diff options
45 files changed, 2509 insertions, 375 deletions
| @@ -5,6 +5,15 @@ Noteworthy changes in version 1.18.1 (unreleased)   * Optionally, build QGpgME for Qt 6 + * Support component "gpgtar-name" in gpgme_get_dirinfo.  [T6342] + + * Extended gpgme_op_encrypt*, gpgme_op_encrypt_sign*, and +   gpgme_op_sign* to allow creating an encrypted and/or signed +   archive.  [T6342] + + * Extended gpgme_op_decrypt*, gpgme_op_decrypt_verify*, and gpgme_op_verify* +   to allow extracting an encrypted and/or signed archive.  [T6342] +   * cpp: Handle error when trying to sign expired keys.  [T6155]   * cpp: Support encryption flags ThrowKeyIds, EncryptWrap, and WantAddress. @@ -23,19 +32,32 @@ Noteworthy changes in version 1.18.1 (unreleased)   * qt: Allow deferred start of import jobs.  [T6323] + * qt: Support creating encrypted archives.  [T6342] +   * Interface changes relative to the 1.18.0 release:   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   gpgme_get_ctx_flag                EXTENDED: New flag 'no-auto-check-trustdb'.   gpgme_set_ctx_flag                EXTENDED: New flag 'no-auto-check-trustdb'. + GPGME_DECRYPT_ARCHIVE                      NEW. + GPGME_ENCRYPT_ARCHIVE                      NEW. + GPGME_SIG_MODE_ARCHIVE                     NEW. + GPGME_VERIFY_ARCHIVE                       NEW. + gpgme_verify_flags_t                       NEW. + gpgme_op_verify_ext_start                  NEW. + gpgme_op_verify_ext                        NEW.   cpp: GpgGenCardKeyInteractor::Curve        NEW.   cpp: GpgGenCardKeyInteractor::setCurve     NEW.   cpp: Context::WantAddress                  NEW. + cpp: Data::setFileName            EXTENDED: New overload   qt: ListAllKeysJob::Option                 NEW.   qt: ListAllKeysJob::Options                NEW.   qt: ListAllKeysJob::setOptions             NEW.   qt: ListAllKeysJob::options                NEW.   qt: Job::startNow                          NEW.   qt: ImportJob::startLater                  NEW. + qt: FileListDataProvider                   NEW. + qt: EncryptArchiveJob                      NEW. + qt: Protocol::encryptArchiveJob            NEW.  Noteworthy changes in version 1.18.0 (2022-08-10) diff --git a/doc/gpgme.texi b/doc/gpgme.texi index f19b8325..8bde11bc 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -981,6 +981,9 @@ Return the name of the directory with GnuPG shared data.  @item localedir  Return the name of the directory with GnuPG locale data. +@item socketdir +Return the name of the directory with the following sockets. +  @item agent-socket  Return the name of the socket to connect to the gpg-agent. @@ -1024,6 +1027,9 @@ Return the name of the pinentry program.  @item gpg-wks-client-name  Return the name of the Web Key Service tool. +@item gpgtar-name +Return the name of the gpgtar program. +  @end table  @end deftypefun @@ -2193,6 +2199,11 @@ associated with the data object.  The file name will be stored in the  output when encrypting or signing the data and will be returned to the  user when decrypting or verifying the output data. +If a signed or encrypted archive is created, then the file name will be +interpreted as the base directory for the relative paths of the files and +directories to put into the archive.  This corresponds to the --directory +option of gpgtar. +  The function returns the error code @code{GPG_ERR_INV_VALUE} if  @var{dh} is not a valid pointer and @code{GPG_ERR_ENOMEM} if not  enough memory is available. @@ -3161,8 +3172,8 @@ The string given in @var{value} is passed to the GnuPG engine to override  the session key for decryption.  The format of that session key is  specific to GnuPG and can be retrieved during a decrypt operation when  the context flag "export-session-key" is enabled.  Please be aware that -using this feature with GnuPG < 2.1.16 will leak the session key on -many platforms via ps(1). +using this feature with GnuPG < 2.1.16 or when decrypting an archive +will leak the session key on many platforms via ps(1).  @item "auto-key-retrieve"  Setting the @var{value} to "1" asks the backend to automatically @@ -5611,6 +5622,12 @@ The function @code{gpgme_op_decrypt_ext} is the same as  @code{gpgme_op_decrypt} but has an additional argument  @var{flags}.  If @var{flags} is 0 both function behave identically. +If the flag @code{GPGME_DECRYPT_ARCHIVE} is set, then an encrypted +archive in the data object @var{cipher} is decrypted and extracted. +The content of the archive is extracted into a directory named +@code{GPGARCH_n_} (where @code{n} is a number) or into the directory +set with @code{gpgme_data_set_file_name} for the data object @var{plain}. +  The value in @var{flags} is a bitwise-or combination of one or  multiple of the following bit values: @@ -5621,6 +5638,14 @@ multiple of the following bit values:  The @code{GPGME_DECRYPT_VERIFY} symbol specifies that this function  shall exactly act as @code{gpgme_op_decrypt_verify}. +@item GPGME_DECRYPT_ARCHIVE +@since{1.19.0} + +The @code{GPGME_DECRYPT_ARCHIVE} symbol specifies that the input is an +encrypted archive that shall be decrypted and extracted.  This feature +is currently only supported for the OpenPGP crypto engine and requires +GnuPG 2.4.1. +  @item GPGME_DECRYPT_UNWRAP  @since{1.8.0} @@ -5800,6 +5825,61 @@ operation could be started successfully, @code{GPG_ERR_INV_VALUE} if  any data to verify.  @end deftypefun + +@deftypefun gpgme_error_t gpgme_op_verify_ext ( @ +            @w{gpgme_ctx_t @var{ctx}}, @ +            @w{gpgme_verify_flags_t @var{flags}}, @ +            @w{gpgme_data_t @var{sig}}, @ +            @w{gpgme_data_t @var{signed_text}}, @ +            @w{gpgme_data_t @var{plain}}) + +The function @code{gpgme_op_verify_ext} is the same as +@code{gpgme_op_verify} but has an additional argument +@var{flags}.  If @var{flags} is 0 both function behave identically. + +If the flag @code{GPGME_VERIFY_ARCHIVE} is set, then a signed archive +in the data object @var{sig} is verified and extracted. The content of +the archive is extracted into a directory named @code{GPGARCH_n_} +(where @code{n} is a number) or into the directory set with +@code{gpgme_data_set_file_name} for the data object @var{plain}. + +The value in @var{flags} is a bitwise-or combination of one or +multiple of the following bit values: + +@table @code +@item GPGME_VERIFY_ARCHIVE +@since{1.19.0} + +The @code{GPGME_VERIFY_ARCHIVE} symbol specifies that the input is a +signed archive that shall be verified and extracted.  This feature +is currently only supported for the OpenPGP crypto engine and requires +GnuPG 2.4.1. + +@end table + +The function returns the error codes as descriped for +@code{gpgme_op_decrypt} respective @code{gpgme_op_encrypt}. +@end deftypefun + +@deftypefun gpgme_error_t gpgme_op_verify_ext_start ( @ +            @w{gpgme_ctx_t @var{ctx}}, @ +            @w{gpgme_verify_flags_t @var{flags}}, @ +            @w{gpgme_data_t @var{sig}}, @ +            @w{gpgme_data_t @var{signed_text}}, @ +            @w{gpgme_data_t @var{plain}}) + +The function @code{gpgme_op_verify_ext_start} initiates a +@code{gpgme_op_verify_ext} operation.  It can be completed by calling +@code{gpgme_wait} on the context.  @xref{Waiting For Completion}. + +The function returns the error code @code{GPG_ERR_NO_ERROR} if the +operation could be started successfully, @code{GPG_ERR_INV_VALUE} if +@var{ctx}, @var{sig} or @var{plain} is not a valid pointer, and +@code{GPG_ERR_NO_DATA} if @var{sig} or @var{plain} does not contain +any data to verify. +@end deftypefun + +  @deftp {Data type} {gpgme_sig_notation_t}  This is a pointer to a structure used to store a part of the result of  a @code{gpgme_op_verify} operation.  The structure contains the @@ -6232,6 +6312,14 @@ A detached signature is made.  @item GPGME_SIG_MODE_CLEAR  A clear text signature is made.  The @acronym{ASCII} armor and text  mode settings of the context are ignored. + +@item GPGME_SIG_MODE_ARCHIVE +@since{1.19.0} + +A signed archive is created from the given files and directories.  This +feature is currently only supported for the OpenPGP crypto engine and requires +GnuPG 2.4.1. +  @end table  @end deftp @@ -6243,6 +6331,13 @@ the data object @var{plain} and returns it in the data object  specified for @var{sig}), the text mode attributes set for the context  @var{ctx} and the requested signature mode @var{mode}. +If signature mode @code{GPGME_SIG_MODE_ARCHIVE} is requested, then a +signed archive is created from the files and directories given as +NUL-separated list in the data object @var{plain} and returned in the +data object @var{sig}.  The paths of the files and directories have to +be given as paths relative to the current working directory or relative +to the base directory set with @code{gpgme_data_set_file_name}. +  After the operation completed successfully, the result can be  retrieved with @code{gpgme_op_sign_result}. @@ -6414,6 +6509,13 @@ ciphertext created is determined by the @acronym{ASCII} armor (or, if  that is not set, by the encoding specified for @var{cipher}) and the  text mode attributes set for the context @var{ctx}. +If the flag @code{GPGME_ENCRYPT_ARCHIVE} is set, then an encrypted +archive is created from the files and directories given as NUL-separated +list in the data object @var{plain} and returned in the data object +@var{cipher}.  The paths of the files and directories have to +be given as paths relative to the current working directory or relative +to the base directory set with @code{gpgme_data_set_file_name}. +  @var{recp} must be a @code{NULL}-terminated array of keys.  The user  must keep references for all keys during the whole duration of the  call (but see @code{gpgme_op_encrypt_start} for the requirements with @@ -6489,6 +6591,14 @@ of now the key must be specified using the @var{recpstring} argument  of the extended encrypt functions.  This feature is currently only  supported for the OpenPGP crypto engine. +@item GPGME_ENCRYPT_ARCHIVE +@since{1.19.0} + +The @code{GPGME_ENCRYPT_ARCHIVE} symbol specifies that the input is a +NUL-separated list of file paths and directory paths that shall be +encrypted into an archive.  This feature is currently only supported +for the OpenPGP crypto engine and requires GnuPG 2.4.1. +  @end table  If @code{GPG_ERR_UNUSABLE_PUBKEY} is returned, some recipients in diff --git a/lang/cpp/src/context.cpp b/lang/cpp/src/context.cpp index 120c7c70..f93887f5 100644 --- a/lang/cpp/src/context.cpp +++ b/lang/cpp/src/context.cpp @@ -1278,14 +1278,22 @@ std::vector<Notation> Context::signatureNotations() const      return result;  } -static gpgme_sig_mode_t sigmode2sigmode(SignatureMode mode) +static gpgme_sig_mode_t sigflags2sigflags(SignatureMode flags)  { -    switch (mode) { -    default: -    case NormalSignatureMode: return GPGME_SIG_MODE_NORMAL; -    case Detached:            return GPGME_SIG_MODE_DETACH; -    case Clearsigned:         return GPGME_SIG_MODE_CLEAR; +    unsigned int result = 0; +    if (flags & SignatureMode::NormalSignatureMode) { +        result |= GPGME_SIG_MODE_NORMAL; +    } +    if (flags & SignatureMode::Detached) { +        result |= GPGME_SIG_MODE_DETACH; +    } +    if (flags & SignatureMode::Clearsigned) { +        result |= GPGME_SIG_MODE_CLEAR; +    } +    if (flags & SignatureMode::SignArchive) { +        result |= GPGME_SIG_MODE_ARCHIVE;      } +    return static_cast<gpgme_sig_mode_t>(result);  }  SigningResult Context::sign(const Data &plainText, Data &signature, SignatureMode mode) @@ -1293,7 +1301,7 @@ SigningResult Context::sign(const Data &plainText, Data &signature, SignatureMod      d->lastop = Private::Sign;      const Data::Private *const pdp = plainText.impl();      Data::Private *const sdp = signature.impl(); -    d->lasterr = gpgme_op_sign(d->ctx, pdp ? pdp->data : nullptr, sdp ? sdp->data : nullptr, sigmode2sigmode(mode)); +    d->lasterr = gpgme_op_sign(d->ctx, pdp ? pdp->data : nullptr, sdp ? sdp->data : nullptr, sigflags2sigflags(mode));      return SigningResult(d->ctx, Error(d->lasterr));  } @@ -1302,7 +1310,7 @@ Error Context::startSigning(const Data &plainText, Data &signature, SignatureMod      d->lastop = Private::Sign;      const Data::Private *const pdp = plainText.impl();      Data::Private *const sdp = signature.impl(); -    return Error(d->lasterr = gpgme_op_sign_start(d->ctx, pdp ? pdp->data : nullptr, sdp ? sdp->data : nullptr, sigmode2sigmode(mode))); +    return Error(d->lasterr = gpgme_op_sign_start(d->ctx, pdp ? pdp->data : nullptr, sdp ? sdp->data : nullptr, sigflags2sigflags(mode)));  }  SigningResult Context::signingResult() const @@ -1344,6 +1352,9 @@ static gpgme_encrypt_flags_t encryptflags2encryptflags(Context::EncryptionFlags      if (flags & Context::WantAddress) {          result |= GPGME_ENCRYPT_WANT_ADDRESS;      } +    if (flags & Context::EncryptArchive) { +        result |= GPGME_ENCRYPT_ARCHIVE; +    }      return static_cast<gpgme_encrypt_flags_t>(result);  } @@ -1895,16 +1906,12 @@ std::ostream &operator<<(std::ostream &os, KeyListMode mode)  std::ostream &operator<<(std::ostream &os, SignatureMode mode)  {      os << "GpgME::SignatureMode("; -    switch (mode) { -#define CHECK( x ) case x: os << #x; break +#define CHECK( x ) if ( !(mode & (x)) ) {} else do { os << #x " "; } while (0)          CHECK(NormalSignatureMode);          CHECK(Detached);          CHECK(Clearsigned); +        CHECK(SignArchive);  #undef CHECK -    default: -        os << "???" "(" << static_cast<int>(mode) << ')'; -        break; -    }      return os << ')';  } @@ -1921,6 +1928,7 @@ std::ostream &operator<<(std::ostream &os, Context::EncryptionFlags flags)      CHECK(ThrowKeyIds);      CHECK(EncryptWrap);      CHECK(WantAddress); +    CHECK(EncryptArchive);  #undef CHECK      return os << ')';  } diff --git a/lang/cpp/src/context.h b/lang/cpp/src/context.h index 3c3544d2..d66344ce 100644 --- a/lang/cpp/src/context.h +++ b/lang/cpp/src/context.h @@ -449,6 +449,7 @@ public:          ThrowKeyIds = 64,          EncryptWrap = 128,          WantAddress = 256, +        EncryptArchive = 512      };      EncryptionResult encrypt(const std::vector<Key> &recipients, const Data &plainText, Data &cipherText, EncryptionFlags flags);      GpgME::Error encryptSymmetrically(const Data &plainText, Data &cipherText); diff --git a/lang/cpp/src/data.cpp b/lang/cpp/src/data.cpp index 7a93cbc2..dd8b1740 100644 --- a/lang/cpp/src/data.cpp +++ b/lang/cpp/src/data.cpp @@ -217,6 +217,11 @@ GpgME::Error GpgME::Data::setFileName(const char *name)      return Error(gpgme_data_set_file_name(d->data, name));  } +GpgME::Error GpgME::Data::setFileName(const std::string &name) +{ +    return Error(gpgme_data_set_file_name(d->data, name.c_str())); +} +  ssize_t GpgME::Data::read(void *buffer, size_t length)  {      return gpgme_data_read(d->data, buffer, length); diff --git a/lang/cpp/src/data.h b/lang/cpp/src/data.h index 649e4104..9a5d5b0c 100644 --- a/lang/cpp/src/data.h +++ b/lang/cpp/src/data.h @@ -106,6 +106,7 @@ public:      char *fileName() const;      Error setFileName(const char *name); +    Error setFileName(const std::string &name);      ssize_t read(void *buffer, size_t length);      ssize_t write(const void *buffer, size_t length); diff --git a/lang/cpp/src/global.h b/lang/cpp/src/global.h index 1336142a..c9c65cdb 100644 --- a/lang/cpp/src/global.h +++ b/lang/cpp/src/global.h @@ -74,7 +74,12 @@ enum KeyListMode {      KeyListModeMask = 0x3ff  }; -enum SignatureMode { NormalSignatureMode, Detached, Clearsigned }; +enum SignatureMode { +    NormalSignatureMode = 0, +    Detached = 1, +    Clearsigned = 2, +    SignArchive = 4, +};  enum class RevocationReason {      Unspecified = 0, @@ -103,7 +108,7 @@ homedir, sysconfdir, bindir, libexecdir, libdir,  datadir, localedir, agent-socket, agent-ssh-socket,  dirmngr-socket, uiserver-socket, gpgconf-name, gpg-name,  gpgsm-name, g13-name, keyboxd-name, agent-name, scdaemon-name, -dirmngr-name, pinentry-name, socketdir. +dirmngr-name, pinentry-name, socketdir, gpg-wks-client-name, gpgtar-name.  This may be extended in the future.  */ diff --git a/lang/cpp/src/signingresult.cpp b/lang/cpp/src/signingresult.cpp index 6e0dd90a..06169cbc 100644 --- a/lang/cpp/src/signingresult.cpp +++ b/lang/cpp/src/signingresult.cpp @@ -199,6 +199,7 @@ GpgME::SignatureMode GpgME::CreatedSignature::mode() const      case GPGME_SIG_MODE_NORMAL: return NormalSignatureMode;      case GPGME_SIG_MODE_DETACH: return Detached;      case GPGME_SIG_MODE_CLEAR:  return Clearsigned; +    case GPGME_SIG_MODE_ARCHIVE: return SignArchive; // cannot happen      }  } diff --git a/lang/qt/src/Makefile.am b/lang/qt/src/Makefile.am index 510802a8..928b6913 100644 --- a/lang/qt/src/Makefile.am +++ b/lang/qt/src/Makefile.am @@ -34,11 +34,14 @@ EXTRA_DIST = QGpgmeConfig.cmake.in.in QGpgmeConfigVersion.cmake.in \  qgpgme_sources = \      dataprovider.cpp \      debug.cpp \ +    encryptarchivejob.cpp \ +    filelistdataprovider.cpp \      job.cpp multideletejob.cpp qgpgmeadduseridjob.cpp \      qgpgmeaddexistingsubkeyjob.cpp \      qgpgmebackend.cpp qgpgmechangeexpiryjob.cpp qgpgmechangeownertrustjob.cpp \      qgpgmechangepasswdjob.cpp qgpgmedecryptjob.cpp \      qgpgmedecryptverifyjob.cpp qgpgmedeletejob.cpp qgpgmedownloadjob.cpp \ +    qgpgmeencryptarchivejob.cpp \      qgpgmeencryptjob.cpp qgpgmeexportjob.cpp qgpgmeimportfromkeyserverjob.cpp \      qgpgmeimportjob.cpp qgpgmekeygenerationjob.cpp qgpgmekeylistjob.cpp \      listallkeysjob.cpp qgpgmelistallkeysjob.cpp qgpgmenewcryptoconfig.cpp \ @@ -46,6 +49,7 @@ qgpgme_sources = \      qgpgmerefreshsmimekeysjob.cpp \      qgpgmerevokekeyjob.cpp \      qgpgmesetprimaryuseridjob.cpp \ +    qgpgmesignarchivejob.cpp \      qgpgmesignencryptjob.cpp \      qgpgmesignjob.cpp qgpgmesignkeyjob.cpp qgpgmeverifydetachedjob.cpp \      qgpgmeverifyopaquejob.cpp qgpgmewkdlookupjob.cpp threadedjobmixin.cpp \ @@ -53,6 +57,7 @@ qgpgme_sources = \      qgpgmetofupolicyjob.cpp qgpgmequickjob.cpp \      defaultkeygenerationjob.cpp qgpgmewkspublishjob.cpp \      qgpgmegpgcardjob.cpp changeexpiryjob.cpp encryptjob.cpp importjob.cpp \ +    signarchivejob.cpp \      signencryptjob.cpp \      dn.cpp cryptoconfig.cpp wkdlookupresult.cpp \      util.cpp @@ -70,8 +75,10 @@ qgpgme_headers= \      decryptjob.h \      decryptverifyjob.h \      downloadjob.h \ +    encryptarchivejob.h \      encryptjob.h \      exportjob.h \ +    filelistdataprovider.h \      hierarchicalkeylistjob.h \      job.h \      keyformailboxjob.h \ @@ -84,6 +91,7 @@ qgpgme_headers= \      revokekeyjob.h \      setprimaryuseridjob.h \      specialjob.h \ +    signarchivejob.h \      signjob.h \      signkeyjob.h \      signencryptjob.h \ @@ -118,8 +126,10 @@ camelcase_headers= \      DecryptVerifyJob \      DN \      DownloadJob \ +    EncryptArchiveJob \      EncryptJob \      ExportJob \ +    FileListDataProvider \      HierarchicalKeyKistJob \      Job \      MultiDeleteJob \ @@ -130,6 +140,7 @@ camelcase_headers= \      RevokeKeyJob \      SetPrimaryUserIDJob \      SpecialJob \ +    SignArchiveJob \      SignJob \      SignKeyJob \      SignEncryptJob \ @@ -153,6 +164,7 @@ camelcase_headers= \  private_qgpgme_headers = \      changeexpiryjob_p.h \ +    encryptarchivejob_p.h \      encryptjob_p.h \      importjob_p.h \      listallkeysjob_p.h \ @@ -169,6 +181,7 @@ private_qgpgme_headers = \      qgpgmedecryptverifyjob.h \      qgpgmedeletejob.h \      qgpgmedownloadjob.h \ +    qgpgmeencryptarchivejob.h \      qgpgmeencryptjob.h \      qgpgmeexportjob.h \      qgpgmeimportfromkeyserverjob.h \ @@ -180,6 +193,7 @@ private_qgpgme_headers = \      qgpgmerefreshsmimekeysjob.h \      qgpgmerevokekeyjob.h \      qgpgmesetprimaryuseridjob.h \ +    qgpgmesignarchivejob.h \      qgpgmesignencryptjob.h \      qgpgmesignjob.h \      qgpgmesignkeyjob.h \ @@ -191,6 +205,7 @@ private_qgpgme_headers = \      qgpgmetofupolicyjob.h \      qgpgmegpgcardjob.h \      qgpgmequickjob.h \ +    signarchivejob_p.h \      signencryptjob_p.h \      threadedjobmixin.h \      util.h @@ -206,6 +221,7 @@ qgpgme_moc_sources = \      decryptverifyjob.moc \      deletejob.moc \      downloadjob.moc \ +    encryptarchivejob.moc \      encryptjob.moc \      exportjob.moc \      hierarchicalkeylistjob.moc \ @@ -225,6 +241,7 @@ qgpgme_moc_sources = \      qgpgmedecryptverifyjob.moc \      qgpgmedeletejob.moc \      qgpgmedownloadjob.moc \ +    qgpgmeencryptarchivejob.moc \      qgpgmeencryptjob.moc \      qgpgmeexportjob.moc \      qgpgmeimportfromkeyserverjob.moc \ @@ -236,6 +253,7 @@ qgpgme_moc_sources = \      qgpgmerefreshsmimekeysjob.moc \      qgpgmerevokekeyjob.moc \      qgpgmesetprimaryuseridjob.moc \ +    qgpgmesignarchivejob.moc \      qgpgmesignencryptjob.moc \      qgpgmesignjob.moc \      qgpgmesignkeyjob.moc \ @@ -249,6 +267,7 @@ qgpgme_moc_sources = \      refreshkeysjob.moc \      revokekeyjob.moc \      setprimaryuseridjob.moc \ +    signarchivejob.moc \      signencryptjob.moc \      signjob.moc \      signkeyjob.moc \ diff --git a/lang/qt/src/dataprovider.h b/lang/qt/src/dataprovider.h index 636d6fb6..b14e7d54 100644 --- a/lang/qt/src/dataprovider.h +++ b/lang/qt/src/dataprovider.h @@ -25,7 +25,13 @@  #define __QGPGME_DATAPROVIDER_H__  #include "qgpgme_export.h" + +#ifdef BUILDING_QGPGME  #include <interfaces/dataprovider.h> +#else +#include <gpgme++/interfaces/dataprovider.h> +#endif +  #include <memory>  #include <QtCore/QByteArray> diff --git a/lang/qt/src/encryptarchivejob.cpp b/lang/qt/src/encryptarchivejob.cpp new file mode 100644 index 00000000..5c5533be --- /dev/null +++ b/lang/qt/src/encryptarchivejob.cpp @@ -0,0 +1,62 @@ +/* +    encryptarchivejob.cpp + +    This file is part of qgpgme, the Qt API binding for gpgme +    Copyright (c) 2023 g10 Code GmbH +    Software engineering by Ingo Klöcker <[email protected]> + +    QGpgME is free software; you can redistribute it and/or +    modify it under the terms of the GNU General Public License as +    published by the Free Software Foundation; either version 2 of the +    License, or (at your option) any later version. + +    QGpgME is distributed in the hope that it will be useful, +    but WITHOUT ANY WARRANTY; without even the implied warranty of +    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU +    General Public License for more details. + +    You should have received a copy of the GNU General Public License +    along with this program; if not, write to the Free Software +    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA + +    In addition, as a special exception, the copyright holders give +    permission to link the code of this program with any edition of +    the Qt library by Trolltech AS, Norway (or with modified versions +    of Qt that use the same license as Qt), and distribute linked +    combinations including the two.  You must obey the GNU General +    Public License in all respects for all of the code used other than +    Qt.  If you modify this file, you may extend this exception to +    your version of the file, but you are not obligated to do so.  If +    you do not wish to do so, delete this exception statement from +    your version. +*/ + +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + +#include "encryptarchivejob.h" +#include "encryptarchivejob_p.h" + +using namespace QGpgME; + +EncryptArchiveJob::EncryptArchiveJob(QObject *parent) +    : Job{parent} +{ +} + +EncryptArchiveJob::~EncryptArchiveJob() = default; + +void EncryptArchiveJob::setBaseDirectory(const QString &baseDirectory) +{ +    auto d = jobPrivate<EncryptArchiveJobPrivate>(this); +    d->m_baseDirectory = baseDirectory; +} + +QString EncryptArchiveJob::baseDirectory() const +{ +    auto d = jobPrivate<EncryptArchiveJobPrivate>(this); +    return d->m_baseDirectory; +} + +#include "encryptarchivejob.moc" diff --git a/lang/qt/src/encryptarchivejob.h b/lang/qt/src/encryptarchivejob.h new file mode 100644 index 00000000..1221994f --- /dev/null +++ b/lang/qt/src/encryptarchivejob.h @@ -0,0 +1,101 @@ +/* +    encryptarchivejob.h + +    This file is part of qgpgme, the Qt API binding for gpgme +    Copyright (c) 2023 g10 Code GmbH +    Software engineering by Ingo Klöcker <[email protected]> + +    QGpgME is free software; you can redistribute it and/or +    modify it under the terms of the GNU General Public License as +    published by the Free Software Foundation; either version 2 of the +    License, or (at your option) any later version. + +    QGpgME is distributed in the hope that it will be useful, +    but WITHOUT ANY WARRANTY; without even the implied warranty of +    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU +    General Public License for more details. + +    You should have received a copy of the GNU General Public License +    along with this program; if not, write to the Free Software +    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA + +    In addition, as a special exception, the copyright holders give +    permission to link the code of this program with any edition of +    the Qt library by Trolltech AS, Norway (or with modified versions +    of Qt that use the same license as Qt), and distribute linked +    combinations including the two.  You must obey the GNU General +    Public License in all respects for all of the code used other than +    Qt.  If you modify this file, you may extend this exception to +    your version of the file, but you are not obligated to do so.  If +    you do not wish to do so, delete this exception statement from +    your version. +*/ + +#ifndef __QGPGME_ENCRYPTARCHIVEJOB_H__ +#define __QGPGME_ENCRYPTARCHIVEJOB_H__ + +#include "job.h" + +#ifdef BUILDING_QGPGME +# include "context.h" +#else +# include <gpgme++/context.h> +#endif + +namespace GpgME +{ +class Key; +} + +namespace QGpgME +{ + +/** + * Abstract base class for job for creating encrypted archives + */ +class QGPGME_EXPORT EncryptArchiveJob : public Job +{ +    Q_OBJECT +protected: +    explicit EncryptArchiveJob(QObject *parent); +public: +    ~EncryptArchiveJob() override; + +    void setBaseDirectory(const QString &baseDirectory); +    QString baseDirectory() const; + +    /** +     * Starts the creation of an encrypted archive. +     * +     * Encrypts the files and directories in \a paths into an archive for the +     * keys in \a recipients. If \a recipients is empty, then symmetric +     * encryption is performed. The encrypted archive is written to \a cipherText. +     * +     * Emits result() when the job has finished. +     */ +    virtual GpgME::Error start(const std::vector<GpgME::Key> &recipients, +                               const std::vector<QString> &paths, +                               const std::shared_ptr<QIODevice> &cipherText, +                               const GpgME::Context::EncryptionFlags flags) = 0; + +    /** +     * Creates an encrypted archive. +     * +     * Encrypts the files and directories in \a paths into an archive for the +     * keys in \a recipients. If \a recipients is empty, then symmetric +     * encryption is performed. The encrypted archive is written to \a cipherText. +     */ +    // virtual GpgME::EncryptionResult exec(const std::vector<GpgME::Key> &recipients, +    //                                      const std::vector<QString> &paths, +    //                                      const std::shared_ptr<QIODevice> &cipherText, +    //                                      const GpgME::Context::EncryptionFlags flags) = 0; + +Q_SIGNALS: +    void result(const GpgME::EncryptionResult &result, +                const QString &auditLogAsHtml = {}, +                const GpgME::Error &auditLogError = {}); +}; + +} + +#endif // __QGPGME_ENCRYPTARCHIVEJOB_H__ diff --git a/lang/qt/src/encryptarchivejob_p.h b/lang/qt/src/encryptarchivejob_p.h new file mode 100644 index 00000000..798096db --- /dev/null +++ b/lang/qt/src/encryptarchivejob_p.h @@ -0,0 +1,49 @@ +/* +    encryptarchivejob_p.h + +    This file is part of qgpgme, the Qt API binding for gpgme +    Copyright (c) 2023 g10 Code GmbH +    Software engineering by Ingo Klöcker <[email protected]> + +    QGpgME is free software; you can redistribute it and/or +    modify it under the terms of the GNU General Public License as +    published by the Free Software Foundation; either version 2 of the +    License, or (at your option) any later version. + +    QGpgME is distributed in the hope that it will be useful, +    but WITHOUT ANY WARRANTY; without even the implied warranty of +    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU +    General Public License for more details. + +    You should have received a copy of the GNU General Public License +    along with this program; if not, write to the Free Software +    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA + +    In addition, as a special exception, the copyright holders give +    permission to link the code of this program with any edition of +    the Qt library by Trolltech AS, Norway (or with modified versions +    of Qt that use the same license as Qt), and distribute linked +    combinations including the two.  You must obey the GNU General +    Public License in all respects for all of the code used other than +    Qt.  If you modify this file, you may extend this exception to +    your version of the file, but you are not obligated to do so.  If +    you do not wish to do so, delete this exception statement from +    your version. +*/ + +#ifndef __QGPGME_ENCRYPTARCHIVEJOB_P_H__ +#define __QGPGME_ENCRYPTARCHIVEJOB_P_H__ + +#include "job_p.h" + +namespace QGpgME +{ + +struct EncryptArchiveJobPrivate : public JobPrivate +{ +    QString m_baseDirectory; +}; + +} + +#endif // __QGPGME_ENCRYPTARCHIVEJOB_P_H__ diff --git a/lang/qt/src/filelistdataprovider.cpp b/lang/qt/src/filelistdataprovider.cpp new file mode 100644 index 00000000..004854ef --- /dev/null +++ b/lang/qt/src/filelistdataprovider.cpp @@ -0,0 +1,98 @@ +/* +    filelistdataprovider.cpp + +    This file is part of qgpgme, the Qt API binding for gpgme +    Copyright (c) 2023 g10 Code GmbH +    Software engineering by Ingo Klöcker <[email protected]> + +    QGpgME is free software; you can redistribute it and/or +    modify it under the terms of the GNU General Public License as +    published by the Free Software Foundation; either version 2 of the +    License, or (at your option) any later version. + +    QGpgME is distributed in the hope that it will be useful, +    but WITHOUT ANY WARRANTY; without even the implied warranty of +    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU +    General Public License for more details. + +    You should have received a copy of the GNU General Public License +    along with this program; if not, write to the Free Software +    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA + +    In addition, as a special exception, the copyright holders give +    permission to link the code of this program with any edition of +    the Qt library by Trolltech AS, Norway (or with modified versions +    of Qt that use the same license as Qt), and distribute linked +    combinations including the two.  You must obey the GNU General +    Public License in all respects for all of the code used other than +    Qt.  If you modify this file, you may extend this exception to +    your version of the file, but you are not obligated to do so.  If +    you do not wish to do so, delete this exception statement from +    your version. +*/ + +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + +#include "filelistdataprovider.h" + +#include "dataprovider.h" + +#include <QString> + +#include <gpgme++/error.h> + +#include <numeric> + +using namespace QGpgME; +using namespace GpgME; + +static QByteArray encodeFilenames(const std::vector<QString> &filenames) +{ +    QByteArray ret; +    if (filenames.empty()) { +        return ret; +    } +    // calculate and reserve the needed minimum size of the result +    const auto addSize = [](unsigned int n, const QString &s) { return n + s.size(); }; +    const unsigned int minSize = filenames.size() +        + std::accumulate(filenames.cbegin(), filenames.cend(), 0u, addSize); +    ret.reserve(minSize); +    // pack the filenames into the byte array +    for (const auto &f : filenames) { +        if (!f.isEmpty()) { +            ret += f.toUtf8() + '\0'; +        } +    } +    ret.chop(1); // remove the trailing nul +    return ret; +} + +FileListDataProvider::FileListDataProvider(const std::vector<QString> &filenames) +    : mProvider{new QByteArrayDataProvider{encodeFilenames(filenames)}} +{ +} + +FileListDataProvider::~FileListDataProvider() = default; + +ssize_t FileListDataProvider::read(void* buffer, size_t bufSize) +{ +    return mProvider->read(buffer, bufSize); +} + +ssize_t FileListDataProvider::write(const void *, size_t) +{ +    Error::setSystemError(GPG_ERR_EBADF); +    return -1; +} + +off_t FileListDataProvider::seek(off_t offset, int whence) +{ +    return mProvider->seek(offset, whence); +} + +void FileListDataProvider::release() +{ +    mProvider->release(); +} diff --git a/lang/qt/src/filelistdataprovider.h b/lang/qt/src/filelistdataprovider.h new file mode 100644 index 00000000..25e52e41 --- /dev/null +++ b/lang/qt/src/filelistdataprovider.h @@ -0,0 +1,79 @@ +/* +    filelistdataprovider.h + +    This file is part of qgpgme, the Qt API binding for gpgme +    Copyright (c) 2023 g10 Code GmbH +    Software engineering by Ingo Klöcker <[email protected]> + +    QGpgME is free software; you can redistribute it and/or +    modify it under the terms of the GNU General Public License as +    published by the Free Software Foundation; either version 2 of the +    License, or (at your option) any later version. + +    QGpgME is distributed in the hope that it will be useful, +    but WITHOUT ANY WARRANTY; without even the implied warranty of +    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU +    General Public License for more details. + +    You should have received a copy of the GNU General Public License +    along with this program; if not, write to the Free Software +    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA + +    In addition, as a special exception, the copyright holders give +    permission to link the code of this program with any edition of +    the Qt library by Trolltech AS, Norway (or with modified versions +    of Qt that use the same license as Qt), and distribute linked +    combinations including the two.  You must obey the GNU General +    Public License in all respects for all of the code used other than +    Qt.  If you modify this file, you may extend this exception to +    your version of the file, but you are not obligated to do so.  If +    you do not wish to do so, delete this exception statement from +    your version. +*/ + +#ifndef __QGPGME_FILELISTDATAPROVIDER_H__ +#define __QGPGME_FILELISTDATAPROVIDER_H__ + +#include "qgpgme_export.h" + +#ifdef BUILDING_QGPGME +#include <interfaces/dataprovider.h> +#else +#include <gpgme++/interfaces/dataprovider.h> +#endif + +#include <memory> +#include <vector> + +class QString; + +namespace QGpgME +{ + +/** + * This read-only data provider simplifies providing a nul-separated list of + * UTF-8-encoded filenames, e.g. for creating signed or encrypted archives. + */ +class QGPGME_EXPORT FileListDataProvider : public GpgME::DataProvider +{ +public: +    explicit FileListDataProvider(const std::vector<QString> &filenames); +    ~FileListDataProvider() override; + +private: +    bool isSupported(Operation op) const override +    { +        return op != Operation::Write; +    } +    ssize_t read(void *buffer, size_t bufSize) override; +    ssize_t write(const void *buffer, size_t bufSize) override; +    off_t seek(off_t offset, int whence) override; +    void release() override; + +private: +    std::unique_ptr<GpgME::DataProvider> mProvider; +}; + +} + +#endif // __QGPGME_FILELISTDATAPROVIDER_H__ diff --git a/lang/qt/src/protocol.h b/lang/qt/src/protocol.h index 019633a8..0f3e5b28 100644 --- a/lang/qt/src/protocol.h +++ b/lang/qt/src/protocol.h @@ -50,8 +50,10 @@ class ImportFromKeyserverJob;  class ExportJob;  class DownloadJob;  class DeleteJob; +class EncryptArchiveJob;  class EncryptJob;  class DecryptJob; +class SignArchiveJob;  class SignJob;  class SignKeyJob;  class VerifyDetachedJob; @@ -189,6 +191,9 @@ public:       * OpenPGP key.       */      virtual SetPrimaryUserIDJob *setPrimaryUserIDJob() const = 0; + +    virtual EncryptArchiveJob *encryptArchiveJob(bool armor = false) const = 0; +    virtual SignArchiveJob *signArchiveJob(bool armor = false) const = 0;  };  /** Obtain a reference to the OpenPGP Protocol. diff --git a/lang/qt/src/protocol_p.h b/lang/qt/src/protocol_p.h index 915fef99..73405c6d 100644 --- a/lang/qt/src/protocol_p.h +++ b/lang/qt/src/protocol_p.h @@ -46,7 +46,9 @@  #include "qgpgmedeletejob.h"  #include "qgpgmedownloadjob.h"  #include "qgpgmesignencryptjob.h" +#include "qgpgmeencryptarchivejob.h"  #include "qgpgmeencryptjob.h" +#include "qgpgmesignarchivejob.h"  #include "qgpgmesignjob.h"  #include "qgpgmesignkeyjob.h"  #include "qgpgmeexportjob.h" @@ -506,6 +508,30 @@ public:          }          return new QGpgME::QGpgMESetPrimaryUserIDJob{context};      } + +    QGpgME::EncryptArchiveJob *encryptArchiveJob(bool armor) const override +    { +        if (mProtocol != GpgME::OpenPGP) { +            return nullptr; +        } +        if (auto context = GpgME::Context::createForProtocol(mProtocol)) { +            context->setArmor(armor); +            return new QGpgME::QGpgMEEncryptArchiveJob{context}; +        } +        return nullptr; +    } + +    QGpgME::SignArchiveJob *signArchiveJob(bool armor) const override +    { +        if (mProtocol != GpgME::OpenPGP) { +            return nullptr; +        } +        if (auto context = GpgME::Context::createForProtocol(mProtocol)) { +            context->setArmor(armor); +            return new QGpgME::QGpgMESignArchiveJob{context}; +        } +        return nullptr; +    }  };  } diff --git a/lang/qt/src/qgpgmeencryptarchivejob.cpp b/lang/qt/src/qgpgmeencryptarchivejob.cpp new file mode 100644 index 00000000..63c55364 --- /dev/null +++ b/lang/qt/src/qgpgmeencryptarchivejob.cpp @@ -0,0 +1,152 @@ +/* +    qgpgmeencryptarchivejob.cpp + +    This file is part of qgpgme, the Qt API binding for gpgme +    Copyright (c) 2004,2007,2008 Klarälvdalens Datakonsult AB +    Copyright (c) 2016 by Bundesamt fĂĽr Sicherheit in der Informationstechnik +    Software engineering by Intevation GmbH +    Copyright (c) 2022,2023 g10 Code GmbH +    Software engineering by Ingo Klöcker <[email protected]> + +    QGpgME is free software; you can redistribute it and/or +    modify it under the terms of the GNU General Public License as +    published by the Free Software Foundation; either version 2 of the +    License, or (at your option) any later version. + +    QGpgME is distributed in the hope that it will be useful, +    but WITHOUT ANY WARRANTY; without even the implied warranty of +    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU +    General Public License for more details. + +    You should have received a copy of the GNU General Public License along +    with this program; if not, write to the Free Software Foundation, Inc., +    51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA + +    In addition, as a special exception, the copyright holders give +    permission to link the code of this program with any edition of +    the Qt library by Trolltech AS, Norway (or with modified versions +    of Qt that use the same license as Qt), and distribute linked +    combinations including the two.  You must obey the GNU General +    Public License in all respects for all of the code used other than +    Qt.  If you modify this file, you may extend this exception to +    your version of the file, but you are not obligated to do so.  If +    you do not wish to do so, delete this exception statement from +    your version. +*/ + +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + +#include "qgpgmeencryptarchivejob.h" + +#include "dataprovider.h" +#include "encryptarchivejob_p.h" +#include "filelistdataprovider.h" + +// #include <context.h> +#include <data.h> +// #include <encryptionresult.h> +// +// #include <QBuffer> +// #include <QFileInfo> +// +// #include <cassert> + +using namespace QGpgME; +using namespace GpgME; + +namespace +{ + +class QGpgMEEncryptArchiveJobPrivate : public EncryptArchiveJobPrivate +{ +    QGpgMEEncryptArchiveJob *q = nullptr; + +public: +    QGpgMEEncryptArchiveJobPrivate(QGpgMEEncryptArchiveJob *qq) +        : q{qq} +    { +    } + +    ~QGpgMEEncryptArchiveJobPrivate() override = default; + +private: +    void start() override +    { +        q->run(); +    } +}; + +} + +QGpgMEEncryptArchiveJob::QGpgMEEncryptArchiveJob(Context *context) +    : mixin_type{context} +{ +    setJobPrivate(this, std::unique_ptr<QGpgMEEncryptArchiveJobPrivate>{new QGpgMEEncryptArchiveJobPrivate{this}}); +    lateInitialization(); +} + +static QGpgMEEncryptArchiveJob::result_type encrypt(Context *ctx, +                                                    QThread *thread, +                                                    const std::vector<Key> &recipients, +                                                    const std::vector<QString> &paths, +                                                    const std::weak_ptr<QIODevice> &cipherText_, +                                                    Context::EncryptionFlags flags, +                                                    const QString &baseDirectory) +{ +    const std::shared_ptr<QIODevice> cipherText = cipherText_.lock(); +    const _detail::ToThreadMover ctMover(cipherText, thread); + +    QGpgME::FileListDataProvider in{paths}; +    Data indata(&in); +    if (!baseDirectory.isEmpty()) { +        indata.setFileName(baseDirectory.toStdString()); +    } + +    QGpgME::QIODeviceDataProvider out{cipherText}; +    Data outdata(&out); + +    flags = static_cast<Context::EncryptionFlags>(flags | Context::EncryptArchive); +    const EncryptionResult res = ctx->encrypt(recipients, indata, outdata, flags); +    Error ae; +    const QString log = _detail::audit_log_as_html(ctx, ae); +    return std::make_tuple(res, log, ae); +} + +GpgME::Error QGpgMEEncryptArchiveJob::start(const std::vector<GpgME::Key> &recipients, +                                            const std::vector<QString> &paths, +                                            const std::shared_ptr<QIODevice> &cipherText, +                                            const GpgME::Context::EncryptionFlags flags) +{ +    if (!cipherText) { +        return Error::fromCode(GPG_ERR_INV_VALUE); +    } + +    run(std::bind(&encrypt, +                  std::placeholders::_1, +                  std::placeholders::_2, +                  recipients, +                  paths, +                  std::placeholders::_3, +                  flags, +                  baseDirectory()), +        cipherText); +    return {}; +} + +// EncryptionResult QGpgMEEncryptArchiveJob::exec(const std::vector<Key> &recipients, const QByteArray &plainText, +//                                         const Context::EncryptionFlags eflags, QByteArray &cipherText) +// { +//     const result_type r = encrypt_qba(context(), recipients, plainText, eflags, mOutputIsBase64Encoded, fileName()); +//     cipherText = std::get<1>(r); +//     resultHook(r); +//     return mResult; +// } + +void QGpgMEEncryptArchiveJob::resultHook(const result_type &tuple) +{ +    mResult = std::get<0>(tuple); +} + +#include "qgpgmeencryptarchivejob.moc" diff --git a/lang/qt/src/qgpgmeencryptarchivejob.h b/lang/qt/src/qgpgmeencryptarchivejob.h new file mode 100644 index 00000000..81398d07 --- /dev/null +++ b/lang/qt/src/qgpgmeencryptarchivejob.h @@ -0,0 +1,82 @@ +/* +    qgpgmeencryptarchivejob.h + +    This file is part of qgpgme, the Qt API binding for gpgme +    Copyright (c) 2023 g10 Code GmbH +    Software engineering by Ingo Klöcker <[email protected]> + +    QGpgME is free software; you can redistribute it and/or +    modify it under the terms of the GNU General Public License as +    published by the Free Software Foundation; either version 2 of the +    License, or (at your option) any later version. + +    QGpgME is distributed in the hope that it will be useful, +    but WITHOUT ANY WARRANTY; without even the implied warranty of +    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU +    General Public License for more details. + +    You should have received a copy of the GNU General Public License +    along with this program; if not, write to the Free Software +    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA + +    In addition, as a special exception, the copyright holders give +    permission to link the code of this program with any edition of +    the Qt library by Trolltech AS, Norway (or with modified versions +    of Qt that use the same license as Qt), and distribute linked +    combinations including the two.  You must obey the GNU General +    Public License in all respects for all of the code used other than +    Qt.  If you modify this file, you may extend this exception to +    your version of the file, but you are not obligated to do so.  If +    you do not wish to do so, delete this exception statement from +    your version. +*/ + +#ifndef __QGPGME_QGPGMEENCRYPTARCHIVEJOB_H__ +#define __QGPGME_QGPGMEENCRYPTARCHIVEJOB_H__ + +#include "encryptarchivejob.h" + +#include "threadedjobmixin.h" + +#include <encryptionresult.h> +#include <key.h> + +namespace QGpgME +{ + +class QGpgMEEncryptArchiveJob +#ifdef Q_MOC_RUN +    : public EncryptArchiveJob +#else +    : public _detail::ThreadedJobMixin<EncryptArchiveJob, std::tuple<GpgME::EncryptionResult, QString, GpgME::Error>> +#endif +{ +    Q_OBJECT +#ifdef Q_MOC_RUN +public Q_SLOTS: +    void slotFinished(); +#endif +public: +    explicit QGpgMEEncryptArchiveJob(GpgME::Context *context); +    ~QGpgMEEncryptArchiveJob() = default; + +    GpgME::Error start(const std::vector<GpgME::Key> &recipients, +                       const std::vector<QString> &paths, +                       const std::shared_ptr<QIODevice> &cipherText, +                       const GpgME::Context::EncryptionFlags flags) override; + +    // GpgME::EncryptionResult exec(const std::vector<GpgME::Key> &recipients, +    //                              const std::vector<QString> &paths, +    //                              const std::shared_ptr<QIODevice> &cipherText, +    //                              const GpgME::Context::EncryptionFlags flags) override; + +    /* from ThreadedJobMixin */ +    void resultHook(const result_type &r) override; + +private: +    GpgME::EncryptionResult mResult; +}; + +} + +#endif // __QGPGME_QGPGMEENCRYPTARCHIVEJOB_H__ diff --git a/lang/qt/src/qgpgmesignarchivejob.cpp b/lang/qt/src/qgpgmesignarchivejob.cpp new file mode 100644 index 00000000..d9abec42 --- /dev/null +++ b/lang/qt/src/qgpgmesignarchivejob.cpp @@ -0,0 +1,141 @@ +/* +    qgpgmesignarchivejob.cpp + +    This file is part of qgpgme, the Qt API binding for gpgme +    Copyright (c) 2004,2007,2008 Klarälvdalens Datakonsult AB +    Copyright (c) 2016 by Bundesamt fĂĽr Sicherheit in der Informationstechnik +    Software engineering by Intevation GmbH +    Copyright (c) 2022,2023 g10 Code GmbH +    Software engineering by Ingo Klöcker <[email protected]> + +    QGpgME is free software; you can redistribute it and/or +    modify it under the terms of the GNU General Public License as +    published by the Free Software Foundation; either version 2 of the +    License, or (at your option) any later version. + +    QGpgME is distributed in the hope that it will be useful, +    but WITHOUT ANY WARRANTY; without even the implied warranty of +    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU +    General Public License for more details. + +    You should have received a copy of the GNU General Public License along +    with this program; if not, write to the Free Software Foundation, Inc., +    51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA + +    In addition, as a special exception, the copyright holders give +    permission to link the code of this program with any edition of +    the Qt library by Trolltech AS, Norway (or with modified versions +    of Qt that use the same license as Qt), and distribute linked +    combinations including the two.  You must obey the GNU General +    Public License in all respects for all of the code used other than +    Qt.  If you modify this file, you may extend this exception to +    your version of the file, but you are not obligated to do so.  If +    you do not wish to do so, delete this exception statement from +    your version. +*/ + +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + +#include "qgpgmesignarchivejob.h" + +#include "dataprovider.h" +#include "signarchivejob_p.h" +#include "filelistdataprovider.h" + +#include <data.h> + +using namespace QGpgME; +using namespace GpgME; + +namespace +{ + +class QGpgMESignArchiveJobPrivate : public SignArchiveJobPrivate +{ +    QGpgMESignArchiveJob *q = nullptr; + +public: +    QGpgMESignArchiveJobPrivate(QGpgMESignArchiveJob *qq) +        : q{qq} +    { +    } + +    ~QGpgMESignArchiveJobPrivate() override = default; + +private: +    void start() override +    { +        q->run(); +    } +}; + +} + +QGpgMESignArchiveJob::QGpgMESignArchiveJob(Context *context) +    : mixin_type{context} +{ +    setJobPrivate(this, std::unique_ptr<QGpgMESignArchiveJobPrivate>{new QGpgMESignArchiveJobPrivate{this}}); +    lateInitialization(); +} + +static QGpgMESignArchiveJob::result_type sign(Context *ctx, +                                              QThread *thread, +                                              const std::vector<Key> &signers, +                                              const std::vector<QString> &paths, +                                              const std::weak_ptr<QIODevice> &output_, +                                              const QString &baseDirectory) +{ +    const std::shared_ptr<QIODevice> output = output_.lock(); +    const _detail::ToThreadMover ctMover(output, thread); + +    QGpgME::FileListDataProvider in{paths}; +    Data indata(&in); +    if (!baseDirectory.isEmpty()) { +        indata.setFileName(baseDirectory.toStdString()); +    } + +    QGpgME::QIODeviceDataProvider out{output}; +    Data outdata(&out); + +    ctx->clearSigningKeys(); +    for (const Key &signer : signers) { +        if (!signer.isNull()) { +            if (const Error err = ctx->addSigningKey(signer)) { +                return std::make_tuple(SigningResult{err}, QString{}, Error{}); +            } +        } +    } + +    const SigningResult res = ctx->sign(indata, outdata, GpgME::SignArchive); +    Error ae; +    const QString log = _detail::audit_log_as_html(ctx, ae); +    return std::make_tuple(res, log, ae); +} + +GpgME::Error QGpgMESignArchiveJob::start(const std::vector<GpgME::Key> &signers, +                                            const std::vector<QString> &paths, +                                            const std::shared_ptr<QIODevice> &output) +{ +    if (!output) { +        return Error::fromCode(GPG_ERR_INV_VALUE); +    } + +    run(std::bind(&sign, +                  std::placeholders::_1, +                  std::placeholders::_2, +                  signers, +                  paths, +                  std::placeholders::_3, +                  baseDirectory()), +        output); +    return {}; +} + +void QGpgMESignArchiveJob::resultHook(const result_type &tuple) +{ +    mResult = std::get<0>(tuple); +} + +#include "qgpgmesignarchivejob.moc" diff --git a/lang/qt/src/qgpgmesignarchivejob.h b/lang/qt/src/qgpgmesignarchivejob.h new file mode 100644 index 00000000..ade4e8dc --- /dev/null +++ b/lang/qt/src/qgpgmesignarchivejob.h @@ -0,0 +1,76 @@ +/* +    qgpgmesignarchivejob.h + +    This file is part of qgpgme, the Qt API binding for gpgme +    Copyright (c) 2023 g10 Code GmbH +    Software engineering by Ingo Klöcker <[email protected]> + +    QGpgME is free software; you can redistribute it and/or +    modify it under the terms of the GNU General Public License as +    published by the Free Software Foundation; either version 2 of the +    License, or (at your option) any later version. + +    QGpgME is distributed in the hope that it will be useful, +    but WITHOUT ANY WARRANTY; without even the implied warranty of +    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU +    General Public License for more details. + +    You should have received a copy of the GNU General Public License +    along with this program; if not, write to the Free Software +    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA + +    In addition, as a special exception, the copyright holders give +    permission to link the code of this program with any edition of +    the Qt library by Trolltech AS, Norway (or with modified versions +    of Qt that use the same license as Qt), and distribute linked +    combinations including the two.  You must obey the GNU General +    Public License in all respects for all of the code used other than +    Qt.  If you modify this file, you may extend this exception to +    your version of the file, but you are not obligated to do so.  If +    you do not wish to do so, delete this exception statement from +    your version. +*/ + +#ifndef __QGPGME_QGPGMESIGNARCHIVEJOB_H__ +#define __QGPGME_QGPGMESIGNARCHIVEJOB_H__ + +#include "signarchivejob.h" + +#include "threadedjobmixin.h" + +#include <signingresult.h> +#include <key.h> + +namespace QGpgME +{ + +class QGpgMESignArchiveJob +#ifdef Q_MOC_RUN +    : public SignArchiveJob +#else +    : public _detail::ThreadedJobMixin<SignArchiveJob, std::tuple<GpgME::SigningResult, QString, GpgME::Error>> +#endif +{ +    Q_OBJECT +#ifdef Q_MOC_RUN +public Q_SLOTS: +    void slotFinished(); +#endif +public: +    explicit QGpgMESignArchiveJob(GpgME::Context *context); +    ~QGpgMESignArchiveJob() = default; + +    GpgME::Error start(const std::vector<GpgME::Key> &signers, +                       const std::vector<QString> &paths, +                       const std::shared_ptr<QIODevice> &output) override; + +    /* from ThreadedJobMixin */ +    void resultHook(const result_type &r) override; + +private: +    GpgME::SigningResult mResult; +}; + +} + +#endif // __QGPGME_QGPGMESIGNARCHIVEJOB_H__ diff --git a/lang/qt/src/signarchivejob.cpp b/lang/qt/src/signarchivejob.cpp new file mode 100644 index 00000000..fcdf241d --- /dev/null +++ b/lang/qt/src/signarchivejob.cpp @@ -0,0 +1,62 @@ +/* +    signarchivejob.cpp + +    This file is part of qgpgme, the Qt API binding for gpgme +    Copyright (c) 2023 g10 Code GmbH +    Software engineering by Ingo Klöcker <[email protected]> + +    QGpgME is free software; you can redistribute it and/or +    modify it under the terms of the GNU General Public License as +    published by the Free Software Foundation; either version 2 of the +    License, or (at your option) any later version. + +    QGpgME is distributed in the hope that it will be useful, +    but WITHOUT ANY WARRANTY; without even the implied warranty of +    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU +    General Public License for more details. + +    You should have received a copy of the GNU General Public License +    along with this program; if not, write to the Free Software +    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA + +    In addition, as a special exception, the copyright holders give +    permission to link the code of this program with any edition of +    the Qt library by Trolltech AS, Norway (or with modified versions +    of Qt that use the same license as Qt), and distribute linked +    combinations including the two.  You must obey the GNU General +    Public License in all respects for all of the code used other than +    Qt.  If you modify this file, you may extend this exception to +    your version of the file, but you are not obligated to do so.  If +    you do not wish to do so, delete this exception statement from +    your version. +*/ + +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + +#include "signarchivejob.h" +#include "signarchivejob_p.h" + +using namespace QGpgME; + +SignArchiveJob::SignArchiveJob(QObject *parent) +    : Job{parent} +{ +} + +SignArchiveJob::~SignArchiveJob() = default; + +void SignArchiveJob::setBaseDirectory(const QString &baseDirectory) +{ +    auto d = jobPrivate<SignArchiveJobPrivate>(this); +    d->m_baseDirectory = baseDirectory; +} + +QString SignArchiveJob::baseDirectory() const +{ +    auto d = jobPrivate<SignArchiveJobPrivate>(this); +    return d->m_baseDirectory; +} + +#include "signarchivejob.moc" diff --git a/lang/qt/src/signarchivejob.h b/lang/qt/src/signarchivejob.h new file mode 100644 index 00000000..6b8cd175 --- /dev/null +++ b/lang/qt/src/signarchivejob.h @@ -0,0 +1,88 @@ +/* +    signarchivejob.h + +    This file is part of qgpgme, the Qt API binding for gpgme +    Copyright (c) 2023 g10 Code GmbH +    Software engineering by Ingo Klöcker <[email protected]> + +    QGpgME is free software; you can redistribute it and/or +    modify it under the terms of the GNU General Public License as +    published by the Free Software Foundation; either version 2 of the +    License, or (at your option) any later version. + +    QGpgME is distributed in the hope that it will be useful, +    but WITHOUT ANY WARRANTY; without even the implied warranty of +    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU +    General Public License for more details. + +    You should have received a copy of the GNU General Public License +    along with this program; if not, write to the Free Software +    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA + +    In addition, as a special exception, the copyright holders give +    permission to link the code of this program with any edition of +    the Qt library by Trolltech AS, Norway (or with modified versions +    of Qt that use the same license as Qt), and distribute linked +    combinations including the two.  You must obey the GNU General +    Public License in all respects for all of the code used other than +    Qt.  If you modify this file, you may extend this exception to +    your version of the file, but you are not obligated to do so.  If +    you do not wish to do so, delete this exception statement from +    your version. +*/ + +#ifndef __QGPGME_SIGNARCHIVEJOB_H__ +#define __QGPGME_SIGNARCHIVEJOB_H__ + +#include "job.h" + +#ifdef BUILDING_QGPGME +# include "context.h" +#else +# include <gpgme++/context.h> +#endif + +namespace GpgME +{ +class Key; +} + +namespace QGpgME +{ + +/** + * Abstract base class for job for creating signed archives + */ +class QGPGME_EXPORT SignArchiveJob : public Job +{ +    Q_OBJECT +protected: +    explicit SignArchiveJob(QObject *parent); +public: +    ~SignArchiveJob() override; + +    void setBaseDirectory(const QString &baseDirectory); +    QString baseDirectory() const; + +    /** +     * Starts the creation of a signed archive. +     * +     * Creates a signed archive with the files and directories in \a paths. +     * The archive is signed with the keys in \a signers or with the default +     * key, if \a signers is empty. The signed archive is written to \a output. +     * +     * Emits result() when the job has finished. +     */ +    virtual GpgME::Error start(const std::vector<GpgME::Key> &signers, +                               const std::vector<QString> &paths, +                               const std::shared_ptr<QIODevice> &output) = 0; + +Q_SIGNALS: +    void result(const GpgME::SigningResult &result, +                const QString &auditLogAsHtml = {}, +                const GpgME::Error &auditLogError = {}); +}; + +} + +#endif // __QGPGME_SIGNARCHIVEJOB_H__ diff --git a/lang/qt/src/signarchivejob_p.h b/lang/qt/src/signarchivejob_p.h new file mode 100644 index 00000000..9176e7b4 --- /dev/null +++ b/lang/qt/src/signarchivejob_p.h @@ -0,0 +1,49 @@ +/* +    signarchivejob_p.h + +    This file is part of qgpgme, the Qt API binding for gpgme +    Copyright (c) 2023 g10 Code GmbH +    Software engineering by Ingo Klöcker <[email protected]> + +    QGpgME is free software; you can redistribute it and/or +    modify it under the terms of the GNU General Public License as +    published by the Free Software Foundation; either version 2 of the +    License, or (at your option) any later version. + +    QGpgME is distributed in the hope that it will be useful, +    but WITHOUT ANY WARRANTY; without even the implied warranty of +    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU +    General Public License for more details. + +    You should have received a copy of the GNU General Public License +    along with this program; if not, write to the Free Software +    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA + +    In addition, as a special exception, the copyright holders give +    permission to link the code of this program with any edition of +    the Qt library by Trolltech AS, Norway (or with modified versions +    of Qt that use the same license as Qt), and distribute linked +    combinations including the two.  You must obey the GNU General +    Public License in all respects for all of the code used other than +    Qt.  If you modify this file, you may extend this exception to +    your version of the file, but you are not obligated to do so.  If +    you do not wish to do so, delete this exception statement from +    your version. +*/ + +#ifndef __QGPGME_SIGNARCHIVEJOB_P_H__ +#define __QGPGME_SIGNARCHIVEJOB_P_H__ + +#include "job_p.h" + +namespace QGpgME +{ + +struct SignArchiveJobPrivate : public JobPrivate +{ +    QString m_baseDirectory; +}; + +} + +#endif // __QGPGME_SIGNARCHIVEJOB_P_H__ diff --git a/lang/qt/tests/Makefile.am b/lang/qt/tests/Makefile.am index 564a9ff7..4e43d986 100644 --- a/lang/qt/tests/Makefile.am +++ b/lang/qt/tests/Makefile.am @@ -86,11 +86,13 @@ t_wkdlookup_SOURCES = t-wkdlookup.cpp $(support_src)  t_import_SOURCES = t-import.cpp $(support_src)  t_revokekey_SOURCES = t-revokekey.cpp $(support_src)  t_setprimaryuserid_SOURCES = t-setprimaryuserid.cpp $(support_src) +run_encryptarchivejob_SOURCES = run-encryptarchivejob.cpp  run_exportjob_SOURCES = run-exportjob.cpp  run_importjob_SOURCES = run-importjob.cpp  run_keyformailboxjob_SOURCES = run-keyformailboxjob.cpp  run_receivekeysjob_SOURCES = run-receivekeysjob.cpp  run_refreshkeysjob_SOURCES = run-refreshkeysjob.cpp +run_signarchivejob_SOURCES = run-signarchivejob.cpp  nodist_t_keylist_SOURCES = $(moc_files) @@ -102,7 +104,10 @@ noinst_PROGRAMS = \  	run-keyformailboxjob t-wkspublish t-verify t-various t-config t-remarks \  	t-trustsignatures t-changeexpiryjob t-wkdlookup t-import t-revokekey \  	t-setprimaryuserid \ -	run-importjob run-exportjob run-receivekeysjob run-refreshkeysjob +	run-encryptarchivejob \ +	run-importjob run-exportjob run-receivekeysjob run-refreshkeysjob \ +	run-signarchivejob +  CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \  	gpg-agent.conf pubring.kbx~ S.gpg-agent gpg.conf pubring.gpg~ \ diff --git a/lang/qt/tests/run-encryptarchivejob.cpp b/lang/qt/tests/run-encryptarchivejob.cpp new file mode 100644 index 00000000..e48af9f8 --- /dev/null +++ b/lang/qt/tests/run-encryptarchivejob.cpp @@ -0,0 +1,158 @@ +/* +    run-encryptarchivejob.cpp + +    This file is part of QGpgME's test suite. +    Copyright (c) 2023 by g10 Code GmbH +    Software engineering by Ingo Klöcker <[email protected]> + +    QGpgME is free software; you can redistribute it and/or +    modify it under the terms of the GNU General Public License, +    version 2, as published by the Free Software Foundation. + +    QGpgME is distributed in the hope that it will be useful, +    but WITHOUT ANY WARRANTY; without even the implied warranty of +    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU +    General Public License for more details. + +    You should have received a copy of the GNU General Public License +    along with this program; if not, write to the Free Software +    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA + +    In addition, as a special exception, the copyright holders give +    permission to link the code of this program with any edition of +    the Qt library by Trolltech AS, Norway (or with modified versions +    of Qt that use the same license as Qt), and distribute linked +    combinations including the two.  You must obey the GNU General +    Public License in all respects for all of the code used other than +    Qt.  If you modify this file, you may extend this exception to +    your version of the file, but you are not obligated to do so.  If +    you do not wish to do so, delete this exception statement from +    your version. +*/ + +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + +#include <protocol.h> +#include <encryptarchivejob.h> + +#include <QCommandLineParser> +#include <QCoreApplication> +#include <QDebug> +#include <QFile> + +#include <context.h> +#include <encryptionresult.h> + +#include <algorithm> +#include <iostream> + +using namespace GpgME; + +std::ostream &operator<<(std::ostream &os, const QString &s) +{ +    return os << s.toLocal8Bit().constData(); +} + +const char *displayName(Protocol protocol) +{ +    switch (protocol) { +    case GpgME::OpenPGP: +        return "OpenPGP"; +    case GpgME::CMS: +        return "S/MIME"; +    default: +        return "Unknown protocol"; +    } +} + +struct CommandLineOptions { +    bool armor; +    QString archiveName; +    QString baseDirectory; +    std::vector<QString> filesAndDirectories; +}; + +CommandLineOptions parseCommandLine(const QStringList &arguments) +{ +    CommandLineOptions options; + +    QCommandLineParser parser; +    parser.setApplicationDescription("Test program for EncryptArchiveJob"); +    parser.addHelpOption(); +    parser.addOptions({ +        {{"o", "output"}, "Write output to FILE.", "FILE"}, +        {{"a", "armor"}, "Create ASCII armored output."}, +        {{"C", "directory"}, "Change to DIRECTORY before creating the archive.", "DIRECTORY"}, +    }); +    parser.addPositionalArgument("files", "Files and directories to add to the archive", "[files] [directories]"); + +    parser.process(arguments); + +    const auto args = parser.positionalArguments(); +    if (args.empty()) { +        parser.showHelp(1); +    } + +    options.armor = parser.isSet("armor"); +    options.archiveName = parser.value("output"); +    options.baseDirectory = parser.value("directory"); +    std::copy(args.begin(), args.end(), std::back_inserter(options.filesAndDirectories)); + +    return options; +} + +std::shared_ptr<QIODevice> createOutput(const QString &fileName) +{ +    std::shared_ptr<QFile> output; + +    if (fileName.isEmpty()) { +        output.reset(new QFile); +        output->open(stdout, QIODevice::WriteOnly); +    } else { +        if (QFile::exists(fileName)) { +            qCritical() << "File" << fileName << "exists. Bailing out."; +        } else { +            output.reset(new QFile{fileName}); +            output->open(QIODevice::WriteOnly); +        } +    } + +    return output; +} + +int main(int argc, char **argv) +{ +    GpgME::initializeLibrary(); + +    QCoreApplication app{argc, argv}; +    app.setApplicationName("run-encryptarchivejob"); + +    const auto options = parseCommandLine(app.arguments()); + +    auto output = createOutput(options.archiveName); +    if (!output) { +        return 1; +    } + +    auto job = QGpgME::openpgp()->encryptArchiveJob(options.armor); +    if (!job) { +        std::cerr << "Error: Could not create job" << std::endl; +        return 1; +    } +    job->setBaseDirectory(options.baseDirectory); +    QObject::connect(job, &QGpgME::EncryptArchiveJob::result, &app, [](const GpgME::EncryptionResult &result, const QString &auditLog, const GpgME::Error &) { +        std::cerr << "Diagnostics: " << auditLog << std::endl; +        std::cerr << "Result: " << result << std::endl; +        qApp->quit(); +    }); + +    const auto err = job->start({}, options.filesAndDirectories, output, GpgME::Context::None); +    if (err) { +        std::cerr << "Error: Starting the job failed: " << err.asString() << std::endl; +        return 1; +    } + +    return app.exec(); +} diff --git a/lang/qt/tests/run-signarchivejob.cpp b/lang/qt/tests/run-signarchivejob.cpp new file mode 100644 index 00000000..c426ba93 --- /dev/null +++ b/lang/qt/tests/run-signarchivejob.cpp @@ -0,0 +1,145 @@ +/* +    run-signarchivejob.cpp + +    This file is part of QGpgME's test suite. +    Copyright (c) 2023 by g10 Code GmbH +    Software engineering by Ingo Klöcker <[email protected]> + +    QGpgME is free software; you can redistribute it and/or +    modify it under the terms of the GNU General Public License, +    version 2, as published by the Free Software Foundation. + +    QGpgME is distributed in the hope that it will be useful, +    but WITHOUT ANY WARRANTY; without even the implied warranty of +    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU +    General Public License for more details. + +    You should have received a copy of the GNU General Public License +    along with this program; if not, write to the Free Software +    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA + +    In addition, as a special exception, the copyright holders give +    permission to link the code of this program with any edition of +    the Qt library by Trolltech AS, Norway (or with modified versions +    of Qt that use the same license as Qt), and distribute linked +    combinations including the two.  You must obey the GNU General +    Public License in all respects for all of the code used other than +    Qt.  If you modify this file, you may extend this exception to +    your version of the file, but you are not obligated to do so.  If +    you do not wish to do so, delete this exception statement from +    your version. +*/ + +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + +#include <protocol.h> +#include <signarchivejob.h> + +#include <QCommandLineParser> +#include <QCoreApplication> +#include <QDebug> +#include <QFile> + +#include <context.h> +#include <signingresult.h> + +#include <iostream> + +using namespace GpgME; + +std::ostream &operator<<(std::ostream &os, const QString &s) +{ +    return os << s.toLocal8Bit().constData(); +} + +struct CommandLineOptions { +    bool armor; +    QString archiveName; +    QString baseDirectory; +    std::vector<QString> filesAndDirectories; +}; + +CommandLineOptions parseCommandLine(const QStringList &arguments) +{ +    CommandLineOptions options; + +    QCommandLineParser parser; +    parser.setApplicationDescription("Test program for SignArchiveJob"); +    parser.addHelpOption(); +    parser.addOptions({ +        {{"o", "output"}, "Write output to FILE.", "FILE"}, +        {{"a", "armor"}, "Create ASCII armored output."}, +        {{"C", "directory"}, "Change to DIRECTORY before creating the archive.", "DIRECTORY"}, +    }); +    parser.addPositionalArgument("files", "Files and directories to add to the archive", "[files] [directories]"); + +    parser.process(arguments); + +    const auto args = parser.positionalArguments(); +    if (args.empty()) { +        parser.showHelp(1); +    } + +    options.armor = parser.isSet("armor"); +    options.archiveName = parser.value("output"); +    options.baseDirectory = parser.value("directory"); +    std::copy(args.begin(), args.end(), std::back_inserter(options.filesAndDirectories)); + +    return options; +} + +std::shared_ptr<QIODevice> createOutput(const QString &fileName) +{ +    std::shared_ptr<QFile> output; + +    if (fileName.isEmpty()) { +        output.reset(new QFile); +        output->open(stdout, QIODevice::WriteOnly); +    } else { +        if (QFile::exists(fileName)) { +            qCritical() << "File" << fileName << "exists. Bailing out."; +        } else { +            output.reset(new QFile{fileName}); +            output->open(QIODevice::WriteOnly); +        } +    } + +    return output; +} + +int main(int argc, char **argv) +{ +    GpgME::initializeLibrary(); + +    QCoreApplication app{argc, argv}; +    app.setApplicationName("run-signarchivejob"); + +    const auto options = parseCommandLine(app.arguments()); + +    auto output = createOutput(options.archiveName); +    if (!output) { +        return 1; +    } + +    auto job = QGpgME::openpgp()->signArchiveJob(options.armor); +    if (!job) { +        std::cerr << "Error: Could not create job" << std::endl; +        return 1; +    } +    job->setBaseDirectory(options.baseDirectory); +    QObject::connect(job, &QGpgME::SignArchiveJob::result, &app, [](const GpgME::SigningResult &result, const QString &auditLog, const GpgME::Error &) { +        std::cerr << "Diagnostics: " << auditLog << std::endl; +        std::cerr << "Result: " << result << std::endl; +        qApp->quit(); +    }); + +    const auto err = job->start({}, options.filesAndDirectories, output); +    if (err) { +        std::cerr << "Error: Starting the job failed: " << err.asString() << std::endl; +        return 1; +    } + +    return app.exec(); +} diff --git a/src/dirinfo.c b/src/dirinfo.c index 8ea15d81..60e536f5 100644 --- a/src/dirinfo.c +++ b/src/dirinfo.c @@ -59,6 +59,7 @@ enum      WANT_DIRMNGR_NAME,      WANT_PINENTRY_NAME,      WANT_GPG_WKS_CLIENT_NAME, +    WANT_GPGTAR_NAME,      WANT_GPG_ONE_MODE    }; @@ -88,6 +89,7 @@ static struct {    char *dirmngr_name;    char *pinentry_name;    char *gpg_wks_client_name; +  char *gpgtar_name;    int  gpg_one_mode;  /* System is in gpg1 mode.  */  } dirinfo; @@ -407,6 +409,14 @@ get_gpgconf_item (int what)                                                          NULL);        result = dirinfo.gpg_wks_client_name;        break; +    case WANT_GPGTAR_NAME: +      if (!dirinfo.gpgtar_name && dirinfo.bindir) +        dirinfo.gpgtar_name = _gpgme_strconcat (dirinfo.bindir, +                                                "/", +                                                "gpgtar", +                                                NULL); +      result = dirinfo.gpgtar_name; +      break;      }    UNLOCK (dirinfo_lock);    return result; @@ -455,6 +465,13 @@ _gpgme_get_default_gpgconf_name (void)    return get_gpgconf_item (WANT_GPGCONF_NAME);  } +/* Return the default gpgtar file name.  Returns NULL if not known.  */ +const char * +_gpgme_get_default_gpgtar_name (void) +{ +  return get_gpgconf_item (WANT_GPGTAR_NAME); +} +  /* Return the default UI-server socket name.  Returns NULL if not     known.  */  const char * @@ -524,6 +541,8 @@ gpgme_get_dirinfo (const char *what)      return get_gpgconf_item (WANT_PINENTRY_NAME);    else if (!strcmp (what, "gpg-wks-client-name"))      return get_gpgconf_item (WANT_GPG_WKS_CLIENT_NAME); +  else if (!strcmp (what, "gpgtar-name")) +    return get_gpgconf_item (WANT_GPGTAR_NAME);    else if (!strcmp (what, "agent-ssh-socket"))      return get_gpgconf_item (WANT_AGENT_SSH_SOCKET);    else if (!strcmp (what, "dirmngr-socket")) diff --git a/src/engine-backend.h b/src/engine-backend.h index 75ed49cd..d430620b 100644 --- a/src/engine-backend.h +++ b/src/engine-backend.h @@ -119,12 +119,12 @@ struct engine_ops                                  gpgme_key_t key,                                  gpgme_tofu_policy_t policy);    gpgme_error_t (*sign) (void *engine, gpgme_data_t in, gpgme_data_t out, -			 gpgme_sig_mode_t mode, int use_armor, +			 gpgme_sig_mode_t flags, int use_armor,  			 int use_textmode, int include_certs,  			 gpgme_ctx_t ctx /* FIXME */); -  gpgme_error_t (*verify) (void *engine, gpgme_data_t sig, -			   gpgme_data_t signed_text, gpgme_data_t plaintext, -                           gpgme_ctx_t ctx); +  gpgme_error_t (*verify) (void *engine, gpgme_verify_flags_t flags, +                           gpgme_data_t sig, gpgme_data_t signed_text, +                           gpgme_data_t plaintext, gpgme_ctx_t ctx);    gpgme_error_t  (*getauditlog) (void *engine, gpgme_data_t output,                                   unsigned int flags);    gpgme_error_t (*setexpire) (void *engine, gpgme_key_t key, diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 9d20f2ba..41f24d1e 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -57,6 +57,7 @@ struct arg_and_data_s    int inbound;     /* True if this is used for reading from gpg.  */    int dup_to;    int print_fd;    /* Print the fd number and not the special form of it.  */ +  int gpg_arg;     /* True if this argument is not known by gpgtar.  */    int *arg_locp;   /* Write back the argv idx of this argument when  		      building command line to this location.  */    char arg[FLEXIBLE_ARRAY_MEMBER];     /* Used if data above is not used.  */ @@ -145,6 +146,7 @@ struct engine_gpg    char *trust_model;    struct { +    unsigned int use_gpgtar : 1;      unsigned int no_symkey_cache : 1;      unsigned int offline : 1;      unsigned int ignore_mdc_error : 1; @@ -222,11 +224,32 @@ close_notify_handler (int fd, void *opaque)      }  } +static void +_append_to_arglist (engine_gpg_t gpg, struct arg_and_data_s *a) +{ +  a->next = NULL; +  *gpg->argtail = a; +  gpg->argtail = &a->next; +} + +static void +_prepend_to_arglist (engine_gpg_t gpg, struct arg_and_data_s *a) +{ +  a->next = gpg->arglist; +  if (!gpg->arglist) +    { +      /* If this is the first argument, we need to update the tail +          pointer.  */ +      gpg->argtail = &a->next; +    } +  gpg->arglist = a; +} +  /* If FRONT is true, push at the front of the list.  Use this for     options added late in the process.  */  static gpgme_error_t  _add_arg (engine_gpg_t gpg, const char *prefix, const char *arg, size_t arglen, -          int front, int *arg_locp) +          int front, int *arg_locp, int gpg_arg)  {    struct arg_and_data_s *a;    size_t prefixlen = prefix? strlen (prefix) : 0; @@ -241,28 +264,16 @@ _add_arg (engine_gpg_t gpg, const char *prefix, const char *arg, size_t arglen,    a->data = NULL;    a->dup_to = -1;    a->arg_locp = arg_locp; +  a->gpg_arg = gpg_arg;    if (prefixlen)      memcpy (a->arg, prefix, prefixlen);    memcpy (a->arg + prefixlen, arg, arglen);    a->arg[prefixlen + arglen] = 0;    if (front) -    { -      a->next = gpg->arglist; -      if (!gpg->arglist) -	{ -	  /* If this is the first argument, we need to update the tail -	     pointer.  */ -	  gpg->argtail = &a->next; -	} -      gpg->arglist = a; -    } +    _prepend_to_arglist (gpg, a);    else -    { -      a->next = NULL; -      *gpg->argtail = a; -      gpg->argtail = &a->next; -    } +    _append_to_arglist (gpg, a);    return 0;  } @@ -271,37 +282,50 @@ _add_arg (engine_gpg_t gpg, const char *prefix, const char *arg, size_t arglen,  static gpgme_error_t  add_arg_ext (engine_gpg_t gpg, const char *arg, int front)  { -  return _add_arg (gpg, NULL, arg, strlen (arg), front, NULL); +  return _add_arg (gpg, NULL, arg, strlen (arg), front, NULL, 0);  }  static gpgme_error_t -add_arg_with_locp (engine_gpg_t gpg, const char *arg, int *locp) +add_arg_with_locp (engine_gpg_t gpg, const char *arg, int *locp, int front)  { -  return _add_arg (gpg, NULL, arg, strlen (arg), 0, locp); +  return _add_arg (gpg, NULL, arg, strlen (arg), front, locp, 0);  }  static gpgme_error_t  add_arg (engine_gpg_t gpg, const char *arg)  { -  return _add_arg (gpg, NULL, arg, strlen (arg), 0, NULL); +  return _add_arg (gpg, NULL, arg, strlen (arg), 0, NULL, 0);  }  static gpgme_error_t  add_arg_pfx (engine_gpg_t gpg, const char *prefix, const char *arg)  { -  return _add_arg (gpg, prefix, arg, strlen (arg), 0, NULL); +  return _add_arg (gpg, prefix, arg, strlen (arg), 0, NULL, 0); +} + +static gpgme_error_t +add_gpg_arg (engine_gpg_t gpg, const char *arg) +{ +  return _add_arg (gpg, NULL, arg, strlen (arg), 0, NULL, 1); +} + +static gpgme_error_t +add_gpg_arg_with_value (engine_gpg_t gpg, const char *arg, const char *value, +                        int front) +{ +  return _add_arg (gpg, arg, value, strlen (value), front, NULL, 1);  }  static gpgme_error_t  add_arg_len (engine_gpg_t gpg, const char *prefix,               const char *arg, size_t arglen)  { -  return _add_arg (gpg, prefix, arg, arglen, 0, NULL); +  return _add_arg (gpg, prefix, arg, arglen, 0, NULL, 0);  }  static gpgme_error_t -add_data (engine_gpg_t gpg, gpgme_data_t data, int dup_to, int inbound) +add_data_ext (engine_gpg_t gpg, gpgme_data_t data, int dup_to, int inbound, int front)  {    struct arg_and_data_s *a; @@ -311,7 +335,6 @@ add_data (engine_gpg_t gpg, gpgme_data_t data, int dup_to, int inbound)    a = malloc (offsetof (struct arg_and_data_s, arg));    if (!a)      return gpg_error_from_syserror (); -  a->next = NULL;    a->data = data;    a->inbound = inbound;    a->arg_locp = NULL; @@ -326,12 +349,22 @@ add_data (engine_gpg_t gpg, gpgme_data_t data, int dup_to, int inbound)        a->print_fd = 0;        a->dup_to = dup_to;      } -  *gpg->argtail = a; -  gpg->argtail = &a->next; + +  if (front) +    _prepend_to_arglist (gpg, a); +  else +    _append_to_arglist (gpg, a); +    return 0;  } +static gpgme_error_t +add_data (engine_gpg_t gpg, gpgme_data_t data, int dup_to, int inbound) +{ +  return add_data_ext (gpg, data, dup_to, inbound, 0); +} +  /* Return true if the engine's version is at least VERSION.  */  static int  have_gpg_version (engine_gpg_t gpg, const char *version) @@ -540,34 +573,18 @@ gpg_new (void **engine, const char *file_name, const char *home_dir,    if (home_dir)      { -      rc = add_arg (gpg, "--homedir"); -      if (!rc) -	rc = add_arg (gpg, home_dir); +      rc = add_gpg_arg_with_value (gpg, "--homedir=", home_dir, 0);        if (rc)  	goto leave;      } -  rc = add_arg (gpg, "--status-fd"); -  if (rc) -    goto leave; - -  { -    char buf[25]; -    _gpgme_io_fd2str (buf, sizeof (buf), gpg->status.fd[1]); -    rc = add_arg_with_locp (gpg, buf, &gpg->status.arg_loc); -    if (rc) -      goto leave; -  } - -  rc = add_arg (gpg, "--no-tty"); -  if (!rc) -    rc = add_arg (gpg, "--charset"); +  rc = add_gpg_arg (gpg, "--no-tty");    if (!rc) -    rc = add_arg (gpg, "utf8"); +    rc = add_gpg_arg (gpg, "--charset=utf8");    if (!rc) -    rc = add_arg (gpg, "--enable-progress-filter"); +    rc = add_gpg_arg (gpg, "--enable-progress-filter");    if (!rc && have_gpg_version (gpg, "2.1.11")) -    rc = add_arg (gpg, "--exit-on-status-write-error"); +    rc = add_gpg_arg (gpg, "--exit-on-status-write-error");    if (rc)      goto leave; @@ -576,9 +593,7 @@ gpg_new (void **engine, const char *file_name, const char *home_dir,      goto leave;    if (dft_display)      { -      rc = add_arg (gpg, "--display"); -      if (!rc) -	rc = add_arg (gpg, dft_display); +      rc = add_gpg_arg_with_value (gpg, "--display=", dft_display, 0);        free (dft_display);        if (rc) @@ -605,11 +620,7 @@ gpg_new (void **engine, const char *file_name, const char *home_dir,        if (!err)  	{            if (*dft_ttyname) -            { -              rc = add_arg (gpg, "--ttyname"); -              if (!rc) -                rc = add_arg (gpg, dft_ttyname); -            } +            rc = add_gpg_arg_with_value (gpg, "--ttyname=", dft_ttyname, 0);            else              rc = 0;            if (!rc) @@ -619,11 +630,7 @@ gpg_new (void **engine, const char *file_name, const char *home_dir,  		goto leave;                if (dft_ttytype) -                { -                  rc = add_arg (gpg, "--ttytype"); -                  if (!rc) -                    rc = add_arg (gpg, dft_ttytype); -                } +                rc = add_gpg_arg_with_value (gpg, "--ttytype=", dft_ttytype, 0);  	      free (dft_ttytype);  	    } @@ -632,16 +639,6 @@ gpg_new (void **engine, const char *file_name, const char *home_dir,  	}      } -  rc = gpgme_data_new (&gpg->diagnostics); -  if (rc) -    goto leave; - -  rc = add_arg (gpg, "--logger-fd"); -  if (rc) -    goto leave; - -  rc = add_data (gpg, gpg->diagnostics, -2, 1); -   leave:    if (rc)      gpg_release (gpg); @@ -871,9 +868,9 @@ build_argv (engine_gpg_t gpg, const char *pgmname)  {    gpgme_error_t err;    struct arg_and_data_s *a; -  struct fd_data_map_s *fd_data_map; +  struct fd_data_map_s *fd_data_map = NULL;    size_t datac=0, argc=0, allocated_argc=0; -  char **argv; +  char **argv = NULL;    int need_special = 0;    int use_agent = 0;    char *p; @@ -907,7 +904,7 @@ build_argv (engine_gpg_t gpg, const char *pgmname)    argc++;	/* For argv[0].  */    for (a = gpg->arglist; a; a = a->next)      { -      argc++; +      argc += 1 + (gpg->flags.use_gpgtar && a->gpg_arg);        if (a->data)  	{  	  /*fprintf (stderr, "build_argv: data\n" );*/ @@ -926,26 +923,24 @@ build_argv (engine_gpg_t gpg, const char *pgmname)    if (use_agent)      argc++;    if (*gpg->request_origin) -    argc++; +    argc += 1 + !!gpg->flags.use_gpgtar;    if (gpg->auto_key_locate) -    argc++; +    argc += 1 + !!gpg->flags.use_gpgtar;    if (gpg->trust_model) -    argc++; +    argc += 1 + !!gpg->flags.use_gpgtar;    if (gpg->flags.no_symkey_cache) -    argc++; +    argc += 1 + !!gpg->flags.use_gpgtar;    if (gpg->flags.ignore_mdc_error) -    argc++; +    argc += 1 + !!gpg->flags.use_gpgtar;    if (gpg->flags.offline) -    argc++; +    argc += 1 + !!gpg->flags.use_gpgtar;    if (gpg->flags.no_auto_check_trustdb) -    argc++; +    argc += 1 + !!gpg->flags.use_gpgtar;    if (gpg->pinentry_mode) -    argc++; +    argc += 1 + !!gpg->flags.use_gpgtar;    if (!gpg->cmd.used)      argc++; /* --batch */ -  argc++;   /* --no-sk-comments */ -    argv = calloc (argc + 1, sizeof *argv);    allocated_argc = argc; @@ -954,19 +949,18 @@ build_argv (engine_gpg_t gpg, const char *pgmname)    fd_data_map = calloc (datac + 1, sizeof *fd_data_map);    if (!fd_data_map)      { -      int saved_err = gpg_error_from_syserror (); -      free_argv (argv); -      return saved_err; +      err = gpg_error_from_syserror (); +      if (err) +        goto leave;      }    argc = datac = 0;    argv[argc] = strdup (_gpgme_get_basename (pgmname)); /* argv[0] */    if (!argv[argc])      { -      int saved_err = gpg_error_from_syserror (); -      free (fd_data_map); -      free_argv (argv); -      return saved_err; +      err = gpg_error_from_syserror (); +      if (err) +        goto leave;      }    argc++;    if (need_special) @@ -974,10 +968,9 @@ build_argv (engine_gpg_t gpg, const char *pgmname)        argv[argc] = strdup ("--enable-special-filenames");        if (!argv[argc])  	{ -          int saved_err = gpg_error_from_syserror (); -	  free (fd_data_map); -	  free_argv (argv); -	  return saved_err; +          err = gpg_error_from_syserror (); +	  if (err) +            goto leave;          }        argc++;      } @@ -986,10 +979,9 @@ build_argv (engine_gpg_t gpg, const char *pgmname)        argv[argc] = strdup ("--use-agent");        if (!argv[argc])  	{ -          int saved_err = gpg_error_from_syserror (); -	  free (fd_data_map); -	  free_argv (argv); -	  return saved_err; +          err = gpg_error_from_syserror (); +	  if (err) +            goto leave;          }        argc++;      } @@ -998,92 +990,162 @@ build_argv (engine_gpg_t gpg, const char *pgmname)    if (*gpg->request_origin)      { +      if (gpg->flags.use_gpgtar) +        { +          argv[argc] = strdup ("--gpg-args"); +          if (!argv[argc]) +            { +              err = gpg_error_from_syserror (); +              if (err) +                goto leave; +            } +          argc++; +        }        argv[argc] = _gpgme_strconcat ("--request-origin=",                                       gpg->request_origin, NULL);        if (!argv[argc])  	{ -          int saved_err = gpg_error_from_syserror (); -	  free (fd_data_map); -	  free_argv (argv); -	  return saved_err; +          err = gpg_error_from_syserror (); +	  if (err) +            goto leave;          }        argc++;      }    if (gpg->auto_key_locate)      { +      if (gpg->flags.use_gpgtar) +        { +          argv[argc] = strdup ("--gpg-args"); +          if (!argv[argc]) +            { +              err = gpg_error_from_syserror (); +              if (err) +                goto leave; +            } +          argc++; +        }        argv[argc] = strdup (gpg->auto_key_locate);        if (!argv[argc])          { -          int saved_err = gpg_error_from_syserror (); -          free (fd_data_map); -          free_argv (argv); -          return saved_err; +          err = gpg_error_from_syserror (); +          if (err) +            goto leave;          }        argc++;      }    if (gpg->trust_model)      { +      if (gpg->flags.use_gpgtar) +        { +          argv[argc] = strdup ("--gpg-args"); +          if (!argv[argc]) +            { +              err = gpg_error_from_syserror (); +              if (err) +                goto leave; +            } +          argc++; +        }        argv[argc] = strdup (gpg->trust_model);        if (!argv[argc])          { -          int saved_err = gpg_error_from_syserror (); -          free (fd_data_map); -          free_argv (argv); -          return saved_err; +          err = gpg_error_from_syserror (); +          if (err) +            goto leave;          }        argc++;      }    if (gpg->flags.no_symkey_cache)      { +      if (gpg->flags.use_gpgtar) +        { +          argv[argc] = strdup ("--gpg-args"); +          if (!argv[argc]) +            { +              err = gpg_error_from_syserror (); +              if (err) +                goto leave; +            } +          argc++; +        }        argv[argc] = strdup ("--no-symkey-cache");        if (!argv[argc])  	{ -          int saved_err = gpg_error_from_syserror (); -	  free (fd_data_map); -	  free_argv (argv); -	  return saved_err; +          err = gpg_error_from_syserror (); +	  if (err) +            goto leave;          }        argc++;      }    if (gpg->flags.ignore_mdc_error)      { +      if (gpg->flags.use_gpgtar) +        { +          argv[argc] = strdup ("--gpg-args"); +          if (!argv[argc]) +            { +              err = gpg_error_from_syserror (); +              if (err) +                goto leave; +            } +          argc++; +        }        argv[argc] = strdup ("--ignore-mdc-error");        if (!argv[argc])  	{ -          int saved_err = gpg_error_from_syserror (); -	  free (fd_data_map); -	  free_argv (argv); -	  return saved_err; +          err = gpg_error_from_syserror (); +	  if (err) +            goto leave;          }        argc++;      }    if (gpg->flags.offline)      { +      if (gpg->flags.use_gpgtar) +        { +          argv[argc] = strdup ("--gpg-args"); +          if (!argv[argc]) +            { +              err = gpg_error_from_syserror (); +              if (err) +                goto leave; +            } +          argc++; +        }        argv[argc] = strdup ("--disable-dirmngr");        if (!argv[argc])  	{ -          int saved_err = gpg_error_from_syserror (); -	  free (fd_data_map); -	  free_argv (argv); -	  return saved_err; +          err = gpg_error_from_syserror (); +	  if (err) +            goto leave;          }        argc++;      }    if (gpg->flags.no_auto_check_trustdb)      { +      if (gpg->flags.use_gpgtar) +        { +          argv[argc] = strdup ("--gpg-args"); +          if (!argv[argc]) +            { +              err = gpg_error_from_syserror (); +              if (err) +                goto leave; +            } +          argc++; +        }        argv[argc] = strdup ("--no-auto-check-trustdb");        if (!argv[argc])  	{ -          int saved_err = gpg_error_from_syserror (); -	  free (fd_data_map); -	  free_argv (argv); -	  return saved_err; +          err = gpg_error_from_syserror (); +	  if (err) +            goto leave;          }        argc++;      } @@ -1101,13 +1163,23 @@ build_argv (engine_gpg_t gpg, const char *pgmname)          }        if (s)          { +          if (gpg->flags.use_gpgtar) +            { +              argv[argc] = strdup ("--gpg-args"); +              if (!argv[argc]) +                { +                  err = gpg_error_from_syserror (); +                  if (err) +                    goto leave; +                } +              argc++; +            }            argv[argc] = strdup (s);            if (!argv[argc])              { -              int saved_err = gpg_error_from_syserror (); -              free (fd_data_map); -              free_argv (argv); -              return saved_err; +              err = gpg_error_from_syserror (); +              if (err) +                goto leave;              }            argc++;          } @@ -1118,22 +1190,12 @@ build_argv (engine_gpg_t gpg, const char *pgmname)        argv[argc] = strdup ("--batch");        if (!argv[argc])  	{ -          int saved_err = gpg_error_from_syserror (); -	  free (fd_data_map); -	  free_argv (argv); -	  return saved_err; +          err = gpg_error_from_syserror (); +	  if (err) +            goto leave;          }        argc++;      } -  argv[argc] = strdup ("--no-sk-comments"); -  if (!argv[argc]) -    { -      int saved_err = gpg_error_from_syserror (); -      free (fd_data_map); -      free_argv (argv); -      return saved_err; -    } -  argc++;    for (a = gpg->arglist; a; a = a->next)      {        if (a->arg_locp) @@ -1151,10 +1213,9 @@ build_argv (engine_gpg_t gpg, const char *pgmname)  	    if (_gpgme_io_pipe (fds, fd_data_map[datac].inbound ? 1 : 0)  		== -1)  	      { -		int saved_err = gpg_error_from_syserror (); -		free (fd_data_map); -		free_argv (argv); -		return saved_err; +		err = gpg_error_from_syserror (); +		if (err) +                  goto leave;  	      }  	    if (_gpgme_io_set_close_notify (fds[0],  					    close_notify_handler, gpg) @@ -1202,10 +1263,9 @@ build_argv (engine_gpg_t gpg, const char *pgmname)  	      argv[argc] = malloc (buflen);  	      if (!argv[argc])  		{ -                  int saved_err = gpg_error_from_syserror (); -		  free (fd_data_map); -		  free_argv (argv); -		  return saved_err; +                  err = gpg_error_from_syserror (); +		  if (err) +                    goto leave;                  }  	      ptr = argv[argc]; @@ -1224,13 +1284,23 @@ build_argv (engine_gpg_t gpg, const char *pgmname)          }        else  	{ +          if (gpg->flags.use_gpgtar && a->gpg_arg) +            { +              argv[argc] = strdup ("--gpg-args"); +              if (!argv[argc]) +                { +                  err = gpg_error_from_syserror (); +                  if (err) +                    goto leave; +                } +              argc++; +            }  	  argv[argc] = strdup (a->arg);  	  if (!argv[argc])  	    { -              int saved_err = gpg_error_from_syserror (); -	      free (fd_data_map); -	      free_argv (argv); -	      return saved_err; +              err = gpg_error_from_syserror (); +	      if (err) +                goto leave;              }              argc++;          } @@ -1241,9 +1311,18 @@ build_argv (engine_gpg_t gpg, const char *pgmname)       allocated array like ccparray in gnupg. */    assert (argc <= allocated_argc); -  gpg->argv = argv; -  gpg->fd_data_map = fd_data_map; -  return 0; +leave: +  if (err) +    { +      free (fd_data_map); +      free_argv (argv); +    } +  else +    { +      gpg->argv = argv; +      gpg->fd_data_map = fd_data_map; +    } +  return err;  } @@ -1561,28 +1640,65 @@ start (engine_gpg_t gpg)    if (!gpg)      return gpg_error (GPG_ERR_INV_VALUE); -  if (!gpg->file_name && !_gpgme_get_default_gpg_name ()) +  if (!gpg->flags.use_gpgtar) +    pgmname = gpg->file_name ? gpg->file_name : _gpgme_get_default_gpg_name (); +  else +    pgmname = _gpgme_get_default_gpgtar_name (); +  if (!pgmname)      return trace_gpg_error (GPG_ERR_INV_ENGINE); +  rc = gpgme_data_new (&gpg->diagnostics); +  if (rc) +    return rc; + +  if (gpg->flags.use_gpgtar) +    { +      /* Read the diagnostics output from gpgtar's stderr. */ +      rc = add_data (gpg, gpg->diagnostics, 2, 1); +      if (rc) +        return rc; +    } +  else +    { +      rc = add_data_ext (gpg, gpg->diagnostics, -2, 1, 1); +      if (rc) +        return rc; + +      rc = add_arg_ext (gpg, "--logger-fd", 1); +      if (rc) +        return rc; +    } + +  if (!gpg->flags.use_gpgtar || have_gpg_version (gpg, "2.4.1")) +    { +      /* Do not pass --status-fd to gpgtar for gpg < 2.4.1. */ +      { +        char buf[25]; +        _gpgme_io_fd2str (buf, sizeof (buf), gpg->status.fd[1]); +        rc = add_arg_with_locp (gpg, buf, &gpg->status.arg_loc, 1); +        if (rc) +          return rc; +      } + +      rc = add_arg_ext (gpg, "--status-fd", 1); +      if (rc) +        return rc; +    } +    if (gpg->lc_ctype)      { -      rc = add_arg_ext (gpg, gpg->lc_ctype, 1); -      if (!rc) -	rc = add_arg_ext (gpg, "--lc-ctype", 1); +      rc = add_gpg_arg_with_value (gpg, "--lc-ctype=", gpg->lc_ctype, 1);        if (rc)  	return rc;      }    if (gpg->lc_messages)      { -      rc = add_arg_ext (gpg, gpg->lc_messages, 1); -      if (!rc) -	rc = add_arg_ext (gpg, "--lc-messages", 1); +      rc = add_gpg_arg_with_value (gpg, "--lc-messages=", gpg->lc_messages, 1);        if (rc)  	return rc;      } -  pgmname = gpg->file_name ? gpg->file_name : _gpgme_get_default_gpg_name ();    rc = build_argv (gpg, pgmname);    if (rc)      return rc; @@ -1714,6 +1830,14 @@ gpg_decrypt (void *engine,    engine_gpg_t gpg = engine;    gpgme_error_t err; +  gpg->flags.use_gpgtar = !!(flags & GPGME_DECRYPT_ARCHIVE); + +  if (gpg->flags.use_gpgtar && !have_gpg_version (gpg, "2.4.1")) +    return gpg_error (GPG_ERR_NOT_SUPPORTED); + +  if (gpg->flags.use_gpgtar && (flags & GPGME_DECRYPT_UNWRAP)) +    return gpg_error (GPG_ERR_INV_VALUE); +    err = add_arg (gpg, "--decrypt");    if (!err && (flags & GPGME_DECRYPT_UNWRAP)) @@ -1725,17 +1849,17 @@ gpg_decrypt (void *engine,      }    if (!err && export_session_key) -    err = add_arg (gpg, "--show-session-key"); +    err = add_gpg_arg (gpg, "--show-session-key");    if (!err && auto_key_retrieve) -    err = add_arg (gpg, "--auto-key-retrieve"); +    err = add_gpg_arg (gpg, "--auto-key-retrieve");    if (!err && gpg->flags.auto_key_import) -    err = add_arg (gpg, "--auto-key-import"); +    err = add_gpg_arg (gpg, "--auto-key-import");    if (!err && override_session_key && *override_session_key)      { -      if (have_gpg_version (gpg, "2.1.16")) +      if (have_gpg_version (gpg, "2.1.16") && !gpg->flags.use_gpgtar)          {            gpgme_data_release (gpg->override_session_key);            TRACE (DEBUG_ENGINE, "override", gpg, "seskey='%s' len=%zu\n", @@ -1765,25 +1889,43 @@ gpg_decrypt (void *engine,        else          {            /* Using that option may leak the session key via ps(1).  */ -          err = add_arg (gpg, "--override-session-key"); -          if (!err) -            err = add_arg (gpg, override_session_key); +          err = add_gpg_arg_with_value (gpg, "--override-session-key=", +                                        override_session_key, 0);          }      }    /* Tell the gpg object about the data.  */ -  if (!err) -    err = add_arg (gpg, "--output"); -  if (!err) -    err = add_arg (gpg, "-"); -  if (!err) -    err = add_data (gpg, plain, 1, 1); -  if (!err) -    err = add_input_size_hint (gpg, ciph); -  if (!err) -    err = add_arg (gpg, "--"); -  if (!err) -    err = add_data (gpg, ciph, -1, 0); +  if (gpg->flags.use_gpgtar) +    { +      const char *file_name = gpgme_data_get_file_name (plain); +      if (!err && file_name) +        { +          err = add_arg (gpg, "--directory"); +          if (!err) +            err = add_arg (gpg, file_name); +        } +      if (!err) +        err = add_input_size_hint (gpg, ciph); +      if (!err) +        err = add_arg (gpg, "--"); +      if (!err) +        err = add_data (gpg, ciph, 0, 0); +    } +  else +    { +      if (!err) +        err = add_arg (gpg, "--output"); +      if (!err) +        err = add_arg (gpg, "-"); +      if (!err) +        err = add_data (gpg, plain, 1, 1); +      if (!err) +        err = add_input_size_hint (gpg, ciph); +      if (!err) +        err = add_arg (gpg, "--"); +      if (!err) +        err = add_data (gpg, ciph, -1, 0); +    }    if (!err)      err = start (gpg); @@ -1867,16 +2009,11 @@ append_args_from_signers (engine_gpg_t gpg, gpgme_ctx_t ctx /* FIXME */)  static gpgme_error_t  append_args_from_sender (engine_gpg_t gpg, gpgme_ctx_t ctx)  { -  gpgme_error_t err; +  gpgme_error_t err = 0;    if (ctx->sender && have_gpg_version (gpg, "2.1.15")) -    { -      err = add_arg (gpg, "--sender"); -      if (!err) -        err = add_arg (gpg, ctx->sender); -    } -  else -    err = 0; +    err = add_gpg_arg_with_value (gpg, "--sender=", ctx->sender, 0); +    return err;  } @@ -1930,14 +2067,12 @@ append_args_from_sig_notations (engine_gpg_t gpg, gpgme_ctx_t ctx /* FIXME */,  	  if (!err)              {                if ((flags & NOTATION_FLAG_SET)) -                err = add_arg (gpg, "--set-notation"); +                err = add_gpg_arg_with_value (gpg, "--set-notation=", arg, 0);                else if ((flags & NOTATION_FLAG_CERT)) -                err = add_arg (gpg, "--cert-notation"); +                err = add_gpg_arg_with_value (gpg, "--cert-notation=", arg, 0);                else -                err = add_arg (gpg, "--sig-notation"); +                err = add_gpg_arg_with_value (gpg, "--sig-notation=", arg, 0);              } -	  if (!err) -	    err = add_arg (gpg, arg);  	  if (arg)  	    free (arg); @@ -1964,9 +2099,7 @@ append_args_from_sig_notations (engine_gpg_t gpg, gpgme_ctx_t ctx /* FIXME */,  	    value = notation->value;  	  if (!err) -	    err = add_arg (gpg, "--sig-policy-url"); -	  if (!err) -	    err = add_arg (gpg, value); +	    err = add_gpg_arg_with_value (gpg, "--sig-policy-url=", value, 0);  	  if (value != notation->value)  	    free (value); @@ -2199,6 +2332,14 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,    engine_gpg_t gpg = engine;    gpgme_error_t err = 0; +  gpg->flags.use_gpgtar = !!(flags & GPGME_ENCRYPT_ARCHIVE); + +  if (gpg->flags.use_gpgtar && !have_gpg_version (gpg, "2.4.1")) +    return gpg_error (GPG_ERR_NOT_SUPPORTED); + +  if (gpg->flags.use_gpgtar && (flags & GPGME_ENCRYPT_WRAP)) +    return gpg_error (GPG_ERR_INV_VALUE); +    if (recp || recpstring)      err = add_arg (gpg, "--encrypt"); @@ -2206,7 +2347,7 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,      err = add_arg (gpg, "--symmetric");    if (!err && use_armor) -    err = add_arg (gpg, "--armor"); +    err = add_gpg_arg (gpg, "--armor");    if (!err && (flags & GPGME_ENCRYPT_WRAP))      { @@ -2216,31 +2357,31 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,         * the encryption would add an additional compression layer.         * We better suppress that.  */        flags |= GPGME_ENCRYPT_NO_COMPRESS; -      err = add_arg (gpg, "--no-literal"); +      err = add_gpg_arg (gpg, "--no-literal");      }    if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS)) -    err = add_arg (gpg, "--compress-algo=none"); +    err = add_gpg_arg (gpg, "--compress-algo=none");    if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS)) -    err = add_arg (gpg, "--throw-keyids"); +    err = add_gpg_arg (gpg, "--throw-keyids");    if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME        && have_gpg_version (gpg, "2.1.14")) -    err = add_arg (gpg, "--mimemode"); +    err = add_gpg_arg (gpg, "--mimemode");    if (!err && gpg->flags.include_key_block) -    err = add_arg (gpg, "--include-key-block"); +    err = add_gpg_arg (gpg, "--include-key-block");    if (recp || recpstring)      {        /* If we know that all recipients are valid (full or ultimate trust)  	 we can suppress further checks.  */        if (!err && (flags & GPGME_ENCRYPT_ALWAYS_TRUST)) -	err = add_arg (gpg, "--always-trust"); +	err = add_gpg_arg (gpg, "--always-trust");        if (!err && (flags & GPGME_ENCRYPT_NO_ENCRYPT_TO)) -	err = add_arg (gpg, "--no-encrypt-to"); +	err = add_gpg_arg (gpg, "--no-encrypt-to");        if (!err && !recp && recpstring)  	err = append_args_from_recipients_string (gpg, flags, recpstring); @@ -2255,19 +2396,39 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,      err = add_arg (gpg, "-");    if (!err)      err = add_data (gpg, ciph, 1, 1); -  if (gpgme_data_get_file_name (plain)) +  if (gpg->flags.use_gpgtar)      { +      const char *file_name = gpgme_data_get_file_name (plain); +      if (!err && file_name) +        { +          err = add_arg (gpg, "--directory"); +          if (!err) +            err = add_arg (gpg, file_name); +        } +      if (!err) +	err = add_arg (gpg, "--files-from"); +      if (!err) +	err = add_arg (gpg, "-"); +      if (!err) +	err = add_arg (gpg, "--null");        if (!err) -	err = add_arg (gpg, "--set-filename"); +	err = add_arg (gpg, "--utf8-strings"); +      /* Pass the filenames to gpgtar's stdin. */        if (!err) -	err = add_arg (gpg, gpgme_data_get_file_name (plain)); +        err = add_data (gpg, plain, 0, 0); +    } +  else +    { +      const char *file_name = gpgme_data_get_file_name (plain); +      if (!err && file_name) +	err = add_gpg_arg_with_value (gpg, "--set-filename=", file_name, 0); +      if (!err) +        err = add_input_size_hint (gpg, plain); +      if (!err) +        err = add_arg (gpg, "--"); +      if (!err) +        err = add_data (gpg, plain, -1, 0);      } -  if (!err) -    err = add_input_size_hint (gpg, plain); -  if (!err) -    err = add_arg (gpg, "--"); -  if (!err) -    err = add_data (gpg, plain, -1, 0);    if (!err)      err = start (gpg); @@ -2286,6 +2447,11 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],    engine_gpg_t gpg = engine;    gpgme_error_t err = 0; +  gpg->flags.use_gpgtar = !!(flags & GPGME_ENCRYPT_ARCHIVE); + +  if (gpg->flags.use_gpgtar && !have_gpg_version (gpg, "2.4.1")) +    return gpg_error (GPG_ERR_NOT_SUPPORTED); +    if (recp || recpstring)      err = add_arg (gpg, "--encrypt"); @@ -2295,30 +2461,30 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],    if (!err)      err = add_arg (gpg, "--sign");    if (!err && use_armor) -    err = add_arg (gpg, "--armor"); +    err = add_gpg_arg (gpg, "--armor");    if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS)) -    err = add_arg (gpg, "--compress-algo=none"); +    err = add_gpg_arg (gpg, "--compress-algo=none");    if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS)) -    err = add_arg (gpg, "--throw-keyids"); +    err = add_gpg_arg (gpg, "--throw-keyids");    if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME        && have_gpg_version (gpg, "2.1.14")) -    err = add_arg (gpg, "--mimemode"); +    err = add_gpg_arg (gpg, "--mimemode");    if (!err && gpg->flags.include_key_block) -    err = add_arg (gpg, "--include-key-block"); +    err = add_gpg_arg (gpg, "--include-key-block");    if (recp || recpstring)      {        /* If we know that all recipients are valid (full or ultimate trust)  	 we can suppress further checks.  */        if (!err && (flags & GPGME_ENCRYPT_ALWAYS_TRUST)) -	err = add_arg (gpg, "--always-trust"); +	err = add_gpg_arg (gpg, "--always-trust");        if (!err && (flags & GPGME_ENCRYPT_NO_ENCRYPT_TO)) -	err = add_arg (gpg, "--no-encrypt-to"); +	err = add_gpg_arg (gpg, "--no-encrypt-to");        if (!err && !recp && recpstring)  	err = append_args_from_recipients_string (gpg, flags, recpstring); @@ -2342,19 +2508,39 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],      err = add_arg (gpg, "-");    if (!err)      err = add_data (gpg, ciph, 1, 1); -  if (gpgme_data_get_file_name (plain)) +  if (gpg->flags.use_gpgtar)      { +      const char *file_name = gpgme_data_get_file_name (plain); +      if (!err && file_name) +        { +          err = add_arg (gpg, "--directory"); +          if (!err) +            err = add_arg (gpg, file_name); +        }        if (!err) -	err = add_arg (gpg, "--set-filename"); +	err = add_arg (gpg, "--files-from");        if (!err) -	err = add_arg (gpg, gpgme_data_get_file_name (plain)); +	err = add_arg (gpg, "-"); +      if (!err) +	err = add_arg (gpg, "--null"); +      if (!err) +	err = add_arg (gpg, "--utf8-strings"); +      /* Pass the filenames to gpgtar's stdin. */ +      if (!err) +        err = add_data (gpg, plain, 0, 0); +    } +  else +    { +      const char *file_name = gpgme_data_get_file_name (plain); +      if (!err && file_name) +	err = add_gpg_arg_with_value (gpg, "--set-filename=", file_name, 0); +      if (!err) +        err = add_input_size_hint (gpg, plain); +      if (!err) +        err = add_arg (gpg, "--"); +      if (!err) +        err = add_data (gpg, plain, -1, 0);      } -  if (!err) -    err = add_input_size_hint (gpg, plain); -  if (!err) -    err = add_arg (gpg, "--"); -  if (!err) -    err = add_data (gpg, plain, -1, 0);    if (!err)      err = start (gpg); @@ -3394,7 +3580,7 @@ gpg_tofu_policy (void *engine, gpgme_key_t key, gpgme_tofu_policy_t policy)  static gpgme_error_t  gpg_sign (void *engine, gpgme_data_t in, gpgme_data_t out, -	  gpgme_sig_mode_t mode, int use_armor, int use_textmode, +	  gpgme_sig_mode_t flags, int use_armor, int use_textmode,  	  int include_certs, gpgme_ctx_t ctx /* FIXME */)  {    engine_gpg_t gpg = engine; @@ -3402,27 +3588,36 @@ gpg_sign (void *engine, gpgme_data_t in, gpgme_data_t out,    (void)include_certs; -  if (mode == GPGME_SIG_MODE_CLEAR) +  if ((flags != GPGME_SIG_MODE_NORMAL) && (flags != GPGME_SIG_MODE_DETACH) +      && (flags != GPGME_SIG_MODE_CLEAR) && (flags != GPGME_SIG_MODE_ARCHIVE)) +    return gpg_error (GPG_ERR_INV_VALUE); + +  gpg->flags.use_gpgtar = !!(flags & GPGME_SIG_MODE_ARCHIVE); + +  if (gpg->flags.use_gpgtar && !have_gpg_version (gpg, "2.4.1")) +    return gpg_error (GPG_ERR_NOT_SUPPORTED); + +  if (flags & GPGME_SIG_MODE_CLEAR)      err = add_arg (gpg, "--clearsign");    else      {        err = add_arg (gpg, "--sign"); -      if (!err && mode == GPGME_SIG_MODE_DETACH) +      if (!err && (flags & GPGME_SIG_MODE_DETACH))  	err = add_arg (gpg, "--detach");        if (!err && use_armor) -	err = add_arg (gpg, "--armor"); +	err = add_gpg_arg (gpg, "--armor");        if (!err)          {            if (gpgme_data_get_encoding (in) == GPGME_DATA_ENCODING_MIME                && have_gpg_version (gpg, "2.1.14")) -            err = add_arg (gpg, "--mimemode"); +            err = add_gpg_arg (gpg, "--mimemode");            else if (use_textmode) -            err = add_arg (gpg, "--textmode"); +            err = add_gpg_arg (gpg, "--textmode");          }      }    if (!err && gpg->flags.include_key_block) -    err = add_arg (gpg, "--include-key-block"); +    err = add_gpg_arg (gpg, "--include-key-block");    if (!err)      err = append_args_from_signers (gpg, ctx);    if (!err) @@ -3430,21 +3625,41 @@ gpg_sign (void *engine, gpgme_data_t in, gpgme_data_t out,    if (!err)      err = append_args_from_sig_notations (gpg, ctx, NOTATION_FLAG_SIG); -  if (gpgme_data_get_file_name (in)) +  /* Tell the gpg object about the data.  */ +  if (gpg->flags.use_gpgtar)      { +      const char *file_name = gpgme_data_get_file_name (in); +      if (!err && file_name) +        { +          err = add_arg (gpg, "--directory"); +          if (!err) +            err = add_arg (gpg, file_name); +        }        if (!err) -	err = add_arg (gpg, "--set-filename"); +	err = add_arg (gpg, "--files-from");        if (!err) -	err = add_arg (gpg, gpgme_data_get_file_name (in)); +	err = add_arg (gpg, "-"); +      if (!err) +	err = add_arg (gpg, "--null"); +      if (!err) +	err = add_arg (gpg, "--utf8-strings"); +      /* Pass the filenames to gpgtar's stdin. */ +      if (!err) +        err = add_data (gpg, in, 0, 0); +    } +  else +    { +      const char *file_name = gpgme_data_get_file_name (in); +      if (!err && file_name) +	err = add_gpg_arg_with_value (gpg, "--set-filename=", file_name, 0); +      if (!err) +        err = add_input_size_hint (gpg, in); +      if (!err) +        err = add_arg (gpg, "--"); +      if (!err) +        err = add_data (gpg, in, -1, 0);      } -  /* Tell the gpg object about the data.  */ -  if (!err) -    err = add_input_size_hint (gpg, in); -  if (!err) -    err = add_arg (gpg, "--"); -  if (!err) -    err = add_data (gpg, in, -1, 0);    if (!err)      err = add_data (gpg, out, 1, 1); @@ -3455,20 +3670,43 @@ gpg_sign (void *engine, gpgme_data_t in, gpgme_data_t out,  }  static gpgme_error_t -gpg_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text, -	    gpgme_data_t plaintext, gpgme_ctx_t ctx) +gpg_verify (void *engine, gpgme_verify_flags_t flags, gpgme_data_t sig, +            gpgme_data_t signed_text, gpgme_data_t plaintext, gpgme_ctx_t ctx)  {    engine_gpg_t gpg = engine;    gpgme_error_t err; +  gpg->flags.use_gpgtar = !!(flags & GPGME_VERIFY_ARCHIVE); + +  if (gpg->flags.use_gpgtar && !have_gpg_version (gpg, "2.4.1")) +    return gpg_error (GPG_ERR_NOT_SUPPORTED); +    err = append_args_from_sender (gpg, ctx);    if (!err && gpg->flags.auto_key_import) -    err = add_arg (gpg, "--auto-key-import"); +    err = add_gpg_arg (gpg, "--auto-key-import");    if (!err && ctx->auto_key_retrieve) -    err = add_arg (gpg, "--auto-key-retrieve"); +    err = add_gpg_arg (gpg, "--auto-key-retrieve");    if (err)      ; +  else if (gpg->flags.use_gpgtar) +    { +      const char *file_name = gpgme_data_get_file_name (plaintext); +      if (!err && file_name) +        { +          err = add_arg (gpg, "--directory"); +          if (!err) +            err = add_arg (gpg, file_name); +        } +      /* gpgtar uses --decrypt also for signed-only archives */ +      err = add_arg (gpg, "--decrypt"); +      if (!err) +        err = add_input_size_hint (gpg, sig); +      if (!err) +        err = add_arg (gpg, "--"); +      if (!err) +        err = add_data (gpg, sig, 0, 0); +    }    else if (plaintext)      {        /* Normal or cleartext signature.  */ diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 9ab05551..7ac4f2db 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -1469,6 +1469,9 @@ gpgsm_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,    if (!recp && !recpstring) /* Symmetric only */      return gpg_error (GPG_ERR_NOT_IMPLEMENTED); +  if (flags & GPGME_ENCRYPT_ARCHIVE) +    return gpg_error (GPG_ERR_NOT_IMPLEMENTED); +    if ((flags & GPGME_ENCRYPT_NO_ENCRYPT_TO))      {        err = gpgsm_assuan_simple_command (gpgsm, @@ -2040,7 +2043,7 @@ gpgsm_keylist_ext (void *engine, const char *pattern[], int secret_only,  static gpgme_error_t  gpgsm_sign (void *engine, gpgme_data_t in, gpgme_data_t out, -	    gpgme_sig_mode_t mode, int use_armor, int use_textmode, +	    gpgme_sig_mode_t flags, int use_armor, int use_textmode,  	    int include_certs, gpgme_ctx_t ctx /* FIXME */)  {    engine_gpgsm_t gpgsm = engine; @@ -2054,6 +2057,9 @@ gpgsm_sign (void *engine, gpgme_data_t in, gpgme_data_t out,    if (!gpgsm)      return gpg_error (GPG_ERR_INV_VALUE); +  if (flags & (GPGME_SIG_MODE_CLEAR | GPGME_SIG_MODE_ARCHIVE)) +    return gpg_error (GPG_ERR_INV_VALUE); +    /* FIXME: This does not work as RESET does not reset it so we can't       revert back to default.  */    if (include_certs != GPGME_INCLUDE_CERTS_DEFAULT) @@ -2102,15 +2108,16 @@ gpgsm_sign (void *engine, gpgme_data_t in, gpgme_data_t out,    gpgsm_clear_fd (gpgsm, MESSAGE_FD);    gpgsm->inline_data = NULL; -  err = start (gpgsm, mode == GPGME_SIG_MODE_DETACH +  err = start (gpgsm, (flags & GPGME_SIG_MODE_DETACH)  	       ? "SIGN --detached" : "SIGN");    return err;  }  static gpgme_error_t -gpgsm_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text, -	      gpgme_data_t plaintext, gpgme_ctx_t ctx) +gpgsm_verify (void *engine, gpgme_verify_flags_t flags, gpgme_data_t sig, +              gpgme_data_t signed_text, gpgme_data_t plaintext, +              gpgme_ctx_t ctx)  {    engine_gpgsm_t gpgsm = engine;    gpgme_error_t err; @@ -2120,6 +2127,9 @@ gpgsm_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text,    if (!gpgsm)      return gpg_error (GPG_ERR_INV_VALUE); +  if (flags & GPGME_VERIFY_ARCHIVE) +    return gpg_error (GPG_ERR_NOT_IMPLEMENTED); +    gpgsm->input_cb.data = sig;    err = gpgsm_set_fd (gpgsm, INPUT_FD, map_data_enc (gpgsm->input_cb.data));    if (err) diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index 9fce1de4..a298bec6 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -1145,6 +1145,9 @@ uiserver_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,    else      return gpgme_error (GPG_ERR_UNSUPPORTED_PROTOCOL); +  if (flags & GPGME_ENCRYPT_ARCHIVE) +    return gpg_error (GPG_ERR_NOT_IMPLEMENTED); +    if (flags & GPGME_ENCRYPT_PREPARE)      {        if (!recp || plain || ciph) @@ -1211,7 +1214,7 @@ uiserver_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,  static gpgme_error_t  uiserver_sign (void *engine, gpgme_data_t in, gpgme_data_t out, -	       gpgme_sig_mode_t mode, int use_armor, int use_textmode, +	       gpgme_sig_mode_t flags, int use_armor, int use_textmode,  	       int include_certs, gpgme_ctx_t ctx /* FIXME */)  {    engine_uiserver_t uiserver = engine; @@ -1234,8 +1237,11 @@ uiserver_sign (void *engine, gpgme_data_t in, gpgme_data_t out,    else      return gpgme_error (GPG_ERR_UNSUPPORTED_PROTOCOL); +  if (flags & (GPGME_SIG_MODE_CLEAR | GPGME_SIG_MODE_ARCHIVE)) +    return gpg_error (GPG_ERR_INV_VALUE); +    if (gpgrt_asprintf (&cmd, "SIGN%s%s", protocol, -		(mode == GPGME_SIG_MODE_DETACH) ? " --detached" : "") < 0) +		(flags & GPGME_SIG_MODE_DETACH) ? " --detached" : "") < 0)      return gpg_error_from_syserror ();    key = gpgme_signers_enum (ctx, 0); @@ -1291,8 +1297,9 @@ uiserver_sign (void *engine, gpgme_data_t in, gpgme_data_t out,  /* FIXME: Missing a way to specify --silent.  */  static gpgme_error_t -uiserver_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text, -                 gpgme_data_t plaintext, gpgme_ctx_t ctx) +uiserver_verify (void *engine, gpgme_verify_flags_t flags, gpgme_data_t sig, +                 gpgme_data_t signed_text, gpgme_data_t plaintext, +                 gpgme_ctx_t ctx)  {    engine_uiserver_t uiserver = engine;    gpgme_error_t err; @@ -1313,6 +1320,9 @@ uiserver_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text,    else      return gpgme_error (GPG_ERR_UNSUPPORTED_PROTOCOL); +  if (flags & GPGME_VERIFY_ARCHIVE) +    return gpg_error (GPG_ERR_NOT_IMPLEMENTED); +    if (gpgrt_asprintf (&cmd, "VERIFY%s", protocol) < 0)      return gpg_error_from_syserror (); diff --git a/src/engine.c b/src/engine.c index 895b7e1a..ab399e73 100644 --- a/src/engine.c +++ b/src/engine.c @@ -912,7 +912,7 @@ _gpgme_engine_op_keylist_data (engine_t engine, gpgme_keylist_mode_t mode,  gpgme_error_t  _gpgme_engine_op_sign (engine_t engine, gpgme_data_t in, gpgme_data_t out, -		       gpgme_sig_mode_t mode, int use_armor, +		       gpgme_sig_mode_t flags, int use_armor,  		       int use_textmode, int include_certs,  		       gpgme_ctx_t ctx /* FIXME */)  { @@ -922,7 +922,7 @@ _gpgme_engine_op_sign (engine_t engine, gpgme_data_t in, gpgme_data_t out,    if (!engine->ops->sign)      return gpg_error (GPG_ERR_NOT_IMPLEMENTED); -  return (*engine->ops->sign) (engine->engine, in, out, mode, use_armor, +  return (*engine->ops->sign) (engine->engine, in, out, flags, use_armor,  			       use_textmode, include_certs, ctx);  } @@ -940,9 +940,9 @@ _gpgme_engine_op_trustlist (engine_t engine, const char *pattern)  gpgme_error_t -_gpgme_engine_op_verify (engine_t engine, gpgme_data_t sig, -			 gpgme_data_t signed_text, gpgme_data_t plaintext, -                         gpgme_ctx_t ctx) +_gpgme_engine_op_verify (engine_t engine, gpgme_verify_flags_t flags, +                         gpgme_data_t sig, gpgme_data_t signed_text, +                         gpgme_data_t plaintext, gpgme_ctx_t ctx)  {    if (!engine)      return gpg_error (GPG_ERR_INV_VALUE); @@ -950,8 +950,8 @@ _gpgme_engine_op_verify (engine_t engine, gpgme_data_t sig,    if (!engine->ops->verify)      return gpg_error (GPG_ERR_NOT_IMPLEMENTED); -  return (*engine->ops->verify) (engine->engine, sig, signed_text, plaintext, -                                 ctx); +  return (*engine->ops->verify) (engine->engine, flags, sig, signed_text, +                                 plaintext, ctx);  } diff --git a/src/engine.h b/src/engine.h index d580d997..59d159a4 100644 --- a/src/engine.h +++ b/src/engine.h @@ -160,13 +160,15 @@ gpgme_error_t _gpgme_engine_op_keylist_data (engine_t engine,  					     gpgme_keylist_mode_t mode,  					     gpgme_data_t data);  gpgme_error_t _gpgme_engine_op_sign (engine_t engine, gpgme_data_t in, -				     gpgme_data_t out, gpgme_sig_mode_t mode, +				     gpgme_data_t out, gpgme_sig_mode_t flags,  				     int use_armor, int use_textmode,  				     int include_certs,  				     gpgme_ctx_t ctx /* FIXME */);  gpgme_error_t _gpgme_engine_op_trustlist (engine_t engine,  					  const char *pattern); -gpgme_error_t _gpgme_engine_op_verify (engine_t engine, gpgme_data_t sig, +gpgme_error_t _gpgme_engine_op_verify (engine_t engine, +                                       gpgme_verify_flags_t flags, +                                       gpgme_data_t sig,  				       gpgme_data_t signed_text,  				       gpgme_data_t plaintext,                                         gpgme_ctx_t ctx); diff --git a/src/gpgme.def b/src/gpgme.def index d8ccd4ca..67c189c7 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -283,5 +283,7 @@ EXPORTS      gpgme_op_receive_keys                 @209      gpgme_op_receive_keys_start           @210 +    gpgme_op_verify_ext                   @211 +    gpgme_op_verify_ext_start             @212  ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 502d68cd..3ea07a81 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -303,12 +303,13 @@ typedef enum  gpgme_hash_algo_t; -/* The available signature modes.  */ +/* The available signature mode flags.  */  typedef enum    {      GPGME_SIG_MODE_NORMAL = 0,      GPGME_SIG_MODE_DETACH = 1, -    GPGME_SIG_MODE_CLEAR  = 2 +    GPGME_SIG_MODE_CLEAR  = 2, +    GPGME_SIG_MODE_ARCHIVE = 4    }  gpgme_sig_mode_t; @@ -1299,7 +1300,8 @@ typedef enum      GPGME_ENCRYPT_SYMMETRIC = 32,      GPGME_ENCRYPT_THROW_KEYIDS = 64,      GPGME_ENCRYPT_WRAP = 128, -    GPGME_ENCRYPT_WANT_ADDRESS = 256 +    GPGME_ENCRYPT_WANT_ADDRESS = 256, +    GPGME_ENCRYPT_ARCHIVE = 512    }  gpgme_encrypt_flags_t; @@ -1424,6 +1426,7 @@ gpgme_decrypt_result_t gpgme_op_decrypt_result (gpgme_ctx_t ctx);  typedef enum    {      GPGME_DECRYPT_VERIFY = 1, +    GPGME_DECRYPT_ARCHIVE = 2,      GPGME_DECRYPT_UNWRAP = 128    }  gpgme_decrypt_flags_t; @@ -1519,10 +1522,10 @@ gpgme_sign_result_t gpgme_op_sign_result (gpgme_ctx_t ctx);  /* Sign the plaintext PLAIN and store the signature in SIG.  */  gpgme_error_t gpgme_op_sign_start (gpgme_ctx_t ctx,  				   gpgme_data_t plain, gpgme_data_t sig, -				   gpgme_sig_mode_t mode); +				   gpgme_sig_mode_t flags);  gpgme_error_t gpgme_op_sign (gpgme_ctx_t ctx,  			     gpgme_data_t plain, gpgme_data_t sig, -			     gpgme_sig_mode_t mode); +			     gpgme_sig_mode_t flags);  /* @@ -1631,6 +1634,13 @@ typedef struct _gpgme_op_verify_result *gpgme_verify_result_t;  /* Retrieve a pointer to the result of the verify operation.  */  gpgme_verify_result_t gpgme_op_verify_result (gpgme_ctx_t ctx); +/* The valid verify flags.  */ +typedef enum +  { +    GPGME_VERIFY_ARCHIVE = 1 +  } +gpgme_verify_flags_t; +  /* Verify within CTX that SIG is a valid signature for TEXT.  */  gpgme_error_t gpgme_op_verify_start (gpgme_ctx_t ctx, gpgme_data_t sig,  				     gpgme_data_t signed_text, @@ -1638,6 +1648,16 @@ gpgme_error_t gpgme_op_verify_start (gpgme_ctx_t ctx, gpgme_data_t sig,  gpgme_error_t gpgme_op_verify (gpgme_ctx_t ctx, gpgme_data_t sig,  			       gpgme_data_t signed_text,  			       gpgme_data_t plaintext); +gpgme_error_t gpgme_op_verify_ext_start (gpgme_ctx_t ctx, +                                         gpgme_verify_flags_t flags, +                                         gpgme_data_t sig, +                                         gpgme_data_t signed_text, +                                         gpgme_data_t plaintext); +gpgme_error_t gpgme_op_verify_ext (gpgme_ctx_t ctx, +                                   gpgme_verify_flags_t flags, +                                   gpgme_data_t sig, +                                   gpgme_data_t signed_text, +                                   gpgme_data_t plaintext);  /* diff --git a/src/libgpgme.vers b/src/libgpgme.vers index 86d2a5df..20ae9fea 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -282,6 +282,9 @@ GPGME_1.0 {      gpgme_op_receive_keys;      gpgme_op_receive_keys_start; +    gpgme_op_verify_ext; +    gpgme_op_verify_ext_start; +    local:      *; @@ -431,7 +431,7 @@ _gpgme_op_sign_init_result (gpgme_ctx_t ctx)  static gpgme_error_t  sign_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t plain, -	    gpgme_data_t sig, gpgme_sig_mode_t mode) +	    gpgme_data_t sig, gpgme_sig_mode_t flags)  {    gpgme_error_t err; @@ -446,8 +446,9 @@ sign_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t plain,    if (err)      return err; -  if (mode != GPGME_SIG_MODE_NORMAL && mode != GPGME_SIG_MODE_DETACH -      && mode != GPGME_SIG_MODE_CLEAR) +  if (flags & ~(GPGME_SIG_MODE_DETACH +                |GPGME_SIG_MODE_CLEAR +                |GPGME_SIG_MODE_ARCHIVE))      return gpg_error (GPG_ERR_INV_VALUE);    if (!plain) @@ -466,7 +467,7 @@ sign_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t plain,    _gpgme_engine_set_status_handler (ctx->engine, sign_status_handler,  				    ctx); -  return _gpgme_engine_op_sign (ctx->engine, plain, sig, mode, ctx->use_armor, +  return _gpgme_engine_op_sign (ctx->engine, plain, sig, flags, ctx->use_armor,  				ctx->use_textmode, ctx->include_certs,  				ctx /* FIXME */);  } @@ -475,16 +476,16 @@ sign_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t plain,  /* Sign the plaintext PLAIN and store the signature in SIG.  */  gpgme_error_t  gpgme_op_sign_start (gpgme_ctx_t ctx, gpgme_data_t plain, gpgme_data_t sig, -		     gpgme_sig_mode_t mode) +		     gpgme_sig_mode_t flags)  {    gpg_error_t err;    TRACE_BEG  (DEBUG_CTX, "gpgme_op_sign_start", ctx, -	      "plain=%p, sig=%p, mode=%i", plain, sig, mode); +	      "plain=%p, sig=%p, flags=%i", plain, sig, flags);    if (!ctx)      return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); -  err = sign_start (ctx, 0, plain, sig, mode); +  err = sign_start (ctx, 0, plain, sig, flags);    return TRACE_ERR (err);  } @@ -492,17 +493,17 @@ gpgme_op_sign_start (gpgme_ctx_t ctx, gpgme_data_t plain, gpgme_data_t sig,  /* Sign the plaintext PLAIN and store the signature in SIG.  */  gpgme_error_t  gpgme_op_sign (gpgme_ctx_t ctx, gpgme_data_t plain, gpgme_data_t sig, -	       gpgme_sig_mode_t mode) +	       gpgme_sig_mode_t flags)  {    gpgme_error_t err;    TRACE_BEG  (DEBUG_CTX, "gpgme_op_sign", ctx, -	      "plain=%p, sig=%p, mode=%i", plain, sig, mode); +	      "plain=%p, sig=%p, flags=%i", plain, sig, flags);    if (!ctx)      return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); -  err = sign_start (ctx, 1, plain, sig, mode); +  err = sign_start (ctx, 1, plain, sig, flags);    if (!err)      err = _gpgme_wait_one (ctx);    return TRACE_ERR (err); @@ -56,6 +56,7 @@ const char *_gpgme_get_default_gpg_name (void);  const char *_gpgme_get_default_gpgsm_name (void);  const char *_gpgme_get_default_g13_name (void);  const char *_gpgme_get_default_gpgconf_name (void); +const char *_gpgme_get_default_gpgtar_name (void);  const char *_gpgme_get_default_uisrv_socket (void);  int _gpgme_in_gpg_one_mode (void); diff --git a/src/verify.c b/src/verify.c index 81b2ff92..a8467156 100644 --- a/src/verify.c +++ b/src/verify.c @@ -1135,8 +1135,9 @@ _gpgme_op_verify_init_result (gpgme_ctx_t ctx)  static gpgme_error_t -verify_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t sig, -	      gpgme_data_t signed_text, gpgme_data_t plaintext) +verify_start (gpgme_ctx_t ctx, int synchronous, gpgme_verify_flags_t flags, +              gpgme_data_t sig, gpgme_data_t signed_text, +              gpgme_data_t plaintext)  {    gpgme_error_t err; @@ -1153,26 +1154,45 @@ verify_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t sig,    if (!sig)      return gpg_error (GPG_ERR_NO_DATA); -  return _gpgme_engine_op_verify (ctx->engine, sig, signed_text, plaintext, -                                  ctx); +  return _gpgme_engine_op_verify (ctx->engine, flags, sig, signed_text, +                                  plaintext, ctx);  } -/* Decrypt ciphertext CIPHER and make a signature verification within -   CTX and store the resulting plaintext in PLAIN.  */ +/* Old version of gpgme_op_verify_ext_start without FLAGS.  */  gpgme_error_t  gpgme_op_verify_start (gpgme_ctx_t ctx, gpgme_data_t sig,  		       gpgme_data_t signed_text, gpgme_data_t plaintext)  { +  return gpgme_op_verify_ext_start (ctx, 0, sig, signed_text, plaintext); +} + + +/* Old version of gpgme_op_verify_ext without FLAGS.  */ +gpgme_error_t +gpgme_op_verify (gpgme_ctx_t ctx, gpgme_data_t sig, gpgme_data_t signed_text, +		 gpgme_data_t plaintext) +{ +  return gpgme_op_verify_ext (ctx, 0, sig, signed_text, plaintext); +} + + +/* Decrypt ciphertext CIPHER and make a signature verification within +   CTX and store the resulting plaintext in PLAIN.  */ +gpgme_error_t +gpgme_op_verify_ext_start (gpgme_ctx_t ctx, gpgme_verify_flags_t flags, +                           gpgme_data_t sig, gpgme_data_t signed_text, +                           gpgme_data_t plaintext) +{    gpg_error_t err;    TRACE_BEG  (DEBUG_CTX, "gpgme_op_verify_start", ctx, -	      "sig=%p, signed_text=%p, plaintext=%p", -	      sig, signed_text, plaintext); +	      "flags=0x%x, sig=%p, signed_text=%p, plaintext=%p", +	      flags, sig, signed_text, plaintext);    if (!ctx)      return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); -  err = verify_start (ctx, 0, sig, signed_text, plaintext); +  err = verify_start (ctx, 0, flags, sig, signed_text, plaintext);    return TRACE_ERR (err);  } @@ -1180,19 +1200,20 @@ gpgme_op_verify_start (gpgme_ctx_t ctx, gpgme_data_t sig,  /* Decrypt ciphertext CIPHER and make a signature verification within     CTX and store the resulting plaintext in PLAIN.  */  gpgme_error_t -gpgme_op_verify (gpgme_ctx_t ctx, gpgme_data_t sig, gpgme_data_t signed_text, -		 gpgme_data_t plaintext) +gpgme_op_verify_ext (gpgme_ctx_t ctx, gpgme_verify_flags_t flags, +                     gpgme_data_t sig, gpgme_data_t signed_text, +                     gpgme_data_t plaintext)  {    gpgme_error_t err;    TRACE_BEG  (DEBUG_CTX, "gpgme_op_verify", ctx, -	      "sig=%p, signed_text=%p, plaintext=%p", -	      sig, signed_text, plaintext); +	      "flags=0x%x, sig=%p, signed_text=%p, plaintext=%p", +	      flags, sig, signed_text, plaintext);    if (!ctx)      return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); -  err = verify_start (ctx, 1, sig, signed_text, plaintext); +  err = verify_start (ctx, 1, flags, sig, signed_text, plaintext);    if (!err)      err = _gpgme_wait_one (ctx);    return TRACE_ERR (err); diff --git a/tests/run-decrypt.c b/tests/run-decrypt.c index cf719925..ee49ead6 100644 --- a/tests/run-decrypt.c +++ b/tests/run-decrypt.c @@ -91,6 +91,8 @@ show_usage (int ex)           "  --unwrap         remove only the encryption layer\n"           "  --large-buffers  use large I/O buffer\n"           "  --sensitive      mark data objects as sensitive\n" +         "  --archive        extract files from an encrypted archive\n" +         "  --directory DIR  extract the files into the directory DIR\n"           "  --diagnostics    print diagnostics\n"           , stderr);    exit (ex); @@ -113,6 +115,7 @@ main (int argc, char **argv)    int export_session_key = 0;    const char *override_session_key = NULL;    const char *request_origin = NULL; +  const char *directory = NULL;    int no_symkey_cache = 0;    int ignore_mdc_error = 0;    int raw_output = 0; @@ -205,6 +208,19 @@ main (int argc, char **argv)            raw_output = 1;            argc--; argv++;          } +      else if (!strcmp (*argv, "--archive")) +        { +          flags |= GPGME_DECRYPT_ARCHIVE; +          argc--; argv++; +        } +      else if (!strcmp (*argv, "--directory")) +        { +          argc--; argv++; +          if (!argc) +            show_usage (1); +          directory = *argv; +          argc--; argv++; +        }        else if (!strncmp (*argv, "--", 2))          show_usage (1); @@ -302,6 +318,16 @@ main (int argc, char **argv)                 gpgme_strerror (err));        exit (1);      } +  if (directory && (flags & GPGME_DECRYPT_ARCHIVE)) +    { +      err = gpgme_data_set_file_name (out, directory); +      if (err) +        { +          fprintf (stderr, PGM ": error setting file name (out): %s\n", +                   gpgme_strerror (err)); +          exit (1); +        } +    }    if (large_buffers)      {        err = gpgme_data_set_flag (out, "io-buffer-size", "1000000"); diff --git a/tests/run-encrypt.c b/tests/run-encrypt.c index 7b0e29a7..2d1c6e9d 100644 --- a/tests/run-encrypt.c +++ b/tests/run-encrypt.c @@ -77,10 +77,11 @@ progress_cb (void *opaque, const char *what, int type, int current, int total)  static void -print_result (gpgme_encrypt_result_t result) +print_encrypt_result (gpgme_encrypt_result_t result)  {    gpgme_invalid_key_t invkey; +  printf ("\nEncryption results\n");    for (invkey = result->invalid_recipients; invkey; invkey = invkey->next)      printf ("Encryption key `%s' not used: %s <%s>\n",              nonnull (invkey->fpr), @@ -88,6 +89,30 @@ print_result (gpgme_encrypt_result_t result)  } +static void +print_sign_result (gpgme_sign_result_t result) +{ +  gpgme_invalid_key_t invkey; +  gpgme_new_signature_t sig; + +  printf ("\nSigning results\n"); +  for (invkey = result->invalid_signers; invkey; invkey = invkey->next) +    printf ("Signing key `%s' not used: %s <%s>\n", +            nonnull (invkey->fpr), +            gpg_strerror (invkey->reason), gpg_strsource (invkey->reason)); + +  for (sig = result->signatures; sig; sig = sig->next) +    { +      printf ("Key fingerprint: %s\n", nonnull (sig->fpr)); +      printf ("Signature type : %d\n", sig->type); +      printf ("Public key algo: %d\n", sig->pubkey_algo); +      printf ("Hash algo .....: %d\n", sig->hash_algo); +      printf ("Creation time .: %ld\n", sig->timestamp); +      printf ("Sig class .....: 0x%u\n", sig->sig_class); +    } +} + +  static int  show_usage (int ex) @@ -95,6 +120,7 @@ show_usage (int ex)    fputs ("usage: " PGM " [options] FILE\n\n"           "Options:\n"           "  --verbose          run in verbose mode\n" +         "  --sign             sign data before encryption\n"           "  --status           print status lines from the backend\n"           "  --progress         print progress info\n"           "  --openpgp          use the OpenPGP protocol (default)\n" @@ -107,6 +133,9 @@ show_usage (int ex)           "  --no-symkey-cache  disable the use of that cache\n"           "  --wrap             assume input is valid OpenPGP message\n"           "  --symmetric        encrypt symmetric (OpenPGP only)\n" +         "  --archive          encrypt given file or directory into an archive\n" +         "  --directory DIR    switch to directory DIR before encrypting into an archive\n" +         "  --diagnostics      print diagnostics\n"           , stderr);    exit (ex);  } @@ -120,7 +149,8 @@ main (int argc, char **argv)    gpgme_ctx_t ctx;    gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;    gpgme_data_t in, out; -  gpgme_encrypt_result_t result; +  gpgme_encrypt_result_t encrypt_result; +  gpgme_sign_result_t sign_result;    int print_status = 0;    int print_progress = 0;    int use_loopback = 0; @@ -128,10 +158,13 @@ main (int argc, char **argv)    gpgme_key_t keys[10+1];    int keycount = 0;    char *keystring = NULL; +  const char *directory = NULL;    int i;    gpgme_encrypt_flags_t flags = GPGME_ENCRYPT_ALWAYS_TRUST;    gpgme_off_t offset;    int no_symkey_cache = 0; +  int diagnostics = 0; +  int sign = 0;    if (argc)      { argc--; argv++; } @@ -154,6 +187,11 @@ main (int argc, char **argv)            verbose = 1;            argc--; argv++;          } +      else if (!strcmp (*argv, "--sign")) +        { +          sign = 1; +          argc--; argv++; +        }        else if (!strcmp (*argv, "--status"))          {            print_status = 1; @@ -225,6 +263,24 @@ main (int argc, char **argv)            no_symkey_cache = 1;            argc--; argv++;          } +      else if (!strcmp (*argv, "--archive")) +        { +          flags |= GPGME_ENCRYPT_ARCHIVE; +          argc--; argv++; +        } +      else if (!strcmp (*argv, "--directory")) +        { +          argc--; argv++; +          if (!argc) +            show_usage (1); +          directory = *argv; +          argc--; argv++; +        } +      else if (!strcmp (*argv, "--diagnostics")) +        { +          diagnostics = 1; +          argc--; argv++; +        }        else if (!strncmp (*argv, "--", 2))          show_usage (1); @@ -269,57 +325,100 @@ main (int argc, char **argv)      }    keys[i] = NULL; -  err = gpgme_data_new_from_file (&in, *argv, 1); -  if (err) -    { -      fprintf (stderr, PGM ": error reading `%s': %s\n", -               *argv, gpg_strerror (err)); -      exit (1); -    } -  offset = gpgme_data_seek (in, 0, SEEK_END); -  if (offset == (gpgme_off_t)(-1)) +  if (flags & GPGME_ENCRYPT_ARCHIVE)      { -      err = gpg_error_from_syserror (); -      fprintf (stderr, PGM ": error seeking `%s': %s\n", -               *argv, gpg_strerror (err)); -      exit (1); +      const char *path = *argv; +      err = gpgme_data_new_from_mem (&in, path, strlen (path), 0); +      fail_if_err (err); +      if (directory) +        { +          err = gpgme_data_set_file_name (in, directory); +          fail_if_err (err); +        }      } -  if (gpgme_data_seek (in, 0, SEEK_SET) == (gpgme_off_t)(-1)) +  else      { -      err = gpg_error_from_syserror (); -      fprintf (stderr, PGM ": error seeking `%s': %s\n", -               *argv, gpg_strerror (err)); -      exit (1); -    } -  { -    char numbuf[50]; -    char *p; - -    p = numbuf + sizeof numbuf; -    *--p = 0; -    do -      { -        *--p = '0' + (offset % 10); -        offset /= 10; -      } -    while (offset); -    err = gpgme_data_set_flag (in, "size-hint", p); -    if (err) +      err = gpgme_data_new_from_file (&in, *argv, 1); +      if (err) +        { +          fprintf (stderr, PGM ": error reading `%s': %s\n", +                  *argv, gpg_strerror (err)); +          exit (1); +        } +      offset = gpgme_data_seek (in, 0, SEEK_END); +      if (offset == (gpgme_off_t)(-1)) +        { +          err = gpg_error_from_syserror (); +          fprintf (stderr, PGM ": error seeking `%s': %s\n", +                  *argv, gpg_strerror (err)); +          exit (1); +        } +      if (gpgme_data_seek (in, 0, SEEK_SET) == (gpgme_off_t)(-1)) +        { +          err = gpg_error_from_syserror (); +          fprintf (stderr, PGM ": error seeking `%s': %s\n", +                  *argv, gpg_strerror (err)); +          exit (1); +        }        { -        fprintf (stderr, PGM ": error setting size-hint for `%s': %s\n", -                 *argv, gpg_strerror (err)); -        exit (1); +        char numbuf[50]; +        char *p; + +        p = numbuf + sizeof numbuf; +        *--p = 0; +        do +          { +            *--p = '0' + (offset % 10); +            offset /= 10; +          } +        while (offset); +        err = gpgme_data_set_flag (in, "size-hint", p); +        if (err) +          { +            fprintf (stderr, PGM ": error setting size-hint for `%s': %s\n", +                    *argv, gpg_strerror (err)); +            exit (1); +          }        } -  } +    }    err = gpgme_data_new (&out);    fail_if_err (err); -  err = gpgme_op_encrypt_ext (ctx, keycount ? keys : NULL, keystring, -                              flags, in, out); -  result = gpgme_op_encrypt_result (ctx); -  if (result) -    print_result (result); +  if (sign) +    err = gpgme_op_encrypt_sign_ext (ctx, keycount ? keys : NULL, keystring, +                                     flags, in, out); +  else +    err = gpgme_op_encrypt_ext (ctx, keycount ? keys : NULL, keystring, +                                flags, in, out); + +  if (diagnostics) +    { +      gpgme_data_t diag; +      gpgme_error_t diag_err; + +      gpgme_data_new (&diag); +      diag_err = gpgme_op_getauditlog (ctx, diag, GPGME_AUDITLOG_DIAG); +      if (diag_err) +        { +          fprintf (stderr, PGM ": getting diagnostics failed: %s\n", +                   gpgme_strerror (diag_err)); +        } +      else +        { +          fputs ("Begin Diagnostics:\n", stdout); +          print_data (diag); +          fputs ("End Diagnostics.\n", stdout); +        } +      gpgme_data_release (diag); +    } + +  sign_result = gpgme_op_sign_result (ctx); +  if (sign_result) +    print_sign_result (sign_result); +  encrypt_result = gpgme_op_encrypt_result (ctx); +  if (encrypt_result) +    print_encrypt_result (encrypt_result);    if (err)      {        fprintf (stderr, PGM ": encrypting failed: %s\n", gpg_strerror (err)); diff --git a/tests/run-sign.c b/tests/run-sign.c index 37211d72..84d7c070 100644 --- a/tests/run-sign.c +++ b/tests/run-sign.c @@ -87,6 +87,9 @@ show_usage (int ex)           "  --sender MBOX    use MBOX as sender address\n"           "  --include-key-block  use this option with gpg\n"           "  --clear          create a clear text signature\n" +         "  --archive        create a signed archive with the given file or directory\n" +         "  --directory DIR  switch to directory DIR before creating the archive\n" +         "  --diagnostics    print diagnostics\n"           , stderr);    exit (ex);  } @@ -99,6 +102,7 @@ main (int argc, char **argv)    gpgme_error_t err;    gpgme_ctx_t ctx;    const char *key_string = NULL; +  const char *directory = NULL;    gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;    gpgme_sig_mode_t sigmode = GPGME_SIG_MODE_NORMAL;    gpgme_data_t in, out; @@ -106,6 +110,7 @@ main (int argc, char **argv)    int print_status = 0;    int use_loopback = 0;    int include_key_block = 0; +  int diagnostics = 0;    const char *sender = NULL;    const char *s; @@ -178,6 +183,24 @@ main (int argc, char **argv)            sigmode = GPGME_SIG_MODE_CLEAR;            argc--; argv++;          } +      else if (!strcmp (*argv, "--archive")) +        { +          sigmode = GPGME_SIG_MODE_ARCHIVE; +          argc--; argv++; +        } +      else if (!strcmp (*argv, "--directory")) +        { +          argc--; argv++; +          if (!argc) +            show_usage (1); +          directory = *argv; +          argc--; argv++; +        } +      else if (!strcmp (*argv, "--diagnostics")) +        { +          diagnostics = 1; +          argc--; argv++; +        }        else if (!strncmp (*argv, "--", 2))          show_usage (1); @@ -236,12 +259,26 @@ main (int argc, char **argv)          }      } -  err = gpgme_data_new_from_file (&in, *argv, 1); -  if (err) +  if (sigmode == GPGME_SIG_MODE_ARCHIVE)      { -      fprintf (stderr, PGM ": error reading `%s': %s\n", -               *argv, gpg_strerror (err)); -      exit (1); +      const char *path = *argv; +      err = gpgme_data_new_from_mem (&in, path, strlen (path), 0); +      fail_if_err (err); +      if (directory) +        { +          err = gpgme_data_set_file_name (in, directory); +          fail_if_err (err); +        } +    } +  else +    { +      err = gpgme_data_new_from_file (&in, *argv, 1); +      if (err) +        { +          fprintf (stderr, PGM ": error reading `%s': %s\n", +                  *argv, gpg_strerror (err)); +          exit (1); +        }      }    err = gpgme_data_new (&out); @@ -249,6 +286,28 @@ main (int argc, char **argv)    err = gpgme_op_sign (ctx, in, out, sigmode);    result = gpgme_op_sign_result (ctx); + +  if (diagnostics) +    { +      gpgme_data_t diag; +      gpgme_error_t diag_err; + +      gpgme_data_new (&diag); +      diag_err = gpgme_op_getauditlog (ctx, diag, GPGME_AUDITLOG_DIAG); +      if (diag_err) +        { +          fprintf (stderr, PGM ": getting diagnostics failed: %s\n", +                   gpgme_strerror (diag_err)); +        } +      else +        { +          fputs ("Begin Diagnostics:\n", stdout); +          print_data (diag); +          fputs ("End Diagnostics.\n", stdout); +        } +      gpgme_data_release (diag); +    } +    if (result)      print_result (result, sigmode);    if (err) diff --git a/tests/run-verify.c b/tests/run-verify.c index f131f491..831c4614 100644 --- a/tests/run-verify.c +++ b/tests/run-verify.c @@ -235,6 +235,9 @@ show_usage (int ex)           "  --repeat N       repeat the operation N times\n"           "  --auto-key-retrieve\n"           "  --auto-key-import\n" +         "  --archive        extract files from a signed archive FILE\n" +         "  --directory DIR  extract the files into the directory DIR\n" +         "  --diagnostics    print diagnostics\n"           , stderr);    exit (ex);  } @@ -246,10 +249,13 @@ main (int argc, char **argv)    int last_argc = -1;    const char *s;    gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; +  gpgme_verify_flags_t flags = 0;    int print_status = 0;    const char *sender = NULL; +  const char *directory = NULL;    int auto_key_retrieve = 0;    int auto_key_import = 0; +  int diagnostics = 0;    int repeats = 1;    int i; @@ -312,12 +318,30 @@ main (int argc, char **argv)            auto_key_import = 1;            argc--; argv++;          } +      else if (!strcmp (*argv, "--archive")) +        { +          flags |= GPGME_VERIFY_ARCHIVE; +          argc--; argv++; +        } +      else if (!strcmp (*argv, "--directory")) +        { +          argc--; argv++; +          if (!argc) +            show_usage (1); +          directory = *argv; +          argc--; argv++; +        } +      else if (!strcmp (*argv, "--diagnostics")) +        { +          diagnostics = 1; +          argc--; argv++; +        }        else if (!strncmp (*argv, "--", 2))          show_usage (1);      } -  if (argc < 1 || argc > 2) +  if (argc < 1 || argc > 2 || (argc > 1 && (flags & GPGME_VERIFY_ARCHIVE)))      show_usage (1);    init_gpgme (protocol); @@ -330,6 +354,7 @@ main (int argc, char **argv)        gpgme_data_t sig = NULL;        FILE *fp_msg = NULL;        gpgme_data_t msg = NULL; +      gpgme_data_t out = NULL;        gpgme_verify_result_t result;        if (repeats > 1) @@ -415,8 +440,48 @@ main (int argc, char **argv)              }          } -      err = gpgme_op_verify (ctx, sig, msg, NULL); +      if (directory && (flags & GPGME_VERIFY_ARCHIVE)) +        { +          err = gpgme_data_new (&out); +          if (err) +            { +              fprintf (stderr, PGM ": error allocating data object: %s\n", +                      gpgme_strerror (err)); +              exit (1); +            } +          err = gpgme_data_set_file_name (out, directory); +          if (err) +            { +              fprintf (stderr, PGM ": error setting file name (out): %s\n", +                      gpgme_strerror (err)); +              exit (1); +            } +        } + +      err = gpgme_op_verify_ext (ctx, flags, sig, msg, out);        result = gpgme_op_verify_result (ctx); + +      if (diagnostics) +        { +          gpgme_data_t diag; +          gpgme_error_t diag_err; + +          gpgme_data_new (&diag); +          diag_err = gpgme_op_getauditlog (ctx, diag, GPGME_AUDITLOG_DIAG); +          if (diag_err) +            { +              fprintf (stderr, PGM ": getting diagnostics failed: %s\n", +                      gpgme_strerror (diag_err)); +            } +          else +            { +              fputs ("Begin Diagnostics:\n", stdout); +              print_data (diag); +              fputs ("End Diagnostics.\n", stdout); +            } +          gpgme_data_release (diag); +        } +        if (result)          print_result (result);        if (err) @@ -425,6 +490,7 @@ main (int argc, char **argv)            exit (1);          } +      gpgme_data_release (out);        gpgme_data_release (msg);        gpgme_data_release (sig); diff --git a/tests/t-engine-info.c b/tests/t-engine-info.c index 3f8d0037..1a351391 100644 --- a/tests/t-engine-info.c +++ b/tests/t-engine-info.c @@ -133,6 +133,7 @@ main (int argc, char **argv )                            "dirmngr-name",                            "pinentry-name",                            "gpg-wks-client-name", +                          "gpgtar-name",                            NULL };      const char *s;      int i; | 
