From: Fabian Stelzer <fs@gigacodes.de>
To: git@vger.kernel.org
Cc: "Fabian Stelzer" <fs@gigacodes.de>,
"Han-Wen Nienhuys" <hanwen@google.com>,
"brian m. carlson" <sandals@crustytoothpaste.net>,
"Randall S. Becker" <rsbecker@nexbridge.com>,
"Bagas Sanjaya" <bagasdotme@gmail.com>,
"Hans Jerry Illikainen" <hji@dyntopia.com>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Felipe Contreras" <felipe.contreras@gmail.com>,
"Eric Sunshine" <sunshine@sunshineco.com>,
"Gwyneth Morgan" <gwymor@tilde.club>,
"Jonathan Tan" <jonathantanmy@google.com>,
"Josh Steadmon" <steadmon@google.com>
Subject: [PATCH 0/6] ssh signing: verify key lifetime
Date: Fri, 22 Oct 2021 17:09:43 +0200 [thread overview]
Message-ID: <20211022150949.1754477-1-fs@gigacodes.de> (raw)
This series adds key lifetime validity checks by passing commit/tag
dates to the check operaion.
I'm not totally sure about the way i'm parsing payload info via
parse_signed_buffer_metadata(). payload was just an opaque buffer before.
Now gpg-interface actually looks at it (thats wy i used a seperate api
function for it and did not hide it in check_signature).
I chose this approach since it requires the least changes for the consumers
of this functionality.
A cleaner way would maybe be introducing a check_object_signature()
which takes a struct object instead of the payload directly to avoid the
parse function altogether. However only some call sites already have
this struct. Tags & fmt-merge-msg use different ways to produce the
payload and i'm not sure how involved the objects creation would be or what
side-effects this could have(performance?). Since the push-certs use case
will never produce a object struct we would still have to keep the
existing check_signature function anyway (or encapsulate those in some
pseudo-object :/).
The now used parse function also opens the usage up to sites already having
both infos (date & ident), although there is currently none.
Fabian Stelzer (6):
ssh signing: extend check_signature to accept payload metadata
ssh signing: add key lifetime test prereqs
ssh signing: verify-commit/check_signature with commit date
ssh signing: git log/check_signature with commit date
ssh signing: verify-tag/check_signature with tag date
ssh signing: fmt-merge-msg/check_signature with tag date
Documentation/config/gpg.txt | 5 ++
builtin/receive-pack.c | 5 +-
commit.c | 12 ++++-
fmt-merge-msg.c | 15 +++++-
gpg-interface.c | 79 ++++++++++++++++++++++++++++----
gpg-interface.h | 13 +++++-
log-tree.c | 22 ++++++++-
t/lib-gpg.sh | 19 +++++++-
t/t4202-log.sh | 43 +++++++++++++++++
t/t6200-fmt-merge-msg.sh | 54 ++++++++++++++++++++++
t/t7031-verify-tag-signed-ssh.sh | 42 +++++++++++++++++
t/t7528-signed-commit-ssh.sh | 42 +++++++++++++++++
tag.c | 12 ++++-
13 files changed, 341 insertions(+), 22 deletions(-)
base-commit: d3b4e01def5a9517c919f0b815c1b12296dc3dc2
--
2.31.1
next reply other threads:[~2021-10-22 15:10 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-22 15:09 Fabian Stelzer [this message]
2021-10-22 15:09 ` [PATCH 1/6] ssh signing: extend check_signature to accept payload metadata Fabian Stelzer
2021-10-23 23:13 ` Junio C Hamano
2021-10-25 8:28 ` Fabian Stelzer
2021-10-25 17:16 ` Junio C Hamano
2021-10-22 15:09 ` [PATCH 2/6] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-10-22 15:09 ` [PATCH 3/6] ssh signing: verify-commit/check_signature with commit date Fabian Stelzer
2021-10-22 17:37 ` Ævar Arnfjörð Bjarmason
2021-10-25 8:31 ` Fabian Stelzer
2021-10-22 15:09 ` [PATCH 4/6] ssh signing: git log/check_signature " Fabian Stelzer
2021-10-22 15:09 ` [PATCH 5/6] ssh signing: verify-tag/check_signature with tag date Fabian Stelzer
2021-10-22 15:09 ` [PATCH 6/6] ssh signing: fmt-merge-msg/check_signature " Fabian Stelzer
2021-10-22 18:12 ` Ævar Arnfjörð Bjarmason
2021-10-25 8:39 ` Fabian Stelzer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211022150949.1754477-1-fs@gigacodes.de \
--to=fs@gigacodes.de \
--cc=avarab@gmail.com \
--cc=bagasdotme@gmail.com \
--cc=felipe.contreras@gmail.com \
--cc=git@vger.kernel.org \
--cc=gwymor@tilde.club \
--cc=hanwen@google.com \
--cc=hji@dyntopia.com \
--cc=jonathantanmy@google.com \
--cc=rsbecker@nexbridge.com \
--cc=sandals@crustytoothpaste.net \
--cc=steadmon@google.com \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).