static void geanypg_encrypt(encrypt_data * ed, gpgme_key_t * recp, int sign, int flags)
{ /* FACTORIZE */
gpgme_data_t plain, cipher;
gpgme_error_t err;
FILE * tempfile;
tempfile = tmpfile();
if (!(tempfile))
{
g_warning("%s: %s.", _("couldn't create tempfile"), strerror(errno));
return ;
}
gpgme_data_new_from_stream(&cipher, tempfile);
gpgme_data_set_encoding(cipher, GPGME_DATA_ENCODING_ARMOR);
geanypg_load_buffer(&plain);
/* do the actual encryption */
if (sign)
err = gpgme_op_encrypt_sign(ed->ctx, recp, flags, plain, cipher);
else
err = gpgme_op_encrypt(ed->ctx, recp, flags, plain, cipher);
if (err != GPG_ERR_NO_ERROR && gpgme_err_code(err) != GPG_ERR_CANCELED)
geanypg_show_err_msg(err);
else if(gpgme_err_code(err) != GPG_ERR_CANCELED)
{
rewind(tempfile);
geanypg_write_file(tempfile);
}
fclose(tempfile);
/* release buffers */
gpgme_data_release(plain);
gpgme_data_release(cipher);
}
static int
pkcs7_import_keys (GMimeCryptoContext *context, GMimeStream *istream, GError **err)
{
#ifdef ENABLE_SMIME
GMimePkcs7Context *ctx = (GMimePkcs7Context *) context;
Pkcs7Ctx *pkcs7 = ctx->priv;
gpgme_data_t keydata;
gpgme_error_t error;
if ((error = gpgme_data_new_from_cbs (&keydata, &pkcs7_stream_funcs, istream)) != GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not open input stream"));
return -1;
}
/* import the key(s) */
if ((error = gpgme_op_import (pkcs7->ctx, keydata)) != GPG_ERR_NO_ERROR) {
//printf ("import error (%d): %s\n", error & GPG_ERR_CODE_MASK, gpg_strerror (error));
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not import key data"));
gpgme_data_release (keydata);
return -1;
}
gpgme_data_release (keydata);
return 0;
#else
g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED, _("S/MIME support is not enabled in this build"));
return -1;
#endif /* ENABLE_SMIME */
}
static PyObject *
pygpgme_context_decrypt(PyGpgmeContext *self, PyObject *args)
{
PyObject *py_cipher, *py_plain;
gpgme_data_t cipher, plain;
gpgme_error_t err;
if (!PyArg_ParseTuple(args, "OO", &py_cipher, &py_plain))
return NULL;
if (pygpgme_data_new(&cipher, py_cipher)) {
return NULL;
}
if (pygpgme_data_new(&plain, py_plain)) {
gpgme_data_release(cipher);
return NULL;
}
Py_BEGIN_ALLOW_THREADS;
err = gpgme_op_decrypt(self->ctx, cipher, plain);
Py_END_ALLOW_THREADS;
gpgme_data_release(cipher);
gpgme_data_release(plain);
if (pygpgme_check_error(err)) {
decode_decrypt_result(self);
return NULL;
}
Py_RETURN_NONE;
}
static int
pkcs7_export_keys (GMimeCryptoContext *context, GPtrArray *keys, GMimeStream *ostream, GError **err)
{
#ifdef ENABLE_SMIME
GMimePkcs7Context *ctx = (GMimePkcs7Context *) context;
Pkcs7Ctx *pkcs7 = ctx->priv;
gpgme_data_t keydata;
gpgme_error_t error;
guint i;
if ((error = gpgme_data_new_from_cbs (&keydata, &pkcs7_stream_funcs, ostream)) != GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not open output stream"));
return -1;
}
/* export the key(s) */
for (i = 0; i < keys->len; i++) {
if ((error = gpgme_op_export (pkcs7->ctx, keys->pdata[i], 0, keydata)) != GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not export key data"));
gpgme_data_release (keydata);
return -1;
}
}
gpgme_data_release (keydata);
return 0;
#else
g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED, _("S/MIME support is not enabled in this build"));
return -1;
#endif /* ENABLE_SMIME */
}
char *gpg_decrypt_msg(const char *data, long *plain_size) {
gpgme_ctx_t ctx;
gpgme_error_t err;
size_t n = 0;
char *temp, *str, *msg;
gpgme_data_t plain, cipher;
msg = add_gpg_headers(data);
if (!msg) {
return 0;
}
err = gpgme_new(&ctx);
if (err) {
return 0;
}
gpgme_set_protocol(ctx, GPGME_PROTOCOL_OpenPGP);
gpgme_set_armor(ctx, 1);
// char *p = getenv("GPG_AGENT_INFO");
// if (p) {
// log_write("GPG_AGENT_INFO: %s\n", p);
// } else {
// setenv("GPG_AGENT_INFO", "/tmp/gpg-3FhMq6/S.gpg-agent:22765:1", 1);
// log_write("NO GPG AGENT INFO FOUND\n");
// }
gpgme_set_passphrase_cb(ctx, &passphrase_cb, 0);
gpgme_data_new_from_mem(&cipher, msg, strlen(msg), 0);
gpgme_data_new(&plain);
err = gpgme_op_decrypt(ctx, cipher, plain);
gpgme_decrypt_result_t res = gpgme_op_decrypt_result(ctx);
gpgme_recipient_t recipient = res->recipients;
while (recipient) {
log_write(">>> recipient keyid: %s\n", recipient->keyid);
recipient = recipient->next;
}
gpgme_data_release(cipher);
free(msg);
if (err) {
log_write("gpgme_op_decrypt error: %s\n", gpgme_strerror(err));
gpgme_data_release(plain);
gpgme_release(ctx);
return 0;
}
temp = gpgme_data_release_and_get_mem(plain, &n);
if (!temp) {
gpgme_release(ctx);
return 0;
}
*plain_size = n;
str = strndup(temp, n);
free(temp);
gpgme_release(ctx);
return str;
}
/* ------------------
* verify a signed string with the key found with fingerprint fpr
* FREE MEMORY AFTER USAGE OF RETURN VALUE!
* ------------------ */
static char* verify(const char* sig_str)
{
gpgme_error_t error;
gpgme_ctx_t ctx;
gpgme_data_t plain,sig,sig_text;
gpgme_verify_result_t result;
char* fpr = NULL;
char* armored_sig_str = NULL;
if (sig_str == NULL)
{
purple_debug_error(PLUGIN_ID,"verify got null parameter\n");
return NULL;
}
// connect to gpgme
gpgme_check_version (NULL);
error = gpgme_new(&ctx);
if (error)
{
purple_debug_error(PLUGIN_ID,"gpgme_new failed: %s %s\n",gpgme_strsource (error), gpgme_strerror (error));
return NULL;
}
// armor sig_str
armored_sig_str = str_armor(sig_str);
// create data containers
gpgme_data_new_from_mem (&sig, armored_sig_str,strlen(armored_sig_str),1);
gpgme_data_new(&plain);
// try to verify
error = gpgme_op_verify(ctx,sig,NULL,plain);
if (error)
{
purple_debug_error(PLUGIN_ID,"gpgme_op_verify failed: %s %s\n",gpgme_strsource (error), gpgme_strerror (error));
gpgme_release (ctx);
return NULL;
}
// get result
result = gpgme_op_verify_result (ctx);
if (result != NULL)
{
if (result->signatures != NULL)
{
// return the fingerprint of the key that made the signature
fpr = g_strdup(result->signatures->fpr);
}
}
// release memory for data containers
gpgme_data_release(sig);
gpgme_data_release(plain);
return fpr;
}
bool KGpgMe::encrypt(const QByteArray& inBuffer, Q_ULONG length,
QByteArray* outBuffer, QString keyid /* = QString::null */)
{
gpgme_error_t err = 0;
gpgme_data_t in = 0, out = 0;
gpgme_key_t keys[2] = { NULL, NULL };
gpgme_key_t* key = NULL;
gpgme_encrypt_result_t result = 0;
outBuffer->resize(0);
if(m_ctx) {
err = gpgme_data_new_from_mem(&in, inBuffer.data(), length, 1);
if(!err) {
err = gpgme_data_new(&out);
if(!err) {
if(keyid.isNull()) {
key = NULL;
}
else {
err = gpgme_get_key(m_ctx, keyid.ascii(), &keys[0], 0);
key = keys;
}
if(!err) {
err = gpgme_op_encrypt(m_ctx, key, GPGME_ENCRYPT_ALWAYS_TRUST,
in, out);
if(!err) {
result = gpgme_op_encrypt_result(m_ctx);
if (result->invalid_recipients) {
KMessageBox::error(kapp->activeWindow(), QString("%1: %2")
.arg(i18n("That public key is not meant for encryption"))
.arg(result->invalid_recipients->fpr));
}
else {
err = readToBuffer(out, outBuffer);
}
}
}
}
}
}
if(err != GPG_ERR_NO_ERROR && err != GPG_ERR_CANCELED) {
KMessageBox::error(kapp->activeWindow(), QString("%1: %2")
.arg(gpgme_strsource(err)).arg(gpgme_strerror(err)));
}
if(err != GPG_ERR_NO_ERROR)
clearCache();
if(keys[0])
gpgme_key_unref(keys[0]);
if(in)
gpgme_data_release(in);
if(out)
gpgme_data_release(out);
return (err == GPG_ERR_NO_ERROR);
}
void
p_gpg_verify(const char *const barejid, const char *const sign)
{
if (!sign) {
return;
}
gpgme_ctx_t ctx;
gpgme_error_t error = gpgme_new(&ctx);
if (error) {
log_error("GPG: Failed to create gpgme context. %s %s", gpgme_strsource(error), gpgme_strerror(error));
return;
}
char *sign_with_header_footer = _add_header_footer(sign, PGP_SIGNATURE_HEADER, PGP_SIGNATURE_FOOTER);
gpgme_data_t sign_data;
gpgme_data_new_from_mem(&sign_data, sign_with_header_footer, strlen(sign_with_header_footer), 1);
free(sign_with_header_footer);
gpgme_data_t plain_data;
gpgme_data_new(&plain_data);
error = gpgme_op_verify(ctx, sign_data, NULL, plain_data);
gpgme_data_release(sign_data);
gpgme_data_release(plain_data);
if (error) {
log_error("GPG: Failed to verify. %s %s", gpgme_strsource(error), gpgme_strerror(error));
gpgme_release(ctx);
return;
}
gpgme_verify_result_t result = gpgme_op_verify_result(ctx);
if (result) {
if (result->signatures) {
gpgme_key_t key = NULL;
error = gpgme_get_key(ctx, result->signatures->fpr, &key, 0);
if (error) {
log_debug("Could not find PGP key with ID %s for %s", result->signatures->fpr, barejid);
} else {
log_debug("Fingerprint found for %s: %s ", barejid, key->subkeys->fpr);
ProfPGPPubKeyId *pubkeyid = malloc(sizeof(ProfPGPPubKeyId));
pubkeyid->id = strdup(key->subkeys->keyid);
pubkeyid->received = TRUE;
g_hash_table_replace(pubkeys, strdup(barejid), pubkeyid);
}
gpgme_key_unref(key);
}
}
gpgme_release(ctx);
}
char *gpg_encrypt_msg(const char *msg, const char *fpr) {
gpgme_ctx_t ctx;
gpgme_data_t plain, cipher;
gpgme_error_t err;
char *temp, *str;
char *ret = 0;
gpgme_key_t key_arr[2] = {0, 0};
size_t n = 0;
err = gpgme_new(&ctx);
if (err) {
return 0;
}
gpgme_set_protocol(ctx, GPGME_PROTOCOL_OpenPGP);
gpgme_set_armor(ctx, 1);
err = gpgme_get_key(ctx, fpr, &key_arr[0], 0);
if (err) {
gpgme_release(ctx);
return 0;
}
err = gpgme_data_new_from_mem(&plain, msg, strlen(msg), 0);
if (err) {
goto end;
}
gpgme_data_new(&cipher);
err = gpgme_op_encrypt(ctx, key_arr, GPGME_ENCRYPT_ALWAYS_TRUST, plain, cipher);
gpgme_data_release(plain);
if (err) {
gpgme_data_release(cipher);
goto end;
}
temp = gpgme_data_release_and_get_mem(cipher, &n);
if (!temp) {
goto end;
}
str = strndup(temp, n);
gpgme_free(temp);
if (!str) {
goto end;
}
ret = drop_gpg_headers(str);
free(str);
end:
gpgme_key_unref(key_arr[0]);
gpgme_release(ctx);
return ret;
}
int
main (int argc, char *argv[])
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t in, out;
gpgme_verify_result_t result;
char *agent_info;
int i;
init_gpgme (GPGME_PROTOCOL_OpenPGP);
err = gpgme_new (&ctx);
fail_if_err (err);
agent_info = getenv ("GPG_AGENT_INFO");
if (!(agent_info && strchr (agent_info, ':')))
gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL);
err = gpgme_data_new_from_mem (&in, "Hallo Leute\n", 12, 0);
fail_if_err (err);
err = gpgme_data_new (&out);
fail_if_err (err);
for (i = 0; i < sizeof (expected_notations) / sizeof (expected_notations[0]);
i++)
{
err = gpgme_sig_notation_add (ctx, expected_notations[i].name,
expected_notations[i].value,
expected_notations[i].flags);
fail_if_err (err);
}
err = gpgme_op_sign (ctx, in, out, GPGME_SIG_MODE_NORMAL);
fail_if_err (err);
gpgme_data_release (in);
err = gpgme_data_new (&in);
fail_if_err (err);
gpgme_data_seek (out, 0, SEEK_SET);
err = gpgme_op_verify (ctx, out, NULL, in);
fail_if_err (err);
result = gpgme_op_verify_result (ctx);
check_result (result);
gpgme_data_release (in);
gpgme_data_release (out);
gpgme_release (ctx);
return 0;
}
/*
int main(int argc, char** argv)
{
gpgme_ctx_t ctx;
gpgme_error_t err;
init_gpgme(GPGME_PROTOCOL_OpenPGP);
err = gpgme_new(&ctx);
check_errors(err,"error with gpgme_new");
verify_signature(ctx,"signature.c.sig","signature.c");
return 0;
}
*/
bool verify_signature(gpgme_ctx_t ctx, char* sig_path,char* file_path)
{
gpgme_error_t err;
FILE* fp_sig = NULL;
FILE* fp_msg = NULL;
gpgme_data_t sig = NULL;
gpgme_data_t msg = NULL;
gpgme_verify_result_t result;
fp_sig = fopen(sig_path,"rb"); //open file with signature
if(!fp_sig)
{
err = gpg_error_from_syserror();
fprintf (stderr, PGM ": can't open `%s': %s\n", sig_path, gpg_strerror(err));
return false;
}
fp_msg = fopen(file_path,"rb"); //open file which want to check
if(!fp_msg)
{
err = gpg_error_from_syserror();
fprintf(stderr,PGM ": cant open `%s`: %s\n", file_path, gpg_strerror(err));
return false;
}
err = gpgme_data_new_from_stream(&sig,fp_sig); //write to gpgme_data object from fp_sig stream(signature)
if(err)
{
fprintf (stderr, PGM ": error allocating data object: %s\n",gpg_strerror (err));
return false;
}
if(fp_msg)
{
err = gpgme_data_new_from_stream(&msg,fp_msg); //write to gpgme_data object from fp_msg(file)
if(err)
{
fprintf(stderr,PGM ": error allocation data object: %s\n",gpg_strerror(err));
return false;
}
}
err = gpgme_op_verify(ctx,sig,msg,NULL); //verify signature
check_errors(err,"error with verify");
result = gpgme_op_verify_result(ctx); //get result of checking signature
if(result)
{
print_result_of_checking(result); //printf checking information
}
fclose(fp_sig);
fclose(fp_msg);
gpgme_data_release (msg);
gpgme_data_release (sig);
return true;
}
int
main (int argc, char *argv[])
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t out;
const char *pattern1[] = { "DFN Top Level Certification Authority", NULL };
const char *pattern2[] = { "3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E",
"DFN Server Certification Authority",
NULL };
init_gpgme (GPGME_PROTOCOL_CMS);
err = gpgme_new (&ctx);
fail_if_err (err);
gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
gpgme_set_armor (ctx, 1);
/* Check exporting of one certificate. */
err = gpgme_data_new (&out);
fail_if_err (err);
err = gpgme_op_export_ext (ctx, pattern1, 0, out);
fail_if_err (err);
fflush (NULL);
fputs ("Begin Result:\n", stdout);
print_data (out);
fputs ("End Result.\n", stdout);
gpgme_data_release (out);
/* Check exporting of 2 certificates. */
err = gpgme_data_new (&out);
fail_if_err (err);
err = gpgme_op_export_ext (ctx, pattern2, 0, out);
fail_if_err (err);
fflush (NULL);
fputs ("Begin Result:\n", stdout);
print_data (out);
fputs ("End Result.\n", stdout);
gpgme_data_release (out);
gpgme_release (ctx);
return 0;
}
static GMimeSignatureList *
pkcs7_verify (GMimeCryptoContext *context, GMimeDigestAlgo digest,
GMimeStream *istream, GMimeStream *sigstream,
GError **err)
{
#ifdef ENABLE_SMIME
GMimePkcs7Context *ctx = (GMimePkcs7Context *) context;
gpgme_data_t message, signature;
Pkcs7Ctx *pkcs7 = ctx->priv;
gpgme_error_t error;
if ((error = gpgme_data_new_from_cbs (&message, &pkcs7_stream_funcs, istream)) != GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not open input stream"));
return NULL;
}
/* if @sigstream is non-NULL, then it is a detached signature */
if (sigstream != NULL) {
if ((error = gpgme_data_new_from_cbs (&signature, &pkcs7_stream_funcs, sigstream)) != GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not open signature stream"));
gpgme_data_release (message);
return NULL;
}
} else {
signature = NULL;
}
if ((error = gpgme_op_verify (pkcs7->ctx, signature, message, NULL)) != GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not verify pkcs7 signature"));
if (signature)
gpgme_data_release (signature);
gpgme_data_release (message);
return NULL;
}
if (signature)
gpgme_data_release (signature);
if (message)
gpgme_data_release (message);
/* get/return the pkcs7 signatures */
return pkcs7_get_signatures (pkcs7, TRUE);
#else
g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED, _("S/MIME support is not enabled in this build"));
return NULL;
#endif /* ENABLE_SMIME */
}
static int
pkcs7_sign (GMimeCryptoContext *context, const char *userid, GMimeDigestAlgo digest,
GMimeStream *istream, GMimeStream *ostream, GError **err)
{
#ifdef ENABLE_SMIME
GMimePkcs7Context *ctx = (GMimePkcs7Context *) context;
Pkcs7Ctx *pkcs7 = ctx->priv;
gpgme_sign_result_t result;
gpgme_data_t input, output;
gpgme_error_t error;
if (!pkcs7_add_signer (pkcs7, userid, err))
return -1;
gpgme_set_armor (pkcs7->ctx, FALSE);
if ((error = gpgme_data_new_from_cbs (&input, &pkcs7_stream_funcs, istream)) != GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not open input stream"));
return -1;
}
if ((error = gpgme_data_new_from_cbs (&output, &pkcs7_stream_funcs, ostream)) != GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not open output stream"));
gpgme_data_release (input);
return -1;
}
/* sign the input stream */
if ((error = gpgme_op_sign (pkcs7->ctx, input, output, GPGME_SIG_MODE_DETACH)) != GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Signing failed"));
gpgme_data_release (output);
gpgme_data_release (input);
return -1;
}
gpgme_data_release (output);
gpgme_data_release (input);
/* return the digest algorithm used for signing */
result = gpgme_op_sign_result (pkcs7->ctx);
return pkcs7_digest_id (context, gpgme_hash_algo_name (result->signatures->hash_algo));
#else
g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED, _("S/MIME support is not enabled in this build"));
return -1;
#endif /* ENABLE_SMIME */
}
/* Destroy the data buffer DH and return a pointer to its content.
The memory has be to released with gpgme_free() by the user. It's
size is returned in R_LEN. */
char *
gpgme_data_release_and_get_mem (gpgme_data_t dh, size_t *r_len)
{
char *str = NULL;
TRACE_BEG1 (DEBUG_DATA, "gpgme_data_release_and_get_mem", dh,
"r_len=%p", r_len);
if (!dh || dh->cbs != &mem_cbs)
{
gpgme_data_release (dh);
TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
return NULL;
}
str = dh->data.mem.buffer;
if (!str && dh->data.mem.orig_buffer)
{
str = malloc (dh->data.mem.length);
if (!str)
{
int saved_err = gpg_error_from_syserror ();
gpgme_data_release (dh);
TRACE_ERR (saved_err);
return NULL;
}
memcpy (str, dh->data.mem.orig_buffer, dh->data.mem.length);
}
else
/* Prevent mem_release from releasing the buffer memory. We must
not fail from this point. */
dh->data.mem.buffer = NULL;
if (r_len)
*r_len = dh->data.mem.length;
gpgme_data_release (dh);
if (r_len)
{
TRACE_SUC2 ("buffer=%p, len=%u", str, *r_len);
}
else
{
TRACE_SUC1 ("buffer=%p", str);
}
return str;
}
static PyObject *
pygpgme_context_genkey(PyGpgmeContext *self, PyObject *args)
{
PyObject *py_pubkey = Py_None, *py_seckey = Py_None;
const char *parms;
gpgme_data_t pubkey = NULL, seckey = NULL;
PyObject *result;
gpgme_error_t err;
if (!PyArg_ParseTuple(args, "z|OO", &parms, &py_pubkey, &py_seckey))
return NULL;
if (pygpgme_data_new(&pubkey, py_pubkey))
return NULL;
if (pygpgme_data_new(&seckey, py_seckey)) {
gpgme_data_release(pubkey);
return NULL;
}
Py_BEGIN_ALLOW_THREADS;
err = gpgme_op_genkey(self->ctx, parms, pubkey, seckey);
Py_END_ALLOW_THREADS;
gpgme_data_release(seckey);
gpgme_data_release(pubkey);
result = pygpgme_genkey_result(self->ctx);
if (pygpgme_check_error(err)) {
PyObject *err_type, *err_value, *err_traceback;
PyErr_Fetch(&err_type, &err_value, &err_traceback);
PyErr_NormalizeException(&err_type, &err_value, &err_traceback);
if (!PyErr_GivenExceptionMatches(err_type, pygpgme_error))
goto end;
if (result != NULL) {
PyObject_SetAttrString(err_value, "result", result);
Py_DECREF(result);
}
end:
PyErr_Restore(err_type, err_value, err_traceback);
return NULL;
}
return (PyObject *) result;
}
int
main (int argc, char **argv)
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t sig, text;
gpgme_verify_result_t result;
init_gpgme (GPGME_PROTOCOL_CMS);
err = gpgme_new (&ctx);
fail_if_err (err);
gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
/* Checking a valid message. */
err = gpgme_data_new_from_mem (&text, test_text1, strlen (test_text1), 0);
fail_if_err (err);
err = gpgme_data_new_from_mem (&sig, test_sig1, strlen (test_sig1), 0);
fail_if_err (err);
err = gpgme_op_verify (ctx, sig, text, NULL);
fail_if_err (err);
result = gpgme_op_verify_result (ctx);
check_result (result, GPGME_SIGSUM_VALID | GPGME_SIGSUM_GREEN,
"3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E",
GPG_ERR_NO_ERROR, GPGME_VALIDITY_FULL);
show_auditlog (ctx);
/* Checking a manipulated message. */
gpgme_data_release (text);
err = gpgme_data_new_from_mem (&text, test_text1f, strlen (test_text1f), 0);
fail_if_err (err);
gpgme_data_seek (sig, 0, SEEK_SET);
err = gpgme_op_verify (ctx, sig, text, NULL);
fail_if_err (err);
result = gpgme_op_verify_result (ctx);
check_result (result, GPGME_SIGSUM_RED,
"3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E",
GPG_ERR_BAD_SIGNATURE, GPGME_VALIDITY_UNKNOWN);
show_auditlog (ctx);
gpgme_data_release (text);
gpgme_data_release (sig);
gpgme_release (ctx);
return got_errors? 1 : 0;
}
static PyObject *
pygpgme_context_card_edit(PyGpgmeContext *self, PyObject *args)
{
PyGpgmeKey *key;
PyObject *callback, *py_out;
gpgme_data_t out;
gpgme_error_t err;
if (!PyArg_ParseTuple(args, "O!OO", &PyGpgmeKey_Type, &key, &callback,
&py_out))
return NULL;
if (pygpgme_data_new(&out, py_out))
return NULL;
Py_BEGIN_ALLOW_THREADS;
err = gpgme_op_card_edit(self->ctx, key->key,
pygpgme_edit_cb, (void *)callback, out);
Py_END_ALLOW_THREADS;
gpgme_data_release(out);
if (pygpgme_check_error(err))
return NULL;
Py_RETURN_NONE;
}
static gpgme_error_t
inq_cb (void *opaque, const char *name, const char *args,
gpgme_data_t *r_data)
{
gpgme_data_t data;
gpgme_error_t err;
if (name)
{
printf ("INQ_CB: name=`%s' args=`%s'\n", name, args);
/* There shall be no data object. */
assert (!*r_data);
err = gpgme_data_new (&data);
fail_if_err (err);
*r_data = data;
printf (" sending data object %p\n", data);
}
else /* Finished using the formerly returned data object. */
{
printf ("INQ_CB: data object %p finished\n", *r_data);
/* There shall be a data object so that it can be cleaned up. */
assert (r_data);
gpgme_data_release (*r_data);
}
/* Uncomment the next lines and send a "SCD LEARN" to test sending
cancel from in inquiry. */
/* if (name && !strcmp (name, "KNOWNCARDP")) */
/* return gpgme_error (GPG_ERR_ASS_CANCELED); */
return 0;
}
int
op_export_keys (const char *pattern[], const char *outfile)
{
/* @untested@ */
gpgme_ctx_t ctx=NULL;
gpgme_data_t out=NULL;
gpgme_error_t err;
err = gpgme_new (&ctx);
if (err)
return err;
err = gpgme_data_new (&out);
if (err) {
gpgme_release (ctx);
return err;
}
gpgme_set_armor (ctx, 1);
err = gpgme_op_export_ext (ctx, pattern, 0, out);
if (!err)
data_to_file (&out, outfile);
gpgme_data_release (out);
gpgme_release (ctx);
return err;
}
void *sgpgme_data_release_and_get_mem(gpgme_data_t data, size_t *len)
{
char buf[BUFSIZ];
void *result = NULL;
ssize_t r = 0;
size_t w = 0;
if (data == NULL)
return NULL;
if (len == NULL)
return NULL;
/* I know it's deprecated, but we don't compile with _LARGEFILE */
cm_gpgme_data_rewind(data);
while ((r = gpgme_data_read(data, buf, BUFSIZ)) > 0) {
result = realloc(result, r + w);
if (result == NULL) {
g_warning("can't allocate memory\n");
return NULL;
}
memcpy(result+w, buf, r);
w += r;
}
*len = w;
gpgme_data_release(data);
if (r < 0) {
free(result);
*len = 0;
return NULL;
}
return result;
}
static PyObject *
pygpgme_context_export(PyGpgmeContext *self, PyObject *args)
{
PyObject *py_pattern, *py_keydata;
char **patterns = NULL;
gpgme_data_t keydata;
gpgme_error_t err;
if (!PyArg_ParseTuple(args, "OO", &py_pattern, &py_keydata))
return NULL;
if (parse_key_patterns(py_pattern, &patterns) < 0)
return NULL;
if (pygpgme_data_new(&keydata, py_keydata)) {
if (patterns)
free_key_patterns(patterns);
return NULL;
}
Py_BEGIN_ALLOW_THREADS;
err = gpgme_op_export_ext(self->ctx, (const char **)patterns, 0, keydata);
Py_END_ALLOW_THREADS;
if (patterns)
free_key_patterns(patterns);
gpgme_data_release(keydata);
if (pygpgme_check_error(err))
return NULL;
Py_RETURN_NONE;
}
int
main (int argc, char *argv[])
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t in, out;
gpgme_decrypt_result_t decrypt_result;
gpgme_verify_result_t verify_result;
char *cipher_2_asc = make_filename ("cipher-2.asc");
char *agent_info;
init_gpgme (GPGME_PROTOCOL_OpenPGP);
err = gpgme_new (&ctx);
fail_if_err (err);
agent_info = getenv("GPG_AGENT_INFO");
if (!(agent_info && strchr (agent_info, ':')))
gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL);
err = gpgme_data_new_from_file (&in, cipher_2_asc, 1);
free (cipher_2_asc);
fail_if_err (err);
err = gpgme_data_new (&out);
fail_if_err (err);
err = gpgme_op_decrypt_verify (ctx, in, out);
fail_if_err (err);
decrypt_result = gpgme_op_decrypt_result (ctx);
if (decrypt_result->unsupported_algorithm)
{
fprintf (stderr, "%s:%i: unsupported algorithm: %s\n",
__FILE__, __LINE__, decrypt_result->unsupported_algorithm);
exit (1);
}
print_data (out);
verify_result = gpgme_op_verify_result (ctx);
check_verify_result (verify_result, 0,
"A0FF4590BB6122EDEF6E3C542D727CC768697734",
GPG_ERR_NO_ERROR);
gpgme_data_release (in);
gpgme_data_release (out);
gpgme_release (ctx);
return 0;
}
int
main (int argc, char *argv[])
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t in, out;
gpgme_key_t key[3] = { NULL, NULL, NULL };
gpgme_encrypt_result_t result;
init_gpgme (GPGME_PROTOCOL_OpenPGP);
err = gpgme_new (&ctx);
fail_if_err (err);
gpgme_set_armor (ctx, 1);
err = gpgme_data_new_from_mem (&in, "Hallo Leute\n", 12, 0);
fail_if_err (err);
err = gpgme_data_new (&out);
fail_if_err (err);
err = gpgme_get_key (ctx, "A0FF4590BB6122EDEF6E3C542D727CC768697734",
&key[0], 0);
fail_if_err (err);
err = gpgme_get_key (ctx, "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2",
&key[1], 0);
fail_if_err (err);
err = gpgme_op_encrypt (ctx, key, GPGME_ENCRYPT_ALWAYS_TRUST, in, out);
fail_if_err (err);
result = gpgme_op_encrypt_result (ctx);
if (result->invalid_recipients)
{
fprintf (stderr, "Invalid recipient encountered: %s\n",
result->invalid_recipients->fpr);
exit (1);
}
print_data (out);
gpgme_key_unref (key[0]);
gpgme_key_unref (key[1]);
gpgme_data_release (in);
gpgme_data_release (out);
gpgme_release (ctx);
return 0;
}
/**
* seahorse_service_crypto_sign_text:
* @crypto: SeahorseServiceCrypto
* @signer: the signer keyid
* @flags: 0 (ignored)
* @cleartext: the text to sign
* @crypttext: the clear text signature (out) (GPGME_SIG_MODE_CLEAR)
* @error: an error to return
*
* DBus: SignText
*
* Signs the @cleartext and returns the signature in @crypttext
*
* Returns: TRUE on success
*/
gboolean
seahorse_service_crypto_sign_text (SeahorseServiceCrypto *crypto, const char *signer,
int flags, const char *cleartext, char **crypttext,
GError **error)
{
SeahorseObject *signkey = NULL;
gpgme_error_t gerr;
SeahorseGpgmeOperation *pop;
gpgme_data_t plain, cipher;
gboolean ret = TRUE;
/*
* TODO: Once we support different kinds of keys that support encryption
* then all this logic will need to change.
*/
/* The signer */
if (!signer || !signer[0])
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_INVALID,
_("No signer specified"));
signkey = seahorse_context_object_from_dbus (SCTX_APP (), signer);
if (!signkey) {
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_INVALID,
_("Invalid or unrecognized signer: %s"), signer);
return FALSE;
}
if (!SEAHORSE_IS_GPGME_KEY (signkey) ||
!(seahorse_object_get_flags (signkey) & SEAHORSE_FLAG_CAN_SIGN)) {
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_INVALID,
_("Key is not valid for signing: %s"), signer);
return FALSE;
}
pop = seahorse_gpgme_operation_new (NULL);
/* new data from text */
gerr = gpgme_data_new_from_mem (&plain, cleartext, strlen (cleartext), FALSE);
g_return_val_if_fail (GPG_IS_OK (gerr), FALSE);
gerr = gpgme_data_new (&cipher);
g_return_val_if_fail (GPG_IS_OK (gerr), FALSE);
/* encrypt with armor */
gpgme_set_textmode (pop->gctx, TRUE);
gpgme_set_armor (pop->gctx, TRUE);
/* Do the signage */
gpgme_signers_add (pop->gctx, seahorse_gpgme_key_get_private (SEAHORSE_GPGME_KEY (signkey)));
gerr = gpgme_op_sign_start (pop->gctx, plain, cipher, GPGME_SIG_MODE_CLEAR);
/* Frees cipher */
ret = process_crypto_result (pop, gerr, cipher, crypttext, NULL, error);
g_object_unref (pop);
gpgme_data_release (plain);
return ret;
}
retvalue signature_check(const struct signature_requirement *requirements, const char *releasegpg, const char *releasename, const char *releasedata, size_t releaselen) {
gpg_error_t err;
int gpgfd;
gpgme_data_t dh, dh_gpg;
assert (requirements != NULL);
if (FAILEDTOALLOC(releasedata) || FAILEDTOALLOC(releasegpg))
return RET_ERROR_OOM;
assert (context != NULL);
/* Read the file and its signature into memory: */
gpgfd = open(releasegpg, O_RDONLY|O_NOCTTY);
if (gpgfd < 0) {
int e = errno;
fprintf(stderr, "Error opening '%s': %s\n",
releasegpg, strerror(e));
return RET_ERRNO(e);
}
err = gpgme_data_new_from_fd(&dh_gpg, gpgfd);
if (err != 0) {
(void)close(gpgfd);
fprintf(stderr, "Error reading '%s':\n", releasegpg);
return gpgerror(err);
}
err = gpgme_data_new_from_mem(&dh, releasedata, releaselen, 0);
if (err != 0) {
gpgme_data_release(dh_gpg);
return gpgerror(err);
}
/* Verify the signature */
err = gpgme_op_verify(context, dh_gpg, dh, NULL);
gpgme_data_release(dh_gpg);
gpgme_data_release(dh);
close(gpgfd);
if (err != 0) {
fprintf(stderr, "Error verifying '%s':\n", releasegpg);
return gpgerror(err);
}
return verify_signature(requirements, releasegpg, releasename);
}
int
main (int argc, char *argv[])
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t in, out;
gpgme_sign_result_t result;
init_gpgme (GPGME_PROTOCOL_CMS);
err = gpgme_new (&ctx);
fail_if_err (err);
gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
gpgme_set_textmode (ctx, 1);
gpgme_set_armor (ctx, 1);
err = gpgme_data_new_from_mem (&in, "Hallo Leute!\n", 13, 0);
fail_if_err (err);
/* First a normal signature. */
err = gpgme_data_new (&out);
fail_if_err (err);
err = gpgme_op_sign (ctx, in, out, GPGME_SIG_MODE_NORMAL);
fail_if_err (err);
result = gpgme_op_sign_result (ctx);
check_result (result, GPGME_SIG_MODE_NORMAL);
print_data (out);
gpgme_data_release (out);
/* Now a detached signature. */
gpgme_data_seek (in, 0, SEEK_SET);
err = gpgme_data_new (&out);
fail_if_err (err);
err = gpgme_op_sign (ctx, in, out, GPGME_SIG_MODE_DETACH);
fail_if_err (err);
result = gpgme_op_sign_result (ctx);
check_result (result, GPGME_SIG_MODE_DETACH);
print_data (out);
gpgme_data_release (out);
gpgme_data_release (in);
gpgme_release (ctx);
return 0;
}
/**
* pop: a seahorse operation
* gstarterr: the gpgme error that could have occured earlier
* cryptdata: gpgme cryptdata
* result: the result of the gpgme operation (out)
* resultlength: length of the created buffer (out) (can be NULL)
* error: will be set on error
*
* Finishes the gpgme processing and returns the result
*
* returns: TRUE on successful operation, FALSE else
*/
static gboolean
process_crypto_result (SeahorseGpgmeOperation *pop, gpgme_error_t gstarterr,
gpgme_data_t cryptdata, gchar **result, gsize *resultlength, GError **error)
{
size_t len;
char *data;
/* Starting the operation failed? */
if (!GPG_IS_OK (gstarterr)) {
gpgme_data_release (cryptdata);
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_CRYPTO,
"%s", gpgme_strerror (gstarterr));
return FALSE;
}
/* Wait for it to finish (can run main loop stuff) */
seahorse_operation_wait (SEAHORSE_OPERATION (pop));
if (seahorse_operation_is_cancelled (SEAHORSE_OPERATION (pop))) {
g_set_error (error, SEAHORSE_DBUS_CANCELLED, 0, "%s", "");
return FALSE;
} else if (seahorse_operation_is_successful (SEAHORSE_OPERATION (pop))) {
data = gpgme_data_release_and_get_mem (cryptdata, &len);
*result = g_strndup (data, len);
if (resultlength != NULL)
*resultlength = (gsize)len;
g_free (data);
return TRUE;
} else {
/* A failed operation always has an error */
g_assert (seahorse_operation_get_error (SEAHORSE_OPERATION (pop)));
g_set_error (error, SEAHORSE_DBUS_ERROR, SEAHORSE_DBUS_ERROR_CRYPTO,
"%s", seahorse_operation_get_error (SEAHORSE_OPERATION (pop))->message);
gpgme_data_release (cryptdata);
return FALSE;
}
}
int
main (int argc, char **argv)
{
int last_argc = -1;
gpgme_error_t err;
int anyerr = 0;
gpgme_data_t data;
gpgme_data_type_t dt;
if (argc)
{ argc--; argv++; }
while (argc && last_argc != argc )
{
last_argc = argc;
if (!strcmp (*argv, "--"))
{
argc--; argv++;
break;
}
else if (!strcmp (*argv, "--help"))
show_usage (0);
else if (!strcmp (*argv, "--verbose"))
{
verbose = 1;
argc--; argv++;
}
else if (!strncmp (*argv, "--", 2))
show_usage (1);
}
init_gpgme (GPGME_PROTOCOL_OpenPGP);
for (; argc; argc--, argv++)
{
if (verbose)
printf ("reading file `%s'\n", *argv);
err = gpgme_data_new_from_file (&data, *argv, 1);
if (err)
{
fprintf (stderr, PGM ": error reading '%s': %s\n",
*argv, gpg_strerror (err));
anyerr = 1;
}
else
{
dt = gpgme_data_identify (data, 0);
if (dt == GPGME_DATA_TYPE_INVALID)
anyerr = 1;
printf ("%s: %s\n", *argv, data_type_to_string (dt));
gpgme_data_release (data);
}
}
return anyerr;
}
/* Return true if the file FNAME looks like an CMS file. There is no
error return, just a best effort try to identify CMS in a file with
a CMS object. */
int
is_cms_file (const char *fname)
{
#ifdef HAVE_GPGME_DATA_IDENTIFY
FILE *fp;
gpgme_data_t dh;
gpgme_data_type_t dt;
fp = fopen (fname, "rb");
if (!fp)
return 0; /* Not found - can't be a CMS file. */
if (gpgme_data_new_from_stream (&dh, fp))
{
fclose (fp);
return 0;
}
dt = gpgme_data_identify (dh, 0);
gpgme_data_release (dh);
fclose (fp);
switch (dt)
{
case GPGME_DATA_TYPE_CMS_SIGNED:
case GPGME_DATA_TYPE_CMS_ENCRYPTED:
case GPGME_DATA_TYPE_CMS_OTHER:
case GPGME_DATA_TYPE_X509_CERT:
case GPGME_DATA_TYPE_PKCS12:
return 1;
default:
return 0;
}
#else
int result;
FILE *fp;
char *data;
size_t datalen;
fp = fopen (fname, "rb");
if (!fp)
return 0; /* Not found - can't be a CMS file. */
data = malloc (CMS_BUFFER_SIZE);
if (!data)
{
fclose (fp);
return 0; /* Oops */
}
datalen = fread (data, 1, CMS_BUFFER_SIZE - 1, fp);
data[datalen] = 0;
fclose (fp);
result = detect_cms (data, datalen);
free (data);
return result;
#endif
}
