core: Add support for mixed symmetric and asym enc

* src/gpgme.h.in (gpgme_encrypt_flags_t): New flag
GPGME_ENCRYPT_SYMMETRIC.
* src/engine-gpg.c (gpg_encrypt): Also add --symmetric if the flag
is given.
* NEWS: Mention new flag.
* tests/run-encrypt.c (show_usage): Extend for --symmetric.
(main): Handle --symmetric.
(main): Set passphrase_cb in loopback mode.
(main): Fix encrypt call if no recipients are given.
* tests/gpg/t-encrypt-mixed.c: New.
* tests/gpg/Makefile.am (c_tests): Add new test.
* doc/gpgme.texi: Document new flag.
This commit is contained in:
Andre Heinecke 2016-08-09 11:40:29 +02:00
parent b5e16b036f
commit 3d2f027d0f
7 changed files with 154 additions and 7 deletions

1
NEWS
View File

@ -22,6 +22,7 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_]
GPGME_DATA_TYPE_PGP_ENCRYPTED NEW.
GPGME_DATA_TYPE_PGP_SIGNATURE NEW.
GPGME_DATA_ENCODING_MIME NEW.
GPGME_ENCRYPT_SYMMETRIC NEW.
Noteworthy changes in version 1.6.0 (2015-08-26) [C25/A14/R0]

View File

@ -5398,6 +5398,12 @@ protocol to prepare an encryption (i.e. sending the
@code{GPGME_ENCRYPT_EXPECT_SIGN} symbol the UI Server is advised to
also expect a sign command.
@item GPGME_ENCRYPT_SYMMETRIC
The @code{GPGME_ENCRYPT_SYMMETRIC} symbol specifies that the
output should be additionally encrypted symmetically even
if recipients are provided. This feature is only supported for
for the OpenPGP crypto engine.
@end table
If @code{GPG_ERR_UNUSABLE_PUBKEY} is returned, some recipients in

View File

@ -1718,9 +1718,12 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags,
{
engine_gpg_t gpg = engine;
gpgme_error_t err;
int symmetric = !recp;
err = add_arg (gpg, symmetric ? "--symmetric" : "--encrypt");
if (recp)
err = add_arg (gpg, "--encrypt");
if (!err && ((flags & GPGME_ENCRYPT_SYMMETRIC) || !recp))
err = add_arg (gpg, "--symmetric");
if (!err && use_armor)
err = add_arg (gpg, "--armor");
@ -1732,7 +1735,7 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags,
&& have_gpg_version (gpg, "2.1.14"))
err = add_arg (gpg, "--mimemode");
if (!symmetric)
if (recp)
{
/* If we know that all recipients are valid (full or ultimate trust)
we can suppress further checks. */

View File

@ -1392,7 +1392,8 @@ typedef enum
GPGME_ENCRYPT_NO_ENCRYPT_TO = 2,
GPGME_ENCRYPT_PREPARE = 4,
GPGME_ENCRYPT_EXPECT_SIGN = 8,
GPGME_ENCRYPT_NO_COMPRESS = 16
GPGME_ENCRYPT_NO_COMPRESS = 16,
GPGME_ENCRYPT_SYMMETRIC = 32
}
gpgme_encrypt_flags_t;

View File

@ -38,7 +38,7 @@ c_tests = \
t-encrypt t-encrypt-sym t-encrypt-sign t-sign t-signers \
t-decrypt t-verify t-decrypt-verify t-sig-notation t-export \
t-import t-trustlist t-edit t-keylist t-keylist-sig t-wait \
t-encrypt-large t-file-name t-gpgconf $(tests_unix)
t-encrypt-large t-file-name t-gpgconf t-encrypt-mixed $(tests_unix)
TESTS = initial.test $(c_tests) final.test

126
tests/gpg/t-encrypt-mixed.c Normal file
View File

@ -0,0 +1,126 @@
/* t-encrypt-mixed.c - Regression test.
Copyright (C) 2016 Intevation GmbH
This file is part of GPGME.
GPGME is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as
published by the Free Software Foundation; either version 2.1 of
the License, or (at your option) any later version.
GPGME is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
02111-1307, USA. */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <gpgme.h>
#include "t-support.h"
/* Tests mixed symmetric and asymetric decryption. Verifies
that an encrypted message can be decrypted without the
secret key but that the recipient is also set correctly. */
int
main (int argc, char *argv[])
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t in, out;
gpgme_key_t key[2] = { NULL, NULL };
gpgme_encrypt_result_t result;
gpgme_decrypt_result_t dec_result;
gpgme_recipient_t recipient;
const char *text = "Hallo Leute\n";
char *text2;
size_t len;
init_gpgme (GPGME_PROTOCOL_OpenPGP);
err = gpgme_new (&ctx);
fail_if_err (err);
gpgme_set_armor (ctx, 1);
err = gpgme_data_new_from_mem (&in, text, strlen (text), 0);
fail_if_err (err);
err = gpgme_data_new (&out);
fail_if_err (err);
/* A recipient for which we don't have a secret key */
err = gpgme_get_key (ctx, "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2",
&key[0], 0);
fail_if_err (err);
err = gpgme_op_encrypt (ctx, key,
GPGME_ENCRYPT_ALWAYS_TRUST | GPGME_ENCRYPT_SYMMETRIC,
in, out);
fail_if_err (err);
result = gpgme_op_encrypt_result (ctx);
if (result->invalid_recipients)
{
fprintf (stderr, "Invalid recipient encountered: %s\n",
result->invalid_recipients->fpr);
exit (1);
}
print_data (out);
/* Now try to decrypt */
gpgme_data_seek (out, 0, SEEK_SET);
gpgme_data_release (in);
err = gpgme_data_new (&in);
fail_if_err (err);
err = gpgme_op_decrypt (ctx, out, in);
fail_if_err (err);
fputs ("Begin Result Decryption:\n", stdout);
print_data (in);
fputs ("End Result.\n", stdout);
dec_result = gpgme_op_decrypt_result (ctx);
if (dec_result->unsupported_algorithm || dec_result->wrong_key_usage)
{
fprintf (stderr, "%s:%d: Decryption failed\n", __FILE__, __LINE__);
exit (1);
}
text2 = gpgme_data_release_and_get_mem (in, &len);
if (strncmp (text, text2, len))
{
fprintf (stderr, "%s:%d: Wrong plaintext\n", __FILE__, __LINE__);
exit (1);
}
recipient = dec_result->recipients;
if (!recipient || recipient->next)
{
fprintf (stderr, "%s:%d: Invalid recipients \n", __FILE__, __LINE__);
exit (1);
}
if (strncmp (recipient->keyid, "5381EA4EE29BA37F", 16))
{
fprintf (stderr, "%s:%d: Not encrypted to recipient's subkey \n", __FILE__, __LINE__);
exit (1);
}
gpgme_key_unref (key[0]);
gpgme_data_release (out);
gpgme_release (ctx);
return 0;
}

View File

@ -70,6 +70,7 @@ show_usage (int ex)
" --uiserver use the UI server\n"
" --loopback use a loopback pinentry\n"
" --key NAME encrypt to key NAME\n"
" --symmetric encrypt symmetric (OpenPGP only)\n"
, stderr);
exit (ex);
}
@ -91,6 +92,7 @@ main (int argc, char **argv)
gpgme_key_t keys[10+1];
int keycount = 0;
int i;
gpgme_encrypt_flags_t flags = GPGME_ENCRYPT_ALWAYS_TRUST;
if (argc)
{ argc--; argv++; }
@ -148,6 +150,11 @@ main (int argc, char **argv)
use_loopback = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--symmetric"))
{
flags |= GPGME_ENCRYPT_SYMMETRIC;
argc--; argv++;
}
else if (!strncmp (*argv, "--", 2))
show_usage (1);
@ -174,7 +181,10 @@ main (int argc, char **argv)
if (print_status)
gpgme_set_status_cb (ctx, status_cb, NULL);
if (use_loopback)
{
gpgme_set_pinentry_mode (ctx, GPGME_PINENTRY_MODE_LOOPBACK);
gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL);
}
for (i=0; i < keycount; i++)
{
@ -194,7 +204,7 @@ main (int argc, char **argv)
err = gpgme_data_new (&out);
fail_if_err (err);
err = gpgme_op_encrypt (ctx, keys, GPGME_ENCRYPT_ALWAYS_TRUST, in, out);
err = gpgme_op_encrypt (ctx, keycount ? keys : NULL, flags, in, out);
result = gpgme_op_encrypt_result (ctx);
if (result)
print_result (result);