Commit Graph

125 Commits

Author SHA1 Message Date
Werner Koch
7b861945fd
core: add experimental GPGME_EXPORT_MODE_NOUID.
* src/gpgme.h.in (GPGME_EXPORT_MODE_NOUID): New.
* src/export.c (export_start): Adjust option check.
* src/engine-gpg.c (export_common): Implement option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-02 11:18:00 +02:00
Werner Koch
dcdabf5f2e
python: Silence a few warnings.
* src/gpgme.h.in: Obsolete "class" also for Python.
* lang/python/gpgme.i: Silenece a swig warning.  Silence a gcc
warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-09-20 17:45:07 +02:00
Werner Koch
702566b36c
doc: Add warning that FILE_NAME is not part of the signed data.
--
2018-08-27 11:43:02 +02:00
Werner Koch
f42cd70f18
core: New interface gpgme_data_new_from_estream.
* src/gpgme.h.in (gpgme_data_new_from_estream): New.
* src/data-estream.c: New.
* src/data.h (gpgme_data): New union member e_stream.
--

The estream functions (gpgrt_fopen et al.) are any waypart of the
required libgpg-error library and thus it makes sense to provide this
convenience interface.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-19 09:51:45 +02:00
Andre Heinecke
a2458806f8
core: Add gpg auditlog to get diagnostics
* src/engine-gpg.c (engine_gpg): Add diagnostics member.
(gpg_release): Release diagnostics data.
(gpg_new): Set up logger-fd and diagnostics.
(gpg_getauditlog): New. Copy diagnostics to a user data.
(engine_ops): Add getauditlog.
* src/engine-gpgsm.c (gpgsm_getauditlog): Return not implemented
for GPGME_AUDITLOG_DIAG.
* src/getauditlog.c (getauditlog_start): Don't reset engine
for diagnostics.
* src/gpgme.h.in (GPGME_AUDITLOG_DIAG): New.
(GPGME_AUDITLOG_DEFAULT): New alias to 0.
* tests/run-decrypt.c (show_usage, main): Add --diagnostics.
* doc/gpgme.texi(Additional Logs): Document getauditlog.

--
This enables users of GPGME to get more verbose information
from gpg which can assist users in figuring out a problem
that was before hidden behind a generalized error like
"Decryption Failed".

For GPGSM it is not yet available as it is problematic to
get it properly in server mode and GPGSM already had the
original audit log mechanism in place.

GPGME_AUDITLOG_DEFAULT was added for a more explicit
documentation.
2018-07-05 11:29:36 +02:00
Werner Koch
dd19cabe81
core: New decryption result flag 'legacy_cipher_nomdc'.
* src/gpgme.h.in (_gpgme_op_decrypt_result): Add flag
legacy_cipher_nomdc.
* src/decrypt.c (parse_status_error): Set this flag.
* tests/run-decrypt.c (print_result): print it.
(main): Print the result even on error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 01:01:08 +02:00
Werner Koch
67b4dafb6d
doc: Update copyright years and change two URLs.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 19:30:50 +02:00
Werner Koch
1ae83de262
doc: Unify comment style in gpgme.h
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 19:28:51 +02:00
Werner Koch
55e9a94680
core: New convenience constant GPGME_KEYLIST_MODE_LOCATE.
* src/gpgme.h.in (GPGME_KEYLIST_MODE_LOCATE): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 17:59:29 +02:00
Werner Koch
65479fe7b8
core: Add 'is_mime' flags to the verify and decrypt results.
* src/op-support.c (_gpgme_parse_plaintext): Add arg r_mime.
* src/decrypt.c (_gpgme_decrypt_status_handler): Ser mime flag.
* src/verify.c (_gpgme_verify_status_handler): Ditto.
* src/gpgme.h.in (gpgme_op_verify_result_t): Append fields 'is_mime'
and '_unused'.
(gpgme_op_decrypt_result_t): New field 'is_mime'.  Shrink '_unused'.

* tests/run-decrypt.c (print_result): Print MIME flag.
* tests/run-verify.c (print_result): Ditto.
--

Note that this flag (Liternal Data packet's 'm' mode) is only
specified in RFC-4880bis.  To use it you currently need to add
"rfc4880bis" to the the gpg.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 15:20:35 +02:00
Werner Koch
01435da498
core: Extend decryption result with symkey_algo.
* src/gpgme.h.in (gpgme_op_decrypt_result_t): Add field 'symkey_algo'.
* src/decrypt.c (release_op_data): Free SYMKEY_ALGO.
(gpgme_op_decrypt_result): Make sure SYMKEY_ALGO is not NULL.
(parse_decryption_info): New.
(_gpgme_decrypt_status_handler): Parse DECRYPTION_INFO status.
* src/conversion.c (_gpgme_cipher_algo_name): New.
(_gpgme_cipher_mode_name): New.

* tests/run-decrypt.c (print_result): Print SYMKEY_ALGO

* src/util.h (_gpgme_map_gnupg_error): Remove obsolete prototype.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 13:48:56 +02:00
Werner Koch
86efba2be2
core: New encryption flag GPGME_ENCRYPT_WANT_ADDRESS.
* src/gpgme.h.in (GPGME_ENCRYPT_WANT_ADDRESS): New flag.
* src/engine-gpg.c (add_arg_recipient): New.
(add_arg_recipient_string): New.
(append_args_from_recipients): Call new helper function.
(append_args_from_recipients_string): Ditto.
* src/gpgme-json.c (op_encrypt): Add flag "want-address".
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 09:40:27 +02:00
Werner Koch
a1f76b3b54
core: Add extended versions of the encrypt functions.
* src/gpgme.h.in (gpgme_op_encrypt_ext_start) New.
(gpgme_op_encrypt_ext): New.
(gpgme_op_encrypt_sign_ext_start): New.
(gpgme_op_encrypt_sign_ext): New.
* src/libgpgme.vers, tests/run-encrypt.c: Add them.

* src/encrypt.c (encrypt_start): Add arg recpstring.
(gpgme_op_encrypt): Factor code out to ...
(gpgme_op_encrypt_ext): new function with new arg recpstring.
(gpgme_op_encrypt_start): Factor code out to ...
(gpgme_op_encrypt_ext_start): new function with new arg recpstring.
* src/encrypt-sign.c (encrypt_sign_start): Add arg recpstring.
(gpgme_op_encrypt_sign): Factor code out to ...
(gpgme_op_encrypt_sign_ext): new function with new arg recpstring.
(gpgme_op_encrypt_sign_start): Factor code out to ...
(gpgme_op_encrypt_sign_ext_start): new function with new arg
recpstring.

* src/engine-backend.h (struct engine_ops): Change fields encrypt and
encrypt_sign.
* src/engine.c (_gpgme_engine_op_encrypt): Add arg recpstring and pass
to engine.
(_gpgme_engine_op_encrypt_sign): Ditto.
* src/engine-gpg.c (append_args_from_recipients_string): New.
(gpg_encrypt): Add arg recpstring and call new function as needed.
(gpg_encrypt_sign): Ditto.
* src/engine-gpgsm.c (set_recipients_from_string): New.
(gpgsm_encrypt): Add arg recpstring and call new function as needed.
* src/engine-uiserver.c (set_recipients_from_string): New.
(uiserver_encrypt): Add arg recpstring and call new function as
needed.

* tests/run-encrypt.c (xstrdup): New.
(main): Add option --keystring.

* src/gpgme-json.c (get_keys): Simplify.
(op_encrypt): Modify to make use of the extended encrypt function.

--

This new feature can be used to avoid the need for a key lookup and
thus several extra calls to the backend.

Note that run-test uses a semicolon as delimiter because that make
testing the feature on the command line much easier.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 08:45:00 +02:00
Werner Koch
9e1e655483
core: Fix ABI regression in recent commit.
* src/gpgme.h.in (_gpgme_op_import_result): Move new field
'skipped_v3_keys' to the end.
--

The ABI break has not made it into a release.

Also document the new field.

Fixes-commit: a630a1e3e7
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-20 10:38:36 +01:00
Andre Heinecke
a630a1e3e7
core: Parse skipped_v3_keys
* src/gpgme.h.in (gpgme_import_result_t): Extend with skipped_v3_keys.
* src/import.c (gpgme_op_import_result): Extend debug with new field.
(parse_import_res): Parse skipped_v3_keys.
* tests/gpg/t-support.h, tests/run-support.h (print_import_result):
Print skipped_v3_keys.

--
This makes it possible to handle this in a GUI in a future
version.

GnuPG-Bug-Id: T3776
2018-03-15 16:23:18 +01:00
Andre Heinecke
201db83a7f
core, w32: Enable spawning GUI applications
* src/engine-spawn.c (engspawn_start): Translate spawn flag
to IOSPAWN flag.
* src/gpgme-w32spawn.c (my_spawn): Handle the new flag.
* src/gpgme.h.in (GPGME_SPAWN_SHOW_WINDOW): New.
* src/priv-io.h (IOSPAWN_FLAG_SHOW_WINDOW): New.

--
Used by GpgOL
2018-02-09 16:11:32 +01:00
Werner Koch
9bde9144f0
core: New public enum gpgme_keyorg_t.
* src/gpgme.h.in (gpgme_keyorg_t): New.
* src/keylist.c (parse_keyorg): New.
(keylist_colon_handler): Set key->ORIGIN.
--

This finally set the key origin value form data supplied by recent gpg
versions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-24 16:20:51 +02:00
Marcus Brinkmann
9f24e6c901 gpgconf: Add access to --list-dirs for non-default engine.
* src/engine-assuan.c (_gpgme_engine_ops_assuan): Add conf_dir.
* src/engine-g13.c (_gpgme_engine_ops_g13): Likewise.
* src/engine-gpg.c (_gpgme_engine_ops_gpg): Likewise.
* src/engine-gpgsm.c (_gpgme_engine_ops_gpgsm): Likewise.
* src/engine-spawn.c (_gpgme_engine_ops_spawn): Likewise.
* src/engine-uiserver.c (_gpgme_engine_ops_uiserver): Likewise.
* src/engine-backend.h (struct engine_ops): Likewise.
* src/engine-gpgconf.c (gpgconf_config_dir_cb, gpgconf_conf_dir):
New functions.
(struct engine_ops): Add gpgconf_conf_dir.
* src/engine.c (_gpgme_engine_op_conf_dir): New function.
* src/engine.h (_gpgme_engine_op_conf_dir): New prototype.
* src/gpgconf.c (gpgme_op_conf_dir): New function.
* src/gpgme.def (gpgme_op_conf_save): New symbol.
* src/gpgme.h.in (gpgme_op_conf_dir): New prototype.
* src/libgpgme.vers (gpgme_op_conf_dir): New symbol.
* tests/gpg/t-gpgconf.c (main): Test gpgme_op_conf_dir.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3018
2017-08-15 19:52:29 +02:00
Marcus Brinkmann
a0cc6e01a8 g10: Add new delete operations that allow more flags.
* NEWS: Document new interfaces.
* doc/gpgme.texi: Document new interfaces.
* src/gpgme.h.in (GPGME_DELETE_ALLOW_SECRET, GPGME_DELETE_FORCE,
gpgme_op_delete_ext_start, gpgme_op_delete_ext): New.
* src/delete.c (delete_start): Change allow_secret argument to flags.
(gpgme_op_delete_ext, gpgme_op_delete_ext_start): New functions.
* src/engine-backend.h (delete): Change allow_secret argument to flags.
* src/engine.c (_gpgme_engine_op_delete): Likewise.
* src/engine.h (_gpgme_engine_op_delete): Likewise (for prototype).
* src/engine-gpgsm.c (gpgsm_delete): Likewise.
* src/engine-gpg.c (gpg_delete): Likewise.  Implement GPGME_DELETE_FORCE.
* src/gpgme.def (gpgme_op_delete_ext, gpgme_op_delete_ext_start): New.
* src/libgpgme.vers (gpgme_op_delete_ext, gpgme_op_delete_ext_start): New.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2916
2017-08-11 19:13:44 +02:00
Justus Winter
05fa2a9c77
Add flag 'is_de_vs' to decryption results and signatures.
* NEWS: Update.
* lang/cpp/src/decryptionresult.cpp (DecryptionResult::isDeVs): New
function.
* lang/cpp/src/decryptionresult.h (DecryptionResult::isDeVs): New
prototype.
* lang/cpp/src/verificationresult.cpp (Signature::isDeVs): New
function.
* lang/cpp/src/verificationresult.h (Signature::isDeVs): New
prototype.
* lang/python/src/results.py (DecryptResult): Turn field 'is_de_vs'
into a boolean.
(Signature): Likewise.
* src/decrypt.c (_gpgme_decrypt_status_handler): Handle the new
compliance status line.
* src/verify.c (_gpgme_verify_status_handler): Likewise.
* src/gpgme.h.in (gpgme_status_code_t): Add new status codes for the
new status lines.
* src/keylist.c (parse_pub_field18): Move function to 'util.h'.
(keylist_colon_handler): Adapt callsites.
* src/status-table.c (status_table): Add new status lines.
* src/util.h (PARSE_COMPLIANCE_FLAGS): New macro.  This used to be
'parse_pub_field18', but turned into a macro to make it polymorphic.
--

When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD.  This information can the be presented to the user.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-01 14:16:11 +02:00
Werner Koch
813ae5fa2d
core: Prepare for new key listing data send by gpg.
* src/gpgme.h.in (gpgme_user_id_t): New fields 'origin' and
'last_update'.
(gpgme_key_t): New fields 'origin' and 'last_update'.
* src/conversion.c (_gpgme_parse_timestamp_ul): New.
* src/keylist.c (keylist_colon_handler): Parse fields 19 and 20.

* tests/run-keylist.c (main): Print new fields.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-28 11:41:30 +02:00
Werner Koch
6ac1f2cded
core: New flags GPGME_DECRYPT_UNWRAP and GPGME_ENCRYPT_WRAP.
* src/gpgme.h.in (GPGME_ENCRYPT_WRAP): New const.
(gpgme_decrypt_flags_t): New enum.
(GPGME_DECRYPT_VERIFY): New const
(GPGME_DECRYPT_UNWRAP): New const
(gpgme_op_decrypt_ext_start): New func.
(gpgme_op_decrypt_ext): New func.
* src/decrypt-verify.c (gpgme_op_decrypt_ext_start): New.
(gpgme_op_decrypt_ext): New.
(decrypt_verify_start): Add arg FLAGS.  Replace call to
engine_op_decrypt_verify by the plain decrypt with the flag set.
(gpgme_op_decrypt_verify_start): Pass the flag.
(gpgme_op_decrypt_verify): Pass the flag.
* src/decrypt.c (decrypt_start): Rename to ...
(_gpgme_decrypt_start): this.  Add arg FLAGS.  Pass FLAGS to
engine_op_decrypt.
(gpgme_op_decrypt_start): Adjust for chnage pass 0 for FLAG.
(gpgme_op_decrypt_start): Ditto.
* src/engine.c (_gpgme_engine_op_decrypt_verify): Remove.
(_gpgme_engine_op_decrypt): Add arg FLAGS.
* src/gpgme.def, src/libgpgme.vers: Add new functions.
* src/engine-backend.h (struct engine_ops): Remove member
'decrypt_verify'.  Add FLAGS to 'decrypt'.  Adjust all initialization.
* src/engine-uiserver.c (uiserver_decrypt): Remove.
(uiserver_decrypt_verify): Remove.
(_uiserver_decrypt): Rename to ...
(uiserver_decrypt): this.  Replace arg VERIFY by new arg FLAGS.
* src/engine-gpg.c (gpg_decrypt): Support GPGME_DECRYPT_UNWRAP.
(gpg_encrypt): Support GPGME_ENCRYPT_WRAP.

* tests/run-decrypt.c (main): New option --unwrap.
* tests/run-encrypt.c (main): New option --wrap.
--

Manual testing of that wrap/unwrap feature can be done this way:

 ./run-encrypt --verbose --key Alice /etc/motd > x
 ./run-decrypt --verbose --unwrap x > y
 ./run-encrypt --verbose --key Bob --wrap y > z

1. The message was first encrypted to Alice.
2. Alice decrypts the message receiving a valid OpenPGP message.
3. Alice encrypt that message to Bob

This will also work with encrypted and signed messages; the signature
will be kept intact during re-encryption.  Requires GnuPG 2.1.12.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-24 15:17:23 +01:00
Werner Koch
421ddd1e67
core: New API gpgme_op_set_uid_flag.
* src/gpgme.h.in (gpgme_op_set_uid_flag_start): New.
(gpgme_op_set_uid_flag_start): New.
* src/gpgme.def, src/libgpgme.vers: Add them.
* src/genkey.c (addrevuid_start): Change arg revoke to a flag.
(gpgme_op_revuid_start): Pass GENKEY_EXTRAFLAG_REVOKE for the fomer
revoke parameter.
(gpgme_op_revuid): Ditto.
(set_uid_flag): New.
(gpgme_op_set_uid_flag_start): New.
(gpgme_op_set_uid_flag): New.
* src/engine.h (GENKEY_EXTRAFLAG_SETPRIMARY): new.
* src/engine-gpg.c (gpg_adduid): Implement that flag.

* tests/run-genkey.c (main): New command --set-primary.
--

GnuPG-bug-id: 2931
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 19:03:58 +01:00
Werner Koch
fab8b1a166
core: New encryption flag GPGME_ENCRYPT_THROW_KEYIDS.
* src/gpgme.h.in (GPGME_ENCRYPT_THROW_KEYIDS): New flag.
* src/engine-gpg.c (gpg_encrypt): Implement flag
(gpg_encrypt_sign): Implement flag.

* tests/run-encrypt.c (main): New option --throw-keyids.
--

It would be nice to also selectively hide recipients (that is gpg
--hidden-recipient) but our API does not ye allow this because it is
based on key objects.  A possible way to implement that would be a API
to set processing flags into a key but this is complicated due to the
reference counting and thus the possibility that a key object is used
by different context.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 10:39:33 +01:00
Andre Heinecke
35023f3136
core: New public API gpgme_op_keylist_from_data_start.
* src/gpgme.h.in: New API gpgme_op_keylist_from_data_start.
* src/libgpgme.vers, src/gpgme.def: Add it.
* src/keylist.c (gpgme_op_keylist_from_data_start): New.
* src/engine-backend.h (engine_ops): Add field 'keylist_data'.  Change
all engines to pass NULL for it.
* src/engine.c (_gpgme_engine_op_keylist_data): New.
* src/engine-gpg.c (gpg_keylist_data): New.
(_gpgme_engine_ops_gpg): Register gpg_keylist_data.

* tests/run-keylist.c (main): New option --from-file.
--

Co-authored-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 2819
2017-03-21 09:50:23 +01:00
Werner Koch
ea9686ec71
core,cpp: New key flag 'is_de_vs'.
* src/gpgme.h.in (_gpgme_subkey): New flag is_de_vs.
* tests/run-keylist.c (main): Print that flag.
* src/keylist.c (parse_pub_field18): New.
(keylist_colon_handler): Parse compliance flags.
* lang/cpp/src/key.cpp (Key::isDeVs): New.
(Subkey::isDeVs): New.

* lang/cpp/src/key.h (class Key): New method isDeVs.
(class Subkey): New method isDeVs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-20 20:05:16 +01:00
Werner Koch
2486d0073b
Revert "core: Fix error types."
--
This reverts commit 6df6e01ed5.

gpgme_error_t et al are from a time where we had no hard dependency on
libgpg-error.  Now libgpg-error is a required and thus it does not
make sense to have these surrogates.  In fact we should ventually
completely remove them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-02 14:47:51 +01:00
Justus Winter
de708e5934
core: Fix expiration time handling when creating keys.
* NEWS: Update.
* doc/gpgme.texi (gpgme_op_createkey): Clarify the meaning of the
'expire' parameter.
(GPGME_CREATE_NOEXPIRE): Document new flag.
(gpgme_op_createsubkey): Clarify the meaning of the 'expire'
parameter.
* src/engine-gpg.c (gpg_add_algo_usage_expire): Fix handling of the
expiration time.
* src/gpgme.h.in (GPGME_CREATE_NOEXPIRE): New macro.
--

Previously, the documentation stated that the expiration time was an
absolute timestamp.  However, this value was passed using the
'seconds=N' syntax to GnuPG which specifies the expiration time in
seconds relative to the creation time.  Fix the documentation.

Furthermore, the documentation stated that using 0 results in keys
that do not expire.  This was communicated to GnuPG by using the
implicit default.  However, as of GnuPG 2.1.17, the default was
changed to create keys that expire within a reasonable timespan.

Fix this discrepancy by aligning the behavior with recent GnuPG
versions: 0 means use a reasonable default, and introduce a flag that
can be used to create keys that do not expire.  Communicate this
explicitly to GnuPG.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-15 16:45:45 +01:00
Justus Winter
6df6e01ed5
core: Fix error types.
* NEWS: Update.
* src/data.c (gpgme_data_set_flag): Return a 'gpgme_error_t'.
* src/error.c (gpgme_strerror_r): Fix type of first argument.
* src/gpgme.h.in (gpgme_strerror_r): Adapt.
(gpgme_data_set_flag): Likewise.
--
Fix for consistency.  This should not pose problems, because typedef
gpg_error_t gpgme_error_t.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-15 16:34:37 +01:00
Werner Koch
0ceeb2948c
core: Explain in gpgme.h that most stucts are read-only.
--

It is common that developers look up only the header file and do not
read the manual.  These comments should make it clear that most
structures in gpgme.h are read-only and may only be allocated by
gpgme.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-02 10:13:50 +01:00
Werner Koch
d19bea52af
core: Un-deprecate gpgme_data_rewind.
* src/gpgme.h.in (gpgme_data_rewind): Un-deprecate.
* src/data-compat.c (gpgme_data_rewind): Move to ...
* src/data.c (gpgme_data_rewind): here.
--

That function is very convenient because it is required a lot with
memory streams.  It also documents the intention of the caller better
than gpgme_data_seek with its addition parameters and the need to map
system errors.  Thus it does not make sense to make it a first class
citizen again.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-02 09:53:48 +01:00
Werner Koch
9b7d81998b
core: Move all deprecated stuff to the end of gpgme.h.
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-02 09:53:48 +01:00
Andre Heinecke
7103315829 core: Always use runtime for gpgconf changes
* src/engine-gpgconf.c (gpgconf_write): Add --runtime.
* src/gpgme.h.in (gpgme_conf_opt_change): Document this
behavior.

--
If a tool uses GPGME for changing configuration values it
needs a way to ensure that these changes take effect. Otherwise
users may change and see config values and do not understand
why they are not working.
2017-01-02 14:05:06 +01:00
Werner Koch
7659d42468
core: Implement context flag "override-session-key".
* src/gpgme.c (gpgme_set_ctx_flag): Add flags "export-session-key" and
"override-session-key".
(gpgme_get_ctx_flag): Ditto.
(gpgme_set_export_session_keys): Remove.
(gpgme_get_export_session_keys): Remove.
* src/gpgme.def, src/libgpgme.vers: Remove them.
* src/context.h (struct gpgme_context): Add field
override_session_key.
* src/decrypt-verify.c (decrypt_verify_start): Pass
override_session_key value to the engine.
* src/decrypt.c (decrypt_start): Ditto.
* src/engine.c (_gpgme_engine_op_decrypt): Ditto.
(_gpgme_engine_op_decrypt_verify): Ditto.
* src/engine-backend.h (struct engine_ops): Extend DECRYPT and
DECRYPT_VERIFY_START with override_session_key.
* src/engine-uiserver.c (_uiserver_decrypt): Add stub arg
override_session_key.
(uiserver_decrypt): Ditto.
(uiserver_decrypt_verify): Ditto.
* src/engine-gpgsm.c (gpgsm_decrypt): Ditto.
* src/engine-gpg.c (gpg_decrypt): Add arg override_session_key and set
corresponding gpg option.

* tests/run-decrypt.c (print_result): Print the session key if
available.
(main): Add options --export-session-key and --override-session-key.

--

To keep the number of context manipulation functions at bay, this
patches removes the just added gpgme_set_export_session_keys and
gpgme_get_export_session_keys by flags for the generic context
function.

The patch also implements the --override-session-key feature.

GnuPG-bug-id: 2754
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 10:34:13 +01:00
Werner Koch
3234b1bf1d
core: Add public function gpgme_get_ctx_flag.
* src/gpgme.h.in (gpgme_get_ctx_flag): New.
* src/gpgme.c (gpgme_set_ctx_flag): Move down the file and add a trace
statement.
(gpgme_get_ctx_flag): New.
* src/gpgme.def, src/libgpgme.vers: Add new interface.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 09:24:17 +01:00
Daniel Kahn Gillmor
cad1210fb8
core: Enable extraction of session keys.
* src/gpgme.c (gpgme_set_export_session_keys): New function.
(gpgme_get_export_session_keys): New function.
* src/gpgme.h.in (struct _gpgme_op_decrypt_result): Add session_key
member.
(gpgme_{set,get}_export_session_keys): Declare new functions.
* src/libgpgme.vers, src/gpgme.def: Export new functions in shared
object.
* src/engine.h: (_gpgme_engine_op_decrypt) Add export_session_key
parameter.
(_gpgme_engine_op_decrypt_verify): Add export_session_key parameter.
* src/engine-backend.h: (struct engine_ops): Change function
pointer declarations to match.
* src/context.h (struct gpgme_context): Add export_session_keys member.
* src/decrypt.c (release_op_data): Free result.session_key.
(_gpgme_decrypt_status_handler): Store a copy of the exported session
key.
(decrypt_start): Pass export_session_keys from the context.
* src/decrypt-verify.c (decrypt_verify_start): Pass
export_session_keys from context.
* src/engine.c (_gpgme_engine_op_decrypt): Pass through
export_session_key flag.
(_gpgme_engine_op_decrypt_verify): Pass through export_session_key
flag.
* src/engine-gpg.c (gpg_decrypt): If export_session_key is set, add
--export-session-key to argument list.
* src/engine-gpgsm.c (gpgsm_decrypt): Ignore export_session_key for
now, since gpgsm offers no such mechanism.
* src/engine-uiserver.c (_uiserver_decrypt): If export_session_key is
set, add --export-session-key flag to cmd.
* doc/gpgme.texi: Document new functions and session_key member of
decrypt_result_t.
* doc/uiserver.texi: Add --export-session-key flag to DECRYPT command.

--

gpg(1) documents session key export as useful for key escrow, and is
rightly dubious of that use case.  However, session key export is also
useful in other use cases.  Two examples from MUA development (where
this functionality would be specifically useful to me right now):

 * If the MUA stores a local copy of the session key upon decrypting
   the message, it can re-decrypt the message without expensive
   asymmetric operations.  When rendering a thread with dozens of
   encrypted messages, this can represent a significant speedup.

 * A user may have expired encryption-capable secret key material,
   along with many messages encrypted to that material.  If she stores
   the session keys for those messages she wants to keep, she can
   destroy her secret key material and make any messages she has
   deleted completely unrecoverable, even to an attacker who gets her
   remaining secret keys in the future.

This patchset makes a two specific implementation decisions that could
have gone in different ways.  I welcome feedback on preferred outcomes.

 0) session key representation: we currently represent the session key
    as an opaque textual string, rather than trying to provide any
    sort of in-memory structure.  While it wouldn't be hard to parse
    the data produced by gpg's --export-session-key, I chose to use
    the opaque string rather than lock in a particular data format.

 1) API/ABI: i've added a member to gpgme_op_decrypt_result_t.  This
    has the potential to cause an out-of-bound memory access if
    someone uses code compiled against the newer verision, but linked
    at runtime against an older version.  I've attempted to limit that
    risk by documenting that users must verify
    gpgme_get_export_session_keys() before accessing this new struct
    member -- this means that code expecting this capability will
    require the symbol at link-time, and will refuse to link against
    older versions.

    Another approach to solving this problem would be to avoid
    modifying gpgme_op_decrypt_result_t, and to introduce instead a
    new function gpgme_op_session_key(), which could be called in the
    same places as gpgme_op_decrypt_result().  Depending on the
    representation of the session key, this might introduce new
    memory-management burdens on the user of the library, and the
    session key is certainly part of a decryption result, so it seemed
    simpler to go with what i have here.

If anyone has strong preferences that these choices should be solved
in a different way, i'm happy to hear them.

Additionally, I note that i'm also still pretty unclear about how the
"UI Server" fits into this whole ecosystem. In particular, I don't
know whether it's kosher to just add an --export-session-key flag to
the DECRYPT operation without actually having implemented it anywhere,
but i don't see where i would actually implement it either :/

If this patch (or some variant) is adopted, i will supply another
patch that permits offering a session key during decryption (e.g. "gpg
--override-session-key"), but I wanted to get these implementation
choices ironed out first.

Gnupg-Bug-Id: 2754
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

On the concern of adding a new field to a structure: It may not be
clearly documented but we don't expect that a user ever allocates such
a structure - those result structure may only be created bu gpgme and
are read-only for the user.  Adding a new member constitutes a
compatible ABI change and thus an older SO may not be used by code
compiled with a header for the newer API.  Unless someone tinkers with
the build system, this should never happen.  We have added new fields
to result structure may times and I can't remember any problems.

 - wk
2016-11-15 08:52:06 +01:00
Werner Koch
aad94cb7c3
core: Add gpgme_op_query_swdb and helper.
* src/gpgme.h.in (gpgme_query_swdb_result_t): New.
(gpgme_op_query_swdb): New.
(gpgme_op_query_swdb_result): New.
* src/libgpgme.vers, src/gpgme.def: Add the two new functions.
* src/queryswdb.c: New.
* src/Makefile.am (main_sources): Add new file.
* src/context.h (OPDATA_QUERY_SWDB): New.
* src/engine-backend.h (struct engine_ops): Add field 'query_swdb'.
Adjust all initializer.
* src/engine.c (_gpgme_engine_op_query_swdb): New.
* src/engine-gpgconf.c (parse_swdb_line): New.
(gpgconf_query_swdb): New.
(_gpgme_engine_ops_gpgconf): Register that function.

* src/util.h (GPG_ERR_TOO_OLD): Define for older libgpg-error.
(GPG_ERR_ENGINE_TOO_OLD): Ditto.

* tests/run-swdb.c: New.
* tests/Makefile.am (noinst_PROGRAMS): Add new debug tool.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-03 17:32:30 +01:00
Werner Koch
b8159eadb5
core: New API functions gpgme_set_sender, gpgme_get_sender.
* src/context.h (struct gpgme_context): Add field 'sender'.
* src/gpgme.c: Include mbox-util.h.
(gpgme_release): Free SENDER.
(gpgme_set_sender): New.
(gpgme_get_sender): New.
* src/gpgme.def, src/libgpgme.vers: Add new functions.

* src/engine-gpg.c (append_args_from_sender): New.
(gpg_encrypt_sign, gpg_sign): Call append_args_from_sender.
(gpg_verify): Add arg CTX.  Call append_args_from_sender/
* src/engine-gpgsm.c (gpgsm_verify): Add dummy arg CTX.
* src/engine-uiserver.c (uiserver_verify): Ditto.
* src/engine.c (_gpgme_engine_op_verify): Add arg CTX.
* src/verify.c (verify_start): Pass CTX to engine function.

* tests/gpg/t-verify.c (main): Add some checks for new functions.
* tests/run-sign.c (main): Add option --sender.
* tests/run-verify.c (main): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-25 17:28:01 +02:00
Werner Koch
0ea2ff6790
core: New helper function gpgme_addrspec_from_uid.
* src/gpgme.h.in: Add gpgme_addrspec_from_uid.
* src/gpgme.def, src/libgpgme.vers: Ditto.
* src/mbox-util.c (gpgme_addrspec_from_uid): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-08 21:17:48 +02:00
Werner Koch
e7ab75379f
Release 1.7.0
* configure.ac: Bump LT vesion to C26/A15/R0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-21 09:18:01 +02:00
Werner Koch
b615316168
core: Document the version a function has been deprecated.
* src/gpgme.h.in (_GPGME_DEPRECATED): Change to take versio numbers
for documentation.  Change all places.
(_GPGME_DEPRECATED_OUTSIDE_GPGME): Ditto.
* lang/python/gpgme-h-clean.py: Adjust RE.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-16 16:00:27 +02:00
Justus Winter
5259f9de46 core: Fix typos.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-16 13:02:55 +02:00
Werner Koch
ed1f2700a7
core: New function gpgme_op_interact, deprecate gpgme_op_edit.
* src/gpgme.h.in (gpgme_interact_cb_t): New.
(GPGME_INTERACT_CARD): New.
(gpgme_op_interact_start, gpgme_op_interact): New.
* src/libgpgme.vers, src/gpgme.def: Add new functions.
* src/edit.c (op_data_t): Rename fnc to fnc_old and change users.  Add
fnc.
(edit_status_handler): Call old or new callback.
(command_handler): Ditto.
(interact_start): New.
(gpgme_op_interact_start, gpgme_op_interact_start): New.
* src/status-table.c (_gpgme_status_to_string): New.

* tests/gpg/t-edit.c (edit_fnc): Rename to interact_fnc and change
type of STATUS.  Use gpgme_io_writen.
(main): s/gpgme_op_edit/gpgme_op_interact/.
--

This change will eventually allow us to remove all those status codes
from gpgme.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-15 11:39:43 +02:00
Werner Koch
7c37719d79
core: New function gpgme_op_tofu_policy
* src/gpgme.h.in (gpgme_op_tofu_policy_start): New function.
(gpgme_op_tofu_policy): New function.
* src/libgpgme.vers, src/gpgme.def: Add new functions.
* src/tofupolicy.c: New.
* src/Makefile.am (main_sources): Add that file.
* src/context.h (ctx_op_data_id_t): Add OPDATA_TOFU_POLICY.
* src/engine.c (_gpgme_engine_op_tofu_policy): New.
* src/engine-backend.h (engine_ops): Add funcptr 'tofu_policy'.
Adjust all engine initializations.
* src/engine-gpg.c (gpg_tofu_policy): New.
(_gpgme_engine_ops_gpg): Register this function.

* tests/run-tofu.c: New.
* tests/Makefile.am (noinst_PROGRAMS): Add it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-14 20:21:19 +02:00
Werner Koch
bfd2bd0ccc
core: New function gpgme_op_keysign.
* src/gpgme.h.in (gpgme_op_keysign_start, gpgme_op_keysign): New.
(GPGME_KEYSIGN_LOCAL): New.
(GPGME_KEYSIGN_LFSEP): New.
(GPGME_KEYSIGN_NOEXPIRE): New.
* src/context.h (ctx_op_data_id_t): Add OPDATA_KEYSIGN.
* src/keysign.c: New.
* src/Makefile.am (main_sources): Add keysig.
* src/libgpgme.vers, src/gpgme.def: Add gpgme_op_keysign_start.
* src/engine.c (_gpgme_engine_op_keysign): New.
* src/engine-backend.h (engine_ops): Add 'keysign' and adjust all
engine initializers.
* src/engine-gpg.c (_add_arg): Add args PREFIX and ARGLEN and change
callers to set them.
(add_arg_pfx): New.
(add_arg_len): New.
(gpg_keysign): New.
(_gpgme_engine_ops_gpg): Set keysign to gpg_keysign.
* tests/run-keysign.c: New.
* tests/Makefile.am (noinst_PROGRAMS): Add run-keysign.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-14 18:59:55 +02:00
Werner Koch
c943380b7a
core: New function gpgme_op_revuid.
* src/engine.h (GENKEY_EXTRAFLAG_REVOKE): New.
* src/genkey.c (adduid_start): Rename to addrevuid_start.  Add arg
REVOKE and pass it as extraflags.  Remove useless ARMOR extraflag.
Adjust callers.
(gpgme_op_revuid_start, gpgme_op_revuid): New.
* src/gpgme.def, src/libgpgme.vers: Add them.

* tests/run-genkey.c: Add option --revuid.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-14 12:42:12 +02:00
Werner Koch
3210f3e472
core: New function gpgme_op_adduid.
* src/genkey.c: Replace most error codes GPG_ERR_INV_VALUE by
GPG_ERR_INV_ARG.
(struct op_data_t): Add field UIDMODE.
(genkey_status_handler): Use UIDMODE.
(adduid_start): New.
(gpgme_op_adduid_start, gpgme_op_adduid): New.
* src/gpgme.def, src/libgpgme.vers: Add them.
* tests/run-genkey.c: Add option --adduid.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-14 11:40:34 +02:00
Werner Koch
00c501d296
core: New function gpgme_op_create_key.
* src/engine-backend.h (engine_ops): Change prototype of genkey.
* src/engine-gpgsm.c (gpgsm_genkey): Change accordingly.
* src/engine-gpg.c (gpg_genkey): Change it to a dispatcher.
(gpg_createkey_from_param): New for the old functionality.
(gpg_createkey_legacy): New.  Stub for now.
(gpg_createkey): New.
(gpg_addkey): New.  Stub for now.
(gpg_adduid): New.  Stub for now.
* src/engine.c (_gpgme_engine_op_genkey): Add new args.
* src/genkey.c (op_data_t): Add field ERROR_CODE.
(parse_error): New.
(genkey_status_handler): Parse ERROR status line.
(genkey_start): Use NULL/0 for the new args.
(createkey_start): New.
(gpgme_op_createkey_start, gpgme_op_createkey): New.
* src/gpgme.def, src/libgpgme.vers: Add gpgme_op_createkey_start and
gpgme_op_createkey.
* src/gpgme.h.in (_gpgme_op_genkey_result): Add fields PUBKEY and
SECKEY.
(GPGME_CREATE_SIGN): New.
(GPGME_CREATE_ENCR): New.
(GPGME_CREATE_CERT): New.
(GPGME_CREATE_AUTH): New.
(GPGME_CREATE_NOPASSWD): New.
(GPGME_CREATE_SELFSIGNED): New.
(GPGME_CREATE_NOSTORE): New.
(GPGME_CREATE_WANTPUB): New.
(GPGME_CREATE_WANTSEC): New.
(GPGME_CREATE_FORCE): New.

* tests/run-genkey.c: New.
* tests/Makefile.am (noinst_PROGRAMS): Add it.
--

This function uses the new --quick-gen-key API of gpg.  A limited
compatibility mode to use older gpg versions and gpgsm will eventually
be provided.  Not all flags are currently implemented.

 ./run-genkey --unprotected --force test@example.com

Create a new standard key with the given user id.  --force is used to
allow creating more than one key with that user id in the keyring.

 ./run-genkey --unprotected --force \
      test@example.com default default 2145826800

Creates a new standard key with an expiration date of 2037-12-31.

 ./run-genkey --unprotected --force \
      test@example.com future-default default 2145826800

Create a standard key using the fugure default algorithms.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-13 18:59:10 +02:00
Werner Koch
120b14783c
core,cpp: Extend the TOFU information.
* src/gpgme.h.in (struct _gpeme_tofu_info): Rename FIRSTSEEN to
SIGNFIRST and LASTSEEN to SIGNLAST.  Add ENCRFIST and ENCRLAST.
* src/keylist.c (parse_tfs_record): Parse to ENCRFIRST and ENCRLAST.
* src/verify.c (parse_tofu_stats): Ditto.
* tests/run-keylist.c (main): Adjust and print encrypt stats.
* tests/run-verify.c (print_result): Ditto.

* lang/cpp/src/tofuinfo.h (TofuInfo): Rename firstSeen to signFirst
and lastSeen to signLast.  Add encrCount, encrFirst and encrLast.
* lang/cpp/src/tofuinfo.cpp (encrCount, encrFirst, encrLast): New.
--

The latest GnuPG commits have the needed changes but we also allow the
use of currently released GnuPG version.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-07 09:26:11 +02:00
Werner Koch
9ee103957e
core: Add GPGME_KEYLIST_MODE_WITH_TOFU.
* src/gpgme.h.in (GPGME_KEYLIST_MODE_WITH_TOFU): New.
* src/engine-gpg.c (gpg_keylist_build_options): Use that.
* src/keylist.c: Include limits.h.
(parse_tfs_record): New.
(keylist_colon_handler): Support TFS record.
* tests/run-keylist.c: Include time.h.
(isotimestr): New.
(main): Add option --tofu.  Print TOFU info.
* tests/run-verify.c: Include time.h.
(isotimestr): New.
(print_result): Use isotimestr for TOFU dates.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-25 11:38:03 +02:00