2 * Copyright (c) 2022 Josh Rickmar <jrick@zettaport.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #include <sys/types.h>
20 #include <sys/socket.h>
21 #include <sys/queue.h>
32 #include "got_error.h"
34 #include "got_object.h"
35 #include "got_opentemp.h"
38 #include "got_compat.h"
42 #define MIN(_a,_b) ((_a) < (_b) ? (_a) : (_b))
46 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
49 #ifndef GOT_TAG_PATH_SSH_KEYGEN
50 #define GOT_TAG_PATH_SSH_KEYGEN "/usr/bin/ssh-keygen"
53 #ifndef GOT_TAG_PATH_SIGNIFY
54 #define GOT_TAG_PATH_SIGNIFY "/usr/bin/signify"
57 const struct got_error *
58 got_sigs_apply_unveil(void)
60 if (unveil(GOT_TAG_PATH_SSH_KEYGEN, "x") != 0) {
61 return got_error_from_errno2("unveil",
62 GOT_TAG_PATH_SSH_KEYGEN);
64 if (unveil(GOT_TAG_PATH_SIGNIFY, "x") != 0) {
65 return got_error_from_errno2("unveil",
66 GOT_TAG_PATH_SIGNIFY);
72 const struct got_error *
73 got_sigs_sign_tag_ssh(pid_t *newpid, int *in_fd, int *out_fd,
74 const char* key_file, int verbosity)
76 const struct got_error *error = NULL;
77 int pid, in_pfd[2], out_pfd[2];
85 argv[i++] = GOT_TAG_PATH_SSH_KEYGEN;
95 /* ssh(1) allows up to 3 "-v" options. */
96 for (j = 0; j < MIN(3, verbosity); j++)
100 assert(i <= nitems(argv));
102 if (pipe(in_pfd) == -1)
103 return got_error_from_errno("pipe");
104 if (pipe(out_pfd) == -1)
105 return got_error_from_errno("pipe");
109 error = got_error_from_errno("fork");
115 } else if (pid == 0) {
116 if (close(in_pfd[1]) == -1)
118 if (close(out_pfd[0]) == -1)
120 if (dup2(in_pfd[0], 0) == -1)
122 if (dup2(out_pfd[1], 1) == -1)
124 if (execv(GOT_TAG_PATH_SSH_KEYGEN, (char **const)argv) == -1)
126 abort(); /* not reached */
128 if (close(in_pfd[0]) == -1)
129 return got_error_from_errno("close");
130 if (close(out_pfd[1]) == -1)
131 return got_error_from_errno("close");
134 *out_fd = out_pfd[0];
139 signer_identity(const char *tagger)
143 lt = strstr(tagger, " <");
144 gt = strrchr(tagger, '>');
145 if (lt && gt && lt+1 < gt)
146 return strndup(lt+2, gt-lt-2);
150 static const char* BEGIN_SSH_SIG = "-----BEGIN SSH SIGNATURE-----\n";
151 static const char* END_SSH_SIG = "-----END SSH SIGNATURE-----\n";
154 got_sigs_get_tagmsg_ssh_signature(const char *tagmsg)
156 const char *s = tagmsg, *begin = NULL, *end = NULL;
158 while ((s = strstr(s, BEGIN_SSH_SIG)) != NULL) {
160 s += strlen(BEGIN_SSH_SIG);
163 end = strstr(begin+strlen(BEGIN_SSH_SIG), END_SSH_SIG);
166 return (end[strlen(END_SSH_SIG)] == '\0') ? begin : NULL;
169 static const struct got_error *
170 got_tag_write_signed_data(BUF *buf, struct got_tag_object *tag,
171 const char *start_sig)
173 const struct got_error *err = NULL;
174 struct got_object_id *id;
181 id = got_object_tag_get_object_id(tag);
182 err = got_object_id_str(&id_str, id);
186 const char *type_label = NULL;
187 switch (got_object_tag_get_object_type(tag)) {
188 case GOT_OBJ_TYPE_BLOB:
189 type_label = GOT_OBJ_LABEL_BLOB;
191 case GOT_OBJ_TYPE_TREE:
192 type_label = GOT_OBJ_LABEL_TREE;
194 case GOT_OBJ_TYPE_COMMIT:
195 type_label = GOT_OBJ_LABEL_COMMIT;
197 case GOT_OBJ_TYPE_TAG:
198 type_label = GOT_OBJ_LABEL_TAG;
203 got_date_format_gmtoff(gmtoff, sizeof(gmtoff),
204 got_object_tag_get_tagger_gmtoff(tag));
205 if (asprintf(&tagger, "%s %lld %s", got_object_tag_get_tagger(tag),
206 (long long)got_object_tag_get_tagger_time(tag), gmtoff) == -1) {
207 err = got_error_from_errno("asprintf");
211 err = buf_puts(&len, buf, GOT_TAG_LABEL_OBJECT);
214 err = buf_puts(&len, buf, id_str);
217 err = buf_putc(buf, '\n');
220 err = buf_puts(&len, buf, GOT_TAG_LABEL_TYPE);
223 err = buf_puts(&len, buf, type_label);
226 err = buf_putc(buf, '\n');
229 err = buf_puts(&len, buf, GOT_TAG_LABEL_TAG);
232 err = buf_puts(&len, buf, got_object_tag_get_name(tag));
235 err = buf_putc(buf, '\n');
238 err = buf_puts(&len, buf, GOT_TAG_LABEL_TAGGER);
241 err = buf_puts(&len, buf, tagger);
244 err = buf_puts(&len, buf, "\n");
247 tagmsg = got_object_tag_get_message(tag);
248 err = buf_append(&len, buf, tagmsg, start_sig-tagmsg);
258 const struct got_error *
259 got_sigs_verify_tag_ssh(char **msg, struct got_tag_object *tag,
260 const char *start_sig, const char* allowed_signers, const char* revoked,
263 const struct got_error *error = NULL;
264 const char* argv[17];
265 int pid, status, in_pfd[2], out_pfd[2];
266 char* parsed_identity = NULL;
267 const char *identity;
268 char *tmppath = NULL;
275 error = got_opentemp_named(&tmppath, &tmpsig,
276 GOT_TMPDIR_STR "/got-tagsig", "");
280 identity = got_object_tag_get_tagger(tag);
281 parsed_identity = signer_identity(identity);
282 if (parsed_identity != NULL)
283 identity = parsed_identity;
285 if (fputs(start_sig, tmpsig) == EOF) {
286 error = got_error_from_errno("fputs");
289 if (fflush(tmpsig) == EOF) {
290 error = got_error_from_errno("fflush");
294 error = buf_alloc(&buf, 0);
297 error = got_tag_write_signed_data(buf, tag, start_sig);
301 argv[i++] = GOT_TAG_PATH_SSH_KEYGEN;
303 argv[i++] = "verify";
305 argv[i++] = allowed_signers;
307 argv[i++] = identity;
317 /* ssh(1) allows up to 3 "-v" options. */
318 for (j = 0; j < MIN(3, verbosity); j++)
322 assert(i <= nitems(argv));
324 if (pipe(in_pfd) == -1) {
325 error = got_error_from_errno("pipe");
328 if (pipe(out_pfd) == -1) {
329 error = got_error_from_errno("pipe");
335 error = got_error_from_errno("fork");
341 } else if (pid == 0) {
342 if (close(in_pfd[1]) == -1)
344 if (close(out_pfd[0]) == -1)
346 if (dup2(in_pfd[0], 0) == -1)
348 if (dup2(out_pfd[1], 1) == -1)
350 if (execv(GOT_TAG_PATH_SSH_KEYGEN, (char **const)argv) == -1)
352 abort(); /* not reached */
354 if (close(in_pfd[0]) == -1) {
355 error = got_error_from_errno("close");
358 if (close(out_pfd[1]) == -1) {
359 error = got_error_from_errno("close");
362 if (buf_write_fd(buf, in_pfd[1]) == -1) {
363 error = got_error_from_errno("write");
366 if (close(in_pfd[1]) == -1) {
367 error = got_error_from_errno("close");
370 if (waitpid(pid, &status, 0) == -1) {
371 error = got_error_from_errno("waitpid");
374 if (!WIFEXITED(status)) {
375 error = got_error(GOT_ERR_BAD_TAG_SIGNATURE);
379 error = buf_load_fd(&buf, out_pfd[0]);
382 error = buf_putc(buf, '\0');
385 if (close(out_pfd[0]) == -1) {
386 error = got_error_from_errno("close");
390 if (WEXITSTATUS(status) != 0)
391 error = got_error(GOT_ERR_BAD_TAG_SIGNATURE);
394 free(parsed_identity);
395 if (tmppath && unlink(tmppath) == -1 && error == NULL)
396 error = got_error_from_errno("unlink");
399 if (tmpsig && fclose(tmpsig) == EOF && error == NULL)
400 error = got_error_from_errno("fclose");