2 * Copyright (c) 2022 Josh Rickmar <jrick@zettaport.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 #include <sys/types.h>
19 #include <sys/socket.h>
30 #include "got_error.h"
32 #include "got_object.h"
33 #include "got_opentemp.h"
36 #include "got_compat.h"
40 #define MIN(_a,_b) ((_a) < (_b) ? (_a) : (_b))
44 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
47 #ifndef GOT_TAG_PATH_SSH_KEYGEN
48 #define GOT_TAG_PATH_SSH_KEYGEN "/usr/bin/ssh-keygen"
51 #ifndef GOT_TAG_PATH_SIGNIFY
52 #define GOT_TAG_PATH_SIGNIFY "/usr/bin/signify"
55 const struct got_error *
56 got_sigs_apply_unveil()
58 if (unveil(GOT_TAG_PATH_SSH_KEYGEN, "x") != 0) {
59 return got_error_from_errno2("unveil",
60 GOT_TAG_PATH_SSH_KEYGEN);
62 if (unveil(GOT_TAG_PATH_SIGNIFY, "x") != 0) {
63 return got_error_from_errno2("unveil",
64 GOT_TAG_PATH_SIGNIFY);
70 const struct got_error *
71 got_sigs_sign_tag_ssh(pid_t *newpid, int *in_fd, int *out_fd,
72 const char* key_file, int verbosity)
74 const struct got_error *error = NULL;
75 int pid, in_pfd[2], out_pfd[2];
83 argv[i++] = GOT_TAG_PATH_SSH_KEYGEN;
93 /* ssh(1) allows up to 3 "-v" options. */
94 for (j = 0; j < MIN(3, verbosity); j++)
98 assert(i <= nitems(argv));
100 if (pipe(in_pfd) == -1)
101 return got_error_from_errno("pipe");
102 if (pipe(out_pfd) == -1)
103 return got_error_from_errno("pipe");
107 error = got_error_from_errno("fork");
113 } else if (pid == 0) {
114 if (close(in_pfd[1]) == -1)
116 if (close(out_pfd[1]) == -1)
118 if (dup2(in_pfd[0], 0) == -1)
120 if (dup2(out_pfd[0], 1) == -1)
122 if (execv(GOT_TAG_PATH_SSH_KEYGEN, (char **const)argv) == -1)
124 abort(); /* not reached */
126 if (close(in_pfd[0]) == -1)
127 return got_error_from_errno("close");
128 if (close(out_pfd[0]) == -1)
129 return got_error_from_errno("close");
132 *out_fd = out_pfd[1];
137 signer_identity(const char *tagger)
141 lt = strstr(tagger, " <");
142 gt = strrchr(tagger, '>');
143 if (lt && gt && lt+1 < gt)
144 return strndup(lt+2, gt-lt-2);
148 static const char* BEGIN_SSH_SIG = "-----BEGIN SSH SIGNATURE-----\n";
149 static const char* END_SSH_SIG = "-----END SSH SIGNATURE-----\n";
152 got_sigs_get_tagmsg_ssh_signature(const char *tagmsg)
154 const char *s = tagmsg, *begin = NULL, *end = NULL;
156 while ((s = strstr(s, BEGIN_SSH_SIG)) != NULL) {
158 s += strlen(BEGIN_SSH_SIG);
161 end = strstr(begin+strlen(BEGIN_SSH_SIG), END_SSH_SIG);
164 return (end[strlen(END_SSH_SIG)] == '\0') ? begin : NULL;
167 static const struct got_error *
168 got_tag_write_signed_data(BUF *buf, struct got_tag_object *tag,
169 const char *start_sig)
171 const struct got_error *err = NULL;
172 struct got_object_id *id;
179 id = got_object_tag_get_object_id(tag);
180 err = got_object_id_str(&id_str, id);
184 const char *type_label = NULL;
185 switch (got_object_tag_get_object_type(tag)) {
186 case GOT_OBJ_TYPE_BLOB:
187 type_label = GOT_OBJ_LABEL_BLOB;
189 case GOT_OBJ_TYPE_TREE:
190 type_label = GOT_OBJ_LABEL_TREE;
192 case GOT_OBJ_TYPE_COMMIT:
193 type_label = GOT_OBJ_LABEL_COMMIT;
195 case GOT_OBJ_TYPE_TAG:
196 type_label = GOT_OBJ_LABEL_TAG;
201 got_date_format_gmtoff(gmtoff, sizeof(gmtoff),
202 got_object_tag_get_tagger_gmtoff(tag));
203 if (asprintf(&tagger, "%s %lld %s", got_object_tag_get_tagger(tag),
204 got_object_tag_get_tagger_time(tag), gmtoff) == -1) {
205 err = got_error_from_errno("asprintf");
209 err = buf_puts(&len, buf, GOT_TAG_LABEL_OBJECT);
212 err = buf_puts(&len, buf, id_str);
215 err = buf_putc(buf, '\n');
218 err = buf_puts(&len, buf, GOT_TAG_LABEL_TYPE);
221 err = buf_puts(&len, buf, type_label);
224 err = buf_putc(buf, '\n');
227 err = buf_puts(&len, buf, GOT_TAG_LABEL_TAG);
230 err = buf_puts(&len, buf, got_object_tag_get_name(tag));
233 err = buf_putc(buf, '\n');
236 err = buf_puts(&len, buf, GOT_TAG_LABEL_TAGGER);
239 err = buf_puts(&len, buf, tagger);
242 err = buf_puts(&len, buf, "\n");
245 tagmsg = got_object_tag_get_message(tag);
246 err = buf_append(&len, buf, tagmsg, start_sig-tagmsg);
256 const struct got_error *
257 got_sigs_verify_tag_ssh(char **msg, struct got_tag_object *tag,
258 const char *start_sig, const char* allowed_signers, const char* revoked,
261 const struct got_error *error = NULL;
262 const char* argv[17];
263 int pid, status, in_pfd[2], out_pfd[2];
264 char* parsed_identity = NULL;
265 const char *identity;
266 char* tmppath = NULL;
267 FILE *tmpsig, *out = NULL;
273 error = got_opentemp_named(&tmppath, &tmpsig,
274 GOT_TMPDIR_STR "/got-tagsig");
278 identity = got_object_tag_get_tagger(tag);
279 parsed_identity = signer_identity(identity);
280 if (parsed_identity != NULL)
281 identity = parsed_identity;
283 if (fputs(start_sig, tmpsig) == EOF) {
284 error = got_error_from_errno("fputs");
287 if (fflush(tmpsig) == EOF) {
288 error = got_error_from_errno("fflush");
292 error = buf_alloc(&buf, 0);
295 error = got_tag_write_signed_data(buf, tag, start_sig);
299 argv[i++] = GOT_TAG_PATH_SSH_KEYGEN;
301 argv[i++] = "verify";
303 argv[i++] = allowed_signers;
305 argv[i++] = identity;
315 /* ssh(1) allows up to 3 "-v" options. */
316 for (j = 0; j < MIN(3, verbosity); j++)
320 assert(i <= nitems(argv));
322 if (pipe(in_pfd) == -1) {
323 error = got_error_from_errno("pipe");
326 if (pipe(out_pfd) == -1) {
327 error = got_error_from_errno("pipe");
333 error = got_error_from_errno("fork");
339 } else if (pid == 0) {
340 if (close(in_pfd[1]) == -1)
342 if (close(out_pfd[1]) == -1)
344 if (dup2(in_pfd[0], 0) == -1)
346 if (dup2(out_pfd[0], 1) == -1)
348 if (execv(GOT_TAG_PATH_SSH_KEYGEN, (char **const)argv) == -1)
350 abort(); /* not reached */
352 if (close(in_pfd[0]) == -1) {
353 error = got_error_from_errno("close");
356 if (close(out_pfd[0]) == -1) {
357 error = got_error_from_errno("close");
360 if (buf_write_fd(buf, in_pfd[1]) == -1) {
361 error = got_error_from_errno("write");
364 if (close(in_pfd[1]) == -1) {
365 error = got_error_from_errno("close");
368 if (waitpid(pid, &status, 0) == -1) {
369 error = got_error_from_errno("waitpid");
372 if (!WIFEXITED(status)) {
373 error = got_error(GOT_ERR_BAD_TAG_SIGNATURE);
377 out = fdopen(out_pfd[1], "r");
379 error = got_error_from_errno("fdopen");
382 error = buf_load(&buf, out);
385 error = buf_putc(buf, '\0');
388 if (close(out_pfd[1]) == -1) {
389 error = got_error_from_errno("close");
394 if (WEXITSTATUS(status) != 0)
395 error = got_error(GOT_ERR_BAD_TAG_SIGNATURE);
398 free(parsed_identity);
400 if (tmpsig && fclose(tmpsig) == EOF && error == NULL)
401 error = got_error_from_errno("fclose");
402 if (out && fclose(out) == EOF && error == NULL)
403 error = got_error_from_errno("fclose");