static gboolean
encrypt_sign_start (SeahorseToolMode *mode, const gchar *uri, gpgme_data_t uridata,
SeahorsePGPOperation *pop, GError **err)
{
gpgme_data_t cipher;
gpgme_error_t gerr;
gchar *touri;
g_assert (mode->recipients && mode->recipients[0]);
/* File to encrypt to */
touri = seahorse_util_add_suffix (uri, SEAHORSE_CRYPT_SUFFIX,
_("Choose Encrypted File Name for '%s'"));
if (!touri)
return FALSE;
/* Open necessary files, release these with the operation */
cipher = seahorse_vfs_data_create (touri, SEAHORSE_VFS_WRITE | SEAHORSE_VFS_DELAY, err);
g_free (touri);
if (!cipher)
return FALSE;
g_object_set_data_full (G_OBJECT (pop), "cipher-data", cipher,
(GDestroyNotify)gpgme_data_release);
gpgme_set_armor (pop->gctx, seahorse_gconf_get_boolean (ARMOR_KEY));
gpgme_set_textmode (pop->gctx, FALSE);
/* Start actual encryption */
gpgme_signers_clear (pop->gctx);
if (mode->signer) {
gpgme_signers_add (pop->gctx, mode->signer);
gerr = gpgme_op_encrypt_sign_start (pop->gctx, mode->recipients,
GPGME_ENCRYPT_ALWAYS_TRUST, uridata, cipher);
} else {
gerr = gpgme_op_encrypt_start (pop->gctx, mode->recipients,
GPGME_ENCRYPT_ALWAYS_TRUST, uridata, cipher);
}
if (gerr != 0) {
seahorse_util_gpgme_to_error (gerr, err);
return FALSE;
}
return TRUE;
}
/**
* crypto: the crypto service (#SeahorseServiceCrypto)
* recipients: A list of recipients (keyids "openpgp:B8098FB063E2C811")
* Must be empty when symmetric encryption is used.
* signer: optional, the keyid of the signer
* flags: FLAG_SYMMETRIC to perform symmetric encryption
* cleartext: the text to encrypt
* clearlength: Length of the cleartext
* crypttext: the encrypted text (out)
* cryptlength: the length of this text (out)
* textmode: TRUE if gpgme should use textmode
* ascii_armor: TRUE if GPGME should use ascii armor
* error: The Error
*
* Handles encryption in a generic way. Can be used by several DBus APIs
*
* Returns TRUE on success
**/
static gboolean
crypto_encrypt_generic (SeahorseServiceCrypto *crypto,
const char **recipients, const char *signer,
int flags, const char *cleartext, gsize clearlength,
char **crypttext, gsize *cryptlength, gboolean textmode,
gboolean ascii_armor, GError **error)
{
GList *recipkeys = NULL;
SeahorseGpgmeOperation *pop;
SeahorseObject *signkey = NULL;
SeahorseObject *skey;
gpgme_key_t *recips;
gboolean symmetric = FALSE;
gpgme_data_t plain, cipher;
gpgme_error_t gerr;
gboolean ret = TRUE;
GSettings *settings;
gchar *keyid;
if ((flags & FLAG_SYMMETRIC) == FLAG_SYMMETRIC)
symmetric = TRUE;
if (symmetric && recipients[0] != NULL) {
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_INVALID,
_("Recipients specified for symmetric encryption"));
return FALSE;
}
/* The signer */
if (signer && signer[0]) {
signkey = seahorse_context_object_from_dbus (SCTX_APP (), signer);
if (!signkey) {
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_INVALID,
_("Invalid or unrecognized signer: %s"), signer);
return FALSE;
}
if (!SEAHORSE_IS_GPGME_KEY (signkey) ||
!(seahorse_object_get_flags (signkey) & SEAHORSE_FLAG_CAN_SIGN)) {
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_INVALID,
_("Key is not valid for signing: %s"), signer);
return FALSE;
}
}
if (!symmetric) {
/* The recipients */
for( ; recipients[0]; recipients++)
{
skey = seahorse_context_object_from_dbus (SCTX_APP (), recipients[0]);
if (!skey) {
g_list_free (recipkeys);
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_INVALID,
_("Invalid or unrecognized recipient: %s"), recipients[0]);
return FALSE;
}
if (!SEAHORSE_IS_GPGME_KEY (skey) ||
!(seahorse_object_get_flags (skey) & SEAHORSE_FLAG_CAN_ENCRYPT)) {
g_list_free (recipkeys);
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_INVALID,
_("Key is not a valid recipient for encryption: %s"), recipients[0]);
return FALSE;
}
recipkeys = g_list_prepend (recipkeys, SEAHORSE_PGP_KEY (skey));
}
if (!recipkeys) {
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_INVALID,
_("No recipients specified"));
return FALSE;
}
}
pop = seahorse_gpgme_operation_new (NULL);
/* new data form text */
gerr = gpgme_data_new_from_mem (&plain, cleartext, clearlength, FALSE);
g_return_val_if_fail (GPG_IS_OK (gerr), FALSE);
gerr = gpgme_data_new (&cipher);
g_return_val_if_fail (GPG_IS_OK (gerr), FALSE);
/* encrypt with armor */
gpgme_set_textmode (pop->gctx, textmode);
gpgme_set_armor (pop->gctx, ascii_armor);
if (symmetric) {
/* gpgme_op_encrypt{_sign,}_start() will perform symmetric encryption
* when no recipients are specified. */
recips = NULL;
} else {
/* Add the default key if set and necessary */
settings = g_settings_new ("org.gnome.crypto.pgp");
if (g_settings_get_boolean (settings, "encrypt-to-self")) {
keyid = g_settings_get_string (settings, "default-key");
if (keyid && keyid[0]) {
skey = seahorse_context_find_object (NULL, g_quark_from_string (keyid),
SEAHORSE_LOCATION_LOCAL);
if (SEAHORSE_IS_PGP_KEY (skey))
recipkeys = g_list_append (recipkeys, skey);
}
g_free (keyid);
}
g_object_unref (settings);
/* Make keys into the right format for GPGME */
recips = keylist_to_keys (recipkeys);
g_list_free (recipkeys);
}
/* Do the encryption */
if (signkey) {
gpgme_signers_add (pop->gctx, seahorse_gpgme_key_get_private (SEAHORSE_GPGME_KEY (signkey)));
gerr = gpgme_op_encrypt_sign_start (pop->gctx, recips, GPGME_ENCRYPT_ALWAYS_TRUST,
plain, cipher);
} else {
gerr = gpgme_op_encrypt_start (pop->gctx, recips, GPGME_ENCRYPT_ALWAYS_TRUST,
plain, cipher);
}
free_keys (recips);
/* Frees cipher */
ret = process_crypto_result (pop, gerr, cipher, crypttext, cryptlength, error);
g_object_unref (pop);
gpgme_data_release (plain);
return ret;
}
/**
* crypto: the crypto service (#SeahorseServiceCrypto)
* recipients: A list of recipients (keyids "openpgp:B8098FB063E2C811")
* signer: optional, the keyid of the signer
* flags: 0, not used
* cleartext: the text to encrypt
* clearlength: Length of the cleartext
* crypttext: the encrypted text (out)
* cryptlength: the length of this text (out)
* textmode: TRUE if gpgme should use textmode
* ascii_armor: TRUE if GPGME should use ascii armor
* error: The Error
*
* Handles encryption in a generic way. Can be used by several DBus APIs
*
* Returns TRUE on success
**/
static gboolean
crypto_encrypt_generic (SeahorseServiceCrypto *crypto,
const char **recipients, const char *signer,
int flags, const char *cleartext, gsize clearlength,
char **crypttext, gsize *cryptlength, gboolean textmode,
gboolean ascii_armor, GError **error)
{
GList *recipkeys = NULL;
SeahorseGpgmeOperation *pop;
SeahorseObject *signkey = NULL;
SeahorseObject *skey;
gpgme_key_t *recips;
gpgme_data_t plain, cipher;
gpgme_error_t gerr;
gboolean ret = TRUE;
/*
* TODO: Once we support different kinds of keys that support encryption
* then all this logic will need to change.
*/
/* The signer */
if (signer && signer[0]) {
signkey = seahorse_context_object_from_dbus (SCTX_APP (), signer);
if (!signkey) {
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_INVALID,
_("Invalid or unrecognized signer: %s"), signer);
return FALSE;
}
if (!SEAHORSE_IS_GPGME_KEY (signkey) ||
!(seahorse_object_get_flags (signkey) & SEAHORSE_FLAG_CAN_SIGN)) {
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_INVALID,
_("Key is not valid for signing: %s"), signer);
return FALSE;
}
}
/* The recipients */
for( ; recipients[0]; recipients++)
{
skey = seahorse_context_object_from_dbus (SCTX_APP (), recipients[0]);
if (!skey) {
g_list_free (recipkeys);
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_INVALID,
_("Invalid or unrecognized recipient: %s"), recipients[0]);
return FALSE;
}
if (!SEAHORSE_IS_GPGME_KEY (skey) ||
!(seahorse_object_get_flags (skey) & SEAHORSE_FLAG_CAN_ENCRYPT)) {
g_list_free (recipkeys);
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_INVALID,
_("Key is not a valid recipient for encryption: %s"), recipients[0]);
return FALSE;
}
recipkeys = g_list_prepend (recipkeys, SEAHORSE_PGP_KEY (skey));
}
if (!recipkeys) {
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_INVALID,
_("No recipients specified"));
return FALSE;
}
pop = seahorse_gpgme_operation_new (NULL);
/* new data form text */
gerr = gpgme_data_new_from_mem (&plain, cleartext, clearlength, FALSE);
g_return_val_if_fail (GPG_IS_OK (gerr), FALSE);
gerr = gpgme_data_new (&cipher);
g_return_val_if_fail (GPG_IS_OK (gerr), FALSE);
/* encrypt with armor */
gpgme_set_textmode (pop->gctx, textmode);
gpgme_set_armor (pop->gctx, ascii_armor);
/* Add the default key if set and necessary */
if (seahorse_gconf_get_boolean (ENCRYPTSELF_KEY)) {
skey = SEAHORSE_OBJECT (seahorse_context_get_default_key (SCTX_APP ()));
if (SEAHORSE_IS_PGP_KEY (skey))
recipkeys = g_list_append (recipkeys, skey);
}
/* Make keys into the right format for GPGME */
recips = keylist_to_keys (recipkeys);
g_list_free (recipkeys);
/* Do the encryption */
if (signkey) {
gpgme_signers_add (pop->gctx, seahorse_gpgme_key_get_private (SEAHORSE_GPGME_KEY (signkey)));
gerr = gpgme_op_encrypt_sign_start (pop->gctx, recips, GPGME_ENCRYPT_ALWAYS_TRUST,
plain, cipher);
} else {
gerr = gpgme_op_encrypt_start (pop->gctx, recips, GPGME_ENCRYPT_ALWAYS_TRUST,
plain, cipher);
}
free_keys (recips);
/* Frees cipher */
ret = process_crypto_result (pop, gerr, cipher, crypttext, cryptlength, error);
g_object_unref (pop);
gpgme_data_release (plain);
return ret;
}
/* Encrypt the data from INDATA to the OUTDATA object for all
recpients given in the NULL terminated array RECIPIENTS. This
function terminates with success and then expects the caller to
wait for the result of the encryption using engine_wait. FILTER is
used for asynchronous commnication with the engine module. HWND is
the window handle of the current window and used to maintain the
correct relationship between a popups and the active window. */
int
op_gpgme_encrypt (protocol_t protocol,
gpgme_data_t indata, gpgme_data_t outdata,
engine_filter_t filter, void *hwnd,
char **recipients)
{
gpg_error_t err;
closure_data_t cld;
gpgme_ctx_t ctx = NULL;
gpgme_key_t *keys = NULL;
(void)hwnd;
cld = xcalloc (1, sizeof *cld);
cld->closure = encrypt_closure;
cld->filter = filter;
err = prepare_recipient_keys (&keys, recipients, NULL);
if (err)
goto leave;
err = gpgme_new (&ctx);
if (err)
goto leave;
gpgme_set_progress_cb (ctx, NULL, cld);
switch (protocol)
{
case PROTOCOL_OPENPGP: /* Gpgme's default. */
break;
case PROTOCOL_SMIME:
err = gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
break;
default:
err = gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
break;
}
if (err)
goto leave;
gpgme_set_armor (ctx, 1);
/* FIXME: We should not hardcode always trust. */
/* if (sign_key) */
/* { */
/* gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &cld->pw_cb); */
/* cld->pw_cb.ctx = ctx; */
/* cld->pw_cb.ttl = opt.passwd_ttl; */
/* err = gpgme_signers_add (ctx, sign_key); */
/* if (!err) */
/* err = gpgme_op_encrypt_sign_start (ctx, keys, */
/* GPGME_ENCRYPT_ALWAYS_TRUST, */
/* indata, outdata); */
/* } */
/* else */
err = gpgme_op_encrypt_start (ctx, keys, GPGME_ENCRYPT_ALWAYS_TRUST,
indata, outdata);
leave:
if (err)
{
xfree (cld);
gpgme_release (ctx);
}
else
engine_private_set_cancel (filter, ctx);
release_key_array (keys);
return err;
}
