aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/decrypt-verify.c67
-rw-r--r--src/decrypt.c18
-rw-r--r--src/engine-assuan.c1
-rw-r--r--src/engine-backend.h7
-rw-r--r--src/engine-g13.c1
-rw-r--r--src/engine-gpg.c24
-rw-r--r--src/engine-gpgconf.c1
-rw-r--r--src/engine-gpgsm.c7
-rw-r--r--src/engine-spawn.c1
-rw-r--r--src/engine-uiserver.c28
-rw-r--r--src/engine.c23
-rw-r--r--src/engine.h10
-rw-r--r--src/gpgme.def3
-rw-r--r--src/gpgme.h.in24
-rw-r--r--src/libgpgme.vers3
-rw-r--r--src/ops.h3
16 files changed, 148 insertions, 73 deletions
diff --git a/src/decrypt-verify.c b/src/decrypt-verify.c
index e0aa8ea9..66cfe94f 100644
--- a/src/decrypt-verify.c
+++ b/src/decrypt-verify.c
@@ -23,6 +23,8 @@
#include <config.h>
#endif
+#include <assert.h>
+
#include "debug.h"
#include "gpgme.h"
#include "ops.h"
@@ -45,10 +47,13 @@ decrypt_verify_status_handler (void *priv, gpgme_status_code_t code,
static gpgme_error_t
decrypt_verify_start (gpgme_ctx_t ctx, int synchronous,
+ gpgme_decrypt_flags_t flags,
gpgme_data_t cipher, gpgme_data_t plain)
{
gpgme_error_t err;
+ assert ((flags & GPGME_DECRYPT_VERIFY));
+
err = _gpgme_op_reset (ctx, synchronous);
if (err)
return err;
@@ -77,9 +82,11 @@ decrypt_verify_start (gpgme_ctx_t ctx, int synchronous,
_gpgme_engine_set_status_handler (ctx->engine,
decrypt_verify_status_handler, ctx);
- return _gpgme_engine_op_decrypt_verify (ctx->engine, cipher, plain,
- ctx->export_session_keys,
- ctx->override_session_key);
+ return _gpgme_engine_op_decrypt (ctx->engine,
+ flags,
+ cipher, plain,
+ ctx->export_session_keys,
+ ctx->override_session_key);
}
@@ -97,7 +104,7 @@ gpgme_op_decrypt_verify_start (gpgme_ctx_t ctx, gpgme_data_t cipher,
if (!ctx)
return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
- err = decrypt_verify_start (ctx, 0, cipher, plain);
+ err = decrypt_verify_start (ctx, 0, GPGME_DECRYPT_VERIFY, cipher, plain);
return TRACE_ERR (err);
}
@@ -116,7 +123,57 @@ gpgme_op_decrypt_verify (gpgme_ctx_t ctx, gpgme_data_t cipher,
if (!ctx)
return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
- err = decrypt_verify_start (ctx, 1, cipher, plain);
+ err = decrypt_verify_start (ctx, 1, GPGME_DECRYPT_VERIFY, cipher, plain);
+ if (!err)
+ err = _gpgme_wait_one (ctx);
+ return TRACE_ERR (err);
+}
+
+
+/* Decrypt ciphertext CIPHER within CTX and store the resulting
+ plaintext in PLAIN. */
+gpgme_error_t
+gpgme_op_decrypt_ext_start (gpgme_ctx_t ctx,
+ gpgme_decrypt_flags_t flags,
+ gpgme_data_t cipher,
+ gpgme_data_t plain)
+{
+ gpgme_error_t err;
+
+ TRACE_BEG2 (DEBUG_CTX, "gpgme_op_decrypt_ext_start", ctx,
+ "cipher=%p, plain=%p", cipher, plain);
+
+ if (!ctx)
+ return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
+
+ if ((flags & GPGME_DECRYPT_VERIFY))
+ err = decrypt_verify_start (ctx, 0, flags, cipher, plain);
+ else
+ err = _gpgme_decrypt_start (ctx, 0, flags, cipher, plain);
+ return TRACE_ERR (err);
+}
+
+
+/* Decrypt ciphertext CIPHER within CTX and store the resulting
+ plaintext in PLAIN. */
+gpgme_error_t
+gpgme_op_decrypt_ext (gpgme_ctx_t ctx,
+ gpgme_decrypt_flags_t flags,
+ gpgme_data_t cipher,
+ gpgme_data_t plain)
+{
+ gpgme_error_t err;
+
+ TRACE_BEG2 (DEBUG_CTX, "gpgme_op_decrypt_ext", ctx,
+ "cipher=%p, plain=%p", cipher, plain);
+
+ if (!ctx)
+ return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
+
+ if ((flags & GPGME_DECRYPT_VERIFY))
+ err = decrypt_verify_start (ctx, 1, flags, cipher, plain);
+ else
+ err = _gpgme_decrypt_start (ctx, 1, flags, cipher, plain);
if (!err)
err = _gpgme_wait_one (ctx);
return TRACE_ERR (err);
diff --git a/src/decrypt.c b/src/decrypt.c
index 43717c0d..f30f80f6 100644
--- a/src/decrypt.c
+++ b/src/decrypt.c
@@ -25,6 +25,7 @@
#include <stdlib.h>
#include <string.h>
#include <errno.h>
+#include <assert.h>
#include "debug.h"
#include "gpgme.h"
@@ -358,12 +359,15 @@ _gpgme_op_decrypt_init_result (gpgme_ctx_t ctx)
}
-static gpgme_error_t
-decrypt_start (gpgme_ctx_t ctx, int synchronous,
- gpgme_data_t cipher, gpgme_data_t plain)
+gpgme_error_t
+_gpgme_decrypt_start (gpgme_ctx_t ctx, int synchronous,
+ gpgme_decrypt_flags_t flags,
+ gpgme_data_t cipher, gpgme_data_t plain)
{
gpgme_error_t err;
+ assert (!(flags & GPGME_DECRYPT_VERIFY));
+
err = _gpgme_op_reset (ctx, synchronous);
if (err)
return err;
@@ -390,7 +394,9 @@ decrypt_start (gpgme_ctx_t ctx, int synchronous,
_gpgme_engine_set_status_handler (ctx->engine, decrypt_status_handler, ctx);
- return _gpgme_engine_op_decrypt (ctx->engine, cipher, plain,
+ return _gpgme_engine_op_decrypt (ctx->engine,
+ flags,
+ cipher, plain,
ctx->export_session_keys,
ctx->override_session_key);
}
@@ -408,7 +414,7 @@ gpgme_op_decrypt_start (gpgme_ctx_t ctx, gpgme_data_t cipher,
if (!ctx)
return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
- err = decrypt_start (ctx, 0, cipher, plain);
+ err = _gpgme_decrypt_start (ctx, 0, 0, cipher, plain);
return TRACE_ERR (err);
}
@@ -426,7 +432,7 @@ gpgme_op_decrypt (gpgme_ctx_t ctx, gpgme_data_t cipher, gpgme_data_t plain)
if (!ctx)
return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
- err = decrypt_start (ctx, 1, cipher, plain);
+ err = _gpgme_decrypt_start (ctx, 1, 0, cipher, plain);
if (!err)
err = _gpgme_wait_one (ctx);
return TRACE_ERR (err);
diff --git a/src/engine-assuan.c b/src/engine-assuan.c
index 4beb41d7..68bdaa6a 100644
--- a/src/engine-assuan.c
+++ b/src/engine-assuan.c
@@ -776,7 +776,6 @@ struct engine_ops _gpgme_engine_ops_assuan =
llass_set_locale,
NULL, /* set_protocol */
NULL, /* decrypt */
- NULL, /* decrypt_verify */
NULL, /* delete */
NULL, /* edit */
NULL, /* encrypt */
diff --git a/src/engine-backend.h b/src/engine-backend.h
index 635acb06..53af6622 100644
--- a/src/engine-backend.h
+++ b/src/engine-backend.h
@@ -61,12 +61,11 @@ struct engine_ops
void *fnc_value);
gpgme_error_t (*set_locale) (void *engine, int category, const char *value);
gpgme_error_t (*set_protocol) (void *engine, gpgme_protocol_t protocol);
- gpgme_error_t (*decrypt) (void *engine, gpgme_data_t ciph,
+ gpgme_error_t (*decrypt) (void *engine,
+ gpgme_decrypt_flags_t flags,
+ gpgme_data_t ciph,
gpgme_data_t plain, int export_session_key,
const char *override_session_key);
- gpgme_error_t (*decrypt_verify) (void *engine, gpgme_data_t ciph,
- gpgme_data_t plain, int export_session_key,
- const char *override_session_key);
gpgme_error_t (*delete) (void *engine, gpgme_key_t key, int allow_secret);
gpgme_error_t (*edit) (void *engine, int type, gpgme_key_t key,
gpgme_data_t out, gpgme_ctx_t ctx /* FIXME */);
diff --git a/src/engine-g13.c b/src/engine-g13.c
index 593177c2..02951e83 100644
--- a/src/engine-g13.c
+++ b/src/engine-g13.c
@@ -791,7 +791,6 @@ struct engine_ops _gpgme_engine_ops_g13 =
g13_set_locale,
NULL, /* set_protocol */
NULL, /* decrypt */
- NULL, /* decrypt_verify */
NULL, /* delete */
NULL, /* edit */
NULL, /* encrypt */
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 6e4b8339..0c3a63ee 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -1559,7 +1559,9 @@ add_input_size_hint (engine_gpg_t gpg, gpgme_data_t data)
static gpgme_error_t
-gpg_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain,
+gpg_decrypt (void *engine,
+ gpgme_decrypt_flags_t flags,
+ gpgme_data_t ciph, gpgme_data_t plain,
int export_session_key, const char *override_session_key)
{
engine_gpg_t gpg = engine;
@@ -1567,6 +1569,14 @@ gpg_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain,
err = add_arg (gpg, "--decrypt");
+ if (!err && (flags & GPGME_DECRYPT_UNWRAP))
+ {
+ if (!have_gpg_version (gpg, "2.1.12"))
+ err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+ else
+ err = add_arg (gpg, "--unwrap");
+ }
+
if (!err && export_session_key)
err = add_arg (gpg, "--show-session-key");
@@ -1857,6 +1867,17 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags,
if (!err && use_armor)
err = add_arg (gpg, "--armor");
+ if (!err && (flags & GPGME_ENCRYPT_WRAP))
+ {
+ /* gpg is current not abale to detect already compressed
+ * packets. Thus when using
+ * gpg --unwrap -d | gpg --no-literal -e
+ * the encryption would add an additional compression layer.
+ * We better suppress that. */
+ flags |= GPGME_ENCRYPT_NO_COMPRESS;
+ err = add_arg (gpg, "--no-literal");
+ }
+
if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
err = add_arg (gpg, "--compress-algo=none");
@@ -3047,7 +3068,6 @@ struct engine_ops _gpgme_engine_ops_gpg =
gpg_set_locale,
NULL, /* set_protocol */
gpg_decrypt,
- gpg_decrypt, /* decrypt_verify */
gpg_delete,
gpg_edit,
gpg_encrypt,
diff --git a/src/engine-gpgconf.c b/src/engine-gpgconf.c
index 48919775..6f7c8ac0 100644
--- a/src/engine-gpgconf.c
+++ b/src/engine-gpgconf.c
@@ -1233,7 +1233,6 @@ struct engine_ops _gpgme_engine_ops_gpgconf =
NULL, /* set_locale */
NULL, /* set_protocol */
NULL, /* decrypt */
- NULL, /* decrypt_verify */
NULL, /* delete */
NULL, /* edit */
NULL, /* encrypt */
diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index 7652363a..c3d5427f 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -1127,12 +1127,16 @@ gpgsm_reset (void *engine)
static gpgme_error_t
-gpgsm_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain,
+gpgsm_decrypt (void *engine,
+ gpgme_decrypt_flags_t flags,
+ gpgme_data_t ciph, gpgme_data_t plain,
int export_session_key, const char *override_session_key)
{
engine_gpgsm_t gpgsm = engine;
gpgme_error_t err;
+ (void)flags;
+
/* gpgsm is not capable of exporting session keys right now, so we
* will ignore this if requested. */
(void)export_session_key;
@@ -2095,7 +2099,6 @@ struct engine_ops _gpgme_engine_ops_gpgsm =
gpgsm_set_locale,
NULL, /* set_protocol */
gpgsm_decrypt,
- gpgsm_decrypt,
gpgsm_delete, /* decrypt_verify */
NULL, /* edit */
gpgsm_encrypt,
diff --git a/src/engine-spawn.c b/src/engine-spawn.c
index fa406d4c..9d587cc5 100644
--- a/src/engine-spawn.c
+++ b/src/engine-spawn.c
@@ -449,7 +449,6 @@ struct engine_ops _gpgme_engine_ops_spawn =
NULL, /* set_locale */
NULL, /* set_protocol */
NULL, /* decrypt */
- NULL, /* decrypt_verify */
NULL, /* delete */
NULL, /* edit */
NULL, /* encrypt */
diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c
index 12efd270..20a8abf2 100644
--- a/src/engine-uiserver.c
+++ b/src/engine-uiserver.c
@@ -959,14 +959,16 @@ uiserver_reset (void *engine)
static gpgme_error_t
-_uiserver_decrypt (void *engine, int verify,
- gpgme_data_t ciph, gpgme_data_t plain,
- int export_session_key, const char *override_session_key)
+uiserver_decrypt (void *engine,
+ gpgme_decrypt_flags_t flags,
+ gpgme_data_t ciph, gpgme_data_t plain,
+ int export_session_key, const char *override_session_key)
{
engine_uiserver_t uiserver = engine;
gpgme_error_t err;
const char *protocol;
char *cmd;
+ int verify = !!(flags & GPGME_DECRYPT_VERIFY);
(void)override_session_key; /* Fixme: We need to see now to add this
* to the UI server protocol */
@@ -1011,25 +1013,6 @@ _uiserver_decrypt (void *engine, int verify,
static gpgme_error_t
-uiserver_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain,
- int export_session_key, const char *override_session_key)
-{
- return _uiserver_decrypt (engine, 0, ciph, plain,
- export_session_key, override_session_key);
-}
-
-
-static gpgme_error_t
-uiserver_decrypt_verify (void *engine, gpgme_data_t ciph, gpgme_data_t plain,
- int export_session_key,
- const char *override_session_key)
-{
- return _uiserver_decrypt (engine, 1, ciph, plain,
- export_session_key, override_session_key);
-}
-
-
-static gpgme_error_t
set_recipients (engine_uiserver_t uiserver, gpgme_key_t recp[])
{
gpgme_error_t err = 0;
@@ -1383,7 +1366,6 @@ struct engine_ops _gpgme_engine_ops_uiserver =
uiserver_set_locale,
uiserver_set_protocol,
uiserver_decrypt,
- uiserver_decrypt_verify,
NULL, /* delete */
NULL, /* edit */
uiserver_encrypt,
diff --git a/src/engine.c b/src/engine.c
index a918a50d..278916d4 100644
--- a/src/engine.c
+++ b/src/engine.c
@@ -652,7 +652,9 @@ _gpgme_engine_set_protocol (engine_t engine, gpgme_protocol_t protocol)
gpgme_error_t
-_gpgme_engine_op_decrypt (engine_t engine, gpgme_data_t ciph,
+_gpgme_engine_op_decrypt (engine_t engine,
+ gpgme_decrypt_flags_t flags,
+ gpgme_data_t ciph,
gpgme_data_t plain, int export_session_key,
const char *override_session_key)
{
@@ -662,29 +664,12 @@ _gpgme_engine_op_decrypt (engine_t engine, gpgme_data_t ciph,
if (!engine->ops->decrypt)
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
- return (*engine->ops->decrypt) (engine->engine, ciph, plain,
+ return (*engine->ops->decrypt) (engine->engine, flags, ciph, plain,
export_session_key, override_session_key);
}
gpgme_error_t
-_gpgme_engine_op_decrypt_verify (engine_t engine, gpgme_data_t ciph,
- gpgme_data_t plain, int export_session_key,
- const char *override_session_key)
-{
- if (!engine)
- return gpg_error (GPG_ERR_INV_VALUE);
-
- if (!engine->ops->decrypt_verify)
- return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-
- return (*engine->ops->decrypt_verify) (engine->engine, ciph, plain,
- export_session_key,
- override_session_key);
-}
-
-
-gpgme_error_t
_gpgme_engine_op_delete (engine_t engine, gpgme_key_t key,
int allow_secret)
{
diff --git a/src/engine.h b/src/engine.h
index 1064f5ed..dd0ef9c2 100644
--- a/src/engine.h
+++ b/src/engine.h
@@ -83,16 +83,12 @@ gpgme_error_t
_gpgme_engine_set_colon_line_handler (engine_t engine,
engine_colon_line_handler_t fnc,
void *fnc_value);
-gpgme_error_t _gpgme_engine_op_decrypt (engine_t engine, gpgme_data_t ciph,
+gpgme_error_t _gpgme_engine_op_decrypt (engine_t engine,
+ gpgme_decrypt_flags_t flags,
+ gpgme_data_t ciph,
gpgme_data_t plain,
int export_session_key,
const char *override_session_key);
-gpgme_error_t _gpgme_engine_op_decrypt_verify (engine_t engine,
- gpgme_data_t ciph,
- gpgme_data_t plain,
- int export_session_key,
- const char *override_session_key
- );
gpgme_error_t _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key,
int allow_secret);
gpgme_error_t _gpgme_engine_op_edit (engine_t engine, int type,
diff --git a/src/gpgme.def b/src/gpgme.def
index 9faffb85..51053cd9 100644
--- a/src/gpgme.def
+++ b/src/gpgme.def
@@ -259,5 +259,8 @@ EXPORTS
gpgme_op_set_uid_flag_start @193
gpgme_op_set_uid_flag @194
+ gpgme_op_decrypt_ext @195
+ gpgme_op_decrypt_ext_start @196
+
; END
diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index e9ee6e2f..b6c14064 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -1238,7 +1238,8 @@ typedef enum
GPGME_ENCRYPT_EXPECT_SIGN = 8,
GPGME_ENCRYPT_NO_COMPRESS = 16,
GPGME_ENCRYPT_SYMMETRIC = 32,
- GPGME_ENCRYPT_THROW_KEYIDS = 64
+ GPGME_ENCRYPT_THROW_KEYIDS = 64,
+ GPGME_ENCRYPT_WRAP = 128
}
gpgme_encrypt_flags_t;
@@ -1317,6 +1318,14 @@ typedef struct _gpgme_op_decrypt_result *gpgme_decrypt_result_t;
/* Retrieve a pointer to the result of the decrypt operation. */
gpgme_decrypt_result_t gpgme_op_decrypt_result (gpgme_ctx_t ctx);
+/* The valid decryption flags. */
+typedef enum
+ {
+ GPGME_DECRYPT_VERIFY = 1,
+ GPGME_DECRYPT_UNWRAP = 128
+ }
+gpgme_decrypt_flags_t;
+
/* Decrypt ciphertext CIPHER within CTX and store the resulting
plaintext in PLAIN. */
gpgme_error_t gpgme_op_decrypt_start (gpgme_ctx_t ctx, gpgme_data_t cipher,
@@ -1332,6 +1341,19 @@ gpgme_error_t gpgme_op_decrypt_verify_start (gpgme_ctx_t ctx,
gpgme_error_t gpgme_op_decrypt_verify (gpgme_ctx_t ctx, gpgme_data_t cipher,
gpgme_data_t plain);
+/* Decrypt ciphertext CIPHER within CTX and store the resulting
+ * plaintext in PLAIN. With the flag GPGME_DECRYPT_VERIFY also do a
+ * signature verification pn the plaintext. */
+gpgme_error_t gpgme_op_decrypt_ext_start (gpgme_ctx_t ctx,
+ gpgme_decrypt_flags_t flags,
+ gpgme_data_t cipher,
+ gpgme_data_t plain);
+gpgme_error_t gpgme_op_decrypt_ext (gpgme_ctx_t ctx,
+ gpgme_decrypt_flags_t flags,
+ gpgme_data_t cipher,
+ gpgme_data_t plain);
+
+
/*
* Signing.
diff --git a/src/libgpgme.vers b/src/libgpgme.vers
index 037a6ae2..adc8d7d4 100644
--- a/src/libgpgme.vers
+++ b/src/libgpgme.vers
@@ -129,6 +129,9 @@ GPGME_1.1 {
gpgme_op_set_uid_flag_start;
gpgme_op_set_uid_flag;
+
+ gpgme_op_decrypt_ext;
+ gpgme_op_decrypt_ext_start;
};
diff --git a/src/ops.h b/src/ops.h
index 97b1019f..cc61dc4f 100644
--- a/src/ops.h
+++ b/src/ops.h
@@ -89,6 +89,9 @@ gpgme_error_t _gpgme_op_decrypt_init_result (gpgme_ctx_t ctx);
gpgme_error_t _gpgme_decrypt_status_handler (void *priv,
gpgme_status_code_t code,
char *args);
+gpgme_error_t _gpgme_decrypt_start (gpgme_ctx_t ctx, int synchronous,
+ gpgme_decrypt_flags_t flags,
+ gpgme_data_t cipher, gpgme_data_t plain);
/* From signers.c. */
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 18:42:53 +0000