2016-06-24 09:30:55 +00:00
|
|
|
/* run-decrypt.c - Helper to perform a verify operation
|
|
|
|
Copyright (C) 2009 g10 Code GmbH
|
Change copyright from Intevation to BSI
* lang/cpp/src/gpggencardkeyinteractor.cpp,
lang/cpp/src/gpggencardkeyinteractor.h,
lang/cpp/src/gpgmepp_export.h,
lang/cpp/src/swdbresult.cpp,
lang/cpp/src/swdbresult.h,
lang/cpp/src/tofuinfo.cpp,
lang/cpp/src/tofuinfo.h,
lang/qt/src/abstractimportjob.h,
lang/qt/src/adduseridjob.h,
lang/qt/src/changeexpiryjob.h,
lang/qt/src/changeownertrustjob.h,
lang/qt/src/changepasswdjob.h,
lang/qt/src/cryptoconfig.cpp,
lang/qt/src/cryptoconfig.h,
lang/qt/src/dataprovider.cpp,
lang/qt/src/dataprovider.h,
lang/qt/src/decryptjob.h,
lang/qt/src/decryptverifyjob.h,
lang/qt/src/deletejob.h,
lang/qt/src/dn.cpp,
lang/qt/src/dn.h,
lang/qt/src/downloadjob.h,
lang/qt/src/encryptjob.h,
lang/qt/src/exportjob.h,
lang/qt/src/hierarchicalkeylistjob.h,
lang/qt/src/importfromkeyserverjob.h,
lang/qt/src/importjob.h,
lang/qt/src/job.cpp,
lang/qt/src/job.h,
lang/qt/src/keyformailboxjob.h,
lang/qt/src/keygenerationjob.h,
lang/qt/src/keylistjob.h,
lang/qt/src/listallkeysjob.h,
lang/qt/src/multideletejob.h,
lang/qt/src/protocol.h,
lang/qt/src/protocol_p.h,
lang/qt/src/qgpgme_export.h,
lang/qt/src/qgpgmeadduseridjob.cpp,
lang/qt/src/qgpgmeadduseridjob.h,
lang/qt/src/qgpgmebackend.cpp,
lang/qt/src/qgpgmebackend.h,
lang/qt/src/qgpgmechangeexpiryjob.cpp,
lang/qt/src/qgpgmechangeexpiryjob.h,
lang/qt/src/qgpgmechangeownertrustjob.cpp,
lang/qt/src/qgpgmechangeownertrustjob.h,
lang/qt/src/qgpgmechangepasswdjob.cpp,
lang/qt/src/qgpgmechangepasswdjob.h,
lang/qt/src/qgpgmedecryptjob.cpp,
lang/qt/src/qgpgmedecryptjob.h,
lang/qt/src/qgpgmedecryptverifyjob.cpp,
lang/qt/src/qgpgmedecryptverifyjob.h,
lang/qt/src/qgpgmedeletejob.cpp,
lang/qt/src/qgpgmedeletejob.h,
lang/qt/src/qgpgmedownloadjob.cpp,
lang/qt/src/qgpgmedownloadjob.h,
lang/qt/src/qgpgmeencryptjob.cpp,
lang/qt/src/qgpgmeencryptjob.h,
lang/qt/src/qgpgmeexportjob.cpp,
lang/qt/src/qgpgmeexportjob.h,
lang/qt/src/qgpgmeimportfromkeyserverjob.cpp,
lang/qt/src/qgpgmeimportfromkeyserverjob.h,
lang/qt/src/qgpgmeimportjob.cpp,
lang/qt/src/qgpgmeimportjob.h,
lang/qt/src/qgpgmekeyformailboxjob.cpp,
lang/qt/src/qgpgmekeyformailboxjob.h,
lang/qt/src/qgpgmekeygenerationjob.cpp,
lang/qt/src/qgpgmekeygenerationjob.h,
lang/qt/src/qgpgmekeylistjob.cpp,
lang/qt/src/qgpgmekeylistjob.h,
lang/qt/src/qgpgmelistallkeysjob.cpp,
lang/qt/src/qgpgmelistallkeysjob.h,
lang/qt/src/qgpgmenewcryptoconfig.cpp,
lang/qt/src/qgpgmenewcryptoconfig.h,
lang/qt/src/qgpgmerefreshkeysjob.cpp,
lang/qt/src/qgpgmerefreshkeysjob.h,
lang/qt/src/qgpgmesecretkeyexportjob.cpp,
lang/qt/src/qgpgmesecretkeyexportjob.h,
lang/qt/src/qgpgmesignencryptjob.cpp,
lang/qt/src/qgpgmesignencryptjob.h,
lang/qt/src/qgpgmesignjob.cpp,
lang/qt/src/qgpgmesignjob.h,
lang/qt/src/qgpgmesignkeyjob.cpp,
lang/qt/src/qgpgmesignkeyjob.h,
lang/qt/src/qgpgmetofupolicyjob.cpp,
lang/qt/src/qgpgmetofupolicyjob.h,
lang/qt/src/qgpgmeverifydetachedjob.cpp,
lang/qt/src/qgpgmeverifydetachedjob.h,
lang/qt/src/qgpgmeverifyopaquejob.cpp,
lang/qt/src/qgpgmeverifyopaquejob.h,
lang/qt/src/qgpgmewkspublishjob.cpp,
lang/qt/src/qgpgmewkspublishjob.h,
lang/qt/src/refreshkeysjob.h,
lang/qt/src/signencryptjob.h,
lang/qt/src/signjob.h,
lang/qt/src/signkeyjob.h,
lang/qt/src/specialjob.h,
lang/qt/src/threadedjobmixin.cpp,
lang/qt/src/threadedjobmixin.h,
lang/qt/src/tofupolicyjob.h,
lang/qt/src/verifydetachedjob.h,
lang/qt/src/verifyopaquejob.h,
lang/qt/src/wkspublishjob.h,
lang/qt/tests/run-keyformailboxjob.cpp,
lang/qt/tests/t-config.cpp,
lang/qt/tests/t-encrypt.cpp,
lang/qt/tests/t-keylist.cpp,
lang/qt/tests/t-keylocate.cpp,
lang/qt/tests/t-ownertrust.cpp,
lang/qt/tests/t-support.cpp,
lang/qt/tests/t-support.h,
lang/qt/tests/t-tofuinfo.cpp,
lang/qt/tests/t-various.cpp,
lang/qt/tests/t-verify.cpp,
lang/qt/tests/t-wkspublish.cpp,
tests/gpg/t-encrypt-mixed.c,
tests/gpg/t-thread-keylist-verify.c,
tests/gpg/t-thread-keylist.c,
tests/run-decrypt.c: Change Intevation GmbH copyright to BSI.
--
This should make it more transparent where the BSI is the actual
copyright holder as the code was mostly developed as part of a
development contract.
2017-04-25 08:24:11 +00:00
|
|
|
2016 by Bundesamt für Sicherheit in der Informationstechnik
|
|
|
|
Software engineering by Intevation GmbH
|
2016-06-24 09:30:55 +00:00
|
|
|
|
|
|
|
This file is part of GPGME.
|
|
|
|
|
|
|
|
GPGME is free software; you can redistribute it and/or modify it
|
|
|
|
under the terms of the GNU Lesser General Public License as
|
|
|
|
published by the Free Software Foundation; either version 2.1 of
|
|
|
|
the License, or (at your option) any later version.
|
|
|
|
|
|
|
|
GPGME is distributed in the hope that it will be useful, but
|
|
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
Lesser General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
2016-11-16 12:27:00 +00:00
|
|
|
License along with this program; if not, see <https://www.gnu.org/licenses/>.
|
2016-06-24 09:30:55 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
/* We need to include config.h so that we know whether we are building
|
|
|
|
with large file system (LFS) support. */
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include <config.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
#include <gpgme.h>
|
|
|
|
|
|
|
|
#define PGM "run-decrypt"
|
|
|
|
|
|
|
|
#include "run-support.h"
|
|
|
|
|
|
|
|
|
|
|
|
static int verbose;
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
status_cb (void *opaque, const char *keyword, const char *value)
|
|
|
|
{
|
|
|
|
(void)opaque;
|
|
|
|
fprintf (stderr, "status_cb: %s %s\n", keyword, value);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
print_result (gpgme_decrypt_result_t result)
|
|
|
|
{
|
|
|
|
gpgme_recipient_t recp;
|
|
|
|
int count = 0;
|
2016-11-15 09:29:48 +00:00
|
|
|
|
2016-06-24 09:30:55 +00:00
|
|
|
printf ("Original file name: %s\n", nonnull(result->file_name));
|
|
|
|
printf ("Wrong key usage: %i\n", result->wrong_key_usage);
|
2016-11-15 09:29:48 +00:00
|
|
|
printf ("Unsupported algorithm: %s\n",
|
|
|
|
nonnull(result->unsupported_algorithm));
|
|
|
|
if (result->session_key)
|
|
|
|
printf ("Session key: %s\n", result->session_key);
|
2016-06-24 09:30:55 +00:00
|
|
|
|
|
|
|
for (recp = result->recipients; recp->next; recp = recp->next)
|
|
|
|
{
|
|
|
|
printf ("recipient %d\n", count++);
|
|
|
|
printf (" status ....: %s\n", gpgme_strerror (recp->status));
|
|
|
|
printf (" keyid: %s\n", nonnull (recp->keyid));
|
|
|
|
printf (" algo ...: %s\n", gpgme_pubkey_algo_name (recp->pubkey_algo));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
show_usage (int ex)
|
|
|
|
{
|
|
|
|
fputs ("usage: " PGM " [options] FILE\n\n"
|
|
|
|
"Options:\n"
|
|
|
|
" --verbose run in verbose mode\n"
|
|
|
|
" --status print status lines from the backend\n"
|
|
|
|
" --openpgp use the OpenPGP protocol (default)\n"
|
|
|
|
" --cms use the CMS protocol\n"
|
2016-11-15 09:29:48 +00:00
|
|
|
" --export-session-key show the session key\n"
|
|
|
|
" --override-session-key STRING use STRING as session key\n"
|
2017-03-24 13:36:54 +00:00
|
|
|
" --unwrap remove only the encryption layer\n"
|
2016-06-24 09:30:55 +00:00
|
|
|
, stderr);
|
|
|
|
exit (ex);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
main (int argc, char **argv)
|
|
|
|
{
|
|
|
|
int last_argc = -1;
|
|
|
|
gpgme_error_t err;
|
|
|
|
gpgme_ctx_t ctx;
|
|
|
|
gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
|
2017-03-24 13:36:54 +00:00
|
|
|
gpgme_decrypt_flags_t flags = 0;
|
2016-06-24 09:30:55 +00:00
|
|
|
FILE *fp_in = NULL;
|
|
|
|
gpgme_data_t in = NULL;
|
|
|
|
gpgme_data_t out = NULL;
|
|
|
|
gpgme_decrypt_result_t result;
|
|
|
|
int print_status = 0;
|
2016-11-15 09:29:48 +00:00
|
|
|
int export_session_key = 0;
|
|
|
|
const char *override_session_key = NULL;
|
2017-03-24 13:36:54 +00:00
|
|
|
int raw_output = 0;
|
2016-06-24 09:30:55 +00:00
|
|
|
|
|
|
|
if (argc)
|
|
|
|
{ argc--; argv++; }
|
|
|
|
|
|
|
|
while (argc && last_argc != argc )
|
|
|
|
{
|
|
|
|
last_argc = argc;
|
|
|
|
if (!strcmp (*argv, "--"))
|
|
|
|
{
|
|
|
|
argc--; argv++;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
else if (!strcmp (*argv, "--help"))
|
|
|
|
show_usage (0);
|
|
|
|
else if (!strcmp (*argv, "--verbose"))
|
|
|
|
{
|
|
|
|
verbose = 1;
|
|
|
|
argc--; argv++;
|
|
|
|
}
|
|
|
|
else if (!strcmp (*argv, "--status"))
|
|
|
|
{
|
|
|
|
print_status = 1;
|
|
|
|
argc--; argv++;
|
|
|
|
}
|
|
|
|
else if (!strcmp (*argv, "--openpgp"))
|
|
|
|
{
|
|
|
|
protocol = GPGME_PROTOCOL_OpenPGP;
|
|
|
|
argc--; argv++;
|
|
|
|
}
|
|
|
|
else if (!strcmp (*argv, "--cms"))
|
|
|
|
{
|
|
|
|
protocol = GPGME_PROTOCOL_CMS;
|
|
|
|
argc--; argv++;
|
|
|
|
}
|
2016-11-15 09:29:48 +00:00
|
|
|
else if (!strcmp (*argv, "--export-session-key"))
|
|
|
|
{
|
|
|
|
export_session_key = 1;
|
|
|
|
argc--; argv++;
|
|
|
|
}
|
|
|
|
else if (!strcmp (*argv, "--override-session-key"))
|
|
|
|
{
|
|
|
|
argc--; argv++;
|
|
|
|
if (!argc)
|
|
|
|
show_usage (1);
|
|
|
|
override_session_key = *argv;
|
|
|
|
argc--; argv++;
|
|
|
|
}
|
2017-03-24 13:36:54 +00:00
|
|
|
else if (!strcmp (*argv, "--unwrap"))
|
|
|
|
{
|
|
|
|
flags |= GPGME_DECRYPT_UNWRAP;
|
|
|
|
raw_output = 1;
|
|
|
|
argc--; argv++;
|
|
|
|
}
|
2016-06-24 09:30:55 +00:00
|
|
|
else if (!strncmp (*argv, "--", 2))
|
|
|
|
show_usage (1);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if (argc < 1 || argc > 2)
|
|
|
|
show_usage (1);
|
|
|
|
|
|
|
|
fp_in = fopen (argv[0], "rb");
|
|
|
|
if (!fp_in)
|
|
|
|
{
|
|
|
|
err = gpgme_error_from_syserror ();
|
|
|
|
fprintf (stderr, PGM ": can't open `%s': %s\n",
|
|
|
|
argv[0], gpgme_strerror (err));
|
|
|
|
exit (1);
|
|
|
|
}
|
|
|
|
|
|
|
|
init_gpgme (protocol);
|
|
|
|
|
|
|
|
err = gpgme_new (&ctx);
|
|
|
|
fail_if_err (err);
|
|
|
|
gpgme_set_protocol (ctx, protocol);
|
|
|
|
if (print_status)
|
|
|
|
{
|
|
|
|
gpgme_set_status_cb (ctx, status_cb, NULL);
|
|
|
|
gpgme_set_ctx_flag (ctx, "full-status", "1");
|
|
|
|
}
|
2016-11-15 09:29:48 +00:00
|
|
|
if (export_session_key)
|
2016-11-16 05:10:22 +00:00
|
|
|
{
|
|
|
|
err = gpgme_set_ctx_flag (ctx, "export-session-key", "1");
|
|
|
|
if (err)
|
|
|
|
{
|
|
|
|
fprintf (stderr, PGM ": error requesting exported session key: %s\n",
|
|
|
|
gpgme_strerror (err));
|
|
|
|
exit (1);
|
|
|
|
}
|
|
|
|
}
|
2016-11-15 09:29:48 +00:00
|
|
|
if (override_session_key)
|
2016-11-16 05:10:22 +00:00
|
|
|
{
|
2016-11-16 09:12:19 +00:00
|
|
|
err = gpgme_set_ctx_flag (ctx, "override-session-key",
|
|
|
|
override_session_key);
|
2016-11-16 05:10:22 +00:00
|
|
|
if (err)
|
|
|
|
{
|
|
|
|
fprintf (stderr, PGM ": error overriding session key: %s\n",
|
|
|
|
gpgme_strerror (err));
|
|
|
|
exit (1);
|
|
|
|
}
|
|
|
|
}
|
2016-06-24 09:30:55 +00:00
|
|
|
|
|
|
|
err = gpgme_data_new_from_stream (&in, fp_in);
|
|
|
|
if (err)
|
|
|
|
{
|
|
|
|
fprintf (stderr, PGM ": error allocating data object: %s\n",
|
|
|
|
gpgme_strerror (err));
|
|
|
|
exit (1);
|
|
|
|
}
|
|
|
|
|
|
|
|
err = gpgme_data_new (&out);
|
|
|
|
if (err)
|
|
|
|
{
|
|
|
|
fprintf (stderr, PGM ": error allocating data object: %s\n",
|
|
|
|
gpgme_strerror (err));
|
|
|
|
exit (1);
|
|
|
|
}
|
|
|
|
|
2017-03-24 13:36:54 +00:00
|
|
|
err = gpgme_op_decrypt_ext (ctx, flags, in, out);
|
2016-06-24 09:30:55 +00:00
|
|
|
result = gpgme_op_decrypt_result (ctx);
|
|
|
|
if (err)
|
|
|
|
{
|
|
|
|
fprintf (stderr, PGM ": decrypt failed: %s\n", gpgme_strerror (err));
|
|
|
|
exit (1);
|
|
|
|
}
|
2016-11-16 05:10:22 +00:00
|
|
|
if (result)
|
|
|
|
{
|
2017-03-24 13:36:54 +00:00
|
|
|
if (!raw_output)
|
|
|
|
print_result (result);
|
|
|
|
if (!raw_output)
|
|
|
|
fputs ("Begin Output:\n", stdout);
|
2016-11-16 05:10:22 +00:00
|
|
|
print_data (out);
|
2017-03-24 13:36:54 +00:00
|
|
|
if (!raw_output)
|
|
|
|
fputs ("End Output.\n", stdout);
|
2016-11-16 05:10:22 +00:00
|
|
|
}
|
2016-06-24 09:30:55 +00:00
|
|
|
|
|
|
|
gpgme_data_release (out);
|
|
|
|
gpgme_data_release (in);
|
|
|
|
|
|
|
|
gpgme_release (ctx);
|
|
|
|
return 0;
|
|
|
|
}
|