core: Support usage of gpgtar for creating an encrypted signed archive

* src/engine-gpg.c (gpg_encrypt_sign): Set use_gpgtar engine flag if
GPGME_ENCRYPT_ARCHIVE mode is set. Check for new enough gpg. Use
add_gpg_arg_with_value for gpg-only options with a value and
add_gpg_arg for gpg-only options without a value. Set extra options for
gpgtar and pass input data to stdin when using gpgtar.

* tests/run-encrypt.c (print_result): Rename to print_encrypt_result.
Print header.
(print_sign_result): New.
(show_usage): New option --sign.
(main): Parse new option. Sign and encrypt --sign is given.
Print results of signing additionally to results of encryption.
--

With this change the gpgme_op_encrypt_sign* functions get support for
creating an encrypted and signed archive from files and/or directories
passed as NUL-separated list in the "plain" data with gpgtar.

GnuPG-bug-id: 6342
This commit is contained in:
Ingo Klöcker 2023-01-19 11:08:42 +01:00
parent 0ca45e48b4
commit 29cfcd316d
No known key found for this signature in database
GPG Key ID: F5A5D1692277A1E9
2 changed files with 83 additions and 23 deletions

View File

@ -2415,6 +2415,11 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],
engine_gpg_t gpg = engine; engine_gpg_t gpg = engine;
gpgme_error_t err = 0; gpgme_error_t err = 0;
gpg->flags.use_gpgtar = !!(flags & GPGME_ENCRYPT_ARCHIVE);
if (gpg->flags.use_gpgtar && !have_gpg_version (gpg, "2.3.5"))
return gpg_error (GPG_ERR_NOT_SUPPORTED);
if (recp || recpstring) if (recp || recpstring)
err = add_arg (gpg, "--encrypt"); err = add_arg (gpg, "--encrypt");
@ -2424,30 +2429,30 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],
if (!err) if (!err)
err = add_arg (gpg, "--sign"); err = add_arg (gpg, "--sign");
if (!err && use_armor) if (!err && use_armor)
err = add_arg (gpg, "--armor"); err = add_gpg_arg (gpg, "--armor");
if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS)) if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
err = add_arg (gpg, "--compress-algo=none"); err = add_gpg_arg (gpg, "--compress-algo=none");
if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS)) if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS))
err = add_arg (gpg, "--throw-keyids"); err = add_gpg_arg (gpg, "--throw-keyids");
if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME
&& have_gpg_version (gpg, "2.1.14")) && have_gpg_version (gpg, "2.1.14"))
err = add_arg (gpg, "--mimemode"); err = add_gpg_arg (gpg, "--mimemode");
if (!err && gpg->flags.include_key_block) if (!err && gpg->flags.include_key_block)
err = add_arg (gpg, "--include-key-block"); err = add_gpg_arg (gpg, "--include-key-block");
if (recp || recpstring) if (recp || recpstring)
{ {
/* If we know that all recipients are valid (full or ultimate trust) /* If we know that all recipients are valid (full or ultimate trust)
we can suppress further checks. */ we can suppress further checks. */
if (!err && (flags & GPGME_ENCRYPT_ALWAYS_TRUST)) if (!err && (flags & GPGME_ENCRYPT_ALWAYS_TRUST))
err = add_arg (gpg, "--always-trust"); err = add_gpg_arg (gpg, "--always-trust");
if (!err && (flags & GPGME_ENCRYPT_NO_ENCRYPT_TO)) if (!err && (flags & GPGME_ENCRYPT_NO_ENCRYPT_TO))
err = add_arg (gpg, "--no-encrypt-to"); err = add_gpg_arg (gpg, "--no-encrypt-to");
if (!err && !recp && recpstring) if (!err && !recp && recpstring)
err = append_args_from_recipients_string (gpg, flags, recpstring); err = append_args_from_recipients_string (gpg, flags, recpstring);
@ -2474,16 +2479,31 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],
if (gpgme_data_get_file_name (plain)) if (gpgme_data_get_file_name (plain))
{ {
if (!err) if (!err)
err = add_arg (gpg, "--set-filename"); err = add_gpg_arg_with_value (gpg, "--set-filename=", gpgme_data_get_file_name (plain), 0);
if (!err)
err = add_arg (gpg, gpgme_data_get_file_name (plain));
} }
if (gpg->flags.use_gpgtar)
{
if (!err)
err = add_arg (gpg, "--files-from");
if (!err)
err = add_arg (gpg, "-");
if (!err)
err = add_arg (gpg, "--null");
if (!err)
err = add_arg (gpg, "--utf8-strings");
/* Pass the filenames to gpgtar's stdin. */
if (!err)
err = add_data (gpg, plain, 0, 0);
}
else
{
if (!err) if (!err)
err = add_input_size_hint (gpg, plain); err = add_input_size_hint (gpg, plain);
if (!err) if (!err)
err = add_arg (gpg, "--"); err = add_arg (gpg, "--");
if (!err) if (!err)
err = add_data (gpg, plain, -1, 0); err = add_data (gpg, plain, -1, 0);
}
if (!err) if (!err)
err = start (gpg); err = start (gpg);

View File

@ -77,10 +77,11 @@ progress_cb (void *opaque, const char *what, int type, int current, int total)
static void static void
print_result (gpgme_encrypt_result_t result) print_encrypt_result (gpgme_encrypt_result_t result)
{ {
gpgme_invalid_key_t invkey; gpgme_invalid_key_t invkey;
printf ("\nEncryption results\n");
for (invkey = result->invalid_recipients; invkey; invkey = invkey->next) for (invkey = result->invalid_recipients; invkey; invkey = invkey->next)
printf ("Encryption key `%s' not used: %s <%s>\n", printf ("Encryption key `%s' not used: %s <%s>\n",
nonnull (invkey->fpr), nonnull (invkey->fpr),
@ -88,6 +89,30 @@ print_result (gpgme_encrypt_result_t result)
} }
static void
print_sign_result (gpgme_sign_result_t result)
{
gpgme_invalid_key_t invkey;
gpgme_new_signature_t sig;
printf ("\nSigning results\n");
for (invkey = result->invalid_signers; invkey; invkey = invkey->next)
printf ("Signing key `%s' not used: %s <%s>\n",
nonnull (invkey->fpr),
gpg_strerror (invkey->reason), gpg_strsource (invkey->reason));
for (sig = result->signatures; sig; sig = sig->next)
{
printf ("Key fingerprint: %s\n", nonnull (sig->fpr));
printf ("Signature type : %d\n", sig->type);
printf ("Public key algo: %d\n", sig->pubkey_algo);
printf ("Hash algo .....: %d\n", sig->hash_algo);
printf ("Creation time .: %ld\n", sig->timestamp);
printf ("Sig class .....: 0x%u\n", sig->sig_class);
}
}
static int static int
show_usage (int ex) show_usage (int ex)
@ -95,6 +120,7 @@ show_usage (int ex)
fputs ("usage: " PGM " [options] FILE\n\n" fputs ("usage: " PGM " [options] FILE\n\n"
"Options:\n" "Options:\n"
" --verbose run in verbose mode\n" " --verbose run in verbose mode\n"
" --sign sign data before encryption\n"
" --status print status lines from the backend\n" " --status print status lines from the backend\n"
" --progress print progress info\n" " --progress print progress info\n"
" --openpgp use the OpenPGP protocol (default)\n" " --openpgp use the OpenPGP protocol (default)\n"
@ -122,7 +148,8 @@ main (int argc, char **argv)
gpgme_ctx_t ctx; gpgme_ctx_t ctx;
gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
gpgme_data_t in, out; gpgme_data_t in, out;
gpgme_encrypt_result_t result; gpgme_encrypt_result_t encrypt_result;
gpgme_sign_result_t sign_result;
int print_status = 0; int print_status = 0;
int print_progress = 0; int print_progress = 0;
int use_loopback = 0; int use_loopback = 0;
@ -135,6 +162,7 @@ main (int argc, char **argv)
gpgme_off_t offset; gpgme_off_t offset;
int no_symkey_cache = 0; int no_symkey_cache = 0;
int diagnostics = 0; int diagnostics = 0;
int sign = 0;
if (argc) if (argc)
{ argc--; argv++; } { argc--; argv++; }
@ -157,6 +185,11 @@ main (int argc, char **argv)
verbose = 1; verbose = 1;
argc--; argv++; argc--; argv++;
} }
else if (!strcmp (*argv, "--sign"))
{
sign = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--status")) else if (!strcmp (*argv, "--status"))
{ {
print_status = 1; print_status = 1;
@ -336,9 +369,12 @@ main (int argc, char **argv)
err = gpgme_data_new (&out); err = gpgme_data_new (&out);
fail_if_err (err); fail_if_err (err);
if (sign)
err = gpgme_op_encrypt_sign_ext (ctx, keycount ? keys : NULL, keystring,
flags, in, out);
else
err = gpgme_op_encrypt_ext (ctx, keycount ? keys : NULL, keystring, err = gpgme_op_encrypt_ext (ctx, keycount ? keys : NULL, keystring,
flags, in, out); flags, in, out);
result = gpgme_op_encrypt_result (ctx);
if (diagnostics) if (diagnostics)
{ {
@ -361,8 +397,12 @@ main (int argc, char **argv)
gpgme_data_release (diag); gpgme_data_release (diag);
} }
if (result) sign_result = gpgme_op_sign_result (ctx);
print_result (result); if (sign_result)
print_sign_result (sign_result);
encrypt_result = gpgme_op_encrypt_result (ctx);
if (encrypt_result)
print_encrypt_result (encrypt_result);
if (err) if (err)
{ {
fprintf (stderr, PGM ": encrypting failed: %s\n", gpg_strerror (err)); fprintf (stderr, PGM ": encrypting failed: %s\n", gpg_strerror (err));