diff options
| author | Werner Koch <[email protected]> | 2016-11-15 09:29:48 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2016-11-15 09:34:13 +0000 |
| commit | 7659d42468b604db2936b021425683f407eba4a7 (patch) | |
| tree | 71ee551bdd948598d0e9015ae2ec10366c0be373 /src | |
| parent | core: Add public function gpgme_get_ctx_flag. (diff) | |
| download | gpgme-7659d42468b604db2936b021425683f407eba4a7.tar.gz gpgme-7659d42468b604db2936b021425683f407eba4a7.zip | |
core: Implement context flag "override-session-key".
* src/gpgme.c (gpgme_set_ctx_flag): Add flags "export-session-key" and
"override-session-key".
(gpgme_get_ctx_flag): Ditto.
(gpgme_set_export_session_keys): Remove.
(gpgme_get_export_session_keys): Remove.
* src/gpgme.def, src/libgpgme.vers: Remove them.
* src/context.h (struct gpgme_context): Add field
override_session_key.
* src/decrypt-verify.c (decrypt_verify_start): Pass
override_session_key value to the engine.
* src/decrypt.c (decrypt_start): Ditto.
* src/engine.c (_gpgme_engine_op_decrypt): Ditto.
(_gpgme_engine_op_decrypt_verify): Ditto.
* src/engine-backend.h (struct engine_ops): Extend DECRYPT and
DECRYPT_VERIFY_START with override_session_key.
* src/engine-uiserver.c (_uiserver_decrypt): Add stub arg
override_session_key.
(uiserver_decrypt): Ditto.
(uiserver_decrypt_verify): Ditto.
* src/engine-gpgsm.c (gpgsm_decrypt): Ditto.
* src/engine-gpg.c (gpg_decrypt): Add arg override_session_key and set
corresponding gpg option.
* tests/run-decrypt.c (print_result): Print the session key if
available.
(main): Add options --export-session-key and --override-session-key.
--
To keep the number of context manipulation functions at bay, this
patches removes the just added gpgme_set_export_session_keys and
gpgme_get_export_session_keys by flags for the generic context
function.
The patch also implements the --override-session-key feature.
GnuPG-bug-id: 2754
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to '')
| -rw-r--r-- | src/context.h | 3 | ||||
| -rw-r--r-- | src/decrypt-verify.c | 4 | ||||
| -rw-r--r-- | src/decrypt.c | 6 | ||||
| -rw-r--r-- | src/engine-backend.h | 6 | ||||
| -rw-r--r-- | src/engine-gpg.c | 10 | ||||
| -rw-r--r-- | src/engine-gpgsm.c | 5 | ||||
| -rw-r--r-- | src/engine-uiserver.c | 18 | ||||
| -rw-r--r-- | src/engine.c | 13 | ||||
| -rw-r--r-- | src/engine.h | 7 | ||||
| -rw-r--r-- | src/gpgme.c | 46 | ||||
| -rw-r--r-- | src/gpgme.def | 4 | ||||
| -rw-r--r-- | src/gpgme.h.in | 7 | ||||
| -rw-r--r-- | src/libgpgme.vers | 3 |
13 files changed, 76 insertions, 56 deletions
diff --git a/src/context.h b/src/context.h index 94935c80..d915b994 100644 --- a/src/context.h +++ b/src/context.h @@ -135,6 +135,9 @@ struct gpgme_context /* The sender's addr-spec or NULL. */ char *sender; + /* The gpg specific override session key or NULL. */ + char *override_session_key; + /* The locale for the pinentry. */ char *lc_ctype; char *lc_messages; diff --git a/src/decrypt-verify.c b/src/decrypt-verify.c index 00d256a9..e0aa8ea9 100644 --- a/src/decrypt-verify.c +++ b/src/decrypt-verify.c @@ -77,7 +77,9 @@ decrypt_verify_start (gpgme_ctx_t ctx, int synchronous, _gpgme_engine_set_status_handler (ctx->engine, decrypt_verify_status_handler, ctx); - return _gpgme_engine_op_decrypt_verify (ctx->engine, cipher, plain, ctx->export_session_keys); + return _gpgme_engine_op_decrypt_verify (ctx->engine, cipher, plain, + ctx->export_session_keys, + ctx->override_session_key); } diff --git a/src/decrypt.c b/src/decrypt.c index 49c735ca..43717c0d 100644 --- a/src/decrypt.c +++ b/src/decrypt.c @@ -360,7 +360,7 @@ _gpgme_op_decrypt_init_result (gpgme_ctx_t ctx) static gpgme_error_t decrypt_start (gpgme_ctx_t ctx, int synchronous, - gpgme_data_t cipher, gpgme_data_t plain) + gpgme_data_t cipher, gpgme_data_t plain) { gpgme_error_t err; @@ -390,7 +390,9 @@ decrypt_start (gpgme_ctx_t ctx, int synchronous, _gpgme_engine_set_status_handler (ctx->engine, decrypt_status_handler, ctx); - return _gpgme_engine_op_decrypt (ctx->engine, cipher, plain, ctx->export_session_keys); + return _gpgme_engine_op_decrypt (ctx->engine, cipher, plain, + ctx->export_session_keys, + ctx->override_session_key); } diff --git a/src/engine-backend.h b/src/engine-backend.h index 144b1561..cfc624d4 100644 --- a/src/engine-backend.h +++ b/src/engine-backend.h @@ -62,9 +62,11 @@ struct engine_ops gpgme_error_t (*set_locale) (void *engine, int category, const char *value); gpgme_error_t (*set_protocol) (void *engine, gpgme_protocol_t protocol); gpgme_error_t (*decrypt) (void *engine, gpgme_data_t ciph, - gpgme_data_t plain, int export_session_key); + gpgme_data_t plain, int export_session_key, + const char *override_session_key); gpgme_error_t (*decrypt_verify) (void *engine, gpgme_data_t ciph, - gpgme_data_t plain, int export_session_key); + gpgme_data_t plain, int export_session_key, + const char *override_session_key); gpgme_error_t (*delete) (void *engine, gpgme_key_t key, int allow_secret); gpgme_error_t (*edit) (void *engine, int type, gpgme_key_t key, gpgme_data_t out, gpgme_ctx_t ctx /* FIXME */); diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 0e43c248..21ed5bc3 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -1550,7 +1550,8 @@ add_input_size_hint (engine_gpg_t gpg, gpgme_data_t data) static gpgme_error_t -gpg_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain, int export_session_key) +gpg_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain, + int export_session_key, const char *override_session_key) { engine_gpg_t gpg = engine; gpgme_error_t err; @@ -1560,6 +1561,13 @@ gpg_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain, int export_ses if (!err && export_session_key) err = add_arg (gpg, "--show-session-key"); + if (!err && override_session_key && *override_session_key) + { + err = add_arg (gpg, "--override-session-key"); + if (!err) + err = add_arg (gpg, override_session_key); + } + /* Tell the gpg object about the data. */ if (!err) err = add_arg (gpg, "--output"); diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 2ff353b9..d1be049e 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -1120,13 +1120,16 @@ gpgsm_reset (void *engine) static gpgme_error_t -gpgsm_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain, int export_session_key) +gpgsm_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain, + int export_session_key, const char *override_session_key) { engine_gpgsm_t gpgsm = engine; gpgme_error_t err; + /* gpgsm is not capable of exporting session keys right now, so we * will ignore this if requested. */ (void)export_session_key; + (void)override_session_key; if (!gpgsm) return gpg_error (GPG_ERR_INV_VALUE); diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index 26f0d18b..ee7b1d2d 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -961,13 +961,16 @@ uiserver_reset (void *engine) static gpgme_error_t _uiserver_decrypt (void *engine, int verify, gpgme_data_t ciph, gpgme_data_t plain, - int export_session_key) + int export_session_key, const char *override_session_key) { engine_uiserver_t uiserver = engine; gpgme_error_t err; const char *protocol; char *cmd; + (void)override_session_key; /* Fixme: We need to see now to add this + * to the UI server protocol */ + if (!uiserver) return gpg_error (GPG_ERR_INV_VALUE); if (uiserver->protocol == GPGME_PROTOCOL_DEFAULT) @@ -1008,16 +1011,21 @@ _uiserver_decrypt (void *engine, int verify, static gpgme_error_t -uiserver_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain, int export_session_key) +uiserver_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain, + int export_session_key, const char *override_session_key) { - return _uiserver_decrypt (engine, 0, ciph, plain, export_session_key); + return _uiserver_decrypt (engine, 0, ciph, plain, + export_session_key, override_session_key); } static gpgme_error_t -uiserver_decrypt_verify (void *engine, gpgme_data_t ciph, gpgme_data_t plain, int export_session_key) +uiserver_decrypt_verify (void *engine, gpgme_data_t ciph, gpgme_data_t plain, + int export_session_key, + const char *override_session_key) { - return _uiserver_decrypt (engine, 1, ciph, plain, export_session_key); + return _uiserver_decrypt (engine, 1, ciph, plain, + export_session_key, override_session_key); } diff --git a/src/engine.c b/src/engine.c index b43f683e..d542b25c 100644 --- a/src/engine.c +++ b/src/engine.c @@ -653,7 +653,8 @@ _gpgme_engine_set_protocol (engine_t engine, gpgme_protocol_t protocol) gpgme_error_t _gpgme_engine_op_decrypt (engine_t engine, gpgme_data_t ciph, - gpgme_data_t plain, int export_session_key) + gpgme_data_t plain, int export_session_key, + const char *override_session_key) { if (!engine) return gpg_error (GPG_ERR_INV_VALUE); @@ -661,13 +662,15 @@ _gpgme_engine_op_decrypt (engine_t engine, gpgme_data_t ciph, if (!engine->ops->decrypt) return gpg_error (GPG_ERR_NOT_IMPLEMENTED); - return (*engine->ops->decrypt) (engine->engine, ciph, plain, export_session_key); + return (*engine->ops->decrypt) (engine->engine, ciph, plain, + export_session_key, override_session_key); } gpgme_error_t _gpgme_engine_op_decrypt_verify (engine_t engine, gpgme_data_t ciph, - gpgme_data_t plain, int export_session_key) + gpgme_data_t plain, int export_session_key, + const char *override_session_key) { if (!engine) return gpg_error (GPG_ERR_INV_VALUE); @@ -675,7 +678,9 @@ _gpgme_engine_op_decrypt_verify (engine_t engine, gpgme_data_t ciph, if (!engine->ops->decrypt_verify) return gpg_error (GPG_ERR_NOT_IMPLEMENTED); - return (*engine->ops->decrypt_verify) (engine->engine, ciph, plain, export_session_key); + return (*engine->ops->decrypt_verify) (engine->engine, ciph, plain, + export_session_key, + override_session_key); } diff --git a/src/engine.h b/src/engine.h index 512ac19a..29d2f259 100644 --- a/src/engine.h +++ b/src/engine.h @@ -84,11 +84,14 @@ _gpgme_engine_set_colon_line_handler (engine_t engine, void *fnc_value); gpgme_error_t _gpgme_engine_op_decrypt (engine_t engine, gpgme_data_t ciph, gpgme_data_t plain, - int export_session_key); + int export_session_key, + const char *override_session_key); gpgme_error_t _gpgme_engine_op_decrypt_verify (engine_t engine, gpgme_data_t ciph, gpgme_data_t plain, - int export_session_key); + int export_session_key, + const char *override_session_key + ); gpgme_error_t _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key, int allow_secret); gpgme_error_t _gpgme_engine_op_edit (engine_t engine, int type, diff --git a/src/gpgme.c b/src/gpgme.c index 32abc282..1a10fd91 100644 --- a/src/gpgme.c +++ b/src/gpgme.c @@ -247,6 +247,7 @@ gpgme_release (gpgme_ctx_t ctx) free (ctx->signers); free (ctx->lc_ctype); free (ctx->lc_messages); + free (ctx->override_session_key); _gpgme_engine_info_release (ctx->engine_info); ctx->engine_info = NULL; DESTROY_LOCK (ctx->lock); @@ -515,6 +516,17 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value) { ctx->raw_description = abool; } + else if (!strcmp (name, "export-session-key")) + { + ctx->export_session_keys = abool; + } + else if (!strcmp (name, "override-session-key")) + { + free (ctx->override_session_key); + ctx->override_session_key = strdup (value); + if (!ctx->override_session_key) + err = gpg_error_from_syserror (); + } else err = gpg_error (GPG_ERR_UNKNOWN_NAME); @@ -526,7 +538,7 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value) * of valid names. If the NAME is unknown NULL is returned. For a * boolean flag an empty string is returned for False and the string * "1" for True; thus either atoi or a simple string test can be - * used. */ + * used. */ const char * gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name) { @@ -540,35 +552,19 @@ gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name) { return ctx->raw_description? "1":""; } + else if (!strcmp (name, "export-session-key")) + { + return ctx->export_session_keys? "1":""; + } + else if (!strcmp (name, "override-session-key")) + { + return ctx->override_session_key? ctx->override_session_key : ""; + } else return NULL; } -/* Enable or disable the exporting session keys upon decryption. */ -void -gpgme_set_export_session_keys (gpgme_ctx_t ctx, int export_session_keys) -{ - TRACE2 (DEBUG_CTX, "gpgme_set_export_session_keys", ctx, "export_session_keys=%i (%s)", - export_session_keys, export_session_keys ? "yes" : "no"); - - if (!ctx) - return; - - ctx->export_session_keys = !!export_session_keys; -} - - -/* Return whether this context will export session keys upon decryption. */ -int -gpgme_get_export_session_keys (gpgme_ctx_t ctx) -{ - TRACE2 (DEBUG_CTX, "gpgme_get_export_session_keys", ctx, "ctx->export_session_keys=%i (%s)", - ctx->export_session_keys, ctx->export_session_keys ? "yes" : "no"); - return ctx->export_session_keys; -} - - /* Enable or disable the use of the special textmode. Textmode is for example used for the RFC2015 signatures; note that the updated RFC 3156 mandates that the MUA does some preparations so that textmode diff --git a/src/gpgme.def b/src/gpgme.def index cd0d0848..0d3ce74f 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -252,8 +252,6 @@ EXPORTS gpgme_op_query_swdb @189 gpgme_op_query_swdb_result @190 - gpgme_set_export_session_keys @191 - gpgme_get_export_session_keys @192 - gpgme_get_ctx_flag @193 + gpgme_get_ctx_flag @191 ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 43e07b06..7cfe8f65 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1040,13 +1040,6 @@ void gpgme_set_offline (gpgme_ctx_t ctx, int yes); /* Return non-zero if offline mode is set in CTX. */ int gpgme_get_offline (gpgme_ctx_t ctx); -/* If YES is non-zero, try to return session keys during decryption, - do not otherwise. */ -void gpgme_set_export_session_keys (gpgme_ctx_t ctx, int yes); - -/* Return non-zero if export_session_keys is set in CTX. */ -int gpgme_get_export_session_keys (gpgme_ctx_t ctx); - /* Use whatever the default of the backend crypto engine is. */ #define GPGME_INCLUDE_CERTS_DEFAULT -256 diff --git a/src/libgpgme.vers b/src/libgpgme.vers index 362909ae..a55cd10a 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -126,9 +126,6 @@ GPGME_1.1 { gpgme_op_query_swdb; gpgme_op_query_swdb_result; - - gpgme_set_export_session_keys; - gpgme_get_export_session_keys; }; |