Commit Graph

2639 Commits

Author SHA1 Message Date
Andre Heinecke
31bc51e2af
doc: More explicit doc for EXTERN and LOCAL modes.
* doc/gpgme.texi (GPGME_KEYLIST_MODE_EXTERN),
(GPGME_KEYLIST_MODE_LOCATE, GPGME_KEYLIST_MODE_LOCAL): Mention
command line flags for CMS and OpenPGP Protocol.

--
This might help new users coming to gnupg to understand what
the flags do.
2018-07-09 11:10:19 +02:00
Andre Heinecke
7bc5d3c7e4
Add ctx flag for auto-key-locate
* src/context.h (gpgme_context): Add auto_key_locate.
* src/engine-gpg.c (engine_gpg): Add auto_key_locate.
(gpg_set_engine_flags, build_argv): Handle auto_key_locate.
(gpg_release): Free auto_key_locate.
* src/gpgme.c (gpgme_release): Free auto_key_locate.
(gpgme_get_ctx_flag, gpgme_set_ctx_flag): Handle auto-key-locate.
* doc/gpgme.texi: Document auto-key-locate flag.
* tests/run-keylist.c (show_usage, main): Add --from-wkd option.

--
This enables users of GPGME to control more fine grained what
auto-key-locate does.  Especially for WKD lookups / refreshes
can this be useful.

GnuPG-Bug-Id: T2917
Differential Revision: https://dev.gnupg.org/D463
2018-07-09 10:58:04 +02:00
Ben McGinnes
cacca62d06 python bindings: howto examples
* Made sure all example scripts meet PEP8 compliance.
* Required fixing approx. a dozen of them in minor ways.
2018-07-08 03:40:35 +10:00
Andre Heinecke
66c2a99422
qt: Handle OpenPGP Diagnostic log
* lang/qt/src/threadedjobmixin.cpp (_detail::audit_log_as_html):
Handle OpenPGP audit log differently.
2018-07-05 11:29:36 +02:00
Andre Heinecke
629afebe50
cpp: Add enum mapping for GPGME_AUDIT_LOG_DIAG
* src/context.cpp (to_auditlog_flags): Map DIAG value.
* src/context.h (AuditLogFlags): Add it.
2018-07-05 11:29:36 +02:00
Andre Heinecke
a2458806f8
core: Add gpg auditlog to get diagnostics
* src/engine-gpg.c (engine_gpg): Add diagnostics member.
(gpg_release): Release diagnostics data.
(gpg_new): Set up logger-fd and diagnostics.
(gpg_getauditlog): New. Copy diagnostics to a user data.
(engine_ops): Add getauditlog.
* src/engine-gpgsm.c (gpgsm_getauditlog): Return not implemented
for GPGME_AUDITLOG_DIAG.
* src/getauditlog.c (getauditlog_start): Don't reset engine
for diagnostics.
* src/gpgme.h.in (GPGME_AUDITLOG_DIAG): New.
(GPGME_AUDITLOG_DEFAULT): New alias to 0.
* tests/run-decrypt.c (show_usage, main): Add --diagnostics.
* doc/gpgme.texi(Additional Logs): Document getauditlog.

--
This enables users of GPGME to get more verbose information
from gpg which can assist users in figuring out a problem
that was before hidden behind a generalized error like
"Decryption Failed".

For GPGSM it is not yet available as it is problematic to
get it properly in server mode and GPGSM already had the
original audit log mechanism in place.

GPGME_AUDITLOG_DEFAULT was added for a more explicit
documentation.
2018-07-05 11:29:36 +02:00
Andre Heinecke
7d65dc2a5c
cpp: Fix memory of DecryptionResult::symkeyAlgo
* lang/cpp/src/decryptionresult.cpp (Private, ~Private): strdup
the symkey algo.
2018-07-04 12:17:43 +02:00
Andre Heinecke
76b8470915
json: Add keylist mode locate
* src/gpgme-json.c (op_keylist, hlp_keylist): Add locate.

--
The same rationale for the KEYLIST_MODE_LOCATE in GPGME
also applies here. It makes the API a little less magic.
2018-07-04 11:14:44 +02:00
Ben McGinnes
5bca499750 python bindings: scheming serpents
* Apparently I am wrong and Scheme is the new Python after all.
* Non-import related PEP8 compliance must wait for another day, though
  the other PEP8 fixes remain.
2018-07-02 05:05:09 +10:00
Ben McGinnes
789ea1b019 python bindings: gpg.core
* Changed id/else statements to a more pythonic form from scheme
  masquerading as python - sorry Justus, it had to go ;).
* With the added bonus of enabling PEP8 compliance in those sections.
* Fixed remaining PEP8 compliance issues with the exception of the
  imports at the beginning of the file (changing those will break the
  entire module, so we'll cope with it as it is).
2018-07-02 03:55:19 +10:00
Ben McGinnes
35e29e1395 m4 update: python 3.7
* Fixed an error in arcane m4 syntax.
2018-06-29 14:52:37 +10:00
Ben McGinnes
43a2b57545 python bindings: python 3.7
* Bindings confirmed to work with the newly released 3.7.0.
* Updated M4 file to reflect this change and correct the Python binary
  search order (3.7 is not yet given priority, but will still be found
  first via the more generic python3 executable).
* Updated setup.py.in, bindings documentation and README to reflect this.
2018-06-29 14:26:30 +10:00
Ben McGinnes
48174b2bcc whitespace police:
* There's always one or, in this case, two.
2018-06-28 18:51:47 +10:00
Ben McGinnes
6aec7d6e4a docs: python bindings howto
* Updated official doc (the org-mode file) with the instructions on
  importing and exporting both public and secret keys.
2018-06-28 18:51:47 +10:00
Ben McGinnes
a7ccdc51ef python bindings examples
* Added a secret key export variant which saves output as both GPG
  binary and ASCII armoured, plus saves in $GNUPGHOME and uses
  multiple methods of determining what that location is.
2018-06-28 18:51:47 +10:00
Ben McGinnes
7fc7e80e54 python bindings examples
* Added a key import variant which accesses the SKS keyservers in a
  RESTful fashion and then imports or attempts to import the response.
2018-06-28 18:51:47 +10:00
Ben McGinnes
0d163a7d12 python bindings examples: three export scripts
* Example of default exporting keys.
* Example of exporting minimised keys.
* Example of exporting secret keys to a file with correct permissions.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-06-28 18:51:47 +10:00
Ben McGinnes
4251cae34d python bindings: import example
* Added an example script for importing a key from a file (either
  ASCII armoured or not).
2018-06-28 18:51:47 +10:00
Ben McGinnes
a5b91b21f5 python bindings: export secret keys
* The holy grail: a function to export secret keys.
* GPGME will still invoke pinentry and gpg-agent as usual to authorise
  the export.
* Mostly similar to the two previous export functions for public keys
  except that it will return None if the result had a length of zero
  bytes.  Meaning that the difference between the specified pattern
  (if any) not matching available keys and an incorrect passphrase is
  not able to be determined from this function (or the underlying one
  for that matter).

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-06-28 18:51:47 +10:00
Ben McGinnes
7faef33d13 python bindings: export public keys
* Updated key_export and key_export_minimal to return None where a
  pattern matched no keys in a manner simnilar to the possible result
  of key_export_secret.
2018-06-28 18:51:47 +10:00
Ben McGinnes
89c548efdf python bindings: export public keys
* Added functions for exporting public keys to gpg.core in both
  complete form and in minimised form.
* Rather than letting people need to worry about the export modes we
  are simply separating the functions as people would be more familiar
  with from the command line usage anyway.
* Functions added for Context are: ctx.key_export_minimal and
  ctx.key_export as the default or full export.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-06-28 18:48:05 +10:00
Andre Heinecke
d8beab30c4
json: Add file handling for debug output
* src/gpgme-json.c (main): Add possibilty to set log file.

--
This is similar to how GPGME_DEBUG works. It takes ; on
Windows as seperator and : on linux. Followed by a file name.

For Linux it might make sense to use a different seperator
to allow setting a socket explicitly. But this is better
in line with the current GPGME_DEBUG behavior.

The change helps on Windows where we don't have a
log socket.
2018-06-20 10:50:17 +02:00
Ben McGinnes
19c5267f86 python bindings: core import statements
* Fixed the bit I broke while fixing the PEP8 compliance issues.
2018-06-17 22:42:43 +10:00
Ben McGinnes
a5b24ae46c python bindings: core — PEP8 compliance
* Fixed most of the PEP8 errors in core.py
* Those remaining may need more than little edits and are a bit
  strange (too clearly the result of a programmer who has spent far
  too much time dealing with Lisp so that for Python it looks
  ... strange).
2018-06-17 15:58:44 +10:00
Ben McGinnes
5a80e75500 python bindings: core - key import
* Wrapped the key import function in the try/exception statements
  needed to catch at least the most likely unsuccessful import attempt
  errors.
* Mostly draws on the file error and no data import statuses for
  errors, with a couple of exceptions.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-06-17 14:35:20 +10:00
Ben McGinnes
0e762608ef python bindings: core key import
* The foundation of a pythonic key import function authored by Jacob
  Adams.
* A unit testing script for the same function originally authored by
  Tobias Mueller
* Added DCO reference for Jacob Adams to the GPGME AUTHORS file.
* Additional details regarding this patch are available here:
  https://dev.gnupg.org/T4001

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-06-17 09:28:30 +10:00
Ben McGinnes
92cd060f5e script: groups.py
* Added check for if it is run on a Windows system so that the correct
  binary filename is invoked.
2018-06-11 01:03:58 +10:00
Andre Heinecke
8dff414e17
cpp: Add proper gpgme_op_createkey
* lang/cpp/src/context.cpp, lang/cpp/src/context.h
(Context::createKeyEx): New.

--
The createKeyEx function follows the usual pattern that the
synchronous call returns a result directly while for the
async an extra call is neccessary.
2018-06-08 16:19:47 +02:00
Andre Heinecke
54146d90dd
json: Return fingerprint as createkey result
* src/gpgme-json.c (op_createkey): Return fingerprint of new key.
2018-06-08 14:52:41 +02:00
Andre Heinecke
6c74a59e88
json: Add op_createkey
* src/gpgme-json.c (hlp_createkey, op_createkey): New.
(process_request, hlp_help): Add it.

--
This uses an unrestricted context for now until

GnuPG-Bug-Id: T4010
is implemented in GnuPG.
2018-06-08 13:55:21 +02:00
Andre Heinecke
af8510fb7f
json: Generalize chunking and getmore
* src/gpgme-json.c (MIN_REPLY_CHUNK_SIZE): Lower value to
new real minimum.
(DEF_REPLY_CHUNK_SIZE): Don't chunk by default.
(pending_data): Remove type and base64.
(make_data_object): Remove chunksize handling as this is now
generic.
(encode_and_chunk): Setup the pending_data buffer for chunking
if required.
(op_getmore): Changed to generically work on a response.
(hlp_getmore): Update accordingly.
(hlp_help): Document chunksize as generic parameter for all commands.
(process_request): Use encode_and_chunk on the response.
(hlp_encrypt, op_encrypt, hlp_decrypt, op_decrypt),
(hlp_verify, op_verify, hlp_sign, op_sign),
(op_keylist, hlp_keylist, hlp_export, op_export): Update accordingly.

--
To include handling for json properties e.g. in a keylist in
the chunk mechanism the mechanism is now more general.

If the chunksize property is provided the response will
always look exactly like a "getmore" response. E.g.

e.g.:
{
    "op": "keylist",
    "chunksize": 64
}
Results in:
{
   "more": true,
   "base64": true,
   "response": "ewoJImtleXMiOglbewoJCQkicmV2b2tlZCI6"
}

For simplicity this is even true if the chunksize is larger
then the response.

The client has to combine all "response" chunks and base64
decode them to get valid json.

The complete response (including json) is never larger then
the chunksize but might be smaller. Except for interactive
use due to additional format characters.
2018-06-08 10:29:59 +02:00
Andre Heinecke
e48f4a18f8
json: Rework verify_result_to_json
* src/gpgme-json.c (sigsum_to_json): Add bool repr.
(signature_to_json, verify_result_to_json): Extend and follow better
pattern.
(hlp_decrypt, hlp_verify): Expand doc.

--
This should make it more clear which values are mapped as
the naming is more direct and clear and help to use
the gpgme documentation to understand the verify_result values.
2018-06-07 16:07:59 +02:00
Andre Heinecke
906ea48df3
json: Add direct way to query a config option
* src/gpgme-json.c (op_config_opt, hlp_config_opt): New operation.
(process_request, hlp_help): Add it.

--
This is more conveniant API for most query operations where
a single option is required.

An example would be:
{
    "op": "config_opt",
    "component": "gpg",
    "option": "default-key"
}

Which results in:
{
   "option":       {
           "name": "default-key",
           "description":  "use NAME as default secret key",
           "argname":      "NAME",
           "flags":        0,
           "level":        0,
           "type": 1,
           "alt_type":     1,
           "value":        [{
                           "string":       "F462B6B1",
                           "is_none":      false
                   }]
   }
}
2018-06-07 11:42:47 +02:00
Andre Heinecke
7e18c7a07a
json: Add op_config to query gpgconf
* src/gpgme-json.c (op_config, hlp_config): New.
(hlp_help, process_request): Add config.
(conf_arg_to_json, conf_opt_to_json, conf_comp_to_json): New
helpers.
2018-06-07 11:26:48 +02:00
Ben McGinnes
a3a08584d6 examples: python howto
* Uses the groups module to prepare a list of recipients and encrypt
  to those.
* The main version (encrypt-to-group.py) tries to check for invalid
  recipients, but still falls back to always trust for the second
  encryption attempt.
* The gullible version doesn't try pruning the recipient list at all,
  it just tries to encrypt and if it fails, switches straight to
  always trust.
* The trustno1 version doesn't use the always trust model at all and
  only attempts pruning the list of invalid recipients.
2018-06-07 15:06:20 +10:00
Werner Koch
2c4c569247
core: Return a better error code on certain decryption failures.
* src/decrypt.c (op_data_t): Add field first_status_error.
(parse_status_error): Set it.
(_gpgme_decrypt_status_handler): Prefer an ERROR code over a
NO_SECKEY.
--

GnuPG-bug-id: 3983
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-06 16:20:27 +02:00
Werner Koch
998fec8a4f
json: Allow to compile with libgpg-error < 1.28
* src/cJSON.c: Use gpgrt fucntion only if available.
--

We have a hack in gpgme-json to allow building with older libgpg-error
versions.  That whole thing will not work but the instead the binary
will print an error at runtime that it needs to be build with a newer
libgcrypt.  There was a little bug here for the Debian packages
libgpg-error versions which failed to build cJSON.  cJSON is only
needed be the full gpgme-json but nevertheless the Makefile wants to
build it.  The fix is straightforward.

GnuPG-bug-id: 3971
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-05 09:40:17 +02:00
Ben McGinnes
897423422b docs: python bindings howto
* Another attempt at fixing the org-mode version.
* A proof reader ascertained there were tabs in it instead of whitespace.
* Stripped the lot out and replaced with standard 4 spaces, fixed
  every incorrect example ... and it still breaks upon save and/or export.
* Added the reference to the mutt-groups.py script to demonstrate the
  groups.py module/code.
2018-06-03 00:46:46 +10:00
Ben McGinnes
e144a6d706 Authors: DCO
* Added mine to the GPGME AUTHORS file.  Mainly so I'm doing what I
  say myself when about to request another from someone ...  ;)
2018-06-02 17:15:40 +10:00
Andre Heinecke
00b027af86
cpp: Add gpgme_(get)set_ctx_flag
* NEWS: Mention API extensions.
* lang/cpp/src/context.cpp, lang/cpp/src/context.h
(Context::setFlag, Context::getFlag): New.
2018-06-01 11:10:45 +02:00
Andre Heinecke
d46768c960
cpp: Add legacy_cipher_nomdc
* lang/cpp/src/decryptionresult.cpp, lang/cpp/src/decryptionresult.h
(DecryptionResult::isLegacyCipherNoMDC): New.

--
2018-06-01 10:58:24 +02:00
Werner Koch
662604c5bc
core: New context flag "ignore-mdc-error".
* src/context.h (gpgme_context): Add field ignore_mdc_error.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Set/get it.
* src/engine-gpg.c (engine_gpg): Add flags.ignore_mdc_error.
(gpg_set_engine_flags): Set it.
(build_argv): Pass option to gpg.
* src/decrypt.c (_gpgme_decrypt_status_handler): Take care of flag.
(gpgme_op_decrypt_result): Clear flag.
(gpgme_op_decrypt): Clear flag.
* src/decrypt-verify.c (gpgme_op_decrypt_verify): Clear flag
(gpgme_op_decrypt_ext): Clear flag.

* tests/run-decrypt.c (show_usage): Add option --ignore-mdc-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 01:29:34 +02:00
Werner Koch
dd19cabe81
core: New decryption result flag 'legacy_cipher_nomdc'.
* src/gpgme.h.in (_gpgme_op_decrypt_result): Add flag
legacy_cipher_nomdc.
* src/decrypt.c (parse_status_error): Set this flag.
* tests/run-decrypt.c (print_result): print it.
(main): Print the result even on error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 01:01:08 +02:00
Werner Koch
e2aa38b56a
core: Remove cruft from the engine-gpg code.
* src/engine-gpg.c (read_status): Remove the handling of
GPGME_STATUS_END_STREAM; this was used only by the former experimental
--pipemode of gpg but that is not even anymore invoked here.
(struct engine_gpg): Remove cmd.linked_data and .linked_idx.
(build_argv): Remove code for linked_data.
(gpg_new): Ditto.
(gpg_set_command_handler): Remove arr linked_data.
* src/engine-backend.h (engine_ops): Remove arg data from
set_command_handler.
* src/engine.c (_gpgme_engine_set_command_handler): Remove arg
linked_data and adjust all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 00:13:53 +02:00
Werner Koch
2219fc19d5
core: Minor cleanup in engine-gpg and -gpgsm.
* src/engine-gpg.c: Remove errno.h.
(build_argv): Use gpg_error_from_syserror instead of ERRNO.
* src/engine-gpgsm.c: Remove errno.h.
(status_handler): Remove check for EINTR; gpgme_data_write already
handles EINTR.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 00:13:52 +02:00
Andre Heinecke
618aa7f08d
cpp: Add gpgme_data_rewind to cpp API
* lang/cpp/src/data.h, lang/cpp/src/data.cpp (Data::rewind): New.
* lang/qt/tests/t-various.cpp (testDataRewind): Test it.

--
The advantage of this convieniance function in GPGME is that
it avoids the messiness that are declarations with off_t.

GnuPG-Bug-Id: T3996
2018-05-29 09:19:50 +02:00
Werner Koch
77166851f1
json: Fix compiler warning.
* src/gpgme-json.c (op_version): Mark request as unused.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-28 09:58:02 +02:00
Werner Koch
0de991fee0
json: Do not allow to export or delete secret keys.
* src/gpgme-json.c (op_export, op_delete): Return GPG_ERR_FORBIDDEN if
"secret" is used.
--

This should not be possible from a browser and we need to make this
fully clear.  Actually gpg-agent won't allow that anyway but having
this explicitly is better.

If that is ever needed a dedicated command line option may enable
this, for example when used by regular programs and not by the browser.
But that requires other changes as well.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-28 09:56:49 +02:00
Werner Koch
368f2d9db3
json: Fix use of get_context.
* src/gpgme-json.c (create_onetime_context): New.
(release_onetime_context): New.
(op_sign): Use the new fucntions to create a separate context.
(op_encrypt): Use a separate context for key listings.
(create_keylist_patterns): Remove unneeded cast.
--

get_context retruns a static per-process context and can thus not be
used as a separate context.  Use dedicated fucntions for this.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-28 09:53:32 +02:00
Andre Heinecke
7aa00917c7
json: Implement encrypt-sign
* src/gpgme-json.c (op_encrypt): Add optional signing_keys param.
(get_keys, create_keylist_patterns): Add param for json object name.

--
If the optional parameter signing_keys is provided to encrypt
it becomes an encrypt-sign operation.
2018-05-25 15:48:39 +02:00