diff options
Diffstat (limited to 'gpg-interface.c')
-rw-r--r-- | gpg-interface.c | 63 |
1 files changed, 59 insertions, 4 deletions
diff --git a/gpg-interface.c b/gpg-interface.c index ff07012726..68b0c814f7 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -7,6 +7,9 @@ static char *configured_signing_key; static const char *gpg_program = "gpg"; +#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----" +#define PGP_MESSAGE "-----BEGIN PGP MESSAGE-----" + void signature_check_clear(struct signature_check *sigc) { free(sigc->payload); @@ -21,6 +24,60 @@ void signature_check_clear(struct signature_check *sigc) sigc->key = NULL; } +static struct { + char result; + const char *check; +} sigcheck_gpg_status[] = { + { 'G', "\n[GNUPG:] GOODSIG " }, + { 'B', "\n[GNUPG:] BADSIG " }, + { 'U', "\n[GNUPG:] TRUST_NEVER" }, + { 'U', "\n[GNUPG:] TRUST_UNDEFINED" }, +}; + +void parse_gpg_output(struct signature_check *sigc) +{ + const char *buf = sigc->gpg_status; + int i; + + /* Iterate over all search strings */ + for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_status); i++) { + const char *found, *next; + + if (!skip_prefix(buf, sigcheck_gpg_status[i].check + 1, &found)) { + found = strstr(buf, sigcheck_gpg_status[i].check); + if (!found) + continue; + found += strlen(sigcheck_gpg_status[i].check); + } + sigc->result = sigcheck_gpg_status[i].result; + /* The trust messages are not followed by key/signer information */ + if (sigc->result != 'U') { + sigc->key = xmemdupz(found, 16); + found += 17; + next = strchrnul(found, '\n'); + sigc->signer = xmemdupz(found, next - found); + } + } +} + +/* + * Look at GPG signed content (e.g. a signed tag object), whose + * payload is followed by a detached signature on it. Return the + * offset where the embedded detached signature begins, or the end of + * the data when there is no such signature. + */ +size_t parse_signature(const char *buf, unsigned long size) +{ + char *eol; + size_t len = 0; + while (len < size && !starts_with(buf + len, PGP_SIGNATURE) && + !starts_with(buf + len, PGP_MESSAGE)) { + eol = memchr(buf + len, '\n', size - len); + len += eol ? eol - (buf + len) + 1 : size - len; + } + return len; +} + void set_signing_key(const char *key) { free(configured_signing_key); @@ -55,12 +112,11 @@ const char *get_signing_key(void) */ int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key) { - struct child_process gpg; + struct child_process gpg = CHILD_PROCESS_INIT; const char *args[4]; ssize_t len; size_t i, j, bottom; - memset(&gpg, 0, sizeof(gpg)); gpg.argv = args; gpg.in = -1; gpg.out = -1; @@ -116,7 +172,7 @@ int verify_signed_buffer(const char *payload, size_t payload_size, const char *signature, size_t signature_size, struct strbuf *gpg_output, struct strbuf *gpg_status) { - struct child_process gpg; + struct child_process gpg = CHILD_PROCESS_INIT; const char *args_gpg[] = {NULL, "--status-fd=1", "--verify", "FILE", "-", NULL}; char path[PATH_MAX]; int fd, ret; @@ -133,7 +189,6 @@ int verify_signed_buffer(const char *payload, size_t payload_size, path, strerror(errno)); close(fd); - memset(&gpg, 0, sizeof(gpg)); gpg.argv = args_gpg; gpg.in = -1; gpg.out = -1; |