Commit Graph

2903 Commits

Author SHA1 Message Date
Werner Koch
013a7f47ab
json: Fix buffer overflow in cJSON.c
* src/cJSON.c (parse_string): Correctly detect bad hex.
--

The call to parse_hex4 checks that only hex digits follow and in the
error case returns 0.  However, by the time of the combined check for
an invalid value and the error PTR has already been set to the last
hex character and thus if the end-of-string or a quote character was
one of the bad hex digits the loop will miss the end of the string
which does not match with the simple buffer length allocation test at
the begin of the function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-16 12:37:06 +02:00
Ben McGinnes
1bb3f8409d python bindings: example scripts
* Fixed incorrect mention of output prompt referencing secret keys
  when the scripts are only for exporting public keys in whole or
  minimised forms.
2018-07-13 20:36:27 +10:00
Maximilian Krambach
5213a599fe js: allow optional Key retrieve pattern to be null
--

* src/Keyring.js: If the optional "pattern" parameter is not to be
  used, but another, following parameter is, null is more of a
  convention in javascript, thus both null and undefined are
  interpreted as "this parameter is not meant to be set".
2018-07-12 11:48:17 +02:00
Maximilian Krambach
30bb549046 js: add with-sec-fprs to getKeysArmored
--

* Reflects the changes made to gpgme-json in commit
  6cc842c9aa.

  - getKeysArmored now returns an object with property 'armored' being
    the exported armored block, and an (optional) array of fingerprint
    strings for those keys that can be used in sign/encrypt operations
    as property 'secret_fprs'. With this, extensions such as mailvelope
    will be able to bulk fetch all necessary key information in one
    request.
2018-07-12 11:36:55 +02:00
Andre Heinecke
6cc842c9aa
json: Add with-sec-fprs param to export
* src/gpgme-json.c (add_secret_fprs): New helper.
(op_export, hlp_export): Extend for with-sec fprs.

--
This is a request from Mailvelope, to import an export
they need the information for which keys from the export
a secret key is also available. For simplicity it is
much preferred to get this information in a single call
without the need to do and parse a keylisting additionally
in a second native-messaging call.

So we make it optional to include that info in the export.
2018-07-11 16:18:24 +02:00
Maximilian Krambach
4015f5b498 js: documentation
--

* Fixed errors:
- src/Message.js post(): Set chunksize to defined default value instead
  of hardcoded
- src/Keys.js: added getHasSecret() to refreshKey operation.

* Reviewed and updated the documentation

* non-documentation changes which do not affect functionality:
- src/Errors: disabled a console.warn that is only useful for debugging
- helpers.js: renamed "string" to "value" in isFingerprint and isLongId
  to avoid confusion
- src/Keyring: prepare_sync, search are both explicitly set to false by
  default
2018-07-10 14:32:26 +02:00
Ben McGinnes
0e760e396f example scripts: python work-arounds
* fixed three typos which were guaranteed to break said script.
2018-07-10 13:40:18 +10:00
Ben McGinnes
1eceacaff4 docs: python bindings howto
* Complete typographic overhaul.
* Removed all section level indentation since it does not affect
  output formatting, but might affect source code examples.
* In text-mode stripped out all tabs which had crept in and replaced
  them with four spaces.
* Updated all code examples (again) to conform with Python-mode.
* Bumped version number in preparation for next release of GPG 2.2.9
  and corresponding GPGME release.
2018-07-09 21:30:20 +10:00
Maximilian Krambach
8964627f6a js: fix verify result reporting
--

* src/Signature.js: searching for overall validity in the "summary"
  property
* BrowsertestExtension: Added two verify tests
2018-07-09 11:57:01 +02:00
Andre Heinecke
40471ec12f
json: Add with-secret without secret only
* src/gpgme-json.c (op_keylist, hlp_keylist): Add "with-secret"
as a flag to do a public keylist with secret information.
2018-07-09 11:36:28 +02:00
Maximilian Krambach
67b6fa5a29 js: reduce request spam at getKeys()
--

* Don't make a secret-Key request for each Key retrieved, use one
  request for all of them instead, and assemble the info later. This
  should reduce the traffic with large Keyrings. The bulk retrieval
  for the public armored Keys for each of these Keys is still up to
  discussion

* unittests: disabled assertion for the armored key (as it currently
  doesn't work)

* encryptTest: clarified the mechanism/reason of rejection for
  Messages >64 MB. This is still a TODO, as this error comes from a
  different place (the browser itself) and behaves different from the
  other errors.
2018-07-09 11:24:46 +02:00
Andre Heinecke
c287f09ac0
tests: Add --with-secret to run-keylist.c
* run-keylist.c (show_usage, main): Add --with-secret.
2018-07-09 11:17:27 +02:00
Andre Heinecke
31bc51e2af
doc: More explicit doc for EXTERN and LOCAL modes.
* doc/gpgme.texi (GPGME_KEYLIST_MODE_EXTERN),
(GPGME_KEYLIST_MODE_LOCATE, GPGME_KEYLIST_MODE_LOCAL): Mention
command line flags for CMS and OpenPGP Protocol.

--
This might help new users coming to gnupg to understand what
the flags do.
2018-07-09 11:10:19 +02:00
Andre Heinecke
7bc5d3c7e4
Add ctx flag for auto-key-locate
* src/context.h (gpgme_context): Add auto_key_locate.
* src/engine-gpg.c (engine_gpg): Add auto_key_locate.
(gpg_set_engine_flags, build_argv): Handle auto_key_locate.
(gpg_release): Free auto_key_locate.
* src/gpgme.c (gpgme_release): Free auto_key_locate.
(gpgme_get_ctx_flag, gpgme_set_ctx_flag): Handle auto-key-locate.
* doc/gpgme.texi: Document auto-key-locate flag.
* tests/run-keylist.c (show_usage, main): Add --from-wkd option.

--
This enables users of GPGME to control more fine grained what
auto-key-locate does.  Especially for WKD lookups / refreshes
can this be useful.

GnuPG-Bug-Id: T2917
Differential Revision: https://dev.gnupg.org/D463
2018-07-09 10:58:04 +02:00
Ben McGinnes
cacca62d06 python bindings: howto examples
* Made sure all example scripts meet PEP8 compliance.
* Required fixing approx. a dozen of them in minor ways.
2018-07-08 03:40:35 +10:00
Andre Heinecke
66c2a99422
qt: Handle OpenPGP Diagnostic log
* lang/qt/src/threadedjobmixin.cpp (_detail::audit_log_as_html):
Handle OpenPGP audit log differently.
2018-07-05 11:29:36 +02:00
Andre Heinecke
629afebe50
cpp: Add enum mapping for GPGME_AUDIT_LOG_DIAG
* src/context.cpp (to_auditlog_flags): Map DIAG value.
* src/context.h (AuditLogFlags): Add it.
2018-07-05 11:29:36 +02:00
Andre Heinecke
a2458806f8
core: Add gpg auditlog to get diagnostics
* src/engine-gpg.c (engine_gpg): Add diagnostics member.
(gpg_release): Release diagnostics data.
(gpg_new): Set up logger-fd and diagnostics.
(gpg_getauditlog): New. Copy diagnostics to a user data.
(engine_ops): Add getauditlog.
* src/engine-gpgsm.c (gpgsm_getauditlog): Return not implemented
for GPGME_AUDITLOG_DIAG.
* src/getauditlog.c (getauditlog_start): Don't reset engine
for diagnostics.
* src/gpgme.h.in (GPGME_AUDITLOG_DIAG): New.
(GPGME_AUDITLOG_DEFAULT): New alias to 0.
* tests/run-decrypt.c (show_usage, main): Add --diagnostics.
* doc/gpgme.texi(Additional Logs): Document getauditlog.

--
This enables users of GPGME to get more verbose information
from gpg which can assist users in figuring out a problem
that was before hidden behind a generalized error like
"Decryption Failed".

For GPGSM it is not yet available as it is problematic to
get it properly in server mode and GPGSM already had the
original audit log mechanism in place.

GPGME_AUDITLOG_DEFAULT was added for a more explicit
documentation.
2018-07-05 11:29:36 +02:00
Maximilian Krambach
10f2106404 js: properly reject pgp message without signature
--

* A verify at gpgme-json does not fail if there is a valid pgp message
  that does not include a signature. Instead, the answer will be devoid
  of signatures. In javascript, the SIG_NO_SIG error should be reported
  here, but wasn't.
2018-07-04 15:46:45 +02:00
Maximilian Krambach
1919fa41b6 js: Add jsdoc, update webpack-cli dependency
--
* package.json:
  - the old webpack-cli version depended on two packages
    with vulnerabilities, set to minimum version 3.0.8 to fix this
    (nodesecurity.io/advisories/157, nodesecurity.io/advisories/612)
  - added License identifier

* README: Updated documentation

* jsdoc.conf: Added a configuration file for jsdoc

* some minor documentation changes, indentations
2018-07-04 13:38:54 +02:00
Andre Heinecke
7d65dc2a5c
cpp: Fix memory of DecryptionResult::symkeyAlgo
* lang/cpp/src/decryptionresult.cpp (Private, ~Private): strdup
the symkey algo.
2018-07-04 12:17:43 +02:00
Maximilian Krambach
1105fc87a3 js: add Key lookup
--

* src/Keyring.js: getKeys() now has the option "search", which will
  trigger a remote lookup (as configured in gpg) for the string given
  as pattern.
* src/permittedOperations: make use of the new 'locate' option in
  keylist
* DemoExtension: Add a button for lookup, to demonstrate the
  functionality
2018-07-04 12:11:35 +02:00
Andre Heinecke
76b8470915
json: Add keylist mode locate
* src/gpgme-json.c (op_keylist, hlp_keylist): Add locate.

--
The same rationale for the KEYLIST_MODE_LOCATE in GPGME
also applies here. It makes the API a little less magic.
2018-07-04 11:14:44 +02:00
Maximilian Krambach
a52ec87d40 js: fixing Key import/export test
--

* BrowserTestExtension:
 - The KeyImport/Export test had some errors, which have now been fixed
 - The secret key used for the test examples is now placed more
   prominently, and a clarification added that decrypt tests will not
   work if this key is not imported.

* permittedOperations.js: typo

  Thanks to rrenkert@intevation.de for the fixes
2018-07-03 12:41:49 +02:00
Ben McGinnes
5bca499750 python bindings: scheming serpents
* Apparently I am wrong and Scheme is the new Python after all.
* Non-import related PEP8 compliance must wait for another day, though
  the other PEP8 fixes remain.
2018-07-02 05:05:09 +10:00
Ben McGinnes
789ea1b019 python bindings: gpg.core
* Changed id/else statements to a more pythonic form from scheme
  masquerading as python - sorry Justus, it had to go ;).
* With the added bonus of enabling PEP8 compliance in those sections.
* Fixed remaining PEP8 compliance issues with the exception of the
  imports at the beginning of the file (changing those will break the
  entire module, so we'll cope with it as it is).
2018-07-02 03:55:19 +10:00
Ben McGinnes
35e29e1395 m4 update: python 3.7
* Fixed an error in arcane m4 syntax.
2018-06-29 14:52:37 +10:00
Ben McGinnes
43a2b57545 python bindings: python 3.7
* Bindings confirmed to work with the newly released 3.7.0.
* Updated M4 file to reflect this change and correct the Python binary
  search order (3.7 is not yet given priority, but will still be found
  first via the more generic python3 executable).
* Updated setup.py.in, bindings documentation and README to reflect this.
2018-06-29 14:26:30 +10:00
Ben McGinnes
48174b2bcc whitespace police:
* There's always one or, in this case, two.
2018-06-28 18:51:47 +10:00
Ben McGinnes
6aec7d6e4a docs: python bindings howto
* Updated official doc (the org-mode file) with the instructions on
  importing and exporting both public and secret keys.
2018-06-28 18:51:47 +10:00
Ben McGinnes
a7ccdc51ef python bindings examples
* Added a secret key export variant which saves output as both GPG
  binary and ASCII armoured, plus saves in $GNUPGHOME and uses
  multiple methods of determining what that location is.
2018-06-28 18:51:47 +10:00
Ben McGinnes
7fc7e80e54 python bindings examples
* Added a key import variant which accesses the SKS keyservers in a
  RESTful fashion and then imports or attempts to import the response.
2018-06-28 18:51:47 +10:00
Ben McGinnes
0d163a7d12 python bindings examples: three export scripts
* Example of default exporting keys.
* Example of exporting minimised keys.
* Example of exporting secret keys to a file with correct permissions.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-06-28 18:51:47 +10:00
Ben McGinnes
4251cae34d python bindings: import example
* Added an example script for importing a key from a file (either
  ASCII armoured or not).
2018-06-28 18:51:47 +10:00
Ben McGinnes
a5b91b21f5 python bindings: export secret keys
* The holy grail: a function to export secret keys.
* GPGME will still invoke pinentry and gpg-agent as usual to authorise
  the export.
* Mostly similar to the two previous export functions for public keys
  except that it will return None if the result had a length of zero
  bytes.  Meaning that the difference between the specified pattern
  (if any) not matching available keys and an incorrect passphrase is
  not able to be determined from this function (or the underlying one
  for that matter).

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-06-28 18:51:47 +10:00
Ben McGinnes
7faef33d13 python bindings: export public keys
* Updated key_export and key_export_minimal to return None where a
  pattern matched no keys in a manner simnilar to the possible result
  of key_export_secret.
2018-06-28 18:51:47 +10:00
Ben McGinnes
89c548efdf python bindings: export public keys
* Added functions for exporting public keys to gpg.core in both
  complete form and in minimised form.
* Rather than letting people need to worry about the export modes we
  are simply separating the functions as people would be more familiar
  with from the command line usage anyway.
* Functions added for Context are: ctx.key_export_minimal and
  ctx.key_export as the default or full export.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-06-28 18:48:05 +10:00
Maximilian Krambach
88e7f8ec2e js: Demoextension update
--

* src/Signature: typo
* src/gpgmejs.js: fixed wrong scope in verification
* right now verify does not succeed in the DemoExtension.
  This is probably a problem in conversion or line ending.
2018-06-20 13:46:41 +02:00
Andre Heinecke
d8beab30c4
json: Add file handling for debug output
* src/gpgme-json.c (main): Add possibilty to set log file.

--
This is similar to how GPGME_DEBUG works. It takes ; on
Windows as seperator and : on linux. Followed by a file name.

For Linux it might make sense to use a different seperator
to allow setting a socket explicitly. But this is better
in line with the current GPGME_DEBUG behavior.

The change helps on Windows where we don't have a
log socket.
2018-06-20 10:50:17 +02:00
Andre Heinecke
d27703ea4f
Prepare build system for gpgme-js and dist it
* configure.ac: Add js as language.
* lang/Makefile.am: Add js as dist language.
* lang/js/BrowserTestExtension/Makefile.am,
lang/js/DemoExtension/Makefile.am,
lang/js/Makefile.am,
lang/js/src/Makefile.am: Populate EXTRA_DIST variables.

--
There is no actual build done yet as there seems to be
no way to build it with debian stable tools. This needs
clarification.
2018-06-19 16:40:40 +02:00
Maximilian Krambach
780f7880c6 js: getDefaultKey and GenerateKey improvements
--

* src/Keyring.js: added more options for key generation.

* src/Key.js: GetDefaultKey now relies on the info associated with the
  key, as the approach of relying on a secret subkey did not work as
  intended
* DemoExtension: Added a button for retrieval of the subkey, to test
  this functionality.
2018-06-19 09:26:01 +02:00
Ben McGinnes
19c5267f86 python bindings: core import statements
* Fixed the bit I broke while fixing the PEP8 compliance issues.
2018-06-17 22:42:43 +10:00
Ben McGinnes
a5b24ae46c python bindings: core — PEP8 compliance
* Fixed most of the PEP8 errors in core.py
* Those remaining may need more than little edits and are a bit
  strange (too clearly the result of a programmer who has spent far
  too much time dealing with Lisp so that for Python it looks
  ... strange).
2018-06-17 15:58:44 +10:00
Ben McGinnes
5a80e75500 python bindings: core - key import
* Wrapped the key import function in the try/exception statements
  needed to catch at least the most likely unsuccessful import attempt
  errors.
* Mostly draws on the file error and no data import statuses for
  errors, with a couple of exceptions.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-06-17 14:35:20 +10:00
Ben McGinnes
0e762608ef python bindings: core key import
* The foundation of a pythonic key import function authored by Jacob
  Adams.
* A unit testing script for the same function originally authored by
  Tobias Mueller
* Added DCO reference for Jacob Adams to the GPGME AUTHORS file.
* Additional details regarding this patch are available here:
  https://dev.gnupg.org/T4001

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-06-17 09:28:30 +10:00
Maximilian Krambach
3cd428ba44 js: import result feedback
--

* src/Keyring.js: Changed and documented the import result feedback
  towards the javascript side
2018-06-14 14:50:25 +02:00
Maximilian Krambach
3c783bd09c js: add verify and signature parsing
--

* src/gpgmejs.js:
  - Added verify method
  - Added verification results in decrypt (if signatures are present
    in the message)
  - Added a base64 option to decrypt

* src/Signature.js: Convenience class for verification results. Used
   for e.g. converting timestamps to javascript time, quick overall
   validity checks

* src/Keyring.js: removed debug code

* src/Errors.js add two new Signature errors
2018-06-14 12:15:51 +02:00
Maximilian Krambach
aed402c5d5 js: getDefaultKey and verify fix
--

* DemoExtension/maindemo.js - added a Demo for retrieving the default
  signing key

* src/Errors.js - add a new Error if no default key can be determined

* src/Key.js added documentation and a TODO marker for hasSecret.

* src/Keyring.js implemented getDefaultKey

* src/permittedOperations.js: Added missing entry for verify,
    added config_opt
2018-06-13 15:22:03 +02:00
Maximilian Krambach
d0fc4ded58 js: less confusing icons for test/Demo extension
--
* The current test icon was just a generic pin. Changed that by the
  gnupg lock symbol with 'Demo'/'Tests' written on it. Original taken
  from gnupg artwork/icons/lock-wing.svg.
2018-06-13 11:49:37 +02:00
Maximilian Krambach
e154554e9a js: removed config
--

* There is no use for a configuration at the moment, and it seems
  improbable that this use will arise.
2018-06-11 15:10:43 +02:00