diff --git a/NEWS b/NEWS index 05207685..b4a0d883 100644 --- a/NEWS +++ b/NEWS @@ -1,1835 +1,1844 @@ Noteworthy changes in version 1.9.1 (unreleased) ------------------------------------------------ + * Interface changes relative to the 1.9.0 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + gpgme_decrypt_result_t EXTENDED: New field 'is_de_vs'. + gpgme_signature_t EXTENDED: New field 'is_de_vs'. + cpp: DecryptionResult::isDeVs NEW. + cpp: Signature::isDeVs NEW. + py: DecryptResult EXTENDED: New boolean field 'is_de_vs'. + py: Signature EXTENDED: New boolean field 'is_de_vs'. Noteworthy changes in version 1.9.0 (2017-03-28) ------------------------------------------------ * Clarified meaning of the 'expire' parameter of gpgme_op_createkey and gpgme_op_createsubkey. New flag to force a key without an expiration date. * New function gpgme_op_keylist_from_data_start to list keys from data objects without importing them. * New function gpgme_op_set_uid_flag to flag a key as primary. * New function gpgme_op_decrypt_ext to run decryption with special flags. This can for example be used to unwrap keys (remove only the encryption layer). * New encryption flags to wrap a key (adding an encryption layer to an OpenPGP message) or to create anonymously encrypted messages. * Support for adduid and revuid operations in the C++ bindings. * Support for smartcard key generation in the C++ bindings. * Several new functions for the Python binding. * Many smaller bug fixes. * Interface changes relative to the 1.8.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_op_createkey CHANGED: Meaning of 'expire' parameter. gpgme_op_createsubkey CHANGED: Meaning of 'expire' parameter. GPGME_CREATE_NOEXPIRE NEW. gpgme_key_t EXTENDED: New field 'origin'. gpgme_key_t EXTENDED: New field 'last_update'. gpgme_subkey_t EXTENDED: New field 'is_de_vs'. gpgme_user_id_t EXTENDED: New field 'origin'. gpgme_user_id_t EXTENDED: New field 'last_update'. gpgme_op_keylist_from_data_start NEW. gpgme_op_set_uid_flag_start NEW. gpgme_op_set_uid_flag NEW. gpgme_op_decrypt_ext_start NEW. gpgme_op_decrypt_ext NEW. GPGME_ENCRYPT_THROW_KEYIDS NEW. GPGME_ENCRYPT_WRAP NEW. GPGME_DECRYPT_VERIFY NEW. GPGME_DECRYPT_UNWRAP NEW. gpgme_data_rewind UN-DEPRECATE. cpp: Context::revUid(const Key&, const char*) NEW. cpp: Context::startRevUid(const Key&, const char*) NEW. cpp: Context::addUid(const Key&, const char*) NEW. cpp: Context::startAddUid(const Key&, const char*) NEW. cpp: Key::UserID::revoke() NEW. cpp: Key::addUid() NEW. cpp: Key::isDeVs NEW. cpp: GpgGenCardKeyInteractor NEW. cpp: Subkey::keyGrip NEW. cpp: Subkey::isDeVs NEW. cpp: Data::toKeys NEW. cpp: Context::setDecryptFlags NEW. cpp: Context::decrypt EXTENDED: Flags added. cpp: Context::startDecrypt EXTENDED: Flags added. cpp: Context::decryptAndVerify EXTENDED: Flags added. cpp: Context::startCombinedDecryptionAndVerification EXTENDED: Flags. cpp: Context::encryptFlags EXTENDED: New flags. qt: CryptoConfig::stringValueList() NEW. py: Context.__init__ EXTENDED: New keyword arg home_dir. py: Context.home_dir NEW. py: Context.keylist EXTENDED: New keyword arg mode. py: Context.keylist EXTENDED: New keyword arg source. py: Context.create_key NEW. py: Context.create_subkey NEW. py: Context.key_add_uid NEW. py: Context.key_revoke_uid NEW. py: Context.key_sign NEW. py: Context.key_tofu_policy NEW. py: core.pubkey_algo_string NEW. py: core.addrspec_from_uid NEW. [c=C29/A18/R0 cpp=C10/A4/R0 qt=C9/A2/R0] Noteworthy changes in version 1.8.0 (2016-11-16) ------------------------------------------------ * The module of the Python bindings has been renamed to 'gpg'. * New interface to query current software versions. * New feature to use gpg's --{show,override}session-key options. * New interface to set the sender of a mail. * qt: Added Distinguished Name parser from libkleo * The --homedir option is now used with recent gpgconf versions. * On 64 bit Windows systems gpgconf is now properly located. * The internal locking functions have been replaced by libgpg-error locking functions. * Interface changes relative to the 1.7.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_set_sender NEW. gpgme_get_sender NEW. gpgme_op_query_swdb NEW. gpgme_op_query_swdb_result NEW. gpgme_query_swdb_result_t NEW. gpgme_get_ctx_flag NEW. gpgme_decrypt_result_t EXTENDED: New field session_key. qt: DN NEW. qt: DN::Attribute NEW. qt: Job::context(Job*) NEW. cpp: EngineInfo::Version::Version(const char*) NEW. cpp: EngineInfo::Version::Version() NEW. cpp: SwdbResult NEW. cpp: Context::setSender(const char*) NEW. cpp: Context::getSender() NEW. [c=C28/A17/R0 cpp=C9/A3/R0 qt=C8/A1/R0] Noteworthy changes in version 1.7.1 (2016-10-18) ------------------------------------------------ * Fixed problems with the new language bindings. * New helper function gpgme_addrspec_from_uid. * Use option --exit-on-status-write-error with newer gpg versions. * qt: Missed API from the Qt Binding inclusion has been added again. * qt: abstractimportjob.h is now installed to that ImportJobs can be used again. * qt: Fixed spelling error in API (startReceive). * Interface changes relative to the 1.7.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_addrspec_from_uid NEW. qt: WksPublishJob::startRecieve RENAMED to ::startReceive. qt: MultiDeleteJob NEW. qt: AbstractImportJob NEW. qt: SpecialJob NEW. cpp: Signature::key(bool, bool) NEW. cpp: UserID::addrSpecFromString(const char*) NEW. cpp: UserID::addrSpec() NEW. [c=C27/A16/R0 cpp=C8/A2/R0 qt=C7/A0/R0] Noteworthy changes in version 1.7.0 (2016-09-21) ------------------------------------------------ * New language bindings for Python 2 and 3. * New language Bindings for C++ and the Qt-Framework API. * New functions gpgme_op_createkey and gpgme_op_createsubkey to make key creation easier (requires GnuPG 2.1). * New functions gpgme_op_adduid and gpgme_op_revuid to make user id management easier (requires GnuPG 2.1). * New function gpgme_op_keysign to make key signing easier (requires GnuPG 2.1). * New function gpgme_op_interact to replace the now deprecated functions gpgme_op_edit and gpgme_op_card_edit. * New function gpgme_pubkey_algo_string to convert a public key algorithm into a GnuPG 2.1 style string. * Support for GnuPG 2.1's TOFU trust model. * Notation flags are now correctly set on verify. * New global flag "require-gnupg" to set a minimal gnupg version. * More supported items in gpgme_get_dirinfo. * New function gpgme_data_set_flag and flag "size-hint". * New function gpgme_set_ctx_flag and flags "full-status" and "raw-description". * Improved gpgme_data_identify to distinguish more file types. * New flag GPGME_ENCRYPT_SYMMETRIC for gpgme_op_encrypt to allow mixed public key and symmetric encryption. * New field KEYGRIP in gpgme_subkey_t. New fields FPR in gpgme_key_t. * New flag GPGME_DATA_ENCODING_MIME to declare that the encrypted or signed data is a valid MIME part. This is to support future GnuPG versions. * Interface changes relative to the 1.6.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_pubkey_algo_string NEW. GPGME_PK_EDDSA NEW. gpgme_set_ctx_flag NEW. gpgme_data_set_flag NEW. gpgme_op_createkey NEW. gpgme_op_createkey_start NEW. gpgme_op_createsubkey NEW. gpgme_op_createsubkey_start NEW. gpgme_op_adduid_start NEW. gpgme_op_adduid NEW. gpgme_op_revuid_start NEW. gpgme_op_revuid NEW. gpgme_op_keysign_start NEW. gpgme_op_keysign NEW. gpgme_op_tofu_policy_start NEW. gpgme_op_tofu_policy NEW. gpgme_op_interact_start NEW. gpgme_op_interact NEW. gpgme_interact_cb_t NEW. gpgme_op_edit_start DEPRECATED. gpgme_op_edit DEPRECATED. gpgme_op_card_edit_start DEPRECATED. gpgme_op_card_edit DEPRECATED. gpgme_edit_cb_t DEPRECATED. gpgme_status_code_t DEPRECATED. gpgme_genkey_result_t EXTENDED: New fields pubkey and seckey. gpgme_signature_t EXTENDED: New field key. gpgme_key_t EXTENDED: New field fpr. gpgme_subkey_t EXTENDED: New field keygrip. gpgme_user_id_t EXTENDED: New field tofu. gpgme_tofu_policy_t NEW. gpgme_tofu_info_t NEW. GPGME_STATUS_KEY_CONSIDERED NEW. GPGME_STATUS_TOFU_USER NEW. GPGME_STATUS_TOFU_STATS NEW. GPGME_STATUS_TOFU_STATS_LONG NEW. GPGME_STATUS_NOTATION_FLAGS NEW. GPGME_KEYLIST_MODE_WITH_TOFU NEW. GPGME_DATA_TYPE_PGP_ENCRYPTED NEW. GPGME_DATA_TYPE_PGP_SIGNATURE NEW. GPGME_DATA_ENCODING_MIME NEW. GPGME_ENCRYPT_SYMMETRIC NEW. GPGME_CREATE_SIGN NEW. GPGME_CREATE_ENCR NEW. GPGME_CREATE_CERT NEW. GPGME_CREATE_AUTH NEW. GPGME_CREATE_NOPASSWD NEW. GPGME_CREATE_SELFSIGNED NEW. GPGME_CREATE_NOSTORE NEW. GPGME_CREATE_WANTPUB NEW. GPGME_CREATE_WANTSEC NEW. GPGME_CREATE_FORCE NEW. GPGME_KEYSIGN_LOCAL NEW. GPGME_KEYSIGN_LFSEP NEW. GPGME_INTERACT_CARD NEW. [c=C26/A15/R0 cpp=C6/A0/R1 qt=C6/A0/R1] Noteworthy changes in version 1.6.0 (2015-08-26) [C25/A14/R0] ------------------------------------------------ * Added gpgme_set_offline to do a key listinging w/o requiring CRL. * Added gpgme_set_status_cb to allow a user to see some status messages. * Added an export mode for secret keys. * More precise error codes are returned if GnuPG >= 2.1.8 is used. * The passphrase handler for the loopback mode has been improved and may also be used with genkey. * [w32] The standard GnuPG 2.1 install directory is now seached for gpgconf.exe before a registry specified directory and the Gpg4win install directory. * [w32] gpgme-w32spawn.exe will now only be searched in the gpgme DLL directory. * Interface changes relative to the 1.5.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_set_offline NEW. gpgme_get_offline NEW. gpgme_set_status_cb NEW. gpgme_get_status_cb NEW. GPGME_EXPORT_MODE_SECRET NEW GPGME_EXPORT_MODE_RAW NEW. GPGME_EXPORT_MODE_PKCS12 NEW. Noteworthy changes in version 1.5.5 (2015-06-08) [C24/A13/R4] ------------------------------------------------ * Fixed crash in key listings for user ids with a backslash. * Fixed regression for GPGSM use with GnuPG < 2.1. * Properly set signature summary for revoked OpenPGP keys. Noteworthy changes in version 1.5.4 (2015-04-13) [C24/A13/R3] ------------------------------------------------ * Fixed a possible crash in the debug code. * Fixed building for Windows with newer versions of Mingw. Noteworthy changes in version 1.5.3 (2014-12-11) [C24/A13/R2] ------------------------------------------------------------- * The export key functions do now return an error if used with the latest GnuPG version. Noteworthy changes in version 1.5.2 (2014-11-21) [C24/A13/R1] ------------------------------------------------------------- * gpgme-tool is now installed. * Fix external listing for modern keyservers. * Minor other fixes. Noteworthy changes in version 1.5.1 (2014-07-30) [C24/A13/R0] ------------------------------------------------------------- * Fixed possible overflow in gpgsm and uiserver engines. [CVE-2014-3564] * Added support for GnuPG 2.1's --with-secret option. * Interface changes relative to the 1.5.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_KEYLIST_MODE_WITH_SECRET NEW. Noteworthy changes in version 1.5.0 (2014-05-21) [C23/A12/R0] ------------------------------------------------------------- * On Unices the engine file names are not not anymore hardwired but located via the envvar PATH. All options to set the name of the engines for the configure run are removed. * If GPGME finds the gpgconf binary it defaults to using gpg2 or whatever gpgconf tells as name for the OpenPGP engine. If gpgconf is not found, GPGME looks for an engine named "gpg". * New feature to use the gpgme I/O subsystem to run arbitrary commands. * New flag to use encryption without the default compression step. * New function to access "gpg-conf --list-dirs" * New configure option --enable-fixed-path for use by Android. * Support ECC algorithms. * Interface changes relative to the 1.4.3 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_get_dirinfo NEW. gpgme_op_spawn_start NEW. gpgme_op_spawn NEW. GPGME_PROTOCOL_SPAWN NEW. GPGME_SPAWN_DETACHED NEW. GPGME_SPAWN_ALLOW_SET_FG NEW. GPGME_ENCRYPT_NO_COMPRESS NEW. GPGME_PK_ECC NEW. GPGME_MD_SHA224 NEW. gpgme_subkey_t EXTENDED: New field curve. GPGME_STATUS_PLAINTEXT_LENGTH NEW. GPGME_STATUS_MOUNTPOINT NEW. GPGME_STATUS_PINENTRY_LAUNCHED NEW. GPGME_STATUS_ATTRIBUTE NEW. GPGME_STATUS_BEGIN_SIGNING NEW. GPGME_STATUS_KEY_NOT_CREATED NEW. Noteworthy changes in version 1.4.3 (2013-08-12) [C22/A11/R0] ------------------------------------------------------------- * The default engine names are now taken from the output of gpgconf. If gpgconf is not found the use of gpg 1 is assumed. * Under Windows the default engines names are first searched in the installation directory of the gpgme DLL. * New function gpgme_data_identify to detect the type of a message. * Interface changes relative to the 1.4.2 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_signers_count NEW. gpgme_data_type_t NEW. gpgme_data_identify NEW. Noteworthy changes in version 1.4.2 (2013-05-28) [C21/A10/R0] ------------------------------------------------------------- * Allow symmetric encryption with gpgme_op_encrypt_sign. * Fixed mismatching off_t definitions on Windows. * Interface changes relative to the 1.4.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_off_t NEW. gpgme_size_t NEW. GPGME_PROTOCOL_OPENPGP NEW alias. Noteworthy changes in version 1.4.1 (2013-05-01) [C20/A9/R1] ------------------------------------------------------------ * Fixed reading of gpg.conf files with excessive use of the group option. * Fixed building with the i686-w64-mingw32 toolchain. * Disabled FD passing by default for Apple. Noteworthy changes in version 1.4.0 (2013-02-26) [C20/A9/R0] ------------------------------------------------------------ * New function gpgme_set_global_flag to help debugging on Android. * New function gpgme_io_writen as a convenience wrapper around gpgme_io_write. * New functions to support the pinentry mode feature of GnuPG 2.1. * New macro GPGME_VERSION_NUMBER to allow supporting different API versions without the need for a configure test. * Several improvements for gpgme-tool. * Better logging of the common "invalid engine" error code. * Support for FD passing is now enabled by default. The configure option --disable-fd-passing may be used to disable this. * Interface changes relative to the 1.3.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_VERSION_NUMBER NEW. gpgme_io_writen NEW. gpgme_set_global_flag NEW. gpgme_set_pinentry_mode NEW. gpgme_get_pinentry_mode NEW. gpgme_pinentry_mode_t NEW. GPGME_PINENTRY_MODE_DEFAULT NEW. GPGME_PINENTRY_MODE_ASK NEW. GPGME_PINENTRY_MODE_CANCEL NEW. GPGME_PINENTRY_MODE_ERROR NEW. GPGME_PINENTRY_MODE_LOOPBACK NEW. Noteworthy changes in version 1.3.2 (2012-05-02) ------------------------------------------------ * Remove support for libgpgme-pth. As far as we know, this was never used, and GnuPG is going to use our own npth in the future. * Fix signature summary information for a missing X.509 key. * Fix parsing of dates >= year 2038. Noteworthy changes in version 1.3.1 (2011-06-16) ------------------------------------------------ * Ported to Windows CE. * Detect GPG versions not supporting ---passwd. * Interface changes relative to the 1.3.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_EXPORT_MODE_MINIMAL NEW GPGME_STATUS_SUCCESS NEW gpgme_err_code_from_syserror NEW gpgme_err_set_errno NEW gpgme_error_from_errno CHANGED: Return gpgme_error_t (compatible type). gpgme_error_from_syserror NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.3.0 (2010-01-11) ------------------------------------------------ * GPGME does not come with an internal libassuan version anymore. The external libassuan 1.1.0 release or later is required. For application programmers on systems that can resolve inter-library dependencies at runtime, this is a transparent change. * New engine GPGME_PROTOCOL_G13 to support the new g13 tool. * New engine GPGME_PROTOCOL_UISERVER to support UI Servers. * New API to change the passphrase of a key. * Interface changes relative to the 1.2.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_STATUS_INV_SGNR NEW. GPGME_STATUS_NO_SGNR NEW. GPGME_PROTOCOL_G13 NEW. gpgme_op_g13_mount NEW. gpgme_g13_result_t NEW. GPGME_PK_ECDSA NEW. GPGME_PK_ECDH NEW. gpgme_op_passwd_start NEW. gpgme_op_passwd NEW. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.2.0 (2009-06-18) ------------------------------------------------ * New encryption flag GPGME_ENCRYPT_NO_ENCRYPT_TO to disable default recipients. * gpgme_new will fail if gpgme_check_version was not called, or a selftest failed (for example, if -mms-bitfields was not used on MingW32 targets). * New functions gpgme_io_read and gpgme_io_write for use with gpgme_passphrase_cb_t and gpgme_edit_cb_t functions. * New functions gpgme_result_ref and gpgme_result_unref to detach result structures from a context. * New functions gpgme_op_export_keys_start and gpgme_op_export_keys that allow to specify exported keys through gpgme_key_t objects instead of patterns. * New mode of operation gpgme_export_mode_t that allows exporting external keys. * Interface changes relative to the 1.1.7 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_KEYLIST_MODE_EPHEMERAL NEW. GPGME_PROTOCOL_ASSUAN NEW. gpgme_assuan_data_cb_t NEW. gpgme_assuan_inquire_cb_t NEW. gpgme_assuan_status_cb_t NEW. gpgme_op_assuan_transact_start NEW. gpgme_op_assuan_transact NEW. gpgme_op_assuan_result NEW. gpgme_op_import_keys NEW. gpgme_op_import_keys_start NEW. gpgme_subkey_t EXTENDED: New fields is_cardkey, card_number. GPGME_ENCRYPT_NO_ENCRYPT_TO NEW. gpgme_check_version CHANGED: Is now a macro. gpgme_new EXTENDED: More failure codes. gpgme_io_read NEW. gpgme_io_write NEW. gpgme_result_ref NEW. gpgme_result_unref NEW. gpgme_export_mode_t NEW. gpgme_export_ext_start EXTENDED: Arg RESERVED is now a MODE flag. gpgme_op_export EXTENDED: Arg RESERVED is now a MODE flag. gpgme_op_export_ext_start EXTENDED: Arg RESERVED is now a MODE flag. gpgme_op_export_ext EXTENDED: Arg RESERVED is now a MODE flag. gpgme_op_export_keys_start NEW. gpgme_op_export_keys NEW. GPGME_DATA_ENCODING_URL NEW. GPGME_DATA_ENCODING_URL0 NEW. GPGME_DATA_ENCODING_URLESC NEW. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.1.8 (2008-12-08) ------------------------------------------------ * SIGPIPE is now again ignored as described in the manual. Fixes regresion introduced with 1.1.6. Noteworthy changes in version 1.1.7 (2008-10-17) ------------------------------------------------ * Using GPGME_KEYLIST_MODE_LOCAL combined with GPGME_KEYLIST_MODE_EXTERN is now supported; it uses the --locate-keys feature of gpg (>= 2.0.10). * The encoding of gpgme_data_t objects can affect the output encoding of export, sign and encrypt operations now (the same operations that are also affected by the ASCII mode switch). We believe this change in the ABI is innocent enough not to break existing applications (it only affects the S/MIME backend on certain operations). * The reference manual now includes the specification of "The GnuPG UI Server protocol". * A new function gpgme_cancel_async can be used to asynchronously cancel any pending operation at any time, from any thread. * Interface changes relative to the 1.1.6 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_op_encrypt CHANGED: Output encoding can affect result. gpgme_op_encrypt_start CHANGED: Output encoding can affect result. gpgme_op_encrypt_sign CHANGED: Output encoding can affect result. gpgme_op_encrypt_sign_start CHANGED: Output encoding can affect result. gpgme_op_sign CHANGED: Output encoding can affect result. gpgme_op_sign_start CHANGED: Output encoding can affect result. gpgme_op_export CHANGED: Output encoding can affect result. gpgme_op_export_start CHANGED: Output encoding can affect result. gpgme_op_export_ext CHANGED: Output encoding can affect result. gpgme_op_export_ext_start CHANGED: Output encoding can affect result. gpgme_cancel_async NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.1.6 (2008-01-04) ------------------------------------------------ * Bug fixes for for W32. * A new, experimental (and thus undocumented and potentially unstable) interface for accessing gpg-conf through GPGME has been added. * Interface changes relative to the 1.1.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_signature_t EXTENDED: New field chain_model. gpgme_op_getauditlog_start NEW. gpgme_op_getauditlog NEW. GPGME_AUDITLOG_HTML NEW. GPGME_AUDITLOG_WITH_HELP NEW. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.1.5 (2007-07-09) ------------------------------------------------ * Bug and portability fixes (mainly for W32). Noteworthy changes in version 1.1.4 (2007-03-05) ------------------------------------------------ * Detect and bail out on double plaintext messages. This is required so that applications can properly detect the signed parts of a message. Actual there is now a double protection as GnuPG 1.4.7 will detect this case too. Noteworthy changes in version 1.1.3 (2007-01-29) ------------------------------------------------ * Fixed a memory leak in gpgme_data_release_and_get_mem. * Fixed a bug in Windows command line quoting. Noteworthy changes in version 1.1.2 (2006-03-02) ------------------------------------------------ * Fixed a bug in the W32 glib backend. Noteworthy changes in version 1.1.1 (2006-02-23) ------------------------------------------------ * Fixed a bug in that the fingerprints of subkeys are not available. * Clarified usage of the SECRET flag in key listings. It is now reset for stub keys. * Reading signature notations and policy URLs on key signatures is supported. They can be found in the new field notations of the gpgme_key_sig_t structure. This has to be enabled with the keylist mode flag GPGME_KEYLIST_MODE_SIG_NOTATIONS. * A new gpgme_free() function solves the problem of using different allocators in a single program. This function should now be used instead calling free() to release the buffer returned by gpgme_data_release_and_get_mem. It is recommended that you always do this, but it is only necessary on certain platforms, so backwards compatibility is provided. In other words: If free() worked for you before, it will keep working. * New status codes GPGME_PKA_TRUST_GOOD and GPGME_PKA_TRUST_BAD. They are analyzed by the verify handlers and made available in the new PKA_TRUST and PKA_ADDRESS fields of the signature result structure. * Interface changes relative to the 1.1.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_key_sig_t EXTENDED: New field notations. GPGME_KEYLIST_MODE_SIG_NOTATIONS NEW gpgme_free NEW GPGME_STATUS_PKA_TRUST_BAD NEW GPGME_STATUS_PKA_TRUST_GOOD NEW gpgme_signature_t EXTENDED: New field pka_trust. gpgme_signature_t EXTENDED: New field pka_address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.1.0 (2005-10-01) ------------------------------------------------ * You can now configure the backend engine file name and home directory to be used, as default and per context. * Information about the recipients of an encrypted text is now available at decryption time. * New status GPGME_STATUS_PLAINTEXT. This is analyzed by the decrypt and verify handlers, the information about the plaintext filename, if available is made available in the new field file_name of the respective result structure. * The code for "automagically detecting the thread library" has been removed from libgpgme. It is deprecated since version 0.4.3. Since then, you had to link against libgpgme-pthread for applications using pthread and libgpgme-pth for applications using GNU Pth. The code was removed because it caused compilation problems on systems where the pthread.h header from GNU Pth is available in addition to the system header (FreeBSD 6 and later for example). * "./autogen.sh --build-w32" does now build gpgme.dll. * [W32] The environment variable GPGME_DEBUG now uses a semicolon as delimiter. The standard install directory is used when locating gpg or gpgsm before finally falling back to the hardwired name. * There is a new flag for keys and subkeys, is_qualified, which indicates if a key can be used for qualified signatures according to local government regulations. * You can associate a filename with a data object using the new function gpgme_data_set_file_name(). This filename will be stored in the output when encrypting or signing the data and will be returned when decrypting or verifying the output data. * You can now set notation data at signature creation with the new function gpgme_sig_notation_add(). * Interface changes relative to the 1.0.3 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_set_engine_info NEW gpgme_ctx_get_engine_info NEW gpgme_ctx_set_engine_info NEW gpgme_recipient_t NEW gpgme_decrypt_result_t EXTENDED: New field recipients. gpgme_verify_result_t EXTENDED: New fields pubkey_algo, hash_algo. gpgme_decrypt_result_t EXTENDED: New field plaintext_filename. gpgme_verify_result_t EXTENDED: New field plaintext_filename. GPGME_STATUS_PLAINTEXT NEW gpgme_key_t EXTENDED: New field is_qualified. gpgme_subkey_t EXTENDED: New field is_qualified. gpgme_data_get_file_name NEW gpgme_data_set_file_name NEW gpgme_sig_notation_flags_t NEW GPGME_SIG_NOTATION_HUMAN_READABLE NEW GPGME_SIG_NOTATAION_CRITICAL NEW gpgme_sig_notation_clear NEW gpgme_sig_notation_add NEW gpgme_sig_notation_get NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.0.3 (2005-06-20) ------------------------------------------------ * Previousy, GPGME would use a default "include certs" of 1. This has been changed. Now GPGME will use the crypto backend engines default unless you set the value with gpgme_set_include_certs() explicitely. A new macro GPGME_INCLUDE_CERTS_DEFAULT can be used as a value to explicitely request the new default behaviour. Because the default changes, this is a slight change of the API semantics. We consider it to be a bug fix. * A bug which made GPGME hang has been fixed. If you have experienced hanging before, please try out this version and let me know if you still experience hanging problems. * Interface changes relative to the 0.9.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_set_include_certs CHANGED DEFAULT GPGME_INCLUDE_CERTS_DEFAULT NEW GPGME_STATUS_SIG_SUBPACKET NEW GPGME_STATUS_NEED_PASSPHRASE_PIN NEW GPGME_STATUS_SC_OP_FAILURE NEW GPGME_STATUS_SC_OP_SUCCESS NEW GPGME_STATUS_CARDCTRL NEW GPGME_STATUS_BACKUP_KEY_CREATED NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.0.2 (2004-12-28) ------------------------------------------------ * Changed the license of the library to the GNU Lesser General Public License (LGPL), version 2.1 or later. Noteworthy changes in version 1.0.1 (2004-10-22) ------------------------------------------------ * Only bug fixes. Noteworthy changes in version 1.0.0 (2004-09-30) ------------------------------------------------ * Version 1.0.0! We are proud to present you with a thoroughly tested and stable version of the GPGME library. A big Thank You! to all the people who made this possible. The development will be branched into a stable 1.x.y series and the head. * The gpgme.m4 macro supports checking the API version. Just prepend it to the required version string, separated by a colon. For example, this release has the version "1:1.0.0". The last release to which this version is (mostly) ABI compatible is "1:0.4.2", which is the default required version. Noteworthy changes in version 0.9.0 (2004-06-08) ------------------------------------------------ * The type gpgme_key_t has now a new field keylist_mode that contains the keylist mode that was active at the time the key was retrieved. * The type gpgme_decrypt_result_t has a new field "wrong_key_usage" that contains a flag indicating that the key should not have been used for encryption. * Verifying a signature of a revoked key gives the correct result now (GPG_ERR_CERT_REVOKED error code). * Clarified that the error code GPG_ERR_NO_DATA from the decrypt & verify operations still allows you to look at the signature verification result. * Clarified that patterns in keylisting operations have an upper limit, and thus are not suited to list many keys at once by their fingerprint. Also improve the error message if the pattern is too long for the CMS protocol to handle. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_key_t EXTENDED: New field keylist_mode. gpgme_decrypt_result_t EXTENDED: New field wrong_key_usage. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.4.7 (2004-04-29) ------------------------------------------------ * Correctly initialize the fields expired, revoked, invalid, and disabled in the gpgme_key_t structures. * A bug fix: The flag wrong_key_usage of gpgme_signature_t was accidently of type int instead unsigned int. * Interface changes relative to the 0.4.5 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_signature_t CHANGED: wrong_key_usage is unsigned int now. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.4.6 (2004-04-06) ------------------------------------------------ * Bug fixes Noteworthy changes in version 0.4.5 (2004-03-07) ------------------------------------------------ * GPGME is now compiled with LFS (large file support) by default. This means that _all_ programs using GPGME must be compiled with LFS support enabled by default. You can do this easily with autoconf, by using the AC_SYS_LARGEFILE macro. Or you can do this without autoconf by defining the preprocessor symbol _FILE_OFFSET_BITS to 64 (by passing the -D_FILE_OFFSET_BITS=64 to the C compiler command line, or by defining this preprocessor symbol before including any system header files). For more details, read the section on LFS in the manual. Up to now, it was undocumented that GPGME was not using LFS. But the public interfaces use off_t, and file descriptors are exchanged between the application and GPGME. This was an oversight, and bound to cause troubles in the future. Writing GPGME as a dual mode library that seamlessly supports LFS while keeping backwards compatibility is possible, but does not solve the problem: Many applications already expect GPGME to have LFS (they are compiled with off_t being a 64bit value). This is true in particular for the popular Gtk+ and Qt programs. So, although this is an ABI (but not an API) break, we will not change the library version to reflect that. Because the interfaces affected are probably not used yet in any GPGME 0.4 based application, we don't expect any real failures from this change. In fact, applications already using LFS will have some subtle bugs fixed. However, if you encounter an application using GPGME 0.4.x that does _not_ use LFS by default (off_t is a 32bit value), _and_ uses at least one of the functions gpgme_data_seek, gpgme_data_new_from_filepart, or a gpgme_data_seek_cb_t with gpgme_data_new_from_cbs, then indeed this library will be ABI incompatible with the program. As said above, we don't believe such a program exists. If we are in error, then you have two options: As a quick hack, you can configure GPGME with the --disable-largefile option. This will revert the change, and GPGME will not use LFS. However, GPGME will be incompatible with programs that expect GPGME to use LFS. All applications are required to use LFS when using GPGME, so this is only good as a temporary local work-around. The other option is to change the versioning of the library and recompile all applications. We have reserved a special version of the library for that, so you can do that without expecting a version clash in the future. Furthermore, everyone who does this will agree on the version to use (this is important for distribution makers). Read the comment in configure.ac (before LIBGPGME_LT_AGE) if you want to do this. Please don't do this blindly: As stated above, we think it is unlikely this measure is needed. Still, it is there if necessary. If in doubt, contact us and we will give our advise for your specific situation. * New key listing mode GPGME_KEYLIST_MODE_VALIDATE for validation of the listed keys. * New interface gpgme_cancel() that can be used to cancel asynchronous operations. * Interface changes relative to the 0.4.4 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_data_seek_cb_t CHANGED: off_t is now a largefile type. gpgme_data_seek CHANGED: off_t is now a largefile type. gpgme_data_new_from_filepart CHANGED: off_t is now a largefile type. GPGME_KEYLIST_MODE_VALIDATE NEW gpgme_cancel NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.4.4 (2004-01-12) ------------------------------------------------ * The member "class" in gpgme_key_sig_t and gpgme_new_signature_t has been renamed to "sig_class", to avoid clash with C++ compilers. In the C API, the old name "class" has been preserved for backwards compatibility, but is deprecated. * Interface changes relative to the 0.4.3 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_key_sig_t CHANGED: class deprecated, use new sig_class. gpgme_new_signature_t CHANGED: class deprecated, use new sig_class. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.4.3 (2003-10-06) ------------------------------------------------ * libgpgme should not be used for threaded programs anymore. This never worked reliably in all cases, because you had to be careful about the linking order and libtool wouldn't do that for you automatically. Instead, now you have to link against libgpgme-pthread for applications using pthread and libgpgme-pth for applications using GNU Pth. The old code for automagically detecting the thread library is still part of libgpgme, but it is DEPRECATED. * There are new automake macros AM_PATH_GPGME_PTH and AM_PATH_GPGME_PTHREAD, which support checking for thread-enabled versions of GPGME. They define GPGME_PTH_CFLAGS, GPGME_PTH_LIBS, GPGME_PTHREAD_CFLAGS and GPGME_PTHREAD_LIBS respectively. These variables of course also include the configuration for the thread package itself. Alternatively, use libtool. * gpgme_strerror_r as a thread safe variant of gpgme_strerror was added. * gpgme-config doesn't support setting the prefix or exec prefix anymore. I don't think it ever worked correctly, and it seems to be pointless. * gpgme_get_key fails with GPG_ERR_AMBIGUOUS_NAME if the key ID provided was not unique, instead returning the first matching key. * gpgme_key_t and gpgme_subkey_t have a new field, can_authenticate, that indicates if the key can be used for authentication. * gpgme_signature_t's status field is now correctly set to an error with error code GPG_ERR_NO_PUBKEY if public key is not found. * gpgme_new_signature_t's class field is now an unsigned int, rather than an unsigned long (the old class field is preserved for backwards compatibility). * A new function gpgme_set_locale() is provided to allow configuring the locale for the crypto backend. This is necessary for text terminals so that programs like the pinentry can be started with the right locale settings for the terminal the application is running on, in case the terminal has different settings than the system default (for example, if it is a remote terminal). You are highly recommended to call the following functions directly after gpgme_check_version: #include setlocale (LC_ALL, ""); gpgme_set_locale (NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL)); gpgme_set_locale (NULL, LC_MESSAGES, setlocale (LC_MESSAGES, NULL)); GPGME can not do this for you, as setlocale is not thread safe, and there is no alternative. * The signal action for SIGPIPE is now set to SIG_IGN by gpgme_check_version, instead the first time a crypto engine is started (which is not well defined). * In the output of gpgme_hash_algo_name, change RMD160 to RIPEMD160, TIGER to TIGER192, CRC32-RFC1510 to CRC32RFC1510, and CRC24-RFC2440 to CRC24RFC2440. For now, these strings can be used as the MIC parameter for PGP/MIME (if appropriately modified). * Interface changes relative to the 0.4.2 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_strerror_t NEW gpgme_get_key CHANGED: Fails correctly if key ID not unique. gpgme_key_t EXTENDED: New field can_authenticate. gpgme_subkey_t EXTENDED: New field can_authenticate. gpgme_new_signature_t CHANGED: New type for class field. gpgme_set_locale NEW gpgme_hash_algo_name CHANGED: Slight adjustment of algo names. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.4.2 (2003-07-30) ------------------------------------------------ * Allow gpg-error to be in non-standard place when linking the test suite. * Configure will fail now if gpg-error can not be found. * Fixed initialized memory backed data objects for writing, which caused the test program to crash (but only on Mac OS, surprisingly). * Eliminate use of C99 constructs. * Small improvements to the manual. Noteworthy changes in version 0.4.1 (2003-06-06) ------------------------------------------------ This is the release that 0.4.0 should have been. There are many interface changes, please see below for the details. The changes are sometimes the result of new functionality, but more often express a paradigm shift. Others are an overdue cleanup to get GPGME in line with the GNU coding standards and to make the interface more self-consistent. Here is an overview on the changes: All types have been renamed to conform to the GNU coding standards, most of the time by keeping the whole name in lowercase and inserting underscores between words. All operations consistently only accept input parameters in their invocation function, and return only an error code directly. Further information about the result of the operation has to be retrieved afterwards by calling one of the result functions. This unifies the synchronous and the asynchronous interface. The error values have been completely replaced by a more sophisticated model that allows GPGME to transparently and accurately report all errors from the other GnuPG components, irregardless of process boundaries. This is achieved by using the library libgpg-errors, which is shared by all GnuPG components. This library is now required for GPGME. The results of all operations are now provided by pointers to C structs rather than by XML structs or in other ways. Objects which used to be opaque (for example a key) are now pointers to accessible structs, so no accessor functions are necessary. Backward compatibility is provided where it was possible without too much effort and did not collide with the overall sanitization effort. However, this is only for ease of transition. NO DEPRECATED FUNCTION OR DATA TYPE IS CONSIDERED A PART OF THE API OR ABI AND WILL BE DROPPED IN THE FUTURE WITHOUT CHANGING THE SONAME OF THE LIBRARY. Recommendations how to replace deprecated or removed functionality can be found within the description of each change. What follows are all changes to the interface and behaviour of GPGME in detail. * If gpgme.h is included in sources compiled by GCC 3.1 or later, deprecated attributes will warn about use of obsolete functions and type definitions. You can suppress these warnings by passing -Wno-deprecated-declarations to the gcc command. * The following types have been renamed. The old types are still available as aliases, but they are deprecated now: Old name: New name: GpgmeCtx gpgme_ctx_t GpgmeData gpgme_data_t GpgmeError gpgme_error_t GpgmeDataEncoding gpgme_data_encoding_t GpgmeSigStat gpgme_sig_stat_t GpgmeSigMode gpgme_sig_mode_t GpgmeAttr gpgme_attr_t GpgmeValidity gpgme_validity_t GpgmeProtocol gpgme_protocol_t GpgmeKey gpgme_key_t GpgmePassphraseCb gpgme_passphrase_cb_t GpgmeProgressCb gpgme_progress_cb_t GpgmeIOCb gpgme_io_cb_t GpgmeRegisterIOCb gpgme_register_io_cb_t GpgmeRemoveIOCb gpgme_remove_io_cb_t GpgmeEventIO gpgme_event_io_t GpgmeEventIOCb gpgme_event_io_cb_t GpgmeIOCbs gpgme_io_cbs GpgmeDataReadCb gpgme_data_read_cb_t GpgmeDataWriteCb gpgme_data_write_cb_t GpgmeDataSeekCb gpgme_data_seek_cb_t GpgmeDataReleaseCb gpgme_data_release_cb_t GpgmeDataCbs gpgme_data_cbs_t GpgmeTrustItem gpgme_trust_item_t GpgmeStatusCode gpgme_status_code_t * gpgme_error_t is now identical to gpg_error_t, the error type provided by libgpg-error. More about using libgpg-error with GPGME can be found in the manual. All error symbols have been removed! * All functions and types in libgpg-error have been wrapped in GPGME. The new types are gpgme_err_code_t and gpgme_err_source_t. The new functions are gpgme_err_code, gpgme_err_source, gpgme_error, gpgme_err_make, gpgme_error_from_errno, gpgme_err_make_from_errno, gpgme_err_code_from_errno, gpgme_err_code_to_errno, gpgme_strsource. * GPGME_ATTR_IS_SECRET is not anymore representable as a string. * GnuPG 1.2.2 is required. The progress callback is now also invoked for encrypt, sign, encrypt-sign, decrypt, verify, and decrypt-verify operations. For verify operations on detached signatures, the progress callback is invoked for both the detached signature and the plaintext message, though. * gpgme_passphrase_cb_t has been changed to not provide a complete description, but the UID hint, passphrase info and a flag indicating if this is a repeated attempt individually, so the user can compose his own description from this information. The passphrase is not returned as a C string, but must be written to a file descriptor directly. This allows for secure passphrase entries. The return type has been changed to gpgme_error_t value. This allowed to remove the gpgme_cancel function; just return the error code GPG_ERR_CANCELED in the passphrase callback directly. * gpgme_edit_cb_t has been changed to take a file descriptor argument. The user is expected to write the response to the file descriptor, followed by a newline. * The recipients interface has been removed. Instead, you use NULL-terminated lists of keys for specifying the recipients of an encryption operation. Use the new encryption flag GPGME_ENCRYPT_ALWAYS_TRUST if you want to override the validity of the keys (but note that in general this is not a good idea). This change has been made to the prototypes of gpgme_op_encrypt, gpgme_op_encrypt_start, gpgme_op_encrypt_sign and gpgme_op_encrypt_sign_start. The export interface has been changed to use pattern strings like the keylist interface. Thus, new functions gpgme_op_export_ext and gpgme_op_export_ext_start have been added as well. Now the prototypes of gpgme_op_export_start and gpgme_op_export finally make sense. * gpgme_op_verify and gpgme_op_decrypt_verify don't return a status summary anymore. Use gpgme_get_sig_status to retrieve the individual stati. * gpgme_io_cb_t changed from a void function to a function returning a gpgme_error_t value. However, it will always return 0, so you can safely ignore the return value. * A new I/O callback event GPGME_EVENT_START has been added. The new requirement is that you must wait until this event until you are allowed to call the I/O callback handlers previously registered for this context operation. Calling I/O callback functions for this context operation before the start event happened is unsafe because it can lead to race conditions in a multi-threaded environment. * The idle function feature has been removed. It was not precisely defined in a multi-threaded environment and is obsoleted by the user I/O callback functions. If you still need a simple way to call something while waiting on one or multiple asynchronous operations to complete, don't set the HANG flag in gpgme_wait (note that this will return to your program more often than the idle function did). * gpgme_wait can return NULL even if hang is true, if an error occurs. In that case *status contains the error code. * gpgme_get_engine_info was radically changed. Instead an XML string, an info structure of the new type gpgme_engine_info_t is returned. This makes it easier and more robust to evaluate the information in an application. * The new function gpgme_get_protocol_name can be used to convert a gpgme_protocol_t value into a string. * The status of a context operation is not checked anymore. Starting a new operation will silently cancel the previous one. Calling a function that requires you to have started an operation before without doing so is undefined. * The FPR argument to gpgme_op_genkey was removed. Instead, use the gpgme_op_genkey_result function to retrieve a gpgme_genkey_result_t pointer to a structure which contains the fingerprint. This also works with gpgme_op_genkey_start. The structure also provides other information about the generated keys. So, instead: char *fpr; err = gpgme_op_genkey (ctx, NULL, NULL, &fpr); if (!err && fpr) printf ("%s\n", fpr); you should now do: gpgme_genkey_result_t result; err = gpgme_op_genkey (ctx, NULL, NULL); if (!err) { result = gpgme_op_genkey_result (ctx); if (result->fpr) printf ("%s\n", result->fpr); } * The new gpgme_op_import_result function provides detailed information about the result of an import operation in gpgme_import_result_t and gpgme_import_status_t objects. Thus, the gpgme_op_import_ext variant is deprecated. * The new gpgme_op_sign_result function provides detailed information about the result of a signing operation in gpgme_sign_result_t, gpgme_invalid_key_t and gpgme_new_signature_t objects. * The new gpgme_op_encrypt_result function provides detailed information about the result of an encryption operation in a GpgmeEncryptResult object. * The new gpgme_op_decrypt_result function provides detailed information about the result of a decryption operation in a GpgmeDecryptResult object. * The new gpgme_op_verify_result function provides detailed information about the result of an verify operation in a GpgmeVerifyResult object. Because of this, the GPGME_SIG_STAT_* values, gpgme_get_sig_status, gpgme_get_sig_ulong_attr, gpgme_get_sig_string_attr and gpgme_get_sig_key are now deprecated, and gpgme_get_notation is removed. * GpgmeTrustItem objects have now directly accessible data, so the gpgme_trust_item_get_string_attr and gpgme_trust_item_get_ulong_attr accessor functions are deprecated. Also, reference counting is available through gpgme_trust_item_ref and gpgme_trust_item_unref (the gpgme_trust_item_release alias for the latter is deprecated). * Keys are not cached internally anymore, so the force_update argument to gpgme_get_key has been removed. * GpgmeKey objects have now directly accessible data so the gpgme_key_get_string_attr, gpgme_key_get_ulong_attr, gpgme_key_sig_get_string_attr and gpgme_key_sig_get_ulong_attr functions are deprecated. Also, gpgme_key_release is now deprecated. The gpgme_key_get_as_xml function has been dropped. * Because all interfaces using attributes are deprecated, the GpgmeAttr data type is also deprecated. * The new gpgme_op_keylist_result function provides detailed information about the result of a key listing operation in a GpgmeKeyListResult object. * Now that each function comes with its own result retrieval interface, the generic gpgme_get_op_info interface is not useful anymore and dropped. * The type and mode of data objects is not available anymore. * Interface changes relative to the 0.4.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GpgmeCtx DEPRECATED: Use gpgme_ctx_t. GpgmeData DEPRECATED: Use gpgme_data_t. GpgmeError DEPRECATED: Use gpgme_error_t. GpgmeDataEncoding DEPRECATED: Use gpgme_data_encoding_t. GpgmeSigStat DEPRECATED: Use gpgme_sig_stat_t. GpgmeSigMode DEPRECATED: Use gpgme_sig_mode_t. GpgmeAttr DEPRECATED: Use gpgme_attr_t. GpgmeValidity DEPRECATED: Use gpgme_validity_t. GpgmeProtocol DEPRECATED: Use gpgme_protocol_t. GpgmeKey DEPRECATED: Use gpgme_key_t. GpgmePassphraseCb DEPRECATED: Use gpgme_passphrase_cb_t. GpgmeProgressCb DEPRECATED: Use gpgme_progress_cb_t. GpgmeIOCb DEPRECATED: Use gpgme_io_cb_t. GpgmeRegisterIOCb DEPRECATED: Use gpgme_register_io_cb_t. GpgmeRemoveIOCb DEPRECATED: Use gpgme_remove_io_cb_t. GpgmeEventIO DEPRECATED: Use gpgme_event_io_t. GpgmeEventIOCb DEPRECATED: Use gpgme_event_io_cb_t. GpgmeIOCbs DEPRECATED: Use gpgme_io_cbs. GpgmeDataReadCb DEPRECATED: Use gpgme_data_read_cb_t. GpgmeDataWriteCb DEPRECATED: Use gpgme_data_write_cb_t. GpgmeDataSeekCb DEPRECATED: Use gpgme_data_seek_cb_t. GpgmeDataReleaseCb DEPRECATED: Use gpgme_data_release_cb_t. GpgmeDataCbs DEPRECATED: Use gpgme_data_cbs_t. GpgmeTrustItem DEPRECATED: Use gpgme_trust_item_t. GpgmeStatusCode DEPRECATED: Use gpgme_status_code_t. gpgme_ctx_t NEW gpgme_data_t NEW gpgme_recipients_t NEW gpgme_error_t NEW gpgme_data_encoding_t NEW gpgme_sig_stat_t NEW gpgme_sig_mode_t NEW gpgme_attr_t NEW gpgme_validity_t NEW gpgme_protocol_t NEW gpgme_key_t NEW gpgme_passphrase_cb_t NEW gpgme_progress_cb_t NEW gpgme_io_cb_t NEW gpgme_register_io_cb_t NEW gpgme_remove_io_cb_t NEW gpgme_event_io_t NEW gpgme_event_io_cb_t NEW gpgme_io_cbs NEW gpgme_data_read_cb_t NEW gpgme_data_write_cb_t NEW gpgme_data_seek_cb_t NEW gpgme_data_release_cb_t NEW gpgme_data_cbs_t NEW gpgme_trust_item_t NEW gpgme_status_code_t NEW GPGME_{some error code} REMOVED! Use GPG_ERR_* from libgpg-error. gpgme_err_code_t NEW gpgme_err_source_t NEW gpgme_err_code NEW gpgme_err_source NEW gpgme_error NEW gpgme_err_make NEW gpgme_error_from_errno NEW gpgme_err_make_from_errno NEW gpgme_err_code_from_errno NEW gpgme_err_code_to_errno NEW gpgme_strsource NEW gpgme_io_cb_t CHANGED: Return type from void to GpgmeError. gpgme_event_io_t CHANGED: New event type (all numbers changed). gpgme_passphrase_cb_t CHANGED: Desc decomposed, write directly to FD. gpgme_edit_cb_t CHANGED: Write directly to FD. gpgme_key_get_string_attr CHANGED: Don't handle GPGME_ATTR_IS_SECRET. gpgme_op_verify CHANGED: Drop R_STAT argument. gpgme_op_decrypt_verify CHANGED: Drop R_STAT argument. gpgme_wait CHANGED: Can return NULL even if hang is true. GpgmeIdleFunc REMOVED gpgme_register_idle REMOVED GpgmeRecipients REMOVED gpgme_recipients_new REMOVED gpgme_recipients_release REMOVED gpgme_recipients_add_name REMOVED gpgme_recipients_add_name_with_validity REMOVED gpgme_recipients_count REMOVED gpgme_recipients_enum_open REMOVED gpgme_recipients_enum_read REMOVED gpgme_recipients_enum_close REMOVED gpgme_encrypt_flags_t NEW GPGME_ENCRYPT_ALWAYS_TRUST NEW gpgme_op_encrypt CHANGED: Recipients passed as gpgme_key_t[]. gpgme_op_encrypt_start CHANGED: Recipients passed as gpgme_key_t[]. gpgme_op_encrypt_sign CHANGED: Recipients passed as gpgme_key_t[]. gpgme_op_encrypt_sign_start CHANGED: Recipients passed as gpgme_key_t[]. gpgme_op_export_start CHANGED: User IDs passed as patterns. gpgme_op_export CHANGED: User IDs passed as patterns. gpgme_op_export_ext_start NEW gpgme_op_export_ext NEW gpgme_keylist_mode_t NEW gpgme_sigsum_t NEW gpgme_engine_info_t NEW gpgme_get_engine_info CHANGED: Return info structure instead XML. gpgme_get_protocol_name NEW gpgme_cancel REMOVED: Return error in callback directly. gpgme_op_genkey CHANGED: FPR argument dropped. gpgme_op_genkey_result NEW gpgme_genkey_result_t NEW gpgme_op_import_ext DEPRECATED: Use gpgme_op_import_result. gpgme_op_import_result NEW gpgme_import_status_t NEW gpgme_import_result_t NEW gpgme_pubkey_algo_t NEW gpgme_hash_algo_t NEW gpgme_invalid_key_t NEW gpgme_new_signature_t NEW gpgme_sign_result_t NEW gpgme_op_sign_result NEW gpgme_pubkey_algo_name NEW gpgme_hash_algo_name NEW gpgme_encrypt_result_t NEW gpgme_op_encrypt_result NEW gpgme_decrypt_result_t NEW gpgme_op_decrypt_result NEW gpgme_verify_result_t NEW gpgme_op_verify_result NEW gpgme_get_notation REMOVED: Access verify result directly instead. gpgme_get_sig_key DEPRECATED: Use gpgme_get_key with fingerprint. gpgme_get_sig_ulong_attr DEPRECATED: Use verify result directly. gpgme_get_sig_string_attr DEPRECATED: Use verify result directly. GPGME_SIG_STAT_* DEPRECATED: Use error value in sig status. gpgme_get_sig_status DEPRECATED: Use verify result directly. gpgme_trust_item_t CHANGED: Now has user accessible data members. gpgme_trust_item_ref NEW gpgme_trust_item_unref NEW gpgme_trust_item_release DEPRECATED: Use gpgme_trust_item_unref. gpgme_trust_item_get_string_attr DEPRECATED gpgme_trust_item_get_ulong_attr DEPRECATED gpgme_get_key CHANGED: Removed force_update argument. gpgme_subkey_t NEW gpgme_key_sig_t NEW gpgme_user_id_t NEW gpgme_key_t CHANGED: Now has user accessible data members. gpgme_key_get_string_attr DEPRECATED gpgme_key_get_ulong_attr DEPRECATED gpgme_key_sig_get_string_attr DEPRECATED gpgme_key_sig_get_ulong_attr DEPRECATED gpgme_key_get_as_xml REMOVED gpgme_key_list_result_t NEW gpgme_op_keylist_result NEW gpgme_get_op_info REMOVED ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.4.0 (2002-12-23) ------------------------------------------------ * Key generation returns the fingerprint of the generated key. * New convenience function gpgme_get_key. * Supports signatures of user IDs in keys via the new GPGME_KEYLIST_MODE_SIGS keylist mode and the gpgme_key_sig_get_string_attr and gpgme_key_sig_get_ulong_attr interfaces. The XML info about a key also includes the signatures if available. * New data object interface, which is more flexible and transparent. * Interface changes relative to the 0.3.9 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GpgmeDataReadCb NEW GpgmeDataWriteCb NEW GpgmeDataSeekCb NEW GpgmeDataReleaseCb NEW GpgmeDataCbs NEW gpgme_data_read CHANGED: Match read() closely. gpgme_data_write CHANGED: Match write() closely. gpgme_data_seek NEW gpgme_data_new_from_fd NEW gpgme_data_new_from_stream NEW gpgme_data_new_from_cbs NEW gpgme_data_rewind DEPRECATED: Replaced by gpgme_data_seek(). gpgme_data_new_from_read_cb DEPRECATED: Replaced by gpgme_data_from_cbs(). gpgme_data_get_type REMOVED: No replacement. gpgme_op_verify CHANGED: Take different data objects for signed text and plain text. gpgme_op_verify_start CHANGED: See gpgme_op_verify. gpgme_check_engine REMOVED: Deprecated since 0.3.0. gpgme_op_genkey CHANGED: New parameter FPR. GPGME_KEYLIST_MODE_SIGS NEW gpgme_key_sig_get_string_attr NEW gpgme_key_sig_get_ulong_attr NEW gpgme_get_key NEW GPGME_ATTR_SIG_CLASS NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.3.16 (2003-11-19) ------------------------------------------------- * Compatibility fixes for GnuPG 1.9.x Noteworthy changes in version 0.3.15 (2003-02-18) ------------------------------------------------- * The progress status is sent via the progress callbacks in gpgme_op_edit. * Bug fix for signing operations with explicit signer settings for the CMS protocol. Noteworthy changes in version 0.3.14 (2002-12-04) ------------------------------------------------- * GPGME-Plug is now in its own package "cryptplug". * Workaround for a setlocale problem. Fixed a segv related to not correctly as closed marked file descriptors. Noteworthy changes in version 0.3.13 (2002-11-20) ------------------------------------------------- * Release due to changes in gpgmeplug. Noteworthy changes in version 0.3.12 (2002-10-15) ------------------------------------------------- * Fixed some bux with key listings. * The development has been branched to clean up some API issues. This 0.3 series will be kept for compatibility reasons; so do don't expect new features. Noteworthy changes in version 0.3.11 (2002-09-20) ------------------------------------------------- * Bug fixes. Noteworthy changes in version 0.3.10 (2002-09-02) ------------------------------------------------- * Setting the signing keys for the CMS protocol does now work. * The signers setting is honoured by gpgme_op_edit. Noteworthy changes in version 0.3.9 (2002-08-21) ------------------------------------------------ * A spec file for creating RPMs has been added. * An experimental interface to GnuPG's --edit-key functionality is introduced, see gpgme_op_edit. * The new gpgme_import_ext function provides a convenient access to the number of processed keys. * Interface changes relative to the 0.3.8 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GpgmeStatusCode NEW GpgmeEditCb NEW gpgme_op_edit_start NEW gpgme_op_edit NEW gpgme_op_import_ext NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.3.8 (2002-06-25) ------------------------------------------------ * It is possible to use an outside event loop for the I/O to the crypto engine by setting the I/O callbacks with gpgme_set_io_cbs. * Interface changes relative to the 0.3.6 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GpgmeIOCb NEW GpgmeRegisterIOCb NEW GpgmeRemoveIOCb NEW GpgmeEventIO NEW GpgmeEventIOCb NEW struct GpgmeIOCbs NEW gpgme_set_io_cbs NEW gpgme_get_io_cbs NEW GPGME_ATTR_ERRTOK NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.3.7 (2002-06-04) ------------------------------------------------ * GPGME_ATTR_OTRUST is implemented now. * A first step toward thread safeness has been achieved, see the documentation for details. Supported thread libraries are pthread and Pth. Noteworthy changes in version 0.3.6 (2002-05-03) ------------------------------------------------ * All error output of the gpgsm backend is send to the bit bucket. * The signature verification functions are extended. Instead of always returning GPGME_SIG_STATUS_GOOD, the functions new codes for expired signatures. 2 new functions may be used to retrieve more detailed information like the signature expiration time and a validity information of the key without an extra key looking. * The current passphrase callback and progress meter callback can be retrieved with the new functions gpgme_get_passphrase_cb and gpgme_get_progress_cb respectively. * Interface changes relative to the 0.3.5 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_get_passphrase_cb NEW gpgme_get_progress_cb NEW GpgmeDataEncoding NEW gpgme_data_set_encoding NEW gpgme_data_get_encoding NEW GPGME_SIG_STAT_GOOD_EXP NEW GPGME_SIG_STAT_GOOD_EXPKEY NEW gpgme_op_verify CHANGED: Returns more status codes. GPGME_ATTR_SIG_STATUS NEW gpgme_get_sig_string_attr NEW gpgme_get_sig_ulong_attr NEW gpgme_get_protocol NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.3.5 (2002-04-01) ------------------------------------------------ * gpgme_op_encrypt can be called with RECIPIENTS being 0. In this case, symmetric encryption is performed. Note that this requires a passphrase from the user. * More information is returned for X.509 certificates. * Interface changes relative to the 0.3.4 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_op_encrypt EXTENDED: Symmetric encryption possible ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.3.4 (2002-03-04) ------------------------------------------------ * gpgme_op_encrypt does now fail with GPGME_Invalid_Recipients if some recipients have been invalid, whereas earlier versions succeeded in this case. The plaintext is still encrypted for all valid recipients, so the application might take this error as a hint that the ciphertext is not usable for all requested recipients. Information about invalid recipients is available with gpgme_get_op_info. * gpgme_op_verify now allows to pass an uninitialized data object as its plaintext argument to check for normal and cleartext signatures. The plaintext is then returned in the data object. * New interfaces gpgme_set_include_certs and gpgme_get_include_certs to set and get the number of certifications to include in S/MIME signed messages. * New interfaces gpgme_op_encrypt_sign and gpgme_op_encrypt_sign_start to encrypt and sign a message in a combined operation. * New interface gpgme_op_keylist_ext_start to search for multiple patterns. * gpgme_key_get_ulong_attr supports the GPGME_ATTR_EXPIRE attribute. * Interface changes relative to the 0.3.3 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_op_encrypt CHANGED: Can fail with GPGME_Invalid_Recipients gpgme_op_verify EXTENDED: Accepts uninitialized text argument gpgme_key_get_ulong_attr EXTENDED: Supports GPGME_ATTR_EXPIRE gpgme_set_include_certs NEW gpgme_get_include_certs NEW gpgme_op_encrypt_sign NEW gpgme_op_encrypt_sign_start NEW gpgme_op_keylist_ext_start NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.3.3 (2002-02-12) ------------------------------------------------ * Fix the Makefile in jnlib. * Fix the test suite (hopefully). It should clean up all its state with `make check' now. Noteworthy changes in version 0.3.2 (2002-02-10) ------------------------------------------------ * Remove erroneous dependency on libgcrypt in jnlib. Noteworthy changes in version 0.3.1 (2002-02-09) ------------------------------------------------ * There is a Texinfo manual documenting the API. * The gpgme_set_keylist_mode function returns an error, and changed its meaning. It is no longer usable to select between normal and fast mode (newer versions of GnuPG will always be fast), but selects between local keyring, remote keyserver, or both. For this, two new macros are defined, GPGME_KEYLIST_MODE_LOCAL and GPGME_KEYLIST_MODE_EXTERN. To make it possible to modify the current setting, a fucntion gpgme_get_keylist_mode was added to retrieve the current mode. * gpgme_wait accepts a new argument STATUS to return the error status of the operation on the context. Its definition is closer to waitpid() now than before. * The LENGTH argument to gpgme_data_new_from_filepart changed its type from off_t to the unsigned size_t. * The R_HD argument to the GpgmePassphraseCb type changed its type from void* to void**. * New interface gpgme_op_trustlist_end() to match gpgme_op_keylist_end(). * The CryptPlug modules have been renamed to gpgme-openpgp and gpgme-smime, and they are installed in pkglibdir by `make install'. * An idle function can be registered with gpgme_register_idle(). * The GpgSM backend supports key generation with gpgme_op_genkey(). * Interface changes relative to the 0.3.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_data_new_from_filepart CHANGED: Type of LENGTH is size_t. GpgmePassphraseCb CHANGED: Type of R_HD is void **. gpgme_wait CHANGED: New argument STATUS. gpgme_set_keylist_mode CHANGED: Type of return value is GpgmeError. The function has a new meaning! gpgme_get_keylist_mode NEW GPGME_KEYLIST_MODE_LOCAL NEW GPGME_KEYLIST_MODE_EXTERN NEW gpgme_op_trustlist_next NEW GpgmeIdleFunc NEW gpgme_register_idle NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.3.0 (2001-12-19) ------------------------------------------------ * New interface gpgme_set_protocol() to set the protocol and thus the crypto engine to be used by the context. Currently, the OpenPGP and the CMS protocols are supported. They are specified by the new preprocessor symbols GPGME_PROTOCOL_OpenPGP and GPGME_PROTOCOL_CMS. A new context uses the OpenPGP engine by default. * gpgme_get_engine_info() returns information for all crypto engines compiled into the library. The XML format has changed. To reliably get the version of a crypto engine, the tag after the appropriate tag has to be looked for. * New interface gpgme_engine_check_version(), obsoleting gpgme_check_engine(). Check the version of all engines you are supporting in your software. * GpgmeKey lists the user ids in the order as they are returned by GnuPG, first the primary key with index 0, then the sub-user ids. * New operation gpgme_op_decrypt_verify() to decrypt and verify signatures simultaneously. * The new interface gpgme_op_keylist_end() terminates a pending keylist operation. A keylist operation is also terminated when gpgme_op_keylist_next() returns GPGME_EOF. * GPGME can be compiled without GnuPG being installed (`--with-gpg=PATH'), cross-compiled, or even compiled without support for GnuPG (`--without-gpg'). * GPGME can be compiled with support for GpgSM (GnuPG for S/MIME, `--with-gpgsm=PATH'). It is enabled by default if the `gpgsm' is found in the path, but it can also be compiled without support for GpgSM (`--without-gpgsm'). * CryptPlug modules for GPGME are included and can be enabled at configure time (`--enable-gpgmeplug'). There is one module which uses the GnuPG engine (`gpgmeplug') and one module which uses the GpgSM engine (`gpgsmplug'). * Interface changes relative to the latest 0.2.x release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_key_get_as_xml CHANGED: Sub-user ids reversed in order. gpgme_key_get_string_attr CHANGED: User ids reversed in order. gpgme_key_get_ulong_attr CHANGED: User ids reversed in order. gpgme_get_engine_info CHANGED: New format, extended content. gpgme_engine_check_version NEW gpgme_decrypt_verify_start NEW gpgme_decrypt_verify NEW gpgme_op_keylist_next NEW gpgme_set_protocol NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.2.3 (2001-09-17) ------------------------------------------------ * New function gpgme_get_op_info which can be used to get the micalg parameter needed for MOSS. * New functions gpgme_get_armor and gpgme_get_textmode. * The usual bug fixes and some minor functionality improvements. * Added a simple encryption component for MS-Windows; however the build procedure might have some problems. Noteworthy changes in version 0.2.2 (2001-06-12) ------------------------------------------------ * Implemented a key cache. * Fixed a race condition under W32 and some other bug fixes. Noteworthy changes in version 0.2.1 (2001-04-02) ------------------------------------------------ * Changed debug output and GPGME_DEBUG variable (gpgme/debug.c) * Handle GnuPG's new key capabilities output and support revocation et al. attributes * Made the W32 support more robust. Copyright 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2009, 2010 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lang/cpp/src/decryptionresult.cpp b/lang/cpp/src/decryptionresult.cpp index 05f7e754..d1c991be 100644 --- a/lang/cpp/src/decryptionresult.cpp +++ b/lang/cpp/src/decryptionresult.cpp @@ -1,246 +1,251 @@ /* decryptionresult.cpp - wraps a gpgme keygen result Copyright (C) 2004 Klarälvdalens Datakonsult AB 2016 Bundesamt für Sicherheit in der Informationstechnik Software engineering by Intevation GmbH This file is part of GPGME++. GPGME++ is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. GPGME++ is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with GPGME++; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include "result_p.h" #include "util.h" #include #include #include #include #include #include #include class GpgME::DecryptionResult::Private { public: explicit Private(const _gpgme_op_decrypt_result &r) : res(r) { if (res.unsupported_algorithm) { res.unsupported_algorithm = strdup(res.unsupported_algorithm); } if (res.file_name) { res.file_name = strdup(res.file_name); } //FIXME: copying gpgme_recipient_t objects invalidates the keyid member, //thus we use _keyid for now (internal API) for (gpgme_recipient_t r = res.recipients ; r ; r = r->next) { recipients.push_back(*r); } res.recipients = 0; } ~Private() { if (res.unsupported_algorithm) { std::free(res.unsupported_algorithm); } res.unsupported_algorithm = 0; if (res.file_name) { std::free(res.file_name); } res.file_name = 0; } _gpgme_op_decrypt_result res; std::vector<_gpgme_recipient> recipients; }; GpgME::DecryptionResult::DecryptionResult(gpgme_ctx_t ctx, int error) : GpgME::Result(error), d() { init(ctx); } GpgME::DecryptionResult::DecryptionResult(gpgme_ctx_t ctx, const Error &error) : GpgME::Result(error), d() { init(ctx); } void GpgME::DecryptionResult::init(gpgme_ctx_t ctx) { if (!ctx) { return; } gpgme_decrypt_result_t res = gpgme_op_decrypt_result(ctx); if (!res) { return; } d.reset(new Private(*res)); } make_standard_stuff(DecryptionResult) const char *GpgME::DecryptionResult::unsupportedAlgorithm() const { return d ? d->res.unsupported_algorithm : 0 ; } bool GpgME::DecryptionResult::isWrongKeyUsage() const { return d && d->res.wrong_key_usage; } +bool GpgME::DecryptionResult::isDeVs() const +{ + return d && d->res.is_de_vs; +} + const char *GpgME::DecryptionResult::fileName() const { return d ? d->res.file_name : 0 ; } unsigned int GpgME::DecryptionResult::numRecipients() const { return d ? d->recipients.size() : 0 ; } GpgME::DecryptionResult::Recipient GpgME::DecryptionResult::recipient(unsigned int idx) const { if (d && idx < d->recipients.size()) { return Recipient(&d->recipients[idx]); } return Recipient(); } namespace { struct make_recipient { GpgME::DecryptionResult::Recipient operator()(_gpgme_recipient &t) { return GpgME::DecryptionResult::Recipient(&t); } }; } std::vector GpgME::DecryptionResult::recipients() const { std::vector result; if (d) { result.reserve(d->recipients.size()); std::transform(d->recipients.begin(), d->recipients.end(), std::back_inserter(result), make_recipient()); } return result; } class GpgME::DecryptionResult::Recipient::Private : public _gpgme_recipient { public: Private(gpgme_recipient_t reci) : _gpgme_recipient(*reci) {} }; GpgME::DecryptionResult::Recipient::Recipient() : d() { } GpgME::DecryptionResult::Recipient::Recipient(gpgme_recipient_t r) : d() { if (r) { d.reset(new Private(r)); } } bool GpgME::DecryptionResult::Recipient::isNull() const { return !d; } const char *GpgME::DecryptionResult::Recipient::keyID() const { //_keyid is internal API, but the public keyid is invalid after copying (see above) if (d) { return d->_keyid; } return 0; } const char *GpgME::DecryptionResult::Recipient::shortKeyID() const { //_keyid is internal API, but the public keyid is invalid after copying (see above) if (d) { return d->_keyid + 8; } return 0; } unsigned int GpgME::DecryptionResult::Recipient::publicKeyAlgorithm() const { if (d) { return d->pubkey_algo; } return 0; } const char *GpgME::DecryptionResult::Recipient::publicKeyAlgorithmAsString() const { if (d) { return gpgme_pubkey_algo_name(d->pubkey_algo); } return 0; } GpgME::Error GpgME::DecryptionResult::Recipient::status() const { if (d) { return Error(d->status); } return Error(); } std::ostream &GpgME::operator<<(std::ostream &os, const DecryptionResult &result) { os << "GpgME::DecryptionResult("; if (!result.isNull()) { os << "\n error: " << result.error() << "\n fileName: " << protect(result.fileName()) << "\n unsupportedAlgorithm: " << protect(result.unsupportedAlgorithm()) << "\n isWrongKeyUsage: " << result.isWrongKeyUsage() << "\n recipients:\n"; const std::vector recipients = result.recipients(); std::copy(recipients.begin(), recipients.end(), std::ostream_iterator(os, "\n")); } return os << ')'; } std::ostream &GpgME::operator<<(std::ostream &os, const DecryptionResult::Recipient &reci) { os << "GpgME::DecryptionResult::Recipient("; if (!reci.isNull()) { os << "\n keyID: " << protect(reci.keyID()) << "\n shortKeyID: " << protect(reci.shortKeyID()) << "\n publicKeyAlgorithm: " << protect(reci.publicKeyAlgorithmAsString()) << "\n status: " << reci.status(); } return os << ')'; } diff --git a/lang/cpp/src/decryptionresult.h b/lang/cpp/src/decryptionresult.h index cd3ab7c4..57705b48 100644 --- a/lang/cpp/src/decryptionresult.h +++ b/lang/cpp/src/decryptionresult.h @@ -1,132 +1,133 @@ /* decryptionresult.h - wraps a gpgme keygen result Copyright (C) 2004 Klarälvdalens Datakonsult AB 2016 Bundesamt für Sicherheit in der Informationstechnik Software engineering by Intevation GmbH This file is part of GPGME++. GPGME++ is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. GPGME++ is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with GPGME++; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ #ifndef __GPGMEPP_DECRYPTIONRESULT_H__ #define __GPGMEPP_DECRYPTIONRESULT_H__ #include "gpgmefw.h" #include "result.h" #include "gpgmepp_export.h" #include #include #include #include namespace GpgME { class Error; class GPGMEPP_EXPORT DecryptionResult : public Result { public: DecryptionResult(); DecryptionResult(gpgme_ctx_t ctx, int error); DecryptionResult(gpgme_ctx_t ctx, const Error &err); explicit DecryptionResult(const Error &err); const DecryptionResult &operator=(DecryptionResult other) { swap(other); return *this; } void swap(DecryptionResult &other) { Result::swap(other); using std::swap; swap(this->d, other.d); } bool isNull() const; GPGMEPP_DEPRECATED const char *unsupportedAlgortihm() const { return unsupportedAlgorithm(); } const char *unsupportedAlgorithm() const; GPGMEPP_DEPRECATED bool wrongKeyUsage() const { return isWrongKeyUsage(); } bool isWrongKeyUsage() const; + bool isDeVs() const; const char *fileName() const; class Recipient; unsigned int numRecipients() const; Recipient recipient(unsigned int idx) const; std::vector recipients() const; private: class Private; void init(gpgme_ctx_t ctx); std::shared_ptr d; }; GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const DecryptionResult &result); class GPGMEPP_EXPORT DecryptionResult::Recipient { public: Recipient(); explicit Recipient(gpgme_recipient_t reci); const Recipient &operator=(Recipient other) { swap(other); return *this; } void swap(Recipient &other) { using std::swap; swap(this->d, other.d); } bool isNull() const; const char *keyID() const; const char *shortKeyID() const; unsigned int publicKeyAlgorithm() const; const char *publicKeyAlgorithmAsString() const; Error status() const; private: class Private; std::shared_ptr d; }; GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const DecryptionResult::Recipient &reci); } GPGMEPP_MAKE_STD_SWAP_SPECIALIZATION(DecryptionResult) #endif // __GPGMEPP_DECRYPTIONRESULT_H__ diff --git a/lang/cpp/src/verificationresult.cpp b/lang/cpp/src/verificationresult.cpp index 8d90a7db..6dacd9fb 100644 --- a/lang/cpp/src/verificationresult.cpp +++ b/lang/cpp/src/verificationresult.cpp @@ -1,616 +1,621 @@ /* verificationresult.cpp - wraps a gpgme verify result Copyright (C) 2004 Klarälvdalens Datakonsult AB 2016 Bundesamt für Sicherheit in der Informationstechnik Software engineering by Intevation GmbH This file is part of GPGME++. GPGME++ is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. GPGME++ is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with GPGME++; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include "result_p.h" #include "util.h" #include "key.h" #include "context.h" #include #include #include #include #include #include #include #include class GpgME::VerificationResult::Private { public: explicit Private(const gpgme_verify_result_t r) { if (!r) { return; } if (r->file_name) { file_name = r->file_name; } // copy recursively, using compiler-generated copy ctor. // We just need to handle the pointers in the structs: for (gpgme_signature_t is = r->signatures ; is ; is = is->next) { gpgme_signature_t scopy = new _gpgme_signature(*is); if (is->fpr) { scopy->fpr = strdup(is->fpr); } // PENDING(marc) why does this crash on Windows in strdup()? # ifndef _WIN32 if (is->pka_address) { scopy->pka_address = strdup(is->pka_address); } # else scopy->pka_address = 0; # endif scopy->next = 0; sigs.push_back(scopy); // copy keys if (scopy->key) { keys.push_back(Key(scopy->key, true)); } else { keys.push_back(Key()); } // copy notations: nota.push_back(std::vector()); purls.push_back(0); for (gpgme_sig_notation_t in = is->notations ; in ; in = in->next) { if (!in->name) { if (in->value) { purls.back() = strdup(in->value); // policy url } continue; } Nota n = { 0, 0, in->flags }; n.name = strdup(in->name); if (in->value) { n.value = strdup(in->value); } nota.back().push_back(n); } } } ~Private() { for (std::vector::iterator it = sigs.begin() ; it != sigs.end() ; ++it) { std::free((*it)->fpr); std::free((*it)->pka_address); delete *it; *it = 0; } for (std::vector< std::vector >::iterator it = nota.begin() ; it != nota.end() ; ++it) { for (std::vector::iterator jt = it->begin() ; jt != it->end() ; ++jt) { std::free(jt->name); jt->name = 0; std::free(jt->value); jt->value = 0; } } std::for_each(purls.begin(), purls.end(), &std::free); } struct Nota { char *name; char *value; gpgme_sig_notation_flags_t flags; }; std::vector sigs; std::vector< std::vector > nota; std::vector keys; std::vector purls; std::string file_name; Protocol proto; }; GpgME::VerificationResult::VerificationResult(gpgme_ctx_t ctx, int error) : GpgME::Result(error), d() { init(ctx); } GpgME::VerificationResult::VerificationResult(gpgme_ctx_t ctx, const Error &error) : GpgME::Result(error), d() { init(ctx); } void GpgME::VerificationResult::init(gpgme_ctx_t ctx) { if (!ctx) { return; } gpgme_verify_result_t res = gpgme_op_verify_result(ctx); if (!res) { return; } d.reset(new Private(res)); gpgme_protocol_t proto = gpgme_get_protocol(ctx); d->proto = proto == GPGME_PROTOCOL_OpenPGP ? OpenPGP : proto == GPGME_PROTOCOL_CMS ? CMS : UnknownProtocol; } make_standard_stuff(VerificationResult) const char *GpgME::VerificationResult::fileName() const { return d ? d->file_name.c_str() : 0 ; } unsigned int GpgME::VerificationResult::numSignatures() const { return d ? d->sigs.size() : 0 ; } GpgME::Signature GpgME::VerificationResult::signature(unsigned int idx) const { return Signature(d, idx); } std::vector GpgME::VerificationResult::signatures() const { if (!d) { return std::vector(); } std::vector result; result.reserve(d->sigs.size()); for (unsigned int i = 0 ; i < d->sigs.size() ; ++i) { result.push_back(Signature(d, i)); } return result; } GpgME::Signature::Signature(const std::shared_ptr &parent, unsigned int i) : d(parent), idx(i) { } GpgME::Signature::Signature() : d(), idx(0) {} bool GpgME::Signature::isNull() const { return !d || idx >= d->sigs.size() ; } GpgME::Signature::Summary GpgME::Signature::summary() const { if (isNull()) { return None; } gpgme_sigsum_t sigsum = d->sigs[idx]->summary; unsigned int result = 0; if (sigsum & GPGME_SIGSUM_VALID) { result |= Valid; } if (sigsum & GPGME_SIGSUM_GREEN) { result |= Green; } if (sigsum & GPGME_SIGSUM_RED) { result |= Red; } if (sigsum & GPGME_SIGSUM_KEY_REVOKED) { result |= KeyRevoked; } if (sigsum & GPGME_SIGSUM_KEY_EXPIRED) { result |= KeyExpired; } if (sigsum & GPGME_SIGSUM_SIG_EXPIRED) { result |= SigExpired; } if (sigsum & GPGME_SIGSUM_KEY_MISSING) { result |= KeyMissing; } if (sigsum & GPGME_SIGSUM_CRL_MISSING) { result |= CrlMissing; } if (sigsum & GPGME_SIGSUM_CRL_TOO_OLD) { result |= CrlTooOld; } if (sigsum & GPGME_SIGSUM_BAD_POLICY) { result |= BadPolicy; } if (sigsum & GPGME_SIGSUM_SYS_ERROR) { result |= SysError; } if (sigsum & GPGME_SIGSUM_TOFU_CONFLICT) { result |= TofuConflict; } return static_cast(result); } const char *GpgME::Signature::fingerprint() const { return isNull() ? 0 : d->sigs[idx]->fpr ; } GpgME::Error GpgME::Signature::status() const { return Error(isNull() ? 0 : d->sigs[idx]->status); } time_t GpgME::Signature::creationTime() const { return static_cast(isNull() ? 0 : d->sigs[idx]->timestamp); } time_t GpgME::Signature::expirationTime() const { return static_cast(isNull() ? 0 : d->sigs[idx]->exp_timestamp); } bool GpgME::Signature::neverExpires() const { return expirationTime() == (time_t)0; } bool GpgME::Signature::isWrongKeyUsage() const { return !isNull() && d->sigs[idx]->wrong_key_usage; } bool GpgME::Signature::isVerifiedUsingChainModel() const { return !isNull() && d->sigs[idx]->chain_model; } +bool GpgME::Signature::isDeVs() const +{ + return !isNull() && d->sigs[idx]->is_de_vs; +} + GpgME::Signature::PKAStatus GpgME::Signature::pkaStatus() const { if (!isNull()) { return static_cast(d->sigs[idx]->pka_trust); } return UnknownPKAStatus; } const char *GpgME::Signature::pkaAddress() const { if (!isNull()) { return d->sigs[idx]->pka_address; } return 0; } GpgME::Signature::Validity GpgME::Signature::validity() const { if (isNull()) { return Unknown; } switch (d->sigs[idx]->validity) { default: case GPGME_VALIDITY_UNKNOWN: return Unknown; case GPGME_VALIDITY_UNDEFINED: return Undefined; case GPGME_VALIDITY_NEVER: return Never; case GPGME_VALIDITY_MARGINAL: return Marginal; case GPGME_VALIDITY_FULL: return Full; case GPGME_VALIDITY_ULTIMATE: return Ultimate; } } char GpgME::Signature::validityAsString() const { if (isNull()) { return '?'; } switch (d->sigs[idx]->validity) { default: case GPGME_VALIDITY_UNKNOWN: return '?'; case GPGME_VALIDITY_UNDEFINED: return 'q'; case GPGME_VALIDITY_NEVER: return 'n'; case GPGME_VALIDITY_MARGINAL: return 'm'; case GPGME_VALIDITY_FULL: return 'f'; case GPGME_VALIDITY_ULTIMATE: return 'u'; } } GpgME::Error GpgME::Signature::nonValidityReason() const { return Error(isNull() ? 0 : d->sigs[idx]->validity_reason); } unsigned int GpgME::Signature::publicKeyAlgorithm() const { if (!isNull()) { return d->sigs[idx]->pubkey_algo; } return 0; } const char *GpgME::Signature::publicKeyAlgorithmAsString() const { if (!isNull()) { return gpgme_pubkey_algo_name(d->sigs[idx]->pubkey_algo); } return 0; } unsigned int GpgME::Signature::hashAlgorithm() const { if (!isNull()) { return d->sigs[idx]->hash_algo; } return 0; } const char *GpgME::Signature::hashAlgorithmAsString() const { if (!isNull()) { return gpgme_hash_algo_name(d->sigs[idx]->hash_algo); } return 0; } const char *GpgME::Signature::policyURL() const { return isNull() ? 0 : d->purls[idx] ; } GpgME::Notation GpgME::Signature::notation(unsigned int nidx) const { return GpgME::Notation(d, idx, nidx); } std::vector GpgME::Signature::notations() const { if (isNull()) { return std::vector(); } std::vector result; result.reserve(d->nota[idx].size()); for (unsigned int i = 0 ; i < d->nota[idx].size() ; ++i) { result.push_back(GpgME::Notation(d, idx, i)); } return result; } GpgME::Key GpgME::Signature::key() const { if (isNull()) { return Key(); } return d->keys[idx]; } GpgME::Key GpgME::Signature::key(bool search, bool update) const { if (isNull()) { return Key(); } GpgME::Key ret = key(); if (ret.isNull() && search) { auto ctx = Context::createForProtocol (d->proto); if (ctx) { ctx->setKeyListMode(KeyListMode::Local | KeyListMode::Signatures | KeyListMode::SignatureNotations | KeyListMode::Validate | KeyListMode::WithTofu); Error e; ret = d->keys[idx] = ctx->key(fingerprint(), e, false); delete ctx; } } if (update) { d->keys[idx].update(); ret = d->keys[idx]; } return ret; } class GpgME::Notation::Private { public: Private() : d(), sidx(0), nidx(0), nota(0) {} Private(const std::shared_ptr &priv, unsigned int sindex, unsigned int nindex) : d(priv), sidx(sindex), nidx(nindex), nota(0) { } Private(gpgme_sig_notation_t n) : d(), sidx(0), nidx(0), nota(n ? new _gpgme_sig_notation(*n) : 0) { if (nota && nota->name) { nota->name = strdup(nota->name); } if (nota && nota->value) { nota->value = strdup(nota->value); } } Private(const Private &other) : d(other.d), sidx(other.sidx), nidx(other.nidx), nota(other.nota) { if (nota) { nota->name = strdup(nota->name); nota->value = strdup(nota->value); } } ~Private() { if (nota) { std::free(nota->name); nota->name = 0; std::free(nota->value); nota->value = 0; delete nota; } } std::shared_ptr d; unsigned int sidx, nidx; gpgme_sig_notation_t nota; }; GpgME::Notation::Notation(const std::shared_ptr &parent, unsigned int sindex, unsigned int nindex) : d(new Private(parent, sindex, nindex)) { } GpgME::Notation::Notation(gpgme_sig_notation_t nota) : d(new Private(nota)) { } GpgME::Notation::Notation() : d() {} bool GpgME::Notation::isNull() const { if (!d) { return true; } if (d->d) { return d->sidx >= d->d->nota.size() || d->nidx >= d->d->nota[d->sidx].size() ; } return !d->nota; } const char *GpgME::Notation::name() const { return isNull() ? 0 : d->d ? d->d->nota[d->sidx][d->nidx].name : d->nota ? d->nota->name : 0 ; } const char *GpgME::Notation::value() const { return isNull() ? 0 : d->d ? d->d->nota[d->sidx][d->nidx].value : d->nota ? d->nota->value : 0 ; } GpgME::Notation::Flags GpgME::Notation::flags() const { return convert_from_gpgme_sig_notation_flags_t( isNull() ? 0 : d->d ? d->d->nota[d->sidx][d->nidx].flags : d->nota ? d->nota->flags : 0); } bool GpgME::Notation::isHumanReadable() const { return flags() & HumanReadable; } bool GpgME::Notation::isCritical() const { return flags() & Critical; } std::ostream &GpgME::operator<<(std::ostream &os, const VerificationResult &result) { os << "GpgME::VerificationResult("; if (!result.isNull()) { os << "\n error: " << result.error() << "\n fileName: " << protect(result.fileName()) << "\n signatures:\n"; const std::vector sigs = result.signatures(); std::copy(sigs.begin(), sigs.end(), std::ostream_iterator(os, "\n")); } return os << ')'; } std::ostream &GpgME::operator<<(std::ostream &os, Signature::PKAStatus pkaStatus) { #define OUTPUT( x ) if ( !(pkaStatus & (GpgME::Signature:: x)) ) {} else do { os << #x " "; } while(0) os << "GpgME::Signature::PKAStatus("; OUTPUT(UnknownPKAStatus); OUTPUT(PKAVerificationFailed); OUTPUT(PKAVerificationSucceeded); #undef OUTPUT return os << ')'; } std::ostream &GpgME::operator<<(std::ostream &os, Signature::Summary summary) { #define OUTPUT( x ) if ( !(summary & (GpgME::Signature:: x)) ) {} else do { os << #x " "; } while(0) os << "GpgME::Signature::Summary("; OUTPUT(Valid); OUTPUT(Green); OUTPUT(Red); OUTPUT(KeyRevoked); OUTPUT(KeyExpired); OUTPUT(SigExpired); OUTPUT(KeyMissing); OUTPUT(CrlMissing); OUTPUT(CrlTooOld); OUTPUT(BadPolicy); OUTPUT(SysError); OUTPUT(TofuConflict); #undef OUTPUT return os << ')'; } std::ostream &GpgME::operator<<(std::ostream &os, const Signature &sig) { os << "GpgME::Signature("; if (!sig.isNull()) { os << "\n Summary: " << sig.summary() << "\n Fingerprint: " << protect(sig.fingerprint()) << "\n Status: " << sig.status() << "\n creationTime: " << sig.creationTime() << "\n expirationTime: " << sig.expirationTime() << "\n isWrongKeyUsage: " << sig.isWrongKeyUsage() << "\n isVerifiedUsingChainModel: " << sig.isVerifiedUsingChainModel() << "\n pkaStatus: " << sig.pkaStatus() << "\n pkaAddress: " << protect(sig.pkaAddress()) << "\n validity: " << sig.validityAsString() << "\n nonValidityReason: " << sig.nonValidityReason() << "\n publicKeyAlgorithm: " << protect(sig.publicKeyAlgorithmAsString()) << "\n hashAlgorithm: " << protect(sig.hashAlgorithmAsString()) << "\n policyURL: " << protect(sig.policyURL()) << "\n notations:\n"; const std::vector nota = sig.notations(); std::copy(nota.begin(), nota.end(), std::ostream_iterator(os, "\n")); } return os << ')'; } std::ostream &GpgME::operator<<(std::ostream &os, Notation::Flags flags) { os << "GpgME::Notation::Flags("; #define OUTPUT( x ) if ( !(flags & (GpgME::Notation:: x)) ) {} else do { os << #x " "; } while(0) OUTPUT(HumanReadable); OUTPUT(Critical); #undef OUTPUT return os << ')'; } std::ostream &GpgME::operator<<(std::ostream &os, const Notation ¬a) { os << "GpgME::Signature::Notation("; if (!nota.isNull()) { os << "\n name: " << protect(nota.name()) << "\n value: " << protect(nota.value()) << "\n flags: " << nota.flags() << '\n'; } return os << ")"; } diff --git a/lang/cpp/src/verificationresult.h b/lang/cpp/src/verificationresult.h index 765fb79d..3f6299ca 100644 --- a/lang/cpp/src/verificationresult.h +++ b/lang/cpp/src/verificationresult.h @@ -1,203 +1,204 @@ /* verificationresult.h - wraps a gpgme verify result Copyright (C) 2004 Klarälvdalens Datakonsult AB 2016 Bundesamt für Sicherheit in der Informationstechnik Software engineering by Intevation GmbH This file is part of GPGME++. GPGME++ is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. GPGME++ is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with GPGME++; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ #ifndef __GPGMEPP_VERIFICATIONRESULT_H__ #define __GPGMEPP_VERIFICATIONRESULT_H__ #include "gpgmefw.h" #include "result.h" #include "gpgmepp_export.h" #include #include #include #include namespace GpgME { class Error; class Signature; class Notation; class Key; class GPGMEPP_EXPORT VerificationResult : public Result { public: VerificationResult(); VerificationResult(gpgme_ctx_t ctx, int error); VerificationResult(gpgme_ctx_t ctx, const Error &error); explicit VerificationResult(const Error &err); const VerificationResult &operator=(VerificationResult other) { swap(other); return *this; } void swap(VerificationResult &other) { Result::swap(other); using std::swap; swap(this->d, other.d); } bool isNull() const; const char *fileName() const; unsigned int numSignatures() const; Signature signature(unsigned int index) const; std::vector signatures() const; class Private; private: void init(gpgme_ctx_t ctx); std::shared_ptr d; }; GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const VerificationResult &result); class GPGMEPP_EXPORT Signature { friend class ::GpgME::VerificationResult; Signature(const std::shared_ptr &parent, unsigned int index); public: typedef GPGMEPP_DEPRECATED GpgME::Notation Notation; Signature(); const Signature &operator=(Signature other) { swap(other); return *this; } void swap(Signature &other) { using std::swap; swap(this->d, other.d); swap(this->idx, other.idx); } bool isNull() const; enum Summary { None = 0x000, Valid = 0x001, Green = 0x002, Red = 0x004, KeyRevoked = 0x008, KeyExpired = 0x010, SigExpired = 0x020, KeyMissing = 0x040, CrlMissing = 0x080, CrlTooOld = 0x100, BadPolicy = 0x200, SysError = 0x400, TofuConflict= 0x800 }; Summary summary() const; const char *fingerprint() const; Error status() const; time_t creationTime() const; time_t expirationTime() const; bool neverExpires() const; GPGMEPP_DEPRECATED bool wrongKeyUsage() const { return isWrongKeyUsage(); } bool isWrongKeyUsage() const; bool isVerifiedUsingChainModel() const; + bool isDeVs() const; enum PKAStatus { UnknownPKAStatus, PKAVerificationFailed, PKAVerificationSucceeded }; PKAStatus pkaStatus() const; const char *pkaAddress() const; enum Validity { Unknown, Undefined, Never, Marginal, Full, Ultimate }; Validity validity() const; char validityAsString() const; Error nonValidityReason() const; unsigned int publicKeyAlgorithm() const; const char *publicKeyAlgorithmAsString() const; unsigned int hashAlgorithm() const; const char *hashAlgorithmAsString() const; const char *policyURL() const; GpgME::Notation notation(unsigned int index) const; std::vector notations() const; /** Returns the key object associated with this signature. * May be incomplete but will have at least the fingerprint * set or the associated TOFU Information if applicable. */ GpgME::Key key() const; /* Search / Update the key of this signature. * * Same as above but if search is set to true this will * either update the key provided by the engine or search * the key in the engine. The key is cached. * * As this involves an engine call it might take some time * to finish so it should be avoided to do this in a UI * thread. The result will be cached and no engine call * will be done if update is set to false and a key is * already cached. * * If no key was provided by the engine this will look * up the key so this call might block while the engine * is called to obtain the key. * * If both search and update are false this is the same * as calling key() */ GpgME::Key key(bool search, bool update) const; private: std::shared_ptr d; unsigned int idx; }; GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const Signature &sig); GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, Signature::PKAStatus pkaStatus); GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, Signature::Summary summary); } GPGMEPP_MAKE_STD_SWAP_SPECIALIZATION(VerificationResult) GPGMEPP_MAKE_STD_SWAP_SPECIALIZATION(Signature) #endif // __GPGMEPP_VERIFICATIONRESULT_H__ diff --git a/lang/python/src/results.py b/lang/python/src/results.py index 46ebeec6..bfd0f683 100644 --- a/lang/python/src/results.py +++ b/lang/python/src/results.py @@ -1,118 +1,118 @@ # Robust result objects # # Copyright (C) 2016 g10 Code GmbH # # This file is part of GPGME. # # GPGME is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation; either version 2.1 of the # License, or (at your option) any later version. # # GPGME is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General # Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . from __future__ import absolute_import, print_function, unicode_literals del absolute_import, print_function, unicode_literals """Robust result objects Results returned by the underlying library are fragile, i.e. they are only valid until the next operation is performed in the context. We cannot arbitrarily constrain the lifetime of Python objects, we therefore create deep copies of the results. """ class Result(object): """Result object Describes the result of an operation. """ """Convert to types""" _type = {} """Map functions over list attributes""" _map = {} """Automatically copy unless blacklisted""" _blacklist = { 'acquire', 'append', 'disown', 'next', 'own', 'this', 'thisown', } def __init__(self, fragile): for key, func in self._type.items(): if hasattr(fragile, key): setattr(self, key, func(getattr(fragile, key))) for key, func in self._map.items(): if hasattr(fragile, key): setattr(self, key, list(map(func, getattr(fragile, key)))) for key in dir(fragile): if key.startswith('_') or key in self._blacklist: continue if hasattr(self, key): continue setattr(self, key, getattr(fragile, key)) def __repr__(self): return '{}({})'.format( self.__class__.__name__, ', '.join('{}={!r}'.format(k, getattr(self, k)) for k in dir(self) if not k.startswith('_'))) class InvalidKey(Result): pass class EncryptResult(Result): _map = dict(invalid_recipients=InvalidKey) class Recipient(Result): pass class DecryptResult(Result): - _type = dict(wrong_key_usage=bool) + _type = dict(wrong_key_usage=bool, is_de_vs=bool) _map = dict(recipients=Recipient) class NewSignature(Result): pass class SignResult(Result): _map = dict(invalid_signers=InvalidKey, signatures=NewSignature) class Notation(Result): pass class Signature(Result): - _type = dict(wrong_key_usage=bool, chain_model=bool) + _type = dict(wrong_key_usage=bool, chain_model=bool, is_de_vs=bool) _map = dict(notations=Notation) class VerifyResult(Result): _map = dict(signatures=Signature) class ImportStatus(Result): pass class ImportResult(Result): _map = dict(imports=ImportStatus) class GenkeyResult(Result): _type = dict(primary=bool, sub=bool) class KeylistResult(Result): _type = dict(truncated=bool) class VFSMountResult(Result): pass class EngineInfo(Result): pass diff --git a/src/decrypt.c b/src/decrypt.c index f30f80f6..3b189093 100644 --- a/src/decrypt.c +++ b/src/decrypt.c @@ -1,439 +1,443 @@ /* decrypt.c - Decrypt function. Copyright (C) 2000 Werner Koch (dd9jn) Copyright (C) 2001, 2002, 2003, 2004 g10 Code GmbH This file is part of GPGME. GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #if HAVE_CONFIG_H #include #endif #include #include #include #include #include "debug.h" #include "gpgme.h" #include "util.h" #include "context.h" #include "ops.h" typedef struct { struct _gpgme_op_decrypt_result result; /* The error code from a FAILURE status line or 0. */ gpg_error_t failure_code; int okay; int failed; /* A pointer to the next pointer of the last recipient in the list. This makes appending new invalid signers painless while preserving the order. */ gpgme_recipient_t *last_recipient_p; } *op_data_t; static void release_op_data (void *hook) { op_data_t opd = (op_data_t) hook; gpgme_recipient_t recipient = opd->result.recipients; if (opd->result.unsupported_algorithm) free (opd->result.unsupported_algorithm); if (opd->result.file_name) free (opd->result.file_name); if (opd->result.session_key) free (opd->result.session_key); while (recipient) { gpgme_recipient_t next = recipient->next; free (recipient); recipient = next; } } gpgme_decrypt_result_t gpgme_op_decrypt_result (gpgme_ctx_t ctx) { void *hook; op_data_t opd; gpgme_error_t err; TRACE_BEG (DEBUG_CTX, "gpgme_op_decrypt_result", ctx); err = _gpgme_op_data_lookup (ctx, OPDATA_DECRYPT, &hook, -1, NULL); opd = hook; if (err || !opd) { TRACE_SUC0 ("result=(null)"); return NULL; } if (_gpgme_debug_trace ()) { gpgme_recipient_t rcp; if (opd->result.unsupported_algorithm) { TRACE_LOG1 ("result: unsupported_algorithm: %s", opd->result.unsupported_algorithm); } if (opd->result.wrong_key_usage) { TRACE_LOG ("result: wrong key usage"); } rcp = opd->result.recipients; while (rcp) { TRACE_LOG3 ("result: recipient: keyid=%s, pubkey_algo=%i, " "status=%s", rcp->keyid, rcp->pubkey_algo, gpg_strerror (rcp->status)); rcp = rcp->next; } if (opd->result.file_name) { TRACE_LOG1 ("result: original file name: %s", opd->result.file_name); } } TRACE_SUC1 ("result=%p", &opd->result); return &opd->result; } static gpgme_error_t parse_enc_to (char *args, gpgme_recipient_t *recp, gpgme_protocol_t protocol) { gpgme_recipient_t rec; char *tail; int i; rec = malloc (sizeof (*rec)); if (!rec) return gpg_error_from_syserror (); rec->next = NULL; rec->keyid = rec->_keyid; rec->status = 0; for (i = 0; i < sizeof (rec->_keyid) - 1; i++) { if (args[i] == '\0' || args[i] == ' ') break; rec->_keyid[i] = args[i]; } rec->_keyid[i] = '\0'; args = &args[i]; if (*args != '\0' && *args != ' ') { free (rec); return trace_gpg_error (GPG_ERR_INV_ENGINE); } while (*args == ' ') args++; if (*args) { gpg_err_set_errno (0); rec->pubkey_algo = _gpgme_map_pk_algo (strtol (args, &tail, 0), protocol); if (errno || args == tail || *tail != ' ') { /* The crypto backend does not behave. */ free (rec); return trace_gpg_error (GPG_ERR_INV_ENGINE); } } /* FIXME: The key length is always 0 right now, so no need to parse it. */ *recp = rec; return 0; } gpgme_error_t _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code, char *args) { gpgme_ctx_t ctx = (gpgme_ctx_t) priv; gpgme_error_t err; void *hook; op_data_t opd; err = _gpgme_passphrase_status_handler (priv, code, args); if (err) return err; err = _gpgme_op_data_lookup (ctx, OPDATA_DECRYPT, &hook, -1, NULL); opd = hook; if (err) return err; switch (code) { case GPGME_STATUS_FAILURE: opd->failure_code = _gpgme_parse_failure (args); break; case GPGME_STATUS_EOF: /* FIXME: These error values should probably be attributed to the underlying crypto engine (as error source). */ if (opd->failed) return gpg_error (GPG_ERR_DECRYPT_FAILED); else if (!opd->okay) return gpg_error (GPG_ERR_NO_DATA); else if (opd->failure_code) return opd->failure_code; break; case GPGME_STATUS_DECRYPTION_INFO: /* Fixme: Provide a way to return the used symmetric algorithm. */ break; case GPGME_STATUS_DECRYPTION_OKAY: opd->okay = 1; break; case GPGME_STATUS_DECRYPTION_FAILED: opd->failed = 1; break; case GPGME_STATUS_ERROR: /* Note that this is an informational status code which should not lead to an error return unless it is something not related to the backend. */ { const char d_alg[] = "decrypt.algorithm"; const char k_alg[] = "decrypt.keyusage"; if (!strncmp (args, d_alg, sizeof (d_alg) - 1)) { args += sizeof (d_alg) - 1; while (*args == ' ') args++; if (gpg_err_code (atoi (args)) == GPG_ERR_UNSUPPORTED_ALGORITHM) { char *end; while (*args && *args != ' ') args++; while (*args == ' ') args++; end = strchr (args, ' '); if (end) *end = '\0'; if (!(*args == '?' && *(args + 1) == '\0')) { opd->result.unsupported_algorithm = strdup (args); if (!opd->result.unsupported_algorithm) return gpg_error_from_syserror (); } } } else if (!strncmp (args, k_alg, sizeof (k_alg) - 1)) { args += sizeof (k_alg) - 1; while (*args == ' ') args++; if (gpg_err_code (atoi (args)) == GPG_ERR_WRONG_KEY_USAGE) opd->result.wrong_key_usage = 1; } } break; case GPGME_STATUS_ENC_TO: err = parse_enc_to (args, opd->last_recipient_p, ctx->protocol); if (err) return err; opd->last_recipient_p = &(*opd->last_recipient_p)->next; break; case GPGME_STATUS_SESSION_KEY: if (opd->result.session_key) free (opd->result.session_key); opd->result.session_key = strdup(args); break; case GPGME_STATUS_NO_SECKEY: { gpgme_recipient_t rec = opd->result.recipients; while (rec) { if (!strcmp (rec->keyid, args)) { rec->status = gpg_error (GPG_ERR_NO_SECKEY); break; } rec = rec->next; } /* FIXME: Is this ok? */ if (!rec) return trace_gpg_error (GPG_ERR_INV_ENGINE); } break; case GPGME_STATUS_PLAINTEXT: err = _gpgme_parse_plaintext (args, &opd->result.file_name); if (err) return err; break; case GPGME_STATUS_INQUIRE_MAXLEN: if (ctx->status_cb && !ctx->full_status) { err = ctx->status_cb (ctx->status_cb_value, "INQUIRE_MAXLEN", args); if (err) return err; } break; + case GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE: + PARSE_COMPLIANCE_FLAGS (args, &opd->result); + break; + default: break; } return 0; } static gpgme_error_t decrypt_status_handler (void *priv, gpgme_status_code_t code, char *args) { gpgme_error_t err; err = _gpgme_progress_status_handler (priv, code, args); if (!err) err = _gpgme_decrypt_status_handler (priv, code, args); return err; } gpgme_error_t _gpgme_op_decrypt_init_result (gpgme_ctx_t ctx) { gpgme_error_t err; void *hook; op_data_t opd; err = _gpgme_op_data_lookup (ctx, OPDATA_DECRYPT, &hook, sizeof (*opd), release_op_data); opd = hook; if (err) return err; opd->last_recipient_p = &opd->result.recipients; return 0; } gpgme_error_t _gpgme_decrypt_start (gpgme_ctx_t ctx, int synchronous, gpgme_decrypt_flags_t flags, gpgme_data_t cipher, gpgme_data_t plain) { gpgme_error_t err; assert (!(flags & GPGME_DECRYPT_VERIFY)); err = _gpgme_op_reset (ctx, synchronous); if (err) return err; err = _gpgme_op_decrypt_init_result (ctx); if (err) return err; if (!cipher) return gpg_error (GPG_ERR_NO_DATA); if (!plain) return gpg_error (GPG_ERR_INV_VALUE); if (err) return err; if (ctx->passphrase_cb) { err = _gpgme_engine_set_command_handler (ctx->engine, _gpgme_passphrase_command_handler, ctx, NULL); if (err) return err; } _gpgme_engine_set_status_handler (ctx->engine, decrypt_status_handler, ctx); return _gpgme_engine_op_decrypt (ctx->engine, flags, cipher, plain, ctx->export_session_keys, ctx->override_session_key); } gpgme_error_t gpgme_op_decrypt_start (gpgme_ctx_t ctx, gpgme_data_t cipher, gpgme_data_t plain) { gpgme_error_t err; TRACE_BEG2 (DEBUG_CTX, "gpgme_op_decrypt_start", ctx, "cipher=%p, plain=%p", cipher, plain); if (!ctx) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); err = _gpgme_decrypt_start (ctx, 0, 0, cipher, plain); return TRACE_ERR (err); } /* Decrypt ciphertext CIPHER within CTX and store the resulting plaintext in PLAIN. */ gpgme_error_t gpgme_op_decrypt (gpgme_ctx_t ctx, gpgme_data_t cipher, gpgme_data_t plain) { gpgme_error_t err; TRACE_BEG2 (DEBUG_CTX, "gpgme_op_decrypt", ctx, "cipher=%p, plain=%p", cipher, plain); if (!ctx) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); err = _gpgme_decrypt_start (ctx, 1, 0, cipher, plain); if (!err) err = _gpgme_wait_one (ctx); return TRACE_ERR (err); } diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 24b21e7d..867219a4 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1,2721 +1,2730 @@ /* gpgme.h - Public interface to GnuPG Made Easy. -*- c -*- * Copyright (C) 2000 Werner Koch (dd9jn) * Copyright (C) 2001-2017 g10 Code GmbH * * This file is part of GPGME. * * GPGME is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * GPGME is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, see . * * Generated from gpgme.h.in for @GPGME_CONFIG_HOST@. */ #ifndef GPGME_H #define GPGME_H /* Include stdio.h for the FILE type definition. */ #include #include #include #ifdef __cplusplus extern "C" { #if 0 /*(Make Emacsen's auto-indent happy.)*/ } #endif #endif /* __cplusplus */ /* The version of this header should match the one of the library. Do not use this symbol in your application, use gpgme_check_version instead. The purpose of this macro is to let autoconf (using the AM_PATH_GPGME macro) check that this header matches the installed library. */ #define GPGME_VERSION "@PACKAGE_VERSION@" /* The version number of this header. It may be used to handle minor API incompatibilities. */ #define GPGME_VERSION_NUMBER @VERSION_NUMBER@ /* System specific typedefs. */ @INSERT__TYPEDEFS_FOR_GPGME_H@ /* * Check for compiler features. */ #ifdef GPGRT_INLINE # define _GPGME_INLINE GPGRT_INLINE #elif defined(__GNUC__) # define _GPGME_INLINE __inline__ #elif defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L # define _GPGME_INLINE inline #else # define _GPGME_INLINE #endif /* The deprecated macro takes the version number of GPGME which * introduced the deprecation as parameter for documentation. */ #ifdef GPGRT_ATTR_DEPRECATED # define _GPGME_DEPRECATED(a,b) GPGRT_ATTR_DEPRECATED #elif defined(__GNUC__) # define _GPGME_GCC_VERSION (__GNUC__ * 10000 \ + __GNUC_MINOR__ * 100 \ + __GNUC_PATCHLEVEL__) # if _GPGME_GCC_VERSION > 30100 # define _GPGME_DEPRECATED(a,b) __attribute__ ((__deprecated__)) # else # define _GPGME_DEPRECATED(a,b) # endif #else # define _GPGME_DEPRECATED(a,b) #endif /* The macro _GPGME_DEPRECATED_OUTSIDE_GPGME suppresses warnings for fields we must access in GPGME for ABI compatibility. */ #ifdef _GPGME_IN_GPGME #define _GPGME_DEPRECATED_OUTSIDE_GPGME(a,b) #else #define _GPGME_DEPRECATED_OUTSIDE_GPGME(a,b) _GPGME_DEPRECATED(a,b) #endif /* Check for a matching _FILE_OFFSET_BITS definition. */ #if @NEED__FILE_OFFSET_BITS@ #ifndef _FILE_OFFSET_BITS #error GPGME was compiled with _FILE_OFFSET_BITS = @NEED__FILE_OFFSET_BITS@, please see the section "Largefile support (LFS)" in the GPGME manual. #else #if (_FILE_OFFSET_BITS) != (@NEED__FILE_OFFSET_BITS@) #error GPGME was compiled with a different value for _FILE_OFFSET_BITS, namely @NEED__FILE_OFFSET_BITS@, please see the section "Largefile support (LFS)" in the GPGME manual. #endif #endif #endif /* * Some opaque data types used by GPGME. */ /* The context holds some global state and configuration options, as well as the results of a crypto operation. */ struct gpgme_context; typedef struct gpgme_context *gpgme_ctx_t; /* The data object is used by GPGME to exchange arbitrary data. */ struct gpgme_data; typedef struct gpgme_data *gpgme_data_t; /* * Wrappers for the libgpg-error library. */ typedef gpg_error_t gpgme_error_t; typedef gpg_err_code_t gpgme_err_code_t; typedef gpg_err_source_t gpgme_err_source_t; static _GPGME_INLINE gpgme_error_t gpgme_err_make (gpgme_err_source_t source, gpgme_err_code_t code) { return gpg_err_make (source, code); } /* The user can define GPGME_ERR_SOURCE_DEFAULT before including this file to specify a default source for gpgme_error. */ #ifndef GPGME_ERR_SOURCE_DEFAULT #define GPGME_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_USER_1 #endif static _GPGME_INLINE gpgme_error_t gpgme_error (gpgme_err_code_t code) { return gpgme_err_make (GPGME_ERR_SOURCE_DEFAULT, code); } static _GPGME_INLINE gpgme_err_code_t gpgme_err_code (gpgme_error_t err) { return gpg_err_code (err); } static _GPGME_INLINE gpgme_err_source_t gpgme_err_source (gpgme_error_t err) { return gpg_err_source (err); } /* Return a pointer to a string containing a description of the error code in the error value ERR. This function is not thread safe. */ const char *gpgme_strerror (gpgme_error_t err); /* Return the error string for ERR in the user-supplied buffer BUF of size BUFLEN. This function is, in contrast to gpg_strerror, thread-safe if a thread-safe strerror_r() function is provided by the system. If the function succeeds, 0 is returned and BUF contains the string describing the error. If the buffer was not large enough, ERANGE is returned and BUF contains as much of the beginning of the error string as fits into the buffer. */ int gpgme_strerror_r (gpg_error_t err, char *buf, size_t buflen); /* Return a pointer to a string containing a description of the error source in the error value ERR. */ const char *gpgme_strsource (gpgme_error_t err); /* Retrieve the error code for the system error ERR. This returns GPG_ERR_UNKNOWN_ERRNO if the system error is not mapped (report this). */ gpgme_err_code_t gpgme_err_code_from_errno (int err); /* Retrieve the system error for the error code CODE. This returns 0 if CODE is not a system error code. */ int gpgme_err_code_to_errno (gpgme_err_code_t code); /* Retrieve the error code directly from the ERRNO variable. This returns GPG_ERR_UNKNOWN_ERRNO if the system error is not mapped (report this) and GPG_ERR_MISSING_ERRNO if ERRNO has the value 0. */ gpgme_err_code_t gpgme_err_code_from_syserror (void); /* Set the ERRNO variable. This function is the preferred way to set ERRNO due to peculiarities on WindowsCE. */ void gpgme_err_set_errno (int err); /* Return an error value with the error source SOURCE and the system error ERR. FIXME: Should be inline. */ gpgme_error_t gpgme_err_make_from_errno (gpgme_err_source_t source, int err); /* Return an error value with the system error ERR. FIXME: Should be inline. */ gpgme_error_t gpgme_error_from_errno (int err); static _GPGME_INLINE gpgme_error_t gpgme_error_from_syserror (void) { return gpgme_error (gpgme_err_code_from_syserror ()); } /* * Various constants and types */ /* The possible encoding mode of gpgme_data_t objects. */ typedef enum { GPGME_DATA_ENCODING_NONE = 0, /* Not specified. */ GPGME_DATA_ENCODING_BINARY = 1, GPGME_DATA_ENCODING_BASE64 = 2, GPGME_DATA_ENCODING_ARMOR = 3, /* Either PEM or OpenPGP Armor. */ GPGME_DATA_ENCODING_URL = 4, /* LF delimited URL list. */ GPGME_DATA_ENCODING_URLESC = 5, /* Ditto, but percent escaped. */ GPGME_DATA_ENCODING_URL0 = 6, /* Nul delimited URL list. */ GPGME_DATA_ENCODING_MIME = 7 /* Data is a MIME part. */ } gpgme_data_encoding_t; /* Known data types. */ typedef enum { GPGME_DATA_TYPE_INVALID = 0, /* Not detected. */ GPGME_DATA_TYPE_UNKNOWN = 1, GPGME_DATA_TYPE_PGP_SIGNED = 0x10, GPGME_DATA_TYPE_PGP_ENCRYPTED= 0x11, GPGME_DATA_TYPE_PGP_OTHER = 0x12, GPGME_DATA_TYPE_PGP_KEY = 0x13, GPGME_DATA_TYPE_PGP_SIGNATURE= 0x18, /* Detached signature */ GPGME_DATA_TYPE_CMS_SIGNED = 0x20, GPGME_DATA_TYPE_CMS_ENCRYPTED= 0x21, GPGME_DATA_TYPE_CMS_OTHER = 0x22, GPGME_DATA_TYPE_X509_CERT = 0x23, GPGME_DATA_TYPE_PKCS12 = 0x24, } gpgme_data_type_t; /* Public key algorithms. */ typedef enum { GPGME_PK_RSA = 1, GPGME_PK_RSA_E = 2, GPGME_PK_RSA_S = 3, GPGME_PK_ELG_E = 16, GPGME_PK_DSA = 17, GPGME_PK_ECC = 18, GPGME_PK_ELG = 20, GPGME_PK_ECDSA = 301, GPGME_PK_ECDH = 302, GPGME_PK_EDDSA = 303 } gpgme_pubkey_algo_t; /* Hash algorithms (the values match those from libgcrypt). */ typedef enum { GPGME_MD_NONE = 0, GPGME_MD_MD5 = 1, GPGME_MD_SHA1 = 2, GPGME_MD_RMD160 = 3, GPGME_MD_MD2 = 5, GPGME_MD_TIGER = 6, /* TIGER/192. */ GPGME_MD_HAVAL = 7, /* HAVAL, 5 pass, 160 bit. */ GPGME_MD_SHA256 = 8, GPGME_MD_SHA384 = 9, GPGME_MD_SHA512 = 10, GPGME_MD_SHA224 = 11, GPGME_MD_MD4 = 301, GPGME_MD_CRC32 = 302, GPGME_MD_CRC32_RFC1510 = 303, GPGME_MD_CRC24_RFC2440 = 304 } gpgme_hash_algo_t; /* The available signature modes. */ typedef enum { GPGME_SIG_MODE_NORMAL = 0, GPGME_SIG_MODE_DETACH = 1, GPGME_SIG_MODE_CLEAR = 2 } gpgme_sig_mode_t; /* The available validities for a trust item or key. */ typedef enum { GPGME_VALIDITY_UNKNOWN = 0, GPGME_VALIDITY_UNDEFINED = 1, GPGME_VALIDITY_NEVER = 2, GPGME_VALIDITY_MARGINAL = 3, GPGME_VALIDITY_FULL = 4, GPGME_VALIDITY_ULTIMATE = 5 } gpgme_validity_t; /* The TOFU policies. */ typedef enum { GPGME_TOFU_POLICY_NONE = 0, GPGME_TOFU_POLICY_AUTO = 1, GPGME_TOFU_POLICY_GOOD = 2, GPGME_TOFU_POLICY_UNKNOWN = 3, GPGME_TOFU_POLICY_BAD = 4, GPGME_TOFU_POLICY_ASK = 5 } gpgme_tofu_policy_t; /* The available protocols. */ typedef enum { GPGME_PROTOCOL_OpenPGP = 0, /* The default mode. */ GPGME_PROTOCOL_CMS = 1, GPGME_PROTOCOL_GPGCONF = 2, /* Special code for gpgconf. */ GPGME_PROTOCOL_ASSUAN = 3, /* Low-level access to an Assuan server. */ GPGME_PROTOCOL_G13 = 4, GPGME_PROTOCOL_UISERVER= 5, GPGME_PROTOCOL_SPAWN = 6, /* Direct access to any program. */ GPGME_PROTOCOL_DEFAULT = 254, GPGME_PROTOCOL_UNKNOWN = 255 } gpgme_protocol_t; /* Convenience macro for the surprisingly mixed spelling. */ #define GPGME_PROTOCOL_OPENPGP GPGME_PROTOCOL_OpenPGP /* The available keylist mode flags. */ #define GPGME_KEYLIST_MODE_LOCAL 1 #define GPGME_KEYLIST_MODE_EXTERN 2 #define GPGME_KEYLIST_MODE_SIGS 4 #define GPGME_KEYLIST_MODE_SIG_NOTATIONS 8 #define GPGME_KEYLIST_MODE_WITH_SECRET 16 #define GPGME_KEYLIST_MODE_WITH_TOFU 32 #define GPGME_KEYLIST_MODE_EPHEMERAL 128 #define GPGME_KEYLIST_MODE_VALIDATE 256 typedef unsigned int gpgme_keylist_mode_t; /* The pinentry modes. */ typedef enum { GPGME_PINENTRY_MODE_DEFAULT = 0, GPGME_PINENTRY_MODE_ASK = 1, GPGME_PINENTRY_MODE_CANCEL = 2, GPGME_PINENTRY_MODE_ERROR = 3, GPGME_PINENTRY_MODE_LOOPBACK = 4 } gpgme_pinentry_mode_t; /* The available export mode flags. */ #define GPGME_EXPORT_MODE_EXTERN 2 #define GPGME_EXPORT_MODE_MINIMAL 4 #define GPGME_EXPORT_MODE_SECRET 16 #define GPGME_EXPORT_MODE_RAW 32 #define GPGME_EXPORT_MODE_PKCS12 64 typedef unsigned int gpgme_export_mode_t; /* Flags for the audit log functions. */ #define GPGME_AUDITLOG_HTML 1 #define GPGME_AUDITLOG_WITH_HELP 128 /* The available signature notation flags. */ #define GPGME_SIG_NOTATION_HUMAN_READABLE 1 #define GPGME_SIG_NOTATION_CRITICAL 2 typedef unsigned int gpgme_sig_notation_flags_t; /* An object to hold information about notation data. This structure * shall be considered read-only and an application must not allocate * such a structure on its own. */ struct _gpgme_sig_notation { struct _gpgme_sig_notation *next; /* If NAME is a null pointer, then VALUE contains a policy URL rather than a notation. */ char *name; /* The value of the notation data. */ char *value; /* The length of the name of the notation data. */ int name_len; /* The length of the value of the notation data. */ int value_len; /* The accumulated flags. */ gpgme_sig_notation_flags_t flags; /* Notation data is human-readable. */ unsigned int human_readable : 1; /* Notation data is critical. */ unsigned int critical : 1; /* Internal to GPGME, do not use. */ int _unused : 30; }; typedef struct _gpgme_sig_notation *gpgme_sig_notation_t; /* * Public structures. */ /* The engine information structure. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_engine_info { struct _gpgme_engine_info *next; /* The protocol ID. */ gpgme_protocol_t protocol; /* The file name of the engine binary. */ char *file_name; /* The version string of the installed engine. */ char *version; /* The minimum version required for GPGME. */ const char *req_version; /* The home directory used, or NULL if default. */ char *home_dir; }; typedef struct _gpgme_engine_info *gpgme_engine_info_t; /* An object with TOFU information. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_tofu_info { struct _gpgme_tofu_info *next; /* The TOFU validity: * 0 := conflict * 1 := key without history * 2 := key with too little history * 3 := key with enough history for basic trust * 4 := key with a lot of history */ unsigned int validity : 3; /* The TOFU policy (gpgme_tofu_policy_t). */ unsigned int policy : 4; unsigned int _rfu : 25; /* Number of signatures seen for this binding. Capped at USHRT_MAX. */ unsigned short signcount; /* Number of encryptions done with this binding. Capped at USHRT_MAX. */ unsigned short encrcount; /* Number of seconds since Epoch when the first and the most * recently seen message were verified/decrypted. 0 means unknown. */ unsigned long signfirst; unsigned long signlast; unsigned long encrfirst; unsigned long encrlast; /* If non-NULL a human readable string summarizing the TOFU data. */ char *description; }; typedef struct _gpgme_tofu_info *gpgme_tofu_info_t; /* A subkey from a key. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_subkey { struct _gpgme_subkey *next; /* True if subkey is revoked. */ unsigned int revoked : 1; /* True if subkey is expired. */ unsigned int expired : 1; /* True if subkey is disabled. */ unsigned int disabled : 1; /* True if subkey is invalid. */ unsigned int invalid : 1; /* True if subkey can be used for encryption. */ unsigned int can_encrypt : 1; /* True if subkey can be used for signing. */ unsigned int can_sign : 1; /* True if subkey can be used for certification. */ unsigned int can_certify : 1; /* True if subkey is secret. */ unsigned int secret : 1; /* True if subkey can be used for authentication. */ unsigned int can_authenticate : 1; /* True if subkey is qualified for signatures according to German law. */ unsigned int is_qualified : 1; /* True if the secret key is stored on a smart card. */ unsigned int is_cardkey : 1; /* True if the key is compliant to the de-vs mode. */ unsigned int is_de_vs : 1; /* Internal to GPGME, do not use. */ unsigned int _unused : 20; /* Public key algorithm supported by this subkey. */ gpgme_pubkey_algo_t pubkey_algo; /* Length of the subkey. */ unsigned int length; /* The key ID of the subkey. */ char *keyid; /* Internal to GPGME, do not use. */ char _keyid[16 + 1]; /* The fingerprint of the subkey in hex digit form. */ char *fpr; /* The creation timestamp, -1 if invalid, 0 if not available. */ long int timestamp; /* The expiration timestamp, 0 if the subkey does not expire. */ long int expires; /* The serial number of a smart card holding this key or NULL. */ char *card_number; /* The name of the curve for ECC algorithms or NULL. */ char *curve; /* The keygrip of the subkey in hex digit form or NULL if not availabale. */ char *keygrip; }; typedef struct _gpgme_subkey *gpgme_subkey_t; /* A signature on a user ID. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_key_sig { struct _gpgme_key_sig *next; /* True if the signature is a revocation signature. */ unsigned int revoked : 1; /* True if the signature is expired. */ unsigned int expired : 1; /* True if the signature is invalid. */ unsigned int invalid : 1; /* True if the signature should be exported. */ unsigned int exportable : 1; /* Internal to GPGME, do not use. */ unsigned int _unused : 28; /* The public key algorithm used to create the signature. */ gpgme_pubkey_algo_t pubkey_algo; /* The key ID of key used to create the signature. */ char *keyid; /* Internal to GPGME, do not use. */ char _keyid[16 + 1]; /* The creation timestamp, -1 if invalid, 0 if not available. */ long int timestamp; /* The expiration timestamp, 0 if the subkey does not expire. */ long int expires; /* Same as in gpgme_signature_t. */ gpgme_error_t status; #ifdef __cplusplus unsigned int _obsolete_class _GPGME_DEPRECATED(0,4); #else /* Must be set to SIG_CLASS below. */ unsigned int class _GPGME_DEPRECATED_OUTSIDE_GPGME(0,4); #endif /* The user ID string. */ char *uid; /* The name part of the user ID. */ char *name; /* The email part of the user ID. */ char *email; /* The comment part of the user ID. */ char *comment; /* Crypto backend specific signature class. */ unsigned int sig_class; /* Notation data and policy URLs. */ gpgme_sig_notation_t notations; /* Internal to GPGME, do not use. */ gpgme_sig_notation_t _last_notation; }; typedef struct _gpgme_key_sig *gpgme_key_sig_t; /* An user ID from a key. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_user_id { struct _gpgme_user_id *next; /* True if the user ID is revoked. */ unsigned int revoked : 1; /* True if the user ID is invalid. */ unsigned int invalid : 1; /* Internal to GPGME, do not use. */ unsigned int _unused : 25; /* Origin of this user ID. */ unsigned int origin : 5; /* The validity of the user ID. */ gpgme_validity_t validity; /* The user ID string. */ char *uid; /* The name part of the user ID. */ char *name; /* The email part of the user ID. */ char *email; /* The comment part of the user ID. */ char *comment; /* The signatures of the user ID. */ gpgme_key_sig_t signatures; /* Internal to GPGME, do not use. */ gpgme_key_sig_t _last_keysig; /* The mail address (addr-spec from RFC5322) of the UID string. * This is general the same as the EMAIL part of this struct but * might be slightly different. If no mail address is available * NULL is stored. */ char *address; /* The malloced TOFU information or NULL. */ gpgme_tofu_info_t tofu; /* Time of the last refresh of thsi user id. 0 if unknown. */ unsigned long last_update; }; typedef struct _gpgme_user_id *gpgme_user_id_t; /* A key from the keyring. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_key { /* Internal to GPGME, do not use. */ unsigned int _refs; /* True if key is revoked. */ unsigned int revoked : 1; /* True if key is expired. */ unsigned int expired : 1; /* True if key is disabled. */ unsigned int disabled : 1; /* True if key is invalid. */ unsigned int invalid : 1; /* True if key can be used for encryption. */ unsigned int can_encrypt : 1; /* True if key can be used for signing. */ unsigned int can_sign : 1; /* True if key can be used for certification. */ unsigned int can_certify : 1; /* True if key is secret. */ unsigned int secret : 1; /* True if key can be used for authentication. */ unsigned int can_authenticate : 1; /* True if subkey is qualified for signatures according to German law. */ unsigned int is_qualified : 1; /* Internal to GPGME, do not use. */ unsigned int _unused : 17; /* Origin of this key. */ unsigned int origin : 5; /* This is the protocol supported by this key. */ gpgme_protocol_t protocol; /* If protocol is GPGME_PROTOCOL_CMS, this string contains the issuer serial. */ char *issuer_serial; /* If protocol is GPGME_PROTOCOL_CMS, this string contains the issuer name. */ char *issuer_name; /* If protocol is GPGME_PROTOCOL_CMS, this string contains the chain ID. */ char *chain_id; /* If protocol is GPGME_PROTOCOL_OpenPGP, this field contains the owner trust. */ gpgme_validity_t owner_trust; /* The subkeys of the key. */ gpgme_subkey_t subkeys; /* The user IDs of the key. */ gpgme_user_id_t uids; /* Internal to GPGME, do not use. */ gpgme_subkey_t _last_subkey; /* Internal to GPGME, do not use. */ gpgme_user_id_t _last_uid; /* The keylist mode that was active when listing the key. */ gpgme_keylist_mode_t keylist_mode; /* This field gives the fingerprint of the primary key. Note that * this is a copy of the FPR of the first subkey. We need it here * to allow for an incomplete key object. */ char *fpr; /* Time of the last refresh of the entire key. 0 if unknown. */ unsigned long last_update; }; typedef struct _gpgme_key *gpgme_key_t; /* An invalid key object. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_invalid_key { struct _gpgme_invalid_key *next; /* The string used to request the key. Despite the name this may * not be a fingerprint. */ char *fpr; /* The error code. */ gpgme_error_t reason; }; typedef struct _gpgme_invalid_key *gpgme_invalid_key_t; /* * Types for callback functions. */ /* Request a passphrase from the user. */ typedef gpgme_error_t (*gpgme_passphrase_cb_t) (void *hook, const char *uid_hint, const char *passphrase_info, int prev_was_bad, int fd); /* Inform the user about progress made. */ typedef void (*gpgme_progress_cb_t) (void *opaque, const char *what, int type, int current, int total); /* Status messages from gpg. */ typedef gpgme_error_t (*gpgme_status_cb_t) (void *opaque, const char *keyword, const char *args); /* Interact with the user about an edit operation. */ typedef gpgme_error_t (*gpgme_interact_cb_t) (void *opaque, const char *keyword, const char *args, int fd); /* * Context management functions. */ /* Create a new context and return it in CTX. */ gpgme_error_t gpgme_new (gpgme_ctx_t *ctx); /* Release the context CTX. */ void gpgme_release (gpgme_ctx_t ctx); /* Set the flag NAME for CTX to VALUE. */ gpgme_error_t gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value); /* Get the value of the flag NAME from CTX. */ const char *gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name); /* Set the protocol to be used by CTX to PROTO. */ gpgme_error_t gpgme_set_protocol (gpgme_ctx_t ctx, gpgme_protocol_t proto); /* Get the protocol used with CTX */ gpgme_protocol_t gpgme_get_protocol (gpgme_ctx_t ctx); /* Set the crypto protocol to be used by CTX to PROTO. gpgme_set_protocol actually sets the backend engine. This sets the crypto protocol used in engines that support more than one crypto prococol (for example, an UISERVER can support OpenPGP and CMS). This is reset to the default with gpgme_set_protocol. */ gpgme_error_t gpgme_set_sub_protocol (gpgme_ctx_t ctx, gpgme_protocol_t proto); /* Get the sub protocol. */ gpgme_protocol_t gpgme_get_sub_protocol (gpgme_ctx_t ctx); /* Get the string describing protocol PROTO, or NULL if invalid. */ const char *gpgme_get_protocol_name (gpgme_protocol_t proto); /* If YES is non-zero, enable armor mode in CTX, disable it otherwise. */ void gpgme_set_armor (gpgme_ctx_t ctx, int yes); /* Return non-zero if armor mode is set in CTX. */ int gpgme_get_armor (gpgme_ctx_t ctx); /* If YES is non-zero, enable text mode in CTX, disable it otherwise. */ void gpgme_set_textmode (gpgme_ctx_t ctx, int yes); /* Return non-zero if text mode is set in CTX. */ int gpgme_get_textmode (gpgme_ctx_t ctx); /* If YES is non-zero, enable offline mode in CTX, disable it otherwise. */ void gpgme_set_offline (gpgme_ctx_t ctx, int yes); /* Return non-zero if offline mode is set in CTX. */ int gpgme_get_offline (gpgme_ctx_t ctx); /* Use whatever the default of the backend crypto engine is. */ #define GPGME_INCLUDE_CERTS_DEFAULT -256 /* Include up to NR_OF_CERTS certificates in an S/MIME message. */ void gpgme_set_include_certs (gpgme_ctx_t ctx, int nr_of_certs); /* Return the number of certs to include in an S/MIME message. */ int gpgme_get_include_certs (gpgme_ctx_t ctx); /* Set keylist mode in CTX to MODE. */ gpgme_error_t gpgme_set_keylist_mode (gpgme_ctx_t ctx, gpgme_keylist_mode_t mode); /* Get keylist mode in CTX. */ gpgme_keylist_mode_t gpgme_get_keylist_mode (gpgme_ctx_t ctx); /* Set the pinentry mode for CTX to MODE. */ gpgme_error_t gpgme_set_pinentry_mode (gpgme_ctx_t ctx, gpgme_pinentry_mode_t mode); /* Get the pinentry mode of CTX. */ gpgme_pinentry_mode_t gpgme_get_pinentry_mode (gpgme_ctx_t ctx); /* Set the passphrase callback function in CTX to CB. HOOK_VALUE is passed as first argument to the passphrase callback function. */ void gpgme_set_passphrase_cb (gpgme_ctx_t ctx, gpgme_passphrase_cb_t cb, void *hook_value); /* Get the current passphrase callback function in *CB and the current hook value in *HOOK_VALUE. */ void gpgme_get_passphrase_cb (gpgme_ctx_t ctx, gpgme_passphrase_cb_t *cb, void **hook_value); /* Set the progress callback function in CTX to CB. HOOK_VALUE is passed as first argument to the progress callback function. */ void gpgme_set_progress_cb (gpgme_ctx_t c, gpgme_progress_cb_t cb, void *hook_value); /* Get the current progress callback function in *CB and the current hook value in *HOOK_VALUE. */ void gpgme_get_progress_cb (gpgme_ctx_t ctx, gpgme_progress_cb_t *cb, void **hook_value); /* Set the status callback function in CTX to CB. HOOK_VALUE is passed as first argument to the status callback function. */ void gpgme_set_status_cb (gpgme_ctx_t c, gpgme_status_cb_t cb, void *hook_value); /* Get the current status callback function in *CB and the current hook value in *HOOK_VALUE. */ void gpgme_get_status_cb (gpgme_ctx_t ctx, gpgme_status_cb_t *cb, void **hook_value); /* This function sets the locale for the context CTX, or the default locale if CTX is a null pointer. */ gpgme_error_t gpgme_set_locale (gpgme_ctx_t ctx, int category, const char *value); /* Get the information about the configured engines. A pointer to the first engine in the statically allocated linked list is returned. The returned data is valid until the next gpgme_ctx_set_engine_info. */ gpgme_engine_info_t gpgme_ctx_get_engine_info (gpgme_ctx_t ctx); /* Set the engine info for the context CTX, protocol PROTO, to the file name FILE_NAME and the home directory HOME_DIR. */ gpgme_error_t gpgme_ctx_set_engine_info (gpgme_ctx_t ctx, gpgme_protocol_t proto, const char *file_name, const char *home_dir); /* Delete all signers from CTX. */ void gpgme_signers_clear (gpgme_ctx_t ctx); /* Add KEY to list of signers in CTX. */ gpgme_error_t gpgme_signers_add (gpgme_ctx_t ctx, const gpgme_key_t key); /* Return the number of signers in CTX. */ unsigned int gpgme_signers_count (const gpgme_ctx_t ctx); /* Return the SEQth signer's key in CTX. */ gpgme_key_t gpgme_signers_enum (const gpgme_ctx_t ctx, int seq); /* Clear all notation data from the context. */ void gpgme_sig_notation_clear (gpgme_ctx_t ctx); /* Add the human-readable notation data with name NAME and value VALUE to the context CTX, using the flags FLAGS. If NAME is NULL, then VALUE should be a policy URL. The flag GPGME_SIG_NOTATION_HUMAN_READABLE is forced to be true for notation data, and false for policy URLs. */ gpgme_error_t gpgme_sig_notation_add (gpgme_ctx_t ctx, const char *name, const char *value, gpgme_sig_notation_flags_t flags); /* Get the sig notations for this context. */ gpgme_sig_notation_t gpgme_sig_notation_get (gpgme_ctx_t ctx); /* Store a sender address in the context. */ gpgme_error_t gpgme_set_sender (gpgme_ctx_t ctx, const char *address); /* Get the sender address from the context. */ const char *gpgme_get_sender (gpgme_ctx_t ctx); /* * Run control. */ /* The type of an I/O callback function. */ typedef gpgme_error_t (*gpgme_io_cb_t) (void *data, int fd); /* The type of a function that can register FNC as the I/O callback function for the file descriptor FD with direction dir (0: for writing, 1: for reading). FNC_DATA should be passed as DATA to FNC. The function should return a TAG suitable for the corresponding gpgme_remove_io_cb_t, and an error value. */ typedef gpgme_error_t (*gpgme_register_io_cb_t) (void *data, int fd, int dir, gpgme_io_cb_t fnc, void *fnc_data, void **tag); /* The type of a function that can remove a previously registered I/O callback function given TAG as returned by the register function. */ typedef void (*gpgme_remove_io_cb_t) (void *tag); typedef enum { GPGME_EVENT_START, GPGME_EVENT_DONE, GPGME_EVENT_NEXT_KEY, GPGME_EVENT_NEXT_TRUSTITEM } gpgme_event_io_t; struct gpgme_io_event_done_data { /* A fatal IPC error or an operational error in state-less protocols. */ gpgme_error_t err; /* An operational errors in session-based protocols. */ gpgme_error_t op_err; }; typedef struct gpgme_io_event_done_data *gpgme_io_event_done_data_t; /* The type of a function that is called when a context finished an operation. */ typedef void (*gpgme_event_io_cb_t) (void *data, gpgme_event_io_t type, void *type_data); struct gpgme_io_cbs { gpgme_register_io_cb_t add; void *add_priv; gpgme_remove_io_cb_t remove; gpgme_event_io_cb_t event; void *event_priv; }; typedef struct gpgme_io_cbs *gpgme_io_cbs_t; /* Set the I/O callback functions in CTX to IO_CBS. */ void gpgme_set_io_cbs (gpgme_ctx_t ctx, gpgme_io_cbs_t io_cbs); /* Get the current I/O callback functions. */ void gpgme_get_io_cbs (gpgme_ctx_t ctx, gpgme_io_cbs_t io_cbs); /* Wrappers around the internal I/O functions for use with gpgme_passphrase_cb_t and gpgme_interact_cb_t. */ @API__SSIZE_T@ gpgme_io_read (int fd, void *buffer, size_t count); @API__SSIZE_T@ gpgme_io_write (int fd, const void *buffer, size_t count); int gpgme_io_writen (int fd, const void *buffer, size_t count); /* Process the pending operation and, if HANG is non-zero, wait for the pending operation to finish. */ gpgme_ctx_t gpgme_wait (gpgme_ctx_t ctx, gpgme_error_t *status, int hang); gpgme_ctx_t gpgme_wait_ext (gpgme_ctx_t ctx, gpgme_error_t *status, gpgme_error_t *op_err, int hang); /* Cancel a pending asynchronous operation. */ gpgme_error_t gpgme_cancel (gpgme_ctx_t ctx); /* Cancel a pending operation asynchronously. */ gpgme_error_t gpgme_cancel_async (gpgme_ctx_t ctx); /* * Functions to handle data objects. */ /* Read up to SIZE bytes into buffer BUFFER from the data object with the handle HANDLE. Return the number of characters read, 0 on EOF and -1 on error. If an error occurs, errno is set. */ typedef @API__SSIZE_T@ (*gpgme_data_read_cb_t) (void *handle, void *buffer, size_t size); /* Write up to SIZE bytes from buffer BUFFER to the data object with the handle HANDLE. Return the number of characters written, or -1 on error. If an error occurs, errno is set. */ typedef @API__SSIZE_T@ (*gpgme_data_write_cb_t) (void *handle, const void *buffer, size_t size); /* Set the current position from where the next read or write starts in the data object with the handle HANDLE to OFFSET, relativ to WHENCE. Returns the new offset in bytes from the beginning of the data object. */ typedef @API__OFF_T@ (*gpgme_data_seek_cb_t) (void *handle, @API__OFF_T@ offset, int whence); /* Close the data object with the handle HANDLE. */ typedef void (*gpgme_data_release_cb_t) (void *handle); struct gpgme_data_cbs { gpgme_data_read_cb_t read; gpgme_data_write_cb_t write; gpgme_data_seek_cb_t seek; gpgme_data_release_cb_t release; }; typedef struct gpgme_data_cbs *gpgme_data_cbs_t; /* Read up to SIZE bytes into buffer BUFFER from the data object with the handle DH. Return the number of characters read, 0 on EOF and -1 on error. If an error occurs, errno is set. */ @API__SSIZE_T@ gpgme_data_read (gpgme_data_t dh, void *buffer, size_t size); /* Write up to SIZE bytes from buffer BUFFER to the data object with the handle DH. Return the number of characters written, or -1 on error. If an error occurs, errno is set. */ @API__SSIZE_T@ gpgme_data_write (gpgme_data_t dh, const void *buffer, size_t size); /* Set the current position from where the next read or write starts in the data object with the handle DH to OFFSET, relativ to WHENCE. Returns the new offset in bytes from the beginning of the data object. */ @API__OFF_T@ gpgme_data_seek (gpgme_data_t dh, @API__OFF_T@ offset, int whence); /* Create a new data buffer and return it in R_DH. */ gpgme_error_t gpgme_data_new (gpgme_data_t *r_dh); /* Destroy the data buffer DH. */ void gpgme_data_release (gpgme_data_t dh); /* Create a new data buffer filled with SIZE bytes starting from BUFFER. If COPY is zero, copying is delayed until necessary, and the data is taken from the original location when needed. */ gpgme_error_t gpgme_data_new_from_mem (gpgme_data_t *r_dh, const char *buffer, size_t size, int copy); /* Destroy the data buffer DH and return a pointer to its content. The memory has be to released with gpgme_free() by the user. It's size is returned in R_LEN. */ char *gpgme_data_release_and_get_mem (gpgme_data_t dh, size_t *r_len); /* Release the memory returned by gpgme_data_release_and_get_mem() and some other functions. */ void gpgme_free (void *buffer); gpgme_error_t gpgme_data_new_from_cbs (gpgme_data_t *dh, gpgme_data_cbs_t cbs, void *handle); gpgme_error_t gpgme_data_new_from_fd (gpgme_data_t *dh, int fd); gpgme_error_t gpgme_data_new_from_stream (gpgme_data_t *dh, FILE *stream); /* Return the encoding attribute of the data buffer DH */ gpgme_data_encoding_t gpgme_data_get_encoding (gpgme_data_t dh); /* Set the encoding attribute of data buffer DH to ENC */ gpgme_error_t gpgme_data_set_encoding (gpgme_data_t dh, gpgme_data_encoding_t enc); /* Get the file name associated with the data object with handle DH, or NULL if there is none. */ char *gpgme_data_get_file_name (gpgme_data_t dh); /* Set the file name associated with the data object with handle DH to FILE_NAME. */ gpgme_error_t gpgme_data_set_file_name (gpgme_data_t dh, const char *file_name); /* Set a flag for the data object DH. See the manual for details. */ gpg_error_t gpgme_data_set_flag (gpgme_data_t dh, const char *name, const char *value); /* Try to identify the type of the data in DH. */ gpgme_data_type_t gpgme_data_identify (gpgme_data_t dh, int reserved); /* Create a new data buffer filled with the content of file FNAME. COPY must be non-zero. For delayed read, please use gpgme_data_new_from_fd or gpgme_data_new_from_stream instead. */ gpgme_error_t gpgme_data_new_from_file (gpgme_data_t *r_dh, const char *fname, int copy); /* Create a new data buffer filled with LENGTH bytes starting from OFFSET within the file FNAME or stream FP (exactly one must be non-zero). */ gpgme_error_t gpgme_data_new_from_filepart (gpgme_data_t *r_dh, const char *fname, FILE *fp, @API__OFF_T@ offset, size_t length); /* Convenience function to do a gpgme_data_seek (dh, 0, SEEK_SET). */ gpgme_error_t gpgme_data_rewind (gpgme_data_t dh); /* * Key and trust functions. */ /* Get the key with the fingerprint FPR from the crypto backend. If SECRET is true, get the secret key. */ gpgme_error_t gpgme_get_key (gpgme_ctx_t ctx, const char *fpr, gpgme_key_t *r_key, int secret); /* Create a dummy key to specify an email address. */ gpgme_error_t gpgme_key_from_uid (gpgme_key_t *key, const char *name); /* Acquire a reference to KEY. */ void gpgme_key_ref (gpgme_key_t key); /* Release a reference to KEY. If this was the last one the key is destroyed. */ void gpgme_key_unref (gpgme_key_t key); void gpgme_key_release (gpgme_key_t key); /* * Encryption. */ /* An object to return results from an encryption operation. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_op_encrypt_result { /* The list of invalid recipients. */ gpgme_invalid_key_t invalid_recipients; }; typedef struct _gpgme_op_encrypt_result *gpgme_encrypt_result_t; /* Retrieve a pointer to the result of the encrypt operation. */ gpgme_encrypt_result_t gpgme_op_encrypt_result (gpgme_ctx_t ctx); /* The valid encryption flags. */ typedef enum { GPGME_ENCRYPT_ALWAYS_TRUST = 1, GPGME_ENCRYPT_NO_ENCRYPT_TO = 2, GPGME_ENCRYPT_PREPARE = 4, GPGME_ENCRYPT_EXPECT_SIGN = 8, GPGME_ENCRYPT_NO_COMPRESS = 16, GPGME_ENCRYPT_SYMMETRIC = 32, GPGME_ENCRYPT_THROW_KEYIDS = 64, GPGME_ENCRYPT_WRAP = 128 } gpgme_encrypt_flags_t; /* Encrypt plaintext PLAIN within CTX for the recipients RECP and store the resulting ciphertext in CIPHER. */ gpgme_error_t gpgme_op_encrypt_start (gpgme_ctx_t ctx, gpgme_key_t recp[], gpgme_encrypt_flags_t flags, gpgme_data_t plain, gpgme_data_t cipher); gpgme_error_t gpgme_op_encrypt (gpgme_ctx_t ctx, gpgme_key_t recp[], gpgme_encrypt_flags_t flags, gpgme_data_t plain, gpgme_data_t cipher); /* Encrypt plaintext PLAIN within CTX for the recipients RECP and store the resulting ciphertext in CIPHER. Also sign the ciphertext with the signers in CTX. */ gpgme_error_t gpgme_op_encrypt_sign_start (gpgme_ctx_t ctx, gpgme_key_t recp[], gpgme_encrypt_flags_t flags, gpgme_data_t plain, gpgme_data_t cipher); gpgme_error_t gpgme_op_encrypt_sign (gpgme_ctx_t ctx, gpgme_key_t recp[], gpgme_encrypt_flags_t flags, gpgme_data_t plain, gpgme_data_t cipher); /* * Decryption. */ /* An object to hold information about a recipient. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_recipient { struct _gpgme_recipient *next; /* The key ID of key for which the text was encrypted. */ char *keyid; /* Internal to GPGME, do not use. */ char _keyid[16 + 1]; /* The public key algorithm of the recipient key. */ gpgme_pubkey_algo_t pubkey_algo; /* The status of the recipient. */ gpgme_error_t status; }; typedef struct _gpgme_recipient *gpgme_recipient_t; /* An object to return results from a decryption operation. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_op_decrypt_result { char *unsupported_algorithm; /* Key should not have been used for encryption. */ unsigned int wrong_key_usage : 1; + /* True if the message was encrypted in compliance to the de-vs + * mode. */ + unsigned int is_de_vs : 1; + /* Internal to GPGME, do not use. */ - int _unused : 31; + int _unused : 30; gpgme_recipient_t recipients; /* The original file name of the plaintext message, if available. */ char *file_name; /* A textual representation of the session key used to decrypt the * message, if available */ char *session_key; }; typedef struct _gpgme_op_decrypt_result *gpgme_decrypt_result_t; /* Retrieve a pointer to the result of the decrypt operation. */ gpgme_decrypt_result_t gpgme_op_decrypt_result (gpgme_ctx_t ctx); /* The valid decryption flags. */ typedef enum { GPGME_DECRYPT_VERIFY = 1, GPGME_DECRYPT_UNWRAP = 128 } gpgme_decrypt_flags_t; /* Decrypt ciphertext CIPHER within CTX and store the resulting plaintext in PLAIN. */ gpgme_error_t gpgme_op_decrypt_start (gpgme_ctx_t ctx, gpgme_data_t cipher, gpgme_data_t plain); gpgme_error_t gpgme_op_decrypt (gpgme_ctx_t ctx, gpgme_data_t cipher, gpgme_data_t plain); /* Decrypt ciphertext CIPHER and make a signature verification within CTX and store the resulting plaintext in PLAIN. */ gpgme_error_t gpgme_op_decrypt_verify_start (gpgme_ctx_t ctx, gpgme_data_t cipher, gpgme_data_t plain); gpgme_error_t gpgme_op_decrypt_verify (gpgme_ctx_t ctx, gpgme_data_t cipher, gpgme_data_t plain); /* Decrypt ciphertext CIPHER within CTX and store the resulting * plaintext in PLAIN. With the flag GPGME_DECRYPT_VERIFY also do a * signature verification pn the plaintext. */ gpgme_error_t gpgme_op_decrypt_ext_start (gpgme_ctx_t ctx, gpgme_decrypt_flags_t flags, gpgme_data_t cipher, gpgme_data_t plain); gpgme_error_t gpgme_op_decrypt_ext (gpgme_ctx_t ctx, gpgme_decrypt_flags_t flags, gpgme_data_t cipher, gpgme_data_t plain); /* * Signing. */ /* An object with signatures data. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_new_signature { struct _gpgme_new_signature *next; /* The type of the signature. */ gpgme_sig_mode_t type; /* The public key algorithm used to create the signature. */ gpgme_pubkey_algo_t pubkey_algo; /* The hash algorithm used to create the signature. */ gpgme_hash_algo_t hash_algo; /* Internal to GPGME, do not use. Must be set to the same value as CLASS below. */ unsigned long _obsolete_class; /* Signature creation time. */ long int timestamp; /* The fingerprint of the signature. */ char *fpr; #ifdef __cplusplus unsigned int _obsolete_class_2; #else /* Must be set to SIG_CLASS below. */ unsigned int class _GPGME_DEPRECATED_OUTSIDE_GPGME(0,4); #endif /* Crypto backend specific signature class. */ unsigned int sig_class; }; typedef struct _gpgme_new_signature *gpgme_new_signature_t; /* An object to return results from a signing operation. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_op_sign_result { /* The list of invalid signers. */ gpgme_invalid_key_t invalid_signers; gpgme_new_signature_t signatures; }; typedef struct _gpgme_op_sign_result *gpgme_sign_result_t; /* Retrieve a pointer to the result of the signing operation. */ gpgme_sign_result_t gpgme_op_sign_result (gpgme_ctx_t ctx); /* Sign the plaintext PLAIN and store the signature in SIG. */ gpgme_error_t gpgme_op_sign_start (gpgme_ctx_t ctx, gpgme_data_t plain, gpgme_data_t sig, gpgme_sig_mode_t mode); gpgme_error_t gpgme_op_sign (gpgme_ctx_t ctx, gpgme_data_t plain, gpgme_data_t sig, gpgme_sig_mode_t mode); /* * Verify. */ /* Flags used for the SUMMARY field in a gpgme_signature_t. */ typedef enum { GPGME_SIGSUM_VALID = 0x0001, /* The signature is fully valid. */ GPGME_SIGSUM_GREEN = 0x0002, /* The signature is good. */ GPGME_SIGSUM_RED = 0x0004, /* The signature is bad. */ GPGME_SIGSUM_KEY_REVOKED = 0x0010, /* One key has been revoked. */ GPGME_SIGSUM_KEY_EXPIRED = 0x0020, /* One key has expired. */ GPGME_SIGSUM_SIG_EXPIRED = 0x0040, /* The signature has expired. */ GPGME_SIGSUM_KEY_MISSING = 0x0080, /* Can't verify: key missing. */ GPGME_SIGSUM_CRL_MISSING = 0x0100, /* CRL not available. */ GPGME_SIGSUM_CRL_TOO_OLD = 0x0200, /* Available CRL is too old. */ GPGME_SIGSUM_BAD_POLICY = 0x0400, /* A policy was not met. */ GPGME_SIGSUM_SYS_ERROR = 0x0800, /* A system error occurred. */ GPGME_SIGSUM_TOFU_CONFLICT=0x1000 /* Tofu conflict detected. */ } gpgme_sigsum_t; /* An object to hold the verification status of a signature. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_signature { struct _gpgme_signature *next; /* A summary of the signature status. */ gpgme_sigsum_t summary; /* The fingerprint of the signature. This can be a subkey. */ char *fpr; /* The status of the signature. */ gpgme_error_t status; /* Notation data and policy URLs. */ gpgme_sig_notation_t notations; /* Signature creation time. */ unsigned long timestamp; /* Signature expiration time or 0. */ unsigned long exp_timestamp; /* Key should not have been used for signing. */ unsigned int wrong_key_usage : 1; /* PKA status: 0 = not available, 1 = bad, 2 = okay, 3 = RFU. */ unsigned int pka_trust : 2; /* Validity has been verified using the chain model. */ unsigned int chain_model : 1; + /* True if the signature is in compliance to the de-vs mode. */ + unsigned int is_de_vs : 1; + /* Internal to GPGME, do not use. */ - int _unused : 28; + int _unused : 27; gpgme_validity_t validity; gpgme_error_t validity_reason; /* The public key algorithm used to create the signature. */ gpgme_pubkey_algo_t pubkey_algo; /* The hash algorithm used to create the signature. */ gpgme_hash_algo_t hash_algo; /* The mailbox from the PKA information or NULL. */ char *pka_address; /* If non-NULL, a possible incomplete key object with the data * available for the signature. */ gpgme_key_t key; }; typedef struct _gpgme_signature *gpgme_signature_t; /* An object to return the results of a verify operation. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_op_verify_result { gpgme_signature_t signatures; /* The original file name of the plaintext message, if available. */ char *file_name; }; typedef struct _gpgme_op_verify_result *gpgme_verify_result_t; /* Retrieve a pointer to the result of the verify operation. */ gpgme_verify_result_t gpgme_op_verify_result (gpgme_ctx_t ctx); /* Verify within CTX that SIG is a valid signature for TEXT. */ gpgme_error_t gpgme_op_verify_start (gpgme_ctx_t ctx, gpgme_data_t sig, gpgme_data_t signed_text, gpgme_data_t plaintext); gpgme_error_t gpgme_op_verify (gpgme_ctx_t ctx, gpgme_data_t sig, gpgme_data_t signed_text, gpgme_data_t plaintext); /* * Import/Export */ #define GPGME_IMPORT_NEW 1 /* The key was new. */ #define GPGME_IMPORT_UID 2 /* The key contained new user IDs. */ #define GPGME_IMPORT_SIG 4 /* The key contained new signatures. */ #define GPGME_IMPORT_SUBKEY 8 /* The key contained new sub keys. */ #define GPGME_IMPORT_SECRET 16 /* The key contained a secret key. */ /* An object to hold results for one imported key. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_import_status { struct _gpgme_import_status *next; /* Fingerprint. */ char *fpr; /* If a problem occurred, the reason why the key could not be imported. Otherwise GPGME_No_Error. */ gpgme_error_t result; /* The result of the import, the GPGME_IMPORT_* values bit-wise ORed. 0 means the key was already known and no new components have been added. */ unsigned int status; }; typedef struct _gpgme_import_status *gpgme_import_status_t; /* Import result object. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_op_import_result { /* Number of considered keys. */ int considered; /* Keys without user ID. */ int no_user_id; /* Imported keys. */ int imported; /* Imported RSA keys. */ int imported_rsa; /* Unchanged keys. */ int unchanged; /* Number of new user ids. */ int new_user_ids; /* Number of new sub keys. */ int new_sub_keys; /* Number of new signatures. */ int new_signatures; /* Number of new revocations. */ int new_revocations; /* Number of secret keys read. */ int secret_read; /* Number of secret keys imported. */ int secret_imported; /* Number of secret keys unchanged. */ int secret_unchanged; /* Number of new keys skipped. */ int skipped_new_keys; /* Number of keys not imported. */ int not_imported; /* List of keys for which an import was attempted. */ gpgme_import_status_t imports; }; typedef struct _gpgme_op_import_result *gpgme_import_result_t; /* Retrieve a pointer to the result of the import operation. */ gpgme_import_result_t gpgme_op_import_result (gpgme_ctx_t ctx); /* Import the key in KEYDATA into the keyring. */ gpgme_error_t gpgme_op_import_start (gpgme_ctx_t ctx, gpgme_data_t keydata); gpgme_error_t gpgme_op_import (gpgme_ctx_t ctx, gpgme_data_t keydata); /* Import the keys from the array KEYS into the keyring. */ gpgme_error_t gpgme_op_import_keys_start (gpgme_ctx_t ctx, gpgme_key_t keys[]); gpgme_error_t gpgme_op_import_keys (gpgme_ctx_t ctx, gpgme_key_t keys[]); /* Export the keys found by PATTERN into KEYDATA. */ gpgme_error_t gpgme_op_export_start (gpgme_ctx_t ctx, const char *pattern, gpgme_export_mode_t mode, gpgme_data_t keydata); gpgme_error_t gpgme_op_export (gpgme_ctx_t ctx, const char *pattern, gpgme_export_mode_t mode, gpgme_data_t keydata); gpgme_error_t gpgme_op_export_ext_start (gpgme_ctx_t ctx, const char *pattern[], gpgme_export_mode_t mode, gpgme_data_t keydata); gpgme_error_t gpgme_op_export_ext (gpgme_ctx_t ctx, const char *pattern[], gpgme_export_mode_t mode, gpgme_data_t keydata); /* Export the keys from the array KEYS into KEYDATA. */ gpgme_error_t gpgme_op_export_keys_start (gpgme_ctx_t ctx, gpgme_key_t keys[], gpgme_export_mode_t mode, gpgme_data_t keydata); gpgme_error_t gpgme_op_export_keys (gpgme_ctx_t ctx, gpgme_key_t keys[], gpgme_export_mode_t mode, gpgme_data_t keydata); /* * Key generation. */ /* Flags for the key creation functions. */ #define GPGME_CREATE_SIGN (1 << 0) /* Allow usage: signing. */ #define GPGME_CREATE_ENCR (1 << 1) /* Allow usage: encryption. */ #define GPGME_CREATE_CERT (1 << 2) /* Allow usage: certification. */ #define GPGME_CREATE_AUTH (1 << 3) /* Allow usage: authentication. */ #define GPGME_CREATE_NOPASSWD (1 << 7) /* Create w/o passphrase. */ #define GPGME_CREATE_SELFSIGNED (1 << 8) /* Create self-signed cert. */ #define GPGME_CREATE_NOSTORE (1 << 9) /* Do not store the key. */ #define GPGME_CREATE_WANTPUB (1 << 10) /* Return the public key. */ #define GPGME_CREATE_WANTSEC (1 << 11) /* Return the secret key. */ #define GPGME_CREATE_FORCE (1 << 12) /* Force creation. */ #define GPGME_CREATE_NOEXPIRE (1 << 13) /* Create w/o expiration. */ /* An object to return result from a key generation. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_op_genkey_result { /* A primary key was generated. */ unsigned int primary : 1; /* A sub key was generated. */ unsigned int sub : 1; /* A user id was generated. */ unsigned int uid : 1; /* Internal to GPGME, do not use. */ unsigned int _unused : 29; /* The fingerprint of the generated key. */ char *fpr; /* A memory data object with the created public key. Only set when * GPGME_CREATE_WANTPUB has been used. */ gpgme_data_t pubkey; /* A memory data object with the created secret key. Only set when * GPGME_CREATE_WANTSEC has been used. */ gpgme_data_t seckey; }; typedef struct _gpgme_op_genkey_result *gpgme_genkey_result_t; /* Generate a new keypair and add it to the keyring. PUBKEY and SECKEY should be null for now. PARMS specifies what keys should be generated. */ gpgme_error_t gpgme_op_genkey_start (gpgme_ctx_t ctx, const char *parms, gpgme_data_t pubkey, gpgme_data_t seckey); gpgme_error_t gpgme_op_genkey (gpgme_ctx_t ctx, const char *parms, gpgme_data_t pubkey, gpgme_data_t seckey); /* Generate a key pair using the modern interface. */ gpgme_error_t gpgme_op_createkey_start (gpgme_ctx_t ctx, const char *userid, const char *algo, unsigned long reserved, unsigned long expires, gpgme_key_t certkey, unsigned int flags); gpgme_error_t gpgme_op_createkey (gpgme_ctx_t ctx, const char *userid, const char *algo, unsigned long reserved, unsigned long expires, gpgme_key_t certkey, unsigned int flags); /* Add a new subkey to KEY. */ gpgme_error_t gpgme_op_createsubkey_start (gpgme_ctx_t ctx, gpgme_key_t key, const char *algo, unsigned long reserved, unsigned long expires, unsigned int flags); gpgme_error_t gpgme_op_createsubkey (gpgme_ctx_t ctx, gpgme_key_t key, const char *algo, unsigned long reserved, unsigned long expires, unsigned int flags); /* Add USERID to an existing KEY. */ gpgme_error_t gpgme_op_adduid_start (gpgme_ctx_t ctx, gpgme_key_t key, const char *userid, unsigned int reserved); gpgme_error_t gpgme_op_adduid (gpgme_ctx_t ctx, gpgme_key_t key, const char *userid, unsigned int reserved); /* Revoke a USERID from a KEY. */ gpgme_error_t gpgme_op_revuid_start (gpgme_ctx_t ctx, gpgme_key_t key, const char *userid, unsigned int reserved); gpgme_error_t gpgme_op_revuid (gpgme_ctx_t ctx, gpgme_key_t key, const char *userid, unsigned int reserved); /* Set a flag on the USERID of KEY. See the manual for supported flags. */ gpgme_error_t gpgme_op_set_uid_flag_start (gpgme_ctx_t ctx, gpgme_key_t key, const char *userid, const char *name, const char *value); gpgme_error_t gpgme_op_set_uid_flag (gpgme_ctx_t ctx, gpgme_key_t key, const char *userid, const char *name, const char *value); /* Retrieve a pointer to the result of a genkey, createkey, or * createsubkey operation. */ gpgme_genkey_result_t gpgme_op_genkey_result (gpgme_ctx_t ctx); /* Delete KEY from the keyring. If ALLOW_SECRET is non-zero, secret keys are also deleted. */ gpgme_error_t gpgme_op_delete_start (gpgme_ctx_t ctx, const gpgme_key_t key, int allow_secret); gpgme_error_t gpgme_op_delete (gpgme_ctx_t ctx, const gpgme_key_t key, int allow_secret); /* * Key signing interface */ /* Flags for the key signing functions. */ #define GPGME_KEYSIGN_LOCAL (1 << 7) /* Create a local signature. */ #define GPGME_KEYSIGN_LFSEP (1 << 8) /* Indicate LF separated user ids. */ #define GPGME_KEYSIGN_NOEXPIRE (1 << 9) /* Force no expiration. */ /* Sign the USERID of KEY using the current set of signers. */ gpgme_error_t gpgme_op_keysign_start (gpgme_ctx_t ctx, gpgme_key_t key, const char *userid, unsigned long expires, unsigned int flags); gpgme_error_t gpgme_op_keysign (gpgme_ctx_t ctx, gpgme_key_t key, const char *userid, unsigned long expires, unsigned int flags); /* * Key edit interface */ /* Flags to select the mode of the interact. */ #define GPGME_INTERACT_CARD (1 << 0) /* Use --card-edit mode. */ /* Edit the KEY. Send status and command requests to FNC and output of edit commands to OUT. */ gpgme_error_t gpgme_op_interact_start (gpgme_ctx_t ctx, gpgme_key_t key, unsigned int flags, gpgme_interact_cb_t fnc, void *fnc_value, gpgme_data_t out); gpgme_error_t gpgme_op_interact (gpgme_ctx_t ctx, gpgme_key_t key, unsigned int flags, gpgme_interact_cb_t fnc, void *fnc_value, gpgme_data_t out); /* Set the Tofu policy of KEY to POLCIY. */ gpgme_error_t gpgme_op_tofu_policy_start (gpgme_ctx_t ctx, gpgme_key_t key, gpgme_tofu_policy_t policy); gpgme_error_t gpgme_op_tofu_policy (gpgme_ctx_t ctx, gpgme_key_t key, gpgme_tofu_policy_t policy); /* * Key listing */ /* An object to return results from a key listing operation. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_op_keylist_result { unsigned int truncated : 1; /* Internal to GPGME, do not use. */ unsigned int _unused : 31; }; typedef struct _gpgme_op_keylist_result *gpgme_keylist_result_t; /* Retrieve a pointer to the result of the key listing operation. */ gpgme_keylist_result_t gpgme_op_keylist_result (gpgme_ctx_t ctx); /* Start a keylist operation within CTX, searching for keys which * match PATTERN. If SECRET_ONLY is true, only secret keys are * returned. */ gpgme_error_t gpgme_op_keylist_start (gpgme_ctx_t ctx, const char *pattern, int secret_only); gpgme_error_t gpgme_op_keylist_ext_start (gpgme_ctx_t ctx, const char *pattern[], int secret_only, int reserved); /* List the keys contained in DATA. */ gpgme_error_t gpgme_op_keylist_from_data_start (gpgme_ctx_t ctx, gpgme_data_t data, int reserved); /* Return the next key from the keylist in R_KEY. */ gpgme_error_t gpgme_op_keylist_next (gpgme_ctx_t ctx, gpgme_key_t *r_key); /* Terminate a pending keylist operation within CTX. */ gpgme_error_t gpgme_op_keylist_end (gpgme_ctx_t ctx); /* * Protecting keys */ /* Change the passphrase for KEY. FLAGS is reserved for future use and must be passed as 0. */ gpgme_error_t gpgme_op_passwd_start (gpgme_ctx_t ctx, gpgme_key_t key, unsigned int flags); gpgme_error_t gpgme_op_passwd (gpgme_ctx_t ctx, gpgme_key_t key, unsigned int flags); /* * Trust items and operations. */ /* An object to hold data of a trust item. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_trust_item { /* Internal to GPGME, do not use. */ unsigned int _refs; /* The key ID to which the trust item belongs. */ char *keyid; /* Internal to GPGME, do not use. */ char _keyid[16 + 1]; /* The type of the trust item, 1 refers to a key, 2 to a user ID. */ int type; /* The trust level. */ int level; /* The owner trust if TYPE is 1. */ char *owner_trust; /* Internal to GPGME, do not use. */ char _owner_trust[2]; /* The calculated validity. */ char *validity; /* Internal to GPGME, do not use. */ char _validity[2]; /* The user name if TYPE is 2. */ char *name; }; typedef struct _gpgme_trust_item *gpgme_trust_item_t; /* Start a trustlist operation within CTX, searching for trust items which match PATTERN. */ gpgme_error_t gpgme_op_trustlist_start (gpgme_ctx_t ctx, const char *pattern, int max_level); /* Return the next trust item from the trustlist in R_ITEM. */ gpgme_error_t gpgme_op_trustlist_next (gpgme_ctx_t ctx, gpgme_trust_item_t *r_item); /* Terminate a pending trustlist operation within CTX. */ gpgme_error_t gpgme_op_trustlist_end (gpgme_ctx_t ctx); /* Acquire a reference to ITEM. */ void gpgme_trust_item_ref (gpgme_trust_item_t item); /* Release a reference to ITEM. If this was the last one the trust item is destroyed. */ void gpgme_trust_item_unref (gpgme_trust_item_t item); /* * Audit log */ /* Return the auditlog for the current session. This may be called after a successful or failed operation. If no audit log is available GPG_ERR_NO_DATA is returned. */ gpgme_error_t gpgme_op_getauditlog_start (gpgme_ctx_t ctx, gpgme_data_t output, unsigned int flags); gpgme_error_t gpgme_op_getauditlog (gpgme_ctx_t ctx, gpgme_data_t output, unsigned int flags); /* * Spawn interface */ /* Flags for the spawn operations. */ #define GPGME_SPAWN_DETACHED 1 #define GPGME_SPAWN_ALLOW_SET_FG 2 /* Run the command FILE with the arguments in ARGV. Connect stdin to DATAIN, stdout to DATAOUT, and STDERR to DATAERR. If one the data streams is NULL, connect to /dev/null instead. */ gpgme_error_t gpgme_op_spawn_start (gpgme_ctx_t ctx, const char *file, const char *argv[], gpgme_data_t datain, gpgme_data_t dataout, gpgme_data_t dataerr, unsigned int flags); gpgme_error_t gpgme_op_spawn (gpgme_ctx_t ctx, const char *file, const char *argv[], gpgme_data_t datain, gpgme_data_t dataout, gpgme_data_t dataerr, unsigned int flags); /* * Low-level Assuan protocol access. */ typedef gpgme_error_t (*gpgme_assuan_data_cb_t) (void *opaque, const void *data, size_t datalen); typedef gpgme_error_t (*gpgme_assuan_inquire_cb_t) (void *opaque, const char *name, const char *args, gpgme_data_t *r_data); typedef gpgme_error_t (*gpgme_assuan_status_cb_t) (void *opaque, const char *status, const char *args); /* Send the Assuan COMMAND and return results via the callbacks. Asynchronous variant. */ gpgme_error_t gpgme_op_assuan_transact_start (gpgme_ctx_t ctx, const char *command, gpgme_assuan_data_cb_t data_cb, void *data_cb_value, gpgme_assuan_inquire_cb_t inq_cb, void *inq_cb_value, gpgme_assuan_status_cb_t stat_cb, void *stat_cb_value); /* Send the Assuan COMMAND and return results via the callbacks. Synchronous variant. */ gpgme_error_t gpgme_op_assuan_transact_ext (gpgme_ctx_t ctx, const char *command, gpgme_assuan_data_cb_t data_cb, void *data_cb_value, gpgme_assuan_inquire_cb_t inq_cb, void *inq_cb_value, gpgme_assuan_status_cb_t stat_cb, void *stat_cb_value, gpgme_error_t *op_err); /* * Crypto container support. */ /* An object to return results from a VFS mount operation. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_op_vfs_mount_result { char *mount_dir; }; typedef struct _gpgme_op_vfs_mount_result *gpgme_vfs_mount_result_t; gpgme_vfs_mount_result_t gpgme_op_vfs_mount_result (gpgme_ctx_t ctx); /* The container is automatically unmounted when the context is reset or destroyed. Transmission errors are returned directly, operational errors are returned in OP_ERR. */ gpgme_error_t gpgme_op_vfs_mount (gpgme_ctx_t ctx, const char *container_file, const char *mount_dir, unsigned int flags, gpgme_error_t *op_err); gpgme_error_t gpgme_op_vfs_create (gpgme_ctx_t ctx, gpgme_key_t recp[], const char *container_file, unsigned int flags, gpgme_error_t *op_err); /* * Interface to gpgconf(1). */ /* The expert level at which a configuration option or group of options should be displayed. See the gpgconf(1) documentation for more details. */ typedef enum { GPGME_CONF_BASIC = 0, GPGME_CONF_ADVANCED = 1, GPGME_CONF_EXPERT = 2, GPGME_CONF_INVISIBLE = 3, GPGME_CONF_INTERNAL = 4 } gpgme_conf_level_t; /* The data type of a configuration option argument. See the gpgconf(1) documentation for more details. */ typedef enum { /* Basic types. */ GPGME_CONF_NONE = 0, GPGME_CONF_STRING = 1, GPGME_CONF_INT32 = 2, GPGME_CONF_UINT32 = 3, /* Complex types. */ GPGME_CONF_FILENAME = 32, GPGME_CONF_LDAP_SERVER = 33, GPGME_CONF_KEY_FPR = 34, GPGME_CONF_PUB_KEY = 35, GPGME_CONF_SEC_KEY = 36, GPGME_CONF_ALIAS_LIST = 37 } gpgme_conf_type_t; /* For now, compatibility. */ #define GPGME_CONF_PATHNAME GPGME_CONF_FILENAME /* This represents a single argument for a configuration option. Which of the members of value is used depends on the ALT_TYPE. */ typedef struct gpgme_conf_arg { struct gpgme_conf_arg *next; /* True if the option appears without an (optional) argument. */ unsigned int no_arg; union { unsigned int count; unsigned int uint32; int int32; char *string; } value; } *gpgme_conf_arg_t; /* The flags of a configuration option. See the gpgconf documentation for details. */ #define GPGME_CONF_GROUP (1 << 0) #define GPGME_CONF_OPTIONAL (1 << 1) #define GPGME_CONF_LIST (1 << 2) #define GPGME_CONF_RUNTIME (1 << 3) #define GPGME_CONF_DEFAULT (1 << 4) #define GPGME_CONF_DEFAULT_DESC (1 << 5) #define GPGME_CONF_NO_ARG_DESC (1 << 6) #define GPGME_CONF_NO_CHANGE (1 << 7) /* The representation of a single configuration option. See the gpg-conf documentation for details. */ typedef struct gpgme_conf_opt { struct gpgme_conf_opt *next; /* The option name. */ char *name; /* The flags for this option. */ unsigned int flags; /* The level of this option. */ gpgme_conf_level_t level; /* The localized description of this option. */ char *description; /* The type and alternate type of this option. */ gpgme_conf_type_t type; gpgme_conf_type_t alt_type; /* The localized (short) name of the argument, if any. */ char *argname; /* The default value. */ gpgme_conf_arg_t default_value; char *default_description; /* The default value if the option is not set. */ gpgme_conf_arg_t no_arg_value; char *no_arg_description; /* The current value if the option is set. */ gpgme_conf_arg_t value; /* The new value, if any. NULL means reset to default. */ int change_value; gpgme_conf_arg_t new_value; /* Free for application use. */ void *user_data; } *gpgme_conf_opt_t; /* The representation of a component that can be configured. See the gpg-conf documentation for details. */ typedef struct gpgme_conf_comp { struct gpgme_conf_comp *next; /* Internal to GPGME, do not use! */ gpgme_conf_opt_t *_last_opt_p; /* The component name. */ char *name; /* A human-readable description for the component. */ char *description; /* The program name (an absolute path to the program). */ char *program_name; /* A linked list of options for this component. */ struct gpgme_conf_opt *options; } *gpgme_conf_comp_t; /* Allocate a new gpgme_conf_arg_t. If VALUE is NULL, a "no arg default" is prepared. If type is a string type, VALUE should point to the string. Else, it should point to an unsigned or signed integer respectively. */ gpgme_error_t gpgme_conf_arg_new (gpgme_conf_arg_t *arg_p, gpgme_conf_type_t type, const void *value); /* This also releases all chained argument structures! */ void gpgme_conf_arg_release (gpgme_conf_arg_t arg, gpgme_conf_type_t type); /* Register a change for the value of OPT to ARG. If RESET is 1 (do not use any values but 0 or 1), ARG is ignored and the option is not changed (reverting a previous change). Otherwise, if ARG is NULL, the option is cleared or reset to its default. The change is done with gpgconf's --runtime option to immediately take effect. */ gpgme_error_t gpgme_conf_opt_change (gpgme_conf_opt_t opt, int reset, gpgme_conf_arg_t arg); /* Release a set of configurations. */ void gpgme_conf_release (gpgme_conf_comp_t conf); /* Retrieve the current configurations. */ gpgme_error_t gpgme_op_conf_load (gpgme_ctx_t ctx, gpgme_conf_comp_t *conf_p); /* Save the configuration of component comp. This function does not follow chained components! */ gpgme_error_t gpgme_op_conf_save (gpgme_ctx_t ctx, gpgme_conf_comp_t comp); /* Information about software versions. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ typedef struct _gpgme_op_query_swdb_result { /* RFU */ struct _gpgme_op_query_swdb_result *next; /* The name of the package (e.g. "gpgme", "gnupg") */ char *name; /* The version number of the installed version. */ char *iversion; /* The time the online info was created. */ unsigned long created; /* The time the online info was retrieved. */ unsigned long retrieved; /* This bit is set if an error occured or some of the information * in this structure may not be set. */ unsigned int warning : 1; /* An update is available. */ unsigned int update : 1; /* The update is important. */ unsigned int urgent : 1; /* No information at all available. */ unsigned int noinfo : 1; /* The package name is not known. */ unsigned int unknown : 1; /* The information here is too old. */ unsigned int tooold : 1; /* Other error. */ unsigned int error : 1; unsigned int _reserved : 25; /* The version number of the latest released version. */ char *version; /* The release date of that version. */ unsigned long reldate; } *gpgme_query_swdb_result_t; /* Run the gpgconf --query-swdb command. */ gpgme_error_t gpgme_op_query_swdb (gpgme_ctx_t ctx, const char *name, const char *iversion, unsigned int reserved); /* Return the result from the last query_swdb operation. */ gpgme_query_swdb_result_t gpgme_op_query_swdb_result (gpgme_ctx_t ctx); /* * Various functions. */ /* Set special global flags; consult the manual before use. */ int gpgme_set_global_flag (const char *name, const char *value); /* Check that the library fulfills the version requirement. Note: This is here only for the case where a user takes a pointer from the old version of this function. The new version and macro for run-time checks are below. */ const char *gpgme_check_version (const char *req_version); /* Check that the library fulfills the version requirement and check for struct layout mismatch involving bitfields. */ const char *gpgme_check_version_internal (const char *req_version, size_t offset_sig_validity); #define gpgme_check_version(req_version) \ gpgme_check_version_internal (req_version, \ offsetof (struct _gpgme_signature, validity)) /* Return the default values for various directories. */ const char *gpgme_get_dirinfo (const char *what); /* Get the information about the configured and installed engines. A pointer to the first engine in the statically allocated linked list is returned in *INFO. If an error occurs, it is returned. The returned data is valid until the next gpgme_set_engine_info. */ gpgme_error_t gpgme_get_engine_info (gpgme_engine_info_t *engine_info); /* Set the default engine info for the protocol PROTO to the file name FILE_NAME and the home directory HOME_DIR. */ gpgme_error_t gpgme_set_engine_info (gpgme_protocol_t proto, const char *file_name, const char *home_dir); /* Verify that the engine implementing PROTO is installed and available. */ gpgme_error_t gpgme_engine_check_version (gpgme_protocol_t proto); /* Reference counting for result objects. */ void gpgme_result_ref (void *result); void gpgme_result_unref (void *result); /* Return a public key algorithm string (e.g. "rsa2048"). Caller must free using gpgme_free. */ char *gpgme_pubkey_algo_string (gpgme_subkey_t subkey); /* Return a statically allocated string with the name of the public key algorithm ALGO, or NULL if that name is not known. */ const char *gpgme_pubkey_algo_name (gpgme_pubkey_algo_t algo); /* Return a statically allocated string with the name of the hash algorithm ALGO, or NULL if that name is not known. */ const char *gpgme_hash_algo_name (gpgme_hash_algo_t algo); /* Return the addr-spec from a user id. Caller must free the result * with gpgme_free. */ char *gpgme_addrspec_from_uid (const char *uid); /* * Deprecated types, constants and functions. */ /* The possible stati for gpgme_op_edit. The use of that function and * these status codes are deprecated in favor of gpgme_op_interact. */ typedef enum { GPGME_STATUS_EOF = 0, /* mkstatus processing starts here */ GPGME_STATUS_ENTER = 1, GPGME_STATUS_LEAVE = 2, GPGME_STATUS_ABORT = 3, GPGME_STATUS_GOODSIG = 4, GPGME_STATUS_BADSIG = 5, GPGME_STATUS_ERRSIG = 6, GPGME_STATUS_BADARMOR = 7, GPGME_STATUS_RSA_OR_IDEA = 8, /* (legacy) */ GPGME_STATUS_KEYEXPIRED = 9, GPGME_STATUS_KEYREVOKED = 10, GPGME_STATUS_TRUST_UNDEFINED = 11, GPGME_STATUS_TRUST_NEVER = 12, GPGME_STATUS_TRUST_MARGINAL = 13, GPGME_STATUS_TRUST_FULLY = 14, GPGME_STATUS_TRUST_ULTIMATE = 15, GPGME_STATUS_SHM_INFO = 16, /* (legacy) */ GPGME_STATUS_SHM_GET = 17, /* (legacy) */ GPGME_STATUS_SHM_GET_BOOL = 18, /* (legacy) */ GPGME_STATUS_SHM_GET_HIDDEN = 19, /* (legacy) */ GPGME_STATUS_NEED_PASSPHRASE = 20, GPGME_STATUS_VALIDSIG = 21, GPGME_STATUS_SIG_ID = 22, GPGME_STATUS_ENC_TO = 23, GPGME_STATUS_NODATA = 24, GPGME_STATUS_BAD_PASSPHRASE = 25, GPGME_STATUS_NO_PUBKEY = 26, GPGME_STATUS_NO_SECKEY = 27, GPGME_STATUS_NEED_PASSPHRASE_SYM = 28, GPGME_STATUS_DECRYPTION_FAILED = 29, GPGME_STATUS_DECRYPTION_OKAY = 30, GPGME_STATUS_MISSING_PASSPHRASE = 31, GPGME_STATUS_GOOD_PASSPHRASE = 32, GPGME_STATUS_GOODMDC = 33, GPGME_STATUS_BADMDC = 34, GPGME_STATUS_ERRMDC = 35, GPGME_STATUS_IMPORTED = 36, GPGME_STATUS_IMPORT_OK = 37, GPGME_STATUS_IMPORT_PROBLEM = 38, GPGME_STATUS_IMPORT_RES = 39, GPGME_STATUS_FILE_START = 40, GPGME_STATUS_FILE_DONE = 41, GPGME_STATUS_FILE_ERROR = 42, GPGME_STATUS_BEGIN_DECRYPTION = 43, GPGME_STATUS_END_DECRYPTION = 44, GPGME_STATUS_BEGIN_ENCRYPTION = 45, GPGME_STATUS_END_ENCRYPTION = 46, GPGME_STATUS_DELETE_PROBLEM = 47, GPGME_STATUS_GET_BOOL = 48, GPGME_STATUS_GET_LINE = 49, GPGME_STATUS_GET_HIDDEN = 50, GPGME_STATUS_GOT_IT = 51, GPGME_STATUS_PROGRESS = 52, GPGME_STATUS_SIG_CREATED = 53, GPGME_STATUS_SESSION_KEY = 54, GPGME_STATUS_NOTATION_NAME = 55, GPGME_STATUS_NOTATION_DATA = 56, GPGME_STATUS_POLICY_URL = 57, GPGME_STATUS_BEGIN_STREAM = 58, /* (legacy) */ GPGME_STATUS_END_STREAM = 59, /* (legacy) */ GPGME_STATUS_KEY_CREATED = 60, GPGME_STATUS_USERID_HINT = 61, GPGME_STATUS_UNEXPECTED = 62, GPGME_STATUS_INV_RECP = 63, GPGME_STATUS_NO_RECP = 64, GPGME_STATUS_ALREADY_SIGNED = 65, GPGME_STATUS_SIGEXPIRED = 66, /* (legacy) */ GPGME_STATUS_EXPSIG = 67, GPGME_STATUS_EXPKEYSIG = 68, GPGME_STATUS_TRUNCATED = 69, GPGME_STATUS_ERROR = 70, GPGME_STATUS_NEWSIG = 71, GPGME_STATUS_REVKEYSIG = 72, GPGME_STATUS_SIG_SUBPACKET = 73, GPGME_STATUS_NEED_PASSPHRASE_PIN = 74, GPGME_STATUS_SC_OP_FAILURE = 75, GPGME_STATUS_SC_OP_SUCCESS = 76, GPGME_STATUS_CARDCTRL = 77, GPGME_STATUS_BACKUP_KEY_CREATED = 78, GPGME_STATUS_PKA_TRUST_BAD = 79, GPGME_STATUS_PKA_TRUST_GOOD = 80, GPGME_STATUS_PLAINTEXT = 81, GPGME_STATUS_INV_SGNR = 82, GPGME_STATUS_NO_SGNR = 83, GPGME_STATUS_SUCCESS = 84, GPGME_STATUS_DECRYPTION_INFO = 85, GPGME_STATUS_PLAINTEXT_LENGTH = 86, GPGME_STATUS_MOUNTPOINT = 87, GPGME_STATUS_PINENTRY_LAUNCHED = 88, GPGME_STATUS_ATTRIBUTE = 89, GPGME_STATUS_BEGIN_SIGNING = 90, GPGME_STATUS_KEY_NOT_CREATED = 91, GPGME_STATUS_INQUIRE_MAXLEN = 92, GPGME_STATUS_FAILURE = 93, GPGME_STATUS_KEY_CONSIDERED = 94, GPGME_STATUS_TOFU_USER = 95, GPGME_STATUS_TOFU_STATS = 96, GPGME_STATUS_TOFU_STATS_LONG = 97, - GPGME_STATUS_NOTATION_FLAGS = 98 + GPGME_STATUS_NOTATION_FLAGS = 98, + GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE = 99, + GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE = 100 } gpgme_status_code_t; /* The callback type used by the deprecated functions gpgme_op_edit * and gpgme_op_card_edit. */ typedef gpgme_error_t (*gpgme_edit_cb_t) (void *opaque, gpgme_status_code_t status, const char *args, int fd); gpgme_error_t gpgme_op_edit_start (gpgme_ctx_t ctx, gpgme_key_t key, gpgme_edit_cb_t fnc, void *fnc_value, gpgme_data_t out) _GPGME_DEPRECATED(1,7); gpgme_error_t gpgme_op_edit (gpgme_ctx_t ctx, gpgme_key_t key, gpgme_edit_cb_t fnc, void *fnc_value, gpgme_data_t out) _GPGME_DEPRECATED(1,7); gpgme_error_t gpgme_op_card_edit_start (gpgme_ctx_t ctx, gpgme_key_t key, gpgme_edit_cb_t fnc, void *fnc_value, gpgme_data_t out) _GPGME_DEPRECATED(1,7); gpgme_error_t gpgme_op_card_edit (gpgme_ctx_t ctx, gpgme_key_t key, gpgme_edit_cb_t fnc, void *fnc_value, gpgme_data_t out) _GPGME_DEPRECATED(1,7); /* The possible signature stati. Deprecated, use error value in sig status. */ typedef enum { GPGME_SIG_STAT_NONE = 0, GPGME_SIG_STAT_GOOD = 1, GPGME_SIG_STAT_BAD = 2, GPGME_SIG_STAT_NOKEY = 3, GPGME_SIG_STAT_NOSIG = 4, GPGME_SIG_STAT_ERROR = 5, GPGME_SIG_STAT_DIFF = 6, GPGME_SIG_STAT_GOOD_EXP = 7, GPGME_SIG_STAT_GOOD_EXPKEY = 8 } _gpgme_sig_stat_t; typedef _gpgme_sig_stat_t gpgme_sig_stat_t _GPGME_DEPRECATED(0,4); /* The available key and signature attributes. Deprecated, use the individual result structures instead. */ typedef enum { GPGME_ATTR_KEYID = 1, GPGME_ATTR_FPR = 2, GPGME_ATTR_ALGO = 3, GPGME_ATTR_LEN = 4, GPGME_ATTR_CREATED = 5, GPGME_ATTR_EXPIRE = 6, GPGME_ATTR_OTRUST = 7, GPGME_ATTR_USERID = 8, GPGME_ATTR_NAME = 9, GPGME_ATTR_EMAIL = 10, GPGME_ATTR_COMMENT = 11, GPGME_ATTR_VALIDITY = 12, GPGME_ATTR_LEVEL = 13, GPGME_ATTR_TYPE = 14, GPGME_ATTR_IS_SECRET = 15, GPGME_ATTR_KEY_REVOKED = 16, GPGME_ATTR_KEY_INVALID = 17, GPGME_ATTR_UID_REVOKED = 18, GPGME_ATTR_UID_INVALID = 19, GPGME_ATTR_KEY_CAPS = 20, GPGME_ATTR_CAN_ENCRYPT = 21, GPGME_ATTR_CAN_SIGN = 22, GPGME_ATTR_CAN_CERTIFY = 23, GPGME_ATTR_KEY_EXPIRED = 24, GPGME_ATTR_KEY_DISABLED = 25, GPGME_ATTR_SERIAL = 26, GPGME_ATTR_ISSUER = 27, GPGME_ATTR_CHAINID = 28, GPGME_ATTR_SIG_STATUS = 29, GPGME_ATTR_ERRTOK = 30, GPGME_ATTR_SIG_SUMMARY = 31, GPGME_ATTR_SIG_CLASS = 32 } _gpgme_attr_t; typedef _gpgme_attr_t gpgme_attr_t _GPGME_DEPRECATED(0,4); /* Retrieve the signature status of signature IDX in CTX after a successful verify operation in R_STAT (if non-null). The creation time stamp of the signature is returned in R_CREATED (if non-null). The function returns a string containing the fingerprint. Deprecated, use verify result directly. */ const char *gpgme_get_sig_status (gpgme_ctx_t ctx, int idx, _gpgme_sig_stat_t *r_stat, time_t *r_created) _GPGME_DEPRECATED(0,4); /* Retrieve certain attributes of a signature. IDX is the index number of the signature after a successful verify operation. WHAT is an attribute where GPGME_ATTR_EXPIRE is probably the most useful one. WHATIDX is to be passed as 0 for most attributes . */ unsigned long gpgme_get_sig_ulong_attr (gpgme_ctx_t c, int idx, _gpgme_attr_t what, int whatidx) _GPGME_DEPRECATED(0,4); const char *gpgme_get_sig_string_attr (gpgme_ctx_t c, int idx, _gpgme_attr_t what, int whatidx) _GPGME_DEPRECATED(0,4); /* Get the key used to create signature IDX in CTX and return it in R_KEY. */ gpgme_error_t gpgme_get_sig_key (gpgme_ctx_t ctx, int idx, gpgme_key_t *r_key) _GPGME_DEPRECATED(0,4); /* Create a new data buffer which retrieves the data from the callback function READ_CB. Deprecated, please use gpgme_data_new_from_cbs instead. */ gpgme_error_t gpgme_data_new_with_read_cb (gpgme_data_t *r_dh, int (*read_cb) (void*,char *, size_t,size_t*), void *read_cb_value) _GPGME_DEPRECATED(0,4); /* Return the value of the attribute WHAT of KEY, which has to be representable by a string. IDX specifies the sub key or user ID for attributes related to sub keys or user IDs. Deprecated, use key structure directly instead. */ const char *gpgme_key_get_string_attr (gpgme_key_t key, _gpgme_attr_t what, const void *reserved, int idx) _GPGME_DEPRECATED(0,4); /* Return the value of the attribute WHAT of KEY, which has to be representable by an unsigned integer. IDX specifies the sub key or user ID for attributes related to sub keys or user IDs. Deprecated, use key structure directly instead. */ unsigned long gpgme_key_get_ulong_attr (gpgme_key_t key, _gpgme_attr_t what, const void *reserved, int idx) _GPGME_DEPRECATED(0,4); /* Return the value of the attribute WHAT of a signature on user ID UID_IDX in KEY, which has to be representable by a string. IDX specifies the signature. Deprecated, use key structure directly instead. */ const char *gpgme_key_sig_get_string_attr (gpgme_key_t key, int uid_idx, _gpgme_attr_t what, const void *reserved, int idx) _GPGME_DEPRECATED(0,4); /* Return the value of the attribute WHAT of a signature on user ID UID_IDX in KEY, which has to be representable by an unsigned integer string. IDX specifies the signature. Deprecated, use key structure directly instead. */ unsigned long gpgme_key_sig_get_ulong_attr (gpgme_key_t key, int uid_idx, _gpgme_attr_t what, const void *reserved, int idx) _GPGME_DEPRECATED(0,4); gpgme_error_t gpgme_op_import_ext (gpgme_ctx_t ctx, gpgme_data_t keydata, int *nr) _GPGME_DEPRECATED(0,4); /* Release the trust item ITEM. Deprecated, use gpgme_trust_item_unref. */ void gpgme_trust_item_release (gpgme_trust_item_t item) _GPGME_DEPRECATED(0,4); /* Return the value of the attribute WHAT of ITEM, which has to be representable by a string. Deprecated, use trust item structure directly. */ const char *gpgme_trust_item_get_string_attr (gpgme_trust_item_t item, _gpgme_attr_t what, const void *reserved, int idx) _GPGME_DEPRECATED(0,4); /* Return the value of the attribute WHAT of KEY, which has to be representable by an integer. IDX specifies a running index if the attribute appears more than once in the key. Deprecated, use trust item structure directly. */ int gpgme_trust_item_get_int_attr (gpgme_trust_item_t item, _gpgme_attr_t what, const void *reserved, int idx) _GPGME_DEPRECATED(0,4); /* Compat. * This structure shall be considered read-only and an application * must not allocate such a structure on its own. */ struct _gpgme_op_assuan_result { /* Deprecated. Use the second value in a DONE event or the synchronous variant gpgme_op_assuan_transact_ext. */ gpgme_error_t err _GPGME_DEPRECATED_OUTSIDE_GPGME(1,2); }; typedef struct _gpgme_op_assuan_result *gpgme_assuan_result_t; /* Return the result of the last Assuan command. */ gpgme_assuan_result_t gpgme_op_assuan_result (gpgme_ctx_t ctx) _GPGME_DEPRECATED(1,2); gpgme_error_t gpgme_op_assuan_transact (gpgme_ctx_t ctx, const char *command, gpgme_assuan_data_cb_t data_cb, void *data_cb_value, gpgme_assuan_inquire_cb_t inq_cb, void *inq_cb_value, gpgme_assuan_status_cb_t status_cb, void *status_cb_value) _GPGME_DEPRECATED(1,2); typedef gpgme_ctx_t GpgmeCtx _GPGME_DEPRECATED(0,4); typedef gpgme_data_t GpgmeData _GPGME_DEPRECATED(0,4); typedef gpgme_error_t GpgmeError _GPGME_DEPRECATED(0,4); typedef gpgme_data_encoding_t GpgmeDataEncoding _GPGME_DEPRECATED(0,4); typedef gpgme_pubkey_algo_t GpgmePubKeyAlgo _GPGME_DEPRECATED(0,4); typedef gpgme_hash_algo_t GpgmeHashAlgo _GPGME_DEPRECATED(0,4); typedef gpgme_sig_stat_t GpgmeSigStat _GPGME_DEPRECATED(0,4); typedef gpgme_sig_mode_t GpgmeSigMode _GPGME_DEPRECATED(0,4); typedef gpgme_attr_t GpgmeAttr _GPGME_DEPRECATED(0,4); typedef gpgme_validity_t GpgmeValidity _GPGME_DEPRECATED(0,4); typedef gpgme_protocol_t GpgmeProtocol _GPGME_DEPRECATED(0,4); typedef gpgme_engine_info_t GpgmeEngineInfo _GPGME_DEPRECATED(0,4); typedef gpgme_subkey_t GpgmeSubkey _GPGME_DEPRECATED(0,4); typedef gpgme_key_sig_t GpgmeKeySig _GPGME_DEPRECATED(0,4); typedef gpgme_user_id_t GpgmeUserID _GPGME_DEPRECATED(0,4); typedef gpgme_key_t GpgmeKey _GPGME_DEPRECATED(0,4); typedef gpgme_passphrase_cb_t GpgmePassphraseCb _GPGME_DEPRECATED(0,4); typedef gpgme_progress_cb_t GpgmeProgressCb _GPGME_DEPRECATED(0,4); typedef gpgme_io_cb_t GpgmeIOCb _GPGME_DEPRECATED(0,4); typedef gpgme_register_io_cb_t GpgmeRegisterIOCb _GPGME_DEPRECATED(0,4); typedef gpgme_remove_io_cb_t GpgmeRemoveIOCb _GPGME_DEPRECATED(0,4); typedef gpgme_event_io_t GpgmeEventIO _GPGME_DEPRECATED(0,4); typedef gpgme_event_io_cb_t GpgmeEventIOCb _GPGME_DEPRECATED(0,4); #define GpgmeIOCbs gpgme_io_cbs typedef gpgme_data_read_cb_t GpgmeDataReadCb _GPGME_DEPRECATED(0,4); typedef gpgme_data_write_cb_t GpgmeDataWriteCb _GPGME_DEPRECATED(0,4); typedef gpgme_data_seek_cb_t GpgmeDataSeekCb _GPGME_DEPRECATED(0,4); typedef gpgme_data_release_cb_t GpgmeDataReleaseCb _GPGME_DEPRECATED(0,4); #define GpgmeDataCbs gpgme_data_cbs typedef gpgme_encrypt_result_t GpgmeEncryptResult _GPGME_DEPRECATED(0,4); typedef gpgme_sig_notation_t GpgmeSigNotation _GPGME_DEPRECATED(0,4); typedef gpgme_signature_t GpgmeSignature _GPGME_DEPRECATED(0,4); typedef gpgme_verify_result_t GpgmeVerifyResult _GPGME_DEPRECATED(0,4); typedef gpgme_import_status_t GpgmeImportStatus _GPGME_DEPRECATED(0,4); typedef gpgme_import_result_t GpgmeImportResult _GPGME_DEPRECATED(0,4); typedef gpgme_genkey_result_t GpgmeGenKeyResult _GPGME_DEPRECATED(0,4); typedef gpgme_trust_item_t GpgmeTrustItem _GPGME_DEPRECATED(0,4); typedef gpgme_status_code_t GpgmeStatusCode _GPGME_DEPRECATED(0,4); #ifdef __cplusplus } #endif #endif /* GPGME_H */ /* @emacs_local_vars_begin@ @emacs_local_vars_read_only@ @emacs_local_vars_end@ */ diff --git a/src/keylist.c b/src/keylist.c index e16ba4d1..5e1c61e6 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -1,1335 +1,1318 @@ /* keylist.c - Listing keys. Copyright (C) 2000 Werner Koch (dd9jn) Copyright (C) 2001, 2002, 2003, 2004, 2006, 2007, 2008, 2009 g10 Code GmbH This file is part of GPGME. GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program; if not, see . */ #if HAVE_CONFIG_H #include #endif #include #include #include #ifdef HAVE_SYS_TYPES_H /* Solaris 8 needs sys/types.h before time.h. */ # include #endif #include #include #include #include #include /* Suppress warning for accessing deprecated member "class". */ #define _GPGME_IN_GPGME #include "gpgme.h" #include "util.h" #include "context.h" #include "ops.h" #include "debug.h" struct key_queue_item_s { struct key_queue_item_s *next; gpgme_key_t key; }; typedef struct { struct _gpgme_op_keylist_result result; /* The error code from ERROR keydb_search. */ gpgme_error_t keydb_search_err; gpgme_key_t tmp_key; /* This points to the last uid in tmp_key. */ gpgme_user_id_t tmp_uid; /* This points to the last sig in tmp_uid. */ gpgme_key_sig_t tmp_keysig; /* Something new is available. */ int key_cond; struct key_queue_item_s *key_queue; } *op_data_t; static void release_op_data (void *hook) { op_data_t opd = (op_data_t) hook; struct key_queue_item_s *key = opd->key_queue; if (opd->tmp_key) gpgme_key_unref (opd->tmp_key); /* opd->tmp_uid and opd->tmp_keysig are actually part of opd->tmp_key, so we do not need to release them here. */ while (key) { struct key_queue_item_s *next = key->next; gpgme_key_unref (key->key); key = next; } } gpgme_keylist_result_t gpgme_op_keylist_result (gpgme_ctx_t ctx) { void *hook; op_data_t opd; gpgme_error_t err; TRACE_BEG (DEBUG_CTX, "gpgme_op_keylist_result", ctx); err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, -1, NULL); opd = hook; if (err || !opd) { TRACE_SUC0 ("result=(null)"); return NULL; } TRACE_LOG1 ("truncated = %i", opd->result.truncated); TRACE_SUC1 ("result=%p", &opd->result); return &opd->result; } static gpgme_error_t keylist_status_handler (void *priv, gpgme_status_code_t code, char *args) { gpgme_ctx_t ctx = (gpgme_ctx_t) priv; gpgme_error_t err; void *hook; op_data_t opd; (void)args; err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, -1, NULL); opd = hook; if (err) return err; switch (code) { case GPGME_STATUS_TRUNCATED: opd->result.truncated = 1; break; case GPGME_STATUS_ERROR: err = _gpgme_parse_failure (args); if (!opd->keydb_search_err && !strcmp (args, "keydb_search")) opd->keydb_search_err = err; err = 0; break; default: break; } return err; } static void set_subkey_trust_info (gpgme_subkey_t subkey, const char *src) { while (*src && !isdigit (*src)) { switch (*src) { case 'e': subkey->expired = 1; break; case 'r': subkey->revoked = 1; break; case 'd': /* Note that gpg 1.3 won't print that anymore but only uses the capabilities field. */ subkey->disabled = 1; break; case 'i': subkey->invalid = 1; break; } src++; } } static void set_mainkey_trust_info (gpgme_key_t key, const char *src) { /* First set the trust info of the main key (the first subkey). */ set_subkey_trust_info (key->subkeys, src); /* Now set the summarized trust info. */ while (*src && !isdigit (*src)) { switch (*src) { case 'e': key->expired = 1; break; case 'r': key->revoked = 1; break; case 'd': /* Note that gpg 1.3 won't print that anymore but only uses the capabilities field. However, it is still used for external key listings. */ key->disabled = 1; break; case 'i': key->invalid = 1; break; } src++; } } static void set_userid_flags (gpgme_key_t key, const char *src) { gpgme_user_id_t uid = key->_last_uid; assert (uid); /* Look at letters and stop at the first digit. */ while (*src && !isdigit (*src)) { switch (*src) { case 'r': uid->revoked = 1; break; case 'i': uid->invalid = 1; break; case 'n': uid->validity = GPGME_VALIDITY_NEVER; break; case 'm': uid->validity = GPGME_VALIDITY_MARGINAL; break; case 'f': uid->validity = GPGME_VALIDITY_FULL; break; case 'u': uid->validity = GPGME_VALIDITY_ULTIMATE; break; } src++; } } static void set_subkey_capability (gpgme_subkey_t subkey, const char *src) { while (*src) { switch (*src) { case 'e': subkey->can_encrypt = 1; break; case 's': subkey->can_sign = 1; break; case 'c': subkey->can_certify = 1; break; case 'a': subkey->can_authenticate = 1; break; case 'q': subkey->is_qualified = 1; break; case 'd': subkey->disabled = 1; break; } src++; } } static void set_mainkey_capability (gpgme_key_t key, const char *src) { /* First set the capabilities of the main key (the first subkey). */ set_subkey_capability (key->subkeys, src); while (*src) { switch (*src) { case 'd': case 'D': /* Note, that this flag is also set using the key validity field for backward compatibility with gpg 1.2. We use d and D, so that a future gpg version will be able to disable certain subkeys. Currently it is expected that gpg sets this for the primary key. */ key->disabled = 1; break; case 'e': case 'E': key->can_encrypt = 1; break; case 's': case 'S': key->can_sign = 1; break; case 'c': case 'C': key->can_certify = 1; break; case 'a': case 'A': key->can_authenticate = 1; break; case 'q': case 'Q': key->is_qualified = 1; break; } src++; } } static void set_ownertrust (gpgme_key_t key, const char *src) { /* Look at letters and stop at the first digit. */ while (*src && !isdigit (*src)) { switch (*src) { case 'n': key->owner_trust = GPGME_VALIDITY_NEVER; break; case 'm': key->owner_trust = GPGME_VALIDITY_MARGINAL; break; case 'f': key->owner_trust = GPGME_VALIDITY_FULL; break; case 'u': key->owner_trust = GPGME_VALIDITY_ULTIMATE; break; default: key->owner_trust = GPGME_VALIDITY_UNKNOWN; break; } src++; } } /* Parse field 15 of a secret key or subkey. This fields holds a reference to smartcards. FIELD is the content of the field and we are allowed to modify it. */ static gpg_error_t parse_sec_field15 (gpgme_key_t key, gpgme_subkey_t subkey, char *field) { if (!*field) ; /* Empty. */ else if (*field == '#') { /* This is a stub for an offline key. We reset the SECRET flag of the subkey here. Note that the secret flag of the entire key will be true even then. We even explicitly set key->secret to make it works for GPGME_KEYLIST_MODE_WITH_SECRET. */ subkey->secret = 0; key->secret = 1; } else if (strchr ("01234567890ABCDEFabcdef", *field)) { /* Fields starts with a hex digit; thus it is a serial number. */ key->secret = 1; subkey->is_cardkey = 1; subkey->card_number = strdup (field); if (!subkey->card_number) return gpg_error_from_syserror (); } else if (*field == '+') { key->secret = 1; subkey->secret = 1; } else { /* RFU. */ } return 0; } -/* Parse the compliance field. */ -static void -parse_pub_field18 (gpgme_subkey_t subkey, char *field) -{ - char *p, *endp; - unsigned long ul; - - for (p = field; p && (ul = strtoul (p, &endp, 10)) && p != endp; p = endp) - { - switch (ul) - { - case 23: subkey->is_de_vs = 1; break; - } - } -} - - /* Parse a tfs record. */ static gpg_error_t parse_tfs_record (gpgme_user_id_t uid, char **field, int nfield) { gpg_error_t err; gpgme_tofu_info_t ti; unsigned long uval; /* We add only the first TOFU record in case future versions emit * several. */ if (uid->tofu) return 0; /* Check that we have enough fields and that the version is supported. */ if (nfield < 8 || atoi(field[1]) != 1) return trace_gpg_error (GPG_ERR_INV_ENGINE); ti = calloc (1, sizeof *ti); if (!ti) return gpg_error_from_syserror (); /* Note that we allow a value of up to 7 which is what we can store * in the ti->validity. */ err = _gpgme_strtoul_field (field[2], &uval); if (err || uval > 7) goto inv_engine; ti->validity = uval; /* Parse the sign-count. */ err = _gpgme_strtoul_field (field[3], &uval); if (err) goto inv_engine; if (uval > USHRT_MAX) uval = USHRT_MAX; ti->signcount = uval; /* Parse the encr-count. */ err = _gpgme_strtoul_field (field[4], &uval); if (err) goto inv_engine; if (uval > USHRT_MAX) uval = USHRT_MAX; ti->encrcount = uval; /* Parse the policy. */ if (!strcmp (field[5], "none")) ti->policy = GPGME_TOFU_POLICY_NONE; else if (!strcmp (field[5], "auto")) ti->policy = GPGME_TOFU_POLICY_AUTO; else if (!strcmp (field[5], "good")) ti->policy = GPGME_TOFU_POLICY_GOOD; else if (!strcmp (field[5], "bad")) ti->policy = GPGME_TOFU_POLICY_BAD; else if (!strcmp (field[5], "ask")) ti->policy = GPGME_TOFU_POLICY_ASK; else /* "unknown" and invalid policy strings. */ ti->policy = GPGME_TOFU_POLICY_UNKNOWN; /* Parse first and last seen timestamps. */ err = _gpgme_strtoul_field (field[6], &uval); if (err) goto inv_engine; ti->signfirst = uval; err = _gpgme_strtoul_field (field[7], &uval); if (err) goto inv_engine; ti->signlast = uval; if (nfield > 9) { /* This condition is only to allow for gpg 2.1.15 - can * eventually be removed. */ err = _gpgme_strtoul_field (field[8], &uval); if (err) goto inv_engine; ti->encrfirst = uval; err = _gpgme_strtoul_field (field[9], &uval); if (err) goto inv_engine; ti->encrlast = uval; } /* Ready. */ uid->tofu = ti; return 0; inv_engine: free (ti); return trace_gpg_error (GPG_ERR_INV_ENGINE); } /* We have read an entire key into tmp_key and should now finish it. It is assumed that this releases tmp_key. */ static void finish_key (gpgme_ctx_t ctx, op_data_t opd) { gpgme_key_t key = opd->tmp_key; opd->tmp_key = NULL; opd->tmp_uid = NULL; opd->tmp_keysig = NULL; if (key) _gpgme_engine_io_event (ctx->engine, GPGME_EVENT_NEXT_KEY, key); } /* Note: We are allowed to modify LINE. */ static gpgme_error_t keylist_colon_handler (void *priv, char *line) { gpgme_ctx_t ctx = (gpgme_ctx_t) priv; enum { RT_NONE, RT_SIG, RT_UID, RT_TFS, RT_SUB, RT_PUB, RT_FPR, RT_GRP, RT_SSB, RT_SEC, RT_CRT, RT_CRS, RT_REV, RT_SPK } rectype = RT_NONE; #define NR_FIELDS 20 char *field[NR_FIELDS]; int fields = 0; void *hook; op_data_t opd; gpgme_error_t err; gpgme_key_t key; gpgme_subkey_t subkey = NULL; gpgme_key_sig_t keysig = NULL; err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, -1, NULL); opd = hook; if (err) return err; key = opd->tmp_key; TRACE2 (DEBUG_CTX, "gpgme:keylist_colon_handler", ctx, "key = %p, line = %s", key, line ? line : "(null)"); if (!line) { /* End Of File. */ finish_key (ctx, opd); return 0; } while (line && fields < NR_FIELDS) { field[fields++] = line; line = strchr (line, ':'); if (line) *(line++) = '\0'; } if (!strcmp (field[0], "sig")) rectype = RT_SIG; else if (!strcmp (field[0], "rev")) rectype = RT_REV; else if (!strcmp (field[0], "pub")) rectype = RT_PUB; else if (!strcmp (field[0], "sec")) rectype = RT_SEC; else if (!strcmp (field[0], "crt")) rectype = RT_CRT; else if (!strcmp (field[0], "crs")) rectype = RT_CRS; else if (!strcmp (field[0], "fpr") && key) rectype = RT_FPR; else if (!strcmp (field[0], "grp") && key) rectype = RT_GRP; else if (!strcmp (field[0], "uid") && key) rectype = RT_UID; else if (!strcmp (field[0], "tfs") && key) rectype = RT_TFS; else if (!strcmp (field[0], "sub") && key) rectype = RT_SUB; else if (!strcmp (field[0], "ssb") && key) rectype = RT_SSB; else if (!strcmp (field[0], "spk") && key) rectype = RT_SPK; else rectype = RT_NONE; /* Only look at signature and trust info records immediately following a user ID. For this, clear the user ID pointer when encountering anything but a signature or trust record. */ if (rectype != RT_SIG && rectype != RT_REV && rectype != RT_TFS) opd->tmp_uid = NULL; /* Only look at subpackets immediately following a signature. For this, clear the signature pointer when encountering anything but a subpacket. */ if (rectype != RT_SPK) opd->tmp_keysig = NULL; switch (rectype) { case RT_PUB: case RT_SEC: case RT_CRT: case RT_CRS: /* Start a new keyblock. */ err = _gpgme_key_new (&key); if (err) return err; key->keylist_mode = ctx->keylist_mode; err = _gpgme_key_add_subkey (key, &subkey); if (err) { gpgme_key_unref (key); return err; } if (rectype == RT_SEC || rectype == RT_CRS) key->secret = subkey->secret = 1; if (rectype == RT_CRT || rectype == RT_CRS) key->protocol = GPGME_PROTOCOL_CMS; finish_key (ctx, opd); opd->tmp_key = key; /* Field 2 has the trust info. */ if (fields >= 2) set_mainkey_trust_info (key, field[1]); /* Field 3 has the key length. */ if (fields >= 3) { int i = atoi (field[2]); /* Ignore invalid values. */ if (i > 1) subkey->length = i; } /* Field 4 has the public key algorithm. */ if (fields >= 4) { int i = atoi (field[3]); if (i >= 1 && i < 128) subkey->pubkey_algo = _gpgme_map_pk_algo (i, ctx->protocol); } /* Field 5 has the long keyid. Allow short key IDs for the output of an external keyserver listing. */ if (fields >= 5 && strlen (field[4]) <= DIM(subkey->_keyid) - 1) strcpy (subkey->_keyid, field[4]); /* Field 6 has the timestamp (seconds). */ if (fields >= 6) subkey->timestamp = _gpgme_parse_timestamp (field[5], NULL); /* Field 7 has the expiration time (seconds). */ if (fields >= 7) subkey->expires = _gpgme_parse_timestamp (field[6], NULL); /* Field 8 has the X.509 serial number. */ if (fields >= 8 && (rectype == RT_CRT || rectype == RT_CRS)) { key->issuer_serial = strdup (field[7]); if (!key->issuer_serial) return gpg_error_from_syserror (); } /* Field 9 has the ownertrust. */ if (fields >= 9) set_ownertrust (key, field[8]); /* Field 10 is not used for gpg due to --fixed-list-mode option but GPGSM stores the issuer name. */ if (fields >= 10 && (rectype == RT_CRT || rectype == RT_CRS)) if (_gpgme_decode_c_string (field[9], &key->issuer_name, 0)) return gpg_error (GPG_ERR_ENOMEM); /* FIXME */ /* Field 11 has the signature class. */ /* Field 12 has the capabilities. */ if (fields >= 12) set_mainkey_capability (key, field[11]); /* Field 15 carries special flags of a secret key. */ if (fields >= 15 && (key->secret || (ctx->keylist_mode & GPGME_KEYLIST_MODE_WITH_SECRET))) { err = parse_sec_field15 (key, subkey, field[14]); if (err) return err; } /* Field 17 has the curve name for ECC. */ if (fields >= 17 && *field[16]) { subkey->curve = strdup (field[16]); if (!subkey->curve) return gpg_error_from_syserror (); } /* Field 18 has the compliance flags. */ if (fields >= 17 && *field[17]) - parse_pub_field18 (subkey, field[17]); + PARSE_COMPLIANCE_FLAGS (field[17], subkey); if (fields >= 20) { key->last_update = _gpgme_parse_timestamp_ul (field[18]); key->origin = 0; /* Fixme: Not yet defined in gpg. */ } break; case RT_SUB: case RT_SSB: /* Start a new subkey. */ err = _gpgme_key_add_subkey (key, &subkey); if (err) return err; if (rectype == RT_SSB) subkey->secret = 1; /* Field 2 has the trust info. */ if (fields >= 2) set_subkey_trust_info (subkey, field[1]); /* Field 3 has the key length. */ if (fields >= 3) { int i = atoi (field[2]); /* Ignore invalid values. */ if (i > 1) subkey->length = i; } /* Field 4 has the public key algorithm. */ if (fields >= 4) { int i = atoi (field[3]); if (i >= 1 && i < 128) subkey->pubkey_algo = _gpgme_map_pk_algo (i, ctx->protocol); } /* Field 5 has the long keyid. */ if (fields >= 5 && strlen (field[4]) == DIM(subkey->_keyid) - 1) strcpy (subkey->_keyid, field[4]); /* Field 6 has the timestamp (seconds). */ if (fields >= 6) subkey->timestamp = _gpgme_parse_timestamp (field[5], NULL); /* Field 7 has the expiration time (seconds). */ if (fields >= 7) subkey->expires = _gpgme_parse_timestamp (field[6], NULL); /* Field 8 is reserved (LID). */ /* Field 9 has the ownertrust. */ /* Field 10, the user ID, is n/a for a subkey. */ /* Field 11 has the signature class. */ /* Field 12 has the capabilities. */ if (fields >= 12) set_subkey_capability (subkey, field[11]); /* Field 15 carries special flags of a secret key. */ if (fields >= 15 && (key->secret || (ctx->keylist_mode & GPGME_KEYLIST_MODE_WITH_SECRET))) { err = parse_sec_field15 (key, subkey, field[14]); if (err) return err; } /* Field 17 has the curve name for ECC. */ if (fields >= 17 && *field[16]) { subkey->curve = strdup (field[16]); if (!subkey->curve) return gpg_error_from_syserror (); } /* Field 18 has the compliance flags. */ if (fields >= 17 && *field[17]) - parse_pub_field18 (subkey, field[17]); + PARSE_COMPLIANCE_FLAGS (field[17], subkey); break; case RT_UID: /* Field 2 has the trust info, and field 10 has the user ID. */ if (fields >= 10) { if (_gpgme_key_append_name (key, field[9], 1)) return gpg_error (GPG_ERR_ENOMEM); /* FIXME */ if (field[1]) set_userid_flags (key, field[1]); opd->tmp_uid = key->_last_uid; if (fields >= 20) { opd->tmp_uid->last_update = _gpgme_parse_timestamp_ul (field[18]); opd->tmp_uid->origin = 0; /* Fixme: Not yet defined in gpg. */ } } break; case RT_TFS: if (opd->tmp_uid) { err = parse_tfs_record (opd->tmp_uid, field, fields); if (err) return err; } break; case RT_FPR: /* Field 10 has the fingerprint (take only the first one). */ if (fields >= 10 && field[9] && *field[9]) { /* Need to apply it to the last subkey because all subkeys do have fingerprints. */ subkey = key->_last_subkey; if (!subkey->fpr) { subkey->fpr = strdup (field[9]); if (!subkey->fpr) return gpg_error_from_syserror (); } /* If this is the first subkey, store the fingerprint also in the KEY object. */ if (subkey == key->subkeys) { if (key->fpr && strcmp (key->fpr, subkey->fpr)) { /* FPR already set but mismatch: Should never happen. */ return trace_gpg_error (GPG_ERR_INTERNAL); } if (!key->fpr) { key->fpr = strdup (subkey->fpr); if (!key->fpr) return gpg_error_from_syserror (); } } } /* Field 13 has the gpgsm chain ID (take only the first one). */ if (fields >= 13 && !key->chain_id && *field[12]) { key->chain_id = strdup (field[12]); if (!key->chain_id) return gpg_error_from_syserror (); } break; case RT_GRP: /* Field 10 has the keygrip. */ if (fields >= 10 && field[9] && *field[9]) { /* Need to apply it to the last subkey because all subkeys have a keygrip. */ subkey = key->_last_subkey; if (!subkey->keygrip) { subkey->keygrip = strdup (field[9]); if (!subkey->keygrip) return gpg_error_from_syserror (); } } break; case RT_SIG: case RT_REV: if (!opd->tmp_uid) return 0; /* Start a new (revoked) signature. */ assert (opd->tmp_uid == key->_last_uid); keysig = _gpgme_key_add_sig (key, (fields >= 10) ? field[9] : NULL); if (!keysig) return gpg_error (GPG_ERR_ENOMEM); /* FIXME */ /* Field 2 has the calculated trust ('!', '-', '?', '%'). */ if (fields >= 2) switch (field[1][0]) { case '!': keysig->status = gpg_error (GPG_ERR_NO_ERROR); break; case '-': keysig->status = gpg_error (GPG_ERR_BAD_SIGNATURE); break; case '?': keysig->status = gpg_error (GPG_ERR_NO_PUBKEY); break; case '%': keysig->status = gpg_error (GPG_ERR_GENERAL); break; default: keysig->status = gpg_error (GPG_ERR_NO_ERROR); break; } /* Field 4 has the public key algorithm. */ if (fields >= 4) { int i = atoi (field[3]); if (i >= 1 && i < 128) keysig->pubkey_algo = _gpgme_map_pk_algo (i, ctx->protocol); } /* Field 5 has the long keyid. */ if (fields >= 5 && strlen (field[4]) == DIM(keysig->_keyid) - 1) strcpy (keysig->_keyid, field[4]); /* Field 6 has the timestamp (seconds). */ if (fields >= 6) keysig->timestamp = _gpgme_parse_timestamp (field[5], NULL); /* Field 7 has the expiration time (seconds). */ if (fields >= 7) keysig->expires = _gpgme_parse_timestamp (field[6], NULL); /* Field 11 has the signature class (eg, 0x30 means revoked). */ if (fields >= 11) if (field[10][0] && field[10][1]) { int sig_class = _gpgme_hextobyte (field[10]); if (sig_class >= 0) { keysig->sig_class = sig_class; keysig->class = keysig->sig_class; if (sig_class == 0x30) keysig->revoked = 1; } if (field[10][2] == 'x') keysig->exportable = 1; } opd->tmp_keysig = keysig; break; case RT_SPK: if (!opd->tmp_keysig) return 0; assert (opd->tmp_keysig == key->_last_uid->_last_keysig); if (fields >= 4) { /* Field 2 has the subpacket type. */ int type = atoi (field[1]); /* Field 3 has the flags. */ int flags = atoi (field[2]); /* Field 4 has the length. */ int len = atoi (field[3]); /* Field 5 has the data. */ char *data = field[4]; /* Type 20: Notation data. */ /* Type 26: Policy URL. */ if (type == 20 || type == 26) { gpgme_sig_notation_t notation; keysig = opd->tmp_keysig; /* At this time, any error is serious. */ err = _gpgme_parse_notation (¬ation, type, flags, len, data); if (err) return err; /* Add a new notation. FIXME: Could be factored out. */ if (!keysig->notations) keysig->notations = notation; if (keysig->_last_notation) keysig->_last_notation->next = notation; keysig->_last_notation = notation; } } case RT_NONE: /* Unknown record. */ break; } return 0; } void _gpgme_op_keylist_event_cb (void *data, gpgme_event_io_t type, void *type_data) { gpgme_error_t err; gpgme_ctx_t ctx = (gpgme_ctx_t) data; gpgme_key_t key = (gpgme_key_t) type_data; void *hook; op_data_t opd; struct key_queue_item_s *q, *q2; assert (type == GPGME_EVENT_NEXT_KEY); err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, -1, NULL); opd = hook; if (err) return; q = malloc (sizeof *q); if (!q) { gpgme_key_unref (key); /* FIXME return GPGME_Out_Of_Core; */ return; } q->key = key; q->next = NULL; /* FIXME: Use a tail pointer? */ if (!(q2 = opd->key_queue)) opd->key_queue = q; else { for (; q2->next; q2 = q2->next) ; q2->next = q; } opd->key_cond = 1; } /* Start a keylist operation within CTX, searching for keys which match PATTERN. If SECRET_ONLY is true, only secret keys are returned. */ gpgme_error_t gpgme_op_keylist_start (gpgme_ctx_t ctx, const char *pattern, int secret_only) { gpgme_error_t err; void *hook; op_data_t opd; int flags = 0; TRACE_BEG2 (DEBUG_CTX, "gpgme_op_keylist_start", ctx, "pattern=%s, secret_only=%i", pattern, secret_only); if (!ctx) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); err = _gpgme_op_reset (ctx, 2); if (err) return TRACE_ERR (err); err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, sizeof (*opd), release_op_data); opd = hook; if (err) return TRACE_ERR (err); _gpgme_engine_set_status_handler (ctx->engine, keylist_status_handler, ctx); err = _gpgme_engine_set_colon_line_handler (ctx->engine, keylist_colon_handler, ctx); if (err) return TRACE_ERR (err); if (ctx->offline) flags |= GPGME_ENGINE_FLAG_OFFLINE; err = _gpgme_engine_op_keylist (ctx->engine, pattern, secret_only, ctx->keylist_mode, flags); return TRACE_ERR (err); } /* Start a keylist operation within CTX, searching for keys which match PATTERN. If SECRET_ONLY is true, only secret keys are returned. */ gpgme_error_t gpgme_op_keylist_ext_start (gpgme_ctx_t ctx, const char *pattern[], int secret_only, int reserved) { gpgme_error_t err; void *hook; op_data_t opd; int flags = 0; TRACE_BEG2 (DEBUG_CTX, "gpgme_op_keylist_ext_start", ctx, "secret_only=%i, reserved=0x%x", secret_only, reserved); if (!ctx) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); err = _gpgme_op_reset (ctx, 2); if (err) return TRACE_ERR (err); err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, sizeof (*opd), release_op_data); opd = hook; if (err) return TRACE_ERR (err); _gpgme_engine_set_status_handler (ctx->engine, keylist_status_handler, ctx); err = _gpgme_engine_set_colon_line_handler (ctx->engine, keylist_colon_handler, ctx); if (err) return TRACE_ERR (err); if (ctx->offline) flags |= GPGME_ENGINE_FLAG_OFFLINE; err = _gpgme_engine_op_keylist_ext (ctx->engine, pattern, secret_only, reserved, ctx->keylist_mode, flags); return TRACE_ERR (err); } /* Start a keylist operation within CTX to show keys contained * in DATA. */ gpgme_error_t gpgme_op_keylist_from_data_start (gpgme_ctx_t ctx, gpgme_data_t data, int reserved) { gpgme_error_t err; void *hook; op_data_t opd; TRACE_BEG (DEBUG_CTX, "gpgme_op_keylist_from_data_start", ctx); if (!ctx || !data || reserved) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); err = _gpgme_op_reset (ctx, 2); if (err) return TRACE_ERR (err); err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, sizeof (*opd), release_op_data); opd = hook; if (err) return TRACE_ERR (err); _gpgme_engine_set_status_handler (ctx->engine, keylist_status_handler, ctx); err = _gpgme_engine_set_colon_line_handler (ctx->engine, keylist_colon_handler, ctx); if (err) return TRACE_ERR (err); err = _gpgme_engine_op_keylist_data (ctx->engine, data); return TRACE_ERR (err); } /* Return the next key from the keylist in R_KEY. */ gpgme_error_t gpgme_op_keylist_next (gpgme_ctx_t ctx, gpgme_key_t *r_key) { gpgme_error_t err; struct key_queue_item_s *queue_item; void *hook; op_data_t opd; TRACE_BEG (DEBUG_CTX, "gpgme_op_keylist_next", ctx); if (!ctx || !r_key) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); *r_key = NULL; if (!ctx) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, -1, NULL); opd = hook; if (err) return TRACE_ERR (err); if (opd == NULL) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); if (!opd->key_queue) { err = _gpgme_wait_on_condition (ctx, &opd->key_cond, NULL); if (err) return TRACE_ERR (err); if (!opd->key_cond) return TRACE_ERR (opd->keydb_search_err? opd->keydb_search_err /**/ : gpg_error (GPG_ERR_EOF)); opd->key_cond = 0; assert (opd->key_queue); } queue_item = opd->key_queue; opd->key_queue = queue_item->next; if (!opd->key_queue) opd->key_cond = 0; *r_key = queue_item->key; free (queue_item); return TRACE_SUC2 ("key=%p (%s)", *r_key, ((*r_key)->subkeys && (*r_key)->subkeys->fpr) ? (*r_key)->subkeys->fpr : "invalid"); } /* Terminate a pending keylist operation within CTX. */ gpgme_error_t gpgme_op_keylist_end (gpgme_ctx_t ctx) { TRACE (DEBUG_CTX, "gpgme_op_keylist_end", ctx); if (!ctx) return gpg_error (GPG_ERR_INV_VALUE); return 0; } /* Get the key with the fingerprint FPR from the crypto backend. If SECRET is true, get the secret key. */ gpgme_error_t gpgme_get_key (gpgme_ctx_t ctx, const char *fpr, gpgme_key_t *r_key, int secret) { gpgme_ctx_t listctx; gpgme_error_t err; gpgme_key_t key; TRACE_BEG2 (DEBUG_CTX, "gpgme_get_key", ctx, "fpr=%s, secret=%i", fpr, secret); if (!ctx || !r_key || !fpr) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); if (strlen (fpr) < 8) /* We have at least a key ID. */ return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); /* FIXME: We use our own context because we have to avoid the user's I/O callback handlers. */ err = gpgme_new (&listctx); if (err) return TRACE_ERR (err); { gpgme_protocol_t proto; gpgme_engine_info_t info; /* Clone the relevant state. */ proto = gpgme_get_protocol (ctx); gpgme_set_protocol (listctx, proto); gpgme_set_keylist_mode (listctx, gpgme_get_keylist_mode (ctx)); info = gpgme_ctx_get_engine_info (ctx); while (info && info->protocol != proto) info = info->next; if (info) gpgme_ctx_set_engine_info (listctx, proto, info->file_name, info->home_dir); } err = gpgme_op_keylist_start (listctx, fpr, secret); if (!err) err = gpgme_op_keylist_next (listctx, r_key); if (!err) { try_next_key: err = gpgme_op_keylist_next (listctx, &key); if (gpgme_err_code (err) == GPG_ERR_EOF) err = 0; else { if (!err && *r_key && (*r_key)->subkeys && (*r_key)->subkeys->fpr && key && key->subkeys && key->subkeys->fpr && !strcmp ((*r_key)->subkeys->fpr, key->subkeys->fpr)) { /* The fingerprint is identical. We assume that this is the same key and don't mark it as an ambiguous. This problem may occur with corrupted keyrings and has been noticed often with gpgsm. In fact gpgsm uses a similar hack to sort out such duplicates but it can't do that while listing keys. */ gpgme_key_unref (key); goto try_next_key; } if (!err) { gpgme_key_unref (key); err = gpg_error (GPG_ERR_AMBIGUOUS_NAME); } gpgme_key_unref (*r_key); } } gpgme_release (listctx); if (! err) { TRACE_LOG2 ("key=%p (%s)", *r_key, ((*r_key)->subkeys && (*r_key)->subkeys->fpr) ? (*r_key)->subkeys->fpr : "invalid"); } return TRACE_ERR (err); } diff --git a/src/status-table.c b/src/status-table.c index 64511345..afc7eab8 100644 --- a/src/status-table.c +++ b/src/status-table.c @@ -1,183 +1,185 @@ /* gpgme.c - GnuPG Made Easy. Copyright (C) 2000 Werner Koch (dd9jn) Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, 2012 g10 Code GmbH This file is part of GPGME. GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #if HAVE_CONFIG_H #include #endif #include #include #include "util.h" struct status_table_s { const char *name; gpgme_status_code_t code; }; /* Lexicographically sorted ('_' comes after any letter). You can use the Emacs command M-x sort-lines. But don't sweat it, the table is sorted at start up, too. */ static struct status_table_s status_table[] = { { "ABORT", GPGME_STATUS_ABORT }, { "ALREADY_SIGNED", GPGME_STATUS_ALREADY_SIGNED }, { "ATTRIBUTE", GPGME_STATUS_ATTRIBUTE }, { "BACKUP_KEY_CREATED", GPGME_STATUS_BACKUP_KEY_CREATED }, { "BADARMOR", GPGME_STATUS_BADARMOR }, { "BADMDC", GPGME_STATUS_BADMDC }, { "BADSIG", GPGME_STATUS_BADSIG }, { "BAD_PASSPHRASE", GPGME_STATUS_BAD_PASSPHRASE }, { "BEGIN_DECRYPTION", GPGME_STATUS_BEGIN_DECRYPTION }, { "BEGIN_ENCRYPTION", GPGME_STATUS_BEGIN_ENCRYPTION }, { "BEGIN_SIGNING", GPGME_STATUS_BEGIN_SIGNING }, { "BEGIN_STREAM", GPGME_STATUS_BEGIN_STREAM }, { "CARDCTRL", GPGME_STATUS_CARDCTRL }, { "DECRYPTION_FAILED", GPGME_STATUS_DECRYPTION_FAILED }, { "DECRYPTION_INFO", GPGME_STATUS_DECRYPTION_INFO }, { "DECRYPTION_OKAY", GPGME_STATUS_DECRYPTION_OKAY }, { "DELETE_PROBLEM", GPGME_STATUS_DELETE_PROBLEM }, + { "DECRYPTION_COMPLIANCE_MODE", GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE }, { "ENC_TO", GPGME_STATUS_ENC_TO }, { "END_DECRYPTION", GPGME_STATUS_END_DECRYPTION }, { "END_ENCRYPTION", GPGME_STATUS_END_ENCRYPTION }, { "END_STREAM", GPGME_STATUS_END_STREAM }, { "ENTER", GPGME_STATUS_ENTER }, { "ERRMDC", GPGME_STATUS_ERRMDC }, { "ERROR", GPGME_STATUS_ERROR }, { "ERRSIG", GPGME_STATUS_ERRSIG }, { "EXPKEYSIG", GPGME_STATUS_EXPKEYSIG }, { "EXPSIG", GPGME_STATUS_EXPSIG }, { "FAILURE", GPGME_STATUS_FAILURE }, { "FILE_DONE", GPGME_STATUS_FILE_DONE }, { "FILE_ERROR", GPGME_STATUS_FILE_ERROR }, { "FILE_START", GPGME_STATUS_FILE_START }, { "GET_BOOL", GPGME_STATUS_GET_BOOL }, { "GET_HIDDEN", GPGME_STATUS_GET_HIDDEN }, { "GET_LINE", GPGME_STATUS_GET_LINE }, { "GOODMDC", GPGME_STATUS_GOODMDC }, { "GOODSIG", GPGME_STATUS_GOODSIG }, { "GOOD_PASSPHRASE", GPGME_STATUS_GOOD_PASSPHRASE }, { "GOT_IT", GPGME_STATUS_GOT_IT }, { "IMPORTED", GPGME_STATUS_IMPORTED }, { "IMPORT_OK", GPGME_STATUS_IMPORT_OK }, { "IMPORT_PROBLEM", GPGME_STATUS_IMPORT_PROBLEM }, { "IMPORT_RES", GPGME_STATUS_IMPORT_RES }, { "INQUIRE_MAXLEN", GPGME_STATUS_INQUIRE_MAXLEN }, { "INV_RECP", GPGME_STATUS_INV_RECP }, { "INV_SGNR", GPGME_STATUS_INV_SGNR }, { "KEYEXPIRED", GPGME_STATUS_KEYEXPIRED }, { "KEYREVOKED", GPGME_STATUS_KEYREVOKED }, { "KEY_CONSIDERED", GPGME_STATUS_KEY_CONSIDERED }, { "KEY_CREATED", GPGME_STATUS_KEY_CREATED }, { "KEY_NOT_CREATED", GPGME_STATUS_KEY_NOT_CREATED }, { "LEAVE", GPGME_STATUS_LEAVE }, { "MISSING_PASSPHRASE", GPGME_STATUS_MISSING_PASSPHRASE }, { "MOUNTPOINT", GPGME_STATUS_MOUNTPOINT }, { "NEED_PASSPHRASE", GPGME_STATUS_NEED_PASSPHRASE }, { "NEED_PASSPHRASE_PIN", GPGME_STATUS_NEED_PASSPHRASE_PIN }, { "NEED_PASSPHRASE_SYM", GPGME_STATUS_NEED_PASSPHRASE_SYM }, { "NEWSIG", GPGME_STATUS_NEWSIG }, { "NODATA", GPGME_STATUS_NODATA }, { "NOTATION_DATA", GPGME_STATUS_NOTATION_DATA }, { "NOTATION_FLAGS", GPGME_STATUS_NOTATION_FLAGS }, { "NOTATION_NAME", GPGME_STATUS_NOTATION_NAME }, { "NO_PUBKEY", GPGME_STATUS_NO_PUBKEY }, { "NO_RECP", GPGME_STATUS_NO_RECP }, { "NO_SECKEY", GPGME_STATUS_NO_SECKEY }, { "NO_SGNR", GPGME_STATUS_NO_SGNR }, { "PINENTRY_LAUNCHED", GPGME_STATUS_PINENTRY_LAUNCHED}, { "PKA_TRUST_BAD", GPGME_STATUS_PKA_TRUST_BAD }, { "PKA_TRUST_GOOD", GPGME_STATUS_PKA_TRUST_GOOD }, { "PLAINTEXT", GPGME_STATUS_PLAINTEXT }, { "PLAINTEXT_LENGTH", GPGME_STATUS_PLAINTEXT_LENGTH }, { "POLICY_URL", GPGME_STATUS_POLICY_URL }, { "PROGRESS", GPGME_STATUS_PROGRESS }, { "REVKEYSIG", GPGME_STATUS_REVKEYSIG }, { "RSA_OR_IDEA", GPGME_STATUS_RSA_OR_IDEA }, { "SC_OP_FAILURE", GPGME_STATUS_SC_OP_FAILURE }, { "SC_OP_SUCCESS", GPGME_STATUS_SC_OP_SUCCESS }, { "SESSION_KEY", GPGME_STATUS_SESSION_KEY }, { "SHM_GET", GPGME_STATUS_SHM_GET }, { "SHM_GET_BOOL", GPGME_STATUS_SHM_GET_BOOL }, { "SHM_GET_HIDDEN", GPGME_STATUS_SHM_GET_HIDDEN }, { "SHM_INFO", GPGME_STATUS_SHM_INFO }, { "SIGEXPIRED", GPGME_STATUS_SIGEXPIRED }, { "SIG_CREATED", GPGME_STATUS_SIG_CREATED }, { "SIG_ID", GPGME_STATUS_SIG_ID }, { "SIG_SUBPACKET", GPGME_STATUS_SIG_SUBPACKET }, { "SUCCESS", GPGME_STATUS_SUCCESS }, { "TOFU_STATS", GPGME_STATUS_TOFU_STATS }, { "TOFU_STATS_LONG", GPGME_STATUS_TOFU_STATS_LONG }, { "TOFU_USER", GPGME_STATUS_TOFU_USER }, { "TRUNCATED", GPGME_STATUS_TRUNCATED }, { "TRUST_FULLY", GPGME_STATUS_TRUST_FULLY }, { "TRUST_MARGINAL", GPGME_STATUS_TRUST_MARGINAL }, { "TRUST_NEVER", GPGME_STATUS_TRUST_NEVER }, { "TRUST_ULTIMATE", GPGME_STATUS_TRUST_ULTIMATE }, { "TRUST_UNDEFINED", GPGME_STATUS_TRUST_UNDEFINED }, { "UNEXPECTED", GPGME_STATUS_UNEXPECTED }, { "USERID_HINT", GPGME_STATUS_USERID_HINT }, { "VALIDSIG", GPGME_STATUS_VALIDSIG }, + { "VERIFICATION_COMPLIANCE_MODE", GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE }, {NULL, 0} }; static int status_cmp (const void *ap, const void *bp) { const struct status_table_s *a = ap; const struct status_table_s *b = bp; return strcmp (a->name, b->name); } void _gpgme_status_init (void) { qsort (status_table, DIM(status_table) - 1, sizeof (status_table[0]), status_cmp); } gpgme_status_code_t _gpgme_parse_status (const char *name) { struct status_table_s t, *r; t.name = name; r = bsearch (&t, status_table, DIM(status_table) - 1, sizeof t, status_cmp); return r ? r->code : -1; } const char * _gpgme_status_to_string (gpgme_status_code_t code) { int i; for (i=0; i < DIM(status_table); i++) if (status_table[i].code == code) return status_table[i].name? status_table[i].name : ""; return "status_code_lost"; } diff --git a/src/util.h b/src/util.h index 7b7924cf..fd22d754 100644 --- a/src/util.h +++ b/src/util.h @@ -1,227 +1,249 @@ /* util.h Copyright (C) 2000 Werner Koch (dd9jn) Copyright (C) 2001, 2002, 2003, 2004, 2005 g10 Code GmbH This file is part of GPGME. GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef UTIL_H #define UTIL_H #ifdef HAVE_W32_SYSTEM # ifdef HAVE_W32CE_SYSTEM # include "w32-ce.h" # else # include "winsock2.h" # include "windows.h" # endif #endif /* For pid_t. */ #ifdef HAVE_SYS_TYPES_H # include #endif /* We must see the symbol ttyname_r before a redefinition. */ #ifdef HAVE_UNISTD_H # include #endif #include "gpgme.h" #define DIM(v) (sizeof(v)/sizeof((v)[0])) #if GPG_ERROR_VERSION_NUMBER < 0x011500 /* 1.21 */ # define GPG_ERR_FALSE 256 #endif #if GPG_ERROR_VERSION_NUMBER < 0x011900 /* 1.25 */ # define GPG_ERR_ENGINE_TOO_OLD 300 # define GPG_ERR_TOO_OLD 308 #endif #ifndef GPGRT_ATTR_SENTINEL # define GPGRT_ATTR_SENTINEL(a) /* */ #endif /*-- {posix,w32}-util.c --*/ int _gpgme_get_conf_int (const char *key, int *value); void _gpgme_allow_set_foreground_window (pid_t pid); /*-- dirinfo.c --*/ void _gpgme_dirinfo_disable_gpgconf (void); const char *_gpgme_get_default_homedir (void); const char *_gpgme_get_default_agent_socket (void); const char *_gpgme_get_default_gpg_name (void); const char *_gpgme_get_default_gpgsm_name (void); const char *_gpgme_get_default_g13_name (void); const char *_gpgme_get_default_gpgconf_name (void); const char *_gpgme_get_default_uisrv_socket (void); int _gpgme_in_gpg_one_mode (void); const char *_gpgme_get_basename (const char *name); /*-- replacement functions in .c --*/ #ifdef HAVE_CONFIG_H #ifndef HAVE_STPCPY static _GPGME_INLINE char * _gpgme_stpcpy (char *a, const char *b) { while (*b) *a++ = *b++; *a = 0; return a; } #define stpcpy(a,b) _gpgme_stpcpy ((a), (b)) #endif /*!HAVE_STPCPY*/ /* Due to a bug in mingw32's snprintf related to the 'l' modifier and for increased portability we use our snprintf on all systems. */ #undef snprintf #define snprintf gpgrt_snprintf #if REPLACE_TTYNAME_R int _gpgme_ttyname_r (int fd, char *buf, size_t buflen); #undef ttyname_r #define ttyname_r(a,b,c) _gpgme_ttyname_r ((a), (b), (c)) #endif #endif /*HAVE_CONFIG_H*/ /*-- conversion.c --*/ /* Concatenate the string S1 with all the following strings up to a NULL. Returns a malloced buffer with the new string or NULL on a malloc error or if too many arguments are given. */ char *_gpgme_strconcat (const char *s1, ...) GPGRT_ATTR_SENTINEL(0); /* Convert two hexadecimal digits from STR to the value they represent. Returns -1 if one of the characters is not a hexadecimal digit. */ int _gpgme_hextobyte (const char *str); /* Decode the C formatted string SRC and store the result in the buffer *DESTP which is LEN bytes long. If LEN is zero, then a large enough buffer is allocated with malloc and *DESTP is set to the result. Currently, LEN is only used to specify if allocation is desired or not, the caller is expected to make sure that *DESTP is large enough if LEN is not zero. */ gpgme_error_t _gpgme_decode_c_string (const char *src, char **destp, size_t len); /* Decode the percent escaped string SRC and store the result in the buffer *DESTP which is LEN bytes long. If LEN is zero, then a large enough buffer is allocated with malloc and *DESTP is set to the result. Currently, LEN is only used to specify if allocation is desired or not, the caller is expected to make sure that *DESTP is large enough if LEN is not zero. If BINARY is 1, then '\0' characters are allowed in the output. */ gpgme_error_t _gpgme_decode_percent_string (const char *src, char **destp, size_t len, int binary); gpgme_error_t _gpgme_encode_percent_string (const char *src, char **destp, size_t len); /* Split a string into space delimited fields and remove leading and * trailing spaces from each field. A pointer to the each field is * stored in ARRAY. Stop splitting at ARRAYSIZE fields. The function * modifies STRING. The number of parsed fields is returned. */ int _gpgme_split_fields (char *string, char **array, int arraysize); /* Convert the field STRING into an unsigned long value. Check for * trailing garbage. */ gpgme_error_t _gpgme_strtoul_field (const char *string, unsigned long *result); /* Convert STRING into an offset value similar to atoi(). */ gpgme_off_t _gpgme_string_to_off (const char *string); /* Parse the string TIMESTAMP into a time_t. The string may either be seconds since Epoch or in the ISO 8601 format like "20390815T143012". Returns 0 for an empty string or seconds since Epoch. Leading spaces are skipped. If ENDP is not NULL, it will point to the next non-parsed character in TIMESTRING. */ time_t _gpgme_parse_timestamp (const char *timestamp, char **endp); /* Variant of _gpgme_parse_timestamp to return an unsigned long or 0 * on error or missing timestamp. */ unsigned long _gpgme_parse_timestamp_ul (const char *timestamp); gpgme_error_t _gpgme_map_gnupg_error (char *err); int _gpgme_map_pk_algo (int algo, gpgme_protocol_t protocol); /*-- b64dec.c --*/ struct b64state { int idx; int quad_count; char *title; unsigned char radbuf[4]; int stop_seen:1; int invalid_encoding:1; gpg_error_t lasterr; }; gpg_error_t _gpgme_b64dec_start (struct b64state *state, const char *title); gpg_error_t _gpgme_b64dec_proc (struct b64state *state, void *buffer, size_t length, size_t *r_nbytes); gpg_error_t _gpgme_b64dec_finish (struct b64state *state); /* Retrieve the environment variable NAME and return a copy of it in a malloc()'ed buffer in *VALUE. If the environment variable is not set, return NULL in *VALUE. */ gpgme_error_t _gpgme_getenv (const char *name, char **value); /*-- status-table.c --*/ /* Convert a status string to a status code. */ void _gpgme_status_init (void); gpgme_status_code_t _gpgme_parse_status (const char *name); const char *_gpgme_status_to_string (gpgme_status_code_t code); #ifdef HAVE_W32_SYSTEM int _gpgme_mkstemp (int *fd, char **name); const char *_gpgme_get_w32spawn_path (void); #endif /*HAVE_W32_SYSTEM*/ #ifdef HAVE_W32CE_SYSTEM char *_gpgme_w32ce_get_debug_envvar (void); #endif /*HAVE_W32CE_SYSTEM*/ #include /* System hooks for assuan integration. */ extern struct assuan_system_hooks _gpgme_assuan_system_hooks; extern struct assuan_malloc_hooks _gpgme_assuan_malloc_hooks; int _gpgme_assuan_log_cb (assuan_context_t ctx, void *hook, unsigned int cat, const char *msg); + + +/* Parse the compliance field. */ +#define PARSE_COMPLIANCE_FLAGS(flags, result) \ + do { \ + char *comp_p, *comp_endp; \ + unsigned long comp_ul; \ + \ + for (comp_p = (flags); \ + comp_p \ + && (comp_ul = strtoul (comp_p, &comp_endp, 10)) \ + && comp_p != comp_endp; \ + comp_p = comp_endp) \ + { \ + switch (comp_ul) \ + { \ + case 23: (result)->is_de_vs = 1; break; \ + } \ + } \ + } while (0) + + #endif /* UTIL_H */ diff --git a/src/verify.c b/src/verify.c index 900f925d..ee730a34 100644 --- a/src/verify.c +++ b/src/verify.c @@ -1,1368 +1,1372 @@ /* verify.c - Signature verification. Copyright (C) 2000 Werner Koch (dd9jn) Copyright (C) 2001, 2002, 2003, 2004, 2005 g10 Code GmbH This file is part of GPGME. GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #if HAVE_CONFIG_H #include #endif #include #include #include #include #include #include "gpgme.h" #include "debug.h" #include "util.h" #include "context.h" #include "ops.h" typedef struct { struct _gpgme_op_verify_result result; /* The error code from a FAILURE status line or 0. */ gpg_error_t failure_code; gpgme_signature_t current_sig; int did_prepare_new_sig; int only_newsig_seen; int plaintext_seen; int conflict_user_seen; } *op_data_t; static void release_op_data (void *hook) { op_data_t opd = (op_data_t) hook; gpgme_signature_t sig = opd->result.signatures; while (sig) { gpgme_signature_t next = sig->next; gpgme_sig_notation_t notation = sig->notations; while (notation) { gpgme_sig_notation_t next_nota = notation->next; _gpgme_sig_notation_free (notation); notation = next_nota; } if (sig->fpr) free (sig->fpr); if (sig->pka_address) free (sig->pka_address); if (sig->key) gpgme_key_unref (sig->key); free (sig); sig = next; } if (opd->result.file_name) free (opd->result.file_name); } gpgme_verify_result_t gpgme_op_verify_result (gpgme_ctx_t ctx) { void *hook; op_data_t opd; gpgme_error_t err; gpgme_signature_t sig; TRACE_BEG (DEBUG_CTX, "gpgme_op_verify_result", ctx); err = _gpgme_op_data_lookup (ctx, OPDATA_VERIFY, &hook, -1, NULL); opd = hook; if (err || !opd) { TRACE_SUC0 ("result=(null)"); return NULL; } /* It is possible that we saw a new signature only followed by an ERROR line for that. In particular a missing X.509 key triggers this. In this case it is surprising that the summary field has not been updated. We fix it here by explicitly looking for this case. The real fix would be to have GPGME emit ERRSIG. */ for (sig = opd->result.signatures; sig; sig = sig->next) { if (!sig->summary) { switch (gpg_err_code (sig->status)) { case GPG_ERR_KEY_EXPIRED: sig->summary |= GPGME_SIGSUM_KEY_EXPIRED; break; case GPG_ERR_NO_PUBKEY: sig->summary |= GPGME_SIGSUM_KEY_MISSING; break; default: break; } } } /* Now for some tracing stuff. */ if (_gpgme_debug_trace ()) { int i; for (sig = opd->result.signatures, i = 0; sig; sig = sig->next, i++) { TRACE_LOG4 ("sig[%i] = fpr %s, summary 0x%x, status %s", i, sig->fpr, sig->summary, gpg_strerror (sig->status)); TRACE_LOG6 ("sig[%i] = timestamps 0x%x/0x%x flags:%s%s%s", i, sig->timestamp, sig->exp_timestamp, sig->wrong_key_usage ? "wrong key usage" : "", sig->pka_trust == 1 ? "pka bad" : (sig->pka_trust == 2 ? "pka_okay" : "pka RFU"), sig->chain_model ? "chain model" : ""); TRACE_LOG5 ("sig[%i] = validity 0x%x (%s), algos %s/%s", i, sig->validity, gpg_strerror (sig->validity_reason), gpgme_pubkey_algo_name (sig->pubkey_algo), gpgme_hash_algo_name (sig->hash_algo)); if (sig->pka_address) { TRACE_LOG2 ("sig[%i] = PKA address %s", i, sig->pka_address); } if (sig->notations) { TRACE_LOG1 ("sig[%i] = has notations (not shown)", i); } } } TRACE_SUC1 ("result=%p", &opd->result); return &opd->result; } /* Build a summary vector from RESULT. */ static void calc_sig_summary (gpgme_signature_t sig) { unsigned long sum = 0; /* Calculate the red/green flag. */ if (sig->validity == GPGME_VALIDITY_FULL || sig->validity == GPGME_VALIDITY_ULTIMATE) { if (gpg_err_code (sig->status) == GPG_ERR_NO_ERROR || gpg_err_code (sig->status) == GPG_ERR_SIG_EXPIRED || gpg_err_code (sig->status) == GPG_ERR_KEY_EXPIRED) sum |= GPGME_SIGSUM_GREEN; } else if (sig->validity == GPGME_VALIDITY_NEVER) { if (gpg_err_code (sig->status) == GPG_ERR_NO_ERROR || gpg_err_code (sig->status) == GPG_ERR_SIG_EXPIRED || gpg_err_code (sig->status) == GPG_ERR_KEY_EXPIRED) sum |= GPGME_SIGSUM_RED; } else if (gpg_err_code (sig->status) == GPG_ERR_BAD_SIGNATURE) sum |= GPGME_SIGSUM_RED; /* FIXME: handle the case when key and message are expired. */ switch (gpg_err_code (sig->status)) { case GPG_ERR_SIG_EXPIRED: sum |= GPGME_SIGSUM_SIG_EXPIRED; break; case GPG_ERR_KEY_EXPIRED: sum |= GPGME_SIGSUM_KEY_EXPIRED; break; case GPG_ERR_NO_PUBKEY: sum |= GPGME_SIGSUM_KEY_MISSING; break; case GPG_ERR_CERT_REVOKED: sum |= GPGME_SIGSUM_KEY_REVOKED; break; case GPG_ERR_BAD_SIGNATURE: case GPG_ERR_NO_ERROR: break; default: sum |= GPGME_SIGSUM_SYS_ERROR; break; } /* Now look at the certain reason codes. */ switch (gpg_err_code (sig->validity_reason)) { case GPG_ERR_CRL_TOO_OLD: if (sig->validity == GPGME_VALIDITY_UNKNOWN) sum |= GPGME_SIGSUM_CRL_TOO_OLD; break; case GPG_ERR_CERT_REVOKED: /* Note that this is a second way to set this flag. It may also have been set due to a sig->status of STATUS_REVKEYSIG from parse_new_sig. */ sum |= GPGME_SIGSUM_KEY_REVOKED; break; default: break; } /* Check other flags. */ if (sig->wrong_key_usage) sum |= GPGME_SIGSUM_BAD_POLICY; /* Set the valid flag when the signature is unquestionable valid. (The test is identical to if(sum == GPGME_SIGSUM_GREEN)). */ if ((sum & GPGME_SIGSUM_GREEN) && !(sum & ~GPGME_SIGSUM_GREEN)) sum |= GPGME_SIGSUM_VALID; sig->summary = sum; } static gpgme_error_t prepare_new_sig (op_data_t opd) { gpgme_signature_t sig; if (opd->only_newsig_seen && opd->current_sig) { /* We have only seen the NEWSIG status and nothing else - we better skip this signature therefore and reuse it for the next possible signature. */ sig = opd->current_sig; memset (sig, 0, sizeof *sig); assert (opd->result.signatures == sig); } else { sig = calloc (1, sizeof (*sig)); if (!sig) return gpg_error_from_syserror (); if (!opd->result.signatures) opd->result.signatures = sig; if (opd->current_sig) opd->current_sig->next = sig; opd->current_sig = sig; } opd->did_prepare_new_sig = 1; opd->only_newsig_seen = 0; return 0; } static gpgme_error_t parse_new_sig (op_data_t opd, gpgme_status_code_t code, char *args, gpgme_protocol_t protocol) { gpgme_signature_t sig; char *end = strchr (args, ' '); char *tail; if (end) { *end = '\0'; end++; } if (!opd->did_prepare_new_sig) { gpg_error_t err; err = prepare_new_sig (opd); if (err) return err; } assert (opd->did_prepare_new_sig); opd->did_prepare_new_sig = 0; assert (opd->current_sig); sig = opd->current_sig; /* FIXME: We should set the source of the state. */ switch (code) { case GPGME_STATUS_GOODSIG: sig->status = gpg_error (GPG_ERR_NO_ERROR); break; case GPGME_STATUS_EXPSIG: sig->status = gpg_error (GPG_ERR_SIG_EXPIRED); break; case GPGME_STATUS_EXPKEYSIG: sig->status = gpg_error (GPG_ERR_KEY_EXPIRED); break; case GPGME_STATUS_BADSIG: sig->status = gpg_error (GPG_ERR_BAD_SIGNATURE); break; case GPGME_STATUS_REVKEYSIG: sig->status = gpg_error (GPG_ERR_CERT_REVOKED); break; case GPGME_STATUS_ERRSIG: /* Parse the pubkey algo. */ if (!end) goto parse_err_sig_fail; gpg_err_set_errno (0); sig->pubkey_algo = _gpgme_map_pk_algo (strtol (end, &tail, 0), protocol); if (errno || end == tail || *tail != ' ') goto parse_err_sig_fail; end = tail; while (*end == ' ') end++; /* Parse the hash algo. */ if (!*end) goto parse_err_sig_fail; gpg_err_set_errno (0); sig->hash_algo = strtol (end, &tail, 0); if (errno || end == tail || *tail != ' ') goto parse_err_sig_fail; end = tail; while (*end == ' ') end++; /* Skip the sig class. */ end = strchr (end, ' '); if (!end) goto parse_err_sig_fail; while (*end == ' ') end++; /* Parse the timestamp. */ sig->timestamp = _gpgme_parse_timestamp (end, &tail); if (sig->timestamp == -1 || end == tail || (*tail && *tail != ' ')) return trace_gpg_error (GPG_ERR_INV_ENGINE); end = tail; while (*end == ' ') end++; /* Parse the return code. */ if (!*end) goto parse_err_sig_fail; sig->status = strtoul (end, NULL, 10); goto parse_err_sig_ok; parse_err_sig_fail: sig->status = gpg_error (GPG_ERR_GENERAL); parse_err_sig_ok: break; default: return gpg_error (GPG_ERR_GENERAL); } if (*args) { sig->fpr = strdup (args); if (!sig->fpr) return gpg_error_from_syserror (); } return 0; } static gpgme_error_t parse_valid_sig (gpgme_signature_t sig, char *args, gpgme_protocol_t protocol) { char *end = strchr (args, ' '); if (end) { *end = '\0'; end++; } if (!*args) /* We require at least the fingerprint. */ return gpg_error (GPG_ERR_GENERAL); if (sig->fpr) free (sig->fpr); sig->fpr = strdup (args); if (!sig->fpr) return gpg_error_from_syserror (); /* Skip the creation date. */ end = strchr (end, ' '); if (end) { char *tail; sig->timestamp = _gpgme_parse_timestamp (end, &tail); if (sig->timestamp == -1 || end == tail || (*tail && *tail != ' ')) return trace_gpg_error (GPG_ERR_INV_ENGINE); end = tail; sig->exp_timestamp = _gpgme_parse_timestamp (end, &tail); if (sig->exp_timestamp == -1 || end == tail || (*tail && *tail != ' ')) return trace_gpg_error (GPG_ERR_INV_ENGINE); end = tail; while (*end == ' ') end++; /* Skip the signature version. */ end = strchr (end, ' '); if (end) { while (*end == ' ') end++; /* Skip the reserved field. */ end = strchr (end, ' '); if (end) { /* Parse the pubkey algo. */ gpg_err_set_errno (0); sig->pubkey_algo = _gpgme_map_pk_algo (strtol (end, &tail, 0), protocol); if (errno || end == tail || *tail != ' ') return trace_gpg_error (GPG_ERR_INV_ENGINE); end = tail; while (*end == ' ') end++; if (*end) { /* Parse the hash algo. */ gpg_err_set_errno (0); sig->hash_algo = strtol (end, &tail, 0); if (errno || end == tail || *tail != ' ') return trace_gpg_error (GPG_ERR_INV_ENGINE); end = tail; } } } } return 0; } static gpgme_error_t parse_notation (gpgme_signature_t sig, gpgme_status_code_t code, char *args) { gpgme_error_t err; gpgme_sig_notation_t *lastp = &sig->notations; gpgme_sig_notation_t notation = sig->notations; char *p; if (code == GPGME_STATUS_NOTATION_NAME || code == GPGME_STATUS_POLICY_URL) { p = strchr (args, ' '); if (p) *p = '\0'; /* FIXME: We could keep a pointer to the last notation in the list. */ while (notation && notation->value) { lastp = ¬ation->next; notation = notation->next; } if (notation) /* There is another notation name without data for the previous one. The crypto backend misbehaves. */ return trace_gpg_error (GPG_ERR_INV_ENGINE); err = _gpgme_sig_notation_create (¬ation, NULL, 0, NULL, 0, 0); if (err) return err; if (code == GPGME_STATUS_NOTATION_NAME) { err = _gpgme_decode_percent_string (args, ¬ation->name, 0, 0); if (err) { _gpgme_sig_notation_free (notation); return err; } notation->name_len = strlen (notation->name); /* Set default flags for use with older gpg versions which * do not emit a NOTATIONS_FLAG line. */ notation->flags = GPGME_SIG_NOTATION_HUMAN_READABLE; notation->human_readable = 1; } else { /* This is a policy URL. */ err = _gpgme_decode_percent_string (args, ¬ation->value, 0, 0); if (err) { _gpgme_sig_notation_free (notation); return err; } notation->value_len = strlen (notation->value); } *lastp = notation; } else if (code == GPGME_STATUS_NOTATION_FLAGS) { char *field[2]; while (notation && notation->next) { lastp = ¬ation->next; notation = notation->next; } if (!notation || !notation->name) { /* There are notation flags without a previous notation name. * The crypto backend misbehaves. */ return trace_gpg_error (GPG_ERR_INV_ENGINE); } if (_gpgme_split_fields (args, field, DIM (field)) < 2) { /* Required args missing. */ return trace_gpg_error (GPG_ERR_INV_ENGINE); } notation->flags = 0; if (atoi (field[0])) { notation->flags |= GPGME_SIG_NOTATION_CRITICAL; notation->critical = 1; } if (atoi (field[1])) { notation->flags |= GPGME_SIG_NOTATION_HUMAN_READABLE; notation->human_readable = 1; } } else if (code == GPGME_STATUS_NOTATION_DATA) { int len = strlen (args) + 1; char *dest; /* FIXME: We could keep a pointer to the last notation in the list. */ while (notation && notation->next) { lastp = ¬ation->next; notation = notation->next; } if (!notation || !notation->name) /* There is notation data without a previous notation name. The crypto backend misbehaves. */ return trace_gpg_error (GPG_ERR_INV_ENGINE); if (!notation->value) { dest = notation->value = malloc (len); if (!dest) return gpg_error_from_syserror (); } else { int cur_len = strlen (notation->value); dest = realloc (notation->value, len + strlen (notation->value)); if (!dest) return gpg_error_from_syserror (); notation->value = dest; dest += cur_len; } err = _gpgme_decode_percent_string (args, &dest, len, 0); if (err) return err; notation->value_len += strlen (dest); } else return trace_gpg_error (GPG_ERR_INV_ENGINE); return 0; } static gpgme_error_t parse_trust (gpgme_signature_t sig, gpgme_status_code_t code, char *args) { char *end = strchr (args, ' '); if (end) *end = '\0'; switch (code) { case GPGME_STATUS_TRUST_UNDEFINED: default: sig->validity = GPGME_VALIDITY_UNKNOWN; break; case GPGME_STATUS_TRUST_NEVER: sig->validity = GPGME_VALIDITY_NEVER; break; case GPGME_STATUS_TRUST_MARGINAL: sig->validity = GPGME_VALIDITY_MARGINAL; break; case GPGME_STATUS_TRUST_FULLY: case GPGME_STATUS_TRUST_ULTIMATE: sig->validity = GPGME_VALIDITY_FULL; break; } sig->validity_reason = 0; sig->chain_model = 0; if (*args) { sig->validity_reason = atoi (args); while (*args && *args != ' ') args++; if (*args) { while (*args == ' ') args++; if (!strncmp (args, "chain", 2) && (args[2] == ' ' || !args[2])) sig->chain_model = 1; } } return 0; } /* Parse a TOFU_USER line and put the info into SIG. */ static gpgme_error_t parse_tofu_user (gpgme_signature_t sig, char *args, gpgme_protocol_t protocol) { gpg_error_t err; char *tail; gpgme_user_id_t uid; gpgme_tofu_info_t ti; char *fpr = NULL; char *address = NULL; tail = strchr (args, ' '); if (!tail || tail == args) { err = trace_gpg_error (GPG_ERR_INV_ENGINE); /* No fingerprint. */ goto leave; } *tail++ = 0; fpr = strdup (args); if (!fpr) { err = gpg_error_from_syserror (); goto leave; } if (sig->key && sig->key->fpr && strcmp (sig->key->fpr, fpr)) { /* GnuPG since 2.1.17 emits multiple TOFU_USER lines with different fingerprints in case of conflicts for a signature. */ err = gpg_error (GPG_ERR_DUP_VALUE); goto leave; } args = tail; tail = strchr (args, ' '); if (tail == args) { err = trace_gpg_error (GPG_ERR_INV_ENGINE); /* No addr-spec. */ goto leave; } if (tail) *tail = 0; err = _gpgme_decode_percent_string (args, &address, 0, 0); if (err) goto leave; if (!sig->key) { err = _gpgme_key_new (&sig->key); if (err) goto leave; sig->key->fpr = fpr; sig->key->protocol = protocol; fpr = NULL; } else if (!sig->key->fpr) { err = trace_gpg_error (GPG_ERR_INTERNAL); goto leave; } err = _gpgme_key_append_name (sig->key, address, 0); if (err) goto leave; uid = sig->key->_last_uid; assert (uid); ti = calloc (1, sizeof *ti); if (!ti) { err = gpg_error_from_syserror (); goto leave; } uid->tofu = ti; leave: free (fpr); free (address); return err; } /* Parse a TOFU_STATS line and store it in the last tofu info of SIG. * * TOFU_STATS \ * [ [ ]] */ static gpgme_error_t parse_tofu_stats (gpgme_signature_t sig, char *args) { gpgme_error_t err; gpgme_tofu_info_t ti; char *field[8]; int nfields; unsigned long uval; if (!sig->key || !sig->key->_last_uid || !(ti = sig->key->_last_uid->tofu)) return trace_gpg_error (GPG_ERR_INV_ENGINE); /* No TOFU_USER seen. */ if (ti->signfirst || ti->signcount || ti->validity || ti->policy) return trace_gpg_error (GPG_ERR_INV_ENGINE); /* Already set. */ nfields = _gpgme_split_fields (args, field, DIM (field)); if (nfields < 3) return trace_gpg_error (GPG_ERR_INV_ENGINE); /* Required args missing. */ /* Note that we allow a value of up to 7 which is what we can store * in the ti->validity. */ err = _gpgme_strtoul_field (field[0], &uval); if (err || uval > 7) return trace_gpg_error (GPG_ERR_INV_ENGINE); ti->validity = uval; /* Parse the sign-count. */ err = _gpgme_strtoul_field (field[1], &uval); if (err) return trace_gpg_error (GPG_ERR_INV_ENGINE); if (uval > USHRT_MAX) uval = USHRT_MAX; ti->signcount = uval; /* Parse the encr-count. */ err = _gpgme_strtoul_field (field[2], &uval); if (err) return trace_gpg_error (GPG_ERR_INV_ENGINE); if (uval > USHRT_MAX) uval = USHRT_MAX; ti->encrcount = uval; if (nfields == 3) return 0; /* All mandatory fields parsed. */ /* Parse the policy. */ if (!strcmp (field[3], "none")) ti->policy = GPGME_TOFU_POLICY_NONE; else if (!strcmp (field[3], "auto")) ti->policy = GPGME_TOFU_POLICY_AUTO; else if (!strcmp (field[3], "good")) ti->policy = GPGME_TOFU_POLICY_GOOD; else if (!strcmp (field[3], "bad")) ti->policy = GPGME_TOFU_POLICY_BAD; else if (!strcmp (field[3], "ask")) ti->policy = GPGME_TOFU_POLICY_ASK; else /* "unknown" and invalid policy strings. */ ti->policy = GPGME_TOFU_POLICY_UNKNOWN; if (nfields == 4) return 0; /* No more optional fields. */ /* Parse first and last seen timestamps (none or both are required). */ if (nfields < 6) return trace_gpg_error (GPG_ERR_INV_ENGINE); /* "tm2" missing. */ err = _gpgme_strtoul_field (field[4], &uval); if (err) return trace_gpg_error (GPG_ERR_INV_ENGINE); ti->signfirst = uval; err = _gpgme_strtoul_field (field[5], &uval); if (err) return trace_gpg_error (GPG_ERR_INV_ENGINE); ti->signlast = uval; if (nfields > 7) { /* This condition is only to allow for gpg 2.1.15 - can * eventually be removed. */ err = _gpgme_strtoul_field (field[6], &uval); if (err) return trace_gpg_error (GPG_ERR_INV_ENGINE); ti->encrfirst = uval; err = _gpgme_strtoul_field (field[7], &uval); if (err) return trace_gpg_error (GPG_ERR_INV_ENGINE); ti->encrlast = uval; } return 0; } /* Parse a TOFU_STATS_LONG line and store it in the last tofu info of SIG. */ static gpgme_error_t parse_tofu_stats_long (gpgme_signature_t sig, char *args, int raw) { gpgme_error_t err; gpgme_tofu_info_t ti; char *p; if (!sig->key || !sig->key->_last_uid || !(ti = sig->key->_last_uid->tofu)) return trace_gpg_error (GPG_ERR_INV_ENGINE); /* No TOFU_USER seen. */ if (ti->description) return trace_gpg_error (GPG_ERR_INV_ENGINE); /* Already set. */ err = _gpgme_decode_percent_string (args, &ti->description, 0, 0); if (err) return err; /* Remove the non-breaking spaces. */ if (!raw) { for (p = ti->description; *p; p++) if (*p == '~') *p = ' '; } return 0; } /* Parse an error status line and if SET_STATUS is true update the result status as appropriate. With SET_STATUS being false, only check for an error. */ static gpgme_error_t parse_error (gpgme_signature_t sig, char *args, int set_status) { gpgme_error_t err; char *where = strchr (args, ' '); char *which; if (where) { *where = '\0'; which = where + 1; where = strchr (which, ' '); if (where) *where = '\0'; where = args; } else return trace_gpg_error (GPG_ERR_INV_ENGINE); err = atoi (which); if (!strcmp (where, "proc_pkt.plaintext") && gpg_err_code (err) == GPG_ERR_BAD_DATA) { /* This indicates a double plaintext. The only solid way to handle this is by failing the oepration. */ return gpg_error (GPG_ERR_BAD_DATA); } else if (!set_status) ; else if (!strcmp (where, "verify.findkey")) sig->status = err; else if (!strcmp (where, "verify.keyusage") && gpg_err_code (err) == GPG_ERR_WRONG_KEY_USAGE) sig->wrong_key_usage = 1; return 0; } gpgme_error_t _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args) { gpgme_ctx_t ctx = (gpgme_ctx_t) priv; gpgme_error_t err; void *hook; op_data_t opd; gpgme_signature_t sig; char *end; err = _gpgme_op_data_lookup (ctx, OPDATA_VERIFY, &hook, -1, NULL); opd = hook; if (err) return err; sig = opd->current_sig; switch (code) { case GPGME_STATUS_NEWSIG: if (sig) calc_sig_summary (sig); err = prepare_new_sig (opd); opd->only_newsig_seen = 1; opd->conflict_user_seen = 0; return err; case GPGME_STATUS_GOODSIG: case GPGME_STATUS_EXPSIG: case GPGME_STATUS_EXPKEYSIG: case GPGME_STATUS_BADSIG: case GPGME_STATUS_ERRSIG: case GPGME_STATUS_REVKEYSIG: if (sig && !opd->did_prepare_new_sig) calc_sig_summary (sig); opd->only_newsig_seen = 0; return parse_new_sig (opd, code, args, ctx->protocol); case GPGME_STATUS_VALIDSIG: opd->only_newsig_seen = 0; return sig ? parse_valid_sig (sig, args, ctx->protocol) : trace_gpg_error (GPG_ERR_INV_ENGINE); case GPGME_STATUS_NODATA: opd->only_newsig_seen = 0; if (!sig) return gpg_error (GPG_ERR_NO_DATA); sig->status = gpg_error (GPG_ERR_NO_DATA); break; case GPGME_STATUS_UNEXPECTED: opd->only_newsig_seen = 0; if (!sig) return gpg_error (GPG_ERR_GENERAL); sig->status = gpg_error (GPG_ERR_NO_DATA); break; case GPGME_STATUS_NOTATION_NAME: case GPGME_STATUS_NOTATION_FLAGS: case GPGME_STATUS_NOTATION_DATA: case GPGME_STATUS_POLICY_URL: opd->only_newsig_seen = 0; return sig ? parse_notation (sig, code, args) : trace_gpg_error (GPG_ERR_INV_ENGINE); case GPGME_STATUS_TRUST_UNDEFINED: case GPGME_STATUS_TRUST_NEVER: case GPGME_STATUS_TRUST_MARGINAL: case GPGME_STATUS_TRUST_FULLY: case GPGME_STATUS_TRUST_ULTIMATE: opd->only_newsig_seen = 0; return sig ? parse_trust (sig, code, args) : trace_gpg_error (GPG_ERR_INV_ENGINE); case GPGME_STATUS_PKA_TRUST_BAD: case GPGME_STATUS_PKA_TRUST_GOOD: opd->only_newsig_seen = 0; /* Check that we only get one of these status codes per signature; if not the crypto backend misbehaves. */ if (!sig || sig->pka_trust || sig->pka_address) return trace_gpg_error (GPG_ERR_INV_ENGINE); sig->pka_trust = code == GPGME_STATUS_PKA_TRUST_GOOD? 2 : 1; end = strchr (args, ' '); if (end) *end = 0; sig->pka_address = strdup (args); break; case GPGME_STATUS_TOFU_USER: opd->only_newsig_seen = 0; if (!sig) return trace_gpg_error (GPG_ERR_INV_ENGINE); err = parse_tofu_user (sig, args, ctx->protocol); /* gpg emits TOFU User lines for each conflicting key. * GPGME does not expose this to have a clean API and * a GPGME user can do a keylisting with the address * normalisation. * So when a duplicated TOFU_USER line is encountered * we ignore the conflicting tofu stats emited afterwards. */ if (gpg_err_code (err) == GPG_ERR_DUP_VALUE) { opd->conflict_user_seen = 1; break; } opd->conflict_user_seen = 0; return trace_gpg_error (err); case GPGME_STATUS_TOFU_STATS: opd->only_newsig_seen = 0; if (opd->conflict_user_seen) break; return sig ? parse_tofu_stats (sig, args) /* */ : trace_gpg_error (GPG_ERR_INV_ENGINE); case GPGME_STATUS_TOFU_STATS_LONG: opd->only_newsig_seen = 0; if (opd->conflict_user_seen) break; return sig ? parse_tofu_stats_long (sig, args, ctx->raw_description) /* */ : trace_gpg_error (GPG_ERR_INV_ENGINE); case GPGME_STATUS_ERROR: opd->only_newsig_seen = 0; /* Some error stati are informational, so we don't return an error code if we are not ready to process this status. */ return parse_error (sig, args, !!sig ); case GPGME_STATUS_FAILURE: opd->failure_code = _gpgme_parse_failure (args); break; case GPGME_STATUS_EOF: if (sig && !opd->did_prepare_new_sig) calc_sig_summary (sig); if (opd->only_newsig_seen && sig) { gpgme_signature_t sig2; /* The last signature has no valid information - remove it from the list. */ assert (!sig->next); if (sig == opd->result.signatures) opd->result.signatures = NULL; else { for (sig2 = opd->result.signatures; sig2; sig2 = sig2->next) if (sig2->next == sig) { sig2->next = NULL; break; } } /* Note that there is no need to release the members of SIG because we won't be here if they have been set. */ free (sig); opd->current_sig = NULL; } opd->only_newsig_seen = 0; if (opd->failure_code) return opd->failure_code; break; case GPGME_STATUS_PLAINTEXT: if (++opd->plaintext_seen > 1) return gpg_error (GPG_ERR_BAD_DATA); err = _gpgme_parse_plaintext (args, &opd->result.file_name); if (err) return err; + case GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE: + PARSE_COMPLIANCE_FLAGS (args, opd->current_sig); + break; + default: break; } return 0; } static gpgme_error_t verify_status_handler (void *priv, gpgme_status_code_t code, char *args) { gpgme_error_t err; err = _gpgme_progress_status_handler (priv, code, args); if (!err) err = _gpgme_verify_status_handler (priv, code, args); return err; } gpgme_error_t _gpgme_op_verify_init_result (gpgme_ctx_t ctx) { void *hook; op_data_t opd; return _gpgme_op_data_lookup (ctx, OPDATA_VERIFY, &hook, sizeof (*opd), release_op_data); } static gpgme_error_t verify_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t sig, gpgme_data_t signed_text, gpgme_data_t plaintext) { gpgme_error_t err; err = _gpgme_op_reset (ctx, synchronous); if (err) return err; err = _gpgme_op_verify_init_result (ctx); if (err) return err; _gpgme_engine_set_status_handler (ctx->engine, verify_status_handler, ctx); if (!sig) return gpg_error (GPG_ERR_NO_DATA); return _gpgme_engine_op_verify (ctx->engine, sig, signed_text, plaintext, ctx); } /* Decrypt ciphertext CIPHER and make a signature verification within CTX and store the resulting plaintext in PLAIN. */ gpgme_error_t gpgme_op_verify_start (gpgme_ctx_t ctx, gpgme_data_t sig, gpgme_data_t signed_text, gpgme_data_t plaintext) { gpg_error_t err; TRACE_BEG3 (DEBUG_CTX, "gpgme_op_verify_start", ctx, "sig=%p, signed_text=%p, plaintext=%p", sig, signed_text, plaintext); if (!ctx) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); err = verify_start (ctx, 0, sig, signed_text, plaintext); return TRACE_ERR (err); } /* Decrypt ciphertext CIPHER and make a signature verification within CTX and store the resulting plaintext in PLAIN. */ gpgme_error_t gpgme_op_verify (gpgme_ctx_t ctx, gpgme_data_t sig, gpgme_data_t signed_text, gpgme_data_t plaintext) { gpgme_error_t err; TRACE_BEG3 (DEBUG_CTX, "gpgme_op_verify", ctx, "sig=%p, signed_text=%p, plaintext=%p", sig, signed_text, plaintext); if (!ctx) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); err = verify_start (ctx, 1, sig, signed_text, plaintext); if (!err) err = _gpgme_wait_one (ctx); return TRACE_ERR (err); } /* Compatibility interfaces. */ /* Get the key used to create signature IDX in CTX and return it in R_KEY. */ gpgme_error_t gpgme_get_sig_key (gpgme_ctx_t ctx, int idx, gpgme_key_t *r_key) { gpgme_verify_result_t result; gpgme_signature_t sig; if (!ctx) return gpg_error (GPG_ERR_INV_VALUE); result = gpgme_op_verify_result (ctx); sig = result->signatures; while (sig && idx) { sig = sig->next; idx--; } if (!sig || idx) return gpg_error (GPG_ERR_EOF); return gpgme_get_key (ctx, sig->fpr, r_key, 0); } /* Retrieve the signature status of signature IDX in CTX after a successful verify operation in R_STAT (if non-null). The creation time stamp of the signature is returned in R_CREATED (if non-null). The function returns a string containing the fingerprint. */ const char * gpgme_get_sig_status (gpgme_ctx_t ctx, int idx, _gpgme_sig_stat_t *r_stat, time_t *r_created) { gpgme_verify_result_t result; gpgme_signature_t sig; result = gpgme_op_verify_result (ctx); sig = result->signatures; while (sig && idx) { sig = sig->next; idx--; } if (!sig || idx) return NULL; if (r_stat) { switch (gpg_err_code (sig->status)) { case GPG_ERR_NO_ERROR: *r_stat = GPGME_SIG_STAT_GOOD; break; case GPG_ERR_BAD_SIGNATURE: *r_stat = GPGME_SIG_STAT_BAD; break; case GPG_ERR_NO_PUBKEY: *r_stat = GPGME_SIG_STAT_NOKEY; break; case GPG_ERR_NO_DATA: *r_stat = GPGME_SIG_STAT_NOSIG; break; case GPG_ERR_SIG_EXPIRED: *r_stat = GPGME_SIG_STAT_GOOD_EXP; break; case GPG_ERR_KEY_EXPIRED: *r_stat = GPGME_SIG_STAT_GOOD_EXPKEY; break; default: *r_stat = GPGME_SIG_STAT_ERROR; break; } } if (r_created) *r_created = sig->timestamp; return sig->fpr; } /* Retrieve certain attributes of a signature. IDX is the index number of the signature after a successful verify operation. WHAT is an attribute where GPGME_ATTR_EXPIRE is probably the most useful one. WHATIDX is to be passed as 0 for most attributes . */ unsigned long gpgme_get_sig_ulong_attr (gpgme_ctx_t ctx, int idx, _gpgme_attr_t what, int whatidx) { gpgme_verify_result_t result; gpgme_signature_t sig; (void)whatidx; result = gpgme_op_verify_result (ctx); sig = result->signatures; while (sig && idx) { sig = sig->next; idx--; } if (!sig || idx) return 0; switch (what) { case GPGME_ATTR_CREATED: return sig->timestamp; case GPGME_ATTR_EXPIRE: return sig->exp_timestamp; case GPGME_ATTR_VALIDITY: return (unsigned long) sig->validity; case GPGME_ATTR_SIG_STATUS: switch (gpg_err_code (sig->status)) { case GPG_ERR_NO_ERROR: return GPGME_SIG_STAT_GOOD; case GPG_ERR_BAD_SIGNATURE: return GPGME_SIG_STAT_BAD; case GPG_ERR_NO_PUBKEY: return GPGME_SIG_STAT_NOKEY; case GPG_ERR_NO_DATA: return GPGME_SIG_STAT_NOSIG; case GPG_ERR_SIG_EXPIRED: return GPGME_SIG_STAT_GOOD_EXP; case GPG_ERR_KEY_EXPIRED: return GPGME_SIG_STAT_GOOD_EXPKEY; default: return GPGME_SIG_STAT_ERROR; } case GPGME_ATTR_SIG_SUMMARY: return sig->summary; default: break; } return 0; } const char * gpgme_get_sig_string_attr (gpgme_ctx_t ctx, int idx, _gpgme_attr_t what, int whatidx) { gpgme_verify_result_t result; gpgme_signature_t sig; result = gpgme_op_verify_result (ctx); sig = result->signatures; while (sig && idx) { sig = sig->next; idx--; } if (!sig || idx) return NULL; switch (what) { case GPGME_ATTR_FPR: return sig->fpr; case GPGME_ATTR_ERRTOK: if (whatidx == 1) return sig->wrong_key_usage ? "Wrong_Key_Usage" : ""; else return ""; default: break; } return NULL; }