From f7700a016926f0d8e9cb3c0337837deb7fe01079 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 12 Apr 2018 09:17:27 +0200 Subject: core: Add new context flag "no-symkey-cache". * src/gpgme.c (gpgme_set_ctx_flag): Set flag. (gpgme_get_ctx_flag): Get flag. * src/context.h (struct gpgme_context): Add field no_symkey_cache. * src/engine-gpg.c (struct engine_gpg): Ditto. (gpg_set_engine_flags): Set flag. (build_argv): Pass option --no-symkey-cache to gpg. * tests/run-decrypt.c (print_result): Fix segv for symmetric messages. (main): New option --no-symkey-cache. * tests/run-encrypt.c (main): New option --no-symkey-cache. Signed-off-by: Werner Koch --- tests/run-decrypt.c | 20 +++++++++++++++++++- tests/run-encrypt.c | 39 ++++++++++++++++++++++++++++----------- 2 files changed, 47 insertions(+), 12 deletions(-) (limited to 'tests') diff --git a/tests/run-decrypt.c b/tests/run-decrypt.c index f4c47544..a2e82a0e 100644 --- a/tests/run-decrypt.c +++ b/tests/run-decrypt.c @@ -60,7 +60,7 @@ print_result (gpgme_decrypt_result_t result) if (result->session_key) printf ("Session key: %s\n", result->session_key); - for (recp = result->recipients; recp->next; recp = recp->next) + for (recp = result->recipients; recp && recp->next; recp = recp->next) { printf ("recipient %d\n", count++); printf (" status ....: %s\n", gpgme_strerror (recp->status)); @@ -82,6 +82,7 @@ show_usage (int ex) " --export-session-key show the session key\n" " --override-session-key STRING use STRING as session key\n" " --request-origin STRING use STRING as request origin\n" + " --no-symkey-cache disable the use of that cache\n" " --unwrap remove only the encryption layer\n" , stderr); exit (ex); @@ -104,6 +105,7 @@ main (int argc, char **argv) int export_session_key = 0; const char *override_session_key = NULL; const char *request_origin = NULL; + int no_symkey_cache = 0; int raw_output = 0; if (argc) @@ -160,6 +162,11 @@ main (int argc, char **argv) request_origin = *argv; argc--; argv++; } + else if (!strcmp (*argv, "--no-symkey-cache")) + { + no_symkey_cache = 1; + argc--; argv++; + } else if (!strcmp (*argv, "--unwrap")) { flags |= GPGME_DECRYPT_UNWRAP; @@ -226,6 +233,17 @@ main (int argc, char **argv) } } + if (no_symkey_cache) + { + err = gpgme_set_ctx_flag (ctx, "no-symkey-cache", "1"); + if (err) + { + fprintf (stderr, PGM ": error setting no-symkey-cache: %s\n", + gpgme_strerror (err)); + exit (1); + } + } + err = gpgme_data_new_from_stream (&in, fp_in); if (err) { diff --git a/tests/run-encrypt.c b/tests/run-encrypt.c index e949d760..51e2d60f 100644 --- a/tests/run-encrypt.c +++ b/tests/run-encrypt.c @@ -80,17 +80,18 @@ show_usage (int ex) { fputs ("usage: " PGM " [options] FILE\n\n" "Options:\n" - " --verbose run in verbose mode\n" - " --status print status lines from the backend\n" - " --progress print progress info\n" - " --openpgp use the OpenPGP protocol (default)\n" - " --cms use the CMS protocol\n" - " --uiserver use the UI server\n" - " --loopback use a loopback pinentry\n" - " --key NAME encrypt to key NAME\n" - " --throw-keyids use this option\n" - " --wrap assume input is valid OpenPGP message\n" - " --symmetric encrypt symmetric (OpenPGP only)\n" + " --verbose run in verbose mode\n" + " --status print status lines from the backend\n" + " --progress print progress info\n" + " --openpgp use the OpenPGP protocol (default)\n" + " --cms use the CMS protocol\n" + " --uiserver use the UI server\n" + " --loopback use a loopback pinentry\n" + " --key NAME encrypt to key NAME\n" + " --throw-keyids use this option\n" + " --no-symkey-cache disable the use of that cache\n" + " --wrap assume input is valid OpenPGP message\n" + " --symmetric encrypt symmetric (OpenPGP only)\n" , stderr); exit (ex); } @@ -115,6 +116,7 @@ main (int argc, char **argv) int i; gpgme_encrypt_flags_t flags = GPGME_ENCRYPT_ALWAYS_TRUST; gpgme_off_t offset; + int no_symkey_cache = 0; if (argc) { argc--; argv++; } @@ -192,6 +194,11 @@ main (int argc, char **argv) flags |= GPGME_ENCRYPT_SYMMETRIC; argc--; argv++; } + else if (!strcmp (*argv, "--no-symkey-cache")) + { + no_symkey_cache = 1; + argc--; argv++; + } else if (!strncmp (*argv, "--", 2)) show_usage (1); @@ -227,6 +234,16 @@ main (int argc, char **argv) gpgme_set_pinentry_mode (ctx, GPGME_PINENTRY_MODE_LOOPBACK); gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL); } + if (no_symkey_cache) + { + err = gpgme_set_ctx_flag (ctx, "no-symkey-cache", "1"); + if (err) + { + fprintf (stderr, PGM ": error setting no-symkey-cache: %s\n", + gpgme_strerror (err)); + exit (1); + } + } for (i=0; i < keycount; i++) { -- cgit v1.2.3 From bdf7cd2e28432cf0fa7e0758acdfee03d7bfd45f Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 12 Apr 2018 15:39:20 +0200 Subject: tests: Add another check to gpg/t-verify. * tests/gpg/t-verify.c (PGM): New. Use it instead of __FILE__. (test_sig1_plus_unknown_key): New test signature. (check_result): Allow checking of several signatures. (main): Check a signature with a know and an unknown key. Signed-off-by: Werner Koch --- tests/gpg/t-verify.c | 136 +++++++++++++++++++++++++++++++-------------------- 1 file changed, 84 insertions(+), 52 deletions(-) (limited to 'tests') diff --git a/tests/gpg/t-verify.c b/tests/gpg/t-verify.c index f955cc9d..ffc41eeb 100644 --- a/tests/gpg/t-verify.c +++ b/tests/gpg/t-verify.c @@ -31,31 +31,14 @@ #include +#define PGM "t-verify" #include "t-support.h" + static const char test_text1[] = "Just GNU it!\n"; static const char test_text1f[]= "Just GNU it?\n"; static const char test_sig1[] = -#if 0 -"-----BEGIN PGP SIGNATURE-----\n" -"\n" -"iEYEABECAAYFAjoKgjIACgkQLXJ8x2hpdzQMSwCeO/xUrhysZ7zJKPf/FyXA//u1\n" -"ZgIAn0204PBR7yxSdQx6CFxugstNqmRv\n" -"=yku6\n" -"-----END PGP SIGNATURE-----\n" -#elif 0 -"-----BEGIN PGP SIGNATURE-----\n" -"Version: GnuPG v1.0.4-2 (GNU/Linux)\n" -"Comment: For info see http://www.gnupg.org\n" -"\n" -"iJcEABECAFcFAjoS8/E1FIAAAAAACAAkZm9vYmFyLjF0aGlzIGlzIGEgbm90YXRp\n" -"b24gZGF0YSB3aXRoIDIgbGluZXMaGmh0dHA6Ly93d3cuZ3Uub3JnL3BvbGljeS8A\n" -"CgkQLXJ8x2hpdzQLyQCbBW/fgU8ZeWSlWPM1F8umHX17bAAAoIfSNDSp5zM85XcG\n" -"iwxMrf+u8v4r\n" -"=88Zo\n" -"-----END PGP SIGNATURE-----\n" -#elif 1 "-----BEGIN PGP SIGNATURE-----\n" "\n" "iN0EABECAJ0FAjoS+i9FFIAAAAAAAwA5YmFyw7bDpMO8w58gZGFzIHdhcmVuIFVt\n" @@ -64,9 +47,24 @@ static const char test_sig1[] = "Oi8vd3d3Lmd1Lm9yZy9wb2xpY3kvAAoJEC1yfMdoaXc0JBIAoIiLlUsvpMDOyGEc\n" "dADGKXF/Hcb+AKCJWPphZCphduxSvrzH0hgzHdeQaA==\n" "=nts1\n" -"-----END PGP SIGNATURE-----\n" -#endif -; +"-----END PGP SIGNATURE-----\n"; + +/* The same as test_sig1 but with a second signature for which we do + * not have the public key (deleted after signature creation). */ +static const char test_sig1_plus_unknown_key[] = +"-----BEGIN PGP SIGNATURE-----\n" +"\n" +"iN0EABECAJ0FAjoS+i9FFIAAAAAAAwA5YmFyw7bDpMO8w58gZGFzIHdhcmVuIFVt\n" +"bGF1dGUgdW5kIGpldHp0IGVpbiBwcm96ZW50JS1aZWljaGVuNRSAAAAAAAgAJGZv\n" +"b2Jhci4xdGhpcyBpcyBhIG5vdGF0aW9uIGRhdGEgd2l0aCAyIGxpbmVzGhpodHRw\n" +"Oi8vd3d3Lmd1Lm9yZy9wb2xpY3kvAAoJEC1yfMdoaXc0JBIAoIiLlUsvpMDOyGEc\n" +"dADGKXF/Hcb+AKCJWPphZCphduxSvrzH0hgzHdeQaIh1BAAWCAAdFiEENuwqcMZC\n" +"brD85btN+RyY8EnUIEwFAlrPR4cACgkQ+RyY8EnUIEyiuAEAm41LJTGUFDzhavRm\n" +"jNwqUZxGGOySduW+u/X1lEfV+MYA/2lJOo75rHtD1EG+tkFVWt4Ukj0rjhR132vZ\n" +"IOtrYAcG\n" +"=yYwZ\n" +"-----END PGP SIGNATURE-----\n"; + static const char test_sig2[] = "-----BEGIN PGP MESSAGE-----\n" "\n" @@ -91,37 +89,51 @@ static const char double_plaintext_sig[] = +/* NO_OF_SIGS is the expected number of signatures. SKIP_SKIPS is + * which of these signatures to check (0 based). */ static void -check_result (gpgme_verify_result_t result, unsigned int summary, - const char *fpr, +check_result (gpgme_verify_result_t result, int no_of_sigs, int skip_sigs, + unsigned int summary, const char *fpr, gpgme_error_t status, int notation) { gpgme_signature_t sig; + int n; sig = result->signatures; - if (!sig || sig->next) + for (n=0; sig; sig = sig->next) + n++; + if (n != no_of_sigs) { - fprintf (stderr, "%s:%i: Unexpected number of signatures\n", - __FILE__, __LINE__); + fprintf (stderr, "%s:%i: Unexpected number of signatures" + " (got %d expected %d)\n", PGM, __LINE__, n, no_of_sigs); exit (1); } + if (skip_sigs >= n) + { + fprintf (stderr, "%s:%i: oops SKIPP_SIGS to high\n", PGM, __LINE__); + exit (1); + } + + for (n=0, sig = result->signatures; n < skip_sigs; sig = sig->next, n++) + ; + if (sig->summary != summary) { - fprintf (stderr, "%s:%i: Unexpected signature summary: " + fprintf (stderr, "%s:%i:sig-%d: Unexpected signature summary: " "want=0x%x have=0x%x\n", - __FILE__, __LINE__, summary, sig->summary); + PGM, __LINE__, skip_sigs, summary, sig->summary); exit (1); } if (strcmp (sig->fpr, fpr)) { - fprintf (stderr, "%s:%i: Unexpected fingerprint: %s\n", - __FILE__, __LINE__, sig->fpr); + fprintf (stderr, "%s:%i:sig-%d: Unexpected fingerprint: %s\n", + PGM, __LINE__, skip_sigs, sig->fpr); exit (1); } if (gpgme_err_code (sig->status) != status) { - fprintf (stderr, "%s:%i: Unexpected signature status: %s\n", - __FILE__, __LINE__, gpgme_strerror (sig->status)); + fprintf (stderr, "%s:%i:sig-%d: Unexpected signature status: %s\n", + PGM, __LINE__, skip_sigs, gpgme_strerror (sig->status)); exit (1); } if (notation) @@ -166,8 +178,8 @@ check_result (gpgme_verify_result_t result, unsigned int summary, } if (!any) { - fprintf (stderr, "%s:%i: Unexpected notation data\n", - __FILE__, __LINE__); + fprintf (stderr, "%s:%i:sig-%d: Unexpected notation data\n", + PGM, __LINE__, skip_sigs); exit (1); } } @@ -175,28 +187,30 @@ check_result (gpgme_verify_result_t result, unsigned int summary, { if (expected_notations[i].seen != 1) { - fprintf (stderr, "%s:%i: Missing or duplicate notation data\n", - __FILE__, __LINE__); + fprintf (stderr, "%s:%i:sig-%d: " + "Missing or duplicate notation data\n", + PGM, __LINE__, skip_sigs); exit (1); } } } if (sig->wrong_key_usage) { - fprintf (stderr, "%s:%i: Unexpectedly wrong key usage\n", - __FILE__, __LINE__); + fprintf (stderr, "%s:%i:sig-%d: Unexpectedly wrong key usage\n", + PGM, __LINE__, skip_sigs); exit (1); } if (sig->validity != GPGME_VALIDITY_UNKNOWN) { - fprintf (stderr, "%s:%i: Unexpected validity: %i\n", - __FILE__, __LINE__, sig->validity); + fprintf (stderr, "%s:%i:sig-%d: Unexpected validity: %i\n", + PGM, __LINE__, skip_sigs, sig->validity); exit (1); } if (gpgme_err_code (sig->validity_reason) != GPG_ERR_NO_ERROR) { - fprintf (stderr, "%s:%i: Unexpected validity reason: %s\n", - __FILE__, __LINE__, gpgme_strerror (sig->validity_reason)); + fprintf (stderr, "%s:%i:sig-%d: Unexpected validity reason: %s\n", + PGM, __LINE__, skip_sigs, + gpgme_strerror (sig->validity_reason)); exit (1); } } @@ -227,7 +241,7 @@ main (int argc, char *argv[]) err = gpgme_op_verify (ctx, sig, text, NULL); fail_if_err (err); result = gpgme_op_verify_result (ctx); - check_result (result, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734", + check_result (result, 1, 0, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734", GPG_ERR_NO_ERROR, 1); /* Checking a manipulated message. */ @@ -238,9 +252,27 @@ main (int argc, char *argv[]) err = gpgme_op_verify (ctx, sig, text, NULL); fail_if_err (err); result = gpgme_op_verify_result (ctx); - check_result (result, GPGME_SIGSUM_RED, "2D727CC768697734", + check_result (result, 1, 0, GPGME_SIGSUM_RED, "2D727CC768697734", GPG_ERR_BAD_SIGNATURE, 0); + /* Checking a valid message. Bu that one has a second signature + * made by an unknown key. */ + gpgme_data_release (text); + gpgme_data_release (sig); + err = gpgme_data_new_from_mem (&text, test_text1, strlen (test_text1), 0); + fail_if_err (err); + err = gpgme_data_new_from_mem (&sig, test_sig1_plus_unknown_key, + strlen (test_sig1_plus_unknown_key), 0); + fail_if_err (err); + err = gpgme_op_verify (ctx, sig, text, NULL); + fail_if_err (err); + result = gpgme_op_verify_result (ctx); + check_result (result, 2, 0, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734", + GPG_ERR_NO_ERROR, 1); + check_result (result, 2, 1, 0, "36EC2A70C6426EB0FCE5BB4DF91C98F049D4204C", + GPG_ERR_NO_ERROR, 0); + + /* Checking a normal signature. */ gpgme_data_release (sig); gpgme_data_release (text); @@ -251,7 +283,7 @@ main (int argc, char *argv[]) err = gpgme_op_verify (ctx, sig, NULL, text); fail_if_err (err); result = gpgme_op_verify_result (ctx); - check_result (result, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734", + check_result (result, 1, 0, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734", GPG_ERR_NO_ERROR, 0); @@ -267,7 +299,7 @@ main (int argc, char *argv[]) if (gpgme_err_code (err) != GPG_ERR_BAD_DATA) { fprintf (stderr, "%s:%i: Double plaintext message not detected\n", - __FILE__, __LINE__); + PGM, __LINE__); exit (1); } @@ -278,7 +310,7 @@ main (int argc, char *argv[]) if (!s || strcmp (s, "foo@example.org")) { fprintf (stderr, "%s:%i: gpgme_{set,get}_sender mismatch\n", - __FILE__, __LINE__); + PGM, __LINE__); exit (1); } @@ -288,7 +320,7 @@ main (int argc, char *argv[]) if (!s || strcmp (s, "bar@example.org")) { fprintf (stderr, "%s:%i: gpgme_{set,get}_sender mismatch\n", - __FILE__, __LINE__); + PGM, __LINE__); exit (1); } @@ -298,7 +330,7 @@ main (int argc, char *argv[]) if (!s || strcmp (s, "foo@example.org")) { fprintf (stderr, "%s:%i: gpgme_{set,get}_sender mismatch\n", - __FILE__, __LINE__); + PGM, __LINE__); exit (1); } @@ -306,7 +338,7 @@ main (int argc, char *argv[]) if (gpgme_err_code (err) != GPG_ERR_INV_VALUE) { fprintf (stderr, "%s:%i: gpgme_set_sender didn't detect bogus address\n", - __FILE__, __LINE__); + PGM, __LINE__); exit (1); } /* (the former address should still be there.) */ @@ -314,7 +346,7 @@ main (int argc, char *argv[]) if (!s || strcmp (s, "foo@example.org")) { fprintf (stderr, "%s:%i: gpgme_{set,get}_sender mismatch\n", - __FILE__, __LINE__); + PGM, __LINE__); exit (1); } -- cgit v1.2.3 From ee8fad3ea0cbc82f31c86b3483abd8549df62b69 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 12 Apr 2018 15:59:22 +0200 Subject: tests: Avoid segv in run-verify due to Policy URLs * tests/run-verify.c (print_result): Take care of Policy URLs. Signed-off-by: Werner Koch --- tests/run-verify.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) (limited to 'tests') diff --git a/tests/run-verify.c b/tests/run-verify.c index b22e6446..699bfd1f 100644 --- a/tests/run-verify.c +++ b/tests/run-verify.c @@ -163,15 +163,22 @@ print_result (gpgme_verify_result_t result) ); for (nt = sig->notations; nt; nt = nt->next) { - printf (" notation ..: '%s'\n", nt->name); - if (strlen (nt->name) != nt->name_len) - printf (" warning : name larger (%d)\n", nt->name_len); - printf (" flags ...:%s%s (0x%02x)\n", - nt->critical? " critical":"", - nt->human_readable? " human":"", - nt->flags); - if (nt->value) - printf (" value ...: '%s'\n", nt->value); + if (nt->name) + { + printf (" notation ..: '%s'\n", nt->name); + if (strlen (nt->name) != nt->name_len) + printf (" warning : name larger (%d)\n", nt->name_len); + printf (" flags ...:%s%s (0x%02x)\n", + nt->critical? " critical":"", + nt->human_readable? " human":"", + nt->flags); + if (nt->value) + printf (" value ...: '%s'\n", nt->value); + } + else + { + printf (" policy ....: '%s'\n", nt->value); + } if ((nt->value?strlen (nt->value):0) != nt->value_len) printf (" warning : value larger (%d)\n", nt->value_len); } -- cgit v1.2.3 From b99502274ae5efdf6df0d967900ec3d1e64373d7 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 12 Apr 2018 20:36:30 +0200 Subject: core: Tweak STATUS_FAILURE handling. * src/op-support.c (_gpgme_parse_failure): Ignore failures with location "gpg-exit". * tests/gpg/t-verify.c (main): Adjust for the now working checking of the second key. Signed-off-by: Werner Koch --- tests/gpg/t-verify.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'tests') diff --git a/tests/gpg/t-verify.c b/tests/gpg/t-verify.c index ffc41eeb..7c23406f 100644 --- a/tests/gpg/t-verify.c +++ b/tests/gpg/t-verify.c @@ -267,10 +267,12 @@ main (int argc, char *argv[]) err = gpgme_op_verify (ctx, sig, text, NULL); fail_if_err (err); result = gpgme_op_verify_result (ctx); - check_result (result, 2, 0, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734", + check_result (result, 2, 0, 0, + "A0FF4590BB6122EDEF6E3C542D727CC768697734", GPG_ERR_NO_ERROR, 1); - check_result (result, 2, 1, 0, "36EC2A70C6426EB0FCE5BB4DF91C98F049D4204C", - GPG_ERR_NO_ERROR, 0); + check_result (result, 2, 1, GPGME_SIGSUM_KEY_MISSING, + "36EC2A70C6426EB0FCE5BB4DF91C98F049D4204C", + GPG_ERR_NO_PUBKEY, 0); /* Checking a normal signature. */ -- cgit v1.2.3 From a1f76b3b54b75a150fe272b804d85ffd40a507a6 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 17 Apr 2018 08:33:44 +0200 Subject: core: Add extended versions of the encrypt functions. * src/gpgme.h.in (gpgme_op_encrypt_ext_start) New. (gpgme_op_encrypt_ext): New. (gpgme_op_encrypt_sign_ext_start): New. (gpgme_op_encrypt_sign_ext): New. * src/libgpgme.vers, tests/run-encrypt.c: Add them. * src/encrypt.c (encrypt_start): Add arg recpstring. (gpgme_op_encrypt): Factor code out to ... (gpgme_op_encrypt_ext): new function with new arg recpstring. (gpgme_op_encrypt_start): Factor code out to ... (gpgme_op_encrypt_ext_start): new function with new arg recpstring. * src/encrypt-sign.c (encrypt_sign_start): Add arg recpstring. (gpgme_op_encrypt_sign): Factor code out to ... (gpgme_op_encrypt_sign_ext): new function with new arg recpstring. (gpgme_op_encrypt_sign_start): Factor code out to ... (gpgme_op_encrypt_sign_ext_start): new function with new arg recpstring. * src/engine-backend.h (struct engine_ops): Change fields encrypt and encrypt_sign. * src/engine.c (_gpgme_engine_op_encrypt): Add arg recpstring and pass to engine. (_gpgme_engine_op_encrypt_sign): Ditto. * src/engine-gpg.c (append_args_from_recipients_string): New. (gpg_encrypt): Add arg recpstring and call new function as needed. (gpg_encrypt_sign): Ditto. * src/engine-gpgsm.c (set_recipients_from_string): New. (gpgsm_encrypt): Add arg recpstring and call new function as needed. * src/engine-uiserver.c (set_recipients_from_string): New. (uiserver_encrypt): Add arg recpstring and call new function as needed. * tests/run-encrypt.c (xstrdup): New. (main): Add option --keystring. * src/gpgme-json.c (get_keys): Simplify. (op_encrypt): Modify to make use of the extended encrypt function. -- This new feature can be used to avoid the need for a key lookup and thus several extra calls to the backend. Note that run-test uses a semicolon as delimiter because that make testing the feature on the command line much easier. Signed-off-by: Werner Koch --- tests/run-encrypt.c | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) (limited to 'tests') diff --git a/tests/run-encrypt.c b/tests/run-encrypt.c index 51e2d60f..94084694 100644 --- a/tests/run-encrypt.c +++ b/tests/run-encrypt.c @@ -37,6 +37,19 @@ static int verbose; +static char * +xstrdup (const char *string) +{ + char *p = strdup (string); + if (!p) + { + fprintf (stderr, "strdup failed\n"); + exit (2); + } + return p; +} + + static gpg_error_t status_cb (void *opaque, const char *keyword, const char *value) { @@ -88,6 +101,7 @@ show_usage (int ex) " --uiserver use the UI server\n" " --loopback use a loopback pinentry\n" " --key NAME encrypt to key NAME\n" + " --keystring NAMES encrypt to ';' delimited NAMES\n" " --throw-keyids use this option\n" " --no-symkey-cache disable the use of that cache\n" " --wrap assume input is valid OpenPGP message\n" @@ -103,7 +117,6 @@ main (int argc, char **argv) int last_argc = -1; gpgme_error_t err; gpgme_ctx_t ctx; - const char *key_string = NULL; gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; gpgme_data_t in, out; gpgme_encrypt_result_t result; @@ -113,6 +126,7 @@ main (int argc, char **argv) char *keyargs[10]; gpgme_key_t keys[10+1]; int keycount = 0; + char *keystring = NULL; int i; gpgme_encrypt_flags_t flags = GPGME_ENCRYPT_ALWAYS_TRUST; gpgme_off_t offset; @@ -174,6 +188,17 @@ main (int argc, char **argv) keyargs[keycount++] = *argv; argc--; argv++; } + else if (!strcmp (*argv, "--keystring")) + { + argc--; argv++; + if (!argc) + show_usage (1); + keystring = xstrdup (*argv); + for (i=0; keystring[i]; i++) + if (keystring[i] == ';') + keystring[i] = '\n'; + argc--; argv++; + } else if (!strcmp (*argv, "--throw-keyids")) { flags |= GPGME_ENCRYPT_THROW_KEYIDS; @@ -207,15 +232,6 @@ main (int argc, char **argv) if (argc != 1) show_usage (1); - if (key_string && protocol == GPGME_PROTOCOL_UISERVER) - { - fprintf (stderr, PGM ": ignoring --key in UI-server mode\n"); - key_string = NULL; - } - - if (!key_string) - key_string = "test"; - init_gpgme (protocol); err = gpgme_new (&ctx); @@ -298,7 +314,8 @@ main (int argc, char **argv) err = gpgme_data_new (&out); fail_if_err (err); - err = gpgme_op_encrypt (ctx, keycount ? keys : NULL, flags, in, out); + err = gpgme_op_encrypt_ext (ctx, keycount ? keys : NULL, keystring, + flags, in, out); result = gpgme_op_encrypt_result (ctx); if (result) print_result (result); @@ -318,5 +335,6 @@ main (int argc, char **argv) for (i=0; i < keycount; i++) gpgme_key_unref (keys[i]); gpgme_release (ctx); + free (keystring); return 0; } -- cgit v1.2.3 From 01435da498af9f7538d7ee810392d7eaa407957e Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 17 Apr 2018 13:48:56 +0200 Subject: core: Extend decryption result with symkey_algo. * src/gpgme.h.in (gpgme_op_decrypt_result_t): Add field 'symkey_algo'. * src/decrypt.c (release_op_data): Free SYMKEY_ALGO. (gpgme_op_decrypt_result): Make sure SYMKEY_ALGO is not NULL. (parse_decryption_info): New. (_gpgme_decrypt_status_handler): Parse DECRYPTION_INFO status. * src/conversion.c (_gpgme_cipher_algo_name): New. (_gpgme_cipher_mode_name): New. * tests/run-decrypt.c (print_result): Print SYMKEY_ALGO * src/util.h (_gpgme_map_gnupg_error): Remove obsolete prototype. -- Signed-off-by: Werner Koch --- tests/run-decrypt.c | 1 + 1 file changed, 1 insertion(+) (limited to 'tests') diff --git a/tests/run-decrypt.c b/tests/run-decrypt.c index a2e82a0e..8eb6ba09 100644 --- a/tests/run-decrypt.c +++ b/tests/run-decrypt.c @@ -59,6 +59,7 @@ print_result (gpgme_decrypt_result_t result) nonnull(result->unsupported_algorithm)); if (result->session_key) printf ("Session key: %s\n", result->session_key); + printf ("Symmetric algorithm: %s\n", result->symkey_algo); for (recp = result->recipients; recp && recp->next; recp = recp->next) { -- cgit v1.2.3 From 65479fe7b871ad6237d5a8959b73afcc7db784da Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 18 Apr 2018 15:20:35 +0200 Subject: core: Add 'is_mime' flags to the verify and decrypt results. * src/op-support.c (_gpgme_parse_plaintext): Add arg r_mime. * src/decrypt.c (_gpgme_decrypt_status_handler): Ser mime flag. * src/verify.c (_gpgme_verify_status_handler): Ditto. * src/gpgme.h.in (gpgme_op_verify_result_t): Append fields 'is_mime' and '_unused'. (gpgme_op_decrypt_result_t): New field 'is_mime'. Shrink '_unused'. * tests/run-decrypt.c (print_result): Print MIME flag. * tests/run-verify.c (print_result): Ditto. -- Note that this flag (Liternal Data packet's 'm' mode) is only specified in RFC-4880bis. To use it you currently need to add "rfc4880bis" to the the gpg.conf. Signed-off-by: Werner Koch --- tests/run-decrypt.c | 21 +++++++++++---------- tests/run-verify.c | 9 +++++---- 2 files changed, 16 insertions(+), 14 deletions(-) (limited to 'tests') diff --git a/tests/run-decrypt.c b/tests/run-decrypt.c index 8eb6ba09..69de139c 100644 --- a/tests/run-decrypt.c +++ b/tests/run-decrypt.c @@ -53,20 +53,21 @@ print_result (gpgme_decrypt_result_t result) gpgme_recipient_t recp; int count = 0; - printf ("Original file name: %s\n", nonnull(result->file_name)); - printf ("Wrong key usage: %i\n", result->wrong_key_usage); - printf ("Unsupported algorithm: %s\n", - nonnull(result->unsupported_algorithm)); - if (result->session_key) - printf ("Session key: %s\n", result->session_key); - printf ("Symmetric algorithm: %s\n", result->symkey_algo); + printf ("Original file name .: %s\n", nonnull(result->file_name)); + printf ("Wrong key usage ....: %s\n", result->wrong_key_usage? "yes":"no"); + printf ("Compliance de-vs ...: %s\n", result->is_de_vs? "yes":"no"); + printf ("MIME flag ..........: %s\n", result->is_mime? "yes":"no"); + printf ("Unsupported algo ...: %s\n", nonnull(result->unsupported_algorithm)); + printf ("Session key ........: %s\n", nonnull (result->session_key)); + printf ("Symmetric algorithm : %s\n", result->symkey_algo); for (recp = result->recipients; recp && recp->next; recp = recp->next) { - printf ("recipient %d\n", count++); + printf ("Recipient ...: %d\n", count++); printf (" status ....: %s\n", gpgme_strerror (recp->status)); - printf (" keyid: %s\n", nonnull (recp->keyid)); - printf (" algo ...: %s\n", gpgme_pubkey_algo_name (recp->pubkey_algo)); + printf (" keyid .....: %s\n", nonnull (recp->keyid)); + printf (" algo ......: %s\n", + gpgme_pubkey_algo_name (recp->pubkey_algo)); } } diff --git a/tests/run-verify.c b/tests/run-verify.c index 699bfd1f..4a6c9601 100644 --- a/tests/run-verify.c +++ b/tests/run-verify.c @@ -136,10 +136,11 @@ print_result (gpgme_verify_result_t result) gpgme_tofu_info_t ti; int count = 0; - printf ("Original file name: %s\n", nonnull(result->file_name)); + printf ("Original file name .: %s\n", nonnull(result->file_name)); + printf ("MIME flag ..........: %s\n", result->is_mime? "yes":"no"); for (sig = result->signatures; sig; sig = sig->next) { - printf ("Signature %d\n", count++); + printf ("Signature ...: %d\n", count++); printf (" status ....: %s\n", gpgme_strerror (sig->status)); printf (" summary ...:"); print_summary (sig->summary); putchar ('\n'); printf (" fingerprint: %s\n", nonnull (sig->fpr)); @@ -167,7 +168,7 @@ print_result (gpgme_verify_result_t result) { printf (" notation ..: '%s'\n", nt->name); if (strlen (nt->name) != nt->name_len) - printf (" warning : name larger (%d)\n", nt->name_len); + printf (" warning .: name larger (%d)\n", nt->name_len); printf (" flags ...:%s%s (0x%02x)\n", nt->critical? " critical":"", nt->human_readable? " human":"", @@ -180,7 +181,7 @@ print_result (gpgme_verify_result_t result) printf (" policy ....: '%s'\n", nt->value); } if ((nt->value?strlen (nt->value):0) != nt->value_len) - printf (" warning : value larger (%d)\n", nt->value_len); + printf (" warning .: value larger (%d)\n", nt->value_len); } if (sig->key) { -- cgit v1.2.3 From 3d8e5c07511938a0b30b4626530822338abd9ec0 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 19 Apr 2018 10:29:30 +0200 Subject: tests: Fix t-verify test for GnuPG < 2.2.7. * tests/gpg/t-verify.c (check_result): Tweak for gnupg < 2.2.7. -- The not yet releases 2.2.7-beta may print a full fingerprint in the ERRSIG status. This is compliant with the dscription but the new t-verify test case did not took in account that older GnuPG versions print only a keyid. Fixes-commit: b99502274ae5efdf6df0d967900ec3d1e64373d7 GnUPG-bug-id: 3920 Signed-off-by: Werner Koch --- tests/gpg/t-verify.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'tests') diff --git a/tests/gpg/t-verify.c b/tests/gpg/t-verify.c index 7c23406f..fa0164ac 100644 --- a/tests/gpg/t-verify.c +++ b/tests/gpg/t-verify.c @@ -126,9 +126,15 @@ check_result (gpgme_verify_result_t result, int no_of_sigs, int skip_sigs, } if (strcmp (sig->fpr, fpr)) { - fprintf (stderr, "%s:%i:sig-%d: Unexpected fingerprint: %s\n", - PGM, __LINE__, skip_sigs, sig->fpr); - exit (1); + if (strlen (sig->fpr) == 16 && strlen (fpr) == 40 + && !strncmp (sig->fpr, fpr + 24, 16)) + ; /* okay because gnupg < 2.2.6 only shows the keyid. */ + else + { + fprintf (stderr, "%s:%i:sig-%d: Unexpected fingerprint: %s\n", + PGM, __LINE__, skip_sigs, sig->fpr); + exit (1); + } } if (gpgme_err_code (sig->status) != status) { -- cgit v1.2.3