diff --git a/NEWS b/NEWS index fda5a98d..499e3775 100644 --- a/NEWS +++ b/NEWS @@ -1,2458 +1,2460 @@ Noteworthy changes in version 1.19.0 (unreleased) ------------------------------------------------- + * New convenience option --identify for gpgme-json. + * New context flag "no-auto-check-trustdb". [T6261] * Optionally, build QGpgME for Qt 6 * Support component "gpgtar-name" in gpgme_get_dirinfo. [T6342] * Extended gpgme_op_encrypt*, gpgme_op_encrypt_sign*, and gpgme_op_sign* to allow creating an encrypted and/or signed archive. [T6342] * Extended gpgme_op_decrypt*, gpgme_op_decrypt_verify*, and gpgme_op_verify* to allow extracting an encrypted and/or signed archive. [T6342] * cpp: Handle error when trying to sign expired keys. [T6155] * cpp: Support encryption flags ThrowKeyIds, EncryptWrap, and WantAddress. [T6359] * cpp, qt: Fix building with C++11. [T6141] * qt: Fix problem with expiration dates after 2038-01-19 on 32-bit systems when adding an existing subkey to another key. [T6137] * cpp: Allow setting the curve to use when generating ECC keys for smart cards. [T4429] * qt: Extend ListAllKeysJob to allow disabling the automatic trust database check when listing all keys. [T6261] * qt: Allow deferred start of import jobs. [T6323] * qt: Support creating encrypted archives. [T6342] * Interface changes relative to the 1.18.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_get_ctx_flag EXTENDED: New flag 'no-auto-check-trustdb'. gpgme_set_ctx_flag EXTENDED: New flag 'no-auto-check-trustdb'. GPGME_DECRYPT_ARCHIVE NEW. GPGME_ENCRYPT_ARCHIVE NEW. GPGME_SIG_MODE_ARCHIVE NEW. GPGME_VERIFY_ARCHIVE NEW. gpgme_verify_flags_t NEW. gpgme_op_verify_ext_start NEW. gpgme_op_verify_ext NEW. cpp: GpgGenCardKeyInteractor::Curve NEW. cpp: GpgGenCardKeyInteractor::setCurve NEW. cpp: Context::WantAddress NEW. cpp: Data::setFileName EXTENDED: New overload qt: ListAllKeysJob::Option NEW. qt: ListAllKeysJob::Options NEW. qt: ListAllKeysJob::setOptions NEW. qt: ListAllKeysJob::options NEW. qt: Job::startNow NEW. qt: ImportJob::startLater NEW. qt: FileListDataProvider NEW. qt: EncryptArchiveJob NEW. qt: Protocol::encryptArchiveJob NEW. Release-info: https://dev.gnupg.org/T6341 Noteworthy changes in version 1.18.0 (2022-08-10) ------------------------------------------------- * New keylist mode to force refresh via external methods. [T5951] * The keylist operations now create an import result to report the result of the locate keylist modes. [T5951] * core: Return BAD_PASSPHRASE error code on symmetric decryption failure. [T5939] * cpp, qt: Do not export internal symbols anymore. [T5906] * cpp, qt: Support revocation of own OpenPGP keys. [T5904] * qt: The file name of (signed and) encrypted data can now be set. [T6056] * cpp, qt: Support setting the primary user ID. [T5938] * python: Fix segv(NULL) when inspecting contect after exeception. [T6060] * Interface changes relative to the 1.17.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_KEYLIST_MODE_FORCE_EXTERN NEW. GPGME_KEYLIST_MODE_LOCATE_EXTERNAL NEW. cpp: RevocationReason NEW. cpp: GpgRevokeKeyEditInteractor NEW. cpp: Result::setError NEW. cpp: KeyListMode::ForceExtern NEW. cpp: KeyListMode::LocateExternal NEW. cpp: KeyListMode::KeyListModeMask NEW. cpp: ImportResult::mergeWith NEW. cpp: KeyListModeSaver NEW. cpp: Context::setPrimaryUid NEW. cpp: Context::startSetPrimaryUid NEW. qt: RevokeKeyJob NEW. qt: Protocol::revokeKeyJob NEW. qt: EncryptJob::setFileName NEW. qt: EncryptJob::fileName NEW. qt: SignEncryptJob::setFileName NEW. qt: SignEncryptJob::fileName NEW. qt: SetPrimaryUserIDJob NEW. qt: Protocol::setPrimaryUserIDJob NEW. [c=C38/A27/R0 cpp=C21/A15/R0 qt=C16/A1/R0] Release-info: https://dev.gnupg.org/T6128 Noteworthy changes in version 1.17.1 (2022-03-06) ------------------------------------------------- * qt: Fix a bug in the ABI compatibility of 1.17.0. [T5834] [c=C37/A26/R0 cpp=C20/A14/R0 qt=C15/A0/R0] Release-info: https://dev.gnupg.org/T5872 Noteworthy changes in version 1.17.0 (2022-02-07) ------------------------------------------------- * New context flag "key-origin". [#5733] * New context flag "import-filter". [#5739] * New export mode to export secret subkeys. [#5757] * Detect errors during the export of secret keys. [#5766] * New function gpgme_op_receive_keys to import keys from a keyserver without first running a key listing. [#5808] * Detect bad passphrase error in certificate import. [T5713] * Allow setting --key-origin when importing keys. [T5733] * Support components "keyboxd", "gpg-agent", "scdaemon", "dirmngr", "pinentry", and "socketdir" in gpgme_get_dirinfo. [T5727,T5613] * Under Unix use poll(2) instead of select(2), when available. [T2385] * Do not use --flat_namespace when linking for macOS. [T5610] * Fix results returned by gpgme_data_* functions. [T5481] * Support closefrom also for glibc. [rM4b64774b6d] * cpp,qt: Add support for export of secret keys and secret subkeys. [#5757] * cpp,qt: Support for adding existing subkeys to other keys. [#5770] * qt: Extend ChangeExpiryJob to change expiration of primary key and of subkeys at the same time. [#4717] * qt: Support WKD lookup without implicit import. [#5728] * qt: Allow specifying an import filter when importing keys. [#5739] * qt: Expect UTF-8 on stderr on Windows. [rM8fe1546282] * qt: Allow retrieving the default value of a config entry. [T5515] * Interface changes relative to the 1.16.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_op_receive_keys NEW. gpgme_op_receive_keys_start NEW. qt: Protocol::secretSubkeyExportJob NEW. cpp: Context::exportSecretSubkeys NEW. cpp: Context::startSecretSubkeyExport NEW. qt: Protocol::secretKeyExportJob CHANGED: Param 'charset' is ignored. cpp: Context::exportKeys NEW. cpp: Context::startKeyExport NEW. cpp: Context::exportSecretKeys NEW. cpp: Context::startSecretKeyExport NEW. cpp: GpgAddExistingSubkeyEditInteractor NEW. GPGME_EXPORT_MODE_SECRET_SUBKEY NEW. gpgme_set_ctx_flag EXTENDED: New flag 'key-origin'. gpgme_set_ctx_flag EXTENDED: New flag 'import-filter'. qt: ChangeExpiryJob::Option NEW. qt: ChangeExpiryJob::Options NEW. qt: ChangeExpiryJob::setOptions NEW. qt: ChangeExpiryJob::options NEW. qt: CryptoConfigEntry::defaultValue NEW. qt: WKDLookupJob NEW. qt: WKDLookupResult NEW. qt: Protocol::wkdLookupJob NEW. qt: ImportJob::setKeyOrigin NEW. qt: ImportJob::keyOrigin NEW. qt: ImportJob::keyOriginUrl NEW. qt: setImportFilter NEW. qt: importFilter NEW. qt: AddExistingSubkeyJob NEW. qt: Protocol::addExistingSubkeyJob NEW. [c=C37/A26/R0 cpp=C20/A14/R0 qt=C14/A7/R0] Release-info: https://dev.gnupg.org/T5819 Noteworthy changes in version 1.16.0 (2021-06-24) ------------------------------------------------- * New context flag "cert-expire". [#5505] * New data flags "io-buffer-size" and "sensitive". [#5478] * Increase I/O buffer size from 512 to 4k under Windows. * cpp,qt: Add support for trust signatures. [#5421] * qt: Add support for flags in LDAP server options. [#5217] * qt: Fix too high memory consumption due to QProcess. [#5475] * qt: Do not set empty base DN as query of keyserver URL. [#5465] * qt: Extend SignKeyJob to create signatures with expiration date. [5506] * python: New optional parameter filter_signatures for decrypt. [#5292] * Interface changes relative to the 1.15.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_set_ctx_flag EXTENDED: New flag 'cert-expire'. cpp: SignKeyJob::setTrustSignature NEW. cpp: TrustSignatureTrust NEW. cpp: GpgSignKeyEditInteractor::setTrustSignatureTrust NEW. cpp: GpgSignKeyEditInteractor::setTrustSignatureDepth NEW. cpp: GpgSignKeyEditInteractor::setTrustSignatureScope NEW. cpp: UserID::Signature::isTrustSignature NEW. cpp: UserID::Signature::trustValue NEW. cpp: UserID::Signature::trustDepth NEW. cpp: UserID::Signature::trustScope NEW. gpgme_key_sig_t EXTENDED: New field 'trust_depth'. gpgme_key_sig_t EXTENDED: New field 'trust_value'. gpgme_key_sig_t EXTENDED: New field 'trust_scope'. GPGME_KEYSIGN_FORCE NEW. qt: CryptoConfig::entry CHANGED: Added overload; deprecated old [c=C36/A25/R0 cpp=C19/A13/R0 qt=C13/A6/R0] Release-info: https://dev.gnupg.org/T5499 Noteworthy changes in version 1.15.1 (2021-01-08) ------------------------------------------------- * Fix another bug in the secret key export. [#5046] * Make listing of signatures work if only secret keys are listed. [#3580] * Fix build problem on FreeBSD. [a6220adf30] * qt: Avoid empty "rem@gnupg.org" signature notations. [#5142] * python: Fix key_export functions. [#5149] [c=C35/A24/R1 cpp=C18/A12/R1 qt=C12/A5/R1] Release-info: https://dev.gnupg.org/T5225 Noteworthy changes in version 1.15.0 (2020-11-12) ------------------------------------------------- * New function gpgme_op_setexpire to make changing the expiration easier (requires GnuPG 2.1.22). [#4999] * New function gpgme_op_revsig to revoke key signatures (requires GnuPG 2.2.24). [#5094] * Support exporting secret keys. [#5046] * cpp: Support for set expire operations in the C++ bindings. [#5003] * cpp: Support for revoking key signatures in the C++ bindings. [#5094] * qt: Extended ChangeExpiryJob to support changing the expiry of subkeys. [#4717] * qt: Extended QuickJob to support revoking of key signatures. [#5094] * qt: Added QDebug stream operator for GpgME::Error. * Require a somewhat newer version of libgpg-error (1.36). * Interface changes relative to the 1.14.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_op_setexpire_start NEW. gpgme_op_setexpire NEW. gpgme_op_revsig_start NEW. gpgme_op_revsig NEW. GPGME_REVSIG_LFSEP NEW. cpp: Context::setExpire NEW. cpp: Context::startSetExpire NEW. cpp: EngineInfo::Version::operator<= NEW. cpp: EngineInfo::Version::operator>= NEW. cpp: EngineInfo::Version::operator!= NEW. cpp: StatusConsumer NEW. cpp: StatusConsumerAssuanTransaction NEW. cpp: Context::cancelPendingOperationImmediately NEW. cpp: Context::revokeSignature NEW. cpp: Context::startRevokeSignature NEW. cpp: UserID::Signature::operator< NEW. qt: operator<<(QDebug debug, const GpgME::Error &err) NEW. qt: QuickJob::startRevokeSignature NEW. qt: QuickJob::result CHANGED: Made params 'auditLogAsHtml' and 'auditLogError' optional. [c=C35/A24/R0 cpp=C18/A12/R0 qt=C12/A5/R0] Release-info: https://dev.gnupg.org/T5131 Noteworthy changes in version 1.14.0 (2020-07-16) ------------------------------------------------- * New keylist mode to force the engine to return the keygrip. [#4820] * New export mode to export as OpenSSH public key. [#4310] * New context flag "extended-edit" to enable expert key edit. [#4734] * Deprecate the anyway non working trustlist functions. [#4834] * cpp: Add convenience API to obtain remarks. [#4734] * cpp: The sign key edit-interactor now supports multiple signatures from the same key. [#4734] * qt: Extended signkeyjob to handle remarks and multiple signatures. [#4734] * qt: Added job API for gpg-card. * qt: The logging category has been changed to gpg.qgpgme to be more consistent with other qt logging categories. * Interface changes relative to the 1.13.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_KEYLIST_MODE_WITH_KEYGRIP NEW. GPGME_EXPORT_MODE_SSH NEW. gpgme_user_id_t EXTENDED: New field 'uidhash'. cpp: UserID::remark NEW. cpp: UserID::remarks NEW. cpp: GpgSignKeyEditInteractor::setDupeOk NEW. cpp: Context::exportPublicKeys EXTENDED: New param 'flags'. cpp: Context::startPublicKeyExport EXTENDED: New param 'flags'. cpp: Context::ExportMode NEW. qt: SignKeyJob::setDupeOk NEW. qt: SignKeyJob::setRemark NEW. qt: GpgCardJob NEW. qt: ExportJob::setExportFlags NEW. [c=C34/A23/R0 cpp=C17/A11/R0 qt=C11/A4/R0] Release-info: https://dev.gnupg.org/T4996 Noteworthy changes in version 1.13.1 (2019-06-13) ------------------------------------------------- * cpp: gpgme_set_global_flag is now wrapped. [#4471] * w32: Improved handling of unicode install paths. [#4453] * w32: The gpgme_io_spawn error message is now only shown once. [#4453] * Fixed a crash introduced in 1.13.0 when working with S/MIME. [#4556] * w32: Fixed format string errors introduced in 1.13.0 that could cause crashes. [#4440] * w32: Fixed an error in the new diagnostic gpgsm support introduced in 1.13.0 that caused crashes in low fd scenarios. [#4439] * python: Fixed a DecryptionError Exception. [#4478] * python: No longer raises BadSignatures from decrypt(verify=True). [#4276] * Interface changes relative to the 1.13.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cpp: setGlobalFlag NEW. [c=C33/A22/R1 cpp=C16/A10/R0 qt=C10/A3/R4] Release-info: https://dev.gnupg.org/T4551 Noteworthy changes in version 1.13.0 (2019-03-26) ------------------------------------------------- * Support GPGME_AUDITLOG_DIAG for gpgsm. [#4426] * New context flag "trust-model". * Removed support for WindowsCE and Windows ME. * Aligned the gpgrt-config code with our other libaries. * Auto-check for all installed Python versions. [#3354] * Fixed generating card key in the C++ bindings. [#4428] * Fixed a segv due to bad parameters in genkey. [#4192] * Fixed crash if the plaintext is ignored in a CMS verify. * Fixed memleak on Windows. [T4238] * Tweaked the Windows I/O code. * Fixed random crashes on Windows due to closing an arbitrary handle. [#4237] * Fixed a segv on Windows. [#4369] * Fixed test suite problems related to dtags. [#4298] * Fixed bunch of python bugs. [#4242,commit 9de1c96ac3cf] * Several fixes to the Common Lisp bindings. - * Fixed minor bugs in gpgme-json. [#4331,#4341,#4342,#4343 + * Fixed minor bugs in gpgme-json. [#4331,#4341,#4342,#4343] * Require trace level 8 to dump all I/O data. * The compiler must now support variadic macros. * Interface changes relative to the 1.12.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_set_ctx_flag EXTENDED: New flag 'trust-model'. cpp: Context::create NEW. cpp: Key::isBad NEW. cpp: Subkey::isBad NEW. cpp: UserID::isBad NEW. cpp: UserID::Signature::isBad NEW. cpp: GenCardKeyInteractor::setAlgo NEW. [c=C33/A22/R0 cpp=C15/A9/R0 qt=C10/A3/R3] Release-info: https://dev.gnupg.org/T4376 Noteworthy changes in version 1.12.0 (2018-10-08) ------------------------------------------------- * Enhanced the JSON based interface tool gpgme-json to support Native Messaging as well as new Javascript code to support the browser site. See lang/js/README for details. * Major overhaul of the Python language bindings documentation. * Even for old versions of gpg a missing MDC will now lead to a decryption failure. * Added context flag "auto-key-locate" to control the behavior of GPGME_KEYLIST_MODE_LOCATE. * New data function to create a data object from an estream. * Add more interfaces to the C++ bindings. * Improved error codes on decryption failure. * Lots of minor fixes. * Interface changes relative to the 1.11.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_data_new_from_estream NEW. gpgme_decrypt_result_t EXTENDED: New field legacy_cipher_nomdc. gpgme_set_ctx_flag EXTENDED: New flag 'ignore-mdc-error'. GPGME_AUDITLOG_DEFAULT NEW. GPGME_AUDITLOG_DIAG NEW. gpgme_set_ctx_flag EXTENDED: New flag 'auto-key-locate'. cpp: DecryptionResult::sessionKey NEW. cpp: DecryptionResult::symkeyAlgo NEW. cpp: DecryptionResult::isLegacyCipherNoMDC New. cpp: Data::rewind NEW. cpp: Context::setFlag NEW. cpp: Context::getFlag NEW. cpp: Context::createKeyEx NEW. [c=C32/A21/R0 cpp=C14/A8/R0 qt=C10/A3/R2] Release-info: https://dev.gnupg.org/T4109 Noteworthy changes in version 1.11.1 (2018-04-20) ------------------------------------------------- * Fixed build problems in the 1.11.0 release. * Added C++ interfaces which were planned for 1.11.0. * Interface changes relative to the 1.10.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cpp: Key::origin NEW. cpp: Key::lastUpdate NEW. cpp: UserID::origin NEW. cpp: UserID::lastUpdate NEW. [c=C31/A20/R1 cpp=C13/A7/R0 qt=C10/A3/R2] Noteworthy changes in version 1.11.0 (2018-04-18) ------------------------------------------------- * New encryption API to support direct key specification including hidden recipients option and taking keys from a file. This also allows to enforce the use of a subkey. * New encryption flag for the new API to enforce the use of plain mail addresses (addr-spec). * The import API can now tell whether v3 keys are skipped. These old and basically broken keys are not anymore supported by GnuPG 2.1. * The decrypt and verify API will now return the MIME flag as specified by RFC-4880bis. * The offline mode now has an effect on gpg by disabling all network access. [#3831] * A failed OpenPGP verification how returns the fingerprint of the intended key if a recent gpg version was used for signature creation. * New tool gpgme-json as native messaging server for web browsers. As of now public key encryption and decryption is supported. Requires Libgpg-error 1.29. * New context flag "request-origin" which has an effect when used with GnuPG 2.2.6 or later. * New context flag "no-symkey-cache" which has an effect when used with GnuPG 2.2.7 or later. * New convenience constant GPGME_KEYLIST_MODE_LOCATE. * Improved the Python documentation. * Fixed a potential regression with GnuPG 2.2.6 or later. * Fixed a crash in the Python bindings on 32 bit platforms. [#3892] * Various minor fixes. * Interface changes relative to the 1.10.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_op_encrypt_ext NEW. gpgme_op_encrypt_ext_start NEW. gpgme_op_encrypt_sign_ext NEW. gpgme_op_encrypt_sign_ext_start NEW. GPGME_ENCRYPT_WANT_ADDRESS NEW. GPGME_KEYLIST_MODE_LOCATE NEW. gpgme_import_result_t EXTENDED: New field 'skipped_v3_keys'. gpgme_decrypt_result_t EXTENDED: New field 'symkey_algo'. gpgme_decrypt_result_t EXTENDED: New field 'is_mime'. gpgme_verify_result_t EXTENDED: New field 'is_mime'. cpp: Key::locate NEW. cpp: Data::toString NEW. cpp: ImportResult::numV3KeysSkipped NEW. [c=C31/A20/R0 cpp=C12/A6/R0 qt=C10/A3/R1] Noteworthy changes in version 1.10.0 (2017-12-12) ------------------------------------------------- * Now returns more specific error codes for decryption to distinguish between bad passphrase, user canceled, and no secret key. * Now returns key origin information if available. * Added context flag "auto-key-retrieve" to selectively enable the corresponding gpg option. * Added flag is_de_vs to decryption and verify results. * py: Use SEEK_SET as default for data.seek. * cpp: Various new APIs. * Reduced spawn overhead on Linux again. Added new configure option --disable-linux-getdents to disable this feature for very old Linux versions. * Improved the Python bindings build system. * Made the test suite less fragile. * Interface changes relative to the 1.9.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_decrypt_result_t EXTENDED: New field 'is_de_vs'. gpgme_signature_t EXTENDED: New field 'is_de_vs'. gpgme_keyorg_t NEW. gpgme_op_delete_ext NEW. gpgme_op_delete_ext_start NEW. GPGME_DELETE_ALLOW_SECRET NEW. GPGME_DELETE_FORCE NEW. gpgme_op_conf_dir NEW. gpgme_set_ctx_flag EXTENDED: New flag 'auto-key-retrieve'. cpp: DecryptionResult::isDeVs NEW. cpp: Signature::isDeVs NEW. cpp: EngineInfo::Version::operator> NEW. cpp: Context::createKey NEW. cpp: Context::startCreateKey NEW. cpp: Context::createSubkey NEW. cpp: Context::startCreateSubkey NEW. qt: QuickJob NEW. py: DecryptResult EXTENDED: New boolean field 'is_de_vs'. py: Signature EXTENDED: New boolean field 'is_de_vs'. py: GpgError EXTENDED: Partial results in 'results'. [c=C30/A19/R0 cpp=C11/A5/R0 qt=C10/A3/R0] Noteworthy changes in version 1.9.0 (2017-03-28) ------------------------------------------------ * Clarified meaning of the 'expire' parameter of gpgme_op_createkey and gpgme_op_createsubkey. New flag to force a key without an expiration date. * New function gpgme_op_keylist_from_data_start to list keys from data objects without importing them. * New function gpgme_op_set_uid_flag to flag a key as primary. * New function gpgme_op_decrypt_ext to run decryption with special flags. This can for example be used to unwrap keys (remove only the encryption layer). * New encryption flags to wrap a key (adding an encryption layer to an OpenPGP message) or to create anonymously encrypted messages. * Support for adduid and revuid operations in the C++ bindings. * Support for smartcard key generation in the C++ bindings. * Several new functions for the Python binding. * Many smaller bug fixes. * Interface changes relative to the 1.8.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_op_createkey CHANGED: Meaning of 'expire' parameter. gpgme_op_createsubkey CHANGED: Meaning of 'expire' parameter. GPGME_CREATE_NOEXPIRE NEW. gpgme_key_t EXTENDED: New field 'origin'. gpgme_key_t EXTENDED: New field 'last_update'. gpgme_subkey_t EXTENDED: New field 'is_de_vs'. gpgme_user_id_t EXTENDED: New field 'origin'. gpgme_user_id_t EXTENDED: New field 'last_update'. gpgme_op_keylist_from_data_start NEW. gpgme_op_set_uid_flag_start NEW. gpgme_op_set_uid_flag NEW. gpgme_op_decrypt_ext_start NEW. gpgme_op_decrypt_ext NEW. GPGME_ENCRYPT_THROW_KEYIDS NEW. GPGME_ENCRYPT_WRAP NEW. GPGME_DECRYPT_VERIFY NEW. GPGME_DECRYPT_UNWRAP NEW. gpgme_data_rewind UN-DEPRECATE. cpp: Context::revUid(const Key&, const char*) NEW. cpp: Context::startRevUid(const Key&, const char*) NEW. cpp: Context::addUid(const Key&, const char*) NEW. cpp: Context::startAddUid(const Key&, const char*) NEW. cpp: Key::UserID::revoke() NEW. cpp: Key::addUid() NEW. cpp: Key::isDeVs NEW. cpp: GpgGenCardKeyInteractor NEW. cpp: Subkey::keyGrip NEW. cpp: Subkey::isDeVs NEW. cpp: Data::toKeys NEW. cpp: Context::setDecryptFlags NEW. cpp: Context::decrypt EXTENDED: Flags added. cpp: Context::startDecrypt EXTENDED: Flags added. cpp: Context::decryptAndVerify EXTENDED: Flags added. cpp: Context::startCombinedDecryptionAndVerification EXTENDED: Flags. cpp: Context::encryptFlags EXTENDED: New flags. qt: CryptoConfig::stringValueList() NEW. py: Context.__init__ EXTENDED: New keyword arg home_dir. py: Context.home_dir NEW. py: Context.keylist EXTENDED: New keyword arg mode. py: Context.keylist EXTENDED: New keyword arg source. py: Context.create_key NEW. py: Context.create_subkey NEW. py: Context.key_add_uid NEW. py: Context.key_revoke_uid NEW. py: Context.key_sign NEW. py: Context.key_tofu_policy NEW. py: core.pubkey_algo_string NEW. py: core.addrspec_from_uid NEW. [c=C29/A18/R0 cpp=C10/A4/R0 qt=C9/A2/R0] Noteworthy changes in version 1.8.0 (2016-11-16) ------------------------------------------------ * The module of the Python bindings has been renamed to 'gpg'. * New interface to query current software versions. * New feature to use gpg's --{show,override}session-key options. * New interface to set the sender of a mail. * qt: Added Distinguished Name parser from libkleo * The --homedir option is now used with recent gpgconf versions. * On 64 bit Windows systems gpgconf is now properly located. * The internal locking functions have been replaced by libgpg-error locking functions. * Interface changes relative to the 1.7.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_set_sender NEW. gpgme_get_sender NEW. gpgme_op_query_swdb NEW. gpgme_op_query_swdb_result NEW. gpgme_query_swdb_result_t NEW. gpgme_get_ctx_flag NEW. gpgme_decrypt_result_t EXTENDED: New field session_key. qt: DN NEW. qt: DN::Attribute NEW. qt: Job::context(Job*) NEW. cpp: EngineInfo::Version::Version(const char*) NEW. cpp: EngineInfo::Version::Version() NEW. cpp: SwdbResult NEW. cpp: Context::setSender(const char*) NEW. cpp: Context::getSender() NEW. [c=C28/A17/R0 cpp=C9/A3/R0 qt=C8/A1/R0] Noteworthy changes in version 1.7.1 (2016-10-18) ------------------------------------------------ * Fixed problems with the new language bindings. * New helper function gpgme_addrspec_from_uid. * Use option --exit-on-status-write-error with newer gpg versions. * qt: Missed API from the Qt Binding inclusion has been added again. * qt: abstractimportjob.h is now installed to that ImportJobs can be used again. * qt: Fixed spelling error in API (startReceive). * Interface changes relative to the 1.7.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_addrspec_from_uid NEW. qt: WksPublishJob::startRecieve RENAMED to ::startReceive. qt: MultiDeleteJob NEW. qt: AbstractImportJob NEW. qt: SpecialJob NEW. cpp: Signature::key(bool, bool) NEW. cpp: UserID::addrSpecFromString(const char*) NEW. cpp: UserID::addrSpec() NEW. [c=C27/A16/R0 cpp=C8/A2/R0 qt=C7/A0/R0] Noteworthy changes in version 1.7.0 (2016-09-21) ------------------------------------------------ * New language bindings for Python 2 and 3. * New language Bindings for C++ and the Qt-Framework API. * New functions gpgme_op_createkey and gpgme_op_createsubkey to make key creation easier (requires GnuPG 2.1). * New functions gpgme_op_adduid and gpgme_op_revuid to make user id management easier (requires GnuPG 2.1). * New function gpgme_op_keysign to make key signing easier (requires GnuPG 2.1). * New function gpgme_op_interact to replace the now deprecated functions gpgme_op_edit and gpgme_op_card_edit. * New function gpgme_pubkey_algo_string to convert a public key algorithm into a GnuPG 2.1 style string. * Support for GnuPG 2.1's TOFU trust model. * Notation flags are now correctly set on verify. * New global flag "require-gnupg" to set a minimal gnupg version. * More supported items in gpgme_get_dirinfo. * New function gpgme_data_set_flag and flag "size-hint". * New function gpgme_set_ctx_flag and flags "full-status" and "raw-description". * Improved gpgme_data_identify to distinguish more file types. * New flag GPGME_ENCRYPT_SYMMETRIC for gpgme_op_encrypt to allow mixed public key and symmetric encryption. * New field KEYGRIP in gpgme_subkey_t. New fields FPR in gpgme_key_t. * New flag GPGME_DATA_ENCODING_MIME to declare that the encrypted or signed data is a valid MIME part. This is to support future GnuPG versions. * Interface changes relative to the 1.6.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_pubkey_algo_string NEW. GPGME_PK_EDDSA NEW. gpgme_set_ctx_flag NEW. gpgme_data_set_flag NEW. gpgme_op_createkey NEW. gpgme_op_createkey_start NEW. gpgme_op_createsubkey NEW. gpgme_op_createsubkey_start NEW. gpgme_op_adduid_start NEW. gpgme_op_adduid NEW. gpgme_op_revuid_start NEW. gpgme_op_revuid NEW. gpgme_op_keysign_start NEW. gpgme_op_keysign NEW. gpgme_op_tofu_policy_start NEW. gpgme_op_tofu_policy NEW. gpgme_op_interact_start NEW. gpgme_op_interact NEW. gpgme_interact_cb_t NEW. gpgme_op_edit_start DEPRECATED. gpgme_op_edit DEPRECATED. gpgme_op_card_edit_start DEPRECATED. gpgme_op_card_edit DEPRECATED. gpgme_edit_cb_t DEPRECATED. gpgme_status_code_t DEPRECATED. gpgme_genkey_result_t EXTENDED: New fields pubkey and seckey. gpgme_signature_t EXTENDED: New field key. gpgme_key_t EXTENDED: New field fpr. gpgme_subkey_t EXTENDED: New field keygrip. gpgme_user_id_t EXTENDED: New field tofu. gpgme_tofu_policy_t NEW. gpgme_tofu_info_t NEW. GPGME_STATUS_KEY_CONSIDERED NEW. GPGME_STATUS_TOFU_USER NEW. GPGME_STATUS_TOFU_STATS NEW. GPGME_STATUS_TOFU_STATS_LONG NEW. GPGME_STATUS_NOTATION_FLAGS NEW. GPGME_KEYLIST_MODE_WITH_TOFU NEW. GPGME_DATA_TYPE_PGP_ENCRYPTED NEW. GPGME_DATA_TYPE_PGP_SIGNATURE NEW. GPGME_DATA_ENCODING_MIME NEW. GPGME_ENCRYPT_SYMMETRIC NEW. GPGME_CREATE_SIGN NEW. GPGME_CREATE_ENCR NEW. GPGME_CREATE_CERT NEW. GPGME_CREATE_AUTH NEW. GPGME_CREATE_NOPASSWD NEW. GPGME_CREATE_SELFSIGNED NEW. GPGME_CREATE_NOSTORE NEW. GPGME_CREATE_WANTPUB NEW. GPGME_CREATE_WANTSEC NEW. GPGME_CREATE_FORCE NEW. GPGME_KEYSIGN_LOCAL NEW. GPGME_KEYSIGN_LFSEP NEW. GPGME_INTERACT_CARD NEW. [c=C26/A15/R0 cpp=C6/A0/R1 qt=C6/A0/R1] Noteworthy changes in version 1.6.0 (2015-08-26) [C25/A14/R0] ------------------------------------------------ * Added gpgme_set_offline to do a key listinging w/o requiring CRL. * Added gpgme_set_status_cb to allow a user to see some status messages. * Added an export mode for secret keys. * More precise error codes are returned if GnuPG >= 2.1.8 is used. * The passphrase handler for the loopback mode has been improved and may also be used with genkey. * [w32] The standard GnuPG 2.1 install directory is now searched for gpgconf.exe before a registry specified directory and the Gpg4win install directory. * [w32] gpgme-w32spawn.exe will now only be searched in the gpgme DLL directory. * Interface changes relative to the 1.5.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_set_offline NEW. gpgme_get_offline NEW. gpgme_set_status_cb NEW. gpgme_get_status_cb NEW. GPGME_EXPORT_MODE_SECRET NEW GPGME_EXPORT_MODE_RAW NEW. GPGME_EXPORT_MODE_PKCS12 NEW. Noteworthy changes in version 1.5.5 (2015-06-08) [C24/A13/R4] ------------------------------------------------ * Fixed crash in key listings for user ids with a backslash. * Fixed regression for GPGSM use with GnuPG < 2.1. * Properly set signature summary for revoked OpenPGP keys. Noteworthy changes in version 1.5.4 (2015-04-13) [C24/A13/R3] ------------------------------------------------ * Fixed a possible crash in the debug code. * Fixed building for Windows with newer versions of Mingw. Noteworthy changes in version 1.5.3 (2014-12-11) [C24/A13/R2] ------------------------------------------------------------- * The export key functions do now return an error if used with the latest GnuPG version. Noteworthy changes in version 1.5.2 (2014-11-21) [C24/A13/R1] ------------------------------------------------------------- * gpgme-tool is now installed. * Fix external listing for modern keyservers. * Minor other fixes. Noteworthy changes in version 1.5.1 (2014-07-30) [C24/A13/R0] ------------------------------------------------------------- * Fixed possible overflow in gpgsm and uiserver engines. [CVE-2014-3564] * Added support for GnuPG 2.1's --with-secret option. * Interface changes relative to the 1.5.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_KEYLIST_MODE_WITH_SECRET NEW. Noteworthy changes in version 1.5.0 (2014-05-21) [C23/A12/R0] ------------------------------------------------------------- * On Unices the engine file names are not not anymore hardwired but located via the envvar PATH. All options to set the name of the engines for the configure run are removed. * If GPGME finds the gpgconf binary it defaults to using gpg2 or whatever gpgconf tells as name for the OpenPGP engine. If gpgconf is not found, GPGME looks for an engine named "gpg". * New feature to use the gpgme I/O subsystem to run arbitrary commands. * New flag to use encryption without the default compression step. * New function to access "gpg-conf --list-dirs" * New configure option --enable-fixed-path for use by Android. * Support ECC algorithms. * Interface changes relative to the 1.4.3 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_get_dirinfo NEW. gpgme_op_spawn_start NEW. gpgme_op_spawn NEW. GPGME_PROTOCOL_SPAWN NEW. GPGME_SPAWN_DETACHED NEW. GPGME_SPAWN_ALLOW_SET_FG NEW. GPGME_ENCRYPT_NO_COMPRESS NEW. GPGME_PK_ECC NEW. GPGME_MD_SHA224 NEW. gpgme_subkey_t EXTENDED: New field curve. GPGME_STATUS_PLAINTEXT_LENGTH NEW. GPGME_STATUS_MOUNTPOINT NEW. GPGME_STATUS_PINENTRY_LAUNCHED NEW. GPGME_STATUS_ATTRIBUTE NEW. GPGME_STATUS_BEGIN_SIGNING NEW. GPGME_STATUS_KEY_NOT_CREATED NEW. Noteworthy changes in version 1.4.3 (2013-08-12) [C22/A11/R0] ------------------------------------------------------------- * The default engine names are now taken from the output of gpgconf. If gpgconf is not found the use of gpg 1 is assumed. * Under Windows the default engines names are first searched in the installation directory of the gpgme DLL. * New function gpgme_data_identify to detect the type of a message. * Interface changes relative to the 1.4.2 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_signers_count NEW. gpgme_data_type_t NEW. gpgme_data_identify NEW. Noteworthy changes in version 1.4.2 (2013-05-28) [C21/A10/R0] ------------------------------------------------------------- * Allow symmetric encryption with gpgme_op_encrypt_sign. * Fixed mismatching off_t definitions on Windows. * Interface changes relative to the 1.4.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_off_t NEW. gpgme_size_t NEW. GPGME_PROTOCOL_OPENPGP NEW alias. Noteworthy changes in version 1.4.1 (2013-05-01) [C20/A9/R1] ------------------------------------------------------------ * Fixed reading of gpg.conf files with excessive use of the group option. * Fixed building with the i686-w64-mingw32 toolchain. * Disabled FD passing by default for Apple. Noteworthy changes in version 1.4.0 (2013-02-26) [C20/A9/R0] ------------------------------------------------------------ * New function gpgme_set_global_flag to help debugging on Android. * New function gpgme_io_writen as a convenience wrapper around gpgme_io_write. * New functions to support the pinentry mode feature of GnuPG 2.1. * New macro GPGME_VERSION_NUMBER to allow supporting different API versions without the need for a configure test. * Several improvements for gpgme-tool. * Better logging of the common "invalid engine" error code. * Support for FD passing is now enabled by default. The configure option --disable-fd-passing may be used to disable this. * Interface changes relative to the 1.3.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_VERSION_NUMBER NEW. gpgme_io_writen NEW. gpgme_set_global_flag NEW. gpgme_set_pinentry_mode NEW. gpgme_get_pinentry_mode NEW. gpgme_pinentry_mode_t NEW. GPGME_PINENTRY_MODE_DEFAULT NEW. GPGME_PINENTRY_MODE_ASK NEW. GPGME_PINENTRY_MODE_CANCEL NEW. GPGME_PINENTRY_MODE_ERROR NEW. GPGME_PINENTRY_MODE_LOOPBACK NEW. Noteworthy changes in version 1.3.2 (2012-05-02) ------------------------------------------------ * Remove support for libgpgme-pth. As far as we know, this was never used, and GnuPG is going to use our own npth in the future. * Fix signature summary information for a missing X.509 key. * Fix parsing of dates >= year 2038. Noteworthy changes in version 1.3.1 (2011-06-16) ------------------------------------------------ * Ported to Windows CE. * Detect GPG versions not supporting ---passwd. * Interface changes relative to the 1.3.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_EXPORT_MODE_MINIMAL NEW GPGME_STATUS_SUCCESS NEW gpgme_err_code_from_syserror NEW gpgme_err_set_errno NEW gpgme_error_from_errno CHANGED: Return gpgme_error_t (compatible type). gpgme_error_from_syserror NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.3.0 (2010-01-11) ------------------------------------------------ * GPGME does not come with an internal libassuan version anymore. The external libassuan 1.1.0 release or later is required. For application programmers on systems that can resolve inter-library dependencies at runtime, this is a transparent change. * New engine GPGME_PROTOCOL_G13 to support the new g13 tool. * New engine GPGME_PROTOCOL_UISERVER to support UI Servers. * New API to change the passphrase of a key. * Interface changes relative to the 1.2.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_STATUS_INV_SGNR NEW. GPGME_STATUS_NO_SGNR NEW. GPGME_PROTOCOL_G13 NEW. gpgme_op_g13_mount NEW. gpgme_g13_result_t NEW. GPGME_PK_ECDSA NEW. GPGME_PK_ECDH NEW. gpgme_op_passwd_start NEW. gpgme_op_passwd NEW. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.2.0 (2009-06-18) ------------------------------------------------ * New encryption flag GPGME_ENCRYPT_NO_ENCRYPT_TO to disable default recipients. * gpgme_new will fail if gpgme_check_version was not called, or a selftest failed (for example, if -mms-bitfields was not used on MingW32 targets). * New functions gpgme_io_read and gpgme_io_write for use with gpgme_passphrase_cb_t and gpgme_edit_cb_t functions. * New functions gpgme_result_ref and gpgme_result_unref to detach result structures from a context. * New functions gpgme_op_export_keys_start and gpgme_op_export_keys that allow to specify exported keys through gpgme_key_t objects instead of patterns. * New mode of operation gpgme_export_mode_t that allows exporting external keys. * Interface changes relative to the 1.1.7 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_KEYLIST_MODE_EPHEMERAL NEW. GPGME_PROTOCOL_ASSUAN NEW. gpgme_assuan_data_cb_t NEW. gpgme_assuan_inquire_cb_t NEW. gpgme_assuan_status_cb_t NEW. gpgme_op_assuan_transact_start NEW. gpgme_op_assuan_transact NEW. gpgme_op_assuan_result NEW. gpgme_op_import_keys NEW. gpgme_op_import_keys_start NEW. gpgme_subkey_t EXTENDED: New fields is_cardkey, card_number. GPGME_ENCRYPT_NO_ENCRYPT_TO NEW. gpgme_check_version CHANGED: Is now a macro. gpgme_new EXTENDED: More failure codes. gpgme_io_read NEW. gpgme_io_write NEW. gpgme_result_ref NEW. gpgme_result_unref NEW. gpgme_export_mode_t NEW. gpgme_export_ext_start EXTENDED: Arg RESERVED is now a MODE flag. gpgme_op_export EXTENDED: Arg RESERVED is now a MODE flag. gpgme_op_export_ext_start EXTENDED: Arg RESERVED is now a MODE flag. gpgme_op_export_ext EXTENDED: Arg RESERVED is now a MODE flag. gpgme_op_export_keys_start NEW. gpgme_op_export_keys NEW. GPGME_DATA_ENCODING_URL NEW. GPGME_DATA_ENCODING_URL0 NEW. GPGME_DATA_ENCODING_URLESC NEW. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.1.8 (2008-12-08) ------------------------------------------------ * SIGPIPE is now again ignored as described in the manual. Fixes regression introduced with 1.1.6. Noteworthy changes in version 1.1.7 (2008-10-17) ------------------------------------------------ * Using GPGME_KEYLIST_MODE_LOCAL combined with GPGME_KEYLIST_MODE_EXTERN is now supported; it uses the --locate-keys feature of gpg (>= 2.0.10). * The encoding of gpgme_data_t objects can affect the output encoding of export, sign and encrypt operations now (the same operations that are also affected by the ASCII mode switch). We believe this change in the ABI is innocent enough not to break existing applications (it only affects the S/MIME backend on certain operations). * The reference manual now includes the specification of "The GnuPG UI Server protocol". * A new function gpgme_cancel_async can be used to asynchronously cancel any pending operation at any time, from any thread. * Interface changes relative to the 1.1.6 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_op_encrypt CHANGED: Output encoding can affect result. gpgme_op_encrypt_start CHANGED: Output encoding can affect result. gpgme_op_encrypt_sign CHANGED: Output encoding can affect result. gpgme_op_encrypt_sign_start CHANGED: Output encoding can affect result. gpgme_op_sign CHANGED: Output encoding can affect result. gpgme_op_sign_start CHANGED: Output encoding can affect result. gpgme_op_export CHANGED: Output encoding can affect result. gpgme_op_export_start CHANGED: Output encoding can affect result. gpgme_op_export_ext CHANGED: Output encoding can affect result. gpgme_op_export_ext_start CHANGED: Output encoding can affect result. gpgme_cancel_async NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.1.6 (2008-01-04) ------------------------------------------------ * Bug fixes for for W32. * A new, experimental (and thus undocumented and potentially unstable) interface for accessing gpg-conf through GPGME has been added. * Interface changes relative to the 1.1.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_signature_t EXTENDED: New field chain_model. gpgme_op_getauditlog_start NEW. gpgme_op_getauditlog NEW. GPGME_AUDITLOG_HTML NEW. GPGME_AUDITLOG_WITH_HELP NEW. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.1.5 (2007-07-09) ------------------------------------------------ * Bug and portability fixes (mainly for W32). Noteworthy changes in version 1.1.4 (2007-03-05) ------------------------------------------------ * Detect and bail out on double plaintext messages. This is required so that applications can properly detect the signed parts of a message. Actual there is now a double protection as GnuPG 1.4.7 will detect this case too. Noteworthy changes in version 1.1.3 (2007-01-29) ------------------------------------------------ * Fixed a memory leak in gpgme_data_release_and_get_mem. * Fixed a bug in Windows command line quoting. Noteworthy changes in version 1.1.2 (2006-03-02) ------------------------------------------------ * Fixed a bug in the W32 glib backend. Noteworthy changes in version 1.1.1 (2006-02-23) ------------------------------------------------ * Fixed a bug in that the fingerprints of subkeys are not available. * Clarified usage of the SECRET flag in key listings. It is now reset for stub keys. * Reading signature notations and policy URLs on key signatures is supported. They can be found in the new field notations of the gpgme_key_sig_t structure. This has to be enabled with the keylist mode flag GPGME_KEYLIST_MODE_SIG_NOTATIONS. * A new gpgme_free() function solves the problem of using different allocators in a single program. This function should now be used instead calling free() to release the buffer returned by gpgme_data_release_and_get_mem. It is recommended that you always do this, but it is only necessary on certain platforms, so backwards compatibility is provided. In other words: If free() worked for you before, it will keep working. * New status codes GPGME_PKA_TRUST_GOOD and GPGME_PKA_TRUST_BAD. They are analyzed by the verify handlers and made available in the new PKA_TRUST and PKA_ADDRESS fields of the signature result structure. * Interface changes relative to the 1.1.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_key_sig_t EXTENDED: New field notations. GPGME_KEYLIST_MODE_SIG_NOTATIONS NEW gpgme_free NEW GPGME_STATUS_PKA_TRUST_BAD NEW GPGME_STATUS_PKA_TRUST_GOOD NEW gpgme_signature_t EXTENDED: New field pka_trust. gpgme_signature_t EXTENDED: New field pka_address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.1.0 (2005-10-01) ------------------------------------------------ * You can now configure the backend engine file name and home directory to be used, as default and per context. * Information about the recipients of an encrypted text is now available at decryption time. * New status GPGME_STATUS_PLAINTEXT. This is analyzed by the decrypt and verify handlers, the information about the plaintext filename, if available is made available in the new field file_name of the respective result structure. * The code for "automagically detecting the thread library" has been removed from libgpgme. It is deprecated since version 0.4.3. Since then, you had to link against libgpgme-pthread for applications using pthread and libgpgme-pth for applications using GNU Pth. The code was removed because it caused compilation problems on systems where the pthread.h header from GNU Pth is available in addition to the system header (FreeBSD 6 and later for example). * "./autogen.sh --build-w32" does now build gpgme.dll. * [W32] The environment variable GPGME_DEBUG now uses a semicolon as delimiter. The standard install directory is used when locating gpg or gpgsm before finally falling back to the hardwired name. * There is a new flag for keys and subkeys, is_qualified, which indicates if a key can be used for qualified signatures according to local government regulations. * You can associate a filename with a data object using the new function gpgme_data_set_file_name(). This filename will be stored in the output when encrypting or signing the data and will be returned when decrypting or verifying the output data. * You can now set notation data at signature creation with the new function gpgme_sig_notation_add(). * Interface changes relative to the 1.0.3 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_set_engine_info NEW gpgme_ctx_get_engine_info NEW gpgme_ctx_set_engine_info NEW gpgme_recipient_t NEW gpgme_decrypt_result_t EXTENDED: New field recipients. gpgme_verify_result_t EXTENDED: New fields pubkey_algo, hash_algo. gpgme_decrypt_result_t EXTENDED: New field plaintext_filename. gpgme_verify_result_t EXTENDED: New field plaintext_filename. GPGME_STATUS_PLAINTEXT NEW gpgme_key_t EXTENDED: New field is_qualified. gpgme_subkey_t EXTENDED: New field is_qualified. gpgme_data_get_file_name NEW gpgme_data_set_file_name NEW gpgme_sig_notation_flags_t NEW GPGME_SIG_NOTATION_HUMAN_READABLE NEW GPGME_SIG_NOTATAION_CRITICAL NEW gpgme_sig_notation_clear NEW gpgme_sig_notation_add NEW gpgme_sig_notation_get NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.0.3 (2005-06-20) ------------------------------------------------ * Previousy, GPGME would use a default "include certs" of 1. This has been changed. Now GPGME will use the crypto backend engines default unless you set the value with gpgme_set_include_certs() explicitly. A new macro GPGME_INCLUDE_CERTS_DEFAULT can be used as a value to explicitly request the new default behaviour. Because the default changes, this is a slight change of the API semantics. We consider it to be a bug fix. * A bug which made GPGME hang has been fixed. If you have experienced hanging before, please try out this version and let me know if you still experience hanging problems. * Interface changes relative to the 0.9.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_set_include_certs CHANGED DEFAULT GPGME_INCLUDE_CERTS_DEFAULT NEW GPGME_STATUS_SIG_SUBPACKET NEW GPGME_STATUS_NEED_PASSPHRASE_PIN NEW GPGME_STATUS_SC_OP_FAILURE NEW GPGME_STATUS_SC_OP_SUCCESS NEW GPGME_STATUS_CARDCTRL NEW GPGME_STATUS_BACKUP_KEY_CREATED NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 1.0.2 (2004-12-28) ------------------------------------------------ * Changed the license of the library to the GNU Lesser General Public License (LGPL), version 2.1 or later. Noteworthy changes in version 1.0.1 (2004-10-22) ------------------------------------------------ * Only bug fixes. Noteworthy changes in version 1.0.0 (2004-09-30) ------------------------------------------------ * Version 1.0.0! We are proud to present you with a thoroughly tested and stable version of the GPGME library. A big Thank You! to all the people who made this possible. The development will be branched into a stable 1.x.y series and the head. * The gpgme.m4 macro supports checking the API version. Just prepend it to the required version string, separated by a colon. For example, this release has the version "1:1.0.0". The last release to which this version is (mostly) ABI compatible is "1:0.4.2", which is the default required version. Noteworthy changes in version 0.9.0 (2004-06-08) ------------------------------------------------ * The type gpgme_key_t has now a new field keylist_mode that contains the keylist mode that was active at the time the key was retrieved. * The type gpgme_decrypt_result_t has a new field "wrong_key_usage" that contains a flag indicating that the key should not have been used for encryption. * Verifying a signature of a revoked key gives the correct result now (GPG_ERR_CERT_REVOKED error code). * Clarified that the error code GPG_ERR_NO_DATA from the decrypt & verify operations still allows you to look at the signature verification result. * Clarified that patterns in keylisting operations have an upper limit, and thus are not suited to list many keys at once by their fingerprint. Also improve the error message if the pattern is too long for the CMS protocol to handle. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_key_t EXTENDED: New field keylist_mode. gpgme_decrypt_result_t EXTENDED: New field wrong_key_usage. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.4.7 (2004-04-29) ------------------------------------------------ * Correctly initialize the fields expired, revoked, invalid, and disabled in the gpgme_key_t structures. * A bug fix: The flag wrong_key_usage of gpgme_signature_t was accidentally of type int instead unsigned int. * Interface changes relative to the 0.4.5 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_signature_t CHANGED: wrong_key_usage is unsigned int now. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.4.6 (2004-04-06) ------------------------------------------------ * Bug fixes Noteworthy changes in version 0.4.5 (2004-03-07) ------------------------------------------------ * GPGME is now compiled with LFS (large file support) by default. This means that _all_ programs using GPGME must be compiled with LFS support enabled by default. You can do this easily with autoconf, by using the AC_SYS_LARGEFILE macro. Or you can do this without autoconf by defining the preprocessor symbol _FILE_OFFSET_BITS to 64 (by passing the -D_FILE_OFFSET_BITS=64 to the C compiler command line, or by defining this preprocessor symbol before including any system header files). For more details, read the section on LFS in the manual. Up to now, it was undocumented that GPGME was not using LFS. But the public interfaces use off_t, and file descriptors are exchanged between the application and GPGME. This was an oversight, and bound to cause troubles in the future. Writing GPGME as a dual mode library that seamlessly supports LFS while keeping backwards compatibility is possible, but does not solve the problem: Many applications already expect GPGME to have LFS (they are compiled with off_t being a 64bit value). This is true in particular for the popular Gtk+ and Qt programs. So, although this is an ABI (but not an API) break, we will not change the library version to reflect that. Because the interfaces affected are probably not used yet in any GPGME 0.4 based application, we don't expect any real failures from this change. In fact, applications already using LFS will have some subtle bugs fixed. However, if you encounter an application using GPGME 0.4.x that does _not_ use LFS by default (off_t is a 32bit value), _and_ uses at least one of the functions gpgme_data_seek, gpgme_data_new_from_filepart, or a gpgme_data_seek_cb_t with gpgme_data_new_from_cbs, then indeed this library will be ABI incompatible with the program. As said above, we don't believe such a program exists. If we are in error, then you have two options: As a quick hack, you can configure GPGME with the --disable-largefile option. This will revert the change, and GPGME will not use LFS. However, GPGME will be incompatible with programs that expect GPGME to use LFS. All applications are required to use LFS when using GPGME, so this is only good as a temporary local work-around. The other option is to change the versioning of the library and recompile all applications. We have reserved a special version of the library for that, so you can do that without expecting a version clash in the future. Furthermore, everyone who does this will agree on the version to use (this is important for distribution makers). Read the comment in configure.ac (before LIBGPGME_LT_AGE) if you want to do this. Please don't do this blindly: As stated above, we think it is unlikely this measure is needed. Still, it is there if necessary. If in doubt, contact us and we will give our advise for your specific situation. * New key listing mode GPGME_KEYLIST_MODE_VALIDATE for validation of the listed keys. * New interface gpgme_cancel() that can be used to cancel asynchronous operations. * Interface changes relative to the 0.4.4 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_data_seek_cb_t CHANGED: off_t is now a largefile type. gpgme_data_seek CHANGED: off_t is now a largefile type. gpgme_data_new_from_filepart CHANGED: off_t is now a largefile type. GPGME_KEYLIST_MODE_VALIDATE NEW gpgme_cancel NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.4.4 (2004-01-12) ------------------------------------------------ * The member "class" in gpgme_key_sig_t and gpgme_new_signature_t has been renamed to "sig_class", to avoid clash with C++ compilers. In the C API, the old name "class" has been preserved for backwards compatibility, but is deprecated. * Interface changes relative to the 0.4.3 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_key_sig_t CHANGED: class deprecated, use new sig_class. gpgme_new_signature_t CHANGED: class deprecated, use new sig_class. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.4.3 (2003-10-06) ------------------------------------------------ * libgpgme should not be used for threaded programs anymore. This never worked reliably in all cases, because you had to be careful about the linking order and libtool wouldn't do that for you automatically. Instead, now you have to link against libgpgme-pthread for applications using pthread and libgpgme-pth for applications using GNU Pth. The old code for automagically detecting the thread library is still part of libgpgme, but it is DEPRECATED. * There are new automake macros AM_PATH_GPGME_PTH and AM_PATH_GPGME_PTHREAD, which support checking for thread-enabled versions of GPGME. They define GPGME_PTH_CFLAGS, GPGME_PTH_LIBS, GPGME_PTHREAD_CFLAGS and GPGME_PTHREAD_LIBS respectively. These variables of course also include the configuration for the thread package itself. Alternatively, use libtool. * gpgme_strerror_r as a thread safe variant of gpgme_strerror was added. * gpgme-config doesn't support setting the prefix or exec prefix anymore. I don't think it ever worked correctly, and it seems to be pointless. * gpgme_get_key fails with GPG_ERR_AMBIGUOUS_NAME if the key ID provided was not unique, instead returning the first matching key. * gpgme_key_t and gpgme_subkey_t have a new field, can_authenticate, that indicates if the key can be used for authentication. * gpgme_signature_t's status field is now correctly set to an error with error code GPG_ERR_NO_PUBKEY if public key is not found. * gpgme_new_signature_t's class field is now an unsigned int, rather than an unsigned long (the old class field is preserved for backwards compatibility). * A new function gpgme_set_locale() is provided to allow configuring the locale for the crypto backend. This is necessary for text terminals so that programs like the pinentry can be started with the right locale settings for the terminal the application is running on, in case the terminal has different settings than the system default (for example, if it is a remote terminal). You are highly recommended to call the following functions directly after gpgme_check_version: #include setlocale (LC_ALL, ""); gpgme_set_locale (NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL)); gpgme_set_locale (NULL, LC_MESSAGES, setlocale (LC_MESSAGES, NULL)); GPGME can not do this for you, as setlocale is not thread safe, and there is no alternative. * The signal action for SIGPIPE is now set to SIG_IGN by gpgme_check_version, instead the first time a crypto engine is started (which is not well defined). * In the output of gpgme_hash_algo_name, change RMD160 to RIPEMD160, TIGER to TIGER192, CRC32-RFC1510 to CRC32RFC1510, and CRC24-RFC2440 to CRC24RFC2440. For now, these strings can be used as the MIC parameter for PGP/MIME (if appropriately modified). * Interface changes relative to the 0.4.2 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_strerror_t NEW gpgme_get_key CHANGED: Fails correctly if key ID not unique. gpgme_key_t EXTENDED: New field can_authenticate. gpgme_subkey_t EXTENDED: New field can_authenticate. gpgme_new_signature_t CHANGED: New type for class field. gpgme_set_locale NEW gpgme_hash_algo_name CHANGED: Slight adjustment of algo names. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.4.2 (2003-07-30) ------------------------------------------------ * Allow gpg-error to be in non-standard place when linking the test suite. * Configure will fail now if gpg-error can not be found. * Fixed initialized memory backed data objects for writing, which caused the test program to crash (but only on Mac OS, surprisingly). * Eliminate use of C99 constructs. * Small improvements to the manual. Noteworthy changes in version 0.4.1 (2003-06-06) ------------------------------------------------ This is the release that 0.4.0 should have been. There are many interface changes, please see below for the details. The changes are sometimes the result of new functionality, but more often express a paradigm shift. Others are an overdue cleanup to get GPGME in line with the GNU coding standards and to make the interface more self-consistent. Here is an overview on the changes: All types have been renamed to conform to the GNU coding standards, most of the time by keeping the whole name in lowercase and inserting underscores between words. All operations consistently only accept input parameters in their invocation function, and return only an error code directly. Further information about the result of the operation has to be retrieved afterwards by calling one of the result functions. This unifies the synchronous and the asynchronous interface. The error values have been completely replaced by a more sophisticated model that allows GPGME to transparently and accurately report all errors from the other GnuPG components, regardless of process boundaries. This is achieved by using the library libgpg-errors, which is shared by all GnuPG components. This library is now required for GPGME. The results of all operations are now provided by pointers to C structs rather than by XML structs or in other ways. Objects which used to be opaque (for example a key) are now pointers to accessible structs, so no accessor functions are necessary. Backward compatibility is provided where it was possible without too much effort and did not collide with the overall sanitization effort. However, this is only for ease of transition. NO DEPRECATED FUNCTION OR DATA TYPE IS CONSIDERED A PART OF THE API OR ABI AND WILL BE DROPPED IN THE FUTURE WITHOUT CHANGING THE SONAME OF THE LIBRARY. Recommendations how to replace deprecated or removed functionality can be found within the description of each change. What follows are all changes to the interface and behaviour of GPGME in detail. * If gpgme.h is included in sources compiled by GCC 3.1 or later, deprecated attributes will warn about use of obsolete functions and type definitions. You can suppress these warnings by passing -Wno-deprecated-declarations to the gcc command. * The following types have been renamed. The old types are still available as aliases, but they are deprecated now: Old name: New name: GpgmeCtx gpgme_ctx_t GpgmeData gpgme_data_t GpgmeError gpgme_error_t GpgmeDataEncoding gpgme_data_encoding_t GpgmeSigStat gpgme_sig_stat_t GpgmeSigMode gpgme_sig_mode_t GpgmeAttr gpgme_attr_t GpgmeValidity gpgme_validity_t GpgmeProtocol gpgme_protocol_t GpgmeKey gpgme_key_t GpgmePassphraseCb gpgme_passphrase_cb_t GpgmeProgressCb gpgme_progress_cb_t GpgmeIOCb gpgme_io_cb_t GpgmeRegisterIOCb gpgme_register_io_cb_t GpgmeRemoveIOCb gpgme_remove_io_cb_t GpgmeEventIO gpgme_event_io_t GpgmeEventIOCb gpgme_event_io_cb_t GpgmeIOCbs gpgme_io_cbs GpgmeDataReadCb gpgme_data_read_cb_t GpgmeDataWriteCb gpgme_data_write_cb_t GpgmeDataSeekCb gpgme_data_seek_cb_t GpgmeDataReleaseCb gpgme_data_release_cb_t GpgmeDataCbs gpgme_data_cbs_t GpgmeTrustItem gpgme_trust_item_t GpgmeStatusCode gpgme_status_code_t * gpgme_error_t is now identical to gpg_error_t, the error type provided by libgpg-error. More about using libgpg-error with GPGME can be found in the manual. All error symbols have been removed! * All functions and types in libgpg-error have been wrapped in GPGME. The new types are gpgme_err_code_t and gpgme_err_source_t. The new functions are gpgme_err_code, gpgme_err_source, gpgme_error, gpgme_err_make, gpgme_error_from_errno, gpgme_err_make_from_errno, gpgme_err_code_from_errno, gpgme_err_code_to_errno, gpgme_strsource. * GPGME_ATTR_IS_SECRET is not anymore representable as a string. * GnuPG 1.2.2 is required. The progress callback is now also invoked for encrypt, sign, encrypt-sign, decrypt, verify, and decrypt-verify operations. For verify operations on detached signatures, the progress callback is invoked for both the detached signature and the plaintext message, though. * gpgme_passphrase_cb_t has been changed to not provide a complete description, but the UID hint, passphrase info and a flag indicating if this is a repeated attempt individually, so the user can compose his own description from this information. The passphrase is not returned as a C string, but must be written to a file descriptor directly. This allows for secure passphrase entries. The return type has been changed to gpgme_error_t value. This allowed to remove the gpgme_cancel function; just return the error code GPG_ERR_CANCELED in the passphrase callback directly. * gpgme_edit_cb_t has been changed to take a file descriptor argument. The user is expected to write the response to the file descriptor, followed by a newline. * The recipients interface has been removed. Instead, you use NULL-terminated lists of keys for specifying the recipients of an encryption operation. Use the new encryption flag GPGME_ENCRYPT_ALWAYS_TRUST if you want to override the validity of the keys (but note that in general this is not a good idea). This change has been made to the prototypes of gpgme_op_encrypt, gpgme_op_encrypt_start, gpgme_op_encrypt_sign and gpgme_op_encrypt_sign_start. The export interface has been changed to use pattern strings like the keylist interface. Thus, new functions gpgme_op_export_ext and gpgme_op_export_ext_start have been added as well. Now the prototypes of gpgme_op_export_start and gpgme_op_export finally make sense. * gpgme_op_verify and gpgme_op_decrypt_verify don't return a status summary anymore. Use gpgme_get_sig_status to retrieve the individual stati. * gpgme_io_cb_t changed from a void function to a function returning a gpgme_error_t value. However, it will always return 0, so you can safely ignore the return value. * A new I/O callback event GPGME_EVENT_START has been added. The new requirement is that you must wait until this event until you are allowed to call the I/O callback handlers previously registered for this context operation. Calling I/O callback functions for this context operation before the start event happened is unsafe because it can lead to race conditions in a multi-threaded environment. * The idle function feature has been removed. It was not precisely defined in a multi-threaded environment and is obsoleted by the user I/O callback functions. If you still need a simple way to call something while waiting on one or multiple asynchronous operations to complete, don't set the HANG flag in gpgme_wait (note that this will return to your program more often than the idle function did). * gpgme_wait can return NULL even if hang is true, if an error occurs. In that case *status contains the error code. * gpgme_get_engine_info was radically changed. Instead an XML string, an info structure of the new type gpgme_engine_info_t is returned. This makes it easier and more robust to evaluate the information in an application. * The new function gpgme_get_protocol_name can be used to convert a gpgme_protocol_t value into a string. * The status of a context operation is not checked anymore. Starting a new operation will silently cancel the previous one. Calling a function that requires you to have started an operation before without doing so is undefined. * The FPR argument to gpgme_op_genkey was removed. Instead, use the gpgme_op_genkey_result function to retrieve a gpgme_genkey_result_t pointer to a structure which contains the fingerprint. This also works with gpgme_op_genkey_start. The structure also provides other information about the generated keys. So, instead: char *fpr; err = gpgme_op_genkey (ctx, NULL, NULL, &fpr); if (!err && fpr) printf ("%s\n", fpr); you should now do: gpgme_genkey_result_t result; err = gpgme_op_genkey (ctx, NULL, NULL); if (!err) { result = gpgme_op_genkey_result (ctx); if (result->fpr) printf ("%s\n", result->fpr); } * The new gpgme_op_import_result function provides detailed information about the result of an import operation in gpgme_import_result_t and gpgme_import_status_t objects. Thus, the gpgme_op_import_ext variant is deprecated. * The new gpgme_op_sign_result function provides detailed information about the result of a signing operation in gpgme_sign_result_t, gpgme_invalid_key_t and gpgme_new_signature_t objects. * The new gpgme_op_encrypt_result function provides detailed information about the result of an encryption operation in a GpgmeEncryptResult object. * The new gpgme_op_decrypt_result function provides detailed information about the result of a decryption operation in a GpgmeDecryptResult object. * The new gpgme_op_verify_result function provides detailed information about the result of an verify operation in a GpgmeVerifyResult object. Because of this, the GPGME_SIG_STAT_* values, gpgme_get_sig_status, gpgme_get_sig_ulong_attr, gpgme_get_sig_string_attr and gpgme_get_sig_key are now deprecated, and gpgme_get_notation is removed. * GpgmeTrustItem objects have now directly accessible data, so the gpgme_trust_item_get_string_attr and gpgme_trust_item_get_ulong_attr accessor functions are deprecated. Also, reference counting is available through gpgme_trust_item_ref and gpgme_trust_item_unref (the gpgme_trust_item_release alias for the latter is deprecated). * Keys are not cached internally anymore, so the force_update argument to gpgme_get_key has been removed. * GpgmeKey objects have now directly accessible data so the gpgme_key_get_string_attr, gpgme_key_get_ulong_attr, gpgme_key_sig_get_string_attr and gpgme_key_sig_get_ulong_attr functions are deprecated. Also, gpgme_key_release is now deprecated. The gpgme_key_get_as_xml function has been dropped. * Because all interfaces using attributes are deprecated, the GpgmeAttr data type is also deprecated. * The new gpgme_op_keylist_result function provides detailed information about the result of a key listing operation in a GpgmeKeyListResult object. * Now that each function comes with its own result retrieval interface, the generic gpgme_get_op_info interface is not useful anymore and dropped. * The type and mode of data objects is not available anymore. * Interface changes relative to the 0.4.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GpgmeCtx DEPRECATED: Use gpgme_ctx_t. GpgmeData DEPRECATED: Use gpgme_data_t. GpgmeError DEPRECATED: Use gpgme_error_t. GpgmeDataEncoding DEPRECATED: Use gpgme_data_encoding_t. GpgmeSigStat DEPRECATED: Use gpgme_sig_stat_t. GpgmeSigMode DEPRECATED: Use gpgme_sig_mode_t. GpgmeAttr DEPRECATED: Use gpgme_attr_t. GpgmeValidity DEPRECATED: Use gpgme_validity_t. GpgmeProtocol DEPRECATED: Use gpgme_protocol_t. GpgmeKey DEPRECATED: Use gpgme_key_t. GpgmePassphraseCb DEPRECATED: Use gpgme_passphrase_cb_t. GpgmeProgressCb DEPRECATED: Use gpgme_progress_cb_t. GpgmeIOCb DEPRECATED: Use gpgme_io_cb_t. GpgmeRegisterIOCb DEPRECATED: Use gpgme_register_io_cb_t. GpgmeRemoveIOCb DEPRECATED: Use gpgme_remove_io_cb_t. GpgmeEventIO DEPRECATED: Use gpgme_event_io_t. GpgmeEventIOCb DEPRECATED: Use gpgme_event_io_cb_t. GpgmeIOCbs DEPRECATED: Use gpgme_io_cbs. GpgmeDataReadCb DEPRECATED: Use gpgme_data_read_cb_t. GpgmeDataWriteCb DEPRECATED: Use gpgme_data_write_cb_t. GpgmeDataSeekCb DEPRECATED: Use gpgme_data_seek_cb_t. GpgmeDataReleaseCb DEPRECATED: Use gpgme_data_release_cb_t. GpgmeDataCbs DEPRECATED: Use gpgme_data_cbs_t. GpgmeTrustItem DEPRECATED: Use gpgme_trust_item_t. GpgmeStatusCode DEPRECATED: Use gpgme_status_code_t. gpgme_ctx_t NEW gpgme_data_t NEW gpgme_recipients_t NEW gpgme_error_t NEW gpgme_data_encoding_t NEW gpgme_sig_stat_t NEW gpgme_sig_mode_t NEW gpgme_attr_t NEW gpgme_validity_t NEW gpgme_protocol_t NEW gpgme_key_t NEW gpgme_passphrase_cb_t NEW gpgme_progress_cb_t NEW gpgme_io_cb_t NEW gpgme_register_io_cb_t NEW gpgme_remove_io_cb_t NEW gpgme_event_io_t NEW gpgme_event_io_cb_t NEW gpgme_io_cbs NEW gpgme_data_read_cb_t NEW gpgme_data_write_cb_t NEW gpgme_data_seek_cb_t NEW gpgme_data_release_cb_t NEW gpgme_data_cbs_t NEW gpgme_trust_item_t NEW gpgme_status_code_t NEW GPGME_{some error code} REMOVED! Use GPG_ERR_* from libgpg-error. gpgme_err_code_t NEW gpgme_err_source_t NEW gpgme_err_code NEW gpgme_err_source NEW gpgme_error NEW gpgme_err_make NEW gpgme_error_from_errno NEW gpgme_err_make_from_errno NEW gpgme_err_code_from_errno NEW gpgme_err_code_to_errno NEW gpgme_strsource NEW gpgme_io_cb_t CHANGED: Return type from void to GpgmeError. gpgme_event_io_t CHANGED: New event type (all numbers changed). gpgme_passphrase_cb_t CHANGED: Desc decomposed, write directly to FD. gpgme_edit_cb_t CHANGED: Write directly to FD. gpgme_key_get_string_attr CHANGED: Don't handle GPGME_ATTR_IS_SECRET. gpgme_op_verify CHANGED: Drop R_STAT argument. gpgme_op_decrypt_verify CHANGED: Drop R_STAT argument. gpgme_wait CHANGED: Can return NULL even if hang is true. GpgmeIdleFunc REMOVED gpgme_register_idle REMOVED GpgmeRecipients REMOVED gpgme_recipients_new REMOVED gpgme_recipients_release REMOVED gpgme_recipients_add_name REMOVED gpgme_recipients_add_name_with_validity REMOVED gpgme_recipients_count REMOVED gpgme_recipients_enum_open REMOVED gpgme_recipients_enum_read REMOVED gpgme_recipients_enum_close REMOVED gpgme_encrypt_flags_t NEW GPGME_ENCRYPT_ALWAYS_TRUST NEW gpgme_op_encrypt CHANGED: Recipients passed as gpgme_key_t[]. gpgme_op_encrypt_start CHANGED: Recipients passed as gpgme_key_t[]. gpgme_op_encrypt_sign CHANGED: Recipients passed as gpgme_key_t[]. gpgme_op_encrypt_sign_start CHANGED: Recipients passed as gpgme_key_t[]. gpgme_op_export_start CHANGED: User IDs passed as patterns. gpgme_op_export CHANGED: User IDs passed as patterns. gpgme_op_export_ext_start NEW gpgme_op_export_ext NEW gpgme_keylist_mode_t NEW gpgme_sigsum_t NEW gpgme_engine_info_t NEW gpgme_get_engine_info CHANGED: Return info structure instead XML. gpgme_get_protocol_name NEW gpgme_cancel REMOVED: Return error in callback directly. gpgme_op_genkey CHANGED: FPR argument dropped. gpgme_op_genkey_result NEW gpgme_genkey_result_t NEW gpgme_op_import_ext DEPRECATED: Use gpgme_op_import_result. gpgme_op_import_result NEW gpgme_import_status_t NEW gpgme_import_result_t NEW gpgme_pubkey_algo_t NEW gpgme_hash_algo_t NEW gpgme_invalid_key_t NEW gpgme_new_signature_t NEW gpgme_sign_result_t NEW gpgme_op_sign_result NEW gpgme_pubkey_algo_name NEW gpgme_hash_algo_name NEW gpgme_encrypt_result_t NEW gpgme_op_encrypt_result NEW gpgme_decrypt_result_t NEW gpgme_op_decrypt_result NEW gpgme_verify_result_t NEW gpgme_op_verify_result NEW gpgme_get_notation REMOVED: Access verify result directly instead. gpgme_get_sig_key DEPRECATED: Use gpgme_get_key with fingerprint. gpgme_get_sig_ulong_attr DEPRECATED: Use verify result directly. gpgme_get_sig_string_attr DEPRECATED: Use verify result directly. GPGME_SIG_STAT_* DEPRECATED: Use error value in sig status. gpgme_get_sig_status DEPRECATED: Use verify result directly. gpgme_trust_item_t CHANGED: Now has user accessible data members. gpgme_trust_item_ref NEW gpgme_trust_item_unref NEW gpgme_trust_item_release DEPRECATED: Use gpgme_trust_item_unref. gpgme_trust_item_get_string_attr DEPRECATED gpgme_trust_item_get_ulong_attr DEPRECATED gpgme_get_key CHANGED: Removed force_update argument. gpgme_subkey_t NEW gpgme_key_sig_t NEW gpgme_user_id_t NEW gpgme_key_t CHANGED: Now has user accessible data members. gpgme_key_get_string_attr DEPRECATED gpgme_key_get_ulong_attr DEPRECATED gpgme_key_sig_get_string_attr DEPRECATED gpgme_key_sig_get_ulong_attr DEPRECATED gpgme_key_get_as_xml REMOVED gpgme_key_list_result_t NEW gpgme_op_keylist_result NEW gpgme_get_op_info REMOVED ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.4.0 (2002-12-23) ------------------------------------------------ * Key generation returns the fingerprint of the generated key. * New convenience function gpgme_get_key. * Supports signatures of user IDs in keys via the new GPGME_KEYLIST_MODE_SIGS keylist mode and the gpgme_key_sig_get_string_attr and gpgme_key_sig_get_ulong_attr interfaces. The XML info about a key also includes the signatures if available. * New data object interface, which is more flexible and transparent. * Interface changes relative to the 0.3.9 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GpgmeDataReadCb NEW GpgmeDataWriteCb NEW GpgmeDataSeekCb NEW GpgmeDataReleaseCb NEW GpgmeDataCbs NEW gpgme_data_read CHANGED: Match read() closely. gpgme_data_write CHANGED: Match write() closely. gpgme_data_seek NEW gpgme_data_new_from_fd NEW gpgme_data_new_from_stream NEW gpgme_data_new_from_cbs NEW gpgme_data_rewind DEPRECATED: Replaced by gpgme_data_seek(). gpgme_data_new_from_read_cb DEPRECATED: Replaced by gpgme_data_from_cbs(). gpgme_data_get_type REMOVED: No replacement. gpgme_op_verify CHANGED: Take different data objects for signed text and plain text. gpgme_op_verify_start CHANGED: See gpgme_op_verify. gpgme_check_engine REMOVED: Deprecated since 0.3.0. gpgme_op_genkey CHANGED: New parameter FPR. GPGME_KEYLIST_MODE_SIGS NEW gpgme_key_sig_get_string_attr NEW gpgme_key_sig_get_ulong_attr NEW gpgme_get_key NEW GPGME_ATTR_SIG_CLASS NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.3.16 (2003-11-19) ------------------------------------------------- * Compatibility fixes for GnuPG 1.9.x Noteworthy changes in version 0.3.15 (2003-02-18) ------------------------------------------------- * The progress status is sent via the progress callbacks in gpgme_op_edit. * Bug fix for signing operations with explicit signer settings for the CMS protocol. Noteworthy changes in version 0.3.14 (2002-12-04) ------------------------------------------------- * GPGME-Plug is now in its own package "cryptplug". * Workaround for a setlocale problem. Fixed a segv related to not correctly as closed marked file descriptors. Noteworthy changes in version 0.3.13 (2002-11-20) ------------------------------------------------- * Release due to changes in gpgmeplug. Noteworthy changes in version 0.3.12 (2002-10-15) ------------------------------------------------- * Fixed some bux with key listings. * The development has been branched to clean up some API issues. This 0.3 series will be kept for compatibility reasons; so do don't expect new features. Noteworthy changes in version 0.3.11 (2002-09-20) ------------------------------------------------- * Bug fixes. Noteworthy changes in version 0.3.10 (2002-09-02) ------------------------------------------------- * Setting the signing keys for the CMS protocol does now work. * The signers setting is honoured by gpgme_op_edit. Noteworthy changes in version 0.3.9 (2002-08-21) ------------------------------------------------ * A spec file for creating RPMs has been added. * An experimental interface to GnuPG's --edit-key functionality is introduced, see gpgme_op_edit. * The new gpgme_import_ext function provides a convenient access to the number of processed keys. * Interface changes relative to the 0.3.8 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GpgmeStatusCode NEW GpgmeEditCb NEW gpgme_op_edit_start NEW gpgme_op_edit NEW gpgme_op_import_ext NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.3.8 (2002-06-25) ------------------------------------------------ * It is possible to use an outside event loop for the I/O to the crypto engine by setting the I/O callbacks with gpgme_set_io_cbs. * Interface changes relative to the 0.3.6 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GpgmeIOCb NEW GpgmeRegisterIOCb NEW GpgmeRemoveIOCb NEW GpgmeEventIO NEW GpgmeEventIOCb NEW struct GpgmeIOCbs NEW gpgme_set_io_cbs NEW gpgme_get_io_cbs NEW GPGME_ATTR_ERRTOK NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.3.7 (2002-06-04) ------------------------------------------------ * GPGME_ATTR_OTRUST is implemented now. * A first step toward thread safeness has been achieved, see the documentation for details. Supported thread libraries are pthread and Pth. Noteworthy changes in version 0.3.6 (2002-05-03) ------------------------------------------------ * All error output of the gpgsm backend is send to the bit bucket. * The signature verification functions are extended. Instead of always returning GPGME_SIG_STATUS_GOOD, the functions new codes for expired signatures. 2 new functions may be used to retrieve more detailed information like the signature expiration time and a validity information of the key without an extra key looking. * The current passphrase callback and progress meter callback can be retrieved with the new functions gpgme_get_passphrase_cb and gpgme_get_progress_cb respectively. * Interface changes relative to the 0.3.5 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_get_passphrase_cb NEW gpgme_get_progress_cb NEW GpgmeDataEncoding NEW gpgme_data_set_encoding NEW gpgme_data_get_encoding NEW GPGME_SIG_STAT_GOOD_EXP NEW GPGME_SIG_STAT_GOOD_EXPKEY NEW gpgme_op_verify CHANGED: Returns more status codes. GPGME_ATTR_SIG_STATUS NEW gpgme_get_sig_string_attr NEW gpgme_get_sig_ulong_attr NEW gpgme_get_protocol NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.3.5 (2002-04-01) ------------------------------------------------ * gpgme_op_encrypt can be called with RECIPIENTS being 0. In this case, symmetric encryption is performed. Note that this requires a passphrase from the user. * More information is returned for X.509 certificates. * Interface changes relative to the 0.3.4 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_op_encrypt EXTENDED: Symmetric encryption possible ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.3.4 (2002-03-04) ------------------------------------------------ * gpgme_op_encrypt does now fail with GPGME_Invalid_Recipients if some recipients have been invalid, whereas earlier versions succeeded in this case. The plaintext is still encrypted for all valid recipients, so the application might take this error as a hint that the ciphertext is not usable for all requested recipients. Information about invalid recipients is available with gpgme_get_op_info. * gpgme_op_verify now allows to pass an uninitialized data object as its plaintext argument to check for normal and cleartext signatures. The plaintext is then returned in the data object. * New interfaces gpgme_set_include_certs and gpgme_get_include_certs to set and get the number of certifications to include in S/MIME signed messages. * New interfaces gpgme_op_encrypt_sign and gpgme_op_encrypt_sign_start to encrypt and sign a message in a combined operation. * New interface gpgme_op_keylist_ext_start to search for multiple patterns. * gpgme_key_get_ulong_attr supports the GPGME_ATTR_EXPIRE attribute. * Interface changes relative to the 0.3.3 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_op_encrypt CHANGED: Can fail with GPGME_Invalid_Recipients gpgme_op_verify EXTENDED: Accepts uninitialized text argument gpgme_key_get_ulong_attr EXTENDED: Supports GPGME_ATTR_EXPIRE gpgme_set_include_certs NEW gpgme_get_include_certs NEW gpgme_op_encrypt_sign NEW gpgme_op_encrypt_sign_start NEW gpgme_op_keylist_ext_start NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.3.3 (2002-02-12) ------------------------------------------------ * Fix the Makefile in jnlib. * Fix the test suite (hopefully). It should clean up all its state with `make check' now. Noteworthy changes in version 0.3.2 (2002-02-10) ------------------------------------------------ * Remove erroneous dependency on libgcrypt in jnlib. Noteworthy changes in version 0.3.1 (2002-02-09) ------------------------------------------------ * There is a Texinfo manual documenting the API. * The gpgme_set_keylist_mode function returns an error, and changed its meaning. It is no longer usable to select between normal and fast mode (newer versions of GnuPG will always be fast), but selects between local keyring, remote keyserver, or both. For this, two new macros are defined, GPGME_KEYLIST_MODE_LOCAL and GPGME_KEYLIST_MODE_EXTERN. To make it possible to modify the current setting, a function gpgme_get_keylist_mode was added to retrieve the current mode. * gpgme_wait accepts a new argument STATUS to return the error status of the operation on the context. Its definition is closer to waitpid() now than before. * The LENGTH argument to gpgme_data_new_from_filepart changed its type from off_t to the unsigned size_t. * The R_HD argument to the GpgmePassphraseCb type changed its type from void* to void**. * New interface gpgme_op_trustlist_end() to match gpgme_op_keylist_end(). * The CryptPlug modules have been renamed to gpgme-openpgp and gpgme-smime, and they are installed in pkglibdir by `make install'. * An idle function can be registered with gpgme_register_idle(). * The GpgSM backend supports key generation with gpgme_op_genkey(). * Interface changes relative to the 0.3.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_data_new_from_filepart CHANGED: Type of LENGTH is size_t. GpgmePassphraseCb CHANGED: Type of R_HD is void **. gpgme_wait CHANGED: New argument STATUS. gpgme_set_keylist_mode CHANGED: Type of return value is GpgmeError. The function has a new meaning! gpgme_get_keylist_mode NEW GPGME_KEYLIST_MODE_LOCAL NEW GPGME_KEYLIST_MODE_EXTERN NEW gpgme_op_trustlist_next NEW GpgmeIdleFunc NEW gpgme_register_idle NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.3.0 (2001-12-19) ------------------------------------------------ * New interface gpgme_set_protocol() to set the protocol and thus the crypto engine to be used by the context. Currently, the OpenPGP and the CMS protocols are supported. They are specified by the new preprocessor symbols GPGME_PROTOCOL_OpenPGP and GPGME_PROTOCOL_CMS. A new context uses the OpenPGP engine by default. * gpgme_get_engine_info() returns information for all crypto engines compiled into the library. The XML format has changed. To reliably get the version of a crypto engine, the tag after the appropriate tag has to be looked for. * New interface gpgme_engine_check_version(), obsoleting gpgme_check_engine(). Check the version of all engines you are supporting in your software. * GpgmeKey lists the user ids in the order as they are returned by GnuPG, first the primary key with index 0, then the sub-user ids. * New operation gpgme_op_decrypt_verify() to decrypt and verify signatures simultaneously. * The new interface gpgme_op_keylist_end() terminates a pending keylist operation. A keylist operation is also terminated when gpgme_op_keylist_next() returns GPGME_EOF. * GPGME can be compiled without GnuPG being installed (`--with-gpg=PATH'), cross-compiled, or even compiled without support for GnuPG (`--without-gpg'). * GPGME can be compiled with support for GpgSM (GnuPG for S/MIME, `--with-gpgsm=PATH'). It is enabled by default if the `gpgsm' is found in the path, but it can also be compiled without support for GpgSM (`--without-gpgsm'). * CryptPlug modules for GPGME are included and can be enabled at configure time (`--enable-gpgmeplug'). There is one module which uses the GnuPG engine (`gpgmeplug') and one module which uses the GpgSM engine (`gpgsmplug'). * Interface changes relative to the latest 0.2.x release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_key_get_as_xml CHANGED: Sub-user ids reversed in order. gpgme_key_get_string_attr CHANGED: User ids reversed in order. gpgme_key_get_ulong_attr CHANGED: User ids reversed in order. gpgme_get_engine_info CHANGED: New format, extended content. gpgme_engine_check_version NEW gpgme_decrypt_verify_start NEW gpgme_decrypt_verify NEW gpgme_op_keylist_next NEW gpgme_set_protocol NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Noteworthy changes in version 0.2.3 (2001-09-17) ------------------------------------------------ * New function gpgme_get_op_info which can be used to get the micalg parameter needed for MOSS. * New functions gpgme_get_armor and gpgme_get_textmode. * The usual bug fixes and some minor functionality improvements. * Added a simple encryption component for MS-Windows; however the build procedure might have some problems. Noteworthy changes in version 0.2.2 (2001-06-12) ------------------------------------------------ * Implemented a key cache. * Fixed a race condition under W32 and some other bug fixes. Noteworthy changes in version 0.2.1 (2001-04-02) ------------------------------------------------ * Changed debug output and GPGME_DEBUG variable (gpgme/debug.c) * Handle GnuPG's new key capabilities output and support revocation et al. attributes * Made the W32 support more robust. Copyright 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2009, 2010 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/gpgme-json.c b/src/gpgme-json.c index 6077278c..3d18eee2 100644 --- a/src/gpgme-json.c +++ b/src/gpgme-json.c @@ -1,3937 +1,4062 @@ /* gpgme-json.c - JSON based interface to gpgme (server) * Copyright (C) 2018 g10 Code GmbH * * This file is part of GPGME. * * GPGME is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * GPGME is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, see . * SPDX-License-Identifier: LGPL-2.1-or-later */ /* This tool implements the Native Messaging protocol of web * browsers and provides the server part of it. A Javascript based * client can be found in lang/javascript. */ #include #include #include #include #include #ifdef HAVE_LOCALE_H #include #endif #include #include #define GPGRT_ENABLE_ES_MACROS 1 #define GPGRT_ENABLE_LOG_MACROS 1 #define GPGRT_ENABLE_ARGPARSE_MACROS 1 #include "gpgme.h" #include "cJSON.h" /* We don't allow a request with more than 64 MiB. */ #define MAX_REQUEST_SIZE (64 * 1024 * 1024) /* Minimal chunk size for returned data.*/ #define MIN_REPLY_CHUNK_SIZE 30 /* If no chunksize is provided we print everything. Changing * this to a positive value will result in all messages being * chunked. */ #define DEF_REPLY_CHUNK_SIZE 0 #define MAX_REPLY_CHUNK_SIZE (10 * 1024 * 1024) static void xoutofcore (const char *type) GPGRT_ATTR_NORETURN; static cjson_t error_object_v (cjson_t json, const char *message, va_list arg_ptr, gpg_error_t err) GPGRT_ATTR_PRINTF(2,0); static cjson_t error_object (cjson_t json, const char *message, ...) GPGRT_ATTR_PRINTF(2,3); static char *error_object_string (const char *message, ...) GPGRT_ATTR_PRINTF(1,2); static char *process_request (const char *request); /* True if interactive mode is active. */ static int opt_interactive; /* True is debug mode is active. */ static int opt_debug; /* Pending data to be returned by a getmore command. */ static struct { char *buffer; /* Malloced data or NULL if not used. */ size_t length; /* Length of that data. */ size_t written; /* # of already written bytes from BUFFER. */ } pending_data; /* * Helper functions and macros */ #define xtrystrdup(a) gpgrt_strdup ((a)) #define xcalloc(a,b) ({ \ void *_r = gpgrt_calloc ((a), (b)); \ if (!_r) \ xoutofcore ("calloc"); \ _r; }) #define xstrdup(a) ({ \ char *_r = gpgrt_strdup ((a)); \ if (!_r) \ xoutofcore ("strdup"); \ _r; }) #define xstrconcat(a, ...) ({ \ char *_r = gpgrt_strconcat ((a), __VA_ARGS__); \ if (!_r) \ xoutofcore ("strconcat"); \ _r; }) #define xfree(a) gpgrt_free ((a)) /* Only use calloc. */ #define CALLOC_ONLY 1 #if CALLOC_ONLY #define xtrymalloc(a) gpgrt_calloc (1, (a)) #define xmalloc(a) xcalloc(1, (a)) #else #define xtrymalloc(a) gpgrt_malloc ((a)) #define xmalloc(a) ({ \ void *_r = gpgrt_malloc ((a)); \ if (!_r) \ xoutofcore ("malloc"); \ _r; }) #endif #define spacep(p) (*(p) == ' ' || *(p) == '\t') #ifndef HAVE_STPCPY static GPGRT_INLINE char * _my_stpcpy (char *a, const char *b) { while (*b) *a++ = *b++; *a = 0; return a; } #define stpcpy(a,b) _my_stpcpy ((a), (b)) #endif /*!HAVE_STPCPY*/ /* Free a NULL terminated array */ static void xfree_array (char **array) { if (array) { int idx; for (idx = 0; array[idx]; idx++) xfree (array[idx]); xfree (array); } } static void xoutofcore (const char *type) { gpg_error_t err = gpg_error_from_syserror (); log_error ("%s failed: %s\n", type, gpg_strerror (err)); exit (2); } /* Call cJSON_CreateObject but terminate in case of an error. */ static cjson_t xjson_CreateObject (void) { cjson_t json = cJSON_CreateObject (); if (!json) xoutofcore ("cJSON_CreateObject"); return json; } /* Call cJSON_CreateArray but terminate in case of an error. */ static cjson_t xjson_CreateArray (void) { cjson_t json = cJSON_CreateArray (); if (!json) xoutofcore ("cJSON_CreateArray"); return json; } /* Wrapper around cJSON_AddStringToObject which returns an gpg-error * code instead of the NULL or the new object. */ static gpg_error_t cjson_AddStringToObject (cjson_t object, const char *name, const char *string) { if (!cJSON_AddStringToObject (object, name, string)) return gpg_error_from_syserror (); return 0; } /* Same as cjson_AddStringToObject but prints an error message and * terminates the process. */ static void xjson_AddStringToObject (cjson_t object, const char *name, const char *string) { if (!cJSON_AddStringToObject (object, name, string)) xoutofcore ("cJSON_AddStringToObject"); } /* Same as xjson_AddStringToObject but ignores NULL strings */ static void xjson_AddStringToObject0 (cjson_t object, const char *name, const char *string) { if (!string) return; xjson_AddStringToObject (object, name, string); } /* Wrapper around cJSON_AddBoolToObject which terminates the process * in case of an error. */ static void xjson_AddBoolToObject (cjson_t object, const char *name, int abool) { if (!cJSON_AddBoolToObject (object, name, abool)) xoutofcore ("cJSON_AddStringToObject"); return ; } /* Wrapper around cJSON_AddNumberToObject which terminates the process * in case of an error. */ static void xjson_AddNumberToObject (cjson_t object, const char *name, double dbl) { if (!cJSON_AddNumberToObject (object, name, dbl)) xoutofcore ("cJSON_AddNumberToObject"); return ; } /* Wrapper around cJSON_AddItemToObject which terminates the process * in case of an error. */ static void xjson_AddItemToObject (cjson_t object, const char *name, cjson_t item) { if (!cJSON_AddItemToObject (object, name, item)) xoutofcore ("cJSON_AddItemToObject"); return ; } /* This is similar to cJSON_AddStringToObject but takes (DATA, * DATALEN) and adds it under NAME as a base 64 encoded string to * OBJECT. */ static gpg_error_t add_base64_to_object (cjson_t object, const char *name, const void *data, size_t datalen) { gpg_err_code_t err; estream_t fp = NULL; gpgrt_b64state_t state = NULL; cjson_t j_str = NULL; void *buffer = NULL; fp = es_fopenmem (0, "rwb"); if (!fp) { err = gpg_err_code_from_syserror (); goto leave; } state = gpgrt_b64enc_start (fp, ""); if (!state) { err = gpg_err_code_from_syserror (); goto leave; } err = gpgrt_b64enc_write (state, data, datalen); if (err) goto leave; err = gpgrt_b64enc_finish (state); state = NULL; if (err) return err; es_fputc (0, fp); if (es_fclose_snatch (fp, &buffer, NULL)) { fp = NULL; err = gpg_error_from_syserror (); goto leave; } fp = NULL; j_str = cJSON_CreateStringConvey (buffer); if (!j_str) { err = gpg_error_from_syserror (); goto leave; } buffer = NULL; if (!cJSON_AddItemToObject (object, name, j_str)) { err = gpg_error_from_syserror (); cJSON_Delete (j_str); j_str = NULL; goto leave; } j_str = NULL; leave: xfree (buffer); cJSON_Delete (j_str); gpgrt_b64enc_finish (state); es_fclose (fp); return err; } /* Create a JSON error object. If JSON is not NULL the error message * is appended to that object. An existing "type" item will be replaced. */ static cjson_t error_object_v (cjson_t json, const char *message, va_list arg_ptr, gpg_error_t err) { cjson_t response, j_tmp; char *msg; msg = gpgrt_vbsprintf (message, arg_ptr); if (!msg) xoutofcore ("error_object"); response = json? json : xjson_CreateObject (); if (!(j_tmp = cJSON_GetObjectItem (response, "type"))) xjson_AddStringToObject (response, "type", "error"); else /* Replace existing "type". */ { j_tmp = cJSON_CreateString ("error"); if (!j_tmp) xoutofcore ("cJSON_CreateString"); cJSON_ReplaceItemInObject (response, "type", j_tmp); } xjson_AddStringToObject (response, "msg", msg); xfree (msg); xjson_AddNumberToObject (response, "code", err); return response; } /* Call cJSON_Print but terminate in case of an error. */ static char * xjson_Print (cjson_t object) { char *buf; buf = cJSON_Print (object); if (!buf) xoutofcore ("cJSON_Print"); return buf; } static cjson_t error_object (cjson_t json, const char *message, ...) { cjson_t response; va_list arg_ptr; va_start (arg_ptr, message); response = error_object_v (json, message, arg_ptr, 0); va_end (arg_ptr); return response; } static cjson_t gpg_error_object (cjson_t json, gpg_error_t err, const char *message, ...) { cjson_t response; va_list arg_ptr; va_start (arg_ptr, message); response = error_object_v (json, message, arg_ptr, err); va_end (arg_ptr); return response; } static char * error_object_string (const char *message, ...) { cjson_t response; va_list arg_ptr; char *msg; va_start (arg_ptr, message); response = error_object_v (NULL, message, arg_ptr, 0); va_end (arg_ptr); msg = xjson_Print (response); cJSON_Delete (response); return msg; } /* Get the boolean property NAME from the JSON object and store true * or valse at R_VALUE. If the name is unknown the value of DEF_VALUE * is returned. If the type of the value is not boolean, * GPG_ERR_INV_VALUE is returned and R_VALUE set to DEF_VALUE. */ static gpg_error_t get_boolean_flag (cjson_t json, const char *name, int def_value, int *r_value) { cjson_t j_item; j_item = cJSON_GetObjectItem (json, name); if (!j_item) *r_value = def_value; else if (cjson_is_true (j_item)) *r_value = 1; else if (cjson_is_false (j_item)) *r_value = 0; else { *r_value = def_value; return gpg_error (GPG_ERR_INV_VALUE); } return 0; } /* Get the boolean property PROTOCOL from the JSON object and store * its value at R_PROTOCOL. The default is OpenPGP. */ static gpg_error_t get_protocol (cjson_t json, gpgme_protocol_t *r_protocol) { cjson_t j_item; *r_protocol = GPGME_PROTOCOL_OpenPGP; j_item = cJSON_GetObjectItem (json, "protocol"); if (!j_item) ; else if (!cjson_is_string (j_item)) return gpg_error (GPG_ERR_INV_VALUE); else if (!strcmp(j_item->valuestring, "openpgp")) ; else if (!strcmp(j_item->valuestring, "cms")) *r_protocol = GPGME_PROTOCOL_CMS; else return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL); return 0; } /* Get the chunksize from JSON and store it at R_CHUNKSIZE. */ static gpg_error_t get_chunksize (cjson_t json, size_t *r_chunksize) { cjson_t j_item; *r_chunksize = DEF_REPLY_CHUNK_SIZE; j_item = cJSON_GetObjectItem (json, "chunksize"); if (!j_item) ; else if (!cjson_is_number (j_item)) return gpg_error (GPG_ERR_INV_VALUE); else if ((size_t)j_item->valueint < MIN_REPLY_CHUNK_SIZE) *r_chunksize = MIN_REPLY_CHUNK_SIZE; else if ((size_t)j_item->valueint > MAX_REPLY_CHUNK_SIZE) *r_chunksize = MAX_REPLY_CHUNK_SIZE; else *r_chunksize = (size_t)j_item->valueint; return 0; } /* Extract the keys from the array or string with the name "name" * in the JSON object. On success a string with the keys identifiers * is stored at R_KEYS. * The keys in that string are LF delimited. On failure an error code * is returned. */ static gpg_error_t get_keys (cjson_t json, const char *name, char **r_keystring) { cjson_t j_keys, j_item; int i, nkeys; char *p; size_t length; *r_keystring = NULL; j_keys = cJSON_GetObjectItem (json, name); if (!j_keys) return gpg_error (GPG_ERR_NO_KEY); if (!cjson_is_array (j_keys) && !cjson_is_string (j_keys)) return gpg_error (GPG_ERR_INV_VALUE); /* Fixme: We should better use a membuf like thing. */ length = 1; /* For the EOS. */ if (cjson_is_string (j_keys)) { nkeys = 1; length += strlen (j_keys->valuestring); if (strchr (j_keys->valuestring, '\n')) return gpg_error (GPG_ERR_INV_USER_ID); } else { nkeys = cJSON_GetArraySize (j_keys); if (!nkeys) return gpg_error (GPG_ERR_NO_KEY); for (i=0; i < nkeys; i++) { j_item = cJSON_GetArrayItem (j_keys, i); if (!j_item || !cjson_is_string (j_item)) return gpg_error (GPG_ERR_INV_VALUE); if (i) length++; /* Space for delimiter. */ length += strlen (j_item->valuestring); if (strchr (j_item->valuestring, '\n')) return gpg_error (GPG_ERR_INV_USER_ID); } } p = *r_keystring = xtrymalloc (length); if (!p) return gpg_error_from_syserror (); if (cjson_is_string (j_keys)) { strcpy (p, j_keys->valuestring); } else { for (i=0; i < nkeys; i++) { j_item = cJSON_GetArrayItem (j_keys, i); if (i) *p++ = '\n'; /* Add delimiter. */ p = stpcpy (p, j_item->valuestring); } } return 0; } /* * GPGME support functions. */ /* Helper for get_context. */ static gpgme_ctx_t _create_new_context (gpgme_protocol_t proto) { gpg_error_t err; gpgme_ctx_t ctx; err = gpgme_new (&ctx); if (err) log_fatal ("error creating GPGME context: %s\n", gpg_strerror (err)); gpgme_set_protocol (ctx, proto); gpgme_set_ctx_flag (ctx, "request-origin", "browser"); return ctx; } /* Return a context object for protocol PROTO. This is currently a * statically allocated context initialized for PROTO. Terminates * process on failure. */ static gpgme_ctx_t get_context (gpgme_protocol_t proto) { static gpgme_ctx_t ctx_openpgp, ctx_cms, ctx_conf; if (proto == GPGME_PROTOCOL_OpenPGP) { if (!ctx_openpgp) ctx_openpgp = _create_new_context (proto); return ctx_openpgp; } else if (proto == GPGME_PROTOCOL_CMS) { if (!ctx_cms) ctx_cms = _create_new_context (proto); return ctx_cms; } else if (proto == GPGME_PROTOCOL_GPGCONF) { if (!ctx_conf) ctx_conf = _create_new_context (proto); return ctx_conf; } else log_bug ("invalid protocol %d requested\n", proto); } /* Free context object retrieved by get_context. */ static void release_context (gpgme_ctx_t ctx) { /* Nothing to do right now. */ (void)ctx; } /* Create an addition context for short operations. */ static gpgme_ctx_t create_onetime_context (gpgme_protocol_t proto) { return _create_new_context (proto); } /* Release a one-time context. */ static void release_onetime_context (gpgme_ctx_t ctx) { return gpgme_release (ctx); } /* Given a Base-64 encoded string object in JSON return a gpgme data * object at R_DATA. */ static gpg_error_t data_from_base64_string (gpgme_data_t *r_data, cjson_t json) { gpg_error_t err; size_t len; char *buf = NULL; gpgrt_b64state_t state = NULL; gpgme_data_t data = NULL; *r_data = NULL; /* A quick check on the JSON. */ if (!cjson_is_string (json)) { err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } state = gpgrt_b64dec_start (NULL); if (!state) { err = gpg_err_code_from_syserror (); goto leave; } /* Fixme: Data duplication - we should see how to snatch the memory * from the json object. */ len = strlen (json->valuestring); buf = xtrystrdup (json->valuestring); if (!buf) { err = gpg_error_from_syserror (); goto leave; } err = gpgrt_b64dec_proc (state, buf, len, &len); if (err) goto leave; err = gpgrt_b64dec_finish (state); state = NULL; if (err) goto leave; err = gpgme_data_new_from_mem (&data, buf, len, 1); if (err) goto leave; *r_data = data; data = NULL; leave: xfree (data); xfree (buf); gpgrt_b64dec_finish (state); return err; } /* Create a keylist pattern array from a json keys object * in the request. Returns either a malloced NULL terminated * string array which can be used as patterns for * op_keylist_ext or NULL. */ static char ** create_keylist_patterns (cjson_t request, const char *name) { char *keystring; char *p; char *tmp; char **ret; int cnt = 2; /* Last NULL and one is not newline delimited */ int i = 0; if (get_keys (request, name, &keystring)) return NULL; for (p = keystring; *p; p++) if (*p == '\n') cnt++; ret = xcalloc (cnt, sizeof *ret); for (p = keystring, tmp = keystring; *p; p++) { if (*p != '\n') continue; *p = '\0'; ret[i++] = xstrdup (tmp); tmp = p + 1; } /* The last key is not newline delimited. */ ret[i] = *tmp ? xstrdup (tmp) : NULL; xfree (keystring); return ret; } /* Do a secret keylisting for protocol proto and add the fingerprints of the secret keys for patterns to the result as "sec-fprs" array. */ static gpg_error_t add_secret_fprs (const char **patterns, gpgme_protocol_t protocol, cjson_t result) { gpgme_ctx_t ctx; gpg_error_t err; gpgme_key_t key = NULL; cjson_t j_fprs = xjson_CreateArray (); ctx = create_onetime_context (protocol); gpgme_set_keylist_mode (ctx, GPGME_KEYLIST_MODE_LOCAL | GPGME_KEYLIST_MODE_WITH_SECRET); err = gpgme_op_keylist_ext_start (ctx, patterns, 1, 0); if (err) { gpg_error_object (result, err, "Error listing keys: %s", gpg_strerror (err)); goto leave; } while (!(err = gpgme_op_keylist_next (ctx, &key))) { if (!key || !key->fpr) continue; cJSON_AddItemToArray (j_fprs, cJSON_CreateString (key->fpr)); gpgme_key_unref (key); key = NULL; } err = 0; release_onetime_context (ctx); ctx = NULL; xjson_AddItemToObject (result, "sec-fprs", j_fprs); leave: release_onetime_context (ctx); gpgme_key_unref (key); return err; } /* Create sigsum json array */ static cjson_t sigsum_to_json (gpgme_sigsum_t summary) { cjson_t result = xjson_CreateObject (); cjson_t sigsum_array = xjson_CreateArray (); if ( (summary & GPGME_SIGSUM_VALID )) cJSON_AddItemToArray (sigsum_array, cJSON_CreateString ("valid")); if ( (summary & GPGME_SIGSUM_GREEN )) cJSON_AddItemToArray (sigsum_array, cJSON_CreateString ("green")); if ( (summary & GPGME_SIGSUM_RED )) cJSON_AddItemToArray (sigsum_array, cJSON_CreateString ("red")); if ( (summary & GPGME_SIGSUM_KEY_REVOKED)) cJSON_AddItemToArray (sigsum_array, cJSON_CreateString ("revoked")); if ( (summary & GPGME_SIGSUM_KEY_EXPIRED)) cJSON_AddItemToArray (sigsum_array, cJSON_CreateString ("key-expired")); if ( (summary & GPGME_SIGSUM_SIG_EXPIRED)) cJSON_AddItemToArray (sigsum_array, cJSON_CreateString ("sig-expired")); if ( (summary & GPGME_SIGSUM_KEY_MISSING)) cJSON_AddItemToArray (sigsum_array, cJSON_CreateString ("key-missing")); if ( (summary & GPGME_SIGSUM_CRL_MISSING)) cJSON_AddItemToArray (sigsum_array, cJSON_CreateString ("crl-missing")); if ( (summary & GPGME_SIGSUM_CRL_TOO_OLD)) cJSON_AddItemToArray (sigsum_array, cJSON_CreateString ("crl-too-old")); if ( (summary & GPGME_SIGSUM_BAD_POLICY )) cJSON_AddItemToArray (sigsum_array, cJSON_CreateString ("bad-policy")); if ( (summary & GPGME_SIGSUM_SYS_ERROR )) cJSON_AddItemToArray (sigsum_array, cJSON_CreateString ("sys-error")); /* The signature summary as string array. */ xjson_AddItemToObject (result, "sigsum", sigsum_array); /* Bools for the same. */ xjson_AddBoolToObject (result, "valid", (summary & GPGME_SIGSUM_VALID )); xjson_AddBoolToObject (result, "green", (summary & GPGME_SIGSUM_GREEN )); xjson_AddBoolToObject (result, "red", (summary & GPGME_SIGSUM_RED )); xjson_AddBoolToObject (result, "revoked", (summary & GPGME_SIGSUM_KEY_REVOKED)); xjson_AddBoolToObject (result, "key-expired", (summary & GPGME_SIGSUM_KEY_EXPIRED)); xjson_AddBoolToObject (result, "sig-expired", (summary & GPGME_SIGSUM_SIG_EXPIRED)); xjson_AddBoolToObject (result, "key-missing", (summary & GPGME_SIGSUM_KEY_MISSING)); xjson_AddBoolToObject (result, "crl-missing", (summary & GPGME_SIGSUM_CRL_MISSING)); xjson_AddBoolToObject (result, "crl-too-old", (summary & GPGME_SIGSUM_CRL_TOO_OLD)); xjson_AddBoolToObject (result, "bad-policy", (summary & GPGME_SIGSUM_BAD_POLICY )); xjson_AddBoolToObject (result, "sys-error", (summary & GPGME_SIGSUM_SYS_ERROR )); return result; } /* Helper for summary formatting */ static const char * validity_to_string (gpgme_validity_t val) { switch (val) { case GPGME_VALIDITY_UNDEFINED:return "undefined"; case GPGME_VALIDITY_NEVER: return "never"; case GPGME_VALIDITY_MARGINAL: return "marginal"; case GPGME_VALIDITY_FULL: return "full"; case GPGME_VALIDITY_ULTIMATE: return "ultimate"; case GPGME_VALIDITY_UNKNOWN: default: return "unknown"; } } static const char * protocol_to_string (gpgme_protocol_t proto) { switch (proto) { case GPGME_PROTOCOL_OpenPGP: return "OpenPGP"; case GPGME_PROTOCOL_CMS: return "CMS"; case GPGME_PROTOCOL_GPGCONF: return "gpgconf"; case GPGME_PROTOCOL_ASSUAN: return "assuan"; case GPGME_PROTOCOL_G13: return "g13"; case GPGME_PROTOCOL_UISERVER:return "uiserver"; case GPGME_PROTOCOL_SPAWN: return "spawn"; default: return "unknown"; } } /* Create a sig_notation json object */ static cjson_t sig_notation_to_json (gpgme_sig_notation_t not) { cjson_t result = xjson_CreateObject (); xjson_AddBoolToObject (result, "human_readable", not->human_readable); xjson_AddBoolToObject (result, "critical", not->critical); xjson_AddStringToObject0 (result, "name", not->name); xjson_AddStringToObject0 (result, "value", not->value); xjson_AddNumberToObject (result, "flags", not->flags); return result; } /* Create a key_sig json object */ static cjson_t key_sig_to_json (gpgme_key_sig_t sig) { cjson_t result = xjson_CreateObject (); xjson_AddBoolToObject (result, "revoked", sig->revoked); xjson_AddBoolToObject (result, "expired", sig->expired); xjson_AddBoolToObject (result, "invalid", sig->invalid); xjson_AddBoolToObject (result, "exportable", sig->exportable); xjson_AddStringToObject0 (result, "pubkey_algo_name", gpgme_pubkey_algo_name (sig->pubkey_algo)); xjson_AddStringToObject0 (result, "keyid", sig->keyid); xjson_AddStringToObject0 (result, "status", gpgme_strerror (sig->status)); xjson_AddStringToObject0 (result, "name", sig->name); xjson_AddStringToObject0 (result, "email", sig->email); xjson_AddStringToObject0 (result, "comment", sig->comment); xjson_AddNumberToObject (result, "pubkey_algo", sig->pubkey_algo); xjson_AddNumberToObject (result, "timestamp", sig->timestamp); xjson_AddNumberToObject (result, "expires", sig->expires); xjson_AddNumberToObject (result, "status_code", sig->status); xjson_AddNumberToObject (result, "sig_class", sig->sig_class); if (sig->notations) { gpgme_sig_notation_t not; cjson_t array = xjson_CreateArray (); for (not = sig->notations; not; not = not->next) cJSON_AddItemToArray (array, sig_notation_to_json (not)); xjson_AddItemToObject (result, "notations", array); } return result; } /* Create a tofu info object */ static cjson_t tofu_to_json (gpgme_tofu_info_t tofu) { cjson_t result = xjson_CreateObject (); xjson_AddStringToObject0 (result, "description", tofu->description); xjson_AddNumberToObject (result, "validity", tofu->validity); xjson_AddNumberToObject (result, "policy", tofu->policy); xjson_AddNumberToObject (result, "signcount", tofu->signcount); xjson_AddNumberToObject (result, "encrcount", tofu->encrcount); xjson_AddNumberToObject (result, "signfirst", tofu->signfirst); xjson_AddNumberToObject (result, "signlast", tofu->signlast); xjson_AddNumberToObject (result, "encrfirst", tofu->encrfirst); xjson_AddNumberToObject (result, "encrlast", tofu->encrlast); return result; } /* Create a userid json object */ static cjson_t uid_to_json (gpgme_user_id_t uid) { cjson_t result = xjson_CreateObject (); xjson_AddBoolToObject (result, "revoked", uid->revoked); xjson_AddBoolToObject (result, "invalid", uid->invalid); xjson_AddStringToObject0 (result, "validity", validity_to_string (uid->validity)); xjson_AddStringToObject0 (result, "uid", uid->uid); xjson_AddStringToObject0 (result, "name", uid->name); xjson_AddStringToObject0 (result, "email", uid->email); xjson_AddStringToObject0 (result, "comment", uid->comment); xjson_AddStringToObject0 (result, "address", uid->address); xjson_AddNumberToObject (result, "origin", uid->origin); xjson_AddNumberToObject (result, "last_update", uid->last_update); /* Key sigs */ if (uid->signatures) { cjson_t sig_array = xjson_CreateArray (); gpgme_key_sig_t sig; for (sig = uid->signatures; sig; sig = sig->next) cJSON_AddItemToArray (sig_array, key_sig_to_json (sig)); xjson_AddItemToObject (result, "signatures", sig_array); } /* TOFU info */ if (uid->tofu) { gpgme_tofu_info_t tofu; cjson_t array = xjson_CreateArray (); for (tofu = uid->tofu; tofu; tofu = tofu->next) cJSON_AddItemToArray (array, tofu_to_json (tofu)); xjson_AddItemToObject (result, "tofu", array); } return result; } /* Create a subkey json object */ static cjson_t subkey_to_json (gpgme_subkey_t sub) { cjson_t result = xjson_CreateObject (); char *tmp; xjson_AddBoolToObject (result, "revoked", sub->revoked); xjson_AddBoolToObject (result, "expired", sub->expired); xjson_AddBoolToObject (result, "disabled", sub->disabled); xjson_AddBoolToObject (result, "invalid", sub->invalid); xjson_AddBoolToObject (result, "can_encrypt", sub->can_encrypt); xjson_AddBoolToObject (result, "can_sign", sub->can_sign); xjson_AddBoolToObject (result, "can_certify", sub->can_certify); xjson_AddBoolToObject (result, "can_authenticate", sub->can_authenticate); xjson_AddBoolToObject (result, "secret", sub->secret); xjson_AddBoolToObject (result, "is_qualified", sub->is_qualified); xjson_AddBoolToObject (result, "is_cardkey", sub->is_cardkey); xjson_AddBoolToObject (result, "is_de_vs", sub->is_de_vs); xjson_AddStringToObject0 (result, "pubkey_algo_name", gpgme_pubkey_algo_name (sub->pubkey_algo)); tmp = gpgme_pubkey_algo_string (sub); xjson_AddStringToObject0 (result, "pubkey_algo_string", tmp); gpgme_free (tmp); xjson_AddStringToObject0 (result, "keyid", sub->keyid); xjson_AddStringToObject0 (result, "card_number", sub->card_number); xjson_AddStringToObject0 (result, "curve", sub->curve); xjson_AddStringToObject0 (result, "keygrip", sub->keygrip); xjson_AddNumberToObject (result, "pubkey_algo", sub->pubkey_algo); xjson_AddNumberToObject (result, "length", sub->length); xjson_AddNumberToObject (result, "timestamp", sub->timestamp); xjson_AddNumberToObject (result, "expires", sub->expires); return result; } /* Create a key json object */ static cjson_t key_to_json (gpgme_key_t key) { cjson_t result = xjson_CreateObject (); xjson_AddBoolToObject (result, "revoked", key->revoked); xjson_AddBoolToObject (result, "expired", key->expired); xjson_AddBoolToObject (result, "disabled", key->disabled); xjson_AddBoolToObject (result, "invalid", key->invalid); xjson_AddBoolToObject (result, "can_encrypt", key->can_encrypt); xjson_AddBoolToObject (result, "can_sign", key->can_sign); xjson_AddBoolToObject (result, "can_certify", key->can_certify); xjson_AddBoolToObject (result, "can_authenticate", key->can_authenticate); xjson_AddBoolToObject (result, "secret", key->secret); xjson_AddBoolToObject (result, "is_qualified", key->is_qualified); xjson_AddStringToObject0 (result, "protocol", protocol_to_string (key->protocol)); xjson_AddStringToObject0 (result, "issuer_serial", key->issuer_serial); xjson_AddStringToObject0 (result, "issuer_name", key->issuer_name); xjson_AddStringToObject0 (result, "fingerprint", key->fpr); xjson_AddStringToObject0 (result, "chain_id", key->chain_id); xjson_AddStringToObject0 (result, "owner_trust", validity_to_string (key->owner_trust)); xjson_AddNumberToObject (result, "origin", key->origin); xjson_AddNumberToObject (result, "last_update", key->last_update); /* Add subkeys */ if (key->subkeys) { cjson_t subkey_array = xjson_CreateArray (); gpgme_subkey_t sub; for (sub = key->subkeys; sub; sub = sub->next) cJSON_AddItemToArray (subkey_array, subkey_to_json (sub)); xjson_AddItemToObject (result, "subkeys", subkey_array); } /* User Ids */ if (key->uids) { cjson_t uid_array = xjson_CreateArray (); gpgme_user_id_t uid; for (uid = key->uids; uid; uid = uid->next) cJSON_AddItemToArray (uid_array, uid_to_json (uid)); xjson_AddItemToObject (result, "userids", uid_array); } return result; } /* Create a signature json object */ static cjson_t signature_to_json (gpgme_signature_t sig) { cjson_t result = xjson_CreateObject (); xjson_AddItemToObject (result, "summary", sigsum_to_json (sig->summary)); xjson_AddBoolToObject (result, "wrong_key_usage", sig->wrong_key_usage); xjson_AddBoolToObject (result, "chain_model", sig->chain_model); xjson_AddBoolToObject (result, "is_de_vs", sig->is_de_vs); xjson_AddStringToObject0 (result, "status_string", gpgme_strerror (sig->status)); xjson_AddStringToObject0 (result, "fingerprint", sig->fpr); xjson_AddStringToObject0 (result, "validity_string", validity_to_string (sig->validity)); xjson_AddStringToObject0 (result, "pubkey_algo_name", gpgme_pubkey_algo_name (sig->pubkey_algo)); xjson_AddStringToObject0 (result, "hash_algo_name", gpgme_hash_algo_name (sig->hash_algo)); xjson_AddStringToObject0 (result, "pka_address", sig->pka_address); xjson_AddNumberToObject (result, "status_code", sig->status); xjson_AddNumberToObject (result, "timestamp", sig->timestamp); xjson_AddNumberToObject (result, "exp_timestamp", sig->exp_timestamp); xjson_AddNumberToObject (result, "pka_trust", sig->pka_trust); xjson_AddNumberToObject (result, "validity", sig->validity); xjson_AddNumberToObject (result, "validity_reason", sig->validity_reason); if (sig->notations) { gpgme_sig_notation_t not; cjson_t array = xjson_CreateArray (); for (not = sig->notations; not; not = not->next) cJSON_AddItemToArray (array, sig_notation_to_json (not)); xjson_AddItemToObject (result, "notations", array); } return result; } /* Create a JSON object from a gpgme_verify result */ static cjson_t verify_result_to_json (gpgme_verify_result_t verify_result) { cjson_t result = xjson_CreateObject (); xjson_AddBoolToObject (result, "is_mime", verify_result->is_mime); if (verify_result->signatures) { cjson_t array = xjson_CreateArray (); gpgme_signature_t sig; for (sig = verify_result->signatures; sig; sig = sig->next) cJSON_AddItemToArray (array, signature_to_json (sig)); xjson_AddItemToObject (result, "signatures", array); } return result; } /* Create a recipient json object */ static cjson_t recipient_to_json (gpgme_recipient_t recp) { cjson_t result = xjson_CreateObject (); xjson_AddStringToObject0 (result, "keyid", recp->keyid); xjson_AddStringToObject0 (result, "pubkey_algo_name", gpgme_pubkey_algo_name (recp->pubkey_algo)); xjson_AddStringToObject0 (result, "status_string", gpgme_strerror (recp->status)); xjson_AddNumberToObject (result, "status_code", recp->status); return result; } /* Create a JSON object from a gpgme_decrypt result */ static cjson_t decrypt_result_to_json (gpgme_decrypt_result_t decrypt_result) { cjson_t result = xjson_CreateObject (); xjson_AddStringToObject0 (result, "file_name", decrypt_result->file_name); xjson_AddStringToObject0 (result, "symkey_algo", decrypt_result->symkey_algo); xjson_AddBoolToObject (result, "wrong_key_usage", decrypt_result->wrong_key_usage); xjson_AddBoolToObject (result, "is_de_vs", decrypt_result->is_de_vs); xjson_AddBoolToObject (result, "is_mime", decrypt_result->is_mime); xjson_AddBoolToObject (result, "legacy_cipher_nomdc", decrypt_result->legacy_cipher_nomdc); if (decrypt_result->recipients) { cjson_t array = xjson_CreateArray (); gpgme_recipient_t recp; for (recp = decrypt_result->recipients; recp; recp = recp->next) cJSON_AddItemToArray (array, recipient_to_json (recp)); xjson_AddItemToObject (result, "recipients", array); } return result; } /* Create a JSON object from an engine_info */ static cjson_t engine_info_to_json (gpgme_engine_info_t info) { cjson_t result = xjson_CreateObject (); xjson_AddStringToObject0 (result, "protocol", protocol_to_string (info->protocol)); xjson_AddStringToObject0 (result, "fname", info->file_name); xjson_AddStringToObject0 (result, "version", info->version); xjson_AddStringToObject0 (result, "req_version", info->req_version); xjson_AddStringToObject0 (result, "homedir", info->home_dir ? info->home_dir : "default"); return result; } /* Create a JSON object from an import_status */ static cjson_t import_status_to_json (gpgme_import_status_t sts) { cjson_t result = xjson_CreateObject (); xjson_AddStringToObject0 (result, "fingerprint", sts->fpr); xjson_AddStringToObject0 (result, "error_string", gpgme_strerror (sts->result)); xjson_AddNumberToObject (result, "status", sts->status); return result; } /* Create a JSON object from an import result */ static cjson_t import_result_to_json (gpgme_import_result_t imp) { cjson_t result = xjson_CreateObject (); xjson_AddNumberToObject (result, "considered", imp->considered); xjson_AddNumberToObject (result, "no_user_id", imp->no_user_id); xjson_AddNumberToObject (result, "imported", imp->imported); xjson_AddNumberToObject (result, "imported_rsa", imp->imported_rsa); xjson_AddNumberToObject (result, "unchanged", imp->unchanged); xjson_AddNumberToObject (result, "new_user_ids", imp->new_user_ids); xjson_AddNumberToObject (result, "new_sub_keys", imp->new_sub_keys); xjson_AddNumberToObject (result, "new_signatures", imp->new_signatures); xjson_AddNumberToObject (result, "new_revocations", imp->new_revocations); xjson_AddNumberToObject (result, "secret_read", imp->secret_read); xjson_AddNumberToObject (result, "secret_imported", imp->secret_imported); xjson_AddNumberToObject (result, "secret_unchanged", imp->secret_unchanged); xjson_AddNumberToObject (result, "skipped_new_keys", imp->skipped_new_keys); xjson_AddNumberToObject (result, "not_imported", imp->not_imported); xjson_AddNumberToObject (result, "skipped_v3_keys", imp->skipped_v3_keys); if (imp->imports) { cjson_t array = xjson_CreateArray (); gpgme_import_status_t status; for (status = imp->imports; status; status = status->next) cJSON_AddItemToArray (array, import_status_to_json (status)); xjson_AddItemToObject (result, "imports", array); } return result; } /* Create a JSON object from a gpgconf arg */ static cjson_t conf_arg_to_json (gpgme_conf_arg_t arg, gpgme_conf_type_t type) { cjson_t result = xjson_CreateObject (); int is_none = 0; switch (type) { case GPGME_CONF_STRING: case GPGME_CONF_PATHNAME: case GPGME_CONF_LDAP_SERVER: case GPGME_CONF_KEY_FPR: case GPGME_CONF_PUB_KEY: case GPGME_CONF_SEC_KEY: case GPGME_CONF_ALIAS_LIST: xjson_AddStringToObject0 (result, "string", arg->value.string); break; case GPGME_CONF_UINT32: xjson_AddNumberToObject (result, "number", arg->value.uint32); break; case GPGME_CONF_INT32: xjson_AddNumberToObject (result, "number", arg->value.int32); break; case GPGME_CONF_NONE: default: is_none = 1; break; } xjson_AddBoolToObject (result, "is_none", is_none); return result; } /* Create a JSON object from a gpgconf option */ static cjson_t conf_opt_to_json (gpgme_conf_opt_t opt) { cjson_t result = xjson_CreateObject (); xjson_AddStringToObject0 (result, "name", opt->name); xjson_AddStringToObject0 (result, "description", opt->description); xjson_AddStringToObject0 (result, "argname", opt->argname); xjson_AddStringToObject0 (result, "default_description", opt->default_description); xjson_AddStringToObject0 (result, "no_arg_description", opt->no_arg_description); xjson_AddNumberToObject (result, "flags", opt->flags); xjson_AddNumberToObject (result, "level", opt->level); xjson_AddNumberToObject (result, "type", opt->type); xjson_AddNumberToObject (result, "alt_type", opt->alt_type); if (opt->default_value) { cjson_t array = xjson_CreateArray (); gpgme_conf_arg_t arg; for (arg = opt->default_value; arg; arg = arg->next) cJSON_AddItemToArray (array, conf_arg_to_json (arg, opt->alt_type)); xjson_AddItemToObject (result, "default_value", array); } if (opt->no_arg_value) { cjson_t array = xjson_CreateArray (); gpgme_conf_arg_t arg; for (arg = opt->no_arg_value; arg; arg = arg->next) cJSON_AddItemToArray (array, conf_arg_to_json (arg, opt->alt_type)); xjson_AddItemToObject (result, "no_arg_value", array); } if (opt->value) { cjson_t array = xjson_CreateArray (); gpgme_conf_arg_t arg; for (arg = opt->value; arg; arg = arg->next) cJSON_AddItemToArray (array, conf_arg_to_json (arg, opt->alt_type)); xjson_AddItemToObject (result, "value", array); } return result; } /* Create a JSON object from a gpgconf component*/ static cjson_t conf_comp_to_json (gpgme_conf_comp_t cmp) { cjson_t result = xjson_CreateObject (); xjson_AddStringToObject0 (result, "name", cmp->name); xjson_AddStringToObject0 (result, "description", cmp->description); xjson_AddStringToObject0 (result, "program_name", cmp->program_name); if (cmp->options) { cjson_t array = xjson_CreateArray (); gpgme_conf_opt_t opt; for (opt = cmp->options; opt; opt = opt->next) cJSON_AddItemToArray (array, conf_opt_to_json (opt)); xjson_AddItemToObject (result, "options", array); } return result; } /* Create a gpgme_data from json string data named "name" * in the request. Takes the base64 option into account. * * Adds an error to the "result" on error. */ static gpg_error_t get_string_data (cjson_t request, cjson_t result, const char *name, gpgme_data_t *r_data) { gpgme_error_t err; int opt_base64; cjson_t j_data; if ((err = get_boolean_flag (request, "base64", 0, &opt_base64))) return err; /* Get the data. Note that INPUT is a shallow data object with the * storage hold in REQUEST. */ j_data = cJSON_GetObjectItem (request, name); if (!j_data) { return gpg_error (GPG_ERR_NO_DATA); } if (!cjson_is_string (j_data)) { return gpg_error (GPG_ERR_INV_VALUE); } if (opt_base64) { err = data_from_base64_string (r_data, j_data); if (err) { gpg_error_object (result, err, "Error decoding Base-64 encoded '%s': %s", name, gpg_strerror (err)); return err; } } else { err = gpgme_data_new_from_mem (r_data, j_data->valuestring, strlen (j_data->valuestring), 0); if (err) { gpg_error_object (result, err, "Error getting '%s': %s", name, gpg_strerror (err)); return err; } } return 0; } /* Create a "data" object and the "type" and "base64" flags * from DATA and append them to RESULT. Ownership of DATA is * transferred to this function. TYPE must be a fixed string. * If BASE64 is -1 the need for base64 encoding is determined * by the content of DATA, all other values are taken as true * or false. */ static gpg_error_t make_data_object (cjson_t result, gpgme_data_t data, const char *type, int base64) { gpg_error_t err; char *buffer; const char *s; size_t buflen, n; if (!base64 || base64 == -1) /* Make sure that we really have a string. */ gpgme_data_write (data, "", 1); buffer = gpgme_data_release_and_get_mem (data, &buflen); data = NULL; if (!buffer) { err = gpg_error_from_syserror (); goto leave; } if (base64 == -1) { base64 = 0; if (!buflen) log_fatal ("Appended Nul byte got lost\n"); /* Figure out if there is any Nul octet in the buffer. In that * case we need to Base-64 the buffer. Due to problems with the * browser's Javascript we use Base-64 also in case an UTF-8 * character is in the buffer. This is because the chunking may * split an UTF-8 characters and JS can't handle this. */ for (s=buffer, n=0; n < buflen -1; s++, n++) if (!*s || (*s & 0x80)) { buflen--; /* Adjust for the extra nul byte. */ base64 = 1; break; } } xjson_AddStringToObject (result, "type", type); xjson_AddBoolToObject (result, "base64", base64); if (base64) err = add_base64_to_object (result, "data", buffer, buflen); else err = cjson_AddStringToObject (result, "data", buffer); leave: gpgme_free (buffer); return err; } /* Encode and chunk response. * * If necessary this base64 encodes and chunks the response * for getmore so that we always return valid json independent * of the chunksize. * * A chunked response contains the base64 encoded chunk * as a string and a boolean if there is still more data * available for getmore like: * { * chunk: "SGVsbG8gV29ybGQK" * more: true * } * * Chunking is only done if the response is larger then the * chunksize. * * caller has to xfree the return value. */ static char * encode_and_chunk (cjson_t request, cjson_t response) { char *data; gpg_error_t err = 0; size_t chunksize = 0; char *getmore_request = NULL; if (opt_interactive) data = cJSON_Print (response); else data = cJSON_PrintUnformatted (response); if (!data) { err = GPG_ERR_NO_DATA; goto leave; } if (!request) { goto leave; } if ((err = get_chunksize (request, &chunksize))) { err = GPG_ERR_INV_VALUE; goto leave; } if (!chunksize) goto leave; pending_data.buffer = data; /* Data should already be encoded so that it does not contain 0.*/ pending_data.length = strlen (data); pending_data.written = 0; if (gpgrt_asprintf (&getmore_request, "{ \"op\":\"getmore\", \"chunksize\": %i }", (int) chunksize) == -1) { err = gpg_error_from_syserror (); goto leave; } data = process_request (getmore_request); leave: xfree (getmore_request); if (!err && !data) { err = GPG_ERR_GENERAL; } if (err) { cjson_t err_obj = gpg_error_object (NULL, err, "Encode and chunk failed: %s", gpgme_strerror (err)); xfree (data); if (opt_interactive) data = cJSON_Print (err_obj); data = cJSON_PrintUnformatted (err_obj); cJSON_Delete (err_obj); } return data; } /* * Implementation of the commands. */ static const char hlp_encrypt[] = "op: \"encrypt\"\n" "keys: Array of strings with the fingerprints or user-ids\n" " of the keys to encrypt the data. For a single key\n" " a String may be used instead of an array.\n" "data: Input data. \n" "\n" "Optional parameters:\n" "protocol: Either \"openpgp\" (default) or \"cms\".\n" "signing_keys: Similar to the keys parameter for added signing.\n" " (openpgp only)" "file_name: The file name associated with the data.\n" "sender: Sender info to embed in a signature.\n" "\n" "Optional boolean flags (default is false):\n" "base64: Input data is base64 encoded.\n" "mime: Indicate that data is a MIME object.\n" "armor: Request output in armored format.\n" "always-trust: Request --always-trust option.\n" "no-encrypt-to: Do not use a default recipient.\n" "no-compress: Do not compress the plaintext first.\n" "throw-keyids: Request the --throw-keyids option.\n" "want-address: Require that the keys include a mail address.\n" "wrap: Assume the input is an OpenPGP message.\n" "\n" "Response on success:\n" "type: \"ciphertext\"\n" "data: Unless armor mode is used a Base64 encoded binary\n" " ciphertext. In armor mode a string with an armored\n" " OpenPGP or a PEM message.\n" "base64: Boolean indicating whether data is base64 encoded."; static gpg_error_t op_encrypt (cjson_t request, cjson_t result) { gpg_error_t err; gpgme_ctx_t ctx = NULL; gpgme_protocol_t protocol; char **signing_patterns = NULL; int opt_mime; char *keystring = NULL; char *file_name = NULL; gpgme_data_t input = NULL; gpgme_data_t output = NULL; int abool; gpgme_encrypt_flags_t encrypt_flags = 0; gpgme_ctx_t keylist_ctx = NULL; gpgme_key_t key = NULL; cjson_t j_tmp = NULL; if ((err = get_protocol (request, &protocol))) goto leave; ctx = get_context (protocol); if ((err = get_boolean_flag (request, "mime", 0, &opt_mime))) goto leave; if ((err = get_boolean_flag (request, "armor", 0, &abool))) goto leave; gpgme_set_armor (ctx, abool); if ((err = get_boolean_flag (request, "always-trust", 0, &abool))) goto leave; if (abool) encrypt_flags |= GPGME_ENCRYPT_ALWAYS_TRUST; if ((err = get_boolean_flag (request, "no-encrypt-to", 0,&abool))) goto leave; if (abool) encrypt_flags |= GPGME_ENCRYPT_NO_ENCRYPT_TO; if ((err = get_boolean_flag (request, "no-compress", 0, &abool))) goto leave; if (abool) encrypt_flags |= GPGME_ENCRYPT_NO_COMPRESS; if ((err = get_boolean_flag (request, "throw-keyids", 0, &abool))) goto leave; if (abool) encrypt_flags |= GPGME_ENCRYPT_THROW_KEYIDS; if ((err = get_boolean_flag (request, "wrap", 0, &abool))) goto leave; if (abool) encrypt_flags |= GPGME_ENCRYPT_WRAP; if ((err = get_boolean_flag (request, "want-address", 0, &abool))) goto leave; if (abool) encrypt_flags |= GPGME_ENCRYPT_WANT_ADDRESS; j_tmp = cJSON_GetObjectItem (request, "file_name"); if (j_tmp && cjson_is_string (j_tmp)) { file_name = j_tmp->valuestring; } j_tmp = cJSON_GetObjectItem (request, "sender"); if (j_tmp && cjson_is_string (j_tmp)) { gpgme_set_sender (ctx, j_tmp->valuestring); } /* Get the keys. */ err = get_keys (request, "keys", &keystring); if (err) { /* Provide a custom error response. */ gpg_error_object (result, err, "Error getting keys: %s", gpg_strerror (err)); goto leave; } /* Do we have signing keys ? */ signing_patterns = create_keylist_patterns (request, "signing_keys"); if (signing_patterns) { keylist_ctx = create_onetime_context (protocol); gpgme_set_keylist_mode (keylist_ctx, GPGME_KEYLIST_MODE_LOCAL); err = gpgme_op_keylist_ext_start (keylist_ctx, (const char **) signing_patterns, 1, 0); if (err) { gpg_error_object (result, err, "Error listing keys: %s", gpg_strerror (err)); goto leave; } while (!(err = gpgme_op_keylist_next (keylist_ctx, &key))) { if ((err = gpgme_signers_add (ctx, key))) { gpg_error_object (result, err, "Error adding signer: %s", gpg_strerror (err)); goto leave; } gpgme_key_unref (key); key = NULL; } release_onetime_context (keylist_ctx); keylist_ctx = NULL; } if ((err = get_string_data (request, result, "data", &input))) goto leave; if (opt_mime) gpgme_data_set_encoding (input, GPGME_DATA_ENCODING_MIME); if (file_name) { gpgme_data_set_file_name (input, file_name); } /* Create an output data object. */ err = gpgme_data_new (&output); if (err) { gpg_error_object (result, err, "Error creating output data object: %s", gpg_strerror (err)); goto leave; } /* Encrypt. */ if (!signing_patterns) { err = gpgme_op_encrypt_ext (ctx, NULL, keystring, encrypt_flags, input, output); } else { err = gpgme_op_encrypt_sign_ext (ctx, NULL, keystring, encrypt_flags, input, output); } /* encrypt_result = gpgme_op_encrypt_result (ctx); */ if (err) { gpg_error_object (result, err, "Encryption failed: %s", gpg_strerror (err)); goto leave; } gpgme_data_release (input); input = NULL; /* We need to base64 if armoring has not been requested. */ err = make_data_object (result, output, "ciphertext", !gpgme_get_armor (ctx)); output = NULL; leave: xfree_array (signing_patterns); xfree (keystring); release_onetime_context (keylist_ctx); /* Reset sender in case the context is reused */ gpgme_set_sender (ctx, NULL); gpgme_key_unref (key); gpgme_signers_clear (ctx); release_context (ctx); gpgme_data_release (input); gpgme_data_release (output); return err; } static const char hlp_decrypt[] = "op: \"decrypt\"\n" "data: The encrypted data.\n" "\n" "Optional parameters:\n" "protocol: Either \"openpgp\" (default) or \"cms\".\n" "\n" "Optional boolean flags (default is false):\n" "base64: Input data is base64 encoded.\n" "\n" "Response on success:\n" "type: \"plaintext\"\n" "data: The decrypted data. This may be base64 encoded.\n" "base64: Boolean indicating whether data is base64 encoded.\n" "mime: deprecated - use dec_info is_mime instead\n" "dec_info: An object with decryption information. (gpgme_decrypt_result_t)\n" " Boolean values:\n" " wrong_key_usage: Key should not have been used for encryption.\n" " is_de_vs: Message was encrypted in compliance to the de-vs\n" " mode.\n" " is_mime: Message claims that the content is a MIME Message.\n" " legacy_cipher_nomdc: The message was made by a legacy algorithm\n" " without integrity protection.\n" " String values:\n" " file_name: The filename contained in the decrypt result.\n" " symkey_algo: A string with the symmetric encryption algorithm and\n" " mode using the format \".\".\n" " Array values:\n" " recipients: The list of recipients (gpgme_recipient_t).\n" " String values:\n" " keyid: The keyid of the recipient.\n" " pubkey_algo_name: gpgme_pubkey_algo_name of used algo.\n" " status_string: The status code as localized gpg-error string\n" " Number values:\n" " status_code: The status as a number. (gpg_error_t)\n" "info: Optional an object with verification information.\n" " (gpgme_verify_result_t)\n" " file_name: The filename contained in the verify result.\n" " is_mime: The is_mime info contained in the verify result.\n" " signatures: Array of signatures\n" " summary: Object containing summary information.\n" " Boolean values: (Check gpgme_sigsum_t doc for meaning)\n" " valid\n" " green\n" " red\n" " revoked\n" " key-expired\n" " sig-expired\n" " key-missing\n" " crl-missing\n" " crl-too-old\n" " bad-policy\n" " sys-error\n" " sigsum: Array of strings representing the sigsum.\n" " Boolean values:\n" " wrong_key_usage: Key should not have been used for signing.\n" " chain_model: Validity has been verified using the chain model.\n" " is_de_vs: signature is in compliance to the de-vs mode.\n" " String values:\n" " status_string: The status code as localized gpg-error string\n" " fingerprint: The fingerprint of the signing key.\n" " validity_string: The validity as string.\n" " pubkey_algo_name: gpgme_pubkey_algo_name of used algo.\n" " hash_algo_name: gpgme_hash_algo_name of used hash algo\n" " pka_address: The mailbox from the PKA information.\n" " Number values:\n" " status_code: The status as a number. (gpg_error_t)\n" " timestamp: Signature creation time. (secs since epoch)\n" " exp_timestamp: Signature expiration or 0. (secs since epoch)\n" " pka_trust: PKA status: 0 = not available, 1 = bad, 2 = okay, 3 = RFU.\n" " validity: validity as number (gpgme_validity_t)\n" " validity_reason: (gpg_error_t)\n" " Array values:\n" " notations: Notation data and policy urls (gpgme_sig_notation_t)\n" " Boolean values:\n" " human_readable\n" " critical\n" " String values:\n" " name\n" " value\n" " Number values:\n" " flags\n"; static gpg_error_t op_decrypt (cjson_t request, cjson_t result) { gpg_error_t err; gpgme_ctx_t ctx = NULL; gpgme_protocol_t protocol; gpgme_data_t input = NULL; gpgme_data_t output = NULL; gpgme_decrypt_result_t decrypt_result; gpgme_verify_result_t verify_result; if ((err = get_protocol (request, &protocol))) goto leave; ctx = get_context (protocol); if ((err = get_string_data (request, result, "data", &input))) goto leave; /* Create an output data object. */ err = gpgme_data_new (&output); if (err) { gpg_error_object (result, err, "Error creating output data object: %s", gpg_strerror (err)); goto leave; } /* Decrypt. */ err = gpgme_op_decrypt_ext (ctx, GPGME_DECRYPT_VERIFY, input, output); decrypt_result = gpgme_op_decrypt_result (ctx); if (err) { gpg_error_object (result, err, "Decryption failed: %s", gpg_strerror (err)); goto leave; } gpgme_data_release (input); input = NULL; if (decrypt_result->is_mime) xjson_AddBoolToObject (result, "mime", 1); xjson_AddItemToObject (result, "dec_info", decrypt_result_to_json (decrypt_result)); verify_result = gpgme_op_verify_result (ctx); if (verify_result && verify_result->signatures) { xjson_AddItemToObject (result, "info", verify_result_to_json (verify_result)); } err = make_data_object (result, output, "plaintext", -1); output = NULL; if (err) { gpg_error_object (result, err, "Plaintext output failed: %s", gpg_strerror (err)); goto leave; } leave: release_context (ctx); gpgme_data_release (input); gpgme_data_release (output); return err; } static const char hlp_sign[] = "op: \"sign\"\n" "keys: Array of strings with the fingerprints of the signing key.\n" " For a single key a String may be used instead of an array.\n" "data: Input data. \n" "\n" "Optional parameters:\n" "protocol: Either \"openpgp\" (default) or \"cms\".\n" "sender: The mail address of the sender.\n" "mode: A string with the signing mode can be:\n" " detached (default)\n" " opaque\n" " clearsign\n" "\n" "Optional boolean flags (default is false):\n" "base64: Input data is base64 encoded.\n" "armor: Request output in armored format.\n" "\n" "Response on success:\n" "type: \"signature\"\n" "data: Unless armor mode is used a Base64 encoded binary\n" " signature. In armor mode a string with an armored\n" " OpenPGP or a PEM message.\n" "base64: Boolean indicating whether data is base64 encoded.\n"; static gpg_error_t op_sign (cjson_t request, cjson_t result) { gpg_error_t err; gpgme_ctx_t ctx = NULL; gpgme_protocol_t protocol; char **patterns = NULL; gpgme_data_t input = NULL; gpgme_data_t output = NULL; int abool; cjson_t j_tmp; gpgme_sig_mode_t mode = GPGME_SIG_MODE_DETACH; gpgme_ctx_t keylist_ctx = NULL; gpgme_key_t key = NULL; if ((err = get_protocol (request, &protocol))) goto leave; ctx = get_context (protocol); if ((err = get_boolean_flag (request, "armor", 0, &abool))) goto leave; gpgme_set_armor (ctx, abool); j_tmp = cJSON_GetObjectItem (request, "mode"); if (j_tmp && cjson_is_string (j_tmp)) { if (!strcmp (j_tmp->valuestring, "opaque")) { mode = GPGME_SIG_MODE_NORMAL; } else if (!strcmp (j_tmp->valuestring, "clearsign")) { mode = GPGME_SIG_MODE_CLEAR; } } j_tmp = cJSON_GetObjectItem (request, "sender"); if (j_tmp && cjson_is_string (j_tmp)) { gpgme_set_sender (ctx, j_tmp->valuestring); } patterns = create_keylist_patterns (request, "keys"); if (!patterns) { gpg_error_object (result, err, "Error getting keys: %s", gpg_strerror (gpg_error (GPG_ERR_NO_KEY))); goto leave; } /* Do a keylisting and add the keys */ keylist_ctx = create_onetime_context (protocol); gpgme_set_keylist_mode (keylist_ctx, GPGME_KEYLIST_MODE_LOCAL); err = gpgme_op_keylist_ext_start (keylist_ctx, (const char **) patterns, 1, 0); if (err) { gpg_error_object (result, err, "Error listing keys: %s", gpg_strerror (err)); goto leave; } while (!(err = gpgme_op_keylist_next (keylist_ctx, &key))) { if ((err = gpgme_signers_add (ctx, key))) { gpg_error_object (result, err, "Error adding signer: %s", gpg_strerror (err)); goto leave; } gpgme_key_unref (key); key = NULL; } if ((err = get_string_data (request, result, "data", &input))) goto leave; /* Create an output data object. */ err = gpgme_data_new (&output); if (err) { gpg_error_object (result, err, "Error creating output data object: %s", gpg_strerror (err)); goto leave; } /* Sign. */ err = gpgme_op_sign (ctx, input, output, mode); if (err) { gpg_error_object (result, err, "Signing failed: %s", gpg_strerror (err)); goto leave; } gpgme_data_release (input); input = NULL; /* We need to base64 if armoring has not been requested. */ err = make_data_object (result, output, "signature", !gpgme_get_armor (ctx)); output = NULL; leave: xfree_array (patterns); gpgme_signers_clear (ctx); gpgme_key_unref (key); release_onetime_context (keylist_ctx); release_context (ctx); gpgme_data_release (input); gpgme_data_release (output); return err; } static const char hlp_verify[] = "op: \"verify\"\n" "data: The data to verify.\n" "\n" "Optional parameters:\n" "protocol: Either \"openpgp\" (default) or \"cms\".\n" "signature: A detached signature. If missing opaque is assumed.\n" "\n" "Optional boolean flags (default is false):\n" "base64: Input data is base64 encoded.\n" "\n" "Response on success:\n" "type: \"plaintext\"\n" "data: The verified data. This may be base64 encoded.\n" "base64: Boolean indicating whether data is base64 encoded.\n" "info: An object with verification information (gpgme_verify_result_t).\n" " is_mime: Boolean that is true if the messages claims it is MIME.\n" " Note that this flag is not covered by the signature.)\n" " signatures: Array of signatures\n" " summary: Object containing summary information.\n" " Boolean values: (Check gpgme_sigsum_t doc for meaning)\n" " valid\n" " green\n" " red\n" " revoked\n" " key-expired\n" " sig-expired\n" " key-missing\n" " crl-missing\n" " crl-too-old\n" " bad-policy\n" " sys-error\n" " sigsum: Array of strings representing the sigsum.\n" " Boolean values:\n" " wrong_key_usage: Key should not have been used for signing.\n" " chain_model: Validity has been verified using the chain model.\n" " is_de_vs: signature is in compliance to the de-vs mode.\n" " String values:\n" " status_string: The status code as localized gpg-error string\n" " fingerprint: The fingerprint of the signing key.\n" " validity_string: The validity as string.\n" " pubkey_algo_name: gpgme_pubkey_algo_name of used algo.\n" " hash_algo_name: gpgme_hash_algo_name of used hash algo\n" " pka_address: The mailbox from the PKA information.\n" " Number values:\n" " status_code: The status as a number. (gpg_error_t)\n" " timestamp: Signature creation time. (secs since epoch)\n" " exp_timestamp: Signature expiration or 0. (secs since epoch)\n" " pka_trust: PKA status: 0 = not available, 1 = bad, 2 = okay, 3 = RFU.\n" " validity: validity as number (gpgme_validity_t)\n" " validity_reason: (gpg_error_t)\n" " Array values:\n" " notations: Notation data and policy urls (gpgme_sig_notation_t)\n" " Boolean values:\n" " human_readable\n" " critical\n" " String values:\n" " name\n" " value\n" " Number values:\n" " flags\n"; static gpg_error_t op_verify (cjson_t request, cjson_t result) { gpg_error_t err; gpgme_ctx_t ctx = NULL; gpgme_protocol_t protocol; gpgme_data_t input = NULL; gpgme_data_t signature = NULL; gpgme_data_t output = NULL; gpgme_verify_result_t verify_result; if ((err = get_protocol (request, &protocol))) goto leave; ctx = get_context (protocol); if ((err = get_string_data (request, result, "data", &input))) goto leave; err = get_string_data (request, result, "signature", &signature); /* Signature data is optional otherwise we expect opaque or clearsigned. */ if (err && err != gpg_error (GPG_ERR_NO_DATA)) goto leave; if (!signature) { /* Verify opaque or clearsigned we need an output data object. */ err = gpgme_data_new (&output); if (err) { gpg_error_object (result, err, "Error creating output data object: %s", gpg_strerror (err)); goto leave; } err = gpgme_op_verify (ctx, input, 0, output); } else { err = gpgme_op_verify (ctx, signature, input, NULL); } if (err) { gpg_error_object (result, err, "Verify failed: %s", gpg_strerror (err)); goto leave; } gpgme_data_release (input); input = NULL; gpgme_data_release (signature); signature = NULL; verify_result = gpgme_op_verify_result (ctx); if (verify_result && verify_result->signatures) { xjson_AddItemToObject (result, "info", verify_result_to_json (verify_result)); } if (output) { err = make_data_object (result, output, "plaintext", -1); output = NULL; if (err) { gpg_error_object (result, err, "Plaintext output failed: %s", gpg_strerror (err)); goto leave; } } leave: release_context (ctx); gpgme_data_release (input); gpgme_data_release (output); gpgme_data_release (signature); return err; } static const char hlp_version[] = "op: \"version\"\n" "\n" "Response on success:\n" "gpgme: The GPGME Version.\n" "info: dump of engine info. containing:\n" " protocol: The protocol.\n" " fname: The file name.\n" " version: The version.\n" " req_ver: The required version.\n" " homedir: The homedir of the engine or \"default\".\n"; static gpg_error_t op_version (cjson_t request, cjson_t result) { gpg_error_t err = 0; gpgme_engine_info_t ei = NULL; cjson_t infos = xjson_CreateArray (); (void)request; if (!cJSON_AddStringToObject (result, "gpgme", gpgme_check_version (NULL))) { cJSON_Delete (infos); return gpg_error_from_syserror (); } if ((err = gpgme_get_engine_info (&ei))) { cJSON_Delete (infos); return err; } for (; ei; ei = ei->next) cJSON_AddItemToArray (infos, engine_info_to_json (ei)); if (!cJSON_AddItemToObject (result, "info", infos)) { err = gpg_error_from_syserror (); cJSON_Delete (infos); return err; } return 0; } static const char hlp_keylist[] = "op: \"keylist\"\n" "\n" "Optional parameters:\n" "keys: Array of strings or fingerprints to lookup\n" " For a single key a String may be used instead of an array.\n" " default lists all keys.\n" "protocol: Either \"openpgp\" (default) or \"cms\".\n" "\n" "Optional boolean flags (default is false):\n" "secret: List only secret keys.\n" "with-secret: Add KEYLIST_MODE_WITH_SECRET.\n" "extern: Add KEYLIST_MODE_EXTERN.\n" "local: Add KEYLIST_MODE_LOCAL. (default mode).\n" "sigs: Add KEYLIST_MODE_SIGS.\n" "notations: Add KEYLIST_MODE_SIG_NOTATIONS.\n" "tofu: Add KEYLIST_MODE_WITH_TOFU.\n" "keygrip: Add KEYLIST_MODE_WITH_KEYGRIP.\n" "ephemeral: Add KEYLIST_MODE_EPHEMERAL.\n" "validate: Add KEYLIST_MODE_VALIDATE.\n" "locate: Add KEYLIST_MODE_LOCATE.\n" "\n" "Response on success:\n" "keys: Array of keys.\n" " Boolean values:\n" " revoked\n" " expired\n" " disabled\n" " invalid\n" " can_encrypt\n" " can_sign\n" " can_certify\n" " can_authenticate\n" " secret\n" " is_qualified\n" " String values:\n" " protocol\n" " issuer_serial (CMS Only)\n" " issuer_name (CMS Only)\n" " chain_id (CMS Only)\n" " owner_trust (OpenPGP only)\n" " fingerprint\n" " Number values:\n" " last_update\n" " origin\n" " Array values:\n" " subkeys\n" " Boolean values:\n" " revoked\n" " expired\n" " disabled\n" " invalid\n" " can_encrypt\n" " can_sign\n" " can_certify\n" " can_authenticate\n" " secret\n" " is_qualified\n" " is_cardkey\n" " is_de_vs\n" " String values:\n" " pubkey_algo_name\n" " pubkey_algo_string\n" " keyid\n" " card_number\n" " curve\n" " keygrip\n" " Number values:\n" " pubkey_algo\n" " length\n" " timestamp\n" " expires\n" " userids\n" " Boolean values:\n" " revoked\n" " invalid\n" " String values:\n" " validity\n" " uid\n" " name\n" " email\n" " comment\n" " address\n" " Number values:\n" " origin\n" " last_update\n" " Array values:\n" " signatures\n" " Boolean values:\n" " revoked\n" " expired\n" " invalid\n" " exportable\n" " String values:\n" " pubkey_algo_name\n" " keyid\n" " status\n" " uid\n" " name\n" " email\n" " comment\n" " Number values:\n" " pubkey_algo\n" " timestamp\n" " expires\n" " status_code\n" " sig_class\n" " Array values:\n" " notations\n" " Boolean values:\n" " human_readable\n" " critical\n" " String values:\n" " name\n" " value\n" " Number values:\n" " flags\n" " tofu\n" " String values:\n" " description\n" " Number values:\n" " validity\n" " policy\n" " signcount\n" " encrcount\n" " signfirst\n" " signlast\n" " encrfirst\n" " encrlast\n"; static gpg_error_t op_keylist (cjson_t request, cjson_t result) { gpg_error_t err; gpgme_ctx_t ctx = NULL; gpgme_protocol_t protocol; char **patterns = NULL; int abool; int secret_only = 0; gpgme_keylist_mode_t mode = 0; gpgme_key_t key = NULL; cjson_t keyarray = xjson_CreateArray (); if ((err = get_protocol (request, &protocol))) goto leave; ctx = get_context (protocol); /* Handle the various keylist mode bools. */ if ((err = get_boolean_flag (request, "secret", 0, &abool))) goto leave; if (abool) { mode |= GPGME_KEYLIST_MODE_WITH_SECRET; secret_only = 1; } if ((err = get_boolean_flag (request, "with-secret", 0, &abool))) goto leave; if (abool) mode |= GPGME_KEYLIST_MODE_WITH_SECRET; if ((err = get_boolean_flag (request, "extern", 0, &abool))) goto leave; if (abool) mode |= GPGME_KEYLIST_MODE_EXTERN; if ((err = get_boolean_flag (request, "local", 0, &abool))) goto leave; if (abool) mode |= GPGME_KEYLIST_MODE_LOCAL; if ((err = get_boolean_flag (request, "sigs", 0, &abool))) goto leave; if (abool) mode |= GPGME_KEYLIST_MODE_SIGS; if ((err = get_boolean_flag (request, "notations", 0, &abool))) goto leave; if (abool) mode |= GPGME_KEYLIST_MODE_SIG_NOTATIONS; if ((err = get_boolean_flag (request, "tofu", 0, &abool))) goto leave; if (abool) mode |= GPGME_KEYLIST_MODE_WITH_TOFU; if ((err = get_boolean_flag (request, "keygrip", 0, &abool))) goto leave; if (abool) mode |= GPGME_KEYLIST_MODE_WITH_KEYGRIP; if ((err = get_boolean_flag (request, "ephemeral", 0, &abool))) goto leave; if (abool) mode |= GPGME_KEYLIST_MODE_EPHEMERAL; if ((err = get_boolean_flag (request, "validate", 0, &abool))) goto leave; if (abool) mode |= GPGME_KEYLIST_MODE_VALIDATE; if ((err = get_boolean_flag (request, "locate", 0, &abool))) goto leave; if (abool) mode |= GPGME_KEYLIST_MODE_LOCATE; if ((err = get_boolean_flag (request, "force-extern", 0, &abool))) goto leave; if (abool) mode |= GPGME_KEYLIST_MODE_FORCE_EXTERN; if (!mode) { /* default to local */ mode = GPGME_KEYLIST_MODE_LOCAL; } /* Get the keys. */ patterns = create_keylist_patterns (request, "keys"); /* Do a keylisting and add the keys */ gpgme_set_keylist_mode (ctx, mode); err = gpgme_op_keylist_ext_start (ctx, (const char **) patterns, secret_only, 0); if (err) { gpg_error_object (result, err, "Error listing keys: %s", gpg_strerror (err)); goto leave; } while (!(err = gpgme_op_keylist_next (ctx, &key))) { cJSON_AddItemToArray (keyarray, key_to_json (key)); gpgme_key_unref (key); } err = 0; if (!cJSON_AddItemToObject (result, "keys", keyarray)) { err = gpg_error_from_syserror (); goto leave; } leave: xfree_array (patterns); if (err) { cJSON_Delete (keyarray); } return err; } static const char hlp_import[] = "op: \"import\"\n" "data: The data to import.\n" "\n" "Optional parameters:\n" "protocol: Either \"openpgp\" (default) or \"cms\".\n" "\n" "Optional boolean flags (default is false):\n" "base64: Input data is base64 encoded.\n" "\n" "Response on success:\n" "result: The import result.\n" " Number values:\n" " considered\n" " no_user_id\n" " imported\n" " imported_rsa\n" " unchanged\n" " new_user_ids\n" " new_sub_keys\n" " new_signatures\n" " new_revocations\n" " secret_read\n" " secret_imported\n" " secret_unchanged\n" " skipped_new_keys\n" " not_imported\n" " skipped_v3_keys\n" " Array values:\n" " imports: List of keys for which an import was attempted\n" " String values:\n" " fingerprint\n" " error_string\n" " Number values:\n" " error_code\n" " status\n"; static gpg_error_t op_import (cjson_t request, cjson_t result) { gpg_error_t err; gpgme_ctx_t ctx = NULL; gpgme_data_t input = NULL; gpgme_import_result_t import_result; gpgme_protocol_t protocol; if ((err = get_protocol (request, &protocol))) goto leave; ctx = get_context (protocol); if ((err = get_string_data (request, result, "data", &input))) goto leave; /* Import. */ err = gpgme_op_import (ctx, input); import_result = gpgme_op_import_result (ctx); if (err) { gpg_error_object (result, err, "Import failed: %s", gpg_strerror (err)); goto leave; } gpgme_data_release (input); input = NULL; xjson_AddItemToObject (result, "result", import_result_to_json (import_result)); leave: release_context (ctx); gpgme_data_release (input); return err; } static const char hlp_export[] = "op: \"export\"\n" "\n" "Optional parameters:\n" "keys: Array of strings or fingerprints to lookup\n" " For a single key a String may be used instead of an array.\n" " default exports all keys.\n" "protocol: Either \"openpgp\" (default) or \"cms\".\n" "\n" "Optional boolean flags (default is false):\n" "armor: Request output in armored format.\n" "extern: Add EXPORT_MODE_EXTERN.\n" "minimal: Add EXPORT_MODE_MINIMAL.\n" "raw: Add EXPORT_MODE_RAW.\n" "pkcs12: Add EXPORT_MODE_PKCS12.\n" "with-sec-fprs: Add the sec-fprs array to the result.\n" "\n" "Response on success:\n" "type: \"keys\"\n" "data: Unless armor mode is used a Base64 encoded binary.\n" " In armor mode a string with an armored\n" " OpenPGP or a PEM / PKCS12 key.\n" "base64: Boolean indicating whether data is base64 encoded.\n" "sec-fprs: Optional, only if with-secret is set. An array containing\n" " the fingerprints of the keys in the export for which a secret\n" " key is available"; static gpg_error_t op_export (cjson_t request, cjson_t result) { gpg_error_t err; gpgme_ctx_t ctx = NULL; gpgme_protocol_t protocol; char **patterns = NULL; int abool; int with_secret = 0; gpgme_export_mode_t mode = 0; gpgme_data_t output = NULL; if ((err = get_protocol (request, &protocol))) goto leave; ctx = get_context (protocol); if ((err = get_boolean_flag (request, "armor", 0, &abool))) goto leave; gpgme_set_armor (ctx, abool); /* Handle the various export mode bools. */ if ((err = get_boolean_flag (request, "secret", 0, &abool))) goto leave; if (abool) { err = gpg_error (GPG_ERR_FORBIDDEN); goto leave; } if ((err = get_boolean_flag (request, "extern", 0, &abool))) goto leave; if (abool) mode |= GPGME_EXPORT_MODE_EXTERN; if ((err = get_boolean_flag (request, "minimal", 0, &abool))) goto leave; if (abool) mode |= GPGME_EXPORT_MODE_MINIMAL; if ((err = get_boolean_flag (request, "raw", 0, &abool))) goto leave; if (abool) mode |= GPGME_EXPORT_MODE_RAW; if ((err = get_boolean_flag (request, "pkcs12", 0, &abool))) goto leave; if (abool) mode |= GPGME_EXPORT_MODE_PKCS12; if ((err = get_boolean_flag (request, "with-sec-fprs", 0, &abool))) goto leave; if (abool) with_secret = 1; /* Get the export patterns. */ patterns = create_keylist_patterns (request, "keys"); /* Create an output data object. */ err = gpgme_data_new (&output); if (err) { gpg_error_object (result, err, "Error creating output data object: %s", gpg_strerror (err)); goto leave; } err = gpgme_op_export_ext (ctx, (const char **) patterns, mode, output); if (err) { gpg_error_object (result, err, "Error exporting keys: %s", gpg_strerror (err)); goto leave; } /* We need to base64 if armoring has not been requested. */ err = make_data_object (result, output, "keys", !gpgme_get_armor (ctx)); output = NULL; if (!err && with_secret) { err = add_secret_fprs ((const char **) patterns, protocol, result); } leave: xfree_array (patterns); release_context (ctx); gpgme_data_release (output); return err; } static const char hlp_delete[] = "op: \"delete\"\n" "key: Fingerprint of the key to delete.\n" "\n" "Optional parameters:\n" "protocol: Either \"openpgp\" (default) or \"cms\".\n" "\n" "Response on success:\n" "success: Boolean true.\n"; static gpg_error_t op_delete (cjson_t request, cjson_t result) { gpg_error_t err; gpgme_ctx_t ctx = NULL; gpgme_ctx_t keylist_ctx = NULL; gpgme_protocol_t protocol; gpgme_key_t key = NULL; int secret = 0; cjson_t j_key = NULL; if ((err = get_protocol (request, &protocol))) goto leave; ctx = get_context (protocol); keylist_ctx = get_context (protocol); if ((err = get_boolean_flag (request, "secret", 0, &secret))) goto leave; if (secret) { err = gpg_error (GPG_ERR_FORBIDDEN); goto leave; } j_key = cJSON_GetObjectItem (request, "key"); if (!j_key) { err = gpg_error (GPG_ERR_NO_KEY); goto leave; } if (!cjson_is_string (j_key)) { err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } /* Get the key */ if ((err = gpgme_get_key (keylist_ctx, j_key->valuestring, &key, 0))) { gpg_error_object (result, err, "Error fetching key for delete: %s", gpg_strerror (err)); goto leave; } err = gpgme_op_delete (ctx, key, 0); if (err) { gpg_error_object (result, err, "Error deleting key: %s", gpg_strerror (err)); goto leave; } xjson_AddBoolToObject (result, "success", 1); leave: gpgme_key_unref (key); release_context (ctx); release_context (keylist_ctx); return err; } static const char hlp_config_opt[] = "op: \"config_opt\"\n" "component: The component of the option.\n" "option: The name of the option.\n" "\n" "Response on success:\n" "\n" "option: Information about the option.\n" " String values:\n" " name: The name of the option\n" " description: Localized description of the opt.\n" " argname: Thhe argument name e.g. --verbose\n" " default_description\n" " no_arg_description\n" " Number values:\n" " flags: Flags for this option.\n" " level: the level of the description. See gpgme_conf_level_t.\n" " type: The type of the option. See gpgme_conf_type_t.\n" " alt_type: Alternate type of the option. See gpgme_conf_type_t\n" " Arg type values: (see desc. below)\n" " default_value: Array of the default value.\n" " no_arg_value: Array of the value if it is not set.\n" " value: Array for the current value if the option is set.\n" "\n" "If the response is empty the option was not found\n" ""; static gpg_error_t op_config_opt (cjson_t request, cjson_t result) { gpg_error_t err; gpgme_ctx_t ctx = NULL; gpgme_conf_comp_t conf = NULL; gpgme_conf_comp_t comp = NULL; cjson_t j_tmp; char *comp_name = NULL; char *opt_name = NULL; ctx = get_context (GPGME_PROTOCOL_GPGCONF); j_tmp = cJSON_GetObjectItem (request, "component"); if (!j_tmp || !cjson_is_string (j_tmp)) { err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } comp_name = j_tmp->valuestring; j_tmp = cJSON_GetObjectItem (request, "option"); if (!j_tmp || !cjson_is_string (j_tmp)) { err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } opt_name = j_tmp->valuestring; /* Load the config */ err = gpgme_op_conf_load (ctx, &conf); if (err) { goto leave; } comp = conf; for (comp = conf; comp; comp = comp->next) { gpgme_conf_opt_t opt = NULL; int found = 0; if (!comp->name || strcmp (comp->name, comp_name)) { /* Skip components if a single one is specified */ continue; } for (opt = comp->options; opt; opt = opt->next) { if (!opt->name || strcmp (opt->name, opt_name)) { /* Skip components if a single one is specified */ continue; } xjson_AddItemToObject (result, "option", conf_opt_to_json (opt)); found = 1; break; } if (found) break; } leave: gpgme_conf_release (conf); release_context (ctx); return err; } static const char hlp_config[] = "op: \"config\"\n" "\n" "Optional parameters:\n" "component: Component of entries to list.\n" " Default: all\n" "\n" "Response on success:\n" " components: Array of the component program configs.\n" " name: The component name.\n" " description: Description of the component.\n" " program_name: The absolute path to the program.\n" " options: Array of config options\n" " String values:\n" " name: The name of the option\n" " description: Localized description of the opt.\n" " argname: Thhe argument name e.g. --verbose\n" " default_description\n" " no_arg_description\n" " Number values:\n" " flags: Flags for this option.\n" " level: the level of the description. See gpgme_conf_level_t.\n" " type: The type of the option. See gpgme_conf_type_t.\n" " alt_type: Alternate type of the option. See gpgme_conf_type_t\n" " Arg type values: (see desc. below)\n" " default_value: Array of the default value.\n" " no_arg_value: Array of the value if it is not set.\n" " value: Array for the current value if the option is set.\n" "\n" "Conf type values are an array of values that are either\n" "of type number named \"number\" or of type string,\n" "named \"string\".\n" "If the type is none the bool value is_none is true.\n" ""; static gpg_error_t op_config (cjson_t request, cjson_t result) { gpg_error_t err; gpgme_ctx_t ctx = NULL; gpgme_conf_comp_t conf = NULL; gpgme_conf_comp_t comp = NULL; cjson_t j_tmp; char *comp_name = NULL; cjson_t j_comps; ctx = get_context (GPGME_PROTOCOL_GPGCONF); j_tmp = cJSON_GetObjectItem (request, "component"); if (j_tmp && cjson_is_string (j_tmp)) { comp_name = j_tmp->valuestring; } else if (j_tmp && !cjson_is_string (j_tmp)) { err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } /* Load the config */ err = gpgme_op_conf_load (ctx, &conf); if (err) { goto leave; } j_comps = xjson_CreateArray (); comp = conf; for (comp = conf; comp; comp = comp->next) { if (comp_name && comp->name && strcmp (comp->name, comp_name)) { /* Skip components if a single one is specified */ continue; } cJSON_AddItemToArray (j_comps, conf_comp_to_json (comp)); } xjson_AddItemToObject (result, "components", j_comps); leave: gpgme_conf_release (conf); release_context (ctx); return err; } static const char hlp_createkey[] = "op: \"createkey\"\n" "userid: The user id. E.g. \"Foo Bar \"\n" "\n" "Optional parameters:\n" "algo: Algo of the key as string. See doc for gpg --quick-gen-key.\n" " Supported values are \"default\" and \"future-default\".\n" "expires: Seconds from now to expiry as Number. 0 means no expiry.\n" " The default is to use a standard expiration interval.\n" "\n" "Response on success:\n" "fingerprint: The fingerprint of the created key.\n" "\n" "Note: This interface does not allow key generation if the userid\n" "of the new key already exists in the keyring.\n"; static gpg_error_t op_createkey (cjson_t request, cjson_t result) { gpg_error_t err; gpgme_ctx_t ctx = NULL; unsigned int flags = GPGME_CREATE_FORCE; /* Always force as the GUI should handle checks, if required. */ unsigned long expires = 0; cjson_t j_tmp; const char *algo = "default"; const char *userid; gpgme_genkey_result_t res; #ifdef GPG_AGENT_ALLOWS_KEYGEN_THROUGH_BROWSER /* GnuPG forbids keygen through the browser socket so for this we create an unrestricted context. See GnuPG-Bug-Id: T4010 for more info */ ctx = get_context (GPGME_PROTOCOL_OpenPGP); #else err = gpgme_new (&ctx); if (err) log_fatal ("error creating GPGME context: %s\n", gpg_strerror (err)); gpgme_set_protocol (ctx, GPGME_PROTOCOL_OpenPGP); #endif j_tmp = cJSON_GetObjectItem (request, "algo"); if (j_tmp && cjson_is_string (j_tmp)) { algo = j_tmp->valuestring; } j_tmp = cJSON_GetObjectItem (request, "userid"); if (!j_tmp || !cjson_is_string (j_tmp)) { err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } userid = j_tmp->valuestring; j_tmp = cJSON_GetObjectItem (request, "expires"); if (j_tmp) { if (!cjson_is_number (j_tmp)) { err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } expires = j_tmp->valueint; if (!expires) flags |= GPGME_CREATE_NOEXPIRE; } if ((err = gpgme_op_createkey (ctx, userid, algo, 0, expires, NULL, flags))) goto leave; res = gpgme_op_genkey_result (ctx); if (!res) { err = gpg_error (GPG_ERR_GENERAL); goto leave; } xjson_AddStringToObject0 (result, "fingerprint", res->fpr); leave: #ifdef GPG_AGENT_ALLOWS_KEYGEN_THROUGH_BROWSER release_context (ctx); #else gpgme_release (ctx); #endif return err; } + +static const char * +data_type_to_string (gpgme_data_type_t dt) +{ + const char *s = "[?]"; + + switch (dt) + { + case GPGME_DATA_TYPE_INVALID : s = "invalid"; break; + case GPGME_DATA_TYPE_UNKNOWN : s = "unknown"; break; + case GPGME_DATA_TYPE_PGP_SIGNED : s = "PGP-signed"; break; + case GPGME_DATA_TYPE_PGP_SIGNATURE: s = "PGP-signature"; break; + case GPGME_DATA_TYPE_PGP_ENCRYPTED: s = "PGP-encrypted"; break; + case GPGME_DATA_TYPE_PGP_OTHER : s = "PGP"; break; + case GPGME_DATA_TYPE_PGP_KEY : s = "PGP-key"; break; + case GPGME_DATA_TYPE_CMS_SIGNED : s = "CMS-signed"; break; + case GPGME_DATA_TYPE_CMS_ENCRYPTED: s = "CMS-encrypted"; break; + case GPGME_DATA_TYPE_CMS_OTHER : s = "CMS"; break; + case GPGME_DATA_TYPE_X509_CERT : s = "X.509"; break; + case GPGME_DATA_TYPE_PKCS12 : s = "PKCS12"; break; + } + return s; +} + + +static const char hlp_identify[] = + "op: \"identify\"\n" + "data: The data to identify.\n" + "\n" + "Optional boolean flags (default is false):\n" + "base64: Input data is base64 encoded.\n" + "\n" + "Response:\n" + "result: A string describing the object.\n"; +static gpg_error_t +op_identify (cjson_t request, cjson_t result) +{ + gpg_error_t err; + gpgme_data_t input = NULL; + gpgme_data_type_t dt; + + if ((err = get_string_data (request, result, "data", &input))) + goto leave; + + dt = gpgme_data_identify (input, 0); + xjson_AddStringToObject (result, "result", data_type_to_string (dt)); + + leave: + gpgme_data_release (input); + return err; +} + + static const char hlp_getmore[] = "op: \"getmore\"\n" "\n" "Response on success:\n" "response: base64 encoded json response.\n" "more: Another getmore is required.\n" "base64: boolean if the response is base64 encoded.\n"; static gpg_error_t op_getmore (cjson_t request, cjson_t result) { gpg_error_t err; int c; size_t n; size_t chunksize; if ((err = get_chunksize (request, &chunksize))) goto leave; /* For the meta data we need 41 bytes: {"more":true,"base64":true,"response":""} */ chunksize -= 41; /* Adjust the chunksize for the base64 conversion. */ chunksize = (chunksize / 4) * 3; /* Do we have anything pending? */ if (!pending_data.buffer) { err = gpg_error (GPG_ERR_NO_DATA); gpg_error_object (result, err, "Operation not possible: %s", gpg_strerror (err)); goto leave; } /* We currently always use base64 encoding for simplicity. */ xjson_AddBoolToObject (result, "base64", 1); if (pending_data.written >= pending_data.length) { /* EOF reached. This should not happen but we return an empty * string once in case of client errors. */ gpgme_free (pending_data.buffer); pending_data.buffer = NULL; xjson_AddBoolToObject (result, "more", 0); err = cjson_AddStringToObject (result, "response", ""); } else { n = pending_data.length - pending_data.written; if (n > chunksize) { n = chunksize; xjson_AddBoolToObject (result, "more", 1); } else xjson_AddBoolToObject (result, "more", 0); c = pending_data.buffer[pending_data.written + n]; pending_data.buffer[pending_data.written + n] = 0; err = add_base64_to_object (result, "response", (pending_data.buffer + pending_data.written), n); pending_data.buffer[pending_data.written + n] = c; if (!err) { pending_data.written += n; if (pending_data.written >= pending_data.length) { xfree (pending_data.buffer); pending_data.buffer = NULL; } } } leave: return err; } static const char hlp_help[] = "The tool expects a JSON object with the request and responds with\n" "another JSON object. Even on error a JSON object is returned. The\n" "property \"op\" is mandatory and its string value selects the\n" "operation; if the property \"help\" with the value \"true\" exists, the\n" "operation is not performned but a string with the documentation\n" "returned. To list all operations it is allowed to leave out \"op\" in\n" "help mode. Supported values for \"op\" are:\n\n" " config Read configuration values.\n" " config_opt Read a single configuration value.\n" " decrypt Decrypt data.\n" " delete Delete a key.\n" " encrypt Encrypt data.\n" " export Export keys.\n" " createkey Generate a keypair (OpenPGP only).\n" " import Import data.\n" " keylist List keys.\n" " sign Sign data.\n" " verify Verify data.\n" + " identify Identify the type of the data\n" " version Get engine information.\n" " getmore Retrieve remaining data if chunksize was used.\n" " help Help overview.\n" "\n" "If the data needs to be transferred in smaller chunks the\n" "property \"chunksize\" with an integer value can be added.\n" "When \"chunksize\" is set the response (including json) will\n" "not be larger then \"chunksize\" but might be smaller.\n" "The chunked result will be transferred in base64 encoded chunks\n" "using the \"getmore\" operation. See help getmore for more info."; static gpg_error_t op_help (cjson_t request, cjson_t result) { cjson_t j_tmp; char *buffer = NULL; const char *msg; j_tmp = cJSON_GetObjectItem (request, "interactive_help"); if (opt_interactive && j_tmp && cjson_is_string (j_tmp)) msg = buffer = xstrconcat (hlp_help, "\n", j_tmp->valuestring, NULL); else msg = hlp_help; xjson_AddStringToObject (result, "type", "help"); xjson_AddStringToObject (result, "msg", msg); xfree (buffer); return 0; } /* * Dispatcher */ /* Process a request and return the response. The response is a newly * allocated string or NULL in case of an error. */ static char * process_request (const char *request) { static struct { const char *op; gpg_error_t (*handler)(cjson_t request, cjson_t result); const char * const helpstr; } optbl[] = { { "config", op_config, hlp_config }, { "config_opt", op_config_opt, hlp_config_opt }, { "encrypt", op_encrypt, hlp_encrypt }, { "export", op_export, hlp_export }, { "decrypt", op_decrypt, hlp_decrypt }, { "delete", op_delete, hlp_delete }, { "createkey", op_createkey, hlp_createkey }, { "keylist", op_keylist, hlp_keylist }, { "import", op_import, hlp_import }, + { "identify", op_identify, hlp_identify }, { "sign", op_sign, hlp_sign }, { "verify", op_verify, hlp_verify }, { "version", op_version, hlp_version }, { "getmore", op_getmore, hlp_getmore }, { "help", op_help, hlp_help }, { NULL } }; size_t erroff; cjson_t json; cjson_t j_tmp, j_op; cjson_t response; int helpmode; int is_getmore = 0; const char *op; char *res = NULL; int idx; response = xjson_CreateObject (); json = cJSON_Parse (request, &erroff); if (!json) { log_string (GPGRT_LOGLVL_INFO, request); log_info ("invalid JSON object at offset %zu\n", erroff); error_object (response, "invalid JSON object at offset %zu\n", erroff); goto leave; } j_tmp = cJSON_GetObjectItem (json, "help"); helpmode = (j_tmp && cjson_is_true (j_tmp)); j_op = cJSON_GetObjectItem (json, "op"); if (!j_op || !cjson_is_string (j_op)) { if (!helpmode) { error_object (response, "Property \"op\" missing"); goto leave; } op = "help"; /* Help summary. */ } else op = j_op->valuestring; for (idx=0; optbl[idx].op; idx++) if (!strcmp (op, optbl[idx].op)) break; if (optbl[idx].op) { if (helpmode && strcmp (op, "help")) { xjson_AddStringToObject (response, "type", "help"); xjson_AddStringToObject (response, "op", op); xjson_AddStringToObject (response, "msg", optbl[idx].helpstr); } else { gpg_error_t err; is_getmore = optbl[idx].handler == op_getmore; /* If this is not the "getmore" command and we have any * pending data release that data. */ if (pending_data.buffer && optbl[idx].handler != op_getmore) { gpgme_free (pending_data.buffer); pending_data.buffer = NULL; } err = optbl[idx].handler (json, response); if (err) { if (!(j_tmp = cJSON_GetObjectItem (response, "type")) || !cjson_is_string (j_tmp) || strcmp (j_tmp->valuestring, "error")) { /* No error type response - provide a generic one. */ gpg_error_object (response, err, "Operation failed: %s", gpg_strerror (err)); } xjson_AddStringToObject (response, "op", op); } } } else /* Operation not supported. */ { error_object (response, "Unknown operation '%s'", op); xjson_AddStringToObject (response, "op", op); } leave: if (is_getmore) { /* For getmore we bypass the encode_and_chunk. */ if (opt_interactive) res = cJSON_Print (response); else res = cJSON_PrintUnformatted (response); } else res = encode_and_chunk (json, response); if (!res) { cjson_t err_obj; log_error ("printing JSON data failed\n"); err_obj = error_object (NULL, "Printing JSON data failed"); if (opt_interactive) res = cJSON_Print (err_obj); res = cJSON_PrintUnformatted (err_obj); cJSON_Delete (err_obj); } cJSON_Delete (json); cJSON_Delete (response); if (!res) { /* Can't happen unless we created a broken error_object above */ return xtrystrdup ("Bug: Fatal error in process request\n"); } return res; } /* * Driver code */ static char * get_file (const char *fname) { gpg_error_t err; estream_t fp; struct stat st; char *buf; size_t buflen; fp = es_fopen (fname, "r"); if (!fp) { err = gpg_error_from_syserror (); log_error ("can't open '%s': %s\n", fname, gpg_strerror (err)); return NULL; } if (fstat (es_fileno(fp), &st)) { err = gpg_error_from_syserror (); log_error ("can't stat '%s': %s\n", fname, gpg_strerror (err)); es_fclose (fp); return NULL; } buflen = st.st_size; buf = xmalloc (buflen+1); if (es_fread (buf, buflen, 1, fp) != 1) { err = gpg_error_from_syserror (); log_error ("error reading '%s': %s\n", fname, gpg_strerror (err)); es_fclose (fp); xfree (buf); return NULL; } buf[buflen] = 0; es_fclose (fp); return buf; } /* Return a malloced line or NULL on EOF. Terminate on read * error. */ static char * get_line (void) { char *line = NULL; size_t linesize = 0; gpg_error_t err; size_t maxlength = 2048; int n; const char *s; char *p; again: n = es_read_line (es_stdin, &line, &linesize, &maxlength); if (n < 0) { err = gpg_error_from_syserror (); log_error ("error reading line: %s\n", gpg_strerror (err)); exit (1); } if (!n) { xfree (line); line = NULL; return NULL; /* EOF */ } if (!maxlength) { log_info ("line too long - skipped\n"); goto again; } if (memchr (line, 0, n)) log_info ("warning: line shortened due to embedded Nul character\n"); if (line[n-1] == '\n') line[n-1] = 0; /* Trim leading spaces. */ for (s=line; spacep (s); s++) ; if (s != line) { for (p=line; *s;) *p++ = *s++; *p = 0; n = p - line; } return line; } /* Process meta commands used with the standard REPL. */ static char * process_meta_commands (const char *request) { char *result = NULL; while (spacep (request)) request++; if (!strncmp (request, "help", 4) && (spacep (request+4) || !request[4])) { if (request[4]) { char *buf = xstrconcat ("{ \"help\":true, \"op\":\"", request+5, "\" }", NULL); result = process_request (buf); xfree (buf); } else result = process_request ("{ \"op\": \"help\"," " \"interactive_help\": " "\"\\nMeta commands:\\n" " ,read FNAME Process data from FILE\\n" " ,help CMD Print help for a command\\n" " ,quit Terminate process\"" "}"); } else if (!strncmp (request, "quit", 4) && (spacep (request+4) || !request[4])) exit (0); else if (!strncmp (request, "read", 4) && (spacep (request+4) || !request[4])) { if (!request[4]) log_info ("usage: ,read FILENAME\n"); else { char *buffer = get_file (request + 5); if (buffer) { result = process_request (buffer); xfree (buffer); } } } else log_info ("invalid meta command\n"); return result; } /* If STRING has a help response, return the MSG property in a human * readable format. */ static char * get_help_msg (const char *string) { cjson_t json, j_type, j_msg; const char *msg; char *buffer = NULL; char *p; json = cJSON_Parse (string, NULL); if (json) { j_type = cJSON_GetObjectItem (json, "type"); if (j_type && cjson_is_string (j_type) && !strcmp (j_type->valuestring, "help")) { j_msg = cJSON_GetObjectItem (json, "msg"); if (j_msg || cjson_is_string (j_msg)) { msg = j_msg->valuestring; buffer = malloc (strlen (msg)+1); if (buffer) { for (p=buffer; *msg; msg++) { if (*msg == '\\' && msg[1] == '\n') *p++ = '\n'; else *p++ = *msg; } *p = 0; } } } cJSON_Delete (json); } return buffer; } /* An interactive standard REPL. */ static void interactive_repl (void) { char *line = NULL; char *request = NULL; char *response = NULL; char *p; int first; es_setvbuf (es_stdin, NULL, _IONBF, 0); es_fprintf (es_stderr, "%s %s ready (enter \",help\" for help)\n", gpgrt_strusage (11), gpgrt_strusage (13)); do { es_fputs ("> ", es_stderr); es_fflush (es_stderr); es_fflush (es_stdout); xfree (line); line = get_line (); es_fflush (es_stderr); es_fflush (es_stdout); first = !request; if (line && *line) { if (!request) request = xstrdup (line); else { char *tmp = xstrconcat (request, "\n", line, NULL); xfree (request); request = tmp; } } if (!line) es_fputs ("\n", es_stderr); if (!line || !*line || (first && *request == ',')) { /* Process the input. */ xfree (response); response = NULL; if (request && *request == ',') { response = process_meta_commands (request+1); } else if (request) { response = process_request (request); } xfree (request); request = NULL; if (response) { if (opt_interactive) { char *msg = get_help_msg (response); if (msg) { xfree (response); response = msg; } } es_fputs ("===> ", es_stderr); es_fflush (es_stderr); for (p=response; *p; p++) { if (*p == '\n') { es_fflush (es_stdout); es_fputs ("\n===> ", es_stderr); es_fflush (es_stderr); } else es_putc (*p, es_stdout); } es_fflush (es_stdout); es_fputs ("\n", es_stderr); } } } while (line); xfree (request); xfree (response); xfree (line); } /* Read and process a single request. */ static void read_and_process_single_request (void) { char *line = NULL; char *request = NULL; char *response = NULL; size_t n; for (;;) { xfree (line); line = get_line (); if (line && *line) request = (request? xstrconcat (request, "\n", line, NULL) /**/ : xstrdup (line)); if (!line) { if (request) { xfree (response); response = process_request (request); if (response) { es_fputs (response, es_stdout); if ((n = strlen (response)) && response[n-1] != '\n') es_fputc ('\n', es_stdout); } es_fflush (es_stdout); } break; } } xfree (response); xfree (request); xfree (line); } /* The Native Messaging processing loop. */ static void native_messaging_repl (void) { gpg_error_t err; uint32_t nrequest, nresponse; char *request = NULL; char *response = NULL; size_t n; /* Due to the length octets we need to switch the I/O stream into * binary mode. */ es_set_binary (es_stdin); es_set_binary (es_stdout); es_setbuf (es_stdin, NULL); /* stdin needs to be unbuffered! */ for (;;) { /* Read length. Note that the protocol uses native endianness. * Is it allowed to call such a thing a well thought out * protocol? */ if (es_read (es_stdin, &nrequest, sizeof nrequest, &n)) { err = gpg_error_from_syserror (); log_error ("error reading request header: %s\n", gpg_strerror (err)); break; } if (!n) break; /* EOF */ if (n != sizeof nrequest) { log_error ("error reading request header: short read\n"); break; } if (nrequest > MAX_REQUEST_SIZE) { log_error ("error reading request: request too long (%zu MiB)\n", (size_t)nrequest / (1024*1024)); /* Fixme: Shall we read the request to the bit bucket and * return an error response or just return an error response * and terminate? Needs some testing. */ break; } /* Read request. */ request = xtrymalloc (nrequest + 1); if (!request) { err = gpg_error_from_syserror (); log_error ("error reading request: Not enough memory for %zu MiB)\n", (size_t)nrequest / (1024*1024)); /* FIXME: See comment above. */ break; } if (es_read (es_stdin, request, nrequest, &n)) { err = gpg_error_from_syserror (); log_error ("error reading request: %s\n", gpg_strerror (err)); break; } if (n != nrequest) { /* That is a protocol violation. */ xfree (response); response = error_object_string ("Invalid request:" " short read (%zu of %zu bytes)\n", n, (size_t)nrequest); } else /* Process request */ { request[n] = '\0'; /* Ensure that request has an end */ if (opt_debug) log_debug ("request='%s'\n", request); xfree (response); response = process_request (request); if (opt_debug) log_debug ("response='%s'\n", response); } nresponse = strlen (response); /* Write response */ if (es_write (es_stdout, &nresponse, sizeof nresponse, &n)) { err = gpg_error_from_syserror (); log_error ("error writing request header: %s\n", gpg_strerror (err)); break; } if (n != sizeof nresponse) { log_error ("error writing request header: short write\n"); break; } if (es_write (es_stdout, response, nresponse, &n)) { err = gpg_error_from_syserror (); log_error ("error writing request: %s\n", gpg_strerror (err)); break; } if (n != nresponse) { log_error ("error writing request: short write\n"); break; } if (es_fflush (es_stdout) || es_ferror (es_stdout)) { err = gpg_error_from_syserror (); log_error ("error writing request: %s\n", gpg_strerror (err)); break; } xfree (response); response = NULL; xfree (request); request = NULL; } xfree (response); xfree (request); } +/* Run the --identify command. */ +static gpg_error_t +cmd_identify (const char *fname) +{ + gpg_error_t err; + estream_t fp; + gpgme_data_t data; + gpgme_data_type_t dt; + + if (fname) + { + fp = es_fopen (fname, "rb"); + if (!fp) + { + err = gpg_error_from_syserror (); + log_error ("can't open '%s': %s\n", fname, gpg_strerror (err)); + return err; + } + err = gpgme_data_new_from_estream (&data, fp); + } + else + { + char *buffer; + int n; + + fp = NULL; + es_set_binary (es_stdin); + + /* Urgs: gpgme_data_identify does a seek and that fails for stdin. */ + buffer = xmalloc (2048+1); + n = es_fread (buffer, 1, 2048, es_stdin); + if (n < 0 || es_ferror (es_stdin)) + { + err = gpg_error_from_syserror (); + log_error ("error reading '%s': %s\n", "[stdin]", gpg_strerror (err)); + xfree (buffer); + return err; + } + buffer[n] = 0; + err = gpgme_data_new_from_mem (&data, buffer, n, 1); + xfree (buffer); + } + + if (err) + { + log_error ("error creating data object: %s\n", gpg_strerror (err)); + return err; + } + + dt = gpgme_data_identify (data, 0); + if (dt == GPGME_DATA_TYPE_INVALID) + log_error ("error identifying data\n"); + printf ("%s\n", data_type_to_string (dt)); + gpgme_data_release (data); + es_fclose (fp); + return 0; +} + static const char * my_strusage( int level ) { const char *p; switch (level) { case 9: p = "LGPL-2.1-or-later"; break; case 11: p = "gpgme-json"; break; case 13: p = PACKAGE_VERSION; break; case 14: p = "Copyright (C) 2018 g10 Code GmbH"; break; case 19: p = "Please report bugs to <" PACKAGE_BUGREPORT ">.\n"; break; case 1: case 40: p = "Usage: gpgme-json [OPTIONS]"; break; case 41: p = "Native messaging based GPGME operations.\n"; break; case 42: p = "1"; /* Flag print 40 as part of 41. */ break; default: p = NULL; break; } return p; } int main (int argc, char *argv[]) { enum { CMD_DEFAULT = 0, CMD_INTERACTIVE = 'i', CMD_SINGLE = 's', CMD_LIBVERSION = 501, + CMD_IDENTIFY } cmd = CMD_DEFAULT; enum { OPT_DEBUG = 600 }; static gpgrt_opt_t opts[] = { ARGPARSE_c (CMD_INTERACTIVE, "interactive", "Interactive REPL"), ARGPARSE_c (CMD_SINGLE, "single", "Single request mode"), + ARGPARSE_c (CMD_IDENTIFY, "identify", "Identify the input"), ARGPARSE_c (CMD_LIBVERSION, "lib-version", "Show library version"), ARGPARSE_s_n(OPT_DEBUG, "debug", "Flyswatter"), ARGPARSE_end() }; gpgrt_argparse_t pargs = { &argc, &argv}; - int log_file_set = 0; gpgrt_set_strusage (my_strusage); #ifdef HAVE_SETLOCALE setlocale (LC_ALL, ""); #endif gpgme_check_version (NULL); #ifdef LC_CTYPE gpgme_set_locale (NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL)); #endif #ifdef LC_MESSAGES gpgme_set_locale (NULL, LC_MESSAGES, setlocale (LC_MESSAGES, NULL)); #endif while (gpgrt_argparse (NULL, &pargs, opts)) { switch (pargs.r_opt) { case CMD_INTERACTIVE: opt_interactive = 1; /*FALLTHROUGH*/ case CMD_SINGLE: + case CMD_IDENTIFY: case CMD_LIBVERSION: cmd = pargs.r_opt; break; case OPT_DEBUG: opt_debug = 1; break; default: pargs.err = ARGPARSE_PRINT_WARNING; break; } } gpgrt_argparse (NULL, &pargs, NULL); if (!opt_debug) { /* Handling is similar to GPGME_DEBUG */ const char *s = getenv ("GPGME_JSON_DEBUG"); const char *s1; if (s && atoi (s) > 0) { opt_debug = 1; s1 = strchr (s, PATHSEP_C); if (s1 && strlen (s1) > 2) { s1++; log_set_file (s1); log_file_set = 1; } } } if (opt_debug && !log_file_set) { const char *home = getenv ("HOME"); char *file = xstrconcat ("socket://", home? home:"/tmp", "/.gnupg/S.gpgme-json.log", NULL); log_set_file (file); xfree (file); } if (opt_debug) { int i; for (i=0; argv[i]; i++) log_debug ("argv[%d]='%s'\n", i, argv[i]); } switch (cmd) { case CMD_DEFAULT: native_messaging_repl (); break; case CMD_SINGLE: read_and_process_single_request (); break; case CMD_INTERACTIVE: interactive_repl (); break; + case CMD_IDENTIFY: + if (argc > 1) + { + log_error ("usage: %s --identify [filename|-]\n", + gpgrt_strusage (11)); + exit (1); + } + cmd_identify (argc && strcmp (*argv, "-")? *argv : NULL); + break; + case CMD_LIBVERSION: printf ("Version from header: %s (0x%06x)\n", GPGME_VERSION, GPGME_VERSION_NUMBER); printf ("Version from binary: %s\n", gpgme_check_version (NULL)); printf ("Copyright blurb ...:%s\n", gpgme_check_version ("\x01\x01")); break; } if (opt_debug) log_debug ("ready"); return 0; }