From 3afa534645e3826c95e7c70d7ae61ffa2d63acec Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 17 Mar 2020 17:22:51 +0100
Subject: [PATCH] core: New context flags "include-key-block" and
 "auto-key-import".

* src/gpgme.c (gpgme_set_ctx_flag): Add flags "include-key-block" and
"auto-key-import".
(gpgme_get_ctx_flag): Ditto.
* src/context.h (struct gpgme_context): Add flags include_key_block
and auto_key_import.
* src/engine-gpg.c (struct engine_gpg): Likewise.
(gpg_set_engine_flags): Set the flags for gpg versions >= 2.2.20.
(gpg_decrypt): Set option according to the new flags.
(gpg_encrypt): Ditto.
(gpg_encrypt_sign): Ditto.
(gpg_sign): Ditto.
(gpg_verify): Ditto.

tests/run-verify: Add option --auto-key-import.
tests/run-sign: add option --include-key-block.
--

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 doc/gpgme.texi     | 10 +++++++++-
 src/context.h      |  6 ++++++
 src/engine-gpg.c   | 22 ++++++++++++++++++++++
 src/gpgme.c        | 16 ++++++++++++++++
 tests/run-sign.c   | 20 ++++++++++++++++++++
 tests/run-verify.c | 20 +++++++++++++++++++-
 6 files changed, 92 insertions(+), 2 deletions(-)

diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 88b5f2cd..8cbb1f22 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -3105,6 +3105,14 @@ a message signed by a brand new key (which you naturally will not have
 on your local keyring), the operator can tell both your IP address and
 the time when you verified the signature.
 
+@item "auto-key-import"
+Setting the @var{value} to "1" forces the GPG backend to automatically
+import a missing key for signature verification from the signature.
+
+@item "include-key-block"
+Setting the @var{value} to "1" forces the GPG backend to embed the
+signing key as well as an encryption subkey into the the signature.
+
 @item "request-origin"
 The string given in @var{value} is passed to the GnuPG engines to
 request restrictions based on the origin of the request.  Valid values
@@ -3496,7 +3504,7 @@ available.
 @since{1.7.0}
 
 The keygrip of the subkey in hex digit form or @code{NULL} if not
-availabale.
+available.
 
 @item long int timestamp
 This is the creation timestamp of the subkey.  This is -1 if the
diff --git a/src/context.h b/src/context.h
index 93c4c2cc..25dfc792 100644
--- a/src/context.h
+++ b/src/context.h
@@ -118,6 +118,12 @@ struct gpgme_context
    * flag is cleared with each operation.  */
   unsigned int redraw_suggested : 1;
 
+  /* True if the option --include-key-block shall be passed to gpg.  */
+  unsigned int include_key_block : 1;
+
+  /* True if the option --auto-key-import shall be passed to gpg.  */
+  unsigned int auto_key_import : 1;
+
   /* True if the option --auto-key-retrieve shall be passed to gpg.  */
   unsigned int auto_key_retrieve : 1;
 
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 223404ed..c9928ed9 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -148,6 +148,8 @@ struct engine_gpg
     unsigned int no_symkey_cache : 1;
     unsigned int offline : 1;
     unsigned int ignore_mdc_error : 1;
+    unsigned int include_key_block : 1;
+    unsigned int auto_key_import : 1;
   } flags;
 
   /* NULL or the data object fed to --override_session_key-fd.  */
@@ -686,6 +688,13 @@ gpg_set_engine_flags (void *engine, const gpgme_ctx_t ctx)
 
   gpg->flags.ignore_mdc_error = !!ctx->ignore_mdc_error;
 
+  if (have_gpg_version (gpg, "2.2.20"))
+    {
+      if (ctx->auto_key_import)
+        gpg->flags.auto_key_import = 1;
+      if (ctx->include_key_block)
+        gpg->flags.include_key_block = 1;
+    }
 }
 
 
@@ -1703,6 +1712,9 @@ gpg_decrypt (void *engine,
   if (!err && auto_key_retrieve)
     err = add_arg (gpg, "--auto-key-retrieve");
 
+  if (!err && gpg->flags.auto_key_import)
+    err = add_arg (gpg, "--auto-key-import");
+
   if (!err && override_session_key && *override_session_key)
     {
       if (have_gpg_version (gpg, "2.1.16"))
@@ -2176,6 +2188,9 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,
       && have_gpg_version (gpg, "2.1.14"))
     err = add_arg (gpg, "--mimemode");
 
+  if (!err && gpg->flags.include_key_block)
+    err = add_arg (gpg, "--include-key-block");
+
   if (recp || recpstring)
     {
       /* If we know that all recipients are valid (full or ultimate trust)
@@ -2251,6 +2266,9 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],
       && have_gpg_version (gpg, "2.1.14"))
     err = add_arg (gpg, "--mimemode");
 
+  if (!err && gpg->flags.include_key_block)
+    err = add_arg (gpg, "--include-key-block");
+
   if (recp || recpstring)
     {
       /* If we know that all recipients are valid (full or ultimate trust)
@@ -3243,6 +3261,8 @@ gpg_sign (void *engine, gpgme_data_t in, gpgme_data_t out,
         }
     }
 
+  if (!err && gpg->flags.include_key_block)
+    err = add_arg (gpg, "--include-key-block");
   if (!err)
     err = append_args_from_signers (gpg, ctx);
   if (!err)
@@ -3305,6 +3325,8 @@ gpg_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text,
   gpgme_error_t err;
 
   err = append_args_from_sender (gpg, ctx);
+  if (!err && gpg->flags.auto_key_import)
+    err = add_arg (gpg, "--auto-key-import");
   if (!err && ctx->auto_key_retrieve)
     err = add_arg (gpg, "--auto-key-retrieve");
 
diff --git a/src/gpgme.c b/src/gpgme.c
index 8f4d5f3e..8bc11d51 100644
--- a/src/gpgme.c
+++ b/src/gpgme.c
@@ -533,6 +533,14 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value)
       if (!ctx->override_session_key)
         err = gpg_error_from_syserror ();
     }
+  else if (!strcmp (name, "include-key-block"))
+    {
+      ctx->include_key_block = abool;
+    }
+  else if (!strcmp (name, "auto-key-import"))
+    {
+      ctx->auto_key_import = abool;
+    }
   else if (!strcmp (name, "auto-key-retrieve"))
     {
       ctx->auto_key_retrieve = abool;
@@ -607,6 +615,14 @@ gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name)
     {
       return ctx->override_session_key? ctx->override_session_key : "";
     }
+  else if (!strcmp (name, "include-key-block"))
+    {
+      return ctx->include_key_block? "1":"";
+    }
+  else if (!strcmp (name, "auto-key-import"))
+    {
+      return ctx->auto_key_import? "1":"";
+    }
   else if (!strcmp (name, "auto-key-retrieve"))
     {
       return ctx->auto_key_retrieve? "1":"";
diff --git a/tests/run-sign.c b/tests/run-sign.c
index 5576b8f5..55b2e482 100644
--- a/tests/run-sign.c
+++ b/tests/run-sign.c
@@ -85,6 +85,7 @@ show_usage (int ex)
          "  --loopback       use a loopback pinentry\n"
          "  --key NAME       use key NAME for signing\n"
          "  --sender MBOX    use MBOX as sender address\n"
+         "  --include-key-block  use this option with gpg\n"
          , stderr);
   exit (ex);
 }
@@ -103,6 +104,7 @@ main (int argc, char **argv)
   gpgme_sign_result_t result;
   int print_status = 0;
   int use_loopback = 0;
+  int include_key_block = 0;
   const char *sender = NULL;
   const char *s;
 
@@ -165,6 +167,11 @@ main (int argc, char **argv)
           use_loopback = 1;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--include-key-block"))
+        {
+          include_key_block = 1;
+          argc--; argv++;
+        }
       else if (!strncmp (*argv, "--", 2))
         show_usage (1);
 
@@ -197,6 +204,8 @@ main (int argc, char **argv)
       err = gpgme_get_key (ctx, key_string, &akey, 1);
       if (err)
         {
+          fprintf (stderr, PGM ": get key '%s' failed: %s\n",
+                   key_string, gpg_strerror (err));
           exit (1);
         }
       err = gpgme_signers_add (ctx, akey);
@@ -210,6 +219,17 @@ main (int argc, char **argv)
       fail_if_err (err);
     }
 
+  if (include_key_block)
+    {
+      err = gpgme_set_ctx_flag (ctx, "include-key-block", "1");
+      if (err)
+        {
+          fprintf (stderr, PGM ": error setting include-key-block:  %s\n",
+                   gpgme_strerror (err));
+          exit (1);
+        }
+    }
+
   err = gpgme_data_new_from_file (&in, *argv, 1);
   if (err)
     {
diff --git a/tests/run-verify.c b/tests/run-verify.c
index 83a6533a..e42eb6bf 100644
--- a/tests/run-verify.c
+++ b/tests/run-verify.c
@@ -234,6 +234,7 @@ show_usage (int ex)
          "  --sender MBOX    use MBOX as sender address\n"
          "  --repeat N       repeat the operation N times\n"
          "  --auto-key-retrieve\n"
+         "  --auto-key-import\n"
          , stderr);
   exit (ex);
 }
@@ -248,6 +249,7 @@ main (int argc, char **argv)
   int print_status = 0;
   const char *sender = NULL;
   int auto_key_retrieve = 0;
+  int auto_key_import = 0;
   int repeats = 1;
 
   if (argc)
@@ -304,7 +306,11 @@ main (int argc, char **argv)
           auto_key_retrieve = 1;
           argc--; argv++;
         }
-
+      else if (!strcmp (*argv, "--auto-key-import"))
+        {
+          auto_key_import = 1;
+          argc--; argv++;
+        }
       else if (!strncmp (*argv, "--", 2))
         show_usage (1);
 
@@ -372,6 +378,18 @@ main (int argc, char **argv)
             }
         }
 
+      if (auto_key_import)
+        {
+          gpgme_set_ctx_flag (ctx, "auto-key-import", "1");
+          s = gpgme_get_ctx_flag (ctx, "auto-key-import");
+          if (!s || strcmp (s, "1"))
+            {
+              fprintf (stderr, PGM ": gpgme_get_ctx_flag failed for '%s'\n",
+                       "auto-key-import");
+              exit (1);
+            }
+        }
+
       if (sender)
         {
           err = gpgme_set_sender (ctx, sender);