From 95ea3bf831aeac201108876e73750692aa1ba3f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
Date: Tue, 24 Jan 2023 11:05:52 +0100
Subject: core: Support usage of gpgtar for decrypting an encrypted archive

* src/gpgme.h.in (GPGME_DECRYPT_ARCHIVE): New decryption flag.
* src/engine-gpg.c (gpg_decrypt): Set use_gpgtar engine flag if
GPGME_DECRYPT_ARCHIVE flag is set. Check for new enough gpg and
incompatible flags. Use add_gpg_arg_with_value for gpg-only options
with a value and add_gpg_arg for gpg-only options without a value.
Set extra options for gpgtar and pass input data to stdin when using
gpgtar.

* tests/run-decrypt.c (show_usage): New options --archive and
--directory.
(main): Parse new options. Decrypt with gpgtar if --archive is given.
Set file name of output data to value of --directory option.
--

GnuPG-bug-id: 6342
---
 src/engine-gpg.c | 67 +++++++++++++++++++++++++++++++++++++++-----------------
 src/gpgme.h.in   |  1 +
 2 files changed, 48 insertions(+), 20 deletions(-)

(limited to 'src')

diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 06eb3e18..86422112 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -310,7 +310,8 @@ add_gpg_arg (engine_gpg_t gpg, const char *arg)
 }
 
 static gpgme_error_t
-add_gpg_arg_with_value (engine_gpg_t gpg, const char *arg, const char *value, int front)
+add_gpg_arg_with_value (engine_gpg_t gpg, const char *arg, const char *value,
+                        int front)
 {
   return _add_arg (gpg, arg, value, strlen (value), front, NULL, 1);
 }
@@ -1829,6 +1830,14 @@ gpg_decrypt (void *engine,
   engine_gpg_t gpg = engine;
   gpgme_error_t err;
 
+  gpg->flags.use_gpgtar = !!(flags & GPGME_DECRYPT_ARCHIVE);
+
+  if (gpg->flags.use_gpgtar && !have_gpg_version (gpg, "2.3.5"))
+    return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+  if (gpg->flags.use_gpgtar && (flags & GPGME_DECRYPT_UNWRAP))
+    return gpg_error (GPG_ERR_INV_VALUE);
+
   err = add_arg (gpg, "--decrypt");
 
   if (!err && (flags & GPGME_DECRYPT_UNWRAP))
@@ -1840,17 +1849,17 @@ gpg_decrypt (void *engine,
     }
 
   if (!err && export_session_key)
-    err = add_arg (gpg, "--show-session-key");
+    err = add_gpg_arg (gpg, "--show-session-key");
 
   if (!err && auto_key_retrieve)
-    err = add_arg (gpg, "--auto-key-retrieve");
+    err = add_gpg_arg (gpg, "--auto-key-retrieve");
 
   if (!err && gpg->flags.auto_key_import)
-    err = add_arg (gpg, "--auto-key-import");
+    err = add_gpg_arg (gpg, "--auto-key-import");
 
   if (!err && override_session_key && *override_session_key)
     {
-      if (have_gpg_version (gpg, "2.1.16"))
+      if (have_gpg_version (gpg, "2.1.16") && !gpg->flags.use_gpgtar)
         {
           gpgme_data_release (gpg->override_session_key);
           TRACE (DEBUG_ENGINE, "override", gpg, "seskey='%s' len=%zu\n",
@@ -1880,25 +1889,43 @@ gpg_decrypt (void *engine,
       else
         {
           /* Using that option may leak the session key via ps(1).  */
-          err = add_arg (gpg, "--override-session-key");
-          if (!err)
-            err = add_arg (gpg, override_session_key);
+          err = add_gpg_arg_with_value (gpg, "--override-session-key=",
+                                        override_session_key, 0);
         }
     }
 
   /* Tell the gpg object about the data.  */
-  if (!err)
-    err = add_arg (gpg, "--output");
-  if (!err)
-    err = add_arg (gpg, "-");
-  if (!err)
-    err = add_data (gpg, plain, 1, 1);
-  if (!err)
-    err = add_input_size_hint (gpg, ciph);
-  if (!err)
-    err = add_arg (gpg, "--");
-  if (!err)
-    err = add_data (gpg, ciph, -1, 0);
+  if (gpg->flags.use_gpgtar)
+    {
+      const char *file_name = gpgme_data_get_file_name (plain);
+      if (!err && file_name)
+        {
+          err = add_arg (gpg, "--directory");
+          if (!err)
+            err = add_arg (gpg, file_name);
+        }
+      if (!err)
+        err = add_input_size_hint (gpg, ciph);
+      if (!err)
+        err = add_arg (gpg, "--");
+      if (!err)
+        err = add_data (gpg, ciph, 0, 0);
+    }
+  else
+    {
+      if (!err)
+        err = add_arg (gpg, "--output");
+      if (!err)
+        err = add_arg (gpg, "-");
+      if (!err)
+        err = add_data (gpg, plain, 1, 1);
+      if (!err)
+        err = add_input_size_hint (gpg, ciph);
+      if (!err)
+        err = add_arg (gpg, "--");
+      if (!err)
+        err = add_data (gpg, ciph, -1, 0);
+    }
 
   if (!err)
     err = start (gpg);
diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index fabba257..b498cd3b 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -1426,6 +1426,7 @@ gpgme_decrypt_result_t gpgme_op_decrypt_result (gpgme_ctx_t ctx);
 typedef enum
   {
     GPGME_DECRYPT_VERIFY = 1,
+    GPGME_DECRYPT_ARCHIVE = 2,
     GPGME_DECRYPT_UNWRAP = 128
   }
 gpgme_decrypt_flags_t;
-- 
cgit v1.2.3