mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 212 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5599 Commits
17 Branches
Tree: fb1ed5de94
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fb1ed5de94'
${ noResults }
gitea/models/gpg_key.go

gpg_key.go 13KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"bytes"

  9. 	"container/list"

  10. 	"crypto"

  11. 	"encoding/base64"

  12. 	"fmt"

  13. 	"hash"

  14. 	"io"

  15. 	"strings"

  16. 	"time"

  17. 

  18. 	"code.gitea.io/git"

  19. 	"code.gitea.io/gitea/modules/log"

  20. 

  21. 	"github.com/go-xorm/xorm"

  22. 	"github.com/keybase/go-crypto/openpgp"

  23. 	"github.com/keybase/go-crypto/openpgp/armor"

  24. 	"github.com/keybase/go-crypto/openpgp/packet"

  25. )

  26. 

  27. // GPGKey represents a GPG key.

  28. type GPGKey struct {

  29. 	ID                int64     `xorm:"pk autoincr"`

  30. 	OwnerID           int64     `xorm:"INDEX NOT NULL"`

  31. 	KeyID             string    `xorm:"INDEX CHAR(16) NOT NULL"`

  32. 	PrimaryKeyID      string    `xorm:"CHAR(16)"`

  33. 	Content           string    `xorm:"TEXT NOT NULL"`

  34. 	Created           time.Time `xorm:"-"`

  35. 	CreatedUnix       int64

  36. 	Expired           time.Time `xorm:"-"`

  37. 	ExpiredUnix       int64

  38. 	Added             time.Time `xorm:"-"`

  39. 	AddedUnix         int64

  40. 	SubsKey           []*GPGKey `xorm:"-"`

  41. 	Emails            []*EmailAddress

  42. 	CanSign           bool

  43. 	CanEncryptComms   bool

  44. 	CanEncryptStorage bool

  45. 	CanCertify        bool

  46. }

  47. 

  48. // BeforeInsert will be invoked by XORM before inserting a record

  49. func (key *GPGKey) BeforeInsert() {

  50. 	key.AddedUnix = time.Now().Unix()

  51. 	key.ExpiredUnix = key.Expired.Unix()

  52. 	key.CreatedUnix = key.Created.Unix()

  53. }

  54. 

  55. // AfterSet is invoked from XORM after setting the value of a field of this object.

  56. func (key *GPGKey) AfterSet(colName string, _ xorm.Cell) {

  57. 	switch colName {

  58. 	case "key_id":

  59. 		x.Where("primary_key_id=?", key.KeyID).Find(&key.SubsKey)

  60. 	case "added_unix":

  61. 		key.Added = time.Unix(key.AddedUnix, 0).Local()

  62. 	case "expired_unix":

  63. 		key.Expired = time.Unix(key.ExpiredUnix, 0).Local()

  64. 	case "created_unix":

  65. 		key.Created = time.Unix(key.CreatedUnix, 0).Local()

  66. 	}

  67. }

  68. 

  69. // ListGPGKeys returns a list of public keys belongs to given user.

  70. func ListGPGKeys(uid int64) ([]*GPGKey, error) {

  71. 	keys := make([]*GPGKey, 0, 5)

  72. 	return keys, x.Where("owner_id=? AND primary_key_id=''", uid).Find(&keys)

  73. }

  74. 

  75. // GetGPGKeyByID returns public key by given ID.

  76. func GetGPGKeyByID(keyID int64) (*GPGKey, error) {

  77. 	key := new(GPGKey)

  78. 	has, err := x.Id(keyID).Get(key)

  79. 	if err != nil {

  80. 		return nil, err

  81. 	} else if !has {

  82. 		return nil, ErrGPGKeyNotExist{keyID}

  83. 	}

  84. 	return key, nil

  85. }

  86. 

  87. // checkArmoredGPGKeyString checks if the given key string is a valid GPG armored key.

  88. // The function returns the actual public key on success

  89. func checkArmoredGPGKeyString(content string) (*openpgp.Entity, error) {

  90. 	list, err := openpgp.ReadArmoredKeyRing(strings.NewReader(content))

  91. 	if err != nil {

  92. 		return nil, ErrGPGKeyParsing{err}

  93. 	}

  94. 	return list[0], nil

  95. }

  96. 

  97. //addGPGKey add key and subkeys to database

  98. func addGPGKey(e Engine, key *GPGKey) (err error) {

  99. 	// Save GPG primary key.

  100. 	if _, err = e.Insert(key); err != nil {

  101. 		return err

  102. 	}

  103. 	// Save GPG subs key.

  104. 	for _, subkey := range key.SubsKey {

  105. 		if err := addGPGKey(e, subkey); err != nil {

  106. 			return err

  107. 		}

  108. 	}

  109. 	return nil

  110. }

  111. 

  112. // AddGPGKey adds new public key to database.

  113. func AddGPGKey(ownerID int64, content string) (*GPGKey, error) {

  114. 	ekey, err := checkArmoredGPGKeyString(content)

  115. 	if err != nil {

  116. 		return nil, err

  117. 	}

  118. 

  119. 	// Key ID cannot be duplicated.

  120. 	has, err := x.Where("key_id=?", ekey.PrimaryKey.KeyIdString()).

  121. 		Get(new(GPGKey))

  122. 	if err != nil {

  123. 		return nil, err

  124. 	} else if has {

  125. 		return nil, ErrGPGKeyIDAlreadyUsed{ekey.PrimaryKey.KeyIdString()}

  126. 	}

  127. 

  128. 	//Get DB session

  129. 	sess := x.NewSession()

  130. 	defer sess.Close()

  131. 	if err = sess.Begin(); err != nil {

  132. 		return nil, err

  133. 	}

  134. 

  135. 	key, err := parseGPGKey(ownerID, ekey)

  136. 	if err != nil {

  137. 		return nil, err

  138. 	}

  139. 

  140. 	if err = addGPGKey(sess, key); err != nil {

  141. 		return nil, err

  142. 	}

  143. 

  144. 	return key, sess.Commit()

  145. }

  146. 

  147. //base64EncPubKey encode public kay content to base 64

  148. func base64EncPubKey(pubkey *packet.PublicKey) (string, error) {

  149. 	var w bytes.Buffer

  150. 	err := pubkey.Serialize(&w)

  151. 	if err != nil {

  152. 		return "", err

  153. 	}

  154. 	return base64.StdEncoding.EncodeToString(w.Bytes()), nil

  155. }

  156. 

  157. //parseSubGPGKey parse a sub Key

  158. func parseSubGPGKey(ownerID int64, primaryID string, pubkey *packet.PublicKey, expiry time.Time) (*GPGKey, error) {

  159. 	content, err := base64EncPubKey(pubkey)

  160. 	if err != nil {

  161. 		return nil, err

  162. 	}

  163. 	return &GPGKey{

  164. 		OwnerID:           ownerID,

  165. 		KeyID:             pubkey.KeyIdString(),

  166. 		PrimaryKeyID:      primaryID,

  167. 		Content:           content,

  168. 		Created:           pubkey.CreationTime,

  169. 		Expired:           expiry,

  170. 		CanSign:           pubkey.CanSign(),

  171. 		CanEncryptComms:   pubkey.PubKeyAlgo.CanEncrypt(),

  172. 		CanEncryptStorage: pubkey.PubKeyAlgo.CanEncrypt(),

  173. 		CanCertify:        pubkey.PubKeyAlgo.CanSign(),

  174. 	}, nil

  175. }

  176. 

  177. //parseGPGKey parse a PrimaryKey entity (primary key + subs keys + self-signature)

  178. func parseGPGKey(ownerID int64, e *openpgp.Entity) (*GPGKey, error) {

  179. 	pubkey := e.PrimaryKey

  180. 

  181. 	//Extract self-sign for expire date based on : https://github.com/golang/crypto/blob/master/openpgp/keys.go#L165

  182. 	var selfSig *packet.Signature

  183. 	for _, ident := range e.Identities {

  184. 		if selfSig == nil {

  185. 			selfSig = ident.SelfSignature

  186. 		} else if ident.SelfSignature.IsPrimaryId != nil && *ident.SelfSignature.IsPrimaryId {

  187. 			selfSig = ident.SelfSignature

  188. 			break

  189. 		}

  190. 	}

  191. 	expiry := time.Time{}

  192. 	if selfSig.KeyLifetimeSecs != nil {

  193. 		expiry = selfSig.CreationTime.Add(time.Duration(*selfSig.KeyLifetimeSecs) * time.Second)

  194. 	}

  195. 

  196. 	//Parse Subkeys

  197. 	subkeys := make([]*GPGKey, len(e.Subkeys))

  198. 	for i, k := range e.Subkeys {

  199. 		subs, err := parseSubGPGKey(ownerID, pubkey.KeyIdString(), k.PublicKey, expiry)

  200. 		if err != nil {

  201. 			return nil, err

  202. 		}

  203. 		subkeys[i] = subs

  204. 	}

  205. 

  206. 	//Check emails

  207. 	userEmails, err := GetEmailAddresses(ownerID)

  208. 	if err != nil {

  209. 		return nil, err

  210. 	}

  211. 

  212. 	emails := make([]*EmailAddress, 0, len(e.Identities))

  213. 	for _, ident := range e.Identities {

  214. 		email := strings.ToLower(strings.TrimSpace(ident.UserId.Email))

  215. 		for _, e := range userEmails {

  216. 			if e.Email == email {

  217. 				emails = append(emails, e)

  218. 				break

  219. 			}

  220. 		}

  221. 	}

  222. 

  223. 	//In the case no email as been found

  224. 	if len(emails) == 0 {

  225. 		failedEmails := make([]string, 0, len(e.Identities))

  226. 		for _, ident := range e.Identities {

  227. 			failedEmails = append(failedEmails, ident.UserId.Email)

  228. 		}

  229. 		return nil, ErrGPGNoEmailFound{failedEmails}

  230. 	}

  231. 

  232. 	content, err := base64EncPubKey(pubkey)

  233. 	if err != nil {

  234. 		return nil, err

  235. 	}

  236. 	return &GPGKey{

  237. 		OwnerID:           ownerID,

  238. 		KeyID:             pubkey.KeyIdString(),

  239. 		PrimaryKeyID:      "",

  240. 		Content:           content,

  241. 		Created:           pubkey.CreationTime,

  242. 		Expired:           expiry,

  243. 		Emails:            emails,

  244. 		SubsKey:           subkeys,

  245. 		CanSign:           pubkey.CanSign(),

  246. 		CanEncryptComms:   pubkey.PubKeyAlgo.CanEncrypt(),

  247. 		CanEncryptStorage: pubkey.PubKeyAlgo.CanEncrypt(),

  248. 		CanCertify:        pubkey.PubKeyAlgo.CanSign(),

  249. 	}, nil

  250. }

  251. 

  252. // deleteGPGKey does the actual key deletion

  253. func deleteGPGKey(e *xorm.Session, keyID string) (int64, error) {

  254. 	if keyID == "" {

  255. 		return 0, fmt.Errorf("empty KeyId forbidden") //Should never happen but just to be sure

  256. 	}

  257. 	return e.Where("key_id=?", keyID).Or("primary_key_id=?", keyID).Delete(new(GPGKey))

  258. }

  259. 

  260. // DeleteGPGKey deletes GPG key information in database.

  261. func DeleteGPGKey(doer *User, id int64) (err error) {

  262. 	key, err := GetGPGKeyByID(id)

  263. 	if err != nil {

  264. 		if IsErrGPGKeyNotExist(err) {

  265. 			return nil

  266. 		}

  267. 		return fmt.Errorf("GetPublicKeyByID: %v", err)

  268. 	}

  269. 

  270. 	// Check if user has access to delete this key.

  271. 	if !doer.IsAdmin && doer.ID != key.OwnerID {

  272. 		return ErrGPGKeyAccessDenied{doer.ID, key.ID}

  273. 	}

  274. 

  275. 	sess := x.NewSession()

  276. 	defer sess.Close()

  277. 	if err = sess.Begin(); err != nil {

  278. 		return err

  279. 	}

  280. 

  281. 	if _, err = deleteGPGKey(sess, key.KeyID); err != nil {

  282. 		return err

  283. 	}

  284. 

  285. 	if err = sess.Commit(); err != nil {

  286. 		return err

  287. 	}

  288. 

  289. 	return nil

  290. }

  291. 

  292. // CommitVerification represents a commit validation of signature

  293. type CommitVerification struct {

  294. 	Verified    bool

  295. 	Reason      string

  296. 	SigningUser *User

  297. 	SigningKey  *GPGKey

  298. }

  299. 

  300. // SignCommit represents a commit with validation of signature.

  301. type SignCommit struct {

  302. 	Verification *CommitVerification

  303. 	*UserCommit

  304. }

  305. 

  306. func readerFromBase64(s string) (io.Reader, error) {

  307. 	bs, err := base64.StdEncoding.DecodeString(s)

  308. 	if err != nil {

  309. 		return nil, err

  310. 	}

  311. 	return bytes.NewBuffer(bs), nil

  312. }

  313. 

  314. func populateHash(hashFunc crypto.Hash, msg []byte) (hash.Hash, error) {

  315. 	h := hashFunc.New()

  316. 	if _, err := h.Write(msg); err != nil {

  317. 		return nil, err

  318. 	}

  319. 	return h, nil

  320. }

  321. 

  322. // readArmoredSign read an armored signature block with the given type. https://sourcegraph.com/github.com/golang/crypto/-/blob/openpgp/read.go#L24:6-24:17

  323. func readArmoredSign(r io.Reader) (body io.Reader, err error) {

  324. 	block, err := armor.Decode(r)

  325. 	if err != nil {

  326. 		return

  327. 	}

  328. 	if block.Type != openpgp.SignatureType {

  329. 		return nil, fmt.Errorf("expected '" + openpgp.SignatureType + "', got: " + block.Type)

  330. 	}

  331. 	return block.Body, nil

  332. }

  333. 

  334. func extractSignature(s string) (*packet.Signature, error) {

  335. 	r, err := readArmoredSign(strings.NewReader(s))

  336. 	if err != nil {

  337. 		return nil, fmt.Errorf("Failed to read signature armor")

  338. 	}

  339. 	p, err := packet.Read(r)

  340. 	if err != nil {

  341. 		return nil, fmt.Errorf("Failed to read signature packet")

  342. 	}

  343. 	sig, ok := p.(*packet.Signature)

  344. 	if !ok {

  345. 		return nil, fmt.Errorf("Packet is not a signature")

  346. 	}

  347. 	return sig, nil

  348. }

  349. 

  350. func verifySign(s *packet.Signature, h hash.Hash, k *GPGKey) error {

  351. 	//Check if key can sign

  352. 	if !k.CanSign {

  353. 		return fmt.Errorf("key can not sign")

  354. 	}

  355. 	//Decode key

  356. 	b, err := readerFromBase64(k.Content)

  357. 	if err != nil {

  358. 		return err

  359. 	}

  360. 	//Read key

  361. 	p, err := packet.Read(b)

  362. 	if err != nil {

  363. 		return err

  364. 	}

  365. 

  366. 	//Check type

  367. 	pkey, ok := p.(*packet.PublicKey)

  368. 	if !ok {

  369. 		return fmt.Errorf("key is not a public key")

  370. 	}

  371. 

  372. 	return pkey.VerifySignature(h, s)

  373. }

  374. 

  375. // ParseCommitWithSignature check if signature is good against keystore.

  376. func ParseCommitWithSignature(c *git.Commit) *CommitVerification {

  377. 	if c.Signature != nil {

  378. 		//Parsing signature

  379. 		sig, err := extractSignature(c.Signature.Signature)

  380. 		if err != nil { //Skipping failed to extract sign

  381. 			log.Error(3, "SignatureRead err: %v", err)

  382. 			return &CommitVerification{

  383. 				Verified: false,

  384. 				Reason:   "gpg.error.extract_sign",

  385. 			}

  386. 		}

  387. 

  388. 		//Find Committer account

  389. 		committer, err := GetUserByEmail(c.Committer.Email) //This find the user by primary email or activated email so commit will not be valid if email is not

  390. 		if err != nil {                                     //Skipping not user for commiter

  391. 			log.Error(3, "NoCommitterAccount: %v", err)

  392. 			return &CommitVerification{

  393. 				Verified: false,

  394. 				Reason:   "gpg.error.no_committer_account",

  395. 			}

  396. 		}

  397. 

  398. 		keys, err := ListGPGKeys(committer.ID)

  399. 		if err != nil { //Skipping failed to get gpg keys of user

  400. 			log.Error(3, "ListGPGKeys: %v", err)

  401. 			return &CommitVerification{

  402. 				Verified: false,

  403. 				Reason:   "gpg.error.failed_retrieval_gpg_keys",

  404. 			}

  405. 		}

  406. 

  407. 		for _, k := range keys {

  408. 			//Pre-check (& optimization) that emails attached to key can be attached to the commiter email and can validate

  409. 			canValidate := false

  410. 			for _, e := range k.Emails {

  411. 				if e.IsActivated && e.Email == c.Committer.Email {

  412. 					canValidate = true

  413. 					break

  414. 				}

  415. 			}

  416. 			if !canValidate {

  417. 				continue //Skip this key

  418. 			}

  419. 

  420. 			//Generating hash of commit

  421. 			hash, err := populateHash(sig.Hash, []byte(c.Signature.Payload))

  422. 			if err != nil { //Skipping ailed to generate hash

  423. 				log.Error(3, "PopulateHash: %v", err)

  424. 				return &CommitVerification{

  425. 					Verified: false,

  426. 					Reason:   "gpg.error.generate_hash",

  427. 				}

  428. 			}

  429. 			//We get PK

  430. 			if err := verifySign(sig, hash, k); err == nil {

  431. 				return &CommitVerification{ //Everything is ok

  432. 					Verified:    true,

  433. 					Reason:      fmt.Sprintf("%s <%s> / %s", c.Committer.Name, c.Committer.Email, k.KeyID),

  434. 					SigningUser: committer,

  435. 					SigningKey:  k,

  436. 				}

  437. 			}

  438. 			//And test also SubsKey

  439. 			for _, sk := range k.SubsKey {

  440. 

  441. 				//Generating hash of commit

  442. 				hash, err := populateHash(sig.Hash, []byte(c.Signature.Payload))

  443. 				if err != nil { //Skipping ailed to generate hash

  444. 					log.Error(3, "PopulateHash: %v", err)

  445. 					return &CommitVerification{

  446. 						Verified: false,

  447. 						Reason:   "gpg.error.generate_hash",

  448. 					}

  449. 				}

  450. 				if err := verifySign(sig, hash, sk); err == nil {

  451. 					return &CommitVerification{ //Everything is ok

  452. 						Verified:    true,

  453. 						Reason:      fmt.Sprintf("%s <%s> / %s", c.Committer.Name, c.Committer.Email, sk.KeyID),

  454. 						SigningUser: committer,

  455. 						SigningKey:  sk,

  456. 					}

  457. 				}

  458. 			}

  459. 		}

  460. 		return &CommitVerification{ //Default at this stage

  461. 			Verified: false,

  462. 			Reason:   "gpg.error.no_gpg_keys_found",

  463. 		}

  464. 	}

  465. 

  466. 	return &CommitVerification{

  467. 		Verified: false,                         //Default value

  468. 		Reason:   "gpg.error.not_signed_commit", //Default value

  469. 	}

  470. }

  471. 

  472. // ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys.

  473. func ParseCommitsWithSignature(oldCommits *list.List) *list.List {

  474. 	var (

  475. 		newCommits = list.New()

  476. 		e          = oldCommits.Front()

  477. 	)

  478. 	for e != nil {

  479. 		c := e.Value.(UserCommit)

  480. 		newCommits.PushBack(SignCommit{

  481. 			UserCommit:   &c,

  482. 			Verification: ParseCommitWithSignature(c.Commit),

  483. 		})

  484. 		e = e.Next()

  485. 	}

  486. 	return newCommits

  487. }