python: Support manipulating the TOFU policy.

* NEWS: Update.
* doc/gpgme.texi: Fix typos.
* lang/python/gpg/constants/__init__.py: Import new files.
* lang/python/gpg/constants/tofu/__init__.py: New file.
* lang/python/gpg/constants/tofu/policy.py: New file.
* lang/python/gpg/core.py (Context.key_tofu_policy): New function.
* lang/python/gpgme.i: Nice reprs for gpgme_tofu_info_t.
* lang/python/setup.py.in: Install new package.
* lang/python/tests/t-quick-key-manipulation.py: Extend test.

Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
Justus Winter 2017-02-17 17:07:05 +01:00
parent 48634e651f
commit 15fbac9e72
No known key found for this signature in database
GPG Key ID: DD1A52F9DA8C9020
9 changed files with 103 additions and 5 deletions

1
NEWS
View File

@ -26,6 +26,7 @@ Noteworthy changes in version 1.8.1 (unreleased)
py: Context.key_add_uid NEW. py: Context.key_add_uid NEW.
py: Context.key_revoke_uid NEW. py: Context.key_revoke_uid NEW.
py: Context.key_sign NEW. py: Context.key_sign NEW.
py: Context.key_tofu_policy NEW.
py: core.pubkey_algo_string NEW. py: core.pubkey_algo_string NEW.
py: core.addrspec_from_uid NEW. py: core.addrspec_from_uid NEW.

View File

@ -4489,7 +4489,7 @@ could not be started.
@cindex validity, TOFU @cindex validity, TOFU
The OpenPGP engine features a Trust-On-First-Use (TOFU) key validation The OpenPGP engine features a Trust-On-First-Use (TOFU) key validation
model. For resolving clonflics it is necessary to declare the policy model. For resolving conflicts it is necessary to declare the policy
for a key. See the GnuPG manual for details on the TOFU for a key. See the GnuPG manual for details on the TOFU
implementation. implementation.
@ -4502,7 +4502,7 @@ policy values that are supported by @acronym{GPGME}:
@item GPGME_TOFU_POLICY_AUTO @item GPGME_TOFU_POLICY_AUTO
Set the policy to ``auto''. Set the policy to ``auto''.
@item GPGME_TOFU_POLICY_GOOD @item GPGME_TOFU_POLICY_GOOD
Set the policy to ``goog''. Set the policy to ``good''.
@item GPGME_TOFU_POLICY_BAD @item GPGME_TOFU_POLICY_BAD
Set the policy to ``bad''. Set the policy to ``bad''.
@item GPGME_TOFU_POLICY_ASK @item GPGME_TOFU_POLICY_ASK

View File

@ -25,7 +25,7 @@ util.process_constants('GPGME_', globals())
del util del util
# For convenience, we import the modules here. # For convenience, we import the modules here.
from . import data, keylist, sig # The subdirs. from . import data, keylist, sig, tofu # The subdirs.
from . import create, event, keysign, md, pk, protocol, sigsum, status, validity from . import create, event, keysign, md, pk, protocol, sigsum, status, validity
# A complication arises because 'import' is a reserved keyword. # A complication arises because 'import' is a reserved keyword.
@ -34,7 +34,7 @@ globals()['Import'] = getattr(__import__('', globals(), locals(),
[str('import')], 1), "import") [str('import')], 1), "import")
__all__ = ['data', 'event', 'import', 'keysign', 'keylist', 'md', 'pk', __all__ = ['data', 'event', 'import', 'keysign', 'keylist', 'md', 'pk',
'protocol', 'sig', 'sigsum', 'status', 'validity', 'create'] 'protocol', 'sig', 'sigsum', 'status', 'tofu', 'validity', 'create']
# GPGME 1.7 replaced gpgme_op_edit with gpgme_op_interact. We # GPGME 1.7 replaced gpgme_op_edit with gpgme_op_interact. We
# implement gpg.Context.op_edit using gpgme_op_interact, so the # implement gpg.Context.op_edit using gpgme_op_interact, so the

View File

@ -0,0 +1,24 @@
# TOFU
#
# Copyright (C) 2017 g10 Code GmbH
#
# This file is part of GPGME.
#
# GPGME is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation; either version 2.1 of the
# License, or (at your option) any later version.
#
# GPGME is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
# Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; if not, see <http://www.gnu.org/licenses/>.
from __future__ import absolute_import, print_function, unicode_literals
del absolute_import, print_function, unicode_literals
from . import policy
__all__ = ['policy']

View File

@ -0,0 +1,25 @@
# TOFU policies
#
# Copyright (C) 2017 g10 Code GmbH
#
# This file is part of GPGME.
#
# GPGME is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation; either version 2.1 of the
# License, or (at your option) any later version.
#
# GPGME is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
# Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; if not, see <http://www.gnu.org/licenses/>.
from __future__ import absolute_import, print_function, unicode_literals
del absolute_import, print_function, unicode_literals
from gpg import util
util.process_constants('GPGME_TOFU_POLICY_', globals())
del util

View File

@ -716,6 +716,18 @@ class Context(GpgmeWrapper):
self.op_keysign(key, uids, expires_in, flags) self.op_keysign(key, uids, expires_in, flags)
def key_tofu_policy(self, key, policy):
"""Set a keys' TOFU policy
Set the TOFU policy associated with KEY to POLICY. Calling
this function is only valid for the OpenPGP protocol.
Raises:
GPGMEError -- as signaled by the underlying library
"""
self.op_tofu_policy(key, policy)
def assuan_transact(self, command, def assuan_transact(self, command,
data_cb=None, inquire_cb=None, status_cb=None): data_cb=None, inquire_cb=None, status_cb=None):
"""Issue a raw assuan command """Issue a raw assuan command

View File

@ -687,3 +687,7 @@ _gpg_unwrap_gpgme_ctx_t(PyObject *wrapped)
%extend _gpgme_user_id { %extend _gpgme_user_id {
genericrepr(UID) genericrepr(UID)
}; };
%extend _gpgme_tofu_info {
genericrepr(TofuInfo)
};

View File

@ -172,7 +172,8 @@ setup(name="gpg",
url='https://www.gnupg.org', url='https://www.gnupg.org',
ext_modules=[swige], ext_modules=[swige],
packages = ['gpg', 'gpg.constants', 'gpg.constants.data', packages = ['gpg', 'gpg.constants', 'gpg.constants.data',
'gpg.constants.keylist', 'gpg.constants.sig'], 'gpg.constants.keylist', 'gpg.constants.sig',
'gpg.constants.tofu'],
license="LGPL2.1+ (the library), GPL2+ (tests and examples)", license="LGPL2.1+ (the library), GPL2+ (tests and examples)",
classifiers=[ classifiers=[
'Development Status :: 4 - Beta', 'Development Status :: 4 - Beta',

View File

@ -90,3 +90,34 @@ with support.EphemeralContext() as ctx:
assert False, "Expected an error but got none" assert False, "Expected an error but got none"
except gpg.errors.GpgError: except gpg.errors.GpgError:
pass pass
# Check setting the TOFU policy.
with open("gpg.conf", "a") as handle:
handle.write("trust-model tofu+pgp\n")
for name, policy in [(name, getattr(gpg.constants.tofu.policy, name))
for name in filter(lambda x: not x.startswith('__'),
dir(gpg.constants.tofu.policy))]:
if policy == gpg.constants.tofu.policy.NONE:
# We must not set the policy to NONE.
continue
ctx.key_tofu_policy(key, policy)
keys = list(ctx.keylist(key.uids[0].uid,
mode=(gpg.constants.keylist.mode.LOCAL
|gpg.constants.keylist.mode.WITH_TOFU)))
assert len(keys) == 1
if policy == gpg.constants.tofu.policy.AUTO:
# We cannot check that it is set to AUTO.
continue
for uid in keys[0].uids:
if uid.uid == alpha:
# TOFU information of revoked UIDs is not updated.
# XXX: Is that expected?
continue
assert uid.tofu[0].policy == policy, \
"Expected policy {0} ({1}), got {2}".format(policy, name,
uid.tofu[0].policy)