqNj/2meT3Cu3Bcn2DLXOCigSDy6m4Lc2Zix4ViN7JiJjFDpMS4bvxQ+jVcOK+gRVA7Pa003xLGjqnsA/GVGTcZQ7494OqZBGSat95I5cd1+0UVgCJc7wCM/g0weoDUXVPp2RrcCbRxWyKyc16oXr7GCDc02bHfuWEMvURctiaDsAy4mw+lhbHV8Kh+/J21rT7+sGLyUAEVJXXnv/2ikqk05hrIqnyTuHLFKRusmYZpZX6jef60qjPCkuvLyLrj5H2Yh/RhTGppowbVRrSITj2wagDDtZ/4GlAcF6Z2XHucIp8i6ids247LhW86IQKm075XMeAB1s1bMefS8gVyQW5z5Buk0Rv2kf5sHawgyBOi4NAMd8XjuYF+q2qXPM5oU4Jn8j119VHfgloBoDM24EgQlSDCvGeLiWEiQZodKbq1lZiw42TBXdS/P8+VuzysIuA1HQNgk4ebLVtkLQ4un1RpLql3h6SOoVIpc4kS8z3Fzj9q2rSSIdUANHm7e6XPlQcDBYzdWVxxE/hbJdHYL87bW7e2bN2i4r76W+rePUA/yTRxg/WxiF1lZiC36n7Dil6PuXjiabjhQ+9g+OcvASn6hOlZIjYn18JYtUQwmEEIlrPblaMGfAmfOoaLlvKVqbvIecskmwLmyJR7UJFhpKjBiHrqmN/jjrPff9V9MVBqBxOSMst3xubJ1Avqa8fWDXMfhrlnKcJuPw3K61oXs6Q== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:OSPM;SFS:(4636009)(136003)(376002)(346002)(39840400004)(396003)(366004)(66556008)(316002)(8676002)(1076003)(66476007)(66946007)(38100700002)(8936002)(83380400001)(86362001)(5660300002)(36756003)(54906003)(186003)(2906002)(6486002)(2616005)(6666004)(107886003)(6496006)(6916009)(52116002)(4326008)(508600001)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: hVZoOgvNdDc4QrdvqhWCiGk8sd4hqNxDTGxrp1JzlqoecvgNJETDUx3ZmM4GAx7dnzYONROiKR367Dj7Fm/1NJjFndRi2AjfsnZJOkBLYadL0lfnf8iMgafFmr+T1/6MtFoBNMK66xMs6kSoj4kjaxbwZTi0pwT5MiYS5TyvtYGO6m355/qI9HIiJjPh/5G+0HWyW6+GXS5LLQnWDxsMGqf2QIxzjGDmLW1rkB+iYpuhhb+PBAXlU9+Qa12i5t2LR9PD5QSvQH7V4RktMHBZ22DAgCgK5CdLcRH2wgNpANd3hEOGKERhOl6FoiwXb61pE2TIGw9Nf+dRCAI9Op4l5p/yYGG3Lh0rzrD8BKISZJU5taQHQWjmVkrKIpZC8mh3+L5YgZX7A8zbIFwJhNXlEtvGSfoAZ2PS0APk4Cbgg3+H72Rudr7kxjxDN9H3AfiBAPH4HMOC+Vbm3OAJ6vj6wqfhhbHmX29tUCks3Ln/HOf9Mp/yJIwRw2r6rJiOs/otM/L3b90vpN7SsOisMgmDxzWM+jkKQUd/bQKhXQMSVpmWKUXcpuTg5YfdCO/lCIq6GNXb3qEuVlPZMRm49Q3EPrr9eczrYUyZuym8oH4U78cl7cjT2WtFMfNQvu4dehHAqh3hBagUxzVqi1MjzQ6exvtQ6T18Vii/VcS460L6GxaxU65Cdb6aK3roxOGvpUEqpf1FZh4CN8nVkRxylfctWXEvOORR4S7mRoIqKS268jBIuDtGhxHzKsMmCt1xGdBuhw9004kLIO5NlhwwY2GknUhQxpEpZEbTlt5KW2pOTqZivczxcWqxHUb5h3llRJRMyk0NucjaPCJJ+2CFX+ogHcXeL8w9QBgqsZIyHUlPr1EPZPC4LE2wVXAeaKnMQ4MfsjL1yh8mN3cXHrW+vMHNb6afom6/ODkDKZAPwFCiNCzcIONkTCkd3laj2g3/x8f873XL1it40B6S6JhejAhCd7K4LTm7cTGno9kWECSVapQpTB1YSf2WWGj401kN8L2IZ8YxoV24x+ueGWVgTQJ7omkUrS+Bbrs8ji4/F1fObIcBUDG7Mwu/XLQWiF1Iw60XvOG9FAQafH+9iaLo6A4GZC9DfGcvabMZCmJGrfU4YGUif2mixHijhVmgzrA3muPR1xaWSCtDYaBi6ZxXgQsVq0oBFv0bYmLq69tsGUTpJd1bpG7rPeluTohjHKCM/CVyxvNbDAycKtkeOhWjIH7zUR89lOJ3OujCA/92syYUeDIq2FDN/DA3SfwcG6/2eILi5hdVoieG3g5+nDcg36eUD3LEfjqlbf/A/EmO3VKesoj6iS6wn1yeaM5V81ffMHt9C/d4/5CSN3DPc8ut6OKTF5O8rHIP96hI7wvBMMYAeRr77zo0h+nuj1TJrDzFkMqBbF9kKw5LyrN2rkKfmEPdWyzMUyej+HAX6u6aFaiWPG4w7zmu+IULkVaJxI9SNoeTAIWFhnYPty6RM6NjeRFqGC+B1LolXNoQYIouZe2Khq0AxDGFLeZdAPqiOwzp5elKHR2iAu5TirqghMPhfA3bBy9bkcPC9xeUE0W0viZgWL4xAzVlTa11uxePzrSodD0qtaPXsO/yK4sNEFLMMS80RM6EKSGV6+NvkB3ffQ6oUPJPbmTk18FojV25VNso6SMGRKa8oq4vRc6E1peVV80cSwwJ0BSA92F517as8sX/PPT+fAGAtkc+YkW2BZoQDUlaLEVYvRBy18W/a/PRRCjtS+L7DqgFbmBhCg2/nCQZsLI= X-OriginatorOrg: gigacodes.de X-MS-Exchange-CrossTenant-Network-Message-Id: 2fd788b4-86cf-4c16-3dcf-08d9a9ada440 X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2021 09:35:50.2384 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 80e41b3b-ea1f-4dbc-91eb-225a572951fb X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MNpacsfz1WpH+Pmc4XeYQr7WpcYjeZ/gOSuisX/BFknqis1Vz52X+bMFHSbmvxPnV9yQB3ALJqcH6NDdFNtb+gUzdu0AiWQeAWILp1riTIQ= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR10MB3820 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Set the payload_type for check_signature() when generating merge messages to verify merged tags signatures key lifetimes. Implements the same tests as for verify-commit. Signed-off-by: Fabian Stelzer --- fmt-merge-msg.c | 1 + t/t6200-fmt-merge-msg.sh | 54 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) diff --git a/fmt-merge-msg.c b/fmt-merge-msg.c index deca1ea3a3..e4f7810be2 100644 --- a/fmt-merge-msg.c +++ b/fmt-merge-msg.c @@ -533,6 +533,7 @@ static void fmt_merge_msg_sigs(struct strbuf *out) else { buf = payload.buf; len = payload.len; + sigc.payload_type = SIGNATURE_PAYLOAD_TAG; sigc.payload = strbuf_detach(&payload, &sigc.payload_len); if (check_signature(&sigc, sig.buf, sig.len) && !sigc.output) diff --git a/t/t6200-fmt-merge-msg.sh b/t/t6200-fmt-merge-msg.sh index 06c5fb5615..2dd2423643 100755 --- a/t/t6200-fmt-merge-msg.sh +++ b/t/t6200-fmt-merge-msg.sh @@ -91,6 +91,26 @@ test_expect_success GPGSSH 'created ssh signed commit and tag' ' git tag -s -u"${GPGSSH_KEY_UNTRUSTED}" -m signed-ssh-tag-msg-untrusted signed-untrusted-ssh-tag left ' +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'create signed tags with keys having defined lifetimes' ' + test_when_finished "test_unconfig commit.gpgsign" && + test_config gpg.format ssh && + git checkout -b signed-expiry-ssh && + touch file && + git add file && + + echo expired >file && test_tick && git commit -a -m expired -S"${GPGSSH_KEY_EXPIRED}" && + git tag -s -u "${GPGSSH_KEY_EXPIRED}" -m expired-signed expired-signed && + + echo notyetvalid >file && test_tick && git commit -a -m notyetvalid -S"${GPGSSH_KEY_NOTYETVALID}" && + git tag -s -u "${GPGSSH_KEY_NOTYETVALID}" -m notyetvalid-signed notyetvalid-signed && + + echo timeboxedvalid >file && test_tick && git commit -a -m timeboxedvalid -S"${GPGSSH_KEY_TIMEBOXEDVALID}" && + git tag -s -u "${GPGSSH_KEY_TIMEBOXEDVALID}" -m timeboxedvalid-signed timeboxedvalid-signed && + + echo timeboxedinvalid >file && test_tick && git commit -a -m timeboxedinvalid -S"${GPGSSH_KEY_TIMEBOXEDINVALID}" && + git tag -s -u "${GPGSSH_KEY_TIMEBOXEDINVALID}" -m timeboxedinvalid-signed timeboxedinvalid-signed +' + test_expect_success 'message for merging local branch' ' echo "Merge branch ${apos}left${apos}" >expected && @@ -137,6 +157,40 @@ test_expect_success GPGSSH 'message for merging local tag signed by unknown ssh ! grep "${GPGSSH_BAD_SIGNATURE}" actual && grep "${GPGSSH_KEY_NOT_TRUSTED}" actual ' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by expired ssh key' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + git checkout main && + git fetch . expired-signed && + git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual +' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by not yet valid ssh key' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + git checkout main && + git fetch . notyetvalid-signed && + git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual +' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by valid timeboxed ssh key' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + git checkout main && + git fetch . timeboxedvalid-signed && + git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 && + grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual && + ! grep "${GPGSSH_BAD_SIGNATURE}" actual +' + +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by invalid timeboxed ssh key' ' + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + git checkout main && + git fetch . timeboxedinvalid-signed && + git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual +' + test_expect_success 'message for merging external branch' ' echo "Merge branch ${apos}left${apos} of $(pwd)" >expected && From patchwork Wed Nov 17 09:35:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabian Stelzer X-Patchwork-Id: 12624135 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A571FC433F5 for ; Wed, 17 Nov 2021 09:36:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8984C619E5 for ; Wed, 17 Nov 2021 09:36:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235268AbhKQJjQ (ORCPT ); Wed, 17 Nov 2021 04:39:16 -0500 Received: from mail-db5eur01hn2234.outbound.protection.outlook.com ([52.100.6.234]:20915 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S235309AbhKQJjL (ORCPT ); Wed, 17 Nov 2021 04:39:11 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mmlw2lmYT0LikZeR9CaPZfabHT9oW8O8UgpGtyyTdXwJVMYK9MhPIyWRwtFMzdrbTA8YnEu6teXYGoZ5kfQ93g1WoKh95y61GVmw9hROombp4I+bQ7KMfV2nq5VaB+pw/PmQUI6C6ABx4FhmH+7SUXpcein/BsoIWBpFXiuompS2GvGDQIipqN2dhaZ7nOXnwdKcqN7/QuZSgFfZjAF8H1OvmKCvYOzGshh3cR6RVJC/kBHZQOR4Tt4FFtpW0XxrKJQvkJZHfufAhAoewAwRK2iYaITk604CdtzR7J87jHGbbTNoIrQiD6BrtYPl0zxU2zcQsCYiHpQAPkTYLNMHng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ofCgc7Y0xhUzCGLNoB3bXizmDJs8AbWooyZoXB41Lp0=; b=M+9//Wyw/UQgiTuFlNeT7RzSnK6422b/xIMyogA1PZgXyON0lfn11Tx4KFUvrQdNNxbgFqmGJ1HJn8Lw/e5lK3zDFQxXjd4X443JBYORNoIZY64l3n2Shk5b1FpE/fzoyYeB9cqUPlRrXpxnlr8yOayEDWLIhL1Nxk0HZ7G5lIQis2xGq6zSCCO9SGriSjy1HKinYhJCrH4x8eyo0R8c34XDUlpJNjcKokAmzv41pweWg+5T/v1bgzNMgdqPK0JDZUx47UL/ZbG9VLfhmnjUEU4zQ+S9u0F0i5CIgMZQJrnHReBtzJmYHLcvaYOvH6Ex9Xb6Q7HXjrurNkEBGYr0/g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=gigacodes.de; dmarc=pass action=none header.from=gigacodes.de; dkim=pass header.d=gigacodes.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gigacodes.de; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ofCgc7Y0xhUzCGLNoB3bXizmDJs8AbWooyZoXB41Lp0=; b=RGIFO6OxmHzgFo86RP9HVZNokmG/QhC1/04xuA2TTnpQvappAw5XOb0EwaduUCndF9tBQRRmdDcRrUgq5d9WWQavAnn6lFZrmX+ogeQw+1WRwPyNnfz7v6pU7M6D9E1kZ4BLCmy7mfQdQ58dp+4grw/J9FmHyCNAR+De9Fb3mmw= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=gigacodes.de; Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) by PR3PR10MB3820.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:49::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.15; Wed, 17 Nov 2021 09:35:52 +0000 Received: from PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::f9d5:61ab:5756:b391]) by PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM ([fe80::f9d5:61ab:5756:b391%5]) with mapi id 15.20.4713.020; Wed, 17 Nov 2021 09:35:52 +0000 From: Fabian Stelzer To: git@vger.kernel.org Cc: Junio C Hamano , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= , Fabian Stelzer Subject: [PATCH v3 7/7] ssh signing: verify ssh-keygen in test prereq Date: Wed, 17 Nov 2021 10:35:29 +0100 Message-Id: <20211117093529.13953-8-fs@gigacodes.de> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211117093529.13953-1-fs@gigacodes.de> References: <20211117093529.13953-1-fs@gigacodes.de> X-ClientProxiedBy: AS8PR04CA0208.eurprd04.prod.outlook.com (2603:10a6:20b:2f3::33) To PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:12e::15) MIME-Version: 1.0 Received: from localhost (2003:ea:5820:600:c042:75a0:fd5e:1472) by AS8PR04CA0208.eurprd04.prod.outlook.com (2603:10a6:20b:2f3::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.26 via Frontend Transport; Wed, 17 Nov 2021 09:35:51 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 669631ae-8169-4781-f662-08d9a9ada4f3 X-MS-TrafficTypeDiagnostic: PR3PR10MB3820: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2733; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hVrUSY3Q8s0Q7Bqw3JNqFk/CitgSvFcOvJsPWktAXhJL6mMK2pcfYxOXIKkzVUcfeMa6MF+902LEU3OUuO+BFGsE//iQzRH7fzu6yK8mgC7A7nxOtlSXTP/08qPfD86vaK5BV27A1QwkMR5NurW5I8OYeoQBp7dCRJGmq+vFS9TPNxYDEhnjyarg/TXfBWFV2YLhB3kO+jclj0Ol8lZ5tOToQXTBQ97KIMXCASnWs9SQGC8NXQ8uXer0O9Y7kEc15KlOcE+OdnCpvUpOydmGuW+QTQ5FOYLhvsJrLjLWmU9+aBCvp6CF1D7jQrA7f1yIq9TITKgxPeZrgMV3cNWJPObJZAFaxIUCRavGLhC8m/lKCwXChwtVWJLusG2wD3cNzAWgLlZ7wunq/9u+IRAW+GRLL6gztuc/3/1fPqkqrFNW9kDKKCu/e2eyumkImvHqUCu7cbjGqlyEnlyfUZ0bMgf6QQIG+hsIkgfWDkkY3xwu5LEfpuIxf19zUWqCSYwkdPw2mw+Iosi6SVd2IgHMF/ubNomxrLUYJi1jfWHgp9wnDWlvQ+NZhKMoCgGZcLrcEl9DXKta0Bawf3LpLbzflrxWmF6beYCzU1POW+xpp9ejdpoz7zkJiZ+vwXdkouWMtVscjr2uY5F2Fvw0lYFubPCPI82QmwVa/nOGrRIN427/mDuoZksMCl52pdw4JEltOqumB2EuRtzFtE4yf0AeKWHefjpvuS/adj5f4cuTUrECH5yaM+VuxSi+GHxGf4eVmj96XDpp1sAwIBv96T2Y2bwgQ6dVra8hVTSgZyQYkt3gIc0BqCHrSTD8iWDdO1CkoY60Cp5QXyULY46bLEpK7sRkYxXUa7xdkg5w1w/jxsUah0PIh9pjhJj2ntR1HL6imNtmSQVKnv25uqpNKycChuXfKsnTURcxZNkG5PViBVjDA2POSXFMjF/98BVtusLk90BsYXFzqjwDoELJx2fKcCSHkDERoDua8LTZ0kKv2BXgR6U13oh407hIRBnolXfifmbsHsaBUw1R7gOsM+xQKQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:OSPM;SFS:(4636009)(136003)(376002)(346002)(39840400004)(396003)(366004)(66556008)(316002)(8676002)(1076003)(66476007)(66946007)(38100700002)(8936002)(83380400001)(86362001)(5660300002)(36756003)(54906003)(15650500001)(186003)(2906002)(6486002)(2616005)(6666004)(107886003)(6496006)(6916009)(52116002)(4326008)(508600001)(23200700001);DIR:OUT;SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: mlO6ZiaczZeAAm7wuIFDnYKabLa0j48NHxr8sK1kVM9Gdt/ZuDxjcUu4oG/NehkiJ35tUYS2m5TnRswsiAj0wdNJXGfMWR14reEhphgAcn9dk/P38yDf5ganJ3UftYkL5OmAjPAfYNvuLwrt3U0CNoL/ZOYolwTl2vtFZXbO60A0B4hFak5YI701plnos+1qw6HM+XOgWvGvWnxkoba9tD/yTjaqFvRMWFU1hUP8wxdS2krUyo+ZJsaOwAqdDCrKUlHyhAXVFFWzjLGjS4hBXXlQY0BXdD2aoXAfMxTXrDgQjQiQczm0cP3bELINktRw093ePKq+x6WWLl07YCha2YZEvkapnx611GkI07p/najPgjpca0/9ueuzW7JKWvkjMV9OGiwOZNcD3GcAhwv3s45F43r62OAtK/jGSKVM+04ST1WCVHsQRP/Y42WMs505u/GmkPzYpkvEKY/fT1h9tuDmCyns4pVe6r/r2qU1Zryvr4kTS+ShK9L3V1A5zG6egFKLVUWQ8cnrPF5fi/PBqf1ghXz/rJ/3YS5rc9gZ6PMX3Pd/Nsh9m79OXJAP2VLtb32Cs5KSFJKoBIA/qzek6zGmEMH6iDN2c6IFskdkKBdkyY7k0guPxG2T/8P7zZuNjoaWghY2/GSSeQo9TXKrGf0O37ZQLXlPFy2evqq4pv9T2QEej2eV2puGblxPsefqCxh+DzRQYBi+cq6aKa6sYNoKWh1vL9ilrIddBddWS3HDuI/HJdCQDe3bUR2pzPPt5Ix+jq6wFYgq5pKFxPv4aF2ShY2WRLiaxdujHhTO/KoHykY+dwyxDs2MCSMripeUD1ANimhFCuvCG/+jxE3q6fD+0oCvHyqy2bmotOYwxEXhvZhBILw1HcOeOxdIciEwcoTAhsaaWYdoSb/PzXC0pftfGXudt3bx1UuxJwinRnwwmy2NOzCoSrKfWxm9bfgrmWfhDggEholYZLSDW+EVAWPB6wW2tbF7RZJiJv7JrvbE7aQLa7V0r4YhxC0KldiHuhNuK++au2dZqJhc5NXEBhTVY6nklDw2AcwCnTyKD4fYG/iqpI9FOslQmwgO+z76jgONFIRN6lqWL0xcdaawBgXvTZ0ouqCzp6A6xVyBKqIsXeDQZX4njt7diyklI/pKpTKYcUOROhRQRcoaE8tUP3oP/bH7IClT1ya3d24UcDwwbN0a+MZvasFMqdt7VYlmhu+4Tj7kBxWMBkyjx89nntkZKoQcscZ1CnVNZB5E0zepPih1kpjPkD/pTgnTWRydbn59O8OXN13HtMZ0ApkTEn3EoLRxyHsGCdC8QyOepep0wXOhFZTAyME6c1NOzkkq+QPW55m6wAC7+hGxe5YkjWMNCCZjwjARVNqFA01xYD+EWp4eKvmu7+p0qSFFlB3x/cRHJik6A5EflmiS4b3kAH1SE9aQOp9SwMq0u/g76OHNkMIEOrOIG2znpYu/XeWVIXw4M+pMdMYEl0i+KQ/b5WDuaSVGc12JgNcNkp8+F1YbvEy9SPlI+MBqSBwlxhu06HIay5Uu67urY2dxvbEcAHGbttZVkTuhFYS3T915tSfwuWeGh8/MWts7at7O7j5Hbo1C0pzGlaeTrAS73q/ZYXlPWI8XgnDCKEDXvaay89fi8EnSMLZPjCyk362DJfCYxnchdMjHUKYrNggR0GOiP0UOTaQvVyQ5wjlZY9/yyeAxGJ093TM4FXQCdKg7uIlmKrR90xZ6yk0Wj5UBAHVL1A== X-OriginatorOrg: gigacodes.de X-MS-Exchange-CrossTenant-Network-Message-Id: 669631ae-8169-4781-f662-08d9a9ada4f3 X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB4734.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2021 09:35:51.2320 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 80e41b3b-ea1f-4dbc-91eb-225a572951fb X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 99i/vWIQIxtA3fxyJXmtIv7KPeV/VqGITZYIy68D3g4TiPDvJVw/s8Z1khdFMFaeeYUlPlqtvji5LyN65s3Bi/cPvEvp1iZCP40naTQKxUk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR10MB3820 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Do a full ssh signing, find-principals and verify operation in the test prereq's to make sure ssh-keygen works as expected. Only generating the keys and verifying its presence is not sufficient in some situations. One example was ssh-keygen creating unusable ssh keys in cygwin because of unsafe default permissions for the key files. The other a broken openssh 8.7 that segfaulted on any find-principals operation. This extended prereq check avoids future test breakages in case ssh-keygen or any environment behaviour changes. Signed-off-by: Fabian Stelzer --- t/lib-gpg.sh | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh index fc03c8f89b..96cf0efebc 100644 --- a/t/lib-gpg.sh +++ b/t/lib-gpg.sh @@ -109,11 +109,7 @@ test_lazy_prereq GPGSSH ' echo $ssh_version | grep -q "find-principals:missing signature file" test $? = 0 || exit 1; - # some broken versions of ssh-keygen segfault on find-principals; - # avoid testing with them. - ssh-keygen -Y find-principals -f /dev/null -s /dev/null - test $? = 139 && exit 1 - + # Setup some keys and an allowed signers file mkdir -p "${GNUPGHOME}" && chmod 0700 "${GNUPGHOME}" && (setfacl -k "${GNUPGHOME}" 2>/dev/null || true) && @@ -123,12 +119,19 @@ test_lazy_prereq GPGSSH ' echo "\"principal with number 2\" $(cat "${GPGSSH_KEY_SECONDARY}.pub")" >> "${GPGSSH_ALLOWED_SIGNERS}" && ssh-keygen -t ed25519 -N "${GPGSSH_KEY_PASSPHRASE}" -C "git ed25519 encrypted key" -f "${GPGSSH_KEY_WITH_PASSPHRASE}" >/dev/null && echo "\"principal with number 3\" $(cat "${GPGSSH_KEY_WITH_PASSPHRASE}.pub")" >> "${GPGSSH_ALLOWED_SIGNERS}" && - ssh-keygen -t ed25519 -N "" -C "git ed25519 key" -f "${GPGSSH_KEY_UNTRUSTED}" >/dev/null + ssh-keygen -t ed25519 -N "" -C "git ed25519 key" -f "${GPGSSH_KEY_UNTRUSTED}" >/dev/null && + + # Verify if at least one key and ssh-keygen works as expected + echo "testpayload" | ssh-keygen -Y sign -n "git" -f "${GPGSSH_KEY_PRIMARY}" > gpgssh_prereq.sig && + ssh-keygen -Y find-principals -f "${GPGSSH_ALLOWED_SIGNERS}" -s gpgssh_prereq.sig && + echo "testpayload" | ssh-keygen -Y verify -n "git" -f "${GPGSSH_ALLOWED_SIGNERS}" -I "principal with number 1" -s gpgssh_prereq.sig ' test_lazy_prereq GPGSSH_VERIFYTIME ' # Check if ssh-keygen has a verify-time option by passing an invalid date to it ssh-keygen -Overify-time=INVALID -Y check-novalidate -s doesnotmatter 2>&1 | grep -q -F "Invalid \"verify-time\"" && + + # Set up keys with key lifetimes ssh-keygen -t ed25519 -N "" -C "timeboxed valid key" -f "${GPGSSH_KEY_TIMEBOXEDVALID}" >/dev/null && echo "\"timeboxed valid key\" valid-after=\"20050407000000\",valid-before=\"200504100000\" $(cat "${GPGSSH_KEY_TIMEBOXEDVALID}.pub")" >> "${GPGSSH_ALLOWED_SIGNERS}" && ssh-keygen -t ed25519 -N "" -C "timeboxed invalid key" -f "${GPGSSH_KEY_TIMEBOXEDINVALID}" >/dev/null && @@ -137,6 +140,10 @@ test_lazy_prereq GPGSSH_VERIFYTIME ' echo "\"principal with expired key\" valid-before=\"20000101000000\" $(cat "${GPGSSH_KEY_EXPIRED}.pub")" >> "${GPGSSH_ALLOWED_SIGNERS}" && ssh-keygen -t ed25519 -N "" -C "not yet valid key" -f "${GPGSSH_KEY_NOTYETVALID}" >/dev/null && echo "\"principal with not yet valid key\" valid-after=\"29990101000000\" $(cat "${GPGSSH_KEY_NOTYETVALID}.pub")" >> "${GPGSSH_ALLOWED_SIGNERS}" + + # and verify ssh-keygen verifies the key lifetime + echo "testpayload" | ssh-keygen -Y sign -n "git" -f "${GPGSSH_KEY_EXPIRED}" > gpgssh_verifytime_prereq.sig && + ! (ssh-keygen -Y verify -n "git" -f "${GPGSSH_ALLOWED_SIGNERS}" -I "principal with expired key" -s gpgssh_verifytime_prereq.sig) ' sanitize_pgp() {