static gboolean
proc_one_file (GpaFileImportOperation *op, gpa_file_item_t file_item)
{
gpg_error_t err;
int fd;
gpgme_data_t data;
if (file_item->direct_in)
{
/* No copy is made. */
err = gpgme_data_new_from_mem (&data, file_item->direct_in,
file_item->direct_in_len, 0);
if (err)
{
gpa_gpgme_warning (err);
return FALSE;
}
gpgme_set_protocol (GPA_OPERATION (op)->context->ctx,
is_cms_data (file_item->direct_in,
file_item->direct_in_len) ?
GPGME_PROTOCOL_CMS : GPGME_PROTOCOL_OpenPGP);
}
else
{
const char *filename = file_item->filename_in;
fd = gpa_open_input (filename, &data, GPA_OPERATION (op)->window);
if (fd == -1)
return FALSE;
gpgme_set_protocol (GPA_OPERATION (op)->context->ctx,
is_cms_file (filename) ?
GPGME_PROTOCOL_CMS : GPGME_PROTOCOL_OpenPGP);
}
/* Start importing one file. */
err = gpgme_op_import_start (GPA_OPERATION (op)->context->ctx, data);
if (err)
{
gpa_gpgme_warning (err);
return FALSE;
}
/* Show and update the progress dialog */
gtk_widget_show_all (GPA_FILE_OPERATION (op)->progress_dialog);
gpa_progress_dialog_set_label (GPA_PROGRESS_DIALOG
(GPA_FILE_OPERATION (op)->progress_dialog),
file_item->direct_name
? file_item->direct_name
: file_item->filename_in);
return TRUE;
}
static void
first_half_done_cb (GpaContext *context, gpg_error_t err,
GpaKeyTable *keytable)
{
if (keytable->did_first_half || !cms_hack)
{
/* We are here for the second time and thus we continue with the
real done handler. We do this also if the CMS_HACK has not
been enabled. We reset the protocol to OpenPGP because some
old code might assume that it is in OpenPGP mode. */
keytable->fpr = NULL; /* Not needed anymore. */
gpgme_set_protocol (keytable->context->ctx, GPGME_PROTOCOL_OpenPGP);
done_cb (context, err, keytable);
return;
}
/* Now continue with a key listing for X.509 keys but save the error
of the the PGP key listing. */
keytable->first_half_err = err;
keytable->did_first_half = 1;
gpgme_set_protocol (context->ctx, GPGME_PROTOCOL_CMS);
err = gpgme_op_keylist_start (keytable->context->ctx,
keytable->fpr,
keytable->secret);
keytable->fpr = NULL; /* Not needed anymore. */
if (err)
{
if (keytable->first_half_err)
gpa_gpgme_warning (keytable->first_half_err);
if ((gpg_err_code (err) == GPG_ERR_INV_ENGINE
|| gpg_err_code (err) == GPG_ERR_UNSUPPORTED_PROTOCOL)
&& gpg_err_source (err) == GPG_ERR_SOURCE_GPGME)
{
if (gpg_err_code (err) == GPG_ERR_UNSUPPORTED_PROTOCOL)
g_message ("Note: Please check libgpgme has "
"been build with support for CMS");
gpa_window_error
(_("It seems that no CMS engine is installed.\n\n"
"Temporary disabling support for X.509.\n\n"
"Please install a CMS engine or invoke this program\n"
"with the option --disable-x509 ."), NULL);
cms_hack = 0;
err = 0;
}
else
gpa_gpgme_warning (err);
if (keytable->end)
{
keytable->end (keytable->data);
}
}
}
gboolean sgpgme_has_secret_key(void)
{
gpgme_error_t err = 0;
gpgme_ctx_t ctx;
gpgme_key_t key;
err = gpgme_new (&ctx);
if (err) {
debug_print("err : %s\n", gpgme_strerror(err));
return TRUE;
}
check_again:
err = gpgme_op_keylist_start(ctx, NULL, TRUE);
if (!err)
err = gpgme_op_keylist_next(ctx, &key);
gpgme_op_keylist_end(ctx);
if (gpg_err_code(err) == GPG_ERR_EOF) {
if (gpgme_get_protocol(ctx) != GPGME_PROTOCOL_CMS) {
gpgme_set_protocol(ctx, GPGME_PROTOCOL_CMS);
goto check_again;
}
gpgme_release(ctx);
return FALSE;
} else {
gpgme_release(ctx);
return TRUE;
}
}
/**
* g_mime_pkcs7_context_new:
* @request_passwd: a #GMimePasswordRequestFunc
*
* Creates a new pkcs7 crypto context object.
*
* Returns: (transfer full): a new pkcs7 crypto context object.
**/
GMimeCryptoContext *
g_mime_pkcs7_context_new (GMimePasswordRequestFunc request_passwd)
{
#ifdef ENABLE_SMIME
GMimeCryptoContext *crypto;
GMimePkcs7Context *pkcs7;
gpgme_ctx_t ctx;
/* make sure GpgMe supports the CMS protocols */
if (gpgme_engine_check_version (GPGME_PROTOCOL_CMS) != GPG_ERR_NO_ERROR)
return NULL;
/* create the GpgMe context */
if (gpgme_new (&ctx) != GPG_ERR_NO_ERROR)
return NULL;
pkcs7 = g_object_newv (GMIME_TYPE_PKCS7_CONTEXT, 0, NULL);
gpgme_set_passphrase_cb (ctx, pkcs7_passphrase_cb, pkcs7);
gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
pkcs7->priv->ctx = ctx;
crypto = (GMimeCryptoContext *) pkcs7;
crypto->request_passwd = request_passwd;
return crypto;
#else
return NULL;
#endif /* ENABLE_SMIME */
}
void GPGWrapper::init()
{
if (initialized)
return;
initialized = true;
gpgme_check_version(NULL);
setlocale(LC_ALL, "");
gpgme_set_locale(NULL, LC_CTYPE, setlocale(LC_CTYPE, NULL));
#ifdef LC_MESSAGES
gpgme_set_locale(NULL, LC_MESSAGES, setlocale(LC_MESSAGES, NULL));
#endif
gpgme_error_t error = gpgme_new(&context);
fail_if_err(error, L"Nie uda³o siê zainicjowaæ kontekstu GPG.");
gpgme_set_textmode(context, 1);
gpgme_set_armor(context, 1);
error = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
fail_if_err(error, L"Nie zainstalowano OpenPGP.");
error = gpgme_set_protocol(context, GPGME_PROTOCOL_OpenPGP);
fail_if_err(error, L"Nie uda³o siê ustawiæ OpenPGP.");
privateKey = getPrivateKey(privateKeyId.c_str());
error = gpgme_signers_add(context, privateKey);
fail_if_err(error, L"Nie uda³o siê ustawiæ klucza prywatnego.");
}
/*
* create a GpgME context for the passed protocol
*/
static gpgme_error_t
gpgme_new_with_protocol(gpgme_ctx_t * ctx, gpgme_protocol_t protocol,
GtkWindow * parent, GError ** error)
{
gpgme_error_t err;
/* create the GpgME context */
if ((err = gpgme_new(ctx)) != GPG_ERR_NO_ERROR) {
g_set_error_from_gpgme(error, err, _("could not create context"));
} else {
if ((err = gpgme_set_protocol(*ctx, protocol)) != GPG_ERR_NO_ERROR) {
gchar *errmsg =
g_strdup_printf(_("could not set protocol '%s'"),
gpgme_get_protocol_name(protocol));
g_set_error_from_gpgme(error, err, errmsg);
g_free(errmsg);
gpgme_release(*ctx);
} else {
if (protocol == GPGME_PROTOCOL_OpenPGP)
gpgme_set_passphrase_cb(*ctx, gpgme_passphrase_cb, parent);
}
}
return err;
}
/* Created a detached signature for INDATA and write it to OUTDATA.
On termination of the signing command engine_private_finished() is
called with FILTER as the first argument. */
int
op_gpgme_sign (protocol_t protocol,
gpgme_data_t indata, gpgme_data_t outdata,
engine_filter_t filter, void *hwnd)
{
gpg_error_t err;
closure_data_t cld;
gpgme_ctx_t ctx = NULL;
gpgme_key_t sign_key = NULL;
(void)hwnd;
if (signer_dialog_box (&sign_key, NULL, 0) == -1)
{
log_debug ("%s:%s: leave (dialog failed)\n", SRCNAME, __func__);
return gpg_error (GPG_ERR_CANCELED);
}
cld = xcalloc (1, sizeof *cld);
cld->closure = sign_closure;
cld->filter = filter;
err = gpgme_new (&ctx);
if (err)
goto leave;
gpgme_set_progress_cb (ctx, NULL, cld);
switch (protocol)
{
case PROTOCOL_OPENPGP: /* Gpgme's default. */
break;
case PROTOCOL_SMIME:
err = gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
break;
default:
err = gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
break;
}
if (err)
goto leave;
gpgme_set_armor (ctx, 1);
gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &cld->pw_cb);
cld->pw_cb.ctx = ctx;
cld->pw_cb.ttl = opt.passwd_ttl;
err = gpgme_signers_add (ctx, sign_key);
if (!err)
err = gpgme_op_sign_start (ctx, indata, outdata, GPGME_SIG_MODE_DETACH);
leave:
if (err)
{
xfree (cld);
gpgme_release (ctx);
}
else
engine_private_set_cancel (filter, ctx);
gpgme_key_unref (sign_key);
return err;
}
char *gpg_decrypt_msg(const char *data, long *plain_size) {
gpgme_ctx_t ctx;
gpgme_error_t err;
size_t n = 0;
char *temp, *str, *msg;
gpgme_data_t plain, cipher;
msg = add_gpg_headers(data);
if (!msg) {
return 0;
}
err = gpgme_new(&ctx);
if (err) {
return 0;
}
gpgme_set_protocol(ctx, GPGME_PROTOCOL_OpenPGP);
gpgme_set_armor(ctx, 1);
// char *p = getenv("GPG_AGENT_INFO");
// if (p) {
// log_write("GPG_AGENT_INFO: %s\n", p);
// } else {
// setenv("GPG_AGENT_INFO", "/tmp/gpg-3FhMq6/S.gpg-agent:22765:1", 1);
// log_write("NO GPG AGENT INFO FOUND\n");
// }
gpgme_set_passphrase_cb(ctx, &passphrase_cb, 0);
gpgme_data_new_from_mem(&cipher, msg, strlen(msg), 0);
gpgme_data_new(&plain);
err = gpgme_op_decrypt(ctx, cipher, plain);
gpgme_decrypt_result_t res = gpgme_op_decrypt_result(ctx);
gpgme_recipient_t recipient = res->recipients;
while (recipient) {
log_write(">>> recipient keyid: %s\n", recipient->keyid);
recipient = recipient->next;
}
gpgme_data_release(cipher);
free(msg);
if (err) {
log_write("gpgme_op_decrypt error: %s\n", gpgme_strerror(err));
gpgme_data_release(plain);
gpgme_release(ctx);
return 0;
}
temp = gpgme_data_release_and_get_mem(plain, &n);
if (!temp) {
gpgme_release(ctx);
return 0;
}
*plain_size = n;
str = strndup(temp, n);
free(temp);
gpgme_release(ctx);
return str;
}
QalfCrypto::QalfCrypto() {
gpgme_error_t result = gpgme_new(&context) ;
Q_ASSERT(result == GPG_ERR_NO_ERROR) ;
result = gpgme_set_protocol(context,GPGME_PROTOCOL_OpenPGP) ;
Q_ASSERT(result == GPG_ERR_NO_ERROR) ;
gpgme_set_armor(context,1) ;
gpgme_set_textmode(context,1) ;
}
/* Decrypt data from INDATA to OUTDATE. If WITH_VERIFY is set, a
signature of PGP/MIME combined message is also verified the same
way as with op_gpgme_verify. */
int
op_gpgme_decrypt (protocol_t protocol,
gpgme_data_t indata, gpgme_data_t outdata,
engine_filter_t filter, void *hwnd,
int with_verify)
{
gpgme_error_t err;
closure_data_t cld;
gpgme_ctx_t ctx = NULL;
(void)hwnd;
cld = xcalloc (1, sizeof *cld);
cld->closure = decrypt_closure;
cld->filter = filter;
cld->with_verify = with_verify;
err = gpgme_new (&ctx);
if (err)
goto leave;
gpgme_set_progress_cb (ctx, NULL, cld);
switch (protocol)
{
case PROTOCOL_OPENPGP: /* Gpgme's default. */
break;
case PROTOCOL_SMIME:
err = gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
break;
default:
err = gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
break;
}
if (err)
goto leave;
/* Note: We do no error checking for the next call because some
backends may not implement a command hanler at all. */
gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &cld->pw_cb);
cld->pw_cb.ctx = ctx;
if (with_verify)
err = gpgme_op_decrypt_verify_start (ctx, indata, outdata);
else
err = gpgme_op_decrypt_start (ctx, indata, outdata);
leave:
if (err)
{
xfree (cld);
gpgme_release (ctx);
}
else
engine_private_set_cancel (filter, ctx);
return err;
}
char checkSignature(char *path, struct memory_identifier *memory)
{
gpgme_ctx_t context;
gpgme_error_t err;
gpgme_data_t signature, iso;
FILE *file = fopen(path, "r");
if (file == NULL) {
fprintf(stderr, "File %s not found!\n", path);
fatal("Unable to open file!\n");
}
gpgme_check_version(NULL);
err = gpgme_new(&context);
switch (err) {
case GPG_ERR_NO_ERROR:
break;
case GPG_ERR_ENOMEM:
fatal("There is not enough memory available to initialize gpgme. Aborting...\n");
default:
break;
}
gpgme_set_protocol(context, GPGME_PROTOCOL_OpenPGP);
err = gpgme_data_new_from_stream(&iso, file);
if (err == GPG_ERR_ENOMEM)
fatal("There was not enough memory to crate a new data buffer for gpgme. Aborting...\n");
err = gpgme_ctx_set_engine_info(context, GPGME_PROTOCOL_OpenPGP, "/usr/bin/gpg",
"/etc/pacman.d/gnupg/");
if (err != GPG_ERR_NO_ERROR) {
printf("Something went wrong while setting the engine info.\n");
return 1;
}
err = gpgme_data_new_from_mem(&signature, memory->chunk, memory->length, 1);
if (err == GPG_ERR_ENOMEM)
fatal("There was not enough memory to crate a new data buffer for gpgme. Aborting...\n");
err = gpgme_op_verify(context, signature, iso, NULL);
if (err == GPG_ERR_NO_ERROR)
return 0;
else
return 1;
}
char *gpg_encrypt_msg(const char *msg, const char *fpr) {
gpgme_ctx_t ctx;
gpgme_data_t plain, cipher;
gpgme_error_t err;
char *temp, *str;
char *ret = 0;
gpgme_key_t key_arr[2] = {0, 0};
size_t n = 0;
err = gpgme_new(&ctx);
if (err) {
return 0;
}
gpgme_set_protocol(ctx, GPGME_PROTOCOL_OpenPGP);
gpgme_set_armor(ctx, 1);
err = gpgme_get_key(ctx, fpr, &key_arr[0], 0);
if (err) {
gpgme_release(ctx);
return 0;
}
err = gpgme_data_new_from_mem(&plain, msg, strlen(msg), 0);
if (err) {
goto end;
}
gpgme_data_new(&cipher);
err = gpgme_op_encrypt(ctx, key_arr, GPGME_ENCRYPT_ALWAYS_TRUST, plain, cipher);
gpgme_data_release(plain);
if (err) {
gpgme_data_release(cipher);
goto end;
}
temp = gpgme_data_release_and_get_mem(cipher, &n);
if (!temp) {
goto end;
}
str = strndup(temp, n);
gpgme_free(temp);
if (!str) {
goto end;
}
ret = drop_gpg_headers(str);
free(str);
end:
gpgme_key_unref(key_arr[0]);
gpgme_release(ctx);
return ret;
}
/* Verify a detached message where the data is in the gpgme object
DATA and the signature given as the string SIGNATUEE. */
int
op_gpgme_verify (gpgme_protocol_t protocol,
gpgme_data_t data, const char *signature, size_t sig_len,
engine_filter_t filter, void *hwnd)
{
gpgme_error_t err;
closure_data_t cld;
gpgme_ctx_t ctx = NULL;
gpgme_data_t sigobj = NULL;
(void)hwnd;
cld = xcalloc (1, sizeof *cld);
cld->closure = verify_closure;
cld->filter = filter;
err = gpgme_new (&ctx);
if (err)
goto leave;
gpgme_set_progress_cb (ctx, NULL, cld);
switch (protocol)
{
case PROTOCOL_OPENPGP: /* Gpgme's default. */
break;
case PROTOCOL_SMIME:
err = gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
break;
default:
err = gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
break;
}
if (err)
goto leave;
err = gpgme_data_new_from_mem (&sigobj, signature, sig_len, 0);
if (err)
goto leave;
cld->sigobj = sigobj;
err = gpgme_op_verify_start (ctx, sigobj, data, NULL);
leave:
if (err)
{
gpgme_data_release (sigobj);
xfree (cld);
gpgme_release (ctx);
}
else
engine_private_set_cancel (filter, ctx);
return err;
}
int
main (int argc, char *argv[])
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t out;
const char *pattern1[] = { "DFN Top Level Certification Authority", NULL };
const char *pattern2[] = { "3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E",
"DFN Server Certification Authority",
NULL };
init_gpgme (GPGME_PROTOCOL_CMS);
err = gpgme_new (&ctx);
fail_if_err (err);
gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
gpgme_set_armor (ctx, 1);
/* Check exporting of one certificate. */
err = gpgme_data_new (&out);
fail_if_err (err);
err = gpgme_op_export_ext (ctx, pattern1, 0, out);
fail_if_err (err);
fflush (NULL);
fputs ("Begin Result:\n", stdout);
print_data (out);
fputs ("End Result.\n", stdout);
gpgme_data_release (out);
/* Check exporting of 2 certificates. */
err = gpgme_data_new (&out);
fail_if_err (err);
err = gpgme_op_export_ext (ctx, pattern2, 0, out);
fail_if_err (err);
fflush (NULL);
fputs ("Begin Result:\n", stdout);
print_data (out);
fputs ("End Result.\n", stdout);
gpgme_data_release (out);
gpgme_release (ctx);
return 0;
}
void crypto_asym::build_context()
{
#if GPGME_SUPPORT
gpgme_error_t err = gpgme_new(&context);
if(gpgme_err_code(err) != GPG_ERR_NO_ERROR)
throw Erange("crypto_asym::crypto_asym", string(gettext("Failed creating GPGME context: ")) + tools_gpgme_strerror_r(err));
err = gpgme_set_protocol(context, GPGME_PROTOCOL_OpenPGP);
if(gpgme_err_code(err) != GPG_ERR_NO_ERROR)
throw Erange("crypto_asym::crypto_asym", string(gettext("Failed setting GPGME context with OpenPGP protocol: ")) + tools_gpgme_strerror_r(err));
gpgme_set_passphrase_cb(context, read_passphrase, (void *)this);
#endif
}
int
main (int argc, char **argv)
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t sig, text;
gpgme_verify_result_t result;
init_gpgme (GPGME_PROTOCOL_CMS);
err = gpgme_new (&ctx);
fail_if_err (err);
gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
/* Checking a valid message. */
err = gpgme_data_new_from_mem (&text, test_text1, strlen (test_text1), 0);
fail_if_err (err);
err = gpgme_data_new_from_mem (&sig, test_sig1, strlen (test_sig1), 0);
fail_if_err (err);
err = gpgme_op_verify (ctx, sig, text, NULL);
fail_if_err (err);
result = gpgme_op_verify_result (ctx);
check_result (result, GPGME_SIGSUM_VALID | GPGME_SIGSUM_GREEN,
"3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E",
GPG_ERR_NO_ERROR, GPGME_VALIDITY_FULL);
show_auditlog (ctx);
/* Checking a manipulated message. */
gpgme_data_release (text);
err = gpgme_data_new_from_mem (&text, test_text1f, strlen (test_text1f), 0);
fail_if_err (err);
gpgme_data_seek (sig, 0, SEEK_SET);
err = gpgme_op_verify (ctx, sig, text, NULL);
fail_if_err (err);
result = gpgme_op_verify_result (ctx);
check_result (result, GPGME_SIGSUM_RED,
"3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E",
GPG_ERR_BAD_SIGNATURE, GPGME_VALIDITY_UNKNOWN);
show_auditlog (ctx);
gpgme_data_release (text);
gpgme_data_release (sig);
gpgme_release (ctx);
return got_errors? 1 : 0;
}
static void
gpa_card_manager_init (GTypeInstance *instance, void *class_ptr)
{
GpaCardManager *cardman = GPA_CARD_MANAGER (instance);
gpg_error_t err;
char *fname;
cardman->cardtype = G_TYPE_NONE;
cardman->cardtypename = "Unknown";
update_title (cardman);
construct_widgets (cardman);
g_signal_connect (cardman, "destroy",
G_CALLBACK (card_manager_closed), cardman);
/* We use the file watcher to speed up card change detection. If it
does not work (i.e. on non Linux based systems) the ticker takes
care of it. */
fname = g_build_filename (gnupg_homedir, "reader_0.status", NULL);
cardman->watch = gpa_add_filewatch (fname, "w", watcher_cb, cardman);
xfree (fname);
err = gpgme_new (&cardman->gpgagent);
if (err)
gpa_gpgme_error (err);
err = gpgme_set_protocol (cardman->gpgagent, GPGME_PROTOCOL_ASSUAN);
if (err)
{
if (gpg_err_code (err) == GPG_ERR_INV_VALUE)
gpa_window_error (_("The GPGME library is too old to "
"support smartcards."), NULL);
else
gpa_gpgme_warning (err);
gpgme_release (cardman->gpgagent);
cardman->gpgagent = NULL;
}
setup_app_selector (cardman);
if (cardman->app_selector)
g_signal_connect (cardman->app_selector, "changed",
G_CALLBACK (app_selector_changed_cb), cardman);
}
/*
* Setting the signers and the protocol for the context. The protocol
* to use is derived from the keys. An errro will be displayed if the
* selected keys are not all of one protocol.
*/
static gboolean
set_signers (GpaFileSignOperation *op, GList *signers)
{
GList *cur;
gpg_error_t err;
gpgme_protocol_t protocol = GPGME_PROTOCOL_UNKNOWN;
gpgme_signers_clear (GPA_OPERATION (op)->context->ctx);
if (!signers)
{
/* Can't happen */
gpa_window_error (_("You didn't select any key for signing"),
GPA_OPERATION (op)->window);
return FALSE;
}
for (cur = signers; cur; cur = g_list_next (cur))
{
gpgme_key_t key = cur->data;
if (protocol == GPGME_PROTOCOL_UNKNOWN)
protocol = key->protocol;
else if (key->protocol != protocol)
{
/* Should not happen because the selection dialog should
have not allowed to select different key types. */
gpa_window_error
(_("The selected certificates are not all of the same type."
" That is, you mixed OpenPGP and X.509 certificates."
" Please make sure to select only certificates of the"
" same type."),
GPA_OPERATION (op)->window);
return FALSE;
}
}
gpgme_set_protocol (GPA_OPERATION (op)->context->ctx, protocol);
for (cur = signers; cur; cur = g_list_next (cur))
{
gpgme_key_t key = cur->data;
err = gpgme_signers_add (GPA_OPERATION (op)->context->ctx, key);
if (err)
gpa_gpgme_error (err);
}
return TRUE;
}
int
main (int argc, char *argv[])
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t in, out;
gpgme_sign_result_t result;
init_gpgme (GPGME_PROTOCOL_CMS);
err = gpgme_new (&ctx);
fail_if_err (err);
gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
gpgme_set_textmode (ctx, 1);
gpgme_set_armor (ctx, 1);
err = gpgme_data_new_from_mem (&in, "Hallo Leute!\n", 13, 0);
fail_if_err (err);
/* First a normal signature. */
err = gpgme_data_new (&out);
fail_if_err (err);
err = gpgme_op_sign (ctx, in, out, GPGME_SIG_MODE_NORMAL);
fail_if_err (err);
result = gpgme_op_sign_result (ctx);
check_result (result, GPGME_SIG_MODE_NORMAL);
print_data (out);
gpgme_data_release (out);
/* Now a detached signature. */
gpgme_data_seek (in, 0, SEEK_SET);
err = gpgme_data_new (&out);
fail_if_err (err);
err = gpgme_op_sign (ctx, in, out, GPGME_SIG_MODE_DETACH);
fail_if_err (err);
result = gpgme_op_sign_result (ctx);
check_result (result, GPGME_SIG_MODE_DETACH);
print_data (out);
gpgme_data_release (out);
gpgme_data_release (in);
gpgme_release (ctx);
return 0;
}
int setup(gpgme_ctx_t* ctx)
{
char *p;
gpgme_error_t err;
gpgme_engine_info_t enginfo;
setlocale (LC_ALL, "");
p = (char *) gpgme_check_version(NULL);
printf("version=%s\n",p);
/* set locale, because tests do also */
gpgme_set_locale(NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL));
/* check for OpenPGP support */
err = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
if(err != GPG_ERR_NO_ERROR) return 1;
p = (char *) gpgme_get_protocol_name(GPGME_PROTOCOL_OpenPGP);
printf("Protocol name: %s\n",p);
/* get engine information */
err = gpgme_get_engine_info(&enginfo);
if(err != GPG_ERR_NO_ERROR) return 2;
printf("file=%s, home=%s\n",enginfo->file_name,enginfo->home_dir);
/* create our own context */
err = gpgme_new(ctx);
if(err != GPG_ERR_NO_ERROR) return 3;
/* set protocol to use in our context */
err = gpgme_set_protocol(*ctx,GPGME_PROTOCOL_OpenPGP);
if(err != GPG_ERR_NO_ERROR) return 4;
/* set engine info in our context; I changed it for ceof like this:
err = gpgme_ctx_set_engine_info (*ctx, GPGME_PROTOCOL_OpenPGP,
"/usr/bin/gpg","/home/user/nico/.ceof/gpg/");
but I'll use standard values for this example: */
err = gpgme_ctx_set_engine_info (*ctx, GPGME_PROTOCOL_OpenPGP,
enginfo->file_name,enginfo->home_dir);
if(err != GPG_ERR_NO_ERROR) return 5;
return 0;
}
int gpg_list_keys(key_entry_t **head) {
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_keylist_mode_t mode = 0;
*head = 0;
err = gpgme_new(&ctx);
if (err) {
return 0;
}
gpgme_set_protocol(ctx, GPGME_PROTOCOL_OpenPGP);
gpgme_set_keylist_mode(ctx, mode);
err = gpgme_op_keylist_start(ctx, 0, 0);
if (err) {
return 0;
}
int count = 0;
key_entry_t *key_entry_prev = 0;
while (1) {
gpgme_key_t key;
err = gpgme_op_keylist_next(ctx, &key);
if (err) {
break;
}
key_entry_t *key_entry = g_new(key_entry_t, 1);
key_entry->next = 0;
key_entry->key = key;
if (key_entry_prev)
key_entry_prev->next = key_entry;
key_entry_prev = key_entry;
if (!*head) *head = key_entry;
++count;
}
gpgme_op_keylist_end(ctx);
gpgme_release(ctx);
return count;
}
static int
pygpgme_context_set_protocol(PyGpgmeContext *self, PyObject *value)
{
gpgme_protocol_t protocol;
if (value == NULL) {
PyErr_SetString(PyExc_AttributeError, "Can not delete attribute");
return -1;
}
protocol = PyInt_AsLong(value);
if (PyErr_Occurred())
return -1;
if (pygpgme_check_error(gpgme_set_protocol(self->ctx, protocol)))
return -1;
return 0;
}
int
main (int argc, char **argv)
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t in;
gpgme_import_result_t result;
char *cert_1 = make_filename ("cert_dfn_pca01.der");
char *cert_2 = make_filename ("cert_dfn_pca15.der");
init_gpgme (GPGME_PROTOCOL_CMS);
err = gpgme_new (&ctx);
fail_if_err (err);
gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
err = gpgme_data_new_from_file (&in, cert_1, 1);
free (cert_1);
fail_if_err (err);
err = gpgme_op_import (ctx, in);
fail_if_err (err);
result = gpgme_op_import_result (ctx);
check_result (result, "DFA56FB5FC41E3A8921F77AD1622EEFD9152A5AD", 1, 1);
gpgme_data_release (in);
err = gpgme_data_new_from_file (&in, cert_2, 1);
free (cert_2);
fail_if_err (err);
err = gpgme_op_import (ctx, in);
fail_if_err (err);
result = gpgme_op_import_result (ctx);
check_result (result, "2C8F3C356AB761CB3674835B792CDA52937F9285", 1, 2);
gpgme_data_release (in);
gpgme_release (ctx);
return 0;
}
void CGPGHelper::Start()
{
#ifdef HAVE_LIBGPGME
char buf[MAX_LINE_LEN];
snprintf(buf, MAX_LINE_LEN, "%s/licq_gpg.conf", BASE_DIR);
mKeysIni.LoadFile(buf);
mKeysIni.SetSection("gpg");
mKeysIni.ReadStr("passphrase", buf); mGPGPassphrase = strdup(buf);
const char *gpgme_ver = gpgme_check_version(0);
gLog.Info("%s[GPG] gpgme library found: %s\n", L_INITxSTR, gpgme_ver);
if (gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP) != GPG_ERR_NO_ERROR)
gLog.Error("%s[GPG] gpgme engine OpenPGP not found!\n", L_ERRORxSTR);
gpgme_new(&mCtx);
gpgme_set_protocol(mCtx, GPGME_PROTOCOL_OpenPGP);
gpgme_set_armor(mCtx, 1);
gpgme_set_passphrase_cb(mCtx, PassphraseCallback, 0);
#endif
}
retvalue signature_init(bool allowpassphrase){
#ifdef HAVE_LIBGPGME
gpg_error_t err;
if (context != NULL)
return RET_NOTHING;
gpgme_check_version(NULL);
err = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
if (err != 0)
return gpgerror(err);
err = gpgme_new(&context);
if (err != 0)
return gpgerror(err);
err = gpgme_set_protocol(context, GPGME_PROTOCOL_OpenPGP);
if (err != 0)
return gpgerror(err);
if (allowpassphrase)
gpgme_set_passphrase_cb(context, signature_getpassphrase,
NULL);
gpgme_set_armor(context, 1);
#endif /* HAVE_LIBGPGME */
return RET_OK;
}
int
main (int argc, char **argv)
{
gpgme_error_t err;
gpgme_error_t op_err;
gpgme_ctx_t ctx;
const char *command;
gpgme_check_version (NULL);
#ifndef HAVE_W32_SYSTEM
setlocale (LC_ALL, "");
gpgme_set_locale (NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL));
gpgme_set_locale (NULL, LC_MESSAGES, setlocale (LC_MESSAGES, NULL));
#endif
if (argc)
{
argc--;
argv++;
}
command = argc? *argv : "NOP";
err = gpgme_new (&ctx);
fail_if_err (err);
err = gpgme_set_protocol (ctx, GPGME_PROTOCOL_ASSUAN);
fail_if_err (err);
err = gpgme_op_assuan_transact_ext (ctx, command, data_cb, NULL,
inq_cb, NULL, status_cb, NULL, &op_err);
fail_if_err (err || op_err);
gpgme_release (ctx);
return 0;
}
static void
reload_cache (GpaKeyTable *keytable, const char *fpr)
{
gpg_error_t err;
/* We select the Open PGP protocol here. At the end
first_half_done_cb will do another keylist_start for X,509. */
keytable->did_first_half = 0;
keytable->first_half_err = 0;
keytable->fpr = fpr;
gpgme_set_protocol (keytable->context->ctx, GPGME_PROTOCOL_OpenPGP);
err = gpgme_op_keylist_start (keytable->context->ctx, fpr,
keytable->secret);
if (gpg_err_code (err) != GPG_ERR_NO_ERROR)
{
gpa_gpgme_warning (err);
if (keytable->end)
{
keytable->end (keytable->data);
}
return;
}
keytable->tmp_list = NULL;
}
static gpgme_key_t
fill_clist (struct select_keys_s *sk, const char *pattern, gpgme_protocol_t proto)
{
GtkCMCList *clist;
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_key_t key;
int running=0;
int num_results = 0;
gboolean exact_match = FALSE;
gpgme_key_t last_key = NULL;
gpgme_user_id_t last_uid = NULL;
cm_return_val_if_fail (sk, NULL);
clist = sk->clist;
cm_return_val_if_fail (clist, NULL);
debug_print ("select_keys:fill_clist: pattern '%s' proto %d\n", pattern, proto);
/*gtk_cmclist_freeze (select_keys.clist);*/
err = gpgme_new (&ctx);
g_assert (!err);
gpgme_set_protocol(ctx, proto);
sk->select_ctx = ctx;
update_progress (sk, ++running, pattern);
while (gtk_events_pending ())
gtk_main_iteration ();
err = gpgme_op_keylist_start (ctx, pattern, 0);
if (err) {
debug_print ("** gpgme_op_keylist_start(%s) failed: %s",
pattern, gpgme_strerror (err));
sk->select_ctx = NULL;
gpgme_release(ctx);
return NULL;
}
update_progress (sk, ++running, pattern);
while ( !(err = gpgme_op_keylist_next ( ctx, &key )) ) {
gpgme_user_id_t uid = key->uids;
if (!key->can_encrypt || key->revoked || key->expired || key->disabled)
continue;
debug_print ("%% %s:%d: insert\n", __FILE__ ,__LINE__ );
set_row (clist, key, proto );
for (; uid; uid = uid->next) {
gchar *raw_mail = NULL;
if (!uid->email)
continue;
if (uid->revoked || uid->invalid)
continue;
raw_mail = g_strdup(uid->email);
extract_address(raw_mail);
if (!strcasecmp(pattern, raw_mail)) {
exact_match = TRUE;
last_uid = uid;
g_free(raw_mail);
break;
}
g_free(raw_mail);
}
num_results++;
last_key = key;
key = NULL;
update_progress (sk, ++running, pattern);
while (gtk_events_pending ())
gtk_main_iteration ();
}
if (exact_match == TRUE && num_results == 1) {
if (last_key->uids->validity < GPGME_VALIDITY_FULL &&
!use_untrusted(last_key, last_uid, proto))
exact_match = FALSE;
}
debug_print ("%% %s:%d: ready\n", __FILE__ ,__LINE__ );
if (gpgme_err_code(err) != GPG_ERR_EOF) {
debug_print ("** gpgme_op_keylist_next failed: %s",
gpgme_strerror (err));
gpgme_op_keylist_end(ctx);
}
if (!exact_match || num_results != 1) {
sk->select_ctx = NULL;
gpgme_release (ctx);
}
/*gtk_cmclist_thaw (select_keys.clist);*/
return (exact_match == TRUE && num_results == 1 ? last_key:NULL);
}
gboolean
lr_gpg_check_signature_fd(int signature_fd,
int data_fd,
const char *home_dir,
GError **err)
{
gpgme_error_t gpgerr;
gpgme_ctx_t context;
gpgme_data_t signature_data;
gpgme_data_t data_data;
gpgme_verify_result_t result;
gpgme_signature_t sig;
assert(!err || *err == NULL);
// Initialization
gpgme_check_version(NULL);
gpgerr = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_engine_check_version: %s",
__func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGNOTSUPPORTED,
"gpgme_engine_check_version() error: %s",
gpgme_strerror(gpgerr));
return FALSE;
}
gpgerr = gpgme_new(&context);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_new: %s", __func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_new() error: %s", gpgme_strerror(gpgerr));
return FALSE;
}
gpgerr = gpgme_set_protocol(context, GPGME_PROTOCOL_OpenPGP);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_set_protocol: %s", __func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_set_protocol() error: %s", gpgme_strerror(gpgerr));
gpgme_release(context);
return FALSE;
}
if (home_dir) {
gpgerr = gpgme_ctx_set_engine_info(context, GPGME_PROTOCOL_OpenPGP,
NULL, home_dir);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_ctx_set_engine_info: %s", __func__,
gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_ctx_set_engine_info() error: %s",
gpgme_strerror(gpgerr));
gpgme_release(context);
return FALSE;
}
}
gpgme_set_armor(context, 1);
gpgerr = gpgme_data_new_from_fd(&signature_data, signature_fd);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_data_new_from_fd: %s",
__func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_data_new_from_fd(_, %d) error: %s",
signature_fd, gpgme_strerror(gpgerr));
gpgme_release(context);
return FALSE;
}
gpgerr = gpgme_data_new_from_fd(&data_data, data_fd);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_data_new_from_fd: %s",
__func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_data_new_from_fd(_, %d) error: %s",
data_fd, gpgme_strerror(gpgerr));
gpgme_data_release(signature_data);
gpgme_release(context);
return FALSE;
}
// Verify
gpgerr = gpgme_op_verify(context, signature_data, data_data, NULL);
gpgme_data_release(signature_data);
gpgme_data_release(data_data);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_op_verify: %s", __func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_op_verify() error: %s", gpgme_strerror(gpgerr));
gpgme_release(context);
return FALSE;
}
result = gpgme_op_verify_result(context);
if (!result) {
g_debug("%s: gpgme_op_verify_result: error", __func__);
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_op_verify_result() error: %s",
gpgme_strerror(gpgerr));
gpgme_release(context);
return FALSE;
}
// Check result of verification
sig = result->signatures;
if(!sig) {
g_debug("%s: signature verify error (no signatures)", __func__);
g_set_error(err, LR_GPG_ERROR, LRE_BADGPG,
"Signature verify error - no signatures");
gpgme_release(context);
return FALSE;
}
// Example of signature usage could be found in gpgme git repository
// in the gpgme/tests/run-verify.c
for (; sig; sig = sig->next) {
if ((sig->summary & GPGME_SIGSUM_VALID) || // Valid
(sig->summary & GPGME_SIGSUM_GREEN) || // Valid
(sig->summary == 0 && sig->status == GPG_ERR_NO_ERROR)) // Valid but key is not certified with a trusted signature
{
gpgme_release(context);
return TRUE;
}
}
gpgme_release(context);
g_debug("%s: Bad GPG signature", __func__);
g_set_error(err, LR_GPG_ERROR, LRE_BADGPG, "Bad GPG signature");
return FALSE;
}
gboolean
lr_gpg_import_key(const char *key_fn, const char *home_dir, GError **err)
{
gpgme_error_t gpgerr;
int key_fd;
gpgme_ctx_t context;
gpgme_data_t key_data;
assert(!err || *err == NULL);
// Initialization
gpgme_check_version(NULL);
gpgerr = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_engine_check_version: %s",
__func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGNOTSUPPORTED,
"gpgme_engine_check_version() error: %s",
gpgme_strerror(gpgerr));
return FALSE;
}
gpgerr = gpgme_new(&context);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_new: %s", __func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_new() error: %s", gpgme_strerror(gpgerr));
return FALSE;
}
gpgerr = gpgme_set_protocol(context, GPGME_PROTOCOL_OpenPGP);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_set_protocol: %s", __func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_set_protocol() error: %s", gpgme_strerror(gpgerr));
gpgme_release(context);
return FALSE;
}
if (home_dir) {
gpgerr = gpgme_ctx_set_engine_info(context, GPGME_PROTOCOL_OpenPGP,
NULL, home_dir);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_ctx_set_engine_info: %s", __func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_ctx_set_engine_info() error: %s",
gpgme_strerror(gpgerr));
gpgme_release(context);
return FALSE;
}
}
gpgme_set_armor(context, 1);
// Key import
key_fd = open(key_fn, O_RDONLY);
if (key_fd == -1) {
g_debug("%s: Opening key: %s", __func__, strerror(errno));
g_set_error(err, LR_GPG_ERROR, LRE_IO,
"Error while opening key %s: %s",
key_fn, strerror(errno));
gpgme_release(context);
return FALSE;
}
gpgerr = gpgme_data_new_from_fd(&key_data, key_fd);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_data_new_from_fd: %s",
__func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_data_new_from_fd(_, %d) error: %s",
key_fd, gpgme_strerror(gpgerr));
gpgme_release(context);
close(key_fd);
return FALSE;
}
gpgerr = gpgme_op_import(context, key_data);
gpgme_data_release(key_data);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_op_import: %s", __func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_op_import() error: %s", gpgme_strerror(gpgerr));
gpgme_release(context);
close(key_fd);
return FALSE;
}
close(key_fd);
gpgme_release(context);
return TRUE;
}