From 18432f56be1e3cc0cf9472bdd8dc94fcf81fe24c Mon Sep 17 00:00:00 2001 From: Karl-Heinz Zimmer Date: Wed, 21 Nov 2001 09:42:08 +0000 Subject: [PATCH] GPGME Plug-In initial checkin. Saving/restoring of configuration is working. --- gpgmeplug/Makefile.am | 40 ++ gpgmeplug/cryptplug.h | 939 ++++++++++++++++++++++++++++++++++++++++ gpgmeplug/gpgmeplug.c | 511 ++++++++++++++++++++++ gpgmeplug/gpgmeplug.dox | 121 ++++++ 4 files changed, 1611 insertions(+) create mode 100644 gpgmeplug/Makefile.am create mode 100644 gpgmeplug/cryptplug.h create mode 100644 gpgmeplug/gpgmeplug.c create mode 100644 gpgmeplug/gpgmeplug.dox diff --git a/gpgmeplug/Makefile.am b/gpgmeplug/Makefile.am new file mode 100644 index 0000000..5db16cb --- /dev/null +++ b/gpgmeplug/Makefile.am @@ -0,0 +1,40 @@ +# $Id$ +# +# Makefile.am - Automake specification file for GPGMEPLUG. +# GPGMEPLUG is a GPGME based cryptography plug-in +# following the common CRYPTPLUG specification. +# +# Copyright (C) 2001 by Klar?lvdalens Datakonsult AB +# +# GPGMEPLUG is free software; you can redistribute it and/or modify +# it under the terms of GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# GPGMEPLUG is distributed in the hope that it will be useful, +# it under the terms of GNU General Public License as published by +# the Free Software Foundation; version 2 of the License +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA +# +## Process this file with automake to produce Makefile.in + + +INCLUDES = -I.. -I../gpgme -I$(top_srcdir)/include + +LDADD = ../gpgme/libgpgme.la + +BUILT_SOURCES = + +noinst_LIBRARIES = libgpgmeplug.a + + +#libgpgmeplug_a_LDFLAGS = +libgpgmeplug_a_SOURCES = gpgme.h \ + cryptplug.h \ + gpgmeplug.c + diff --git a/gpgmeplug/cryptplug.h b/gpgmeplug/cryptplug.h new file mode 100644 index 0000000..64de73e --- /dev/null +++ b/gpgmeplug/cryptplug.h @@ -0,0 +1,939 @@ +/* -*- Mode: C -*- + + $Id$ + + CRYPTPLUG - an independent cryptography plug-in API + + Copyright (C) 2001 by Klarälvdalens Datakonsult AB + + CRYPTPLUG is free software; you can redistribute it and/or modify + it under the terms of GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + CRYPTPLUG is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA +*/ + +#ifndef CRYPTPLUG_H +#define CRYPTPLUG_H + +#ifdef __cplusplus +extern "C" { +#else +typedef char bool; +#define true 1 +#define false 0 +#endif + +//#include +//#include +//#include + + +/*! \file cryptplug.h + \brief Common API header for CRYPTPLUG. + + CRYPTPLUG is an independent cryptography plug-in API + developed for Sphinx-enabeling KMail and Mutt. + + CRYPTPLUG was designed for the Aegypten project, but it may + be used by 3rd party developers as well to design pluggable + crypto backends for the above mentioned MUAs. + + \note All string parameters appearing in this API are to be + interpreted as UTF-8 encoded. + + \see pgpplugin.c + \see gpgplugin.c +*/ + +/*! \defgroup groupGeneral Loading and Unloading the Plugin, General Functionality + + The functions in this section are used for loading and + unloading plugins. Note that the actual locating of the plugin + and the loading and unloading of the dynamic library is not + covered here; this is MUA-specific code for which support code + might already exist in the programming environments. +*/ + +/*! \defgroup groupDisplay Graphical Display Functionality + + The functions in this section return stationery that the + MUAs can use in order to display security functionality + graphically. This can be toolbar icons, shortcuts, tooltips, + etc. Not all MUAs will use all this functionality. +*/ + +/*! \defgroup groupConfig Configuration Support + + The functions in this section provide the necessary + functionality to configure the security functionality as well + as to query configuration settings. Since all configuration + settings will not be saved with the plugin, but rather with + the MUA, there are also functions to set configuration + settings programmatically; these will be used on startup of + the plugin when the MUA transfers the configuration values it + has read into the plugin. Usually, the functions to query and + set the configuration values are not needed for anything but + saving to and restoring from configuration files. +*/ + + +/*! \defgroup groupConfigSign Signature Configuration + \ingroup groupConfig + + The functions in this section provide the functionality + to configure signature handling and set and query the + signature configuration. +*/ + +/*! \defgroup groupConfigCrypt Encryption Configuration + \ingroup groupConfig + + The functions in this section provide the functionality + to configure encryption handling and set and query the + encryption configuration. + + \note Whenever the term encryption is used here, + it is supposed to mean both encryption and decryption, + unless otherwise specified. +*/ + +/*! \defgroup groupConfigDir Directory Service Configuration + \ingroup groupConfig + + This section contains messages for configuring the + directory service. +*/ + + +/*! \defgroup groupCertHand Certificate Handling + + The following methods are used to maintain and query certificates. +*/ + +/*! \defgroup groupSignAct Signature Actions + + This section describes methods that are used for working + with signatures. +*/ + +/*! \defgroup groupCryptAct Encryption and Decryption + + The following methods are used to encrypt and decrypt + email messages. +*/ + +/*! \defgroup groupCertAct Certificate Handling Actions + + The functions in this section provide local certificate management. +*/ + +/*! \defgroup groupCRLAct CRL Handling Actions + + This section describes functions for managing CRLs. +*/ + + + + + +// dummy values: +typedef enum { + CryptPlugFeat_undef = 0, + + CryptPlugFeat_SignMessages = 1, + CryptPlugFeat_VerifySignatures = 2, + CryptPlugFeat_EncryptMessages = 3, + CryptPlugFeat_DecryptMessages = 4 // more to follow ... +} Feature; + +// dummy values +typedef enum { + PinRequest_undef = 0, + + PinRequest_Always = 1, + PinRequest_OncePerMail = 2, + PinRequest_OncePerSession = 3 // may be changed ... +} PinRequests; + +// dummy values: +typedef enum { + SendCert_undef = 0, + + SendCert_DontSend = 1, + SendCert_SendOwn = 2, + SendCert_SendChainWithoutRoot = 3, + SendCert_SendChainWithRoot = 4 +} SendCertificates; + +// dummy values: +typedef enum { + SignAlg_undef = 0, + + SignAlg_SHA1 = 1 +} SignatureAlgorithm; + + + +typedef enum { + EncryptAlg_undef = 0, + + EncryptAlg_RSA = 1, + EncryptAlg_SHA1 = 2, + EncryptAlg_TripleDES = 3 +} EncryptionAlgorithm; + +typedef enum { + SignEmail_undef = 0, + + SignEmail_SignAll = 1, + SignEmail_Ask = 2, + SignEmail_DontSign = 3 +} SignEmail; + +typedef enum { + EncryptEmail_undef = 0, + + EncryptEmail_EncryptAll = 1, + EncryptEmail_Ask = 2, + EncryptEmail_DontEncrypt = 3 +} EncryptEmail; + +typedef enum { + CertSrc_undef = 0, + + CertSrc_Server = 1, + CertSrc_Local = 2, + CertSrc_ServerLocal = CertSrc_Server | CertSrc_Local +} CertificateSource; + + + + + + +/*! \ingroup groupGeneral + \brief This function sets up all internal structures. + + Plugins that need no initialization should provide an empty + implementation. The method returns \c true if the initialization was + successful and \c false otherwise. Before this function is called, + no other plugin functions should be called; the behavior is + undefined in this case. + + \note This function must be implemented by each plug-in using + this API specification. +*/ +bool initialize( void ); + +/*! \ingroup groupGeneral + \brief This function frees all internal structures. + + Plugins that do not keep any internal structures should provide an + empty implementation. After this function has been called, + no other plugin functions should be called; the behavior is + undefined in this case. + + \note This function must be implemented by each plug-in using + this API specification. +*/ +void deinitialize( void ); + +/*! \ingroup groupGeneral + \brief This function returns \c true if the + specified feature is available in the plugin, and + \c false otherwise. + + Not all plugins will support all features; a complete Sphinx + implementation will support all features contained in the enum, + however. + + \note This function must be implemented by each plug-in using + this API specification. +*/ +bool hasFeature( Feature ); + + +/*! \ingroup groupDisplay + \brief Returns stationery to indicate unsafe emails. +*/ +void unsafeStationery( void** pixmap, const char** menutext, char* accel, + const char** tooltip, const char** statusbartext ); + +/*! \ingroup groupDisplay + \brief Returns stationery to indicate signed emails. +*/ +void signedStationery( void** pixmap, const char** menutext, char* accel, + const char** tooltip, const char** statusbartext ); + +/*! \ingroup groupDisplay + \brief Returns stationery to indicate encrypted emails. +*/ +void encryptedStationery( void** pixmap, const char** + menutext, char* accel, + const char** tooltip, const char** statusbartext ); + +/*! \ingroup groupDisplay + \brief Returns stationery to indicate signed and encrypted emails. +*/ +void signedEncryptedStationery( void** pixmap, const char** + menutext, char* accel, + const char** tooltip, const char** statusbartext ); + +/*! \ingroup groupConfigSign + \brief This function returns an XML representation of a + configuration dialog for configuring signature + handling. + + The syntax is that of .ui + files as specified in the Imhotep + documentation. This function does not execute or show the + dialog in any way; this is up to the MUA. Also, what the + MUA makes of the information provided highly depends on + the MUA itself. A GUI-based MUA will probably create a + dialog window (possibly integrated into an existing + configuration dialog in the application), while a + terminal-based MUA might generate a series of questions or + a terminal based menu selection. +*/ +const char* signatureConfigurationDialog( void ); + +/*! \ingroup groupConfigSign + \brief This function returns an XML representation of a + configuration dialog for selecting a signature key. + + This will typically be used when the user wants to select a + signature key for one specific message only; the defaults + are set in the dialog returned by + signatureConfigurationDialog(). +*/ +const char* signatureKeySelectionDialog( void ); + +/*! \ingroup groupConfigSign + \brief This function returns an XML representation of a + configuration dialog for selecting a signature + algorithm. + + This will typically be used when the user wants + to select a signature algorithm for one specific message only; the + defaults are set in the dialog returned by + signatureConfigurationDialog(). +*/ +const char* signatureAlgorithmDialog( void ); + +/*! \ingroup groupConfigSign + \brief This function returns an XML representation of a + configuration dialog for selecting whether an email + message and its attachments should be sent with or + without signatures. + + This will typically be used when the + user wants to select a signature key for one specific + message only; the defaults are set in the dialog returned + by signatureConfigurationDialog(). +*/ +const char* signatureHandlingDialog( void ); + +/*! \ingroup groupConfigSign + \brief Sets the signature key certificate that identifies the + role of the signer. +*/ +void setSignatureKeyCertificate( const char* certificate ); + +/*! \ingroup groupConfigSign + \brief Returns the signature key certificate that identifies + the role of the signer. +*/ +const char* signatureKeyCertificate( void ); + +/*! \ingroup groupConfigSign + \brief Sets the algorithm used for signing. +*/ +void setSignatureAlgorithm( SignatureAlgorithm ); + +/*! \ingroup groupConfigSign + \brief Returns the algorithm used for signing. +*/ +SignatureAlgorithm signatureAlgorithm( void ); + +/*! \ingroup groupConfigSign + \brief Sets which certificates should be sent with the + message. +*/ +void setSendCertificates( SendCertificates ); +/*! \ingroup groupConfigSign + \brief Returns which certificates should be sent with the + message. +*/ +SendCertificates sendCertificates( void ); + +/*! \ingroup groupConfigSign + \brief Specifies whether email should be automatically + signed, signed after confirmation, signed after + confirmation for each part or not signed at all. +*/ +void setSignEmail( SignEmail ); + +/*! \ingroup groupConfigSign + \brief Returns whether email should be automatically + signed, signed after confirmation, signed after + confirmation for each part or not signed at all. +*/ +SignEmail signEmail( void ); + +/*! \ingroup groupConfigSign + \brief Specifies whether sent email messages should be stored + with or without their signatures. +*/ +void setSaveSentSignatures( bool ); + +/*! \ingroup groupConfigSign + \brief Returns whether sent email messages should be stored + with or without their signatures. +*/ +bool saveSentSignatures( void ); + +/*! \ingroup groupConfigSign + \brief Specifies whether a warning should be emitted if any + of the certificates involved in the signing process + expires in the near future. +*/ +void setCertificateExpiryNearWarning( bool ); + +/*! \ingroup groupConfigSign + \brief Returns whether a warning should be emitted if any + of the certificates involved in the signing process + expires in the near future. +*/ +bool certificateExpiryNearWarning( void ); + +/*! \ingroup groupConfigSign + \brief Specifies whether a warning should be emitted if the + email address of the sender is not contained in the + certificate. +*/ +void setWarnNoCertificate( bool ); + +/*! \ingroup groupConfigSign + \brief Returns whether a warning should be emitted if the + email address of the sender is not contained in the + certificate. +*/ +bool warnNoCertificate( void ); + +/*! \ingroup groupConfigSign + \brief Specifies how often the PIN is requested when + accessing the secret signature key. +*/ +void setNumPINRequests( PinRequests ); + +/*! \ingroup groupConfigSign + \brief Returns how often the PIN is requested when + accessing the secret signature key. +*/ +PinRequests numPINRequests( void ); + +/*! \ingroup groupConfigSign + \brief Specifies whether the certificate path should be + followed to the root certificate or whether locally stored + certificates may be used. +*/ +void setCheckSignatureCertificatePathToRoot( bool ); + +/*! \ingroup groupConfigSign + \brief Returns whether the certificate path should be + followed to the root certificate or whether locally stored + certificates may be used. +*/ +bool checkSignatureCertificatePathToRoot( void ); + +/*! \ingroup groupConfigSign + \brief Specifies whether certificate revocation lists should + be used. +*/ +void setSignatureUseCRLs( bool ); + +/*! \ingroup groupConfigSign + \brief Returns whether certificate revocation lists should + be used. +*/ +bool signatureUseCRLs( void ); + +/*! \ingroup groupConfigSign + \brief Specifies whether a warning should be emitted if any + of the certificates involved in the signing process + expires in the near future. +*/ +void setSignatureCRLExpiryNearWarning( bool ); + +/*! \ingroup groupConfigSign + \brief Returns whether a warning should be emitted if any + of the certificates involved in the signing process + expires in the near future. +*/ +bool signatureCRLExpiryNearWarning( void ); + +/*! \ingroup groupConfigSign + \brief Specifies the number of days which a certificate must + be valid before it is considered to expire in the near + future. +*/ +void setSignatureCRLNearExpiryInterval( int ); + +/*! \ingroup groupConfigSign + \brief Returns the number of days which a certificate must + be valid before it is considered to expire in the near + future. +*/ +int signatureCRLNearExpiryInterval( void ); + + +/*! \ingroup groupConfigCrypt + \brief This function returns an XML representation of a + configuration dialog for configuring encryption + handling. + + The syntax is that of .ui + files as specified in the Imhotep + documentation. This function does not execute or show the + dialog in any way; this is up to the MUA. Also, what the + MUA makes of the information provided highly depends on + the MUA itself. A GUI-based MUA will probably create a + dialog window (possibly integrated into an existing + configuration dialog in the application), while a + terminal-based MUA might generate a series of questions or + a terminal based menu selection. +*/ +const char* encryptionConfigurationDialog( void ); + +/*! \ingroup groupConfigCrypt + \brief This function returns an XML representation of a + configuration dialog for selecting an encryption + algorithm. + + This will typically be used when the user wants + to select an encryption algorithm for one specific message only; the + defaults are set in the dialog returned by + encryptionConfigurationDialog(). +*/ +const char* encryptionAlgorithmDialog( void ); + +/*! \ingroup groupConfigCrypt + \brief This function returns an XML representation of a + configuration dialog for selecting whether an email + message and its attachments should be encrypted. + + This will typically be used when the + user wants to select an encryption key for one specific + message only; the defaults are set in the dialog returned + by encryptionConfigurationDialog(). +*/ +const char* encryptionHandlingDialog( void ); + +/*! \ingroup groupConfigCrypt + \brief This function returns an XML representation of a + dialog that lets the user select the certificate to use + for encrypting. + + If it was not possible to determine the + correct certificate from the information in the email + message, the user is presented with a list of possible + certificates to choose from. If a unique certificate was + found, this is presented to the user, who needs to confirm + the selection of the certificate. This procedure is repeated + for each recipient of the email message. +*/ +const char* encryptionReceiverDialog( void ); + +/*! \ingroup groupConfigCrypt + \brief Sets the algorithm used for encrypting. +*/ +void setEncryptionAlgorithm( EncryptionAlgorithm ); + +/*! \ingroup groupConfigCrypt + \brief Returns the algorithm used for encrypting. +*/ +EncryptionAlgorithm encryptionAlgorithm( void ); + +/*! \ingroup groupConfigCrypt + \brief Specifies whether email should be automatically + encrypted, encrypted after confirmation, encrypted after + confirmation for each part or not encrypted at all. +*/ +void setEncryptEmail( EncryptEmail ); + +/*! \ingroup groupConfigCrypt + \brief Returns whether email should be automatically + encrypted, encrypted after confirmation, encrypted after + confirmation for each part or not encrypted at all. +*/ +EncryptEmail encryptEmail( void ); + +/*! \ingroup groupConfigCrypt + \brief Specifies whether encrypted email messages should be + stored encrypted or decrypted. +*/ +void setSaveMessagesEncrypted( bool ); + +/*! \ingroup groupConfigCrypt + \brief Returns whether encrypted email messages should be stored + encrypted or decrypted. +*/ +bool saveMessagesEncrypted( void ); + +/*! \ingroup groupConfigCrypt + \brief Specifies whether the certificate path should be + followed to the root certificate or whether locally stored + certificates may be used. +*/ +void setCheckEncryptionCertificatePathToRoot( bool ); + +/*! \ingroup groupConfigCrypt + \brief Returns whether the certificate path should be + followed to the root certificate or whether locally stored + certificates may be used. +*/ +bool checkEncryptionCertificatePathToRoot( void ); + +/*! \ingroup groupConfigCrypt + \brief Specifies whether certificate revocation lists should + be used. +*/ +void setEncryptionUseCRLs( bool ); + +/*! \ingroup groupConfigCrypt + \brief Returns whether certificate revocation lists should + be used. +*/ +bool encryptionUseCRLs( void ); + +/*! \ingroup groupConfigCrypt + \brief Specifies whether a warning should be emitted if any + of the certificates involved in the signing process + expires in the near future. +*/ +void setEncryptionCRLExpiryNearWarning( bool ); + +/*! \ingroup groupConfigCrypt + \brief Returns whether a warning should be emitted if any + of the certificates involved in the signing process + expires in the near future. +*/ +bool encryptionCRLExpiryNearWarning( void ); + +/*! \ingroup groupConfigCrypt + \brief Specifies the number of days which a certificate must + be valid before it is considered to expire in the near + future. +*/ +void setEncryptionCRLNearExpiryInterval( int ); + +/*! \ingroup groupConfigCrypt + \brief Returns the number of days which a certificate must + be valid before it is considered to expire in the near + future. +*/ +int encryptionCRLNearExpiryInterval( void ); + + +/*! \ingroup groupConfigDir + \brief This function returns an XML representation of a + configuration dialog for selecting a directory + server. +*/ +const char* directoryServiceConfigurationDialog( void ); + +/*! \ingroup groupConfigDir + \brief Lets you configure how certificates and certificate + revocation lists are retrieved (both locally and from directory + services). + + Will mainly be used for restoring + configuration data; interactive configuration will be done + via the configuration dialog returned by + \c directoryServiceConfigurationDialog(). +*/ +void appendDirectoryServer( const char* servername, int port, + const char* description ); + + + + +/*! \ingroup groupConfigDir +*/ +struct DirectoryServer { + const char* servername; + int port; + const char* description; +}; + + +/*! \ingroup groupConfigDir + \brief Specifies a list of directory servers. + + Will mainly be used for restoring + configuration data; interactive configuration will be done + via the configuration dialog returned by + \c directoryServiceConfigurationDialog(). +*/ +void setDirectoryServers( struct DirectoryServer[], unsigned int size ); + +/*! \ingroup groupConfigDir + \brief Returns the list of directory servers. + + Will mainly be used for saving configuration data; interactive + configuration will be done via the configuration dialog + returned by + \c directoryServiceConfigurationDialog(). +*/ +struct DirectoryServer* directoryServers( int* numServers ); + +/*! \ingroup groupConfigDir + \brief Specifies whether certificates should be retrieved + from a directory server, only locally, or both. +*/ +void setCertificateSource( CertificateSource ); + +/*! \ingroup groupConfigDir + \brief Returns whether certificates should be retrieved + from a directory server, only locally, or both. +*/ +CertificateSource certificateSource( void ); + +/*! \ingroup groupConfigDir + \brief Specifies whether certificates should be retrieved + from a directory server, only locally, or both. +*/ +void setCRLSource( CertificateSource ); + +/*! \ingroup groupConfigDir + \brief Returns whether certificates should be retrieved + from a directory server, only locally, or both. +*/ +CertificateSource crlSource( void ); + + +/*! \ingroup groupCertHand + \brief Returns \c true if and only if the + certificates in the certificate chain starting at + \c certificate are valid. + + If \c level is non-null, the parameter contains + the degree of trust on a backend-specific scale. In an X.509 + implementation, this will either be \c 1 + (valid up to the root certificate) or \c 0 + (not valid up to the root certificate). +*/ +bool certificateValidity( const char* certificate, int* level ); + + +/*! \ingroup groupSignAct + \brief Signs a message \c cleartext and returns + in \c ciphertext the message including + signature. + + The signature role is specified by + \c certificate. If \c certificate is \c NULL, + the default certificate is used. +*/ +bool signMessage( const char* cleartext, + const char** ciphertext, + const char* certificate ); + + +/*! \ingroup groupSignAct + Dummy!! To be replaced by real structure information... +*/ +struct SignatureMetaData { + int data; +}; + +/*! \ingroup groupSignAct + \brief Checks whether the signature of a message is + valid. \c ciphertext specifies the message + as it was received by the MUA, \c cleartext + is the message with the signature(s) removed. + + Depending on the configuration, MUAs might not need to use this. + If \c sigmeta is non-null, the + \c SignatureMetaData object pointed to will + contain meta information about the signature after the + function call. +*/ +bool checkMessageSignature( const char* ciphertext, + const char** cleartext, + struct SignatureMetaData* sigmeta ); + +/*! \ingroup groupSignAct + \brief Stores the certificates that follow with the message + \c ciphertext locally. +*/ +bool storeCertificatesFromMessage( const char* ciphertext ); + + +/*! \ingroup groupCryptAct + \brief Encrypts an email message in + \c cleartext according to the current + settings (algorithm, etc.) and returns it in + \c ciphertext. + + If the message could be encrypted, the function returns + \c true, otherwise + \c false. +*/ +bool encryptMessage( const char* cleartext, const char** ciphertext ); + +/*! \ingroup groupCryptAct + \brief Combines the functionality of + \c encryptMessage() and + \c signMessage(). + + If \c certificate is \c NULL, + the default certificate will be used. If + \c sigmeta is non-null, the + \c SignatureMetaData object pointed to will + contain meta information about the signature after the + function call. +*/ +bool encryptAndSignMessage( const char* cleartext, + const char** ciphertext, + const char* certificate, + struct SignatureMetaData* sigmeta ); + +/*! \ingroup groupCryptAct + \brief Tries to decrypt an email message + \c ciphertext and returns the decrypted + message in \c cleartext. + + The \c certificate is used for decryption. If + the message could be decrypted, the function returns + \c true, otherwise + \c false. +*/ +bool decryptMessage( const char* ciphertext, const + char** cleartext, const char* certificate ); + +/*! \ingroup groupCryptAct + \brief Combines the functionality of + \c checkMessageSignature() and + \c decryptMessage(). + + If \c certificate is \c NULL, + the default certificate will be used. If + \c sigmeta is non-null, the + \c SignatureMetaData object pointed to will + contain meta information about the signature after the + function call. +*/ +bool decryptAndCheckMessage( const char* ciphertext, + const char** cleartext, + const char* certificate, + struct SignatureMetaData* sigmeta ); + + +/*! \ingroup groupCertAct + \brief This function returns an XML representation of a dialog + that can be used to fill in the data for requesting a + certificate (which in turn is done with the function + \c requestCertificate() described + next. +*/ +const char* requestCertificateDialog( void ); + +/*! \ingroup groupCertAct + \brief Generates a prototype certificate with the data provided + in the first four parameters and sends it via email to the CA + specified in \c ca_address. +*/ +bool requestDecentralCertificate( const char* name, const char* + email, const char* organization, const char* department, + const char* ca_address ); + +/*! \ingroup groupCertAct + \brief Requests a certificate in a PSE from the CA + specified in \c ca_address. +*/ +bool requestCentralCertificateAndPSE( const char* name, + const char* email, const char* organization, const char* department, + const char* ca_address ); + +/*! \ingroup groupCertAct + \brief Creates a local PSE. +*/ +bool createPSE( void ); + +/*! \ingroup groupCertAct + \brief Parses and adds a certificate returned by a CA upon + request with + \c requestDecentralCertificate() or + \c requestCentralCertificate(). + + If the certificate was requested with + \c requestCentralCertificate(), the + certificate returned will come complete with a PSE which is + also registered with this method. +*/ +bool registerCertificate( const char* ); + +/*! \ingroup groupCertAct + \brief Requests the prolongation of the certificate + \c certificate from the CA + \c ca_address. +*/ +bool requestCertificateProlongation( const char* + certificate, const char* ca_address ); + +/*! \ingroup groupCertAct + \brief Returns an HTML 2-formatted string that describes the + certificate chain of the user's certificate. + + Data displayed is at least the issuer of the certificate, the serial number + of the certificate, the owner of the certificate, the checksum + of the certificate, the validity duration of the certificate, + the usage of the certificate, and the contained email + addresses, if any. +*/ +const char* certificateChain( void ); + +/*! \ingroup groupCertAct + \brief Deletes the specified user certificate from the current + PSE. +*/ +bool deleteCertificate( const char* certificate ); + +/*! \ingroup groupCertAct + \brief Archives the specified user certificate in the current PSE. + + The certificate cannot be used any longer after this + operation unless it is unarchived. +*/ +bool archiveCertificate( const char* certificate ); + + +/*! \ingroup groupCRLAct + \brief Returns a HTML 2-formatted string that describes the + CRL, suitable for display in the MUA. +*/ +const char* displayCRL( void ); + +/*! \ingroup groupCRLAct + \brief Manually update the CRL. CRLs will also be automatically + updated on demand by the backend. + + If there is a local version of a CRL saved, it will be overwritten + with the new CRL from the CA. +*/ +void updateCRL( void ); + +#ifdef __cplusplus +} +#endif +#endif /*CRYPTPLUG_H*/ + diff --git a/gpgmeplug/gpgmeplug.c b/gpgmeplug/gpgmeplug.c new file mode 100644 index 0000000..a108748 --- /dev/null +++ b/gpgmeplug/gpgmeplug.c @@ -0,0 +1,511 @@ +/* -*- Mode: C -*- + + $Id$ + + GPGMEPLUG - an GPGME based cryptography plug-in following + the common CRYPTPLUG specification. + + Copyright (C) 2001 by Klarälvdalens Datakonsult AB + + GPGMEPLUG is free software; you can redistribute it and/or modify + it under the terms of GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + GPGMEPLUG is distributed in the hope that it will be useful, + it under the terms of GNU General Public License as published by + the Free Software Foundation; version 2 of the License + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA +*/ + + + +/*! \file gpgmeplug.c + \brief GPGME implementation of CRYPTPLUG following the + specification located in common API header cryptplug.h. + + CRYPTPLUG is an independent cryptography plug-in API + developed for Sphinx-enabeling KMail and Mutt. + + CRYPTPLUG was designed for the Aegypten project, but it may + be used by 3rd party developers as well to design pluggable + crypto backends for the above mentioned MUAs. + + \note All string parameters appearing in this API are to be + interpreted as UTF-8 encoded. + + \see cryptplug.h +*/ + +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "cryptplug.h" + + +typedef struct { + const char* signatureKeyCertificate; + SignatureAlgorithm signatureAlgorithm; + SendCertificates sendCertificates; + SignEmail signEmail; + bool saveSentSignatures; + bool certificateExpiryNearWarning; + bool warnNoCertificate; + PinRequests numPINRequests; + bool checkSignatureCertificatePathToRoot; + bool signatureUseCRLs; + bool signatureCRLExpiryNearWarning; + int signatureCRLNearExpiryInterval; + EncryptionAlgorithm encryptionAlgorithm; + EncryptEmail encryptEmail; + bool saveMessagesEncrypted; + bool checkEncryptionCertificatePathToRoot; + bool encryptionUseCRLs; + bool encryptionCRLExpiryNearWarning; + int encryptionCRLNearExpiryInterval; + struct DirectoryServer *directoryServers; + unsigned int numDirectoryServers; + CertificateSource certificateSource; + CertificateSource cRLSource; +} Config; + + +Config config; + + +#define NEAR_EXPIRY 21 + +bool initialize() +{ + config.signatureKeyCertificate = ""; + config.signatureAlgorithm = SignAlg_SHA1; + config.sendCertificates = SendCert_SendChainWithRoot; + config.signEmail = SignEmail_SignAll; + config.saveSentSignatures = true; + config.certificateExpiryNearWarning = true; + config.warnNoCertificate = true; + config.numPINRequests = PinRequest_Always; + config.checkSignatureCertificatePathToRoot = true; + config.signatureUseCRLs = true; + config.signatureCRLExpiryNearWarning = true; + config.signatureCRLNearExpiryInterval = NEAR_EXPIRY; + config.encryptionAlgorithm = EncryptAlg_RSA; + config.encryptEmail = EncryptEmail_Ask; + config.saveMessagesEncrypted = true; + config.checkEncryptionCertificatePathToRoot = true; + config.encryptionUseCRLs = true; + config.encryptionCRLExpiryNearWarning = true; + config.encryptionCRLNearExpiryInterval = NEAR_EXPIRY; + config.directoryServers = NULL; + config.numDirectoryServers = 0; + config.certificateSource = CertSrc_Server; + config.cRLSource = CertSrc_Server; + return true; +}; + + +void deinitialize() +{ + _gpgme_free( config.directoryServers ); +} + + +bool hasFeature( Feature flag ) +{ + switch ( flag ) { + case CryptPlugFeat_SignMessages: return true; + case CryptPlugFeat_VerifySignatures: return true; + case CryptPlugFeat_EncryptMessages: return true; + case CryptPlugFeat_DecryptMessages: return true; + // undefined or not yet implemented: + case CryptPlugFeat_undef: return false; + default: return false; + } +} + + +void unsafeStationery( void** pixmap, const char** menutext, char* accel, + const char** tooltip, const char** statusbartext ){} + +void signedStationery( void** pixmap, const char** menutext, char* accel, + const char** tooltip, const char** statusbartext ){} + +void encryptedStationery( void** pixmap, const char** + menutext, char* accel, + const char** tooltip, const char** statusbartext ){} + +void signedEncryptedStationery( void** pixmap, const char** + menutext, char* accel, + const char** tooltip, const char** statusbartext ){} + +const char* signatureConfigurationDialog(){ return 0; } + +const char* signatureKeySelectionDialog(){ return 0; } + +const char* signatureAlgorithmDialog(){ return 0; } + +const char* signatureHandlingDialog(){ return 0; } + +void setSignatureKeyCertificate( const char* certificate ) +{ + config.signatureKeyCertificate = certificate; +} + +const char* signatureKeyCertificate() +{ + return config.signatureKeyCertificate; +} + +void setSignatureAlgorithm( SignatureAlgorithm sigAlg ) +{ + config.signatureAlgorithm = sigAlg; +} + +SignatureAlgorithm signatureAlgorithm() +{ + return config.signatureAlgorithm; +} + +void setSendCertificates( SendCertificates sendCert ) +{ + config.sendCertificates = sendCert; +} + +SendCertificates sendCertificates() +{ + return config.sendCertificates; +} + +void setSignEmail( SignEmail signMail ) +{ + config.signEmail = signMail; +} + +SignEmail signEmail() +{ + return config.signEmail; +} + +void setSaveSentSignatures( bool flag ) +{ + config.saveSentSignatures = flag; +} + +bool saveSentSignatures() +{ + return config.saveSentSignatures; +} + +void setCertificateExpiryNearWarning( bool flag ) +{ + config.certificateExpiryNearWarning = flag; +} + +bool certificateExpiryNearWarning() +{ + return config.certificateExpiryNearWarning; +} + +void setWarnNoCertificate( bool flag ) +{ + config.warnNoCertificate = flag; +} + +bool warnNoCertificate() +{ + return config.warnNoCertificate; +} + +void setNumPINRequests( PinRequests reqMode ) +{ + config.numPINRequests = reqMode; +} + +PinRequests numPINRequests() +{ + return config.numPINRequests; +} + +void setCheckSignatureCertificatePathToRoot( bool flag ) +{ + config.checkSignatureCertificatePathToRoot = flag; +} + +bool checkSignatureCertificatePathToRoot() +{ + return config.checkSignatureCertificatePathToRoot; +} + +void setSignatureUseCRLs( bool flag ) +{ + config.signatureUseCRLs = flag; +} + +bool signatureUseCRLs() +{ + return config.signatureUseCRLs; +} + +void setSignatureCRLExpiryNearWarning( bool flag ) +{ + config.signatureCRLExpiryNearWarning = flag; +} + +bool signatureCRLExpiryNearWarning() +{ + return config.signatureCRLExpiryNearWarning; +} + +void setSignatureCRLNearExpiryInterval( int interval ) +{ + config.signatureCRLNearExpiryInterval = interval; +} + +int signatureCRLNearExpiryInterval() +{ + return config.signatureCRLNearExpiryInterval; +} + + +const char* encryptionConfigurationDialog(){ return 0; } + +const char* encryptionAlgorithmDialog(){ return 0; } + +const char* encryptionHandlingDialog(){ return 0; } + +const char* encryptionReceiverDialog(){ return 0; } + +void setEncryptionAlgorithm( EncryptionAlgorithm cryptAlg ) +{ + config.encryptionAlgorithm = cryptAlg; +} + +EncryptionAlgorithm encryptionAlgorithm() +{ + return config.encryptionAlgorithm; +} + +void setEncryptEmail( EncryptEmail cryptMode ) +{ + config.encryptEmail = cryptMode; +} + +EncryptEmail encryptEmail() +{ + return config.encryptEmail; +} + +void setSaveMessagesEncrypted( bool flag ) +{ + config.saveMessagesEncrypted = flag; +} + +bool saveMessagesEncrypted() +{ + return config.saveMessagesEncrypted; +} + +void setCheckEncryptionCertificatePathToRoot( bool flag ) +{ + config.checkEncryptionCertificatePathToRoot = flag; +} + +bool checkEncryptionCertificatePathToRoot() +{ + return config.checkEncryptionCertificatePathToRoot; +} + +void setEncryptionUseCRLs( bool flag ) +{ + config.encryptionUseCRLs = flag; +} + +bool encryptionUseCRLs() +{ + return config.encryptionUseCRLs; +} + +void setEncryptionCRLExpiryNearWarning( bool flag ) +{ + config.encryptionCRLExpiryNearWarning = flag; +} + +bool encryptionCRLExpiryNearWarning() +{ + return config.encryptionCRLExpiryNearWarning; +} + +void setEncryptionCRLNearExpiryInterval( int interval ) +{ + config.encryptionCRLNearExpiryInterval = interval; +} + +int encryptionCRLNearExpiryInterval() +{ + return config.encryptionCRLNearExpiryInterval; +} + + +const char* directoryServiceConfigurationDialog(){ return 0; } + +void appendDirectoryServer( const char* servername, int port, + const char* description ) +{ + struct DirectoryServer *servers = NULL; + servers = xtryrealloc( config.directoryServers, + (1+config.numDirectoryServers) * sizeof *servers ); + if( servers ) { + config.directoryServers = servers; + servers[ config.numDirectoryServers ].servername = servername; + servers[ config.numDirectoryServers ].port = port; + servers[ config.numDirectoryServers ].description = description; + config.numDirectoryServers += 1; + } +} + +void setDirectoryServers( struct DirectoryServer server[], unsigned int size ) +{ + struct DirectoryServer *servers = NULL; + servers = xtrycalloc ( size, sizeof *servers ); + if( servers ) { + _gpgme_free( config.directoryServers ); + config.directoryServers = servers; + config.numDirectoryServers = size; + } +} + +struct DirectoryServer * directoryServers( int* numServers ) +{ + if( numServers ) + *numServers = config.numDirectoryServers; + return config.directoryServers; +}; + +void setCertificateSource( CertificateSource source ) +{ + config.certificateSource = source; +} + +CertificateSource certificateSource() +{ + return config.certificateSource; +} + +void setCRLSource( CertificateSource source ) +{ + config.cRLSource = source; +} + +CertificateSource crlSource() +{ + return config.cRLSource; +} + + +bool certificateValidity( const char* certificate, + int* level ){ return true; } + + +bool signMessage( const char* cleartext, + const char** ciphertext, + const char* certificate ) +{ +/* + GpgmeCtx ctx; + GpgmeData data, sig; + + gpgme_new (&ctx); + gpgme_set_armor (ctx, 1); + gpgme_set_textmode (ctx, 1); + + gpgme_data_new_from_mem (&data, mime_object, + mime_object_len, TRUE ); + gpgme_data_new ( &sig ); + gpgme_op_sign (ctx, data, sig, GPGME_SIG_MODE_DETACH ); + + fputs ( "Content-Type: multipart/signed;\r\n" + " protocol=\"application/pgp-signature\";\r\n" + " boundary=\"42=.42=.42=.42\"\r\n" + "\r\n--42=.42=.42=.42\r\n", stdout ); + + gpgme_data_rewind (data); + while ( !gpgme_data_read (data, buf, sizeof buf, &nread ) ) { + fwrite (buf, nread, 1, stdout ); + } + fputs ( "\r\n--42=.42=.42=.42--\r\n" + "Content-Type: application/pgp-signature\r\n\r\n", stdout); + + gpgme_data_rewind (sig); + while ( !gpgme_data_read (sig, buf, sizeof buf, &nread ) ) { + fwrite (buf, nread, 1, stdout ); + } + fputs ( "\r\n--42=.42=.42=.42--\r\n", stdout ); + + gpgme_release (ctx); + gpgme_data_release(data); + gpgme_data_release(sig); +*/ + return true; +} + +bool checkMessageSignature( const char* ciphertext, const char** + cleartext, struct SignatureMetaData* sigmeta ){ return true; } + +bool storeCertificatesFromMessage( + const char* ciphertext ){ return true; } + + +bool encryptMessage( const char* cleartext, + const char** ciphertext ){ return true; } + +bool encryptAndSignMessage( const char* cleartext, + const char** ciphertext, const char* certificate, + struct SignatureMetaData* sigmeta ){ return true; } + +bool decryptMessage( const char* ciphertext, const + char** cleartext, const char* certificate ){ return true; } + +bool decryptAndCheckMessage( const char* ciphertext, + const char** cleartext, const char* certificate, + struct SignatureMetaData* sigmeta ){ return true; } + + +const char* requestCertificateDialog(){ return 0; } + +bool requestDecentralCertificate( const char* name, const char* + email, const char* organization, const char* department, + const char* ca_address ){ return true; } + +bool requestCentralCertificateAndPSE( const char* name, + const char* email, const char* organization, const char* department, + const char* ca_address ){ return true; } + +bool createPSE(){ return true; } + +bool registerCertificate( const char* certificate ){ return true; } + +bool requestCertificateProlongation( const char* certificate, + const char* ca_address ){ return true; } + +const char* certificateChain(){ return 0; } + +bool deleteCertificate( const char* certificate ){ return true; } + +bool archiveCertificate( const char* certificate ){ return true; } + + +const char* displayCRL(){ return 0; } + +void updateCRL(){} diff --git a/gpgmeplug/gpgmeplug.dox b/gpgmeplug/gpgmeplug.dox new file mode 100644 index 0000000..3dd9d54 --- /dev/null +++ b/gpgmeplug/gpgmeplug.dox @@ -0,0 +1,121 @@ +# Doxygen configuration generated by Doxywizard version 0.1 +#--------------------------------------------------------------------------- +# General configuration options +#--------------------------------------------------------------------------- +PROJECT_NAME = GPGMEPLUG +PROJECT_NUMBER = 0 +OUTPUT_DIRECTORY = doc/ +OUTPUT_LANGUAGE = English +QUIET = NO +WARNINGS = YES +DISABLE_INDEX = NO +EXTRACT_ALL = NO +EXTRACT_PRIVATE = NO +HIDE_UNDOC_MEMBERS = NO +HIDE_UNDOC_CLASSES = NO +BRIEF_MEMBER_DESC = YES +REPEAT_BRIEF = YES +ALWAYS_DETAILED_SEC = NO +FULL_PATH_NAMES = NO +STRIP_FROM_PATH = +INTERNAL_DOCS = NO +CLASS_DIAGRAMS = YES +SOURCE_BROWSER = NO +INLINE_SOURCES = NO +STRIP_CODE_COMMENTS = YES +CASE_SENSE_NAMES = NO +VERBATIM_HEADERS = YES +SHOW_INCLUDE_FILES = YES +JAVADOC_AUTOBRIEF = YES +INHERIT_DOCS = YES +INLINE_INFO = YES +SORT_MEMBER_DOCS = YES +TAB_SIZE = 8 +ENABLED_SECTIONS = +#--------------------------------------------------------------------------- +# configuration options related to the input files +#--------------------------------------------------------------------------- +INPUT = . +FILE_PATTERNS = *.h \ + *.c +RECURSIVE = YES +EXCLUDE = +EXCLUDE_PATTERNS = moc_* +EXAMPLE_PATH = +EXAMPLE_PATTERNS = +IMAGE_PATH = +INPUT_FILTER = +#--------------------------------------------------------------------------- +# configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- +ALPHABETICAL_INDEX = NO +COLS_IN_ALPHA_INDEX = 5 +IGNORE_PREFIX = +#--------------------------------------------------------------------------- +# configuration options related to the HTML output +#--------------------------------------------------------------------------- +GENERATE_HTML = YES +HTML_OUTPUT = html +HTML_HEADER = +HTML_FOOTER = +HTML_STYLESHEET = +HTML_ALIGN_MEMBERS = YES +GENERATE_HTMLHELP = NO +#--------------------------------------------------------------------------- +# configuration options related to the LaTeX output +#--------------------------------------------------------------------------- +GENERATE_LATEX = YES +LATEX_OUTPUT = latex +COMPACT_LATEX = NO +PAPER_TYPE = a4wide +EXTRA_PACKAGES = +LATEX_HEADER = +PDF_HYPERLINKS = NO +LATEX_BATCHMODE = NO +#--------------------------------------------------------------------------- +# configuration options related to the RTF output +#--------------------------------------------------------------------------- +GENERATE_RTF = NO +RTF_OUTPUT = rtf +COMPACT_RTF = NO +RTF_HYPERLINKS = NO +#--------------------------------------------------------------------------- +# configuration options related to the man page output +#--------------------------------------------------------------------------- +GENERATE_MAN = YES +MAN_OUTPUT = man +MAN_EXTENSION = .3 +#--------------------------------------------------------------------------- +# Configuration options related to the preprocessor +#--------------------------------------------------------------------------- +ENABLE_PREPROCESSING = YES +MACRO_EXPANSION = NO +SEARCH_INCLUDES = YES +INCLUDE_PATH = +PREDEFINED = +EXPAND_ONLY_PREDEF = NO +#--------------------------------------------------------------------------- +# Configuration::addtions related to external references +#--------------------------------------------------------------------------- +TAGFILES = +GENERATE_TAGFILE = +ALLEXTERNALS = NO +PERL_PATH = /usr/bin/perl +#--------------------------------------------------------------------------- +# Configuration options related to the dot tool +#--------------------------------------------------------------------------- +HAVE_DOT = NO +CLASS_GRAPH = YES +COLLABORATION_GRAPH = YES +INCLUDE_GRAPH = YES +GRAPHICAL_HIERARCHY = YES +#--------------------------------------------------------------------------- +# Configuration::addtions related to the search engine +#--------------------------------------------------------------------------- +SEARCHENGINE = NO +CGI_NAME = search.cgi +CGI_URL = +DOC_URL = +DOC_ABSPATH = +BIN_ABSPATH = /usr/local/bin/ +EXT_DOC_PATHS = -- 2.26.2