Commit Graph

18 Commits

Author SHA1 Message Date
Ingo Klöcker
1a9f192ab4
core: Support reading the archive to decrypt/verify directly from a file
* src/engine-gpg.c (add_file_name_arg_or_data): New.
(gpg_decrypt): Use add_file_name_arg_or_data instead of add_data for the
ciphertext.
(gpg_verify): Use add_file_name_arg_or_data instead of add_data for the
signature and the signed text.

* tests/run-decrypt.c (show_usage): New option --direct-file-io.
(main): Parse new option. If option is given, then don't open input
file, create simple data object instead of data object from stream and
set input file name on input data.
* tests/run-verify.c (show_usage): New option --direct-file-io.
(main): Parse new option. If option is given, then don't open input
files, create simple data objects instead of data objects from stream
and set input file names on input data objects.
--

This change makes it possible to tell gpg (and gpgtar) to read the
input (i.e. the signed/encrypted data or the signature or the created
archive) directly from the files with given file names instead of from
streams piped through GpgME's Data IO.

GnuPG-bug-id: 6530
2023-06-21 14:38:50 +02:00
Ingo Klöcker
95ea3bf831
core: Support usage of gpgtar for decrypting an encrypted archive
* src/gpgme.h.in (GPGME_DECRYPT_ARCHIVE): New decryption flag.
* src/engine-gpg.c (gpg_decrypt): Set use_gpgtar engine flag if
GPGME_DECRYPT_ARCHIVE flag is set. Check for new enough gpg and
incompatible flags. Use add_gpg_arg_with_value for gpg-only options
with a value and add_gpg_arg for gpg-only options without a value.
Set extra options for gpgtar and pass input data to stdin when using
gpgtar.

* tests/run-decrypt.c (show_usage): New options --archive and
--directory.
(main): Parse new options. Decrypt with gpgtar if --archive is given.
Set file name of output data to value of --directory option.
--

GnuPG-bug-id: 6342
2023-01-24 12:32:23 +01:00
Werner Koch
fde20940b5
core: New data flags "io-buffer-size" and "sensitive".
* src/data.c (_gpgme_data_release): Free buffers.
(gpgme_data_seek): Adjust from renamed fields.
(gpgme_data_set_flag): Implement new flags.
(_gpgme_data_inbound_handler): Allow the use of a malloced buffer.
(_gpgme_data_outbound_handler): Ditto.
* src/data.h (BUFFER_SIZE): Move out of the struct definition.
(struct gpgme_data): Remove pending filed and introduce inbound and
outbound fields.

* src/conversion.c (_gpgme_wipememory): New.  Taken from GnuPG.
* src/cJSON.c (wipememory): Use this here too.

* tests/run-decrypt.c (main): Add options "--large-buffers" and
"--sensitive".
--

GnuPG-bug-id: 5478
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-06-14 19:51:28 +02:00
Werner Koch
8d91c0f4cd
Add SPDX identifiers to most source files
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-16 13:27:33 +01:00
Andre Heinecke
a2458806f8
core: Add gpg auditlog to get diagnostics
* src/engine-gpg.c (engine_gpg): Add diagnostics member.
(gpg_release): Release diagnostics data.
(gpg_new): Set up logger-fd and diagnostics.
(gpg_getauditlog): New. Copy diagnostics to a user data.
(engine_ops): Add getauditlog.
* src/engine-gpgsm.c (gpgsm_getauditlog): Return not implemented
for GPGME_AUDITLOG_DIAG.
* src/getauditlog.c (getauditlog_start): Don't reset engine
for diagnostics.
* src/gpgme.h.in (GPGME_AUDITLOG_DIAG): New.
(GPGME_AUDITLOG_DEFAULT): New alias to 0.
* tests/run-decrypt.c (show_usage, main): Add --diagnostics.
* doc/gpgme.texi(Additional Logs): Document getauditlog.

--
This enables users of GPGME to get more verbose information
from gpg which can assist users in figuring out a problem
that was before hidden behind a generalized error like
"Decryption Failed".

For GPGSM it is not yet available as it is problematic to
get it properly in server mode and GPGSM already had the
original audit log mechanism in place.

GPGME_AUDITLOG_DEFAULT was added for a more explicit
documentation.
2018-07-05 11:29:36 +02:00
Werner Koch
662604c5bc
core: New context flag "ignore-mdc-error".
* src/context.h (gpgme_context): Add field ignore_mdc_error.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Set/get it.
* src/engine-gpg.c (engine_gpg): Add flags.ignore_mdc_error.
(gpg_set_engine_flags): Set it.
(build_argv): Pass option to gpg.
* src/decrypt.c (_gpgme_decrypt_status_handler): Take care of flag.
(gpgme_op_decrypt_result): Clear flag.
(gpgme_op_decrypt): Clear flag.
* src/decrypt-verify.c (gpgme_op_decrypt_verify): Clear flag
(gpgme_op_decrypt_ext): Clear flag.

* tests/run-decrypt.c (show_usage): Add option --ignore-mdc-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 01:29:34 +02:00
Werner Koch
dd19cabe81
core: New decryption result flag 'legacy_cipher_nomdc'.
* src/gpgme.h.in (_gpgme_op_decrypt_result): Add flag
legacy_cipher_nomdc.
* src/decrypt.c (parse_status_error): Set this flag.
* tests/run-decrypt.c (print_result): print it.
(main): Print the result even on error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 01:01:08 +02:00
Werner Koch
65479fe7b8
core: Add 'is_mime' flags to the verify and decrypt results.
* src/op-support.c (_gpgme_parse_plaintext): Add arg r_mime.
* src/decrypt.c (_gpgme_decrypt_status_handler): Ser mime flag.
* src/verify.c (_gpgme_verify_status_handler): Ditto.
* src/gpgme.h.in (gpgme_op_verify_result_t): Append fields 'is_mime'
and '_unused'.
(gpgme_op_decrypt_result_t): New field 'is_mime'.  Shrink '_unused'.

* tests/run-decrypt.c (print_result): Print MIME flag.
* tests/run-verify.c (print_result): Ditto.
--

Note that this flag (Liternal Data packet's 'm' mode) is only
specified in RFC-4880bis.  To use it you currently need to add
"rfc4880bis" to the the gpg.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 15:20:35 +02:00
Werner Koch
01435da498
core: Extend decryption result with symkey_algo.
* src/gpgme.h.in (gpgme_op_decrypt_result_t): Add field 'symkey_algo'.
* src/decrypt.c (release_op_data): Free SYMKEY_ALGO.
(gpgme_op_decrypt_result): Make sure SYMKEY_ALGO is not NULL.
(parse_decryption_info): New.
(_gpgme_decrypt_status_handler): Parse DECRYPTION_INFO status.
* src/conversion.c (_gpgme_cipher_algo_name): New.
(_gpgme_cipher_mode_name): New.

* tests/run-decrypt.c (print_result): Print SYMKEY_ALGO

* src/util.h (_gpgme_map_gnupg_error): Remove obsolete prototype.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 13:48:56 +02:00
Werner Koch
f7700a0169
core: Add new context flag "no-symkey-cache".
* src/gpgme.c (gpgme_set_ctx_flag): Set flag.
(gpgme_get_ctx_flag): Get flag.
* src/context.h (struct gpgme_context): Add field no_symkey_cache.
* src/engine-gpg.c (struct engine_gpg): Ditto.
(gpg_set_engine_flags): Set flag.
(build_argv): Pass option --no-symkey-cache to gpg.

* tests/run-decrypt.c (print_result): Fix segv for symmetric messages.
(main): New option --no-symkey-cache.
* tests/run-encrypt.c (main): New option --no-symkey-cache.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 09:17:27 +02:00
Werner Koch
b9000bc293
core: New gpgme_set_ctx_flag "request-origin".
* src/context.h (gpgme_context): Add 'request_origin'.
* src/gpgme.c (gpgme_release): Free that field.
(gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add "request-origin".
* src/engine-backend.h (engine_ops): Add 'set_engine_ops' func ptr and
adjust all users.
* src/engine.c (_gpgme_engine_set_engine_flags): New.
* src/op-support.c (_gpgme_op_reset): Call that func.
* src/engine-gpg.c (struct engine_gpg): Add 'request_origin'.
(gpg_set_engine_flags): New.
(_gpgme_engine_ops_gpg): Hook it.
(build_argv): Use command line option --request-origin.
* src/engine-gpgsm.c (struct engine_gpgsm): Add 'request_origin'.
(gpgsm_set_engine_flags): New.
(_gpgme_engine_ops_gpgsm): Hook it.
(start): Send OPTION "request-origin".
* src/engine-assuan.c (struct engine_llass): Add 'request_origin'.
(gpgsm_set_engine_flags): New.
(_gpgme_engine_ops_assuan): Hook it.
(start): Send OPTION "pretend-request-origin".

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 15:27:32 +01:00
Andre Heinecke
7003583432
Change copyright from Intevation to BSI
* lang/cpp/src/gpggencardkeyinteractor.cpp,
lang/cpp/src/gpggencardkeyinteractor.h,
lang/cpp/src/gpgmepp_export.h,
lang/cpp/src/swdbresult.cpp,
lang/cpp/src/swdbresult.h,
lang/cpp/src/tofuinfo.cpp,
lang/cpp/src/tofuinfo.h,
lang/qt/src/abstractimportjob.h,
lang/qt/src/adduseridjob.h,
lang/qt/src/changeexpiryjob.h,
lang/qt/src/changeownertrustjob.h,
lang/qt/src/changepasswdjob.h,
lang/qt/src/cryptoconfig.cpp,
lang/qt/src/cryptoconfig.h,
lang/qt/src/dataprovider.cpp,
lang/qt/src/dataprovider.h,
lang/qt/src/decryptjob.h,
lang/qt/src/decryptverifyjob.h,
lang/qt/src/deletejob.h,
lang/qt/src/dn.cpp,
lang/qt/src/dn.h,
lang/qt/src/downloadjob.h,
lang/qt/src/encryptjob.h,
lang/qt/src/exportjob.h,
lang/qt/src/hierarchicalkeylistjob.h,
lang/qt/src/importfromkeyserverjob.h,
lang/qt/src/importjob.h,
lang/qt/src/job.cpp,
lang/qt/src/job.h,
lang/qt/src/keyformailboxjob.h,
lang/qt/src/keygenerationjob.h,
lang/qt/src/keylistjob.h,
lang/qt/src/listallkeysjob.h,
lang/qt/src/multideletejob.h,
lang/qt/src/protocol.h,
lang/qt/src/protocol_p.h,
lang/qt/src/qgpgme_export.h,
lang/qt/src/qgpgmeadduseridjob.cpp,
lang/qt/src/qgpgmeadduseridjob.h,
lang/qt/src/qgpgmebackend.cpp,
lang/qt/src/qgpgmebackend.h,
lang/qt/src/qgpgmechangeexpiryjob.cpp,
lang/qt/src/qgpgmechangeexpiryjob.h,
lang/qt/src/qgpgmechangeownertrustjob.cpp,
lang/qt/src/qgpgmechangeownertrustjob.h,
lang/qt/src/qgpgmechangepasswdjob.cpp,
lang/qt/src/qgpgmechangepasswdjob.h,
lang/qt/src/qgpgmedecryptjob.cpp,
lang/qt/src/qgpgmedecryptjob.h,
lang/qt/src/qgpgmedecryptverifyjob.cpp,
lang/qt/src/qgpgmedecryptverifyjob.h,
lang/qt/src/qgpgmedeletejob.cpp,
lang/qt/src/qgpgmedeletejob.h,
lang/qt/src/qgpgmedownloadjob.cpp,
lang/qt/src/qgpgmedownloadjob.h,
lang/qt/src/qgpgmeencryptjob.cpp,
lang/qt/src/qgpgmeencryptjob.h,
lang/qt/src/qgpgmeexportjob.cpp,
lang/qt/src/qgpgmeexportjob.h,
lang/qt/src/qgpgmeimportfromkeyserverjob.cpp,
lang/qt/src/qgpgmeimportfromkeyserverjob.h,
lang/qt/src/qgpgmeimportjob.cpp,
lang/qt/src/qgpgmeimportjob.h,
lang/qt/src/qgpgmekeyformailboxjob.cpp,
lang/qt/src/qgpgmekeyformailboxjob.h,
lang/qt/src/qgpgmekeygenerationjob.cpp,
lang/qt/src/qgpgmekeygenerationjob.h,
lang/qt/src/qgpgmekeylistjob.cpp,
lang/qt/src/qgpgmekeylistjob.h,
lang/qt/src/qgpgmelistallkeysjob.cpp,
lang/qt/src/qgpgmelistallkeysjob.h,
lang/qt/src/qgpgmenewcryptoconfig.cpp,
lang/qt/src/qgpgmenewcryptoconfig.h,
lang/qt/src/qgpgmerefreshkeysjob.cpp,
lang/qt/src/qgpgmerefreshkeysjob.h,
lang/qt/src/qgpgmesecretkeyexportjob.cpp,
lang/qt/src/qgpgmesecretkeyexportjob.h,
lang/qt/src/qgpgmesignencryptjob.cpp,
lang/qt/src/qgpgmesignencryptjob.h,
lang/qt/src/qgpgmesignjob.cpp,
lang/qt/src/qgpgmesignjob.h,
lang/qt/src/qgpgmesignkeyjob.cpp,
lang/qt/src/qgpgmesignkeyjob.h,
lang/qt/src/qgpgmetofupolicyjob.cpp,
lang/qt/src/qgpgmetofupolicyjob.h,
lang/qt/src/qgpgmeverifydetachedjob.cpp,
lang/qt/src/qgpgmeverifydetachedjob.h,
lang/qt/src/qgpgmeverifyopaquejob.cpp,
lang/qt/src/qgpgmeverifyopaquejob.h,
lang/qt/src/qgpgmewkspublishjob.cpp,
lang/qt/src/qgpgmewkspublishjob.h,
lang/qt/src/refreshkeysjob.h,
lang/qt/src/signencryptjob.h,
lang/qt/src/signjob.h,
lang/qt/src/signkeyjob.h,
lang/qt/src/specialjob.h,
lang/qt/src/threadedjobmixin.cpp,
lang/qt/src/threadedjobmixin.h,
lang/qt/src/tofupolicyjob.h,
lang/qt/src/verifydetachedjob.h,
lang/qt/src/verifyopaquejob.h,
lang/qt/src/wkspublishjob.h,
lang/qt/tests/run-keyformailboxjob.cpp,
lang/qt/tests/t-config.cpp,
lang/qt/tests/t-encrypt.cpp,
lang/qt/tests/t-keylist.cpp,
lang/qt/tests/t-keylocate.cpp,
lang/qt/tests/t-ownertrust.cpp,
lang/qt/tests/t-support.cpp,
lang/qt/tests/t-support.h,
lang/qt/tests/t-tofuinfo.cpp,
lang/qt/tests/t-various.cpp,
lang/qt/tests/t-verify.cpp,
lang/qt/tests/t-wkspublish.cpp,
tests/gpg/t-encrypt-mixed.c,
tests/gpg/t-thread-keylist-verify.c,
tests/gpg/t-thread-keylist.c,
tests/run-decrypt.c: Change Intevation GmbH copyright to BSI.

--
This should make it more transparent where the BSI is the actual
copyright holder as the code was mostly developed as part of a
development contract.
2017-04-25 10:24:11 +02:00
Werner Koch
6ac1f2cded
core: New flags GPGME_DECRYPT_UNWRAP and GPGME_ENCRYPT_WRAP.
* src/gpgme.h.in (GPGME_ENCRYPT_WRAP): New const.
(gpgme_decrypt_flags_t): New enum.
(GPGME_DECRYPT_VERIFY): New const
(GPGME_DECRYPT_UNWRAP): New const
(gpgme_op_decrypt_ext_start): New func.
(gpgme_op_decrypt_ext): New func.
* src/decrypt-verify.c (gpgme_op_decrypt_ext_start): New.
(gpgme_op_decrypt_ext): New.
(decrypt_verify_start): Add arg FLAGS.  Replace call to
engine_op_decrypt_verify by the plain decrypt with the flag set.
(gpgme_op_decrypt_verify_start): Pass the flag.
(gpgme_op_decrypt_verify): Pass the flag.
* src/decrypt.c (decrypt_start): Rename to ...
(_gpgme_decrypt_start): this.  Add arg FLAGS.  Pass FLAGS to
engine_op_decrypt.
(gpgme_op_decrypt_start): Adjust for chnage pass 0 for FLAG.
(gpgme_op_decrypt_start): Ditto.
* src/engine.c (_gpgme_engine_op_decrypt_verify): Remove.
(_gpgme_engine_op_decrypt): Add arg FLAGS.
* src/gpgme.def, src/libgpgme.vers: Add new functions.
* src/engine-backend.h (struct engine_ops): Remove member
'decrypt_verify'.  Add FLAGS to 'decrypt'.  Adjust all initialization.
* src/engine-uiserver.c (uiserver_decrypt): Remove.
(uiserver_decrypt_verify): Remove.
(_uiserver_decrypt): Rename to ...
(uiserver_decrypt): this.  Replace arg VERIFY by new arg FLAGS.
* src/engine-gpg.c (gpg_decrypt): Support GPGME_DECRYPT_UNWRAP.
(gpg_encrypt): Support GPGME_ENCRYPT_WRAP.

* tests/run-decrypt.c (main): New option --unwrap.
* tests/run-encrypt.c (main): New option --wrap.
--

Manual testing of that wrap/unwrap feature can be done this way:

 ./run-encrypt --verbose --key Alice /etc/motd > x
 ./run-decrypt --verbose --unwrap x > y
 ./run-encrypt --verbose --key Bob --wrap y > z

1. The message was first encrypted to Alice.
2. Alice decrypts the message receiving a valid OpenPGP message.
3. Alice encrypt that message to Bob

This will also work with encrypted and signed messages; the signature
will be kept intact during re-encryption.  Requires GnuPG 2.1.12.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-24 15:17:23 +01:00
Werner Koch
7f5f26fd66
doc: Replace http: by https: in core source files.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 13:27:00 +01:00
Werner Koch
9fc92a15bd
core: Do not leak the override session key to ps(1).
* src/engine-gpg.c (struct engine_gpg): New field
override_session_key.
(gpg_release): Free that field.
(gpg_decrypt): With gnupg 2.1.16 use --override-session-key-fd.

* tests/run-decrypt.c (main): Fix setting over the override key.
--

Note that this works only with gnupg 2.1.16 and later.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 10:15:31 +01:00
Daniel Kahn Gillmor
5730647421
doc,tests: Require use of ctx_flag before use of session_key.
* doc/gpgme.texi: Document requirements of verifying that it is OK to
use session_key.
* tests/run-decrypt.c: Ensure that we fail if we're unable to access
the session key, so that we do not violate the guidance above.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Changed the description

 -@code{gpgme_set_ctx_flag (ctx, "export-session-key")} returns
 -@code{GPG_ERR_NO_ERROR} or @code{gpgme_get_ctx_flag (ctx,
 -"export-session-key")} returns @code{"1"}.
 +@code{gpgme_set_ctx_flag (ctx, "export-session-key")} returns success
 +or @code{gpgme_get_ctx_flag (ctx, "export-session-key")} returns true
 +(non-empty string).

to get gpgme_get_ctx_flag for boolean values in sync with its own
description.

Note that I don't agree with the above suggestion but it does not
really harm to have it in the man page.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 10:15:31 +01:00
Werner Koch
7659d42468
core: Implement context flag "override-session-key".
* src/gpgme.c (gpgme_set_ctx_flag): Add flags "export-session-key" and
"override-session-key".
(gpgme_get_ctx_flag): Ditto.
(gpgme_set_export_session_keys): Remove.
(gpgme_get_export_session_keys): Remove.
* src/gpgme.def, src/libgpgme.vers: Remove them.
* src/context.h (struct gpgme_context): Add field
override_session_key.
* src/decrypt-verify.c (decrypt_verify_start): Pass
override_session_key value to the engine.
* src/decrypt.c (decrypt_start): Ditto.
* src/engine.c (_gpgme_engine_op_decrypt): Ditto.
(_gpgme_engine_op_decrypt_verify): Ditto.
* src/engine-backend.h (struct engine_ops): Extend DECRYPT and
DECRYPT_VERIFY_START with override_session_key.
* src/engine-uiserver.c (_uiserver_decrypt): Add stub arg
override_session_key.
(uiserver_decrypt): Ditto.
(uiserver_decrypt_verify): Ditto.
* src/engine-gpgsm.c (gpgsm_decrypt): Ditto.
* src/engine-gpg.c (gpg_decrypt): Add arg override_session_key and set
corresponding gpg option.

* tests/run-decrypt.c (print_result): Print the session key if
available.
(main): Add options --export-session-key and --override-session-key.

--

To keep the number of context manipulation functions at bay, this
patches removes the just added gpgme_set_export_session_keys and
gpgme_get_export_session_keys by flags for the generic context
function.

The patch also implements the --override-session-key feature.

GnuPG-bug-id: 2754
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 10:34:13 +01:00
Andre Heinecke
3364549c19 tests: Add new test tool run-decrypt
* tests/run-decrypt.c: New.
* tests/Makefile.am (noinst_PROGRAMS): Add run-decrypt.
2016-06-24 11:33:05 +02:00