Commit Graph

550 Commits

Author SHA1 Message Date
Andre Heinecke
263dadb04a
json: Add proper decrypt_result_t handling
* src/gpgme-json.c (recipient_to_json, decrypt_result_to_json):
New.
(op_decrypt, hlp_decrypt): Update.

--
The op_decrypt as one of the first operations did not yet
match the current 1 <> 1 mapping of gpgme types to json
dictonaries.

info and dec_info are bad names but used for compatibility reasons.
2018-08-21 14:36:42 +02:00
Andre Heinecke
8103eeba80
json: Add subkey_algo and defaults to createkey
* src/gpgme-json.c (op_createkey, hlp_createkey): Add subkey_algo
handling.
(hlp_createkey): Fix documentation of expiry.
--
Due to the funny quick-gen-key interface generating a key
with an explicit algo would result in bad defaults (only an SC key),
without a subkey.

This adds handling that should probably be in GnuPG proper to fix
the semantics of createkey by adding default subkey_algo handling.
2018-08-20 16:38:36 +02:00
Andre Heinecke
4dd1d0abd3
json: Wipe memory in cJSON_Delete
* src/cJSON.c (cJSON_Delete): Wipe memory on deletion.
2018-08-08 14:27:24 +02:00
Andre Heinecke
fdc07b3ddc
json: Only use calloc instead of malloc
* src/cJSON.c, src/gpgme-json.c (CALLOC_ONLY): New define
to change xmalloc / xtrymalloc to use calloc.

--
Some people consider malloc dangerous as it might allow an
information leak.
2018-08-08 14:25:28 +02:00
Andre Heinecke
974a95db04
json: Add checks when skipping byte
* src/cJSON.c (parse_string, cJSON_Minify): Check for
terminating NULL byte when skipping the byte after a an escaped
quote.
2018-08-08 13:30:01 +02:00
Andre Heinecke
6e48bb0f1c
json: Don't error out if chunksize is omitted
* src/gpgme-json.c (encode_and_chunk): Don't error out
if no chunksize is provided.

--
This fixes 82e4b900a9 which
caused every call without chunksize to error out.
2018-08-08 09:49:51 +02:00
Werner Koch
5ef492c563
core: Clear all flags for a new data property.
* src/data.c (PROPERTY_TABLE_ALLOCATION_CHUNK): New.
(insert_into_property_table): Use it here.  Clear all flags.
--

Fixes-commit: 085cdeddef
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-19 20:38:21 +02:00
Werner Koch
085cdeddef
core: Blank out the plaintext after decryption failure.
* src/data.h (data_prop_t): New enum.
(struct gpgme_data): Add field propidx.
* src/data.c (property_t): New.
(property_table, property_table_size, property_table_lock): New.
(insert_into_property_table): New.
(remove_from_property_table): New.
(_gpgme_data_get_dserial): New.
(_gpgme_data_set_prop): New.
(_gpgme_data_get_prop): New.
(_gpgme_data_new): Connect new object to property_table.
(_gpgme_data_release): Remove from property_table.
(gpgme_data_read): With DATA_PROP_BLANKOUT set don't fill the buffer.
* src/data-mem.c (gpgme_data_release_and_get_mem): Likewise.
* src/decrypt.c (struct op_data): Add field plaintext_dserial.
(_gpgme_op_decrypt_init_result): Add arg plaintext and init new field.
(_gpgme_decrypt_status_handler): Set DATA_PROP_BLANKOUT on decryption
failure.
(_gpgme_decrypt_start): Pass PLAIN to the init function.
* src/decrypt-verify.c (decrypt_verify_start): Ditto.
* configure.ac: Check for stdint.h and bail out if uint64_t is not
available.
--

This is a best effort feature to not output plaintext after a
decryption failure (e.g. due to no or broken authenticated
encryption).  It always work when using a memory object and reading it
after the decryption but it can't work reliable when the user is
reading from the data object while the decryption process is still
running.

This is quite a large change because the data objects and the context
objects are allowed to be owned by different threads.  Thus a
synchronization is needed and we do this with a global table of all
data objects to which the context objects can do soft-linking via a
unique data object serial number.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-19 17:39:09 +02:00
Werner Koch
af2c74d6c0
json: Don't use strdup but the xtrystrdup wrapper.
* src/gpgme-json.c (create_keylist_patterns): Use CNT as first arg for
xcalloc.
(process_request): s/strdup/xtrystrdup/.
--

calloc takes two arguments so to be able to detect integer overflow.
Thus if we switch from malloc to calloc we should utilize that.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-19 09:53:37 +02:00
Werner Koch
f42cd70f18
core: New interface gpgme_data_new_from_estream.
* src/gpgme.h.in (gpgme_data_new_from_estream): New.
* src/data-estream.c: New.
* src/data.h (gpgme_data): New union member e_stream.
--

The estream functions (gpgrt_fopen et al.) are any waypart of the
required libgpg-error library and thus it makes sense to provide this
convenience interface.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-19 09:51:45 +02:00
Andre Heinecke
98a75a16cc
json: Fix memleak in native msging repl
* src/gpgme-json.c (native_messaging_repl): Free request and
response after each loop.

--
If we only accept once request we should not loop. If we loop
we should do it properly.
2018-07-18 13:15:02 +02:00
Andre Heinecke
6d7b4382c3
json: Ensure that native msging request is string
* src/gpgme-json.c (native_messaging_repl): Ensure that the
request is NULL terminated.

--
This avoids potential memory leaks and access to unmapped memory
in case the request was not terminated.
Other request functions use es_read_line which gurantees NULL
termination.
2018-07-18 13:06:08 +02:00
Andre Heinecke
82e4b900a9
json: Fix crash by ensuring response is never NULL
* src/gpgme-json.c (encode_and_chunk): Try to always
return at least an error.
(process_request): Double check that it does not return NULL.

--
If process_request returns NULL the following strlen on it
would crash.
2018-07-18 13:05:48 +02:00
Andre Heinecke
b78140daf7
json: Fix memory errors in create_keylist_patterns
* src/gpgme-json.c (create_keylist_patterns): Reserve two
pointers more then linefeeds.
(create_keylist_patterns): Fix loop to count linebreaks.
(create_keylist_patterns): Use calloc for good measure.

--
This fixes crashes and memory corruption as cnt did not
match i.
2018-07-18 12:57:51 +02:00
Andre Heinecke
1686e07e77
json: Fix crash on invalid json
* src/gpgme-json.c (process_request): Init res. Check for
json object before encode and chunk.

--
If json is invalid we can't read chunksize and would crash
in encode and chunk.
2018-07-16 19:47:11 +02:00
Andre Heinecke
cc21101a74
json: Fix uninitialized key unref in op_delete
* src/gpgme-json.c (op_delete): Init key.
2018-07-16 19:46:04 +02:00
Werner Koch
1933f5b805
json: Minor cleanups in cJSON.c
* src/cJSON.c: Add comments on the origin of the code.
(parse_string): Allocate an extra byte for safeness.
(cJSON_AddItemToArray): Allo ARRAY to be NULL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-16 14:42:30 +02:00
Werner Koch
013a7f47ab
json: Fix buffer overflow in cJSON.c
* src/cJSON.c (parse_string): Correctly detect bad hex.
--

The call to parse_hex4 checks that only hex digits follow and in the
error case returns 0.  However, by the time of the combined check for
an invalid value and the error PTR has already been set to the last
hex character and thus if the end-of-string or a quote character was
one of the bad hex digits the loop will miss the end of the string
which does not match with the simple buffer length allocation test at
the begin of the function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-16 12:37:06 +02:00
Andre Heinecke
6cc842c9aa
json: Add with-sec-fprs param to export
* src/gpgme-json.c (add_secret_fprs): New helper.
(op_export, hlp_export): Extend for with-sec fprs.

--
This is a request from Mailvelope, to import an export
they need the information for which keys from the export
a secret key is also available. For simplicity it is
much preferred to get this information in a single call
without the need to do and parse a keylisting additionally
in a second native-messaging call.

So we make it optional to include that info in the export.
2018-07-11 16:18:24 +02:00
Andre Heinecke
40471ec12f
json: Add with-secret without secret only
* src/gpgme-json.c (op_keylist, hlp_keylist): Add "with-secret"
as a flag to do a public keylist with secret information.
2018-07-09 11:36:28 +02:00
Andre Heinecke
7bc5d3c7e4
Add ctx flag for auto-key-locate
* src/context.h (gpgme_context): Add auto_key_locate.
* src/engine-gpg.c (engine_gpg): Add auto_key_locate.
(gpg_set_engine_flags, build_argv): Handle auto_key_locate.
(gpg_release): Free auto_key_locate.
* src/gpgme.c (gpgme_release): Free auto_key_locate.
(gpgme_get_ctx_flag, gpgme_set_ctx_flag): Handle auto-key-locate.
* doc/gpgme.texi: Document auto-key-locate flag.
* tests/run-keylist.c (show_usage, main): Add --from-wkd option.

--
This enables users of GPGME to control more fine grained what
auto-key-locate does.  Especially for WKD lookups / refreshes
can this be useful.

GnuPG-Bug-Id: T2917
Differential Revision: https://dev.gnupg.org/D463
2018-07-09 10:58:04 +02:00
Andre Heinecke
a2458806f8
core: Add gpg auditlog to get diagnostics
* src/engine-gpg.c (engine_gpg): Add diagnostics member.
(gpg_release): Release diagnostics data.
(gpg_new): Set up logger-fd and diagnostics.
(gpg_getauditlog): New. Copy diagnostics to a user data.
(engine_ops): Add getauditlog.
* src/engine-gpgsm.c (gpgsm_getauditlog): Return not implemented
for GPGME_AUDITLOG_DIAG.
* src/getauditlog.c (getauditlog_start): Don't reset engine
for diagnostics.
* src/gpgme.h.in (GPGME_AUDITLOG_DIAG): New.
(GPGME_AUDITLOG_DEFAULT): New alias to 0.
* tests/run-decrypt.c (show_usage, main): Add --diagnostics.
* doc/gpgme.texi(Additional Logs): Document getauditlog.

--
This enables users of GPGME to get more verbose information
from gpg which can assist users in figuring out a problem
that was before hidden behind a generalized error like
"Decryption Failed".

For GPGSM it is not yet available as it is problematic to
get it properly in server mode and GPGSM already had the
original audit log mechanism in place.

GPGME_AUDITLOG_DEFAULT was added for a more explicit
documentation.
2018-07-05 11:29:36 +02:00
Andre Heinecke
76b8470915
json: Add keylist mode locate
* src/gpgme-json.c (op_keylist, hlp_keylist): Add locate.

--
The same rationale for the KEYLIST_MODE_LOCATE in GPGME
also applies here. It makes the API a little less magic.
2018-07-04 11:14:44 +02:00
Andre Heinecke
d8beab30c4
json: Add file handling for debug output
* src/gpgme-json.c (main): Add possibilty to set log file.

--
This is similar to how GPGME_DEBUG works. It takes ; on
Windows as seperator and : on linux. Followed by a file name.

For Linux it might make sense to use a different seperator
to allow setting a socket explicitly. But this is better
in line with the current GPGME_DEBUG behavior.

The change helps on Windows where we don't have a
log socket.
2018-06-20 10:50:17 +02:00
Andre Heinecke
54146d90dd
json: Return fingerprint as createkey result
* src/gpgme-json.c (op_createkey): Return fingerprint of new key.
2018-06-08 14:52:41 +02:00
Andre Heinecke
6c74a59e88
json: Add op_createkey
* src/gpgme-json.c (hlp_createkey, op_createkey): New.
(process_request, hlp_help): Add it.

--
This uses an unrestricted context for now until

GnuPG-Bug-Id: T4010
is implemented in GnuPG.
2018-06-08 13:55:21 +02:00
Andre Heinecke
af8510fb7f
json: Generalize chunking and getmore
* src/gpgme-json.c (MIN_REPLY_CHUNK_SIZE): Lower value to
new real minimum.
(DEF_REPLY_CHUNK_SIZE): Don't chunk by default.
(pending_data): Remove type and base64.
(make_data_object): Remove chunksize handling as this is now
generic.
(encode_and_chunk): Setup the pending_data buffer for chunking
if required.
(op_getmore): Changed to generically work on a response.
(hlp_getmore): Update accordingly.
(hlp_help): Document chunksize as generic parameter for all commands.
(process_request): Use encode_and_chunk on the response.
(hlp_encrypt, op_encrypt, hlp_decrypt, op_decrypt),
(hlp_verify, op_verify, hlp_sign, op_sign),
(op_keylist, hlp_keylist, hlp_export, op_export): Update accordingly.

--
To include handling for json properties e.g. in a keylist in
the chunk mechanism the mechanism is now more general.

If the chunksize property is provided the response will
always look exactly like a "getmore" response. E.g.

e.g.:
{
    "op": "keylist",
    "chunksize": 64
}
Results in:
{
   "more": true,
   "base64": true,
   "response": "ewoJImtleXMiOglbewoJCQkicmV2b2tlZCI6"
}

For simplicity this is even true if the chunksize is larger
then the response.

The client has to combine all "response" chunks and base64
decode them to get valid json.

The complete response (including json) is never larger then
the chunksize but might be smaller. Except for interactive
use due to additional format characters.
2018-06-08 10:29:59 +02:00
Andre Heinecke
e48f4a18f8
json: Rework verify_result_to_json
* src/gpgme-json.c (sigsum_to_json): Add bool repr.
(signature_to_json, verify_result_to_json): Extend and follow better
pattern.
(hlp_decrypt, hlp_verify): Expand doc.

--
This should make it more clear which values are mapped as
the naming is more direct and clear and help to use
the gpgme documentation to understand the verify_result values.
2018-06-07 16:07:59 +02:00
Andre Heinecke
906ea48df3
json: Add direct way to query a config option
* src/gpgme-json.c (op_config_opt, hlp_config_opt): New operation.
(process_request, hlp_help): Add it.

--
This is more conveniant API for most query operations where
a single option is required.

An example would be:
{
    "op": "config_opt",
    "component": "gpg",
    "option": "default-key"
}

Which results in:
{
   "option":       {
           "name": "default-key",
           "description":  "use NAME as default secret key",
           "argname":      "NAME",
           "flags":        0,
           "level":        0,
           "type": 1,
           "alt_type":     1,
           "value":        [{
                           "string":       "F462B6B1",
                           "is_none":      false
                   }]
   }
}
2018-06-07 11:42:47 +02:00
Andre Heinecke
7e18c7a07a
json: Add op_config to query gpgconf
* src/gpgme-json.c (op_config, hlp_config): New.
(hlp_help, process_request): Add config.
(conf_arg_to_json, conf_opt_to_json, conf_comp_to_json): New
helpers.
2018-06-07 11:26:48 +02:00
Werner Koch
2c4c569247
core: Return a better error code on certain decryption failures.
* src/decrypt.c (op_data_t): Add field first_status_error.
(parse_status_error): Set it.
(_gpgme_decrypt_status_handler): Prefer an ERROR code over a
NO_SECKEY.
--

GnuPG-bug-id: 3983
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-06 16:20:27 +02:00
Werner Koch
998fec8a4f
json: Allow to compile with libgpg-error < 1.28
* src/cJSON.c: Use gpgrt fucntion only if available.
--

We have a hack in gpgme-json to allow building with older libgpg-error
versions.  That whole thing will not work but the instead the binary
will print an error at runtime that it needs to be build with a newer
libgcrypt.  There was a little bug here for the Debian packages
libgpg-error versions which failed to build cJSON.  cJSON is only
needed be the full gpgme-json but nevertheless the Makefile wants to
build it.  The fix is straightforward.

GnuPG-bug-id: 3971
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-05 09:40:17 +02:00
Werner Koch
662604c5bc
core: New context flag "ignore-mdc-error".
* src/context.h (gpgme_context): Add field ignore_mdc_error.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Set/get it.
* src/engine-gpg.c (engine_gpg): Add flags.ignore_mdc_error.
(gpg_set_engine_flags): Set it.
(build_argv): Pass option to gpg.
* src/decrypt.c (_gpgme_decrypt_status_handler): Take care of flag.
(gpgme_op_decrypt_result): Clear flag.
(gpgme_op_decrypt): Clear flag.
* src/decrypt-verify.c (gpgme_op_decrypt_verify): Clear flag
(gpgme_op_decrypt_ext): Clear flag.

* tests/run-decrypt.c (show_usage): Add option --ignore-mdc-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 01:29:34 +02:00
Werner Koch
dd19cabe81
core: New decryption result flag 'legacy_cipher_nomdc'.
* src/gpgme.h.in (_gpgme_op_decrypt_result): Add flag
legacy_cipher_nomdc.
* src/decrypt.c (parse_status_error): Set this flag.
* tests/run-decrypt.c (print_result): print it.
(main): Print the result even on error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 01:01:08 +02:00
Werner Koch
e2aa38b56a
core: Remove cruft from the engine-gpg code.
* src/engine-gpg.c (read_status): Remove the handling of
GPGME_STATUS_END_STREAM; this was used only by the former experimental
--pipemode of gpg but that is not even anymore invoked here.
(struct engine_gpg): Remove cmd.linked_data and .linked_idx.
(build_argv): Remove code for linked_data.
(gpg_new): Ditto.
(gpg_set_command_handler): Remove arr linked_data.
* src/engine-backend.h (engine_ops): Remove arg data from
set_command_handler.
* src/engine.c (_gpgme_engine_set_command_handler): Remove arg
linked_data and adjust all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 00:13:53 +02:00
Werner Koch
2219fc19d5
core: Minor cleanup in engine-gpg and -gpgsm.
* src/engine-gpg.c: Remove errno.h.
(build_argv): Use gpg_error_from_syserror instead of ERRNO.
* src/engine-gpgsm.c: Remove errno.h.
(status_handler): Remove check for EINTR; gpgme_data_write already
handles EINTR.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 00:13:52 +02:00
Werner Koch
77166851f1
json: Fix compiler warning.
* src/gpgme-json.c (op_version): Mark request as unused.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-28 09:58:02 +02:00
Werner Koch
0de991fee0
json: Do not allow to export or delete secret keys.
* src/gpgme-json.c (op_export, op_delete): Return GPG_ERR_FORBIDDEN if
"secret" is used.
--

This should not be possible from a browser and we need to make this
fully clear.  Actually gpg-agent won't allow that anyway but having
this explicitly is better.

If that is ever needed a dedicated command line option may enable
this, for example when used by regular programs and not by the browser.
But that requires other changes as well.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-28 09:56:49 +02:00
Werner Koch
368f2d9db3
json: Fix use of get_context.
* src/gpgme-json.c (create_onetime_context): New.
(release_onetime_context): New.
(op_sign): Use the new fucntions to create a separate context.
(op_encrypt): Use a separate context for key listings.
(create_keylist_patterns): Remove unneeded cast.
--

get_context retruns a static per-process context and can thus not be
used as a separate context.  Use dedicated fucntions for this.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-28 09:53:32 +02:00
Andre Heinecke
7aa00917c7
json: Implement encrypt-sign
* src/gpgme-json.c (op_encrypt): Add optional signing_keys param.
(get_keys, create_keylist_patterns): Add param for json object name.

--
If the optional parameter signing_keys is provided to encrypt
it becomes an encrypt-sign operation.
2018-05-25 15:48:39 +02:00
Andre Heinecke
73dc5e933d
json: Implement delete command
* src/gpgme-json.c (op_delete): New.
(hlp_help, process_request): Add it.

--
As with import / export delete also does not work for
the browser origin.
2018-05-25 15:24:03 +02:00
Andre Heinecke
a1bbe7473a
json: Implement op_export
* src/gpgme-json.c (op_export): New.
(hlp_getmore, process_request): Add it.

--
Secret key export does not work with request-origin browser.
2018-05-25 14:52:51 +02:00
Andre Heinecke
897522527d
json: Fix double ctx alloc
* src/gpgme-json.c (op_keylist): Only get one ctx.
2018-05-25 14:50:59 +02:00
Andre Heinecke
10683b1a91
json: Add guard in create_keylist_patterns
* src/gpgme-json.c (create_keylist_patterns): Guard against
a string ending with a linbreak.
2018-05-25 14:50:20 +02:00
Andre Heinecke
1ff16dad59
json: Implement import operation
* src/gpgme-json.c (op_import): New.
(import_status_to_json, import_result_to_json): New.
(hlp_help, process_request): Add import.
2018-05-25 14:19:41 +02:00
Andre Heinecke
fe06929dee
json: Improve keylist help
* src/gpgme-json.c (hlp_keylist): Clarify doc about keys parameter.
2018-05-25 13:09:34 +02:00
Andre Heinecke
10724e363d
json: Fix keylist pattern handling
* src/gpgme-json.c (xfree_array): New helper.
(create_keylist_patterns): Convert keystring to gpgme patterns.
(op_sign, op_keylist): Use it.
2018-05-25 13:06:44 +02:00
Andre Heinecke
ed20936ce4
json: Add additional commands to help
* src/gpgme-json.c (hlp_help): Add additional commands.
2018-05-25 12:22:37 +02:00
Andre Heinecke
aa59f4970a
json: Refactor signature and ei code
* src/gpgme-json.c (add_summary_to_object): Changed to:
sigsum_to_json.
(add_signature_to_object): Changed to signature_to_json.
(add_signatures_to_object): Changed to verify_result_to_json.
(add_ei_to_object): Changed to engine_info_to_json.
(op_decrypt, op_verify, op_version): Use new functions.

--
This pattern of gpgme_type to json object conversion
is much cleaner then the error returning "add to object"
functions.
2018-05-25 12:17:46 +02:00
Andre Heinecke
546e3295ea
json: Implement keylist
* src/gpgme-json.c (xjson_AddStringToObject0)
(xjson_AddItemToObject): New helpers.
(sig_notation_to_json, key_sig_to_json, tofu_to_json)
(uid_to_json, subkey_to_json, key_to_json): New
GPGME to JSON functions.
(op_keylist): New.
(process_request): Add op_keylist.

--
The conversion from GPGME data structures to
JSON follow the same pattern for the keylist
functions using the xjson wrappers instead
of error checking every cJSON call.

For large keylists the keylist command also
needs a data / getmore handling somehow.
2018-05-25 11:56:32 +02:00