gpg-interface.h at reftables-rust · freshlybakedca.ke/git

freshlybakedca.ke / git
fork atom
Git fork
fork atom
git / gpg-interface.h
at reftables-rust 122 lines 3.1 kB view raw
wrap content
Christian Couder gpg-interface: refactor 'enum sign_mode' parsing 5mo ago
2f8fd208
  1#ifndef GPG_INTERFACE_H
  2#define GPG_INTERFACE_H
  3
  4struct strbuf;
  5
  6#define GPG_VERIFY_VERBOSE		1
  7#define GPG_VERIFY_RAW			2
  8#define GPG_VERIFY_OMIT_STATUS	4
  9
 10enum signature_trust_level {
 11	TRUST_UNDEFINED,
 12	TRUST_NEVER,
 13	TRUST_MARGINAL,
 14	TRUST_FULLY,
 15	TRUST_ULTIMATE,
 16};
 17
 18enum payload_type {
 19	SIGNATURE_PAYLOAD_UNDEFINED,
 20	SIGNATURE_PAYLOAD_COMMIT,
 21	SIGNATURE_PAYLOAD_TAG,
 22	SIGNATURE_PAYLOAD_PUSH_CERT,
 23};
 24
 25struct signature_check {
 26	char *payload;
 27	size_t payload_len;
 28	enum payload_type payload_type;
 29	timestamp_t payload_timestamp;
 30	char *output;
 31	char *gpg_status;
 32
 33	/*
 34	 * possible "result":
 35	 * 0 (not checked)
 36	 * N (checked but no further result)
 37	 * G (good)
 38	 * B (bad)
 39	 */
 40	char result;
 41	char *signer;
 42	char *key;
 43	char *fingerprint;
 44	char *primary_key_fingerprint;
 45	enum signature_trust_level trust_level;
 46};
 47
 48void signature_check_clear(struct signature_check *sigc);
 49
 50/*
 51 * Return the format of the signature (like "openpgp", "x509", "ssh"
 52 * or "unknown").
 53 */
 54const char *get_signature_format(const char *buf);
 55
 56/*
 57 * Is the signature format valid (like "openpgp", "x509", "ssh" or
 58 * "unknown")
 59 */
 60int valid_signature_format(const char *format);
 61
 62/*
 63 * Look at a GPG signed tag object.  If such a signature exists, store it in
 64 * signature and the signed content in payload.  Return 1 if a signature was
 65 * found, and 0 otherwise.
 66 */
 67int parse_signature(const char *buf, size_t size, struct strbuf *payload, struct strbuf *signature);
 68
 69/*
 70 * Look at GPG signed content (e.g. a signed tag object), whose
 71 * payload is followed by a detached signature on it.  Return the
 72 * offset where the embedded detached signature begins, or the end of
 73 * the data when there is no such signature.
 74 */
 75size_t parse_signed_buffer(const char *buf, size_t size);
 76
 77/*
 78 * Create a detached signature for the contents of "buffer" and append
 79 * it after "signature"; "buffer" and "signature" can be the same
 80 * strbuf instance, which would cause the detached signature appended
 81 * at the end.  Returns 0 on success, non-zero on failure.
 82 */
 83int sign_buffer(struct strbuf *buffer, struct strbuf *signature,
 84		const char *signing_key);
 85
 86
 87/*
 88 * Returns corresponding string in lowercase for a given member of
 89 * enum signature_trust_level. For example, `TRUST_ULTIMATE` will
 90 * return "ultimate".
 91 */
 92const char *gpg_trust_level_to_str(enum signature_trust_level level);
 93
 94void set_signing_key(const char *);
 95char *get_signing_key(void);
 96
 97/*
 98 * Returns a textual unique representation of the signing key in use
 99 * Either a GPG KeyID or a SSH Key Fingerprint
100 */
101char *get_signing_key_id(void);
102int check_signature(struct signature_check *sigc,
103		    const char *signature, size_t slen);
104void print_signature_buffer(const struct signature_check *sigc,
105			    unsigned flags);
106
107/* Modes for --signed-tags=<mode> and --signed-commits=<mode> options. */
108enum sign_mode {
109	SIGN_ABORT,
110	SIGN_WARN_VERBATIM,
111	SIGN_VERBATIM,
112	SIGN_WARN_STRIP,
113	SIGN_STRIP,
114};
115
116/*
117 * Return 0 if `arg` can be parsed into an `enum sign_mode`. Return -1
118 * otherwise.
119 */
120int parse_sign_mode(const char *arg, enum sign_mode *mode);
121
122#endif