From 0fcf3ee915a1c90bd7471ec371924a1ff7a5fcdd Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 6 Aug 2009 17:17:18 +0000 Subject: [PATCH] Fix detection of invalid signer keys. Support the new INV_SGNR status code. --- NEWS | 6 ++ doc/ChangeLog | 5 ++ doc/gpgme.texi | 2 +- doc/uiserver.texi | 11 ++- src/ChangeLog | 13 ++++ src/engine-gpgsm.c | 5 +- src/gpgme.h.in | 4 +- src/op-support.c | 8 +- src/sign.c | 27 ++++++- tests/ChangeLog | 4 + tests/Makefile.am | 2 +- tests/gpg/t-sign.c | 11 +++ tests/run-sign.c | 187 +++++++++++++++++++++++++++++++++++++++++++++ 13 files changed, 271 insertions(+), 14 deletions(-) create mode 100644 tests/run-sign.c diff --git a/NEWS b/NEWS index ef5654d..0fc99f5 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,12 @@ Noteworthy changes in version 1.2.1 (unreleased) * (none yet) + * Interface changes relative to the 1.1.7 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + GPGME_STATUS_INV_SGNR NEW. + GPGME_STATUS_NO_SGNR NEW. + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + Noteworthy changes in version 1.2.0 (2009-06-18) ------------------------------------------------ diff --git a/doc/ChangeLog b/doc/ChangeLog index 5772e68..34f30bd 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,8 @@ +2009-07-21 Werner Koch + + * uiserver.texi (UI Server Encrypt): Add --expect-sign option to + PREP_ENCRYPT. + 2009-06-16 Marcus Brinkmann * gpgme.texi (Result Management): New section. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index a0bc20e..3b1c10f 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -4777,7 +4777,7 @@ of a @code{gpgme_op_sign} operation. The pointer is only valid if the last operation on the context was a @code{gpgme_op_sign}, @code{gpgme_op_sign_start}, @code{gpgme_op_encrypt_sign} or @code{gpgme_op_encrypt_sign_start} operation. If that operation -failed, the function might return a @code{NULL} pointer, The returned +failed, the function might return a @code{NULL} pointer. The returned pointer is only valid until the next operation is started on the context. @end deftypefun diff --git a/doc/uiserver.texi b/doc/uiserver.texi index 7c0a1e9..c6da5ad 100644 --- a/doc/uiserver.texi +++ b/doc/uiserver.texi @@ -118,7 +118,7 @@ Use the CMS (PKCS#7) protocol (RFC-3852). To support automagically selection of the protocol depending on the selected keys, the server MAY implement the command: -@deffn Command PREP_ENCRYPT [-@w{}-protocol=@var{name}] +@deffn Command PREP_ENCRYPT [-@w{}-protocol=@var{name}] [-@w{}-expect-sign] This commands considers all recipients set so far and decides whether it is able to take input and start the actual decryption. This is kind of @@ -129,8 +129,15 @@ command is send. The @option{--protocol} option is optional; if it is not given, the server should allow the user to select the protocol to be used based on the recipients given or by any other means. +If @option{--expect-sign} is given the server should expect that the +message will also be signed and use this hint to present a unified +recipient and signer selection dialog if possible and desired. A +selected signer should then be cached for the expected SIGN command +(which is expected in the same session but possible on another +connection). + If this command is given again before a successful @command{ENCRYPT} -command, the second one takes effect. +command, the second one takes effect. Before sending the OK response the server shall tell the client the protocol to be used (either the one given by the argument or the one diff --git a/src/ChangeLog b/src/ChangeLog index feebbdc..3301949 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,16 @@ +2009-08-06 Werner Koch + + * op-support.c (_gpgme_parse_inv_recp): Allow for no fingerprint. + + * engine-gpgsm.c (gpgsm_sign): Hook up the status func for the + SIGNER command. + * gpgme.h.in (GPGME_STATUS_INV_SGNR, GPGME_STATUS_NO_SGNR): New. + * sign.c (op_data_t): Add fields IGNORE_INV_RECP and INV_SGNR_SEEN. + (_gpgme_op_sign_init_result): Factor code out to ... + (sign_init_result): .. new. Init new fields. + (sign_start): Use sign_init_result. + (_gpgme_sign_status_handler): Take care of the new INV_SGNR. + 2009-07-07 Werner Koch * engine-gpgsm.c (struct engine_gpgsm): Add fields diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 4067b99..647fd93 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -1870,7 +1870,7 @@ gpgsm_sign (void *engine, gpgme_data_t in, gpgme_data_t out, if (asprintf (&assuan_cmd, "OPTION include-certs %i", include_certs) < 0) return gpg_error_from_errno (errno); err = gpgsm_assuan_simple_command (gpgsm->assuan_ctx, assuan_cmd, - NULL, NULL); + NULL, NULL); free (assuan_cmd); if (err) return err; @@ -1885,7 +1885,8 @@ gpgsm_sign (void *engine, gpgme_data_t in, gpgme_data_t out, strcpy (stpcpy (buf, "SIGNER "), s); err = gpgsm_assuan_simple_command (gpgsm->assuan_ctx, buf, - NULL, NULL); + gpgsm->status.fnc, + gpgsm->status.fnc_value); } else err = gpg_error (GPG_ERR_INV_VALUE); diff --git a/src/gpgme.h.in b/src/gpgme.h.in index b9f76f5..0b42798 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -485,7 +485,9 @@ typedef enum GPGME_STATUS_PKA_TRUST_BAD = 79, GPGME_STATUS_PKA_TRUST_GOOD = 80, - GPGME_STATUS_PLAINTEXT = 81 + GPGME_STATUS_PLAINTEXT = 81, + GPGME_STATUS_INV_SGNR = 82, + GPGME_STATUS_NO_SGNR = 83 } gpgme_status_code_t; diff --git a/src/op-support.c b/src/op-support.c index c3ba778..90e1283 100644 --- a/src/op-support.c +++ b/src/op-support.c @@ -162,8 +162,8 @@ _gpgme_op_reset (gpgme_ctx_t ctx, int type) } -/* Parse the INV_RECP status line in ARGS and return the result in - KEY. */ +/* Parse the INV_RECP or INV-SNDR status line in ARGS and return the + result in KEY. */ gpgme_error_t _gpgme_parse_inv_recp (char *args, gpgme_invalid_key_t *key) { @@ -177,7 +177,7 @@ _gpgme_parse_inv_recp (char *args, gpgme_invalid_key_t *key) inv_key->next = NULL; errno = 0; reason = strtol (args, &tail, 0); - if (errno || args == tail || *tail != ' ') + if (errno || args == tail || (*tail && *tail != ' ')) { /* The crypto backend does not behave. */ free (inv_key); @@ -236,7 +236,7 @@ _gpgme_parse_inv_recp (char *args, gpgme_invalid_key_t *key) break; } - while (*tail == ' ') + while (*tail && *tail == ' ') tail++; if (*tail) { diff --git a/src/sign.c b/src/sign.c index 03007bd..1d3716f 100644 --- a/src/sign.c +++ b/src/sign.c @@ -46,6 +46,10 @@ typedef struct /* Likewise for signature information. */ gpgme_new_signature_t *last_sig_p; + + /* Flags used while processing the status lines. */ + unsigned int ignore_inv_recp:1; + unsigned int inv_sgnr_seen:1; } *op_data_t; @@ -266,6 +270,12 @@ _gpgme_sign_status_handler (void *priv, gpgme_status_code_t code, char *args) break; case GPGME_STATUS_INV_RECP: + if (opd->inv_sgnr_seen && opd->ignore_inv_recp) + break; + /* FALLTROUGH */ + case GPGME_STATUS_INV_SGNR: + if (code == GPGME_STATUS_INV_SGNR) + opd->inv_sgnr_seen = 1; err = _gpgme_parse_inv_recp (args, opd->last_signer_p); if (err) return err; @@ -297,8 +307,8 @@ sign_status_handler (void *priv, gpgme_status_code_t code, char *args) } -gpgme_error_t -_gpgme_op_sign_init_result (gpgme_ctx_t ctx) +static gpgme_error_t +sign_init_result (gpgme_ctx_t ctx, int ignore_inv_recp) { gpgme_error_t err; void *hook; @@ -311,9 +321,17 @@ _gpgme_op_sign_init_result (gpgme_ctx_t ctx) return err; opd->last_signer_p = &opd->result.invalid_signers; opd->last_sig_p = &opd->result.signatures; + opd->ignore_inv_recp = !!ignore_inv_recp; + opd->inv_sgnr_seen = 0; return 0; } +gpgme_error_t +_gpgme_op_sign_init_result (gpgme_ctx_t ctx) +{ + return sign_init_result (ctx, 0); +} + static gpgme_error_t sign_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t plain, @@ -325,7 +343,10 @@ sign_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t plain, if (err) return err; - err = _gpgme_op_sign_init_result (ctx); + /* If we are using the CMS protocol, we ignore the INV_RECP status + code if a newer GPGSM is in use. GPGMS does not support combined + sign+encrypt and thus this can't harm. */ + err = sign_init_result (ctx, (ctx->protocol == GPGME_PROTOCOL_CMS)); if (err) return err; diff --git a/tests/ChangeLog b/tests/ChangeLog index 926771a..e6b53d7 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,7 @@ +2009-08-06 Werner Koch + + * run-sign.c: New. + 2009-07-07 Werner Koch * run-keylist.c (main): Add options --cms and --openpgp. diff --git a/tests/Makefile.am b/tests/Makefile.am index 81d7e54..3e7b414 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -32,7 +32,7 @@ LDADD = ../src/libgpgme.la @GPG_ERROR_LIBS@ noinst_HEADERS = run-support.h -noinst_PROGRAMS = $(TESTS) run-keylist run-export run-import +noinst_PROGRAMS = $(TESTS) run-keylist run-export run-import run-sign if RUN_GPG_TESTS diff --git a/tests/gpg/t-sign.c b/tests/gpg/t-sign.c index 3b71dc4..bdd3323 100644 --- a/tests/gpg/t-sign.c +++ b/tests/gpg/t-sign.c @@ -102,6 +102,17 @@ main (int argc, char **argv) gpgme_set_textmode (ctx, 1); gpgme_set_armor (ctx, 1); + +#if 0 + { + gpgme_key_t akey; + err = gpgme_get_key (ctx, "0x68697734", &akey, 0); + fail_if_err (err); + err = gpgme_signers_add (ctx, akey); + fail_if_err (err); + gpgme_key_unref (akey); + } +#endif err = gpgme_data_new_from_mem (&in, "Hallo Leute\n", 12, 0); fail_if_err (err); diff --git a/tests/run-sign.c b/tests/run-sign.c new file mode 100644 index 0000000..7c3d51d --- /dev/null +++ b/tests/run-sign.c @@ -0,0 +1,187 @@ +/* run-sign.c - Helper to perform a sign operation + Copyright (C) 2009 g10 Code GmbH + + This file is part of GPGME. + + GPGME is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + GPGME is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see . +*/ + +/* We need to include config.h so that we know whether we are building + with large file system (LFS) support. */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include + +#define PGM "run-sign" + +#include "run-support.h" + + +static int verbose; + + +static void +print_result (gpgme_sign_result_t result, gpgme_sig_mode_t type) +{ + gpgme_invalid_key_t invkey; + gpgme_new_signature_t sig; + + for (invkey = result->invalid_signers; invkey; invkey = invkey->next) + printf ("Signing key `%s' not used: %s <%s>\n", + nonnull (invkey->fpr), + gpg_strerror (invkey->reason), gpg_strsource (invkey->reason)); + + for (sig = result->signatures; sig; sig = sig->next) + { + printf ("Key fingerprint: %s\n", nonnull (sig->fpr)); + printf ("Signature type : %d\n", sig->type); + printf ("Public key algo: %d\n", sig->pubkey_algo); + printf ("Hash algo .....: %d\n", sig->hash_algo); + printf ("Creation time .: %ld\n", sig->timestamp); + printf ("Sig class .....: 0x%u\n", sig->sig_class); + } +} + + + +static int +show_usage (int ex) +{ + fputs ("usage: " PGM " [options] FILE\n\n" + "Options:\n" + " --verbose run in verbose mode\n" + " --openpgp use the OpenPGP protocol (default)\n" + " --cms use the CMS protocol\n" + " --key NAME use key NAME for signing\n" + , stderr); + exit (ex); +} + + +int +main (int argc, char **argv) +{ + int last_argc = -1; + gpgme_error_t err; + gpgme_ctx_t ctx; + const char *key_string = NULL; + gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; + gpgme_sig_mode_t sigmode = GPGME_SIG_MODE_NORMAL; + gpgme_data_t in, out; + gpgme_sign_result_t result; + + if (argc) + { argc--; argv++; } + + while (argc && last_argc != argc ) + { + last_argc = argc; + if (!strcmp (*argv, "--")) + { + argc--; argv++; + break; + } + else if (!strcmp (*argv, "--help")) + show_usage (0); + else if (!strcmp (*argv, "--verbose")) + { + verbose = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--openpgp")) + { + protocol = GPGME_PROTOCOL_OpenPGP; + argc--; argv++; + } + else if (!strcmp (*argv, "--cms")) + { + protocol = GPGME_PROTOCOL_CMS; + argc--; argv++; + } + else if (!strcmp (*argv, "--key")) + { + argc--; argv++; + if (!argc) + show_usage (1); + key_string = *argv; + argc--; argv++; + } + else if (!strncmp (*argv, "--", 2)) + show_usage (1); + + } + + if (argc != 1) + show_usage (1); + + init_gpgme (protocol); + + err = gpgme_new (&ctx); + fail_if_err (err); + gpgme_set_protocol (ctx, protocol); + gpgme_set_armor (ctx, 1); + + if (key_string) + { + gpgme_key_t akey; + + err = gpgme_get_key (ctx, key_string, &akey, 1); + if (err) + { + fprintf (stderr, PGM ": error getting key `%s': %s\n", + key_string, gpg_strerror (err)); + exit (1); + } + err = gpgme_signers_add (ctx, akey); + fail_if_err (err); + gpgme_key_unref (akey); + } + + err = gpgme_data_new_from_file (&in, *argv, 1); + if (err) + { + fprintf (stderr, PGM ": error reading `%s': %s\n", + *argv, gpg_strerror (err)); + exit (1); + } + + err = gpgme_data_new (&out); + fail_if_err (err); + + err = gpgme_op_sign (ctx, in, out, sigmode); + result = gpgme_op_sign_result (ctx); + if (result) + print_result (result, sigmode); + if (err) + { + fprintf (stderr, PGM ": signing failed: %s\n", gpg_strerror (err)); + exit (1); + } + + fputs ("Begin Output:\n", stdout); + print_data (out); + fputs ("End Output.\n", stdout); + gpgme_data_release (out); + + gpgme_data_release (in); + + gpgme_release (ctx); + return 0; +} -- 2.26.2