|
1
|
/* |
|
2
|
** Copyright (c) 2007 D. Richard Hipp |
|
3
|
** |
|
4
|
** This program is free software; you can redistribute it and/or |
|
5
|
** modify it under the terms of the Simplified BSD License (also |
|
6
|
** known as the "2-Clause License" or "FreeBSD License".) |
|
7
|
|
|
8
|
** This program is distributed in the hope that it will be useful, |
|
9
|
** but without any warranty; without even the implied warranty of |
|
10
|
** merchantability or fitness for a particular purpose. |
|
11
|
** |
|
12
|
** Author contact information: |
|
13
|
** [email protected] |
|
14
|
** http://www.hwaci.com/drh/ |
|
15
|
** |
|
16
|
******************************************************************************* |
|
17
|
** |
|
18
|
** This file contains code used to clear-sign documents using an |
|
19
|
** external gpg command. |
|
20
|
*/ |
|
21
|
#include "config.h" |
|
22
|
#include "clearsign.h" |
|
23
|
#include <assert.h> |
|
24
|
|
|
25
|
/* |
|
26
|
** Clearsign the given blob. Put the signed version in |
|
27
|
** pOut. |
|
28
|
*/ |
|
29
|
int clearsign(Blob *pIn, Blob *pOut){ |
|
30
|
char *zRand; |
|
31
|
char *zIn; |
|
32
|
char *zOut; |
|
33
|
char *zBase = db_get("pgp-command", "gpg --clearsign -o "); |
|
34
|
int useSsh = 0; |
|
35
|
char *zCmd; |
|
36
|
int rc; |
|
37
|
if( is_false(zBase) ){ |
|
38
|
return 0; |
|
39
|
} |
|
40
|
zRand = db_text(0, "SELECT hex(randomblob(10))"); |
|
41
|
zOut = mprintf("out-%s", zRand); |
|
42
|
blob_write_to_file(pIn, zOut); |
|
43
|
useSsh = (fossil_strncmp(command_basename(zBase), "ssh", 3)==0); |
|
44
|
if( useSsh ){ |
|
45
|
zIn = mprintf("out-%s.sig", zRand); |
|
46
|
zCmd = mprintf("%s %s", zBase, zOut); |
|
47
|
}else{ |
|
48
|
zIn = mprintf("in-%z", zRand); |
|
49
|
zCmd = mprintf("%s %s %s", zBase, zIn, zOut); |
|
50
|
} |
|
51
|
rc = fossil_system(zCmd); |
|
52
|
free(zCmd); |
|
53
|
if( rc==0 ){ |
|
54
|
if( pOut==pIn ){ |
|
55
|
blob_reset(pIn); |
|
56
|
} |
|
57
|
blob_zero(pOut); |
|
58
|
if( useSsh ){ |
|
59
|
/* As of 2025, SSH cannot create non-detached SSH signatures */ |
|
60
|
/* We put one together */ |
|
61
|
Blob tmpBlob; |
|
62
|
blob_zero(&tmpBlob); |
|
63
|
blob_read_from_file(&tmpBlob, zOut, ExtFILE); |
|
64
|
/* Add armor header line and manifest */ |
|
65
|
blob_appendf(pOut, "%s", "-----BEGIN SSH SIGNED MESSAGE-----\n\n"); |
|
66
|
blob_appendf(pOut, "%s", blob_str(&tmpBlob)); |
|
67
|
blob_zero(&tmpBlob); |
|
68
|
blob_read_from_file(&tmpBlob, zIn, ExtFILE); |
|
69
|
/* Add signature - already armored by SSH */ |
|
70
|
blob_appendb(pOut, &tmpBlob); |
|
71
|
}else{ |
|
72
|
/* Assume that the external command creates non-detached signatures */ |
|
73
|
blob_read_from_file(pOut, zIn, ExtFILE); |
|
74
|
} |
|
75
|
}else{ |
|
76
|
if( pOut!=pIn ){ |
|
77
|
blob_copy(pOut, pIn); |
|
78
|
} |
|
79
|
} |
|
80
|
file_delete(zOut); |
|
81
|
file_delete(zIn); |
|
82
|
free(zOut); |
|
83
|
free(zIn); |
|
84
|
return rc; |
|
85
|
} |
|
86
|
|