mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5335 Commits
17 Branches
Tree: ff7424179e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ff7424179e'
${ noResults }
gitea/models/gpg_key.go

gpg_key.go 12KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"bytes"

  9. 	"container/list"

  10. 	"crypto"

  11. 	"encoding/base64"

  12. 	"fmt"

  13. 	"hash"

  14. 	"io"

  15. 	"strings"

  16. 	"time"

  17. 

  18. 	"code.gitea.io/git"

  19. 	"code.gitea.io/gitea/modules/log"

  20. 

  21. 	"github.com/go-xorm/xorm"

  22. 	"golang.org/x/crypto/openpgp"

  23. 	"golang.org/x/crypto/openpgp/armor"

  24. 	"golang.org/x/crypto/openpgp/packet"

  25. )

  26. 

  27. // GPGKey represents a GPG key.

  28. type GPGKey struct {

  29. 	ID                int64     `xorm:"pk autoincr"`

  30. 	OwnerID           int64     `xorm:"INDEX NOT NULL"`

  31. 	KeyID             string    `xorm:"INDEX CHAR(16) NOT NULL"`

  32. 	PrimaryKeyID      string    `xorm:"CHAR(16)"`

  33. 	Content           string    `xorm:"TEXT NOT NULL"`

  34. 	Created           time.Time `xorm:"-"`

  35. 	CreatedUnix       int64

  36. 	Expired           time.Time `xorm:"-"`

  37. 	ExpiredUnix       int64

  38. 	Added             time.Time `xorm:"-"`

  39. 	AddedUnix         int64

  40. 	SubsKey           []*GPGKey `xorm:"-"`

  41. 	Emails            []*EmailAddress

  42. 	CanSign           bool

  43. 	CanEncryptComms   bool

  44. 	CanEncryptStorage bool

  45. 	CanCertify        bool

  46. }

  47. 

  48. // BeforeInsert will be invoked by XORM before inserting a record

  49. func (key *GPGKey) BeforeInsert() {

  50. 	key.AddedUnix = time.Now().Unix()

  51. 	key.ExpiredUnix = key.Expired.Unix()

  52. 	key.CreatedUnix = key.Created.Unix()

  53. }

  54. 

  55. // AfterSet is invoked from XORM after setting the value of a field of this object.

  56. func (key *GPGKey) AfterSet(colName string, _ xorm.Cell) {

  57. 	switch colName {

  58. 	case "key_id":

  59. 		x.Where("primary_key_id=?", key.KeyID).Find(&key.SubsKey)

  60. 	case "added_unix":

  61. 		key.Added = time.Unix(key.AddedUnix, 0).Local()

  62. 	case "expired_unix":

  63. 		key.Expired = time.Unix(key.ExpiredUnix, 0).Local()

  64. 	case "created_unix":

  65. 		key.Created = time.Unix(key.CreatedUnix, 0).Local()

  66. 	}

  67. }

  68. 

  69. // ListGPGKeys returns a list of public keys belongs to given user.

  70. func ListGPGKeys(uid int64) ([]*GPGKey, error) {

  71. 	keys := make([]*GPGKey, 0, 5)

  72. 	return keys, x.Where("owner_id=? AND primary_key_id=''", uid).Find(&keys)

  73. }

  74. 

  75. // GetGPGKeyByID returns public key by given ID.

  76. func GetGPGKeyByID(keyID int64) (*GPGKey, error) {

  77. 	key := new(GPGKey)

  78. 	has, err := x.Id(keyID).Get(key)

  79. 	if err != nil {

  80. 		return nil, err

  81. 	} else if !has {

  82. 		return nil, ErrGPGKeyNotExist{keyID}

  83. 	}

  84. 	return key, nil

  85. }

  86. 

  87. // checkArmoredGPGKeyString checks if the given key string is a valid GPG armored key.

  88. // The function returns the actual public key on success

  89. func checkArmoredGPGKeyString(content string) (*openpgp.Entity, error) {

  90. 	list, err := openpgp.ReadArmoredKeyRing(strings.NewReader(content))

  91. 	if err != nil {

  92. 		return nil, ErrGPGKeyParsing{err}

  93. 	}

  94. 	return list[0], nil

  95. }

  96. 

  97. //addGPGKey add key and subkeys to database

  98. func addGPGKey(e Engine, key *GPGKey) (err error) {

  99. 	// Save GPG primary key.

  100. 	if _, err = e.Insert(key); err != nil {

  101. 		return err

  102. 	}

  103. 	// Save GPG subs key.

  104. 	for _, subkey := range key.SubsKey {

  105. 		if err := addGPGKey(e, subkey); err != nil {

  106. 			return err

  107. 		}

  108. 	}

  109. 	return nil

  110. }

  111. 

  112. // AddGPGKey adds new public key to database.

  113. func AddGPGKey(ownerID int64, content string) (*GPGKey, error) {

  114. 	ekey, err := checkArmoredGPGKeyString(content)

  115. 	if err != nil {

  116. 		return nil, err

  117. 	}

  118. 

  119. 	// Key ID cannot be duplicated.

  120. 	has, err := x.Where("key_id=?", ekey.PrimaryKey.KeyIdString()).

  121. 		Get(new(GPGKey))

  122. 	if err != nil {

  123. 		return nil, err

  124. 	} else if has {

  125. 		return nil, ErrGPGKeyIDAlreadyUsed{ekey.PrimaryKey.KeyIdString()}

  126. 	}

  127. 

  128. 	//Get DB session

  129. 	sess := x.NewSession()

  130. 	defer sessionRelease(sess)

  131. 	if err = sess.Begin(); err != nil {

  132. 		return nil, err

  133. 	}

  134. 

  135. 	key, err := parseGPGKey(ownerID, ekey)

  136. 	if err != nil {

  137. 		return nil, err

  138. 	}

  139. 

  140. 	if err = addGPGKey(sess, key); err != nil {

  141. 		return nil, err

  142. 	}

  143. 

  144. 	return key, sess.Commit()

  145. }

  146. 

  147. //base64EncPubKey encode public kay content to base 64

  148. func base64EncPubKey(pubkey *packet.PublicKey) (string, error) {

  149. 	var w bytes.Buffer

  150. 	err := pubkey.Serialize(&w)

  151. 	if err != nil {

  152. 		return "", err

  153. 	}

  154. 	return base64.StdEncoding.EncodeToString(w.Bytes()), nil

  155. }

  156. 

  157. //parseSubGPGKey parse a sub Key

  158. func parseSubGPGKey(ownerID int64, primaryID string, pubkey *packet.PublicKey, expiry time.Time) (*GPGKey, error) {

  159. 	content, err := base64EncPubKey(pubkey)

  160. 	if err != nil {

  161. 		return nil, err

  162. 	}

  163. 	return &GPGKey{

  164. 		OwnerID:           ownerID,

  165. 		KeyID:             pubkey.KeyIdString(),

  166. 		PrimaryKeyID:      primaryID,

  167. 		Content:           content,

  168. 		Created:           pubkey.CreationTime,

  169. 		Expired:           expiry,

  170. 		CanSign:           pubkey.CanSign(),

  171. 		CanEncryptComms:   pubkey.PubKeyAlgo.CanEncrypt(),

  172. 		CanEncryptStorage: pubkey.PubKeyAlgo.CanEncrypt(),

  173. 		CanCertify:        pubkey.PubKeyAlgo.CanSign(),

  174. 	}, nil

  175. }

  176. 

  177. //parseGPGKey parse a PrimaryKey entity (primary key + subs keys + self-signature)

  178. func parseGPGKey(ownerID int64, e *openpgp.Entity) (*GPGKey, error) {

  179. 	pubkey := e.PrimaryKey

  180. 

  181. 	//Extract self-sign for expire date based on : https://github.com/golang/crypto/blob/master/openpgp/keys.go#L165

  182. 	var selfSig *packet.Signature

  183. 	for _, ident := range e.Identities {

  184. 		if selfSig == nil {

  185. 			selfSig = ident.SelfSignature

  186. 		} else if ident.SelfSignature.IsPrimaryId != nil && *ident.SelfSignature.IsPrimaryId {

  187. 			selfSig = ident.SelfSignature

  188. 			break

  189. 		}

  190. 	}

  191. 	expiry := time.Time{}

  192. 	if selfSig.KeyLifetimeSecs != nil {

  193. 		expiry = selfSig.CreationTime.Add(time.Duration(*selfSig.KeyLifetimeSecs) * time.Second)

  194. 	}

  195. 

  196. 	//Parse Subkeys

  197. 	subkeys := make([]*GPGKey, len(e.Subkeys))

  198. 	for i, k := range e.Subkeys {

  199. 		subs, err := parseSubGPGKey(ownerID, pubkey.KeyIdString(), k.PublicKey, expiry)

  200. 		if err != nil {

  201. 			return nil, err

  202. 		}

  203. 		subkeys[i] = subs

  204. 	}

  205. 

  206. 	//Check emails

  207. 	userEmails, err := GetEmailAddresses(ownerID)

  208. 	if err != nil {

  209. 		return nil, err

  210. 	}

  211. 	emails := make([]*EmailAddress, len(e.Identities))

  212. 	n := 0

  213. 	for _, ident := range e.Identities {

  214. 

  215. 		for _, e := range userEmails {

  216. 			if e.Email == ident.UserId.Email && e.IsActivated {

  217. 				emails[n] = e

  218. 				break

  219. 			}

  220. 		}

  221. 		if emails[n] == nil {

  222. 			return nil, ErrGPGEmailNotFound{ident.UserId.Email}

  223. 		}

  224. 		n++

  225. 	}

  226. 	content, err := base64EncPubKey(pubkey)

  227. 	if err != nil {

  228. 		return nil, err

  229. 	}

  230. 	return &GPGKey{

  231. 		OwnerID:           ownerID,

  232. 		KeyID:             pubkey.KeyIdString(),

  233. 		PrimaryKeyID:      "",

  234. 		Content:           content,

  235. 		Created:           pubkey.CreationTime,

  236. 		Expired:           expiry,

  237. 		Emails:            emails,

  238. 		SubsKey:           subkeys,

  239. 		CanSign:           pubkey.CanSign(),

  240. 		CanEncryptComms:   pubkey.PubKeyAlgo.CanEncrypt(),

  241. 		CanEncryptStorage: pubkey.PubKeyAlgo.CanEncrypt(),

  242. 		CanCertify:        pubkey.PubKeyAlgo.CanSign(),

  243. 	}, nil

  244. }

  245. 

  246. // deleteGPGKey does the actual key deletion

  247. func deleteGPGKey(e *xorm.Session, keyID string) (int64, error) {

  248. 	if keyID == "" {

  249. 		return 0, fmt.Errorf("empty KeyId forbidden") //Should never happen but just to be sure

  250. 	}

  251. 	return e.Where("key_id=?", keyID).Or("primary_key_id=?", keyID).Delete(new(GPGKey))

  252. }

  253. 

  254. // DeleteGPGKey deletes GPG key information in database.

  255. func DeleteGPGKey(doer *User, id int64) (err error) {

  256. 	key, err := GetGPGKeyByID(id)

  257. 	if err != nil {

  258. 		if IsErrGPGKeyNotExist(err) {

  259. 			return nil

  260. 		}

  261. 		return fmt.Errorf("GetPublicKeyByID: %v", err)

  262. 	}

  263. 

  264. 	// Check if user has access to delete this key.

  265. 	if !doer.IsAdmin && doer.ID != key.OwnerID {

  266. 		return ErrGPGKeyAccessDenied{doer.ID, key.ID}

  267. 	}

  268. 

  269. 	sess := x.NewSession()

  270. 	defer sessionRelease(sess)

  271. 	if err = sess.Begin(); err != nil {

  272. 		return err

  273. 	}

  274. 

  275. 	if _, err = deleteGPGKey(sess, key.KeyID); err != nil {

  276. 		return err

  277. 	}

  278. 

  279. 	if err = sess.Commit(); err != nil {

  280. 		return err

  281. 	}

  282. 

  283. 	return nil

  284. }

  285. 

  286. // CommitVerification represents a commit validation of signature

  287. type CommitVerification struct {

  288. 	Verified    bool

  289. 	Reason      string

  290. 	SigningUser *User

  291. 	SigningKey  *GPGKey

  292. }

  293. 

  294. // SignCommit represents a commit with validation of signature.

  295. type SignCommit struct {

  296. 	Verification *CommitVerification

  297. 	*UserCommit

  298. }

  299. 

  300. func readerFromBase64(s string) (io.Reader, error) {

  301. 	bs, err := base64.StdEncoding.DecodeString(s)

  302. 	if err != nil {

  303. 		return nil, err

  304. 	}

  305. 	return bytes.NewBuffer(bs), nil

  306. }

  307. 

  308. func populateHash(hashFunc crypto.Hash, msg []byte) (hash.Hash, error) {

  309. 	h := hashFunc.New()

  310. 	if _, err := h.Write(msg); err != nil {

  311. 		return nil, err

  312. 	}

  313. 	return h, nil

  314. }

  315. 

  316. // readArmoredSign read an armored signature block with the given type. https://sourcegraph.com/github.com/golang/crypto/-/blob/openpgp/read.go#L24:6-24:17

  317. func readArmoredSign(r io.Reader) (body io.Reader, err error) {

  318. 	block, err := armor.Decode(r)

  319. 	if err != nil {

  320. 		return

  321. 	}

  322. 	if block.Type != openpgp.SignatureType {

  323. 		return nil, fmt.Errorf("expected '" + openpgp.SignatureType + "', got: " + block.Type)

  324. 	}

  325. 	return block.Body, nil

  326. }

  327. 

  328. func extractSignature(s string) (*packet.Signature, error) {

  329. 	r, err := readArmoredSign(strings.NewReader(s))

  330. 	if err != nil {

  331. 		return nil, fmt.Errorf("Failed to read signature armor")

  332. 	}

  333. 	p, err := packet.Read(r)

  334. 	if err != nil {

  335. 		return nil, fmt.Errorf("Failed to read signature packet")

  336. 	}

  337. 	sig, ok := p.(*packet.Signature)

  338. 	if !ok {

  339. 		return nil, fmt.Errorf("Packet is not a signature")

  340. 	}

  341. 	return sig, nil

  342. }

  343. 

  344. func verifySign(s *packet.Signature, h hash.Hash, k *GPGKey) error {

  345. 	//Check if key can sign

  346. 	if !k.CanSign {

  347. 		return fmt.Errorf("key can not sign")

  348. 	}

  349. 	//Decode key

  350. 	b, err := readerFromBase64(k.Content)

  351. 	if err != nil {

  352. 		return err

  353. 	}

  354. 	//Read key

  355. 	p, err := packet.Read(b)

  356. 	if err != nil {

  357. 		return err

  358. 	}

  359. 

  360. 	//Check type

  361. 	pkey, ok := p.(*packet.PublicKey)

  362. 	if !ok {

  363. 		return fmt.Errorf("key is not a public key")

  364. 	}

  365. 

  366. 	return pkey.VerifySignature(h, s)

  367. }

  368. 

  369. // ParseCommitWithSignature check if signature is good against keystore.

  370. func ParseCommitWithSignature(c *git.Commit) *CommitVerification {

  371. 

  372. 	if c.Signature != nil {

  373. 

  374. 		//Parsing signature

  375. 		sig, err := extractSignature(c.Signature.Signature)

  376. 		if err != nil { //Skipping failed to extract sign

  377. 			log.Error(3, "SignatureRead err: %v", err)

  378. 			return &CommitVerification{

  379. 				Verified: false,

  380. 				Reason:   "gpg.error.extract_sign",

  381. 			}

  382. 		}

  383. 

  384. 		//Find Committer account

  385. 		committer, err := GetUserByEmail(c.Committer.Email)

  386. 		if err != nil { //Skipping not user for commiter

  387. 			log.Error(3, "NoCommitterAccount: %v", err)

  388. 			return &CommitVerification{

  389. 				Verified: false,

  390. 				Reason:   "gpg.error.no_committer_account",

  391. 			}

  392. 		}

  393. 

  394. 		keys, err := ListGPGKeys(committer.ID)

  395. 		if err != nil || len(keys) == 0 { //Skipping failed to get gpg keys of user

  396. 			log.Error(3, "ListGPGKeys: %v", err)

  397. 			return &CommitVerification{

  398. 				Verified: false,

  399. 				Reason:   "gpg.error.failed_retrieval_gpg_keys",

  400. 			}

  401. 		}

  402. 

  403. 		for _, k := range keys {

  404. 			//Generating hash of commit

  405. 			hash, err := populateHash(sig.Hash, []byte(c.Signature.Payload))

  406. 			if err != nil { //Skipping ailed to generate hash

  407. 				log.Error(3, "PopulateHash: %v", err)

  408. 				return &CommitVerification{

  409. 					Verified: false,

  410. 					Reason:   "gpg.error.generate_hash",

  411. 				}

  412. 			}

  413. 			//We get PK

  414. 			if err := verifySign(sig, hash, k); err == nil {

  415. 				return &CommitVerification{ //Everything is ok

  416. 					Verified:    true,

  417. 					Reason:      fmt.Sprintf("%s <%s> / %s", c.Committer.Name, c.Committer.Email, k.KeyID),

  418. 					SigningUser: committer,

  419. 					SigningKey:  k,

  420. 				}

  421. 			}

  422. 			//And test also SubsKey

  423. 			for _, sk := range k.SubsKey {

  424. 

  425. 				//Generating hash of commit

  426. 				hash, err := populateHash(sig.Hash, []byte(c.Signature.Payload))

  427. 				if err != nil { //Skipping ailed to generate hash

  428. 					log.Error(3, "PopulateHash: %v", err)

  429. 					return &CommitVerification{

  430. 						Verified: false,

  431. 						Reason:   "gpg.error.generate_hash",

  432. 					}

  433. 				}

  434. 				if err := verifySign(sig, hash, sk); err == nil {

  435. 					return &CommitVerification{ //Everything is ok

  436. 						Verified:    true,

  437. 						Reason:      fmt.Sprintf("%s <%s> / %s", c.Committer.Name, c.Committer.Email, sk.KeyID),

  438. 						SigningUser: committer,

  439. 						SigningKey:  sk,

  440. 					}

  441. 				}

  442. 			}

  443. 		}

  444. 		return &CommitVerification{ //Default at this stage

  445. 			Verified: false,

  446. 			Reason:   "gpg.error.no_gpg_keys_found",

  447. 		}

  448. 	}

  449. 

  450. 	return &CommitVerification{

  451. 		Verified: false,                         //Default value

  452. 		Reason:   "gpg.error.not_signed_commit", //Default value

  453. 	}

  454. }

  455. 

  456. // ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys.

  457. func ParseCommitsWithSignature(oldCommits *list.List) *list.List {

  458. 	var (

  459. 		newCommits = list.New()

  460. 		e          = oldCommits.Front()

  461. 	)

  462. 	for e != nil {

  463. 		c := e.Value.(UserCommit)

  464. 		newCommits.PushBack(SignCommit{

  465. 			UserCommit:   &c,

  466. 			Verification: ParseCommitWithSignature(c.Commit),

  467. 		})

  468. 		e = e.Next()

  469. 	}

  470. 	return newCommits

  471. }