bench-forgejo/models/asymkey/ssh_key_commit_verification.go

// Copyright 2021 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package asymkey

import (
	"bytes"
	"fmt"
	"strings"

	"code.gitea.io/gitea/models/db"
	user_model "code.gitea.io/gitea/models/user"
	"code.gitea.io/gitea/modules/git"
	"code.gitea.io/gitea/modules/log"

	"github.com/42wim/sshsig"
)

// ParseCommitWithSSHSignature check if signature is good against keystore.
func ParseCommitWithSSHSignature(c *git.Commit, committer *user_model.User) *CommitVerification {
	// Now try to associate the signature with the committer, if present
	if committer.ID != 0 {
		keys, err := ListPublicKeys(committer.ID, db.ListOptions{})
		if err != nil { // Skipping failed to get ssh keys of user
			log.Error("ListPublicKeys: %v", err)
			return &CommitVerification{
				CommittingUser: committer,
				Verified:       false,
				Reason:         "gpg.error.failed_retrieval_gpg_keys",
			}
		}

		committerEmailAddresses, err := user_model.GetEmailAddresses(committer.ID)
		if err != nil {
			log.Error("GetEmailAddresses: %v", err)
		}

		activated := false
		for _, e := range committerEmailAddresses {
			if e.IsActivated && strings.EqualFold(e.Email, c.Committer.Email) {
				activated = true
				break
			}
		}

		for _, k := range keys {
			if k.Verified && activated {
				commitVerification := verifySSHCommitVerification(c.Signature.Signature, c.Signature.Payload, k, committer, committer, c.Committer.Email)
				if commitVerification != nil {
					return commitVerification
				}
			}
		}
	}

	return &CommitVerification{
		CommittingUser: committer,
		Verified:       false,
		Reason:         NoKeyFound,
	}
}

func verifySSHCommitVerification(sig, payload string, k *PublicKey, committer, signer *user_model.User, email string) *CommitVerification {
	if err := sshsig.Verify(bytes.NewBuffer([]byte(payload)), []byte(sig), []byte(k.Content), "git"); err != nil {
		return nil
	}

	return &CommitVerification{ // Everything is ok
		CommittingUser: committer,
		Verified:       true,
		Reason:         fmt.Sprintf("%s / %s", signer.Name, k.Fingerprint),
		SigningUser:    signer,
		SigningSSHKey:  k,
		SigningEmail:   email,
	}
}
Add support for ssh commit signing (#17743) * Add support for ssh commit signing * Split out ssh verification to separate file * Show ssh key fingerprint on commit page * Update sshsig lib * Make sure we verify against correct namespace * Add ssh public key verification via ssh signatures When adding a public ssh key also validate that this user actually owns the key by signing a token with the private key. * Remove some gpg references and make verify key optional * Fix spaces indentation * Update options/locale/locale_en-US.ini Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update templates/user/settings/keys_ssh.tmpl Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update options/locale/locale_en-US.ini Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update options/locale/locale_en-US.ini Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update models/ssh_key_commit_verification.go Co-authored-by: Gusted <williamzijl7@hotmail.com> * Reword ssh/gpg_key_success message * Change Badsignature to NoKeyFound * Add sign/verify tests * Fix upstream api changes to user_model User * Match exact on SSH signature * Fix code review remarks Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2021-12-19 11:07:18 +05:30			`// Copyright 2021 The Gitea Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package asymkey`

			`import (`
			`"bytes"`
			`"fmt"`
			`"strings"`

			`"code.gitea.io/gitea/models/db"`
			`user_model "code.gitea.io/gitea/models/user"`
			`"code.gitea.io/gitea/modules/git"`
			`"code.gitea.io/gitea/modules/log"`

			`"github.com/42wim/sshsig"`
			`)`

			`// ParseCommitWithSSHSignature check if signature is good against keystore.`
			`func ParseCommitWithSSHSignature(c git.Commit, committer user_model.User) *CommitVerification {`
			`// Now try to associate the signature with the committer, if present`
			`if committer.ID != 0 {`
			`keys, err := ListPublicKeys(committer.ID, db.ListOptions{})`
			`if err != nil { // Skipping failed to get ssh keys of user`
			`log.Error("ListPublicKeys: %v", err)`
			`return &CommitVerification{`
			`CommittingUser: committer,`
			`Verified: false,`
			`Reason: "gpg.error.failed_retrieval_gpg_keys",`
			`}`
			`}`

			`committerEmailAddresses, err := user_model.GetEmailAddresses(committer.ID)`
			`if err != nil {`
			`log.Error("GetEmailAddresses: %v", err)`
			`}`

			`activated := false`
			`for _, e := range committerEmailAddresses {`
			`if e.IsActivated && strings.EqualFold(e.Email, c.Committer.Email) {`
			`activated = true`
			`break`
			`}`
			`}`

			`for _, k := range keys {`
			`if k.Verified && activated {`
			`commitVerification := verifySSHCommitVerification(c.Signature.Signature, c.Signature.Payload, k, committer, committer, c.Committer.Email)`
			`if commitVerification != nil {`
			`return commitVerification`
			`}`
			`}`
			`}`
			`}`

			`return &CommitVerification{`
			`CommittingUser: committer,`
			`Verified: false,`
			`Reason: NoKeyFound,`
			`}`
			`}`

			`func verifySSHCommitVerification(sig, payload string, k PublicKey, committer, signer user_model.User, email string) *CommitVerification {`
			`if err := sshsig.Verify(bytes.NewBuffer([]byte(payload)), []byte(sig), []byte(k.Content), "git"); err != nil {`
			`return nil`
			`}`

			`return &CommitVerification{ // Everything is ok`
			`CommittingUser: committer,`
			`Verified: true,`
			`Reason: fmt.Sprintf("%s / %s", signer.Name, k.Fingerprint),`
			`SigningUser: signer,`
			`SigningSSHKey: k,`
			`SigningEmail: email,`
			`}`
			`}`