GpgFrontend/gpgme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix detection of invalid signer keys.

Browse Source 
Support the new INV_SGNR status code.
This commit is contained in:
Werner Koch 2009-08-06 17:17:18 +00:00
parent 54719f4937
commit 0fcf3ee915
13 changed files with 271 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
NEWS
View File

@ -3,6 +3,12 @@ Noteworthy changes in version 1.2.1 (unreleased)
* (none yet) * (none yet)
* Interface changes relative to the 1.1.7 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GPGME_STATUS_INV_SGNR NEW.
GPGME_STATUS_NO_SGNR NEW.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Noteworthy changes in version 1.2.0 (2009-06-18) Noteworthy changes in version 1.2.0 (2009-06-18)
------------------------------------------------ ------------------------------------------------

5
doc/ChangeLog
View File

@ -1,3 +1,8 @@
2009-07-21 Werner Koch <wk@g10code.com>
* uiserver.texi (UI Server Encrypt): Add --expect-sign option to
PREP_ENCRYPT.
2009-06-16 Marcus Brinkmann <marcus@g10code.de> 2009-06-16 Marcus Brinkmann <marcus@g10code.de>
* gpgme.texi (Result Management): New section. * gpgme.texi (Result Management): New section.

2
doc/gpgme.texi
View File

@ -4777,7 +4777,7 @@ of a @code{gpgme_op_sign} operation. The pointer is only valid if the
last operation on the context was a @code{gpgme_op_sign}, last operation on the context was a @code{gpgme_op_sign},
@code{gpgme_op_sign_start}, @code{gpgme_op_encrypt_sign} or @code{gpgme_op_sign_start}, @code{gpgme_op_encrypt_sign} or
@code{gpgme_op_encrypt_sign_start} operation. If that operation @code{gpgme_op_encrypt_sign_start} operation. If that operation
failed, the function might return a @code{NULL} pointer, The returned failed, the function might return a @code{NULL} pointer. The returned
pointer is only valid until the next operation is started on the pointer is only valid until the next operation is started on the
context. context.
@end deftypefun @end deftypefun

9
doc/uiserver.texi
View File

@ -118,7 +118,7 @@ Use the CMS (PKCS#7) protocol (RFC-3852).
To support automagically selection of the protocol depending on the To support automagically selection of the protocol depending on the
selected keys, the server MAY implement the command: selected keys, the server MAY implement the command:
@deffn Command PREP_ENCRYPT [-@w{}-protocol=@var{name}] @deffn Command PREP_ENCRYPT [-@w{}-protocol=@var{name}] [-@w{}-expect-sign]
This commands considers all recipients set so far and decides whether it This commands considers all recipients set so far and decides whether it
is able to take input and start the actual decryption. This is kind of is able to take input and start the actual decryption. This is kind of
@ -129,6 +129,13 @@ command is send. The @option{--protocol} option is optional; if it is
not given, the server should allow the user to select the protocol to be not given, the server should allow the user to select the protocol to be
used based on the recipients given or by any other means. used based on the recipients given or by any other means.
If @option{--expect-sign} is given the server should expect that the
message will also be signed and use this hint to present a unified
recipient and signer selection dialog if possible and desired. A
selected signer should then be cached for the expected SIGN command
(which is expected in the same session but possible on another
connection).
If this command is given again before a successful @command{ENCRYPT} If this command is given again before a successful @command{ENCRYPT}
command, the second one takes effect. command, the second one takes effect.

13
src/ChangeLog
View File

@ -1,3 +1,16 @@
2009-08-06 Werner Koch <wk@g10code.com>
* op-support.c (_gpgme_parse_inv_recp): Allow for no fingerprint.
* engine-gpgsm.c (gpgsm_sign): Hook up the status func for the
SIGNER command.
* gpgme.h.in (GPGME_STATUS_INV_SGNR, GPGME_STATUS_NO_SGNR): New.
* sign.c (op_data_t): Add fields IGNORE_INV_RECP and INV_SGNR_SEEN.
(_gpgme_op_sign_init_result): Factor code out to ...
(sign_init_result): .. new. Init new fields.
(sign_start): Use sign_init_result.
(_gpgme_sign_status_handler): Take care of the new INV_SGNR.
2009-07-07 Werner Koch <wk@g10code.com> 2009-07-07 Werner Koch <wk@g10code.com>
* engine-gpgsm.c (struct engine_gpgsm): Add fields * engine-gpgsm.c (struct engine_gpgsm): Add fields

3
src/engine-gpgsm.c
View File

@ -1885,7 +1885,8 @@ gpgsm_sign (void *engine, gpgme_data_t in, gpgme_data_t out,
strcpy (stpcpy (buf, "SIGNER "), s); strcpy (stpcpy (buf, "SIGNER "), s);
err = gpgsm_assuan_simple_command (gpgsm->assuan_ctx, buf, err = gpgsm_assuan_simple_command (gpgsm->assuan_ctx, buf,
NULL, NULL); gpgsm->status.fnc,
gpgsm->status.fnc_value);
} }
else else
err = gpg_error (GPG_ERR_INV_VALUE); err = gpg_error (GPG_ERR_INV_VALUE);

4
src/gpgme.h.in
View File

@ -485,7 +485,9 @@ typedef enum
GPGME_STATUS_PKA_TRUST_BAD = 79, GPGME_STATUS_PKA_TRUST_BAD = 79,
GPGME_STATUS_PKA_TRUST_GOOD = 80, GPGME_STATUS_PKA_TRUST_GOOD = 80,
GPGME_STATUS_PLAINTEXT = 81 GPGME_STATUS_PLAINTEXT = 81,
GPGME_STATUS_INV_SGNR = 82,
GPGME_STATUS_NO_SGNR = 83
} }
gpgme_status_code_t; gpgme_status_code_t;

8
src/op-support.c
View File

@ -162,8 +162,8 @@ _gpgme_op_reset (gpgme_ctx_t ctx, int type)
} }
/* Parse the INV_RECP status line in ARGS and return the result in /* Parse the INV_RECP or INV-SNDR status line in ARGS and return the
KEY. */ result in KEY. */
gpgme_error_t gpgme_error_t
_gpgme_parse_inv_recp (char *args, gpgme_invalid_key_t *key) _gpgme_parse_inv_recp (char *args, gpgme_invalid_key_t *key)
{ {
@ -177,7 +177,7 @@ _gpgme_parse_inv_recp (char *args, gpgme_invalid_key_t *key)
inv_key->next = NULL; inv_key->next = NULL;
errno = 0; errno = 0;
reason = strtol (args, &tail, 0); reason = strtol (args, &tail, 0);
if (errno || args == tail || *tail != ' ') if (errno || args == tail || (*tail && *tail != ' '))
{ {
/* The crypto backend does not behave. */ /* The crypto backend does not behave. */
free (inv_key); free (inv_key);
@ -236,7 +236,7 @@ _gpgme_parse_inv_recp (char *args, gpgme_invalid_key_t *key)
break; break;
} }
while (*tail == ' ') while (*tail && *tail == ' ')
tail++; tail++;
if (*tail) if (*tail)
{ {

27
src/sign.c
View File

@ -46,6 +46,10 @@ typedef struct
/* Likewise for signature information. */ /* Likewise for signature information. */
gpgme_new_signature_t *last_sig_p; gpgme_new_signature_t *last_sig_p;
/* Flags used while processing the status lines. */
unsigned int ignore_inv_recp:1;
unsigned int inv_sgnr_seen:1;
} *op_data_t; } *op_data_t;
@ -266,6 +270,12 @@ _gpgme_sign_status_handler (void *priv, gpgme_status_code_t code, char *args)
break; break;
case GPGME_STATUS_INV_RECP: case GPGME_STATUS_INV_RECP:
if (opd->inv_sgnr_seen && opd->ignore_inv_recp)
break;
/* FALLTROUGH */
case GPGME_STATUS_INV_SGNR:
if (code == GPGME_STATUS_INV_SGNR)
opd->inv_sgnr_seen = 1;
err = _gpgme_parse_inv_recp (args, opd->last_signer_p); err = _gpgme_parse_inv_recp (args, opd->last_signer_p);
if (err) if (err)
return err; return err;
@ -297,8 +307,8 @@ sign_status_handler (void *priv, gpgme_status_code_t code, char *args)
} }
gpgme_error_t static gpgme_error_t
_gpgme_op_sign_init_result (gpgme_ctx_t ctx) sign_init_result (gpgme_ctx_t ctx, int ignore_inv_recp)
{ {
gpgme_error_t err; gpgme_error_t err;
void *hook; void *hook;
@ -311,9 +321,17 @@ _gpgme_op_sign_init_result (gpgme_ctx_t ctx)
return err; return err;
opd->last_signer_p = &opd->result.invalid_signers; opd->last_signer_p = &opd->result.invalid_signers;
opd->last_sig_p = &opd->result.signatures; opd->last_sig_p = &opd->result.signatures;
opd->ignore_inv_recp = !!ignore_inv_recp;
opd->inv_sgnr_seen = 0;
return 0; return 0;
} }
gpgme_error_t
_gpgme_op_sign_init_result (gpgme_ctx_t ctx)
{
return sign_init_result (ctx, 0);
}
static gpgme_error_t static gpgme_error_t
sign_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t plain, sign_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t plain,
@ -325,7 +343,10 @@ sign_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t plain,
if (err) if (err)
return err; return err;
err = _gpgme_op_sign_init_result (ctx); /* If we are using the CMS protocol, we ignore the INV_RECP status
code if a newer GPGSM is in use. GPGMS does not support combined
sign+encrypt and thus this can't harm. */
err = sign_init_result (ctx, (ctx->protocol == GPGME_PROTOCOL_CMS));
if (err) if (err)
return err; return err;

4
tests/ChangeLog
View File

@ -1,3 +1,7 @@
2009-08-06 Werner Koch <wk@g10code.com>
* run-sign.c: New.
2009-07-07 Werner Koch <wk@g10code.com> 2009-07-07 Werner Koch <wk@g10code.com>
* run-keylist.c (main): Add options --cms and --openpgp. * run-keylist.c (main): Add options --cms and --openpgp.

2
tests/Makefile.am
View File

@ -32,7 +32,7 @@ LDADD = ../src/libgpgme.la @GPG_ERROR_LIBS@
noinst_HEADERS = run-support.h noinst_HEADERS = run-support.h
noinst_PROGRAMS = $(TESTS) run-keylist run-export run-import noinst_PROGRAMS = $(TESTS) run-keylist run-export run-import run-sign
if RUN_GPG_TESTS if RUN_GPG_TESTS

11
tests/gpg/t-sign.c
View File

@ -103,6 +103,17 @@ main (int argc, char **argv)
gpgme_set_textmode (ctx, 1); gpgme_set_textmode (ctx, 1);
gpgme_set_armor (ctx, 1); gpgme_set_armor (ctx, 1);
#if 0
{
gpgme_key_t akey;
err = gpgme_get_key (ctx, "0x68697734", &akey, 0);
fail_if_err (err);
err = gpgme_signers_add (ctx, akey);
fail_if_err (err);
gpgme_key_unref (akey);
}
#endif
err = gpgme_data_new_from_mem (&in, "Hallo Leute\n", 12, 0); err = gpgme_data_new_from_mem (&in, "Hallo Leute\n", 12, 0);
fail_if_err (err); fail_if_err (err);

187
tests/run-sign.c Normal file
View File

@ -0,0 +1,187 @@
/* run-sign.c - Helper to perform a sign operation
Copyright (C) 2009 g10 Code GmbH
This file is part of GPGME.
GPGME is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as
published by the Free Software Foundation; either version 2.1 of
the License, or (at your option) any later version.
GPGME is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
/* We need to include config.h so that we know whether we are building
with large file system (LFS) support. */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <gpgme.h>
#define PGM "run-sign"
#include "run-support.h"
static int verbose;
static void
print_result (gpgme_sign_result_t result, gpgme_sig_mode_t type)
{
gpgme_invalid_key_t invkey;
gpgme_new_signature_t sig;
for (invkey = result->invalid_signers; invkey; invkey = invkey->next)
printf ("Signing key `%s' not used: %s <%s>\n",
nonnull (invkey->fpr),
gpg_strerror (invkey->reason), gpg_strsource (invkey->reason));
for (sig = result->signatures; sig; sig = sig->next)
{
printf ("Key fingerprint: %s\n", nonnull (sig->fpr));
printf ("Signature type : %d\n", sig->type);
printf ("Public key algo: %d\n", sig->pubkey_algo);
printf ("Hash algo .....: %d\n", sig->hash_algo);
printf ("Creation time .: %ld\n", sig->timestamp);
printf ("Sig class .....: 0x%u\n", sig->sig_class);
}
}
static int
show_usage (int ex)
{
fputs ("usage: " PGM " [options] FILE\n\n"
"Options:\n"
" --verbose run in verbose mode\n"
" --openpgp use the OpenPGP protocol (default)\n"
" --cms use the CMS protocol\n"
" --key NAME use key NAME for signing\n"
, stderr);
exit (ex);
}
int
main (int argc, char **argv)
{
int last_argc = -1;
gpgme_error_t err;
gpgme_ctx_t ctx;
const char *key_string = NULL;
gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
gpgme_sig_mode_t sigmode = GPGME_SIG_MODE_NORMAL;
gpgme_data_t in, out;
gpgme_sign_result_t result;
if (argc)
{ argc--; argv++; }
while (argc && last_argc != argc )
{
last_argc = argc;
if (!strcmp (*argv, "--"))
{
argc--; argv++;
break;
}
else if (!strcmp (*argv, "--help"))
show_usage (0);
else if (!strcmp (*argv, "--verbose"))
{
verbose = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--openpgp"))
{
protocol = GPGME_PROTOCOL_OpenPGP;
argc--; argv++;
}
else if (!strcmp (*argv, "--cms"))
{
protocol = GPGME_PROTOCOL_CMS;
argc--; argv++;
}
else if (!strcmp (*argv, "--key"))
{
argc--; argv++;
if (!argc)
show_usage (1);
key_string = *argv;
argc--; argv++;
}
else if (!strncmp (*argv, "--", 2))
show_usage (1);
}
if (argc != 1)
show_usage (1);
init_gpgme (protocol);
err = gpgme_new (&ctx);
fail_if_err (err);
gpgme_set_protocol (ctx, protocol);
gpgme_set_armor (ctx, 1);
if (key_string)
{
gpgme_key_t akey;
err = gpgme_get_key (ctx, key_string, &akey, 1);
if (err)
{
fprintf (stderr, PGM ": error getting key `%s': %s\n",
key_string, gpg_strerror (err));
exit (1);
}
err = gpgme_signers_add (ctx, akey);
fail_if_err (err);
gpgme_key_unref (akey);
}
err = gpgme_data_new_from_file (&in, *argv, 1);
if (err)
{
fprintf (stderr, PGM ": error reading `%s': %s\n",
*argv, gpg_strerror (err));
exit (1);
}
err = gpgme_data_new (&out);
fail_if_err (err);
err = gpgme_op_sign (ctx, in, out, sigmode);
result = gpgme_op_sign_result (ctx);
if (result)
print_result (result, sigmode);
if (err)
{
fprintf (stderr, PGM ": signing failed: %s\n", gpg_strerror (err));
exit (1);
}
fputs ("Begin Output:\n", stdout);
print_data (out);
fputs ("End Output.\n", stdout);
gpgme_data_release (out);
gpgme_data_release (in);
gpgme_release (ctx);
return 0;
}