From 47f61df0704485b8165c9cf2a27ad57bcd864239 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 24 Aug 2017 17:17:11 +0200 Subject: [PATCH] core: New context flag "auto-key-retrieve" * src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag "auto-key-retrieve". * src/context.h (gpgme_context): New field auto_key_retrieve. * src/engine-backend.h (struct engine_ops): Add arg auto_key_retrieve to field 'decrypt'. * src/engine-gpg.c (gpg_decrypt): Add arg auto_key_retrieve and pass option --auto-key-retrieve to gpg. Adjust all callers. (gpg_verify): Ditto. * src/engine-gpgsm.c (gpgsm_decrypt): Add dummy arg auto_key_retrieve. * src/engine-uiserver.c (uiserver_decrypt): Ditto. * tests/run-verify.c (main): Add option --auto-key-retrieve. -- This makes the --auto-key-retrieve option available in the GPGME API. Test plan: Run GPGME_DEBUG=9:out tests/run-verify SIGNEDFILE with and without its new option --auto-key-retrieve and check in the trace stored in "out" whether --auto-key-retrieve was passed to gpg. Signed-off-by: Werner Koch --- NEWS | 1 + doc/gpgme.texi | 10 ++++++++++ src/context.h | 3 +++ src/decrypt-verify.c | 3 ++- src/decrypt.c | 3 ++- src/engine-backend.h | 3 ++- src/engine-gpg.c | 9 ++++++++- src/engine-gpgsm.c | 6 +++++- src/engine-uiserver.c | 5 ++++- src/engine.c | 6 ++++-- src/engine.h | 3 ++- src/gpgme.c | 8 ++++++++ tests/run-verify.c | 21 +++++++++++++++++++++ 13 files changed, 72 insertions(+), 9 deletions(-) diff --git a/NEWS b/NEWS index 25552ad6..71d96001 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,7 @@ Noteworthy changes in version 1.10.0 (unreleased) GPGME_DELETE_ALLOW_SECRET NEW. GPGME_DELETE_FORCE NEW. gpgme_op_conf_dir NEW. + gpgme_set_ctx_flag EXTENDED: New flag 'auto-key-retrieve'. cpp: DecryptionResult::isDeVs NEW. cpp: Signature::isDeVs NEW. py: DecryptResult EXTENDED: New boolean field 'is_de_vs'. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 5df54f58..8dcc86e6 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -3055,6 +3055,16 @@ the context flag "export-session-key" is enabled. Please be aware that using this feature with GnuPG < 2.1.16 will leak the session key on many platforms via ps(1). +@item "auto-key-retrieve" +Setting the @var{value} to "1" asks the backend to automatically +retrieve a key for signature verification if possible. Note that this +option makes a "web bug" like behavior possible. Keyserver or Web Key +Directory operators can see which keys you request, so by sending you +a message signed by a brand new key (which you naturally will not have +on your local keyring), the operator can tell both your IP address and +the time when you verified the signature. + + @end table This function returns @code{0} on success. diff --git a/src/context.h b/src/context.h index d0542d9f..1e763d2a 100644 --- a/src/context.h +++ b/src/context.h @@ -118,6 +118,9 @@ struct gpgme_context * flag is cleared with each operation. */ unsigned int redraw_suggested : 1; + /* True if the option --auto-key-retrieve shall be passed to gpg. */ + unsigned int auto_key_retrieve : 1; + /* Flags for keylist mode. */ gpgme_keylist_mode_t keylist_mode; diff --git a/src/decrypt-verify.c b/src/decrypt-verify.c index 66cfe94f..17f79acd 100644 --- a/src/decrypt-verify.c +++ b/src/decrypt-verify.c @@ -86,7 +86,8 @@ decrypt_verify_start (gpgme_ctx_t ctx, int synchronous, flags, cipher, plain, ctx->export_session_keys, - ctx->override_session_key); + ctx->override_session_key, + ctx->auto_key_retrieve); } diff --git a/src/decrypt.c b/src/decrypt.c index eb7ec4d3..8c2cd4d7 100644 --- a/src/decrypt.c +++ b/src/decrypt.c @@ -452,7 +452,8 @@ _gpgme_decrypt_start (gpgme_ctx_t ctx, int synchronous, flags, cipher, plain, ctx->export_session_keys, - ctx->override_session_key); + ctx->override_session_key, + ctx->auto_key_retrieve); } diff --git a/src/engine-backend.h b/src/engine-backend.h index f41aaeb6..421eb166 100644 --- a/src/engine-backend.h +++ b/src/engine-backend.h @@ -65,7 +65,8 @@ struct engine_ops gpgme_decrypt_flags_t flags, gpgme_data_t ciph, gpgme_data_t plain, int export_session_key, - const char *override_session_key); + const char *override_session_key, + int auto_key_retrieve); gpgme_error_t (*delete) (void *engine, gpgme_key_t key, unsigned int flags); gpgme_error_t (*edit) (void *engine, int type, gpgme_key_t key, gpgme_data_t out, gpgme_ctx_t ctx /* FIXME */); diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 9c0d7f7c..5ce04f0a 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -1562,7 +1562,8 @@ static gpgme_error_t gpg_decrypt (void *engine, gpgme_decrypt_flags_t flags, gpgme_data_t ciph, gpgme_data_t plain, - int export_session_key, const char *override_session_key) + int export_session_key, const char *override_session_key, + int auto_key_retrieve) { engine_gpg_t gpg = engine; gpgme_error_t err; @@ -1580,6 +1581,9 @@ gpg_decrypt (void *engine, if (!err && export_session_key) err = add_arg (gpg, "--show-session-key"); + if (!err && auto_key_retrieve) + err = add_arg (gpg, "--auto-key-retrieve"); + if (!err && override_session_key && *override_session_key) { if (have_gpg_version (gpg, "2.1.16")) @@ -2997,6 +3001,9 @@ gpg_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text, gpgme_error_t err; err = append_args_from_sender (gpg, ctx); + if (!err && ctx->auto_key_retrieve) + err = add_arg (gpg, "--auto-key-retrieve"); + if (err) ; else if (plaintext) diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index f23b0bfd..e337fedd 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -1130,7 +1130,8 @@ static gpgme_error_t gpgsm_decrypt (void *engine, gpgme_decrypt_flags_t flags, gpgme_data_t ciph, gpgme_data_t plain, - int export_session_key, const char *override_session_key) + int export_session_key, const char *override_session_key, + int auto_key_retrieve) { engine_gpgsm_t gpgsm = engine; gpgme_error_t err; @@ -1142,6 +1143,9 @@ gpgsm_decrypt (void *engine, (void)export_session_key; (void)override_session_key; + /* --auto-key-retrieve is also not supported. */ + (void)auto_key_retrieve; + if (!gpgsm) return gpg_error (GPG_ERR_INV_VALUE); diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index 3db705d8..bc3f3fbd 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -962,7 +962,8 @@ static gpgme_error_t uiserver_decrypt (void *engine, gpgme_decrypt_flags_t flags, gpgme_data_t ciph, gpgme_data_t plain, - int export_session_key, const char *override_session_key) + int export_session_key, const char *override_session_key, + int auto_key_retrieve) { engine_uiserver_t uiserver = engine; gpgme_error_t err; @@ -972,6 +973,8 @@ uiserver_decrypt (void *engine, (void)override_session_key; /* Fixme: We need to see now to add this * to the UI server protocol */ + (void)auto_key_retrieve; /* Not yet supported. */ + if (!uiserver) return gpg_error (GPG_ERR_INV_VALUE); diff --git a/src/engine.c b/src/engine.c index 2c7e625f..28ba9fdf 100644 --- a/src/engine.c +++ b/src/engine.c @@ -656,7 +656,8 @@ _gpgme_engine_op_decrypt (engine_t engine, gpgme_decrypt_flags_t flags, gpgme_data_t ciph, gpgme_data_t plain, int export_session_key, - const char *override_session_key) + const char *override_session_key, + int auto_key_retrieve) { if (!engine) return gpg_error (GPG_ERR_INV_VALUE); @@ -665,7 +666,8 @@ _gpgme_engine_op_decrypt (engine_t engine, return gpg_error (GPG_ERR_NOT_IMPLEMENTED); return (*engine->ops->decrypt) (engine->engine, flags, ciph, plain, - export_session_key, override_session_key); + export_session_key, override_session_key, + auto_key_retrieve); } diff --git a/src/engine.h b/src/engine.h index b71b7e2d..0bf1bb27 100644 --- a/src/engine.h +++ b/src/engine.h @@ -88,7 +88,8 @@ gpgme_error_t _gpgme_engine_op_decrypt (engine_t engine, gpgme_data_t ciph, gpgme_data_t plain, int export_session_key, - const char *override_session_key); + const char *override_session_key, + int auto_key_retrieve); gpgme_error_t _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key, unsigned int flags); gpgme_error_t _gpgme_engine_op_edit (engine_t engine, int type, diff --git a/src/gpgme.c b/src/gpgme.c index 2b196a25..d0a5afee 100644 --- a/src/gpgme.c +++ b/src/gpgme.c @@ -531,6 +531,10 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value) if (!ctx->override_session_key) err = gpg_error_from_syserror (); } + else if (!strcmp (name, "auto-key-retrieve")) + { + ctx->auto_key_retrieve = abool; + } else err = gpg_error (GPG_ERR_UNKNOWN_NAME); @@ -568,6 +572,10 @@ gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name) { return ctx->override_session_key? ctx->override_session_key : ""; } + else if (!strcmp (name, "auto-key-retrieve")) + { + return ctx->auto_key_retrieve? "1":""; + } else return NULL; } diff --git a/tests/run-verify.c b/tests/run-verify.c index 3abc5728..b22e6446 100644 --- a/tests/run-verify.c +++ b/tests/run-verify.c @@ -222,6 +222,7 @@ show_usage (int ex) " --openpgp use the OpenPGP protocol (default)\n" " --cms use the CMS protocol\n" " --sender MBOX use MBOX as sender address\n" + " --auto-key-retrieve\n" , stderr); exit (ex); } @@ -231,6 +232,7 @@ int main (int argc, char **argv) { int last_argc = -1; + const char *s; gpgme_error_t err; gpgme_ctx_t ctx; gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; @@ -241,6 +243,7 @@ main (int argc, char **argv) gpgme_verify_result_t result; int print_status = 0; const char *sender = NULL; + int auto_key_retrieve = 0; if (argc) { argc--; argv++; } @@ -283,6 +286,12 @@ main (int argc, char **argv) sender = *argv; argc--; argv++; } + else if (!strcmp (*argv, "--auto-key-retrieve")) + { + auto_key_retrieve = 1; + argc--; argv++; + } + else if (!strncmp (*argv, "--", 2)) show_usage (1); @@ -323,6 +332,18 @@ main (int argc, char **argv) } /* gpgme_set_ctx_flag (ctx, "raw-description", "1"); */ + if (auto_key_retrieve) + { + gpgme_set_ctx_flag (ctx, "auto-key-retrieve", "1"); + s = gpgme_get_ctx_flag (ctx, "auto-key-retrieve"); + if (!s || strcmp (s, "1")) + { + fprintf (stderr, PGM ": gpgme_get_ctx_flag failed for '%s'\n", + "auto-key-retrieve"); + exit (1); + } + } + if (sender) { err = gpgme_set_sender (ctx, sender);