Commit Graph

529 Commits

Author SHA1 Message Date
Andre Heinecke
a2458806f8
core: Add gpg auditlog to get diagnostics
* src/engine-gpg.c (engine_gpg): Add diagnostics member.
(gpg_release): Release diagnostics data.
(gpg_new): Set up logger-fd and diagnostics.
(gpg_getauditlog): New. Copy diagnostics to a user data.
(engine_ops): Add getauditlog.
* src/engine-gpgsm.c (gpgsm_getauditlog): Return not implemented
for GPGME_AUDITLOG_DIAG.
* src/getauditlog.c (getauditlog_start): Don't reset engine
for diagnostics.
* src/gpgme.h.in (GPGME_AUDITLOG_DIAG): New.
(GPGME_AUDITLOG_DEFAULT): New alias to 0.
* tests/run-decrypt.c (show_usage, main): Add --diagnostics.
* doc/gpgme.texi(Additional Logs): Document getauditlog.

--
This enables users of GPGME to get more verbose information
from gpg which can assist users in figuring out a problem
that was before hidden behind a generalized error like
"Decryption Failed".

For GPGSM it is not yet available as it is problematic to
get it properly in server mode and GPGSM already had the
original audit log mechanism in place.

GPGME_AUDITLOG_DEFAULT was added for a more explicit
documentation.
2018-07-05 11:29:36 +02:00
Andre Heinecke
76b8470915
json: Add keylist mode locate
* src/gpgme-json.c (op_keylist, hlp_keylist): Add locate.

--
The same rationale for the KEYLIST_MODE_LOCATE in GPGME
also applies here. It makes the API a little less magic.
2018-07-04 11:14:44 +02:00
Andre Heinecke
d8beab30c4
json: Add file handling for debug output
* src/gpgme-json.c (main): Add possibilty to set log file.

--
This is similar to how GPGME_DEBUG works. It takes ; on
Windows as seperator and : on linux. Followed by a file name.

For Linux it might make sense to use a different seperator
to allow setting a socket explicitly. But this is better
in line with the current GPGME_DEBUG behavior.

The change helps on Windows where we don't have a
log socket.
2018-06-20 10:50:17 +02:00
Andre Heinecke
54146d90dd
json: Return fingerprint as createkey result
* src/gpgme-json.c (op_createkey): Return fingerprint of new key.
2018-06-08 14:52:41 +02:00
Andre Heinecke
6c74a59e88
json: Add op_createkey
* src/gpgme-json.c (hlp_createkey, op_createkey): New.
(process_request, hlp_help): Add it.

--
This uses an unrestricted context for now until

GnuPG-Bug-Id: T4010
is implemented in GnuPG.
2018-06-08 13:55:21 +02:00
Andre Heinecke
af8510fb7f
json: Generalize chunking and getmore
* src/gpgme-json.c (MIN_REPLY_CHUNK_SIZE): Lower value to
new real minimum.
(DEF_REPLY_CHUNK_SIZE): Don't chunk by default.
(pending_data): Remove type and base64.
(make_data_object): Remove chunksize handling as this is now
generic.
(encode_and_chunk): Setup the pending_data buffer for chunking
if required.
(op_getmore): Changed to generically work on a response.
(hlp_getmore): Update accordingly.
(hlp_help): Document chunksize as generic parameter for all commands.
(process_request): Use encode_and_chunk on the response.
(hlp_encrypt, op_encrypt, hlp_decrypt, op_decrypt),
(hlp_verify, op_verify, hlp_sign, op_sign),
(op_keylist, hlp_keylist, hlp_export, op_export): Update accordingly.

--
To include handling for json properties e.g. in a keylist in
the chunk mechanism the mechanism is now more general.

If the chunksize property is provided the response will
always look exactly like a "getmore" response. E.g.

e.g.:
{
    "op": "keylist",
    "chunksize": 64
}
Results in:
{
   "more": true,
   "base64": true,
   "response": "ewoJImtleXMiOglbewoJCQkicmV2b2tlZCI6"
}

For simplicity this is even true if the chunksize is larger
then the response.

The client has to combine all "response" chunks and base64
decode them to get valid json.

The complete response (including json) is never larger then
the chunksize but might be smaller. Except for interactive
use due to additional format characters.
2018-06-08 10:29:59 +02:00
Andre Heinecke
e48f4a18f8
json: Rework verify_result_to_json
* src/gpgme-json.c (sigsum_to_json): Add bool repr.
(signature_to_json, verify_result_to_json): Extend and follow better
pattern.
(hlp_decrypt, hlp_verify): Expand doc.

--
This should make it more clear which values are mapped as
the naming is more direct and clear and help to use
the gpgme documentation to understand the verify_result values.
2018-06-07 16:07:59 +02:00
Andre Heinecke
906ea48df3
json: Add direct way to query a config option
* src/gpgme-json.c (op_config_opt, hlp_config_opt): New operation.
(process_request, hlp_help): Add it.

--
This is more conveniant API for most query operations where
a single option is required.

An example would be:
{
    "op": "config_opt",
    "component": "gpg",
    "option": "default-key"
}

Which results in:
{
   "option":       {
           "name": "default-key",
           "description":  "use NAME as default secret key",
           "argname":      "NAME",
           "flags":        0,
           "level":        0,
           "type": 1,
           "alt_type":     1,
           "value":        [{
                           "string":       "F462B6B1",
                           "is_none":      false
                   }]
   }
}
2018-06-07 11:42:47 +02:00
Andre Heinecke
7e18c7a07a
json: Add op_config to query gpgconf
* src/gpgme-json.c (op_config, hlp_config): New.
(hlp_help, process_request): Add config.
(conf_arg_to_json, conf_opt_to_json, conf_comp_to_json): New
helpers.
2018-06-07 11:26:48 +02:00
Werner Koch
2c4c569247
core: Return a better error code on certain decryption failures.
* src/decrypt.c (op_data_t): Add field first_status_error.
(parse_status_error): Set it.
(_gpgme_decrypt_status_handler): Prefer an ERROR code over a
NO_SECKEY.
--

GnuPG-bug-id: 3983
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-06 16:20:27 +02:00
Werner Koch
998fec8a4f
json: Allow to compile with libgpg-error < 1.28
* src/cJSON.c: Use gpgrt fucntion only if available.
--

We have a hack in gpgme-json to allow building with older libgpg-error
versions.  That whole thing will not work but the instead the binary
will print an error at runtime that it needs to be build with a newer
libgcrypt.  There was a little bug here for the Debian packages
libgpg-error versions which failed to build cJSON.  cJSON is only
needed be the full gpgme-json but nevertheless the Makefile wants to
build it.  The fix is straightforward.

GnuPG-bug-id: 3971
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-05 09:40:17 +02:00
Werner Koch
662604c5bc
core: New context flag "ignore-mdc-error".
* src/context.h (gpgme_context): Add field ignore_mdc_error.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Set/get it.
* src/engine-gpg.c (engine_gpg): Add flags.ignore_mdc_error.
(gpg_set_engine_flags): Set it.
(build_argv): Pass option to gpg.
* src/decrypt.c (_gpgme_decrypt_status_handler): Take care of flag.
(gpgme_op_decrypt_result): Clear flag.
(gpgme_op_decrypt): Clear flag.
* src/decrypt-verify.c (gpgme_op_decrypt_verify): Clear flag
(gpgme_op_decrypt_ext): Clear flag.

* tests/run-decrypt.c (show_usage): Add option --ignore-mdc-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 01:29:34 +02:00
Werner Koch
dd19cabe81
core: New decryption result flag 'legacy_cipher_nomdc'.
* src/gpgme.h.in (_gpgme_op_decrypt_result): Add flag
legacy_cipher_nomdc.
* src/decrypt.c (parse_status_error): Set this flag.
* tests/run-decrypt.c (print_result): print it.
(main): Print the result even on error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 01:01:08 +02:00
Werner Koch
e2aa38b56a
core: Remove cruft from the engine-gpg code.
* src/engine-gpg.c (read_status): Remove the handling of
GPGME_STATUS_END_STREAM; this was used only by the former experimental
--pipemode of gpg but that is not even anymore invoked here.
(struct engine_gpg): Remove cmd.linked_data and .linked_idx.
(build_argv): Remove code for linked_data.
(gpg_new): Ditto.
(gpg_set_command_handler): Remove arr linked_data.
* src/engine-backend.h (engine_ops): Remove arg data from
set_command_handler.
* src/engine.c (_gpgme_engine_set_command_handler): Remove arg
linked_data and adjust all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 00:13:53 +02:00
Werner Koch
2219fc19d5
core: Minor cleanup in engine-gpg and -gpgsm.
* src/engine-gpg.c: Remove errno.h.
(build_argv): Use gpg_error_from_syserror instead of ERRNO.
* src/engine-gpgsm.c: Remove errno.h.
(status_handler): Remove check for EINTR; gpgme_data_write already
handles EINTR.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 00:13:52 +02:00
Werner Koch
77166851f1
json: Fix compiler warning.
* src/gpgme-json.c (op_version): Mark request as unused.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-28 09:58:02 +02:00
Werner Koch
0de991fee0
json: Do not allow to export or delete secret keys.
* src/gpgme-json.c (op_export, op_delete): Return GPG_ERR_FORBIDDEN if
"secret" is used.
--

This should not be possible from a browser and we need to make this
fully clear.  Actually gpg-agent won't allow that anyway but having
this explicitly is better.

If that is ever needed a dedicated command line option may enable
this, for example when used by regular programs and not by the browser.
But that requires other changes as well.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-28 09:56:49 +02:00
Werner Koch
368f2d9db3
json: Fix use of get_context.
* src/gpgme-json.c (create_onetime_context): New.
(release_onetime_context): New.
(op_sign): Use the new fucntions to create a separate context.
(op_encrypt): Use a separate context for key listings.
(create_keylist_patterns): Remove unneeded cast.
--

get_context retruns a static per-process context and can thus not be
used as a separate context.  Use dedicated fucntions for this.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-28 09:53:32 +02:00
Andre Heinecke
7aa00917c7
json: Implement encrypt-sign
* src/gpgme-json.c (op_encrypt): Add optional signing_keys param.
(get_keys, create_keylist_patterns): Add param for json object name.

--
If the optional parameter signing_keys is provided to encrypt
it becomes an encrypt-sign operation.
2018-05-25 15:48:39 +02:00
Andre Heinecke
73dc5e933d
json: Implement delete command
* src/gpgme-json.c (op_delete): New.
(hlp_help, process_request): Add it.

--
As with import / export delete also does not work for
the browser origin.
2018-05-25 15:24:03 +02:00
Andre Heinecke
a1bbe7473a
json: Implement op_export
* src/gpgme-json.c (op_export): New.
(hlp_getmore, process_request): Add it.

--
Secret key export does not work with request-origin browser.
2018-05-25 14:52:51 +02:00
Andre Heinecke
897522527d
json: Fix double ctx alloc
* src/gpgme-json.c (op_keylist): Only get one ctx.
2018-05-25 14:50:59 +02:00
Andre Heinecke
10683b1a91
json: Add guard in create_keylist_patterns
* src/gpgme-json.c (create_keylist_patterns): Guard against
a string ending with a linbreak.
2018-05-25 14:50:20 +02:00
Andre Heinecke
1ff16dad59
json: Implement import operation
* src/gpgme-json.c (op_import): New.
(import_status_to_json, import_result_to_json): New.
(hlp_help, process_request): Add import.
2018-05-25 14:19:41 +02:00
Andre Heinecke
fe06929dee
json: Improve keylist help
* src/gpgme-json.c (hlp_keylist): Clarify doc about keys parameter.
2018-05-25 13:09:34 +02:00
Andre Heinecke
10724e363d
json: Fix keylist pattern handling
* src/gpgme-json.c (xfree_array): New helper.
(create_keylist_patterns): Convert keystring to gpgme patterns.
(op_sign, op_keylist): Use it.
2018-05-25 13:06:44 +02:00
Andre Heinecke
ed20936ce4
json: Add additional commands to help
* src/gpgme-json.c (hlp_help): Add additional commands.
2018-05-25 12:22:37 +02:00
Andre Heinecke
aa59f4970a
json: Refactor signature and ei code
* src/gpgme-json.c (add_summary_to_object): Changed to:
sigsum_to_json.
(add_signature_to_object): Changed to signature_to_json.
(add_signatures_to_object): Changed to verify_result_to_json.
(add_ei_to_object): Changed to engine_info_to_json.
(op_decrypt, op_verify, op_version): Use new functions.

--
This pattern of gpgme_type to json object conversion
is much cleaner then the error returning "add to object"
functions.
2018-05-25 12:17:46 +02:00
Andre Heinecke
546e3295ea
json: Implement keylist
* src/gpgme-json.c (xjson_AddStringToObject0)
(xjson_AddItemToObject): New helpers.
(sig_notation_to_json, key_sig_to_json, tofu_to_json)
(uid_to_json, subkey_to_json, key_to_json): New
GPGME to JSON functions.
(op_keylist): New.
(process_request): Add op_keylist.

--
The conversion from GPGME data structures to
JSON follow the same pattern for the keylist
functions using the xjson wrappers instead
of error checking every cJSON call.

For large keylists the keylist command also
needs a data / getmore handling somehow.
2018-05-25 11:56:32 +02:00
Andre Heinecke
a46c27b321
json: Deduplicate input handling code
* gpgme-json.c (get_string_data): New.
(op_verify, op_sign, op_decrypt, op_encrypt): Use it.

--
This handles the common base64 decoding and creation of the
gpgme_data object.
2018-05-25 11:56:32 +02:00
Andre Heinecke
9fca7c8406
json: Add code to gpg_error based messages
* src/gpgme-json.c (gpg_error_object): New.
(error_object_v): Extend to take error.

--
Having the error code is helpful, especially as
the strerrors are localized. E.g. to detect
an ERROR_CANCELED.
2018-05-24 16:35:42 +02:00
Andre Heinecke
61f4532ba9
json: Implement op_version
* src/gpgme-json.c (op_version): New.
(process_request): Extend for version.
(protocol_to_string, add_ei_to_object): New helpers.
2018-05-24 16:15:14 +02:00
Andre Heinecke
5fbf81c18b
json: Implement op_verify
* src/gpgme-json.c (op_verify): New.
(hlp_help): Add verify.
(process_request): Add verify.

--
Mostly works, except for detached, base64 encoded signatures,
they are somehow not yet written to gpgme.
2018-05-24 16:14:54 +02:00
Andre Heinecke
c679ed2477
json: Put signature info before data output
* src/gpgme-json.c (op_decrypt): Move info before data.

--
This should enable it to first parse signatures before
handling very large chunks of data.
2018-05-24 13:36:31 +02:00
Andre Heinecke
a6cd3a1197
json: Add sign to help
* src/gpgme-json.c (hlp_help): Add sign.
2018-05-24 13:31:15 +02:00
Andre Heinecke
1c0a55a608
json: Add op_sign
* src/gpgme-json.c (op_sign): New.
2018-05-24 13:29:23 +02:00
Andre Heinecke
b344933e4c
json: Fix invalid function call
* src/gpgme-json.c (add_signatures_to_object): Fix call to
xjson_CreateArray.

--
That is what happens if you edit code while reviewing changes,
without testing it again,..
2018-05-24 13:16:55 +02:00
Andre Heinecke
45036c3c4c
json: Print signatures for decrypt/verify
* gpgme-json.c (xJSON_CreateArray),
(add_summary_to_object, validity_to_string): New helpers.
(add_signature_to_object, add_signatures_to_object)
(add_signatures_object): New.
(op_decrypt): Handle verify_result.
(hlp_help): Mention decrypt.
2018-05-24 12:37:29 +02:00
Andre Heinecke
fd5e14660a
json: Minor typo fixes
* src/gpgme-json.c: Minor typo fixes.
2018-05-24 10:26:41 +02:00
Andre Heinecke
e04b8142df
core, w32: Add w64 handling for regkeys
* src/w32-util.c (_gpgme_get_gpg_path): Use new defines.
(GNUPG_REGKEY_2): x64 aware regkey as used by GnuPG in Gpg4win 2.x
(GNUPG_REGKEY_3): x64 aware regkey as used by GnuPG in Gpg4win 3.x
(_gpgme_get_gpgconf_path): Use new regkeys. Add another fallback.

--
This should fix more "unsupported protocol" issues if Gpg4win /
GnuPG is installed in a non standard path on 64bit systems.

The regkey handling is similar to that of gpgex and gpgol.

GnuPG-Bug-Id: T3988
2018-05-17 17:46:12 +02:00
Werner Koch
8a0c8c5251
core: Always fail if an OpenPG message is not integrity protected.
* src/decrypt.c (struct op_data_t): Add field not_integrity_protected.
(parse_decryption_info): Set this.  Also rename mode to aead_algo for
clarity.
(_gpgme_decrypt_status_handler): Force failure in case of a missing
MDC.
--

This extra check makes sure that a missing or stripped MDC in
 - gpg < 2.1
 - or gpg 2.2 with an old cipher algorithm
will lead to a decryption failure.  gpg 2.3 will always fail in this
case.  Implementing this check here and not backporting the 2.3 change
to 2.2 has the benefit that all GPGME using applications are protected
but scripts relying on rfc2440 (i.e. without MDC) will only break when
migrating to 2.3.

Note that S/MIME has no integrity protection mechanism but gpgsm
neither emits a DECRYPTION_INFO status line, so an error will not be
triggered.  If in the future gpgsm supports authenticated encryption
it may issue a DECRYPTION_INFO line to force a failure here but it
will in that case also emit a DECRYPTION_FAILED anyway.

GnuPG-bug-id: 3981
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-17 09:16:05 +02:00
Werner Koch
e54b110aec
json: Improve auto-base64 encoding to not split UTF-8 chars.
* src/gpgme-json.c (make_data_object): Switch to Base64 also for UTF-8
characters.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-09 16:41:05 +02:00
Werner Koch
e2a8a87bf9
core: Make the status-fd monitor work for all gpgsm commands.
* src/engine-gpgsm.c (status_handler): Call the status monitor also
here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-09 16:39:30 +02:00
Andre Heinecke
7706fa2c92
core: Do not modify args for ignored failures
* src/op-support.c (_gpgme_parse_failure): Ignore gpg-exit failures
before modifying args.

--
For op_decrypt_verify the status handler for both decrypt and
verify would parse the failure when the first parser ignored
the failure. This resulted in an ERR_INV_ENGINE as the first
call to parse_failure modified the args.

GnuPG-Bug-Id: T3919
2018-04-20 14:30:53 +02:00
Werner Koch
f779362ffb
core: Remove another debug output leftover.
* src/decrypt.c (_gpgme_decrypt_status_handler): Remove log debug.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-20 10:32:52 +02:00
Werner Koch
ab43d85b9a
json: Remove the -noinstall flag used during development.
* src/Makefile.am (gpgme-json_LDFLAGS): Remove.
--

Reported-by: Alon Bar-Lev <alon.barlev@gmail.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-19 16:20:27 +02:00
Werner Koch
b52a91f5a6
core: Remove leftover debug output.
* src/verify.c (_gpgme_verify_status_handler): Remove debug output.
--

Actually this is a real bug because it uses a debug function available
only in the new libgpg-error versions.  Time to call Jenkins back from
vacation; there are rumors that he has been seen in the city looking
for a new Ryzen tail coat.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-19 10:34:32 +02:00
Werner Koch
8e34a14fe6
json: Add stpcpy replacement.
* src/gpgme-json.c [!HAVE_STPCPY](_my_stpcpy): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 20:11:50 +02:00
Werner Koch
67b4dafb6d
doc: Update copyright years and change two URLs.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 19:30:50 +02:00
Werner Koch
1ae83de262
doc: Unify comment style in gpgme.h
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 19:28:51 +02:00