[Pkg-gnupg-commit] [gpgme] 261/412: core: Add support for mixed symmetric and asym enc
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Sep 22 21:26:59 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gpgme.
commit 3d2f027d0f40e7ec4ab48cee89ff0ee10b423566
Author: Andre Heinecke <aheinecke at intevation.de>
Date: Tue Aug 9 11:40:29 2016 +0200
core: Add support for mixed symmetric and asym enc
* src/gpgme.h.in (gpgme_encrypt_flags_t): New flag
GPGME_ENCRYPT_SYMMETRIC.
* src/engine-gpg.c (gpg_encrypt): Also add --symmetric if the flag
is given.
* NEWS: Mention new flag.
* tests/run-encrypt.c (show_usage): Extend for --symmetric.
(main): Handle --symmetric.
(main): Set passphrase_cb in loopback mode.
(main): Fix encrypt call if no recipients are given.
* tests/gpg/t-encrypt-mixed.c: New.
* tests/gpg/Makefile.am (c_tests): Add new test.
* doc/gpgme.texi: Document new flag.
---
NEWS | 1 +
doc/gpgme.texi | 6 +++
src/engine-gpg.c | 9 ++--
src/gpgme.h.in | 3 +-
tests/gpg/Makefile.am | 2 +-
tests/gpg/t-encrypt-mixed.c | 126 ++++++++++++++++++++++++++++++++++++++++++++
tests/run-encrypt.c | 14 ++++-
7 files changed, 154 insertions(+), 7 deletions(-)
diff --git a/NEWS b/NEWS
index 09d0a1c..71c18a8 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,7 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_]
GPGME_DATA_TYPE_PGP_ENCRYPTED NEW.
GPGME_DATA_TYPE_PGP_SIGNATURE NEW.
GPGME_DATA_ENCODING_MIME NEW.
+ GPGME_ENCRYPT_SYMMETRIC NEW.
Noteworthy changes in version 1.6.0 (2015-08-26) [C25/A14/R0]
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 68f85ec..907099a 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -5398,6 +5398,12 @@ protocol to prepare an encryption (i.e. sending the
@code{GPGME_ENCRYPT_EXPECT_SIGN} symbol the UI Server is advised to
also expect a sign command.
+ at item GPGME_ENCRYPT_SYMMETRIC
+The @code{GPGME_ENCRYPT_SYMMETRIC} symbol specifies that the
+output should be additionally encrypted symmetically even
+if recipients are provided. This feature is only supported for
+for the OpenPGP crypto engine.
+
@end table
If @code{GPG_ERR_UNUSABLE_PUBKEY} is returned, some recipients in
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 942711f..ae78d9d 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -1718,9 +1718,12 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags,
{
engine_gpg_t gpg = engine;
gpgme_error_t err;
- int symmetric = !recp;
- err = add_arg (gpg, symmetric ? "--symmetric" : "--encrypt");
+ if (recp)
+ err = add_arg (gpg, "--encrypt");
+
+ if (!err && ((flags & GPGME_ENCRYPT_SYMMETRIC) || !recp))
+ err = add_arg (gpg, "--symmetric");
if (!err && use_armor)
err = add_arg (gpg, "--armor");
@@ -1732,7 +1735,7 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags,
&& have_gpg_version (gpg, "2.1.14"))
err = add_arg (gpg, "--mimemode");
- if (!symmetric)
+ if (recp)
{
/* If we know that all recipients are valid (full or ultimate trust)
we can suppress further checks. */
diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index c05686d..56d15f4 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -1392,7 +1392,8 @@ typedef enum
GPGME_ENCRYPT_NO_ENCRYPT_TO = 2,
GPGME_ENCRYPT_PREPARE = 4,
GPGME_ENCRYPT_EXPECT_SIGN = 8,
- GPGME_ENCRYPT_NO_COMPRESS = 16
+ GPGME_ENCRYPT_NO_COMPRESS = 16,
+ GPGME_ENCRYPT_SYMMETRIC = 32
}
gpgme_encrypt_flags_t;
diff --git a/tests/gpg/Makefile.am b/tests/gpg/Makefile.am
index 107397b..e1c033b 100644
--- a/tests/gpg/Makefile.am
+++ b/tests/gpg/Makefile.am
@@ -38,7 +38,7 @@ c_tests = \
t-encrypt t-encrypt-sym t-encrypt-sign t-sign t-signers \
t-decrypt t-verify t-decrypt-verify t-sig-notation t-export \
t-import t-trustlist t-edit t-keylist t-keylist-sig t-wait \
- t-encrypt-large t-file-name t-gpgconf $(tests_unix)
+ t-encrypt-large t-file-name t-gpgconf t-encrypt-mixed $(tests_unix)
TESTS = initial.test $(c_tests) final.test
diff --git a/tests/gpg/t-encrypt-mixed.c b/tests/gpg/t-encrypt-mixed.c
new file mode 100644
index 0000000..28d8aa3
--- /dev/null
+++ b/tests/gpg/t-encrypt-mixed.c
@@ -0,0 +1,126 @@
+/* t-encrypt-mixed.c - Regression test.
+ Copyright (C) 2016 Intevation GmbH
+
+ This file is part of GPGME.
+
+ GPGME is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of
+ the License, or (at your option) any later version.
+
+ GPGME is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ 02111-1307, USA. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <gpgme.h>
+
+#include "t-support.h"
+
+/* Tests mixed symmetric and asymetric decryption. Verifies
+ that an encrypted message can be decrypted without the
+ secret key but that the recipient is also set correctly. */
+int
+main (int argc, char *argv[])
+{
+ gpgme_ctx_t ctx;
+ gpgme_error_t err;
+ gpgme_data_t in, out;
+ gpgme_key_t key[2] = { NULL, NULL };
+ gpgme_encrypt_result_t result;
+ gpgme_decrypt_result_t dec_result;
+ gpgme_recipient_t recipient;
+ const char *text = "Hallo Leute\n";
+ char *text2;
+ size_t len;
+
+ init_gpgme (GPGME_PROTOCOL_OpenPGP);
+
+ err = gpgme_new (&ctx);
+ fail_if_err (err);
+ gpgme_set_armor (ctx, 1);
+
+ err = gpgme_data_new_from_mem (&in, text, strlen (text), 0);
+ fail_if_err (err);
+
+ err = gpgme_data_new (&out);
+ fail_if_err (err);
+
+ /* A recipient for which we don't have a secret key */
+ err = gpgme_get_key (ctx, "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2",
+ &key[0], 0);
+ fail_if_err (err);
+
+ err = gpgme_op_encrypt (ctx, key,
+ GPGME_ENCRYPT_ALWAYS_TRUST | GPGME_ENCRYPT_SYMMETRIC,
+ in, out);
+ fail_if_err (err);
+ result = gpgme_op_encrypt_result (ctx);
+ if (result->invalid_recipients)
+ {
+ fprintf (stderr, "Invalid recipient encountered: %s\n",
+ result->invalid_recipients->fpr);
+ exit (1);
+ }
+
+ print_data (out);
+
+ /* Now try to decrypt */
+ gpgme_data_seek (out, 0, SEEK_SET);
+
+ gpgme_data_release (in);
+ err = gpgme_data_new (&in);
+ fail_if_err (err);
+
+ err = gpgme_op_decrypt (ctx, out, in);
+ fail_if_err (err);
+
+ fputs ("Begin Result Decryption:\n", stdout);
+ print_data (in);
+ fputs ("End Result.\n", stdout);
+
+ dec_result = gpgme_op_decrypt_result (ctx);
+ if (dec_result->unsupported_algorithm || dec_result->wrong_key_usage)
+ {
+ fprintf (stderr, "%s:%d: Decryption failed\n", __FILE__, __LINE__);
+ exit (1);
+ }
+
+ text2 = gpgme_data_release_and_get_mem (in, &len);
+ if (strncmp (text, text2, len))
+ {
+ fprintf (stderr, "%s:%d: Wrong plaintext\n", __FILE__, __LINE__);
+ exit (1);
+ }
+
+ recipient = dec_result->recipients;
+ if (!recipient || recipient->next)
+ {
+ fprintf (stderr, "%s:%d: Invalid recipients \n", __FILE__, __LINE__);
+ exit (1);
+ }
+
+ if (strncmp (recipient->keyid, "5381EA4EE29BA37F", 16))
+ {
+ fprintf (stderr, "%s:%d: Not encrypted to recipient's subkey \n", __FILE__, __LINE__);
+ exit (1);
+ }
+
+ gpgme_key_unref (key[0]);
+ gpgme_data_release (out);
+ gpgme_release (ctx);
+ return 0;
+}
diff --git a/tests/run-encrypt.c b/tests/run-encrypt.c
index a00f028..210f88a 100644
--- a/tests/run-encrypt.c
+++ b/tests/run-encrypt.c
@@ -70,6 +70,7 @@ show_usage (int ex)
" --uiserver use the UI server\n"
" --loopback use a loopback pinentry\n"
" --key NAME encrypt to key NAME\n"
+ " --symmetric encrypt symmetric (OpenPGP only)\n"
, stderr);
exit (ex);
}
@@ -91,6 +92,7 @@ main (int argc, char **argv)
gpgme_key_t keys[10+1];
int keycount = 0;
int i;
+ gpgme_encrypt_flags_t flags = GPGME_ENCRYPT_ALWAYS_TRUST;
if (argc)
{ argc--; argv++; }
@@ -148,6 +150,11 @@ main (int argc, char **argv)
use_loopback = 1;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--symmetric"))
+ {
+ flags |= GPGME_ENCRYPT_SYMMETRIC;
+ argc--; argv++;
+ }
else if (!strncmp (*argv, "--", 2))
show_usage (1);
@@ -174,7 +181,10 @@ main (int argc, char **argv)
if (print_status)
gpgme_set_status_cb (ctx, status_cb, NULL);
if (use_loopback)
- gpgme_set_pinentry_mode (ctx, GPGME_PINENTRY_MODE_LOOPBACK);
+ {
+ gpgme_set_pinentry_mode (ctx, GPGME_PINENTRY_MODE_LOOPBACK);
+ gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL);
+ }
for (i=0; i < keycount; i++)
{
@@ -194,7 +204,7 @@ main (int argc, char **argv)
err = gpgme_data_new (&out);
fail_if_err (err);
- err = gpgme_op_encrypt (ctx, keys, GPGME_ENCRYPT_ALWAYS_TRUST, in, out);
+ err = gpgme_op_encrypt (ctx, keycount ? keys : NULL, flags, in, out);
result = gpgme_op_encrypt_result (ctx);
if (result)
print_result (result);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gpgme.git
More information about the Pkg-gnupg-commit
mailing list