core: Add support for mixed symmetric and asym enc
* src/gpgme.h.in (gpgme_encrypt_flags_t): New flag GPGME_ENCRYPT_SYMMETRIC. * src/engine-gpg.c (gpg_encrypt): Also add --symmetric if the flag is given. * NEWS: Mention new flag. * tests/run-encrypt.c (show_usage): Extend for --symmetric. (main): Handle --symmetric. (main): Set passphrase_cb in loopback mode. (main): Fix encrypt call if no recipients are given. * tests/gpg/t-encrypt-mixed.c: New. * tests/gpg/Makefile.am (c_tests): Add new test. * doc/gpgme.texi: Document new flag.
This commit is contained in:
parent
b5e16b036f
commit
3d2f027d0f
1
NEWS
1
NEWS
@ -22,6 +22,7 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_]
|
||||
GPGME_DATA_TYPE_PGP_ENCRYPTED NEW.
|
||||
GPGME_DATA_TYPE_PGP_SIGNATURE NEW.
|
||||
GPGME_DATA_ENCODING_MIME NEW.
|
||||
GPGME_ENCRYPT_SYMMETRIC NEW.
|
||||
|
||||
|
||||
Noteworthy changes in version 1.6.0 (2015-08-26) [C25/A14/R0]
|
||||
|
@ -5398,6 +5398,12 @@ protocol to prepare an encryption (i.e. sending the
|
||||
@code{GPGME_ENCRYPT_EXPECT_SIGN} symbol the UI Server is advised to
|
||||
also expect a sign command.
|
||||
|
||||
@item GPGME_ENCRYPT_SYMMETRIC
|
||||
The @code{GPGME_ENCRYPT_SYMMETRIC} symbol specifies that the
|
||||
output should be additionally encrypted symmetically even
|
||||
if recipients are provided. This feature is only supported for
|
||||
for the OpenPGP crypto engine.
|
||||
|
||||
@end table
|
||||
|
||||
If @code{GPG_ERR_UNUSABLE_PUBKEY} is returned, some recipients in
|
||||
|
@ -1718,9 +1718,12 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags,
|
||||
{
|
||||
engine_gpg_t gpg = engine;
|
||||
gpgme_error_t err;
|
||||
int symmetric = !recp;
|
||||
|
||||
err = add_arg (gpg, symmetric ? "--symmetric" : "--encrypt");
|
||||
if (recp)
|
||||
err = add_arg (gpg, "--encrypt");
|
||||
|
||||
if (!err && ((flags & GPGME_ENCRYPT_SYMMETRIC) || !recp))
|
||||
err = add_arg (gpg, "--symmetric");
|
||||
|
||||
if (!err && use_armor)
|
||||
err = add_arg (gpg, "--armor");
|
||||
@ -1732,7 +1735,7 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags,
|
||||
&& have_gpg_version (gpg, "2.1.14"))
|
||||
err = add_arg (gpg, "--mimemode");
|
||||
|
||||
if (!symmetric)
|
||||
if (recp)
|
||||
{
|
||||
/* If we know that all recipients are valid (full or ultimate trust)
|
||||
we can suppress further checks. */
|
||||
|
@ -1392,7 +1392,8 @@ typedef enum
|
||||
GPGME_ENCRYPT_NO_ENCRYPT_TO = 2,
|
||||
GPGME_ENCRYPT_PREPARE = 4,
|
||||
GPGME_ENCRYPT_EXPECT_SIGN = 8,
|
||||
GPGME_ENCRYPT_NO_COMPRESS = 16
|
||||
GPGME_ENCRYPT_NO_COMPRESS = 16,
|
||||
GPGME_ENCRYPT_SYMMETRIC = 32
|
||||
}
|
||||
gpgme_encrypt_flags_t;
|
||||
|
||||
|
@ -38,7 +38,7 @@ c_tests = \
|
||||
t-encrypt t-encrypt-sym t-encrypt-sign t-sign t-signers \
|
||||
t-decrypt t-verify t-decrypt-verify t-sig-notation t-export \
|
||||
t-import t-trustlist t-edit t-keylist t-keylist-sig t-wait \
|
||||
t-encrypt-large t-file-name t-gpgconf $(tests_unix)
|
||||
t-encrypt-large t-file-name t-gpgconf t-encrypt-mixed $(tests_unix)
|
||||
|
||||
TESTS = initial.test $(c_tests) final.test
|
||||
|
||||
|
126
tests/gpg/t-encrypt-mixed.c
Normal file
126
tests/gpg/t-encrypt-mixed.c
Normal file
@ -0,0 +1,126 @@
|
||||
/* t-encrypt-mixed.c - Regression test.
|
||||
Copyright (C) 2016 Intevation GmbH
|
||||
|
||||
This file is part of GPGME.
|
||||
|
||||
GPGME is free software; you can redistribute it and/or modify it
|
||||
under the terms of the GNU Lesser General Public License as
|
||||
published by the Free Software Foundation; either version 2.1 of
|
||||
the License, or (at your option) any later version.
|
||||
|
||||
GPGME is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
||||
02111-1307, USA. */
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <gpgme.h>
|
||||
|
||||
#include "t-support.h"
|
||||
|
||||
/* Tests mixed symmetric and asymetric decryption. Verifies
|
||||
that an encrypted message can be decrypted without the
|
||||
secret key but that the recipient is also set correctly. */
|
||||
int
|
||||
main (int argc, char *argv[])
|
||||
{
|
||||
gpgme_ctx_t ctx;
|
||||
gpgme_error_t err;
|
||||
gpgme_data_t in, out;
|
||||
gpgme_key_t key[2] = { NULL, NULL };
|
||||
gpgme_encrypt_result_t result;
|
||||
gpgme_decrypt_result_t dec_result;
|
||||
gpgme_recipient_t recipient;
|
||||
const char *text = "Hallo Leute\n";
|
||||
char *text2;
|
||||
size_t len;
|
||||
|
||||
init_gpgme (GPGME_PROTOCOL_OpenPGP);
|
||||
|
||||
err = gpgme_new (&ctx);
|
||||
fail_if_err (err);
|
||||
gpgme_set_armor (ctx, 1);
|
||||
|
||||
err = gpgme_data_new_from_mem (&in, text, strlen (text), 0);
|
||||
fail_if_err (err);
|
||||
|
||||
err = gpgme_data_new (&out);
|
||||
fail_if_err (err);
|
||||
|
||||
/* A recipient for which we don't have a secret key */
|
||||
err = gpgme_get_key (ctx, "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2",
|
||||
&key[0], 0);
|
||||
fail_if_err (err);
|
||||
|
||||
err = gpgme_op_encrypt (ctx, key,
|
||||
GPGME_ENCRYPT_ALWAYS_TRUST | GPGME_ENCRYPT_SYMMETRIC,
|
||||
in, out);
|
||||
fail_if_err (err);
|
||||
result = gpgme_op_encrypt_result (ctx);
|
||||
if (result->invalid_recipients)
|
||||
{
|
||||
fprintf (stderr, "Invalid recipient encountered: %s\n",
|
||||
result->invalid_recipients->fpr);
|
||||
exit (1);
|
||||
}
|
||||
|
||||
print_data (out);
|
||||
|
||||
/* Now try to decrypt */
|
||||
gpgme_data_seek (out, 0, SEEK_SET);
|
||||
|
||||
gpgme_data_release (in);
|
||||
err = gpgme_data_new (&in);
|
||||
fail_if_err (err);
|
||||
|
||||
err = gpgme_op_decrypt (ctx, out, in);
|
||||
fail_if_err (err);
|
||||
|
||||
fputs ("Begin Result Decryption:\n", stdout);
|
||||
print_data (in);
|
||||
fputs ("End Result.\n", stdout);
|
||||
|
||||
dec_result = gpgme_op_decrypt_result (ctx);
|
||||
if (dec_result->unsupported_algorithm || dec_result->wrong_key_usage)
|
||||
{
|
||||
fprintf (stderr, "%s:%d: Decryption failed\n", __FILE__, __LINE__);
|
||||
exit (1);
|
||||
}
|
||||
|
||||
text2 = gpgme_data_release_and_get_mem (in, &len);
|
||||
if (strncmp (text, text2, len))
|
||||
{
|
||||
fprintf (stderr, "%s:%d: Wrong plaintext\n", __FILE__, __LINE__);
|
||||
exit (1);
|
||||
}
|
||||
|
||||
recipient = dec_result->recipients;
|
||||
if (!recipient || recipient->next)
|
||||
{
|
||||
fprintf (stderr, "%s:%d: Invalid recipients \n", __FILE__, __LINE__);
|
||||
exit (1);
|
||||
}
|
||||
|
||||
if (strncmp (recipient->keyid, "5381EA4EE29BA37F", 16))
|
||||
{
|
||||
fprintf (stderr, "%s:%d: Not encrypted to recipient's subkey \n", __FILE__, __LINE__);
|
||||
exit (1);
|
||||
}
|
||||
|
||||
gpgme_key_unref (key[0]);
|
||||
gpgme_data_release (out);
|
||||
gpgme_release (ctx);
|
||||
return 0;
|
||||
}
|
@ -70,6 +70,7 @@ show_usage (int ex)
|
||||
" --uiserver use the UI server\n"
|
||||
" --loopback use a loopback pinentry\n"
|
||||
" --key NAME encrypt to key NAME\n"
|
||||
" --symmetric encrypt symmetric (OpenPGP only)\n"
|
||||
, stderr);
|
||||
exit (ex);
|
||||
}
|
||||
@ -91,6 +92,7 @@ main (int argc, char **argv)
|
||||
gpgme_key_t keys[10+1];
|
||||
int keycount = 0;
|
||||
int i;
|
||||
gpgme_encrypt_flags_t flags = GPGME_ENCRYPT_ALWAYS_TRUST;
|
||||
|
||||
if (argc)
|
||||
{ argc--; argv++; }
|
||||
@ -148,6 +150,11 @@ main (int argc, char **argv)
|
||||
use_loopback = 1;
|
||||
argc--; argv++;
|
||||
}
|
||||
else if (!strcmp (*argv, "--symmetric"))
|
||||
{
|
||||
flags |= GPGME_ENCRYPT_SYMMETRIC;
|
||||
argc--; argv++;
|
||||
}
|
||||
else if (!strncmp (*argv, "--", 2))
|
||||
show_usage (1);
|
||||
|
||||
@ -174,7 +181,10 @@ main (int argc, char **argv)
|
||||
if (print_status)
|
||||
gpgme_set_status_cb (ctx, status_cb, NULL);
|
||||
if (use_loopback)
|
||||
{
|
||||
gpgme_set_pinentry_mode (ctx, GPGME_PINENTRY_MODE_LOOPBACK);
|
||||
gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL);
|
||||
}
|
||||
|
||||
for (i=0; i < keycount; i++)
|
||||
{
|
||||
@ -194,7 +204,7 @@ main (int argc, char **argv)
|
||||
err = gpgme_data_new (&out);
|
||||
fail_if_err (err);
|
||||
|
||||
err = gpgme_op_encrypt (ctx, keys, GPGME_ENCRYPT_ALWAYS_TRUST, in, out);
|
||||
err = gpgme_op_encrypt (ctx, keycount ? keys : NULL, flags, in, out);
|
||||
result = gpgme_op_encrypt_result (ctx);
|
||||
if (result)
|
||||
print_result (result);
|
||||
|
Loading…
Reference in New Issue
Block a user