summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar Fabian Stelzer <fs@gigacodes.de>2021-09-10 20:07:36 +0000
committerLibravatar Junio C Hamano <gitster@pobox.com>2021-09-10 14:15:51 -0700
commit29b315778e958417a411f02b6d4b5a0fc9d731e2 (patch)
tree647bc9f83957790eed589a177511ebc6bafdb0c5
parentssh signing: add test prereqs (diff)
downloadtgif-29b315778e958417a411f02b6d4b5a0fc9d731e2.tar.xz
ssh signing: add ssh key format and signing code
Implements the actual sign_buffer_ssh operation and move some shared cleanup code into a strbuf function Set gpg.format = ssh and user.signingkey to either a ssh public key string (like from an authorized_keys file), or a ssh key file. If the key file or the config value itself contains only a public key then the private key needs to be available via ssh-agent. gpg.ssh.program can be set to an alternative location of ssh-keygen. A somewhat recent openssh version (8.2p1+) of ssh-keygen is needed for this feature. Since only ssh-keygen is needed it can this way be installed seperately without upgrading your system openssh packages. Signed-off-by: Fabian Stelzer <fs@gigacodes.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--Documentation/config/gpg.txt4
-rw-r--r--Documentation/config/user.txt5
-rw-r--r--gpg-interface.c138
3 files changed, 137 insertions, 10 deletions
diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt
index d94025cb36..88531b15f0 100644
--- a/Documentation/config/gpg.txt
+++ b/Documentation/config/gpg.txt
@@ -11,13 +11,13 @@ gpg.program::
gpg.format::
Specifies which key format to use when signing with `--gpg-sign`.
- Default is "openpgp" and another possible value is "x509".
+ Default is "openpgp". Other possible values are "x509", "ssh".
gpg.<format>.program::
Use this to customize the program used for the signing format you
chose. (see `gpg.program` and `gpg.format`) `gpg.program` can still
be used as a legacy synonym for `gpg.openpgp.program`. The default
- value for `gpg.x509.program` is "gpgsm".
+ value for `gpg.x509.program` is "gpgsm" and `gpg.ssh.program` is "ssh-keygen".
gpg.minTrustLevel::
Specifies a minimum trust level for signature verification. If
diff --git a/Documentation/config/user.txt b/Documentation/config/user.txt
index 59aec7c3ae..2155128957 100644
--- a/Documentation/config/user.txt
+++ b/Documentation/config/user.txt
@@ -36,3 +36,8 @@ user.signingKey::
commit, you can override the default selection with this variable.
This option is passed unchanged to gpg's --local-user parameter,
so you may specify a key using any method that gpg supports.
+ If gpg.format is set to "ssh" this can contain the literal ssh public
+ key (e.g.: "ssh-rsa XXXXXX identifier") or a file which contains it and
+ corresponds to the private key used for signing. The private key
+ needs to be available via ssh-agent. Alternatively it can be set to
+ a file containing a private key directly.
diff --git a/gpg-interface.c b/gpg-interface.c
index db54b05416..7ca682ac6d 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -41,12 +41,20 @@ static const char *x509_sigs[] = {
NULL
};
+static const char *ssh_verify_args[] = { NULL };
+static const char *ssh_sigs[] = {
+ "-----BEGIN SSH SIGNATURE-----",
+ NULL
+};
+
static int verify_gpg_signed_buffer(struct signature_check *sigc,
struct gpg_format *fmt, const char *payload,
size_t payload_size, const char *signature,
size_t signature_size);
static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature,
const char *signing_key);
+static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
+ const char *signing_key);
static struct gpg_format gpg_format[] = {
{
@@ -65,6 +73,14 @@ static struct gpg_format gpg_format[] = {
.verify_signed_buffer = verify_gpg_signed_buffer,
.sign_buffer = sign_buffer_gpg,
},
+ {
+ .name = "ssh",
+ .program = "ssh-keygen",
+ .verify_args = ssh_verify_args,
+ .sigs = ssh_sigs,
+ .verify_signed_buffer = NULL, /* TODO */
+ .sign_buffer = sign_buffer_ssh
+ },
};
static struct gpg_format *use_format = &gpg_format[0];
@@ -443,6 +459,9 @@ int git_gpg_config(const char *var, const char *value, void *cb)
if (!strcmp(var, "gpg.x509.program"))
fmtname = "x509";
+ if (!strcmp(var, "gpg.ssh.program"))
+ fmtname = "ssh";
+
if (fmtname) {
fmt = get_format_by_name(fmtname);
return git_config_string(&fmt->program, var, value);
@@ -463,12 +482,30 @@ int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *sig
return use_format->sign_buffer(buffer, signature, signing_key);
}
+/*
+ * Strip CR from the line endings, in case we are on Windows.
+ * NEEDSWORK: make it trim only CRs before LFs and rename
+ */
+static void remove_cr_after(struct strbuf *buffer, size_t offset)
+{
+ size_t i, j;
+
+ for (i = j = offset; i < buffer->len; i++) {
+ if (buffer->buf[i] != '\r') {
+ if (i != j)
+ buffer->buf[j] = buffer->buf[i];
+ j++;
+ }
+ }
+ strbuf_setlen(buffer, j);
+}
+
static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature,
const char *signing_key)
{
struct child_process gpg = CHILD_PROCESS_INIT;
int ret;
- size_t i, j, bottom;
+ size_t bottom;
struct strbuf gpg_status = STRBUF_INIT;
strvec_pushl(&gpg.args,
@@ -494,13 +531,98 @@ static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature,
return error(_("gpg failed to sign the data"));
/* Strip CR from the line endings, in case we are on Windows. */
- for (i = j = bottom; i < signature->len; i++)
- if (signature->buf[i] != '\r') {
- if (i != j)
- signature->buf[j] = signature->buf[i];
- j++;
- }
- strbuf_setlen(signature, j);
+ remove_cr_after(signature, bottom);
return 0;
}
+
+static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
+ const char *signing_key)
+{
+ struct child_process signer = CHILD_PROCESS_INIT;
+ int ret = -1;
+ size_t bottom, keylen;
+ struct strbuf signer_stderr = STRBUF_INIT;
+ struct tempfile *key_file = NULL, *buffer_file = NULL;
+ char *ssh_signing_key_file = NULL;
+ struct strbuf ssh_signature_filename = STRBUF_INIT;
+
+ if (!signing_key || signing_key[0] == '\0')
+ return error(
+ _("user.signingkey needs to be set for ssh signing"));
+
+ if (starts_with(signing_key, "ssh-")) {
+ /* A literal ssh key */
+ key_file = mks_tempfile_t(".git_signing_key_tmpXXXXXX");
+ if (!key_file)
+ return error_errno(
+ _("could not create temporary file"));
+ keylen = strlen(signing_key);
+ if (write_in_full(key_file->fd, signing_key, keylen) < 0 ||
+ close_tempfile_gently(key_file) < 0) {
+ error_errno(_("failed writing ssh signing key to '%s'"),
+ key_file->filename.buf);
+ goto out;
+ }
+ ssh_signing_key_file = strbuf_detach(&key_file->filename, NULL);
+ } else {
+ /* We assume a file */
+ ssh_signing_key_file = expand_user_path(signing_key, 1);
+ }
+
+ buffer_file = mks_tempfile_t(".git_signing_buffer_tmpXXXXXX");
+ if (!buffer_file) {
+ error_errno(_("could not create temporary file"));
+ goto out;
+ }
+
+ if (write_in_full(buffer_file->fd, buffer->buf, buffer->len) < 0 ||
+ close_tempfile_gently(buffer_file) < 0) {
+ error_errno(_("failed writing ssh signing key buffer to '%s'"),
+ buffer_file->filename.buf);
+ goto out;
+ }
+
+ strvec_pushl(&signer.args, use_format->program,
+ "-Y", "sign",
+ "-n", "git",
+ "-f", ssh_signing_key_file,
+ buffer_file->filename.buf,
+ NULL);
+
+ sigchain_push(SIGPIPE, SIG_IGN);
+ ret = pipe_command(&signer, NULL, 0, NULL, 0, &signer_stderr, 0);
+ sigchain_pop(SIGPIPE);
+
+ if (ret) {
+ if (strstr(signer_stderr.buf, "usage:"))
+ error(_("ssh-keygen -Y sign is needed for ssh signing (available in openssh version 8.2p1+)"));
+
+ error("%s", signer_stderr.buf);
+ goto out;
+ }
+
+ bottom = signature->len;
+
+ strbuf_addbuf(&ssh_signature_filename, &buffer_file->filename);
+ strbuf_addstr(&ssh_signature_filename, ".sig");
+ if (strbuf_read_file(signature, ssh_signature_filename.buf, 0) < 0) {
+ error_errno(
+ _("failed reading ssh signing data buffer from '%s'"),
+ ssh_signature_filename.buf);
+ }
+ unlink_or_warn(ssh_signature_filename.buf);
+
+ /* Strip CR from the line endings, in case we are on Windows. */
+ remove_cr_after(signature, bottom);
+
+out:
+ if (key_file)
+ delete_tempfile(&key_file);
+ if (buffer_file)
+ delete_tempfile(&buffer_file);
+ strbuf_release(&signer_stderr);
+ strbuf_release(&ssh_signature_filename);
+ FREE_AND_NULL(ssh_signing_key_file);
+ return ret;
+}