1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
3 * Copyright (C) 2000-2012 Jeffrey Stedfast
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public License
7 * as published by the Free Software Foundation; either version 2.1
8 * of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free
17 * Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA
29 typedef unsigned int nfds_t;
36 #include <sys/types.h>
37 #include <sys/ioctl.h>
50 #include "gmime-gpg-context.h"
51 #ifdef ENABLE_CRYPTOGRAPHY
52 #include "gmime-filter-charset.h"
53 #include "gmime-stream-filter.h"
54 #include "gmime-stream-pipe.h"
55 #include "gmime-stream-mem.h"
56 #include "gmime-stream-fs.h"
57 #include "gmime-charset.h"
58 #endif /* ENABLE_CRYPTOGRAPHY */
59 #include "gmime-error.h"
71 * SECTION: gmime-gpg-context
72 * @title: GMimeGpgContext
73 * @short_description: GnuPG crypto contexts
74 * @see_also: #GMimeCryptoContext
76 * A #GMimeGpgContext is a #GMimeCryptoContext that uses GnuPG to do
77 * all of the encryption and digital signatures.
81 static void g_mime_gpg_context_class_init (GMimeGpgContextClass *klass);
82 static void g_mime_gpg_context_init (GMimeGpgContext *ctx, GMimeGpgContextClass *klass);
83 static void g_mime_gpg_context_finalize (GObject *object);
85 static GMimeDigestAlgo gpg_digest_id (GMimeCryptoContext *ctx, const char *name);
87 static const char *gpg_digest_name (GMimeCryptoContext *ctx, GMimeDigestAlgo digest);
89 static int gpg_sign (GMimeCryptoContext *ctx, const char *userid,
90 GMimeDigestAlgo digest, GMimeStream *istream,
91 GMimeStream *ostream, GError **err);
93 static const char *gpg_get_signature_protocol (GMimeCryptoContext *ctx);
95 static const char *gpg_get_encryption_protocol (GMimeCryptoContext *ctx);
97 static const char *gpg_get_key_exchange_protocol (GMimeCryptoContext *ctx);
99 static GMimeSignatureList *gpg_verify (GMimeCryptoContext *ctx, GMimeDigestAlgo digest,
100 GMimeStream *istream, GMimeStream *sigstream,
103 static int gpg_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid,
104 GMimeDigestAlgo digest, GPtrArray *recipients, GMimeStream *istream,
105 GMimeStream *ostream, GError **err);
107 static GMimeDecryptResult *gpg_decrypt (GMimeCryptoContext *ctx, GMimeStream *istream,
108 GMimeStream *ostream, GError **err);
110 static int gpg_import_keys (GMimeCryptoContext *ctx, GMimeStream *istream,
113 static int gpg_export_keys (GMimeCryptoContext *ctx, GPtrArray *keys,
114 GMimeStream *ostream, GError **err);
117 static GMimeCryptoContextClass *parent_class = NULL;
121 g_mime_gpg_context_get_type (void)
123 static GType type = 0;
126 static const GTypeInfo info = {
127 sizeof (GMimeGpgContextClass),
128 NULL, /* base_class_init */
129 NULL, /* base_class_finalize */
130 (GClassInitFunc) g_mime_gpg_context_class_init,
131 NULL, /* class_finalize */
132 NULL, /* class_data */
133 sizeof (GMimeGpgContext),
135 (GInstanceInitFunc) g_mime_gpg_context_init,
138 type = g_type_register_static (GMIME_TYPE_CRYPTO_CONTEXT, "GMimeGpgContext", &info, 0);
146 g_mime_gpg_context_class_init (GMimeGpgContextClass *klass)
148 GObjectClass *object_class = G_OBJECT_CLASS (klass);
149 GMimeCryptoContextClass *crypto_class = GMIME_CRYPTO_CONTEXT_CLASS (klass);
151 parent_class = g_type_class_ref (G_TYPE_OBJECT);
153 object_class->finalize = g_mime_gpg_context_finalize;
155 crypto_class->digest_id = gpg_digest_id;
156 crypto_class->digest_name = gpg_digest_name;
157 crypto_class->sign = gpg_sign;
158 crypto_class->verify = gpg_verify;
159 crypto_class->encrypt = gpg_encrypt;
160 crypto_class->decrypt = gpg_decrypt;
161 crypto_class->import_keys = gpg_import_keys;
162 crypto_class->export_keys = gpg_export_keys;
163 crypto_class->get_signature_protocol = gpg_get_signature_protocol;
164 crypto_class->get_encryption_protocol = gpg_get_encryption_protocol;
165 crypto_class->get_key_exchange_protocol = gpg_get_key_exchange_protocol;
169 g_mime_gpg_context_init (GMimeGpgContext *ctx, GMimeGpgContextClass *klass)
171 ctx->auto_key_retrieve = FALSE;
172 ctx->always_trust = FALSE;
173 ctx->use_agent = FALSE;
178 g_mime_gpg_context_finalize (GObject *object)
180 GMimeGpgContext *ctx = (GMimeGpgContext *) object;
184 G_OBJECT_CLASS (parent_class)->finalize (object);
187 static GMimeDigestAlgo
188 gpg_digest_id (GMimeCryptoContext *ctx, const char *name)
191 return GMIME_DIGEST_ALGO_DEFAULT;
193 if (!g_ascii_strcasecmp (name, "pgp-"))
196 if (!g_ascii_strcasecmp (name, "md2"))
197 return GMIME_DIGEST_ALGO_MD2;
198 else if (!g_ascii_strcasecmp (name, "md4"))
199 return GMIME_DIGEST_ALGO_MD4;
200 else if (!g_ascii_strcasecmp (name, "md5"))
201 return GMIME_DIGEST_ALGO_MD5;
202 else if (!g_ascii_strcasecmp (name, "sha1"))
203 return GMIME_DIGEST_ALGO_SHA1;
204 else if (!g_ascii_strcasecmp (name, "sha224"))
205 return GMIME_DIGEST_ALGO_SHA224;
206 else if (!g_ascii_strcasecmp (name, "sha256"))
207 return GMIME_DIGEST_ALGO_SHA256;
208 else if (!g_ascii_strcasecmp (name, "sha384"))
209 return GMIME_DIGEST_ALGO_SHA384;
210 else if (!g_ascii_strcasecmp (name, "sha512"))
211 return GMIME_DIGEST_ALGO_SHA512;
212 else if (!g_ascii_strcasecmp (name, "ripemd160"))
213 return GMIME_DIGEST_ALGO_RIPEMD160;
214 else if (!g_ascii_strcasecmp (name, "tiger192"))
215 return GMIME_DIGEST_ALGO_TIGER192;
216 else if (!g_ascii_strcasecmp (name, "haval-5-160"))
217 return GMIME_DIGEST_ALGO_HAVAL5160;
219 return GMIME_DIGEST_ALGO_DEFAULT;
223 gpg_digest_name (GMimeCryptoContext *ctx, GMimeDigestAlgo digest)
226 case GMIME_DIGEST_ALGO_MD2:
228 case GMIME_DIGEST_ALGO_MD4:
230 case GMIME_DIGEST_ALGO_MD5:
232 case GMIME_DIGEST_ALGO_SHA1:
234 case GMIME_DIGEST_ALGO_SHA224:
236 case GMIME_DIGEST_ALGO_SHA256:
238 case GMIME_DIGEST_ALGO_SHA384:
240 case GMIME_DIGEST_ALGO_SHA512:
242 case GMIME_DIGEST_ALGO_RIPEMD160:
243 return "pgp-ripemd160";
244 case GMIME_DIGEST_ALGO_TIGER192:
245 return "pgp-tiger192";
246 case GMIME_DIGEST_ALGO_HAVAL5160:
247 return "pgp-haval-5-160";
254 gpg_get_signature_protocol (GMimeCryptoContext *ctx)
256 return "application/pgp-signature";
260 gpg_get_encryption_protocol (GMimeCryptoContext *ctx)
262 return "application/pgp-encrypted";
266 gpg_get_key_exchange_protocol (GMimeCryptoContext *ctx)
268 return "application/pgp-keys";
271 #ifdef ENABLE_CRYPTOGRAPHY
275 GPG_CTX_MODE_ENCRYPT,
276 GPG_CTX_MODE_SIGN_ENCRYPT,
277 GPG_CTX_MODE_DECRYPT,
283 enum _GpgCtxMode mode;
284 GHashTable *userid_hint;
285 GMimeGpgContext *ctx;
289 GPtrArray *recipients;
290 GMimeCipherAlgo cipher;
291 GMimeDigestAlgo digest;
297 int secret_fd; /* used for sign/decrypt/verify */
299 /* status-fd buffer */
306 GMimeStream *sigstream;
307 GMimeStream *istream;
308 GMimeStream *ostream;
311 GMimeStream *diagnostics;
313 GMimeCertificateList *encrypted_to; /* full list of encrypted-to recipients */
314 GMimeSignatureList *signatures;
315 GMimeSignature *signature;
320 unsigned int exited:1;
321 unsigned int complete:1;
322 unsigned int seen_eof1:1;
323 unsigned int seen_eof2:1;
324 unsigned int flushed:1; /* flushed the diagnostics stream (aka stderr) */
325 unsigned int always_trust:1;
326 unsigned int use_agent:1;
327 unsigned int armor:1;
328 unsigned int need_passwd:1;
329 unsigned int bad_passwds:2;
330 unsigned int decrypt_okay:1;
332 unsigned int padding:19;
335 static struct _GpgCtx *
336 gpg_ctx_new (GMimeGpgContext *ctx)
342 gpg = g_slice_new (struct _GpgCtx);
343 gpg->mode = GPG_CTX_MODE_SIGN;
345 gpg->userid_hint = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free);
346 gpg->decrypt_okay = FALSE;
347 gpg->complete = FALSE;
348 gpg->seen_eof1 = TRUE;
349 gpg->seen_eof2 = FALSE;
350 gpg->pid = (pid_t) -1;
351 gpg->exit_status = 0;
352 gpg->flushed = FALSE;
356 gpg->recipients = NULL;
357 gpg->cipher = GMIME_CIPHER_ALGO_DEFAULT;
358 gpg->digest = GMIME_DIGEST_ALGO_DEFAULT;
359 gpg->always_trust = FALSE;
360 gpg->use_agent = FALSE;
369 gpg->statusbuf = g_malloc (128);
370 gpg->statusptr = gpg->statusbuf;
371 gpg->statusleft = 128;
373 gpg->bad_passwds = 0;
374 gpg->need_passwd = FALSE;
377 gpg->encrypted_to = NULL;
378 gpg->signatures = NULL;
379 gpg->signature = NULL;
381 gpg->sigstream = NULL;
385 stream = g_mime_stream_mem_new ();
386 gpg->diag = GMIME_STREAM_MEM (stream)->buffer;
387 charset = g_mime_charset_iconv_name (g_mime_locale_charset ());
388 if (g_ascii_strcasecmp (charset, "UTF-8") != 0) {
389 GMimeStream *fstream;
392 fstream = g_mime_stream_filter_new (stream);
393 filter = g_mime_filter_charset_new (charset, "UTF-8");
394 g_mime_stream_filter_add ((GMimeStreamFilter *) fstream, filter);
395 g_object_unref (stream);
396 g_object_unref (filter);
398 gpg->diagnostics = fstream;
402 /* system charset is UTF-8, shouldn't need any conversion */
403 gpg->diagnostics = stream;
412 gpg_ctx_set_mode (struct _GpgCtx *gpg, enum _GpgCtxMode mode)
415 gpg->need_passwd = ((gpg->mode == GPG_CTX_MODE_SIGN) || (gpg->mode == GPG_CTX_MODE_DECRYPT) || (gpg->mode == GPG_CTX_MODE_SIGN_ENCRYPT));
419 gpg_ctx_set_digest (struct _GpgCtx *gpg, GMimeDigestAlgo digest)
421 gpg->digest = digest;
425 gpg_ctx_set_always_trust (struct _GpgCtx *gpg, gboolean trust)
427 gpg->always_trust = trust;
431 gpg_ctx_set_use_agent (struct _GpgCtx *gpg, gboolean use_agent)
433 gpg->use_agent = use_agent;
437 gpg_ctx_set_userid (struct _GpgCtx *gpg, const char *userid)
439 g_free (gpg->userid);
440 gpg->userid = g_strdup (userid);
444 gpg_ctx_add_recipient (struct _GpgCtx *gpg, const char *keyid)
446 if (gpg->mode != GPG_CTX_MODE_ENCRYPT &&
447 gpg->mode != GPG_CTX_MODE_SIGN_ENCRYPT &&
448 gpg->mode != GPG_CTX_MODE_EXPORT)
451 if (!gpg->recipients)
452 gpg->recipients = g_ptr_array_new ();
454 g_ptr_array_add (gpg->recipients, g_strdup (keyid));
458 gpg_ctx_set_armor (struct _GpgCtx *gpg, gboolean armor)
464 gpg_ctx_set_istream (struct _GpgCtx *gpg, GMimeStream *istream)
466 g_object_ref (istream);
468 g_object_unref (gpg->istream);
469 gpg->istream = istream;
473 gpg_ctx_set_ostream (struct _GpgCtx *gpg, GMimeStream *ostream)
475 g_object_ref (ostream);
477 g_object_unref (gpg->ostream);
478 gpg->ostream = ostream;
479 gpg->seen_eof1 = FALSE;
483 gpg_ctx_set_sigstream (struct _GpgCtx *gpg, GMimeStream *sigstream)
485 g_object_ref (sigstream);
487 g_object_unref (gpg->sigstream);
488 gpg->sigstream = sigstream;
492 gpg_ctx_get_diagnostics (struct _GpgCtx *gpg)
495 g_mime_stream_flush (gpg->diagnostics);
496 g_byte_array_append (gpg->diag, (unsigned char *) "", 1);
500 return (const char *) gpg->diag->data;
504 gpg_ctx_free (struct _GpgCtx *gpg)
508 g_hash_table_destroy (gpg->userid_hint);
510 g_free (gpg->userid);
512 if (gpg->recipients) {
513 for (i = 0; i < gpg->recipients->len; i++)
514 g_free (gpg->recipients->pdata[i]);
516 g_ptr_array_free (gpg->recipients, TRUE);
519 if (gpg->stdin_fd != -1)
520 close (gpg->stdin_fd);
521 if (gpg->stdout_fd != -1)
522 close (gpg->stdout_fd);
523 if (gpg->stderr_fd != -1)
524 close (gpg->stderr_fd);
525 if (gpg->status_fd != -1)
526 close (gpg->status_fd);
527 if (gpg->secret_fd != -1)
528 close (gpg->secret_fd);
530 g_free (gpg->statusbuf);
532 g_free (gpg->need_id);
535 g_object_unref (gpg->sigstream);
538 g_object_unref (gpg->istream);
541 g_object_unref (gpg->ostream);
543 g_object_unref (gpg->diagnostics);
545 if (gpg->encrypted_to)
546 g_object_unref (gpg->encrypted_to);
549 g_object_unref (gpg->signatures);
551 g_slice_free (struct _GpgCtx, gpg);
555 gpg_digest_str (GMimeDigestAlgo digest)
558 case GMIME_DIGEST_ALGO_MD2:
559 return "--digest-algo=MD2";
560 case GMIME_DIGEST_ALGO_MD5:
561 return "--digest-algo=MD5";
562 case GMIME_DIGEST_ALGO_SHA1:
563 return "--digest-algo=SHA1";
564 case GMIME_DIGEST_ALGO_SHA224:
565 return "--digest-algo=SHA224";
566 case GMIME_DIGEST_ALGO_SHA256:
567 return "--digest-algo=SHA256";
568 case GMIME_DIGEST_ALGO_SHA384:
569 return "--digest-algo=SHA384";
570 case GMIME_DIGEST_ALGO_SHA512:
571 return "--digest-algo=SHA512";
572 case GMIME_DIGEST_ALGO_RIPEMD160:
573 return "--digest-algo=RIPEMD160";
574 case GMIME_DIGEST_ALGO_TIGER192:
575 return "--digest-algo=TIGER192";
576 case GMIME_DIGEST_ALGO_MD4:
577 return "--digest-algo=MD4";
584 gpg_ctx_get_argv (struct _GpgCtx *gpg, int status_fd, int secret_fd, char ***strv)
586 const char *digest_str;
592 *strv = g_new (char *, 3);
594 args = g_ptr_array_new ();
595 g_ptr_array_add (args, "gpg");
597 g_ptr_array_add (args, "--verbose");
598 g_ptr_array_add (args, "--no-secmem-warning");
599 g_ptr_array_add (args, "--no-greeting");
600 g_ptr_array_add (args, "--no-tty");
602 if (!gpg->need_passwd) {
603 /* only use batch mode if we don't intend on using the
604 interactive --command-fd option to send it the
606 g_ptr_array_add (args, "--batch");
607 g_ptr_array_add (args, "--yes");
610 g_ptr_array_add (args, "--charset=UTF-8");
612 (*strv)[v++] = buf = g_strdup_printf ("--status-fd=%d", status_fd);
613 g_ptr_array_add (args, buf);
615 if (gpg->need_passwd) {
616 (*strv)[v++] = buf = g_strdup_printf ("--command-fd=%d", secret_fd);
617 g_ptr_array_add (args, buf);
621 case GPG_CTX_MODE_SIGN:
623 g_ptr_array_add (args, "--use-agent");
625 g_ptr_array_add (args, "--sign");
626 g_ptr_array_add (args, "--detach");
628 g_ptr_array_add (args, "--armor");
629 if ((digest_str = gpg_digest_str (gpg->digest)))
630 g_ptr_array_add (args, (char *) digest_str);
632 g_ptr_array_add (args, "-u");
633 g_ptr_array_add (args, (char *) gpg->userid);
635 g_ptr_array_add (args, "--output");
636 g_ptr_array_add (args, "-");
638 case GPG_CTX_MODE_VERIFY:
639 if (!gpg->ctx->auto_key_retrieve) {
640 g_ptr_array_add (args, "--keyserver-options");
641 g_ptr_array_add (args, "no-auto-key-retrieve");
644 g_ptr_array_add (args, "--enable-special-filenames");
645 g_ptr_array_add (args, "--verify");
646 g_ptr_array_add (args, "--");
648 /* signature stream must come first */
649 (*strv)[v++] = buf = g_strdup_printf ("-&%d", secret_fd);
650 g_ptr_array_add (args, buf);
652 /* followed by the content stream (in this case, stdin) */
653 g_ptr_array_add (args, "-");
655 case GPG_CTX_MODE_SIGN_ENCRYPT:
657 g_ptr_array_add (args, "--use-agent");
659 g_ptr_array_add (args, "--sign");
661 if ((digest_str = gpg_digest_str (gpg->digest)))
662 g_ptr_array_add (args, (char *) digest_str);
665 case GPG_CTX_MODE_ENCRYPT:
666 g_ptr_array_add (args, "--encrypt");
669 g_ptr_array_add (args, "--armor");
671 if (gpg->always_trust)
672 g_ptr_array_add (args, "--always-trust");
675 g_ptr_array_add (args, "-u");
676 g_ptr_array_add (args, (char *) gpg->userid);
679 if (gpg->recipients) {
680 for (i = 0; i < gpg->recipients->len; i++) {
681 g_ptr_array_add (args, "-r");
682 g_ptr_array_add (args, gpg->recipients->pdata[i]);
685 g_ptr_array_add (args, "--output");
686 g_ptr_array_add (args, "-");
688 case GPG_CTX_MODE_DECRYPT:
690 g_ptr_array_add (args, "--use-agent");
692 g_ptr_array_add (args, "--decrypt");
693 g_ptr_array_add (args, "--output");
694 g_ptr_array_add (args, "-");
696 case GPG_CTX_MODE_IMPORT:
697 g_ptr_array_add (args, "--import");
698 g_ptr_array_add (args, "-");
700 case GPG_CTX_MODE_EXPORT:
702 g_ptr_array_add (args, "--armor");
703 g_ptr_array_add (args, "--export");
704 for (i = 0; i < gpg->recipients->len; i++)
705 g_ptr_array_add (args, gpg->recipients->pdata[i]);
710 for (i = 0; i < args->len; i++)
711 printf ("%s ", (char *) args->pdata[i]);
715 g_ptr_array_add (args, NULL);
718 argv = (char **) args->pdata;
719 g_ptr_array_free (args, FALSE);
725 gpg_ctx_op_start (struct _GpgCtx *gpg)
727 int i, maxfd, errnosave, fds[10];
728 char **argv, **strv = NULL;
731 for (i = 0; i < 10; i++)
734 maxfd = (gpg->need_passwd || gpg->sigstream) ? 10 : 8;
735 for (i = 0; i < maxfd; i += 2) {
736 if (pipe (fds + i) == -1)
740 argv = gpg_ctx_get_argv (gpg, fds[7], fds[8], &strv);
742 if (!(gpg->pid = fork ())) {
745 if ((dup2 (fds[0], STDIN_FILENO) < 0) ||
746 (dup2 (fds[3], STDOUT_FILENO) < 0) ||
747 (dup2 (fds[5], STDERR_FILENO) < 0)) {
751 /* Dissociate from gmime's controlling terminal so
752 * that gpg won't be able to read from it.
756 maxfd = sysconf (_SC_OPEN_MAX);
757 for (i = 3; i < maxfd; i++) {
758 /* don't close the status-fd or the passwd-fd */
759 if (i != fds[7] && i != fds[8])
760 fcntl (i, F_SETFD, FD_CLOEXEC);
764 execvp (gpg->ctx->path, argv);
766 } else if (gpg->pid < 0) {
778 gpg->stdin_fd = fds[1];
779 gpg->stdout_fd = fds[2];
781 gpg->stderr_fd = fds[4];
783 gpg->status_fd = fds[6];
787 flags = (flags = fcntl (fds[9], F_GETFL)) == -1 ? O_WRONLY : flags;
788 fcntl (fds[9], F_SETFL, flags | O_NONBLOCK);
789 gpg->secret_fd = fds[9];
793 flags = (flags = fcntl (gpg->stdin_fd, F_GETFL)) == -1 ? O_WRONLY : flags;
794 fcntl (gpg->stdin_fd, F_SETFL, flags | O_NONBLOCK);
796 flags = (flags = fcntl (gpg->stdout_fd, F_GETFL)) == -1 ? O_RDONLY : flags;
797 fcntl (gpg->stdout_fd, F_SETFL, flags | O_NONBLOCK);
799 flags = (flags = fcntl (gpg->stderr_fd, F_GETFL)) == -1 ? O_RDONLY : flags;
800 fcntl (gpg->stderr_fd, F_SETFL, flags | O_NONBLOCK);
802 flags = (flags = fcntl (gpg->status_fd, F_GETFL)) == -1 ? O_RDONLY : flags;
803 fcntl (gpg->status_fd, F_SETFL, flags | O_NONBLOCK);
811 for (i = 0; i < maxfd; i++) {
822 next_token (char *in, char **token)
824 char *start, *inptr = in;
826 while (*inptr == ' ')
829 if (*inptr == '\0' || *inptr == '\n') {
836 while (*inptr && *inptr != ' ' && *inptr != '\n')
840 *token = g_strndup (start, (size_t) (inptr - start));
846 * gpg_ctx_add_signature:
847 * @gpg: GnuPG context
848 * @status: a #GMimeSignatureStatus
849 * @info: a string with the signature info
851 * Parses GOODSIG, BADSIG, EXPSIG, EXPKEYSIG, and REVKEYSIG status messages
852 * into a newly allocated #GMimeSignature and adds it to @gpg's signature list.
855 gpg_ctx_add_signature (struct _GpgCtx *gpg, GMimeSignatureStatus status, char *info)
859 if (!gpg->signatures)
860 gpg->signatures = g_mime_signature_list_new ();
862 gpg->signature = sig = g_mime_signature_new ();
863 g_mime_signature_set_status (sig, status);
864 g_mime_signature_list_add (gpg->signatures, sig);
865 g_object_unref (sig);
867 /* get the key id of the signer */
868 info = next_token (info, &sig->cert->keyid);
870 /* the rest of the string is the signer's name */
871 sig->cert->name = g_strdup (info);
875 gpg_ctx_parse_signer_info (struct _GpgCtx *gpg, char *status)
880 if (!strncmp (status, "SIG_ID ", 7)) {
881 /* not sure if this contains anything we care about... */
882 } else if (!strncmp (status, "GOODSIG ", 8)) {
883 gpg_ctx_add_signature (gpg, GMIME_SIGNATURE_STATUS_GOOD, status + 8);
884 } else if (!strncmp (status, "BADSIG ", 7)) {
885 gpg_ctx_add_signature (gpg, GMIME_SIGNATURE_STATUS_BAD, status + 7);
886 } else if (!strncmp (status, "EXPSIG ", 7)) {
887 gpg_ctx_add_signature (gpg, GMIME_SIGNATURE_STATUS_ERROR, status + 7);
888 gpg->signature->errors |= GMIME_SIGNATURE_ERROR_EXPSIG;
889 } else if (!strncmp (status, "EXPKEYSIG ", 10)) {
890 gpg_ctx_add_signature (gpg, GMIME_SIGNATURE_STATUS_ERROR, status + 10);
891 gpg->signature->errors |= GMIME_SIGNATURE_ERROR_EXPKEYSIG;
892 } else if (!strncmp (status, "REVKEYSIG ", 10)) {
893 gpg_ctx_add_signature (gpg, GMIME_SIGNATURE_STATUS_ERROR, status + 10);
894 gpg->signature->errors |= GMIME_SIGNATURE_ERROR_REVKEYSIG;
895 } else if (!strncmp (status, "ERRSIG ", 7)) {
896 /* Note: NO_PUBKEY often comes after an ERRSIG */
899 if (!gpg->signatures)
900 gpg->signatures = g_mime_signature_list_new ();
902 gpg->signature = sig = g_mime_signature_new ();
903 g_mime_signature_set_status (sig, GMIME_SIGNATURE_STATUS_ERROR);
904 g_mime_signature_list_add (gpg->signatures, sig);
905 g_object_unref (sig);
907 /* get the key id of the signer */
908 status = next_token (status, &sig->cert->keyid);
910 /* the second token is the public-key algorithm id */
911 sig->cert->pubkey_algo = strtoul (status, &inend, 10);
912 if (inend == status || *inend != ' ') {
913 sig->cert->pubkey_algo = 0;
919 /* the third token is the digest algorithm id */
920 sig->cert->digest_algo = strtoul (status, &inend, 10);
921 if (inend == status || *inend != ' ') {
922 sig->cert->digest_algo = 0;
928 /* the fourth token is the signature class */
929 /*sig->sig_class =*/ strtoul (status, &inend, 10);
930 if (inend == status || *inend != ' ') {
931 /*signer->sig_class = 0;*/
937 /* the fifth token is the signature expiration date (or 0 for never) */
938 sig->expires = strtoul (status, &inend, 10);
939 if (inend == status || *inend != ' ') {
946 /* the sixth token is the return code */
947 switch (strtol (status, NULL, 10)) {
948 case 4: sig->errors |= GMIME_SIGNATURE_ERROR_UNSUPP_ALGO; break;
949 case 9: sig->errors |= GMIME_SIGNATURE_ERROR_NO_PUBKEY; break;
952 } else if (!strncmp (status, "NO_PUBKEY ", 10)) {
953 /* the only token is the keyid, but we've already got it */
954 gpg->signature->errors |= GMIME_SIGNATURE_ERROR_NO_PUBKEY;
955 } else if (!strncmp (status, "VALIDSIG ", 9)) {
956 sig = gpg->signature;
959 /* the first token is the fingerprint */
960 status = next_token (status, &sig->cert->fingerprint);
962 /* the second token is the date the stream was signed YYYY-MM-DD */
963 status = next_token (status, NULL);
965 /* the third token is the signature creation date (or 0 for unknown?) */
966 sig->created = strtoul (status, &inend, 10);
967 if (inend == status || *inend != ' ') {
974 /* the fourth token is the signature expiration date (or 0 for never) */
975 sig->expires = strtoul (status, &inend, 10);
976 if (inend == status || *inend != ' ') {
983 /* the fifth token is the signature version */
984 /*sig->sig_ver =*/ strtoul (status, &inend, 10);
985 if (inend == status || *inend != ' ') {
986 /*signer->sig_ver = 0;*/
992 /* the sixth token is a reserved numeric value (ignore for now) */
993 status = next_token (status, NULL);
995 /* the seventh token is the public-key algorithm id */
996 sig->cert->pubkey_algo = strtoul (status, &inend, 10);
997 if (inend == status || *inend != ' ') {
998 sig->cert->pubkey_algo = 0;
1004 /* the eighth token is the digest algorithm id */
1005 sig->cert->digest_algo = strtoul (status, &inend, 10);
1006 if (inend == status || *inend != ' ') {
1007 sig->cert->digest_algo = 0;
1013 /* the nineth token is the signature class */
1014 /*sig->sig_class =*/ strtoul (status, &inend, 10);
1015 if (inend == status || *inend != ' ') {
1016 /*sig->sig_class = 0;*/
1022 /* the rest is the primary key fingerprint */
1023 } else if (!strncmp (status, "TRUST_", 6)) {
1026 sig = gpg->signature;
1027 if (!strncmp (status, "NEVER", 5)) {
1028 sig->cert->trust = GMIME_CERTIFICATE_TRUST_NEVER;
1029 } else if (!strncmp (status, "MARGINAL", 8)) {
1030 sig->cert->trust = GMIME_CERTIFICATE_TRUST_MARGINAL;
1031 } else if (!strncmp (status, "FULLY", 5)) {
1032 sig->cert->trust = GMIME_CERTIFICATE_TRUST_FULLY;
1033 } else if (!strncmp (status, "ULTIMATE", 8)) {
1034 sig->cert->trust = GMIME_CERTIFICATE_TRUST_ULTIMATE;
1035 } else if (!strncmp (status, "UNDEFINED", 9)) {
1036 sig->cert->trust = GMIME_CERTIFICATE_TRUST_UNDEFINED;
1042 gpg_ctx_parse_status (struct _GpgCtx *gpg, GError **err)
1044 size_t nread, nwritten;
1045 register char *inptr;
1051 g_clear_error (err);
1053 inptr = gpg->statusbuf;
1054 while (inptr < gpg->statusptr && *inptr != '\n')
1057 if (*inptr != '\n') {
1058 /* we don't have enough data buffered to parse this status line */
1063 status = gpg->statusbuf;
1065 d(printf ("status: %s\n", status));
1067 if (strncmp (status, "[GNUPG:] ", 9) != 0) {
1069 tmp = g_locale_to_utf8 (status, -1, &nread, &nwritten, NULL);
1073 g_set_error (err, GMIME_ERROR, GMIME_ERROR_PARSE_ERROR,
1074 _("Unexpected GnuPG status message encountered:\n\n%s"),
1085 if (!strncmp (status, "USERID_HINT ", 12)) {
1086 size_t nread, nwritten;
1091 status = next_token (status, &hint);
1093 g_set_error_literal (err, GMIME_ERROR, GMIME_ERROR_PARSE_ERROR,
1094 _("Failed to parse gpg userid hint."));
1098 if (g_hash_table_lookup (gpg->userid_hint, hint)) {
1099 /* we already have this userid hint... */
1104 if (gpg->utf8 || !(user = g_locale_to_utf8 (status, -1, &nread, &nwritten, NULL)))
1105 user = g_strdup (status);
1109 g_hash_table_insert (gpg->userid_hint, hint, user);
1110 } else if (!strncmp (status, "NEED_PASSPHRASE ", 16)) {
1115 status = next_token (status, &userid);
1117 g_set_error_literal (err, GMIME_ERROR, GMIME_ERROR_PARSE_ERROR,
1118 _("Failed to parse gpg passphrase request."));
1122 g_free (gpg->need_id);
1123 gpg->need_id = userid;
1124 } else if (!strncmp (status, "NEED_PASSPHRASE_PIN ", 20)) {
1129 status = next_token (status, &userid);
1131 g_set_error_literal (err, GMIME_ERROR, GMIME_ERROR_PARSE_ERROR,
1132 _("Failed to parse gpg passphrase request."));
1136 g_free (gpg->need_id);
1137 gpg->need_id = userid;
1138 } else if (!strncmp (status, "GET_HIDDEN ", 11)) {
1139 GMimeStream *filtered_stream, *passwd;
1140 GMimeCryptoContext *ctx;
1141 GMimeFilter *filter;
1142 const char *charset;
1143 char *prompt = NULL;
1149 ctx = (GMimeCryptoContext *) gpg->ctx;
1150 if (!ctx->request_passwd) {
1151 /* can't ask for a passwd w/o a way to request it from the user... */
1152 g_set_error_literal (err, GMIME_ERROR, ECANCELED, _("Canceled."));
1156 if (!(name = g_hash_table_lookup (gpg->userid_hint, gpg->need_id)))
1159 if (!strncmp (status, "passphrase.pin.ask", 18)) {
1160 prompt = g_strdup_printf (_("You need a PIN to unlock the key for your\n"
1161 "SmartCard: \"%s\""), name);
1162 } else if (!strncmp (status, "passphrase.enter", 16)) {
1163 prompt = g_strdup_printf (_("You need a passphrase to unlock the key for\n"
1164 "user: \"%s\""), name);
1166 next_token (status, &prompt);
1167 g_set_error (err, GMIME_ERROR, GMIME_ERROR_GENERAL,
1168 _("Unexpected request from GnuPG for `%s'"), prompt);
1173 /* create a stream for the application to write the passwd to */
1174 passwd = g_mime_stream_pipe_new (gpg->secret_fd);
1175 g_mime_stream_pipe_set_owner ((GMimeStreamPipe *) passwd, FALSE);
1178 /* we'll need to transcode the UTF-8 password that the application
1179 * will write to our stream into the locale charset used by gpg */
1180 filtered_stream = g_mime_stream_filter_new (passwd);
1181 g_object_unref (passwd);
1183 charset = g_mime_locale_charset ();
1184 filter = g_mime_filter_charset_new ("UTF-8", charset);
1186 g_mime_stream_filter_add ((GMimeStreamFilter *) filtered_stream, filter);
1187 g_object_unref (filter);
1189 passwd = filtered_stream;
1192 if ((ok = ctx->request_passwd (ctx, name, prompt, gpg->bad_passwds > 0, passwd, err))) {
1193 if (g_mime_stream_flush (passwd) == -1)
1197 g_object_unref (passwd);
1202 } else if (!strncmp (status, "GOOD_PASSPHRASE", 15)) {
1203 gpg->bad_passwds = 0;
1204 } else if (!strncmp (status, "BAD_PASSPHRASE", 14)) {
1207 if (gpg->bad_passwds == 3) {
1208 g_set_error_literal (err, GMIME_ERROR, GMIME_ERROR_BAD_PASSWORD,
1209 _("Failed to unlock secret key: 3 bad passphrases given."));
1212 } else if (!strncmp (status, "UNEXPECTED ", 11)) {
1213 /* this is an error */
1215 tmp = g_locale_to_utf8 (status + 11, -1, &nread, &nwritten, NULL);
1219 g_set_error (err, GMIME_ERROR, GMIME_ERROR_GENERAL,
1220 _("Unexpected response from GnuPG: %s"),
1227 } else if (!strncmp (status, "NODATA", 6)) {
1228 /* this is an error */
1229 const char *diagnostics;
1231 diagnostics = gpg_ctx_get_diagnostics (gpg);
1232 if (diagnostics && *diagnostics)
1233 g_set_error_literal (err, GMIME_ERROR, GMIME_ERROR_GENERAL, diagnostics);
1235 g_set_error_literal (err, GMIME_ERROR, GMIME_ERROR_GENERAL, _("No data provided"));
1239 GMimeCertificate *cert;
1242 switch (gpg->mode) {
1243 case GPG_CTX_MODE_SIGN:
1244 if (strncmp (status, "SIG_CREATED ", 12) != 0)
1249 /* skip the next single-char token ("D" for detached) */
1250 status = next_token (status, NULL);
1252 /* skip the public-key algorithm id token */
1253 status = next_token (status, NULL);
1255 /* this token is the digest algorithm used */
1256 gpg->digest = strtoul (status, NULL, 10);
1258 case GPG_CTX_MODE_VERIFY:
1259 gpg_ctx_parse_signer_info (gpg, status);
1261 case GPG_CTX_MODE_SIGN_ENCRYPT:
1262 case GPG_CTX_MODE_ENCRYPT:
1263 if (!strncmp (status, "BEGIN_ENCRYPTION", 16)) {
1264 /* nothing to do... but we know to expect data on stdout soon */
1265 } else if (!strncmp (status, "END_ENCRYPTION", 14)) {
1266 /* nothing to do, but we know the end is near? */
1267 } else if (!strncmp (status, "NO_RECP", 7)) {
1268 g_set_error_literal (err, GMIME_ERROR, GMIME_ERROR_NO_VALID_RECIPIENTS,
1269 _("Failed to encrypt: No valid recipients specified."));
1273 case GPG_CTX_MODE_DECRYPT:
1274 if (!strncmp (status, "BEGIN_DECRYPTION", 16)) {
1275 /* nothing to do... but we know to expect data on stdout soon */
1276 } else if (!strncmp (status, "DECRYPTION_INFO ", 16)) {
1277 /* new feature added in gnupg-2.1.x which gives mdc and cipher algorithms used */
1280 /* first token is the mdc algorithm (or 0 if not used) */
1281 gpg->digest = strtoul (status, &inend, 10);
1282 if (inend == status || *inend != ' ') {
1289 /* second token is the cipher algorithm */
1290 gpg->cipher = strtoul (status, &inend, 10);
1291 } else if (!strncmp (status, "DECRYPTION_OKAY", 15)) {
1292 /* decryption succeeded */
1293 gpg->decrypt_okay = TRUE;
1294 } else if (!strncmp (status, "DECRYPTION_FAILED", 17)) {
1295 /* nothing to do... but we know gpg failed to decrypt :-( */
1296 } else if (!strncmp (status, "END_DECRYPTION", 14)) {
1297 /* nothing to do, but we know we're done */
1298 } else if (!strncmp (status, "ENC_TO ", 7)) {
1299 /* parse the recipient info */
1300 if (!gpg->encrypted_to)
1301 gpg->encrypted_to = g_mime_certificate_list_new ();
1303 cert = g_mime_certificate_new ();
1304 g_mime_certificate_list_add (gpg->encrypted_to, cert);
1308 /* first token is the recipient's keyid */
1309 status = next_token (status, &cert->keyid);
1311 /* second token is the recipient's pubkey algo */
1312 cert->pubkey_algo = strtoul (status, &inend, 10);
1313 if (inend == status || *inend != ' ') {
1314 cert->pubkey_algo = 0;
1315 g_object_unref (cert);
1319 g_object_unref (cert);
1322 /* third token is a dummy value which is always '0' */
1323 } else if (!strncmp (status, "GOODMDC", 7)) {
1324 /* nothing to do... we'll grab the MDC used in DECRYPTION_INFO */
1325 } else if (!strncmp (status, "BADMDC", 6)) {
1326 /* nothing to do, this will only be sent after DECRYPTION_FAILED */
1328 gpg_ctx_parse_signer_info (gpg, status);
1331 case GPG_CTX_MODE_IMPORT:
1334 case GPG_CTX_MODE_EXPORT:
1342 /* recycle our statusbuf by moving inptr to the beginning of statusbuf */
1343 len = gpg->statusptr - inptr;
1344 memmove (gpg->statusbuf, inptr, len);
1346 len = inptr - gpg->statusbuf;
1347 gpg->statusleft += len;
1348 gpg->statusptr -= len;
1350 /* if we have more data, try parsing the next line? */
1351 if (gpg->statusptr > gpg->statusbuf)
1357 #ifdef ALLOC_NEAREST_POW2
1358 static inline size_t
1359 nearest_pow (size_t num)
1367 #if defined (__GNUC__) && defined (__i386__)
1368 __asm__("bsrl %1,%0\n\t"
1371 "1:" : "=r" (n) : "rm" (n));
1385 #define next_alloc_size(n) nearest_pow (n)
1387 static inline size_t
1388 next_alloc_size (size_t n)
1390 return (n + 63) & ~63;
1394 #define status_backup(gpg, start, len) G_STMT_START { \
1395 if (gpg->statusleft <= len) { \
1396 size_t slen, soff; \
1398 soff = gpg->statusptr - gpg->statusbuf; \
1399 slen = next_alloc_size (soff + len + 1); \
1401 gpg->statusbuf = g_realloc (gpg->statusbuf, slen); \
1402 gpg->statusptr = gpg->statusbuf + soff; \
1403 gpg->statusleft = (slen - 1) - soff; \
1406 memcpy (gpg->statusptr, start, len); \
1407 gpg->statusptr += len; \
1408 gpg->statusleft -= len; \
1427 #define POLLIN (1 << 0)
1428 #define POLLPRI (1 << 1)
1429 #define POLLOUT (1 << 2)
1430 #define POLLERR (1 << 3)
1431 #define POLLHUP (1 << 4)
1432 #define POLLNVAL (1 << 5)
1436 poll (struct pollfd *pfds, nfds_t nfds, int timeout)
1438 fd_set rset, wset, xset;
1447 /* initialize our select() timeout */
1448 tv.tv_sec = timeout / 1000;
1449 tv.tv_usec = (timeout % 1000) * 1000;
1451 /* initialize our select() fd sets */
1456 for (i = 0; i < nfds; i++) {
1457 pfds[i].revents = 0;
1461 if (pfds[i].events & POLLIN)
1462 FD_SET (pfds[i].fd, &rset);
1463 if (pfds[i].events & POLLOUT)
1464 FD_SET (pfds[i].fd, &wset);
1465 if (pfds[i].events != 0)
1466 FD_SET (pfds[i].fd, &xset);
1467 if (pfds[i].fd > maxfd)
1471 /* poll our fds... */
1472 if ((ready = select (maxfd + 1, &rset, &wset, &xset, timeout != -1 ? &tv : NULL)) > 0) {
1475 for (i = 0; i < nfds; i++) {
1479 if (FD_ISSET (pfds[i].fd, &rset))
1480 pfds[i].revents |= POLLIN;
1481 if (FD_ISSET (pfds[i].fd, &wset))
1482 pfds[i].revents |= POLLOUT;
1483 if (FD_ISSET (pfds[i].fd, &xset))
1484 pfds[i].revents |= POLLERR | POLLHUP;
1486 if (pfds[i].revents != 0)
1495 poll (struct pollfd *pfds, nfds_t nfds, int timeout)
1500 #endif /* HAVE_SELECT */
1501 #endif /* ! HAVE_POLL */
1504 gpg_ctx_op_step (struct _GpgCtx *gpg, GError **err)
1506 const char *diagnostics, *mode;
1507 struct pollfd pfds[GPG_N_FDS];
1511 for (n = 0; n < GPG_N_FDS; n++) {
1516 if (!gpg->seen_eof1) {
1517 pfds[GPG_STDOUT_FD].fd = gpg->stdout_fd;
1518 pfds[GPG_STDOUT_FD].events = POLLIN;
1521 if (!gpg->seen_eof2) {
1522 pfds[GPG_STDERR_FD].fd = gpg->stderr_fd;
1523 pfds[GPG_STDERR_FD].events = POLLIN;
1526 if (!gpg->complete) {
1527 pfds[GPG_STATUS_FD].fd = gpg->status_fd;
1528 pfds[GPG_STATUS_FD].events = POLLIN;
1531 pfds[GPG_STDIN_FD].fd = gpg->stdin_fd;
1532 pfds[GPG_STDIN_FD].events = POLLOUT;
1534 if (gpg->mode == GPG_CTX_MODE_VERIFY) {
1535 pfds[GPG_VERIFY_FD].fd = gpg->secret_fd;
1536 pfds[GPG_VERIFY_FD].events = POLLOUT;
1540 for (n = 0; n < GPG_N_FDS; n++)
1541 pfds[n].revents = 0;
1542 ready = poll (pfds, GPG_N_FDS, 10 * 1000);
1543 } while (ready == -1 && errno == EINTR);
1546 d(printf ("poll() failed: %s\n", g_strerror (errno)));
1548 } else if (ready == 0) {
1553 /* Test each and every file descriptor to see if it's 'ready',
1554 and if so - do what we can with it and then drop through to
1555 the next file descriptor and so on until we've done what we
1556 can to all of them. If one fails along the way, return
1559 if (pfds[GPG_STATUS_FD].revents & (POLLIN | POLLHUP)) {
1560 /* read the status message and decide what to do... */
1564 d(printf ("reading from gpg's status-fd...\n"));
1567 nread = read (gpg->status_fd, buffer, sizeof (buffer));
1568 } while (nread == -1 && (errno == EINTR || errno == EAGAIN));
1574 status_backup (gpg, buffer, (size_t) nread);
1575 if (gpg_ctx_parse_status (gpg, err) == -1)
1578 gpg->complete = TRUE;
1582 if ((pfds[GPG_STDOUT_FD].revents & (POLLIN | POLLHUP)) && gpg->ostream) {
1586 d(printf ("reading gpg's stdout...\n"));
1589 nread = read (gpg->stdout_fd, buffer, sizeof (buffer));
1590 } while (nread == -1 && (errno == EINTR || errno == EAGAIN));
1596 if (g_mime_stream_write (gpg->ostream, buffer, (size_t) nread) == -1)
1599 gpg->seen_eof1 = TRUE;
1603 if (pfds[GPG_STDERR_FD].revents & (POLLIN | POLLHUP)) {
1607 d(printf ("reading gpg's stderr...\n"));
1610 nread = read (gpg->stderr_fd, buffer, sizeof (buffer));
1611 } while (nread == -1 && (errno == EINTR || errno == EAGAIN));
1617 g_mime_stream_write (gpg->diagnostics, buffer, nread);
1619 gpg->seen_eof2 = TRUE;
1623 if ((pfds[GPG_VERIFY_FD].revents & (POLLOUT | POLLHUP))) {
1627 d(printf ("streaming digital signature to gpg...\n"));
1629 /* write our signature stream to gpg's special fd */
1630 nread = g_mime_stream_read (gpg->sigstream, buffer, sizeof (buffer));
1632 ssize_t w, nwritten = 0;
1636 w = write (gpg->secret_fd, buffer + nwritten, nread - nwritten);
1637 } while (w == -1 && (errno == EINTR || errno == EAGAIN));
1641 } while (nwritten < nread && w != -1);
1647 if (g_mime_stream_eos (gpg->sigstream)) {
1648 close (gpg->secret_fd);
1649 gpg->secret_fd = -1;
1653 if ((pfds[GPG_STDIN_FD].revents & (POLLOUT | POLLHUP)) && gpg->istream) {
1657 d(printf ("writing to gpg's stdin...\n"));
1659 /* write our stream to gpg's stdin */
1660 nread = g_mime_stream_read (gpg->istream, buffer, sizeof (buffer));
1662 ssize_t w, nwritten = 0;
1666 w = write (gpg->stdin_fd, buffer + nwritten, nread - nwritten);
1667 } while (w == -1 && (errno == EINTR || errno == EAGAIN));
1671 } while (nwritten < nread && w != -1);
1677 if (g_mime_stream_eos (gpg->istream)) {
1678 close (gpg->stdin_fd);
1687 switch (gpg->mode) {
1688 case GPG_CTX_MODE_SIGN:
1691 case GPG_CTX_MODE_VERIFY:
1694 case GPG_CTX_MODE_SIGN_ENCRYPT:
1695 case GPG_CTX_MODE_ENCRYPT:
1698 case GPG_CTX_MODE_DECRYPT:
1701 case GPG_CTX_MODE_IMPORT:
1702 mode = "import keys";
1704 case GPG_CTX_MODE_EXPORT:
1705 mode = "export keys";
1708 g_assert_not_reached ();
1714 diagnostics = gpg_ctx_get_diagnostics (gpg);
1717 if (diagnostics && *diagnostics) {
1718 g_set_error (err, GMIME_ERROR, errno,
1719 _("Failed to %s via GnuPG: %s\n\n%s"),
1720 mode, g_strerror (errno),
1723 g_set_error (err, GMIME_ERROR, errno,
1724 _("Failed to %s via GnuPG: %s\n"),
1725 mode, g_strerror (errno));
1732 gpg_ctx_op_complete (struct _GpgCtx *gpg)
1734 return gpg->complete && gpg->seen_eof1 && gpg->seen_eof2;
1739 gpg_ctx_op_exited (struct _GpgCtx *gpg)
1743 if (waitpid (gpg->pid, &status, WNOHANG) == gpg->pid) {
1744 gpg->exit_status = status;
1754 gpg_ctx_op_cancel (struct _GpgCtx *gpg)
1761 kill (gpg->pid, SIGTERM);
1763 if (waitpid (gpg->pid, &status, WNOHANG) == 0) {
1764 /* no more mr nice guy... */
1765 kill (gpg->pid, SIGKILL);
1767 waitpid (gpg->pid, &status, WNOHANG);
1772 gpg_ctx_op_wait (struct _GpgCtx *gpg)
1774 int errnosave, status;
1775 sigset_t mask, omask;
1779 sigemptyset (&mask);
1780 sigaddset (&mask, SIGALRM);
1781 sigprocmask (SIG_BLOCK, &mask, &omask);
1784 retval = waitpid (gpg->pid, &status, 0);
1788 sigprocmask (SIG_SETMASK, &omask, NULL);
1791 if (retval == (pid_t) -1 && errno == EINTR) {
1792 /* gpg is hanging... */
1793 kill (gpg->pid, SIGTERM);
1796 retval = waitpid (gpg->pid, &status, WNOHANG);
1797 if (retval == (pid_t) 0) {
1798 /* still hanging... */
1799 kill (gpg->pid, SIGKILL);
1801 retval = waitpid (gpg->pid, &status, WNOHANG);
1805 status = gpg->exit_status;
1809 if (retval != (pid_t) -1 && WIFEXITED (status))
1810 return WEXITSTATUS (status);
1814 #endif /* ENABLE_CRYPTOGRAPHY */
1817 gpg_sign (GMimeCryptoContext *context, const char *userid, GMimeDigestAlgo digest,
1818 GMimeStream *istream, GMimeStream *ostream, GError **err)
1820 #ifdef ENABLE_CRYPTOGRAPHY
1821 GMimeGpgContext *ctx = (GMimeGpgContext *) context;
1822 struct _GpgCtx *gpg;
1824 gpg = gpg_ctx_new (ctx);
1825 gpg_ctx_set_mode (gpg, GPG_CTX_MODE_SIGN);
1826 gpg_ctx_set_use_agent (gpg, ctx->use_agent);
1827 gpg_ctx_set_digest (gpg, digest);
1828 gpg_ctx_set_armor (gpg, TRUE);
1829 gpg_ctx_set_userid (gpg, userid);
1830 gpg_ctx_set_istream (gpg, istream);
1831 gpg_ctx_set_ostream (gpg, ostream);
1833 if (gpg_ctx_op_start (gpg) == -1) {
1834 g_set_error (err, GMIME_ERROR, errno,
1835 _("Failed to execute gpg: %s"),
1836 errno ? g_strerror (errno) : _("Unknown"));
1842 while (!gpg_ctx_op_complete (gpg)) {
1843 if (gpg_ctx_op_step (gpg, err) == -1) {
1844 gpg_ctx_op_cancel (gpg);
1851 if (gpg_ctx_op_wait (gpg) != 0) {
1852 const char *diagnostics;
1856 diagnostics = gpg_ctx_get_diagnostics (gpg);
1859 g_set_error_literal (err, GMIME_ERROR, errno, diagnostics);
1865 /* save the digest used */
1866 digest = gpg->digest;
1872 g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED, _("PGP support is not enabled in this build"));
1875 #endif /* ENABLE_CRYPTOGRAPHY */
1879 static GMimeSignatureList *
1880 gpg_verify (GMimeCryptoContext *context, GMimeDigestAlgo digest,
1881 GMimeStream *istream, GMimeStream *sigstream,
1884 #ifdef ENABLE_CRYPTOGRAPHY
1885 GMimeGpgContext *ctx = (GMimeGpgContext *) context;
1886 GMimeSignatureList *signatures;
1887 struct _GpgCtx *gpg;
1889 gpg = gpg_ctx_new (ctx);
1890 gpg_ctx_set_mode (gpg, GPG_CTX_MODE_VERIFY);
1891 gpg_ctx_set_sigstream (gpg, sigstream);
1892 gpg_ctx_set_istream (gpg, istream);
1893 gpg_ctx_set_digest (gpg, digest);
1895 if (gpg_ctx_op_start (gpg) == -1) {
1896 g_set_error (err, GMIME_ERROR, errno,
1897 _("Failed to execute gpg: %s"),
1898 errno ? g_strerror (errno) : _("Unknown"));
1904 while (!gpg_ctx_op_complete (gpg)) {
1905 if (gpg_ctx_op_step (gpg, err) == -1) {
1906 gpg_ctx_op_cancel (gpg);
1912 /* Only set the GError if we got no signature information from gpg */
1913 if (gpg_ctx_op_wait (gpg) != 0 && !gpg->signatures) {
1914 const char *diagnostics;
1918 diagnostics = gpg_ctx_get_diagnostics (gpg);
1921 g_set_error_literal (err, GMIME_ERROR, errno, diagnostics);
1927 signatures = gpg->signatures;
1928 gpg->signatures = NULL;
1933 g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED, _("PGP support is not enabled in this build"));
1936 #endif /* ENABLE_CRYPTOGRAPHY */
1941 gpg_encrypt (GMimeCryptoContext *context, gboolean sign, const char *userid,
1942 GMimeDigestAlgo digest, GPtrArray *recipients, GMimeStream *istream,
1943 GMimeStream *ostream, GError **err)
1945 #ifdef ENABLE_CRYPTOGRAPHY
1946 GMimeGpgContext *ctx = (GMimeGpgContext *) context;
1947 struct _GpgCtx *gpg;
1950 gpg = gpg_ctx_new (ctx);
1952 gpg_ctx_set_mode (gpg, GPG_CTX_MODE_SIGN_ENCRYPT);
1953 gpg_ctx_set_use_agent (gpg, ctx->use_agent);
1955 gpg_ctx_set_mode (gpg, GPG_CTX_MODE_ENCRYPT);
1958 gpg_ctx_set_always_trust (gpg, ctx->always_trust);
1959 gpg_ctx_set_digest (gpg, digest);
1960 gpg_ctx_set_armor (gpg, TRUE);
1961 gpg_ctx_set_userid (gpg, userid);
1962 gpg_ctx_set_istream (gpg, istream);
1963 gpg_ctx_set_ostream (gpg, ostream);
1965 for (i = 0; i < recipients->len; i++)
1966 gpg_ctx_add_recipient (gpg, recipients->pdata[i]);
1968 if (gpg_ctx_op_start (gpg) == -1) {
1969 g_set_error (err, GMIME_ERROR, errno,
1970 _("Failed to execute gpg: %s"),
1971 errno ? g_strerror (errno) : _("Unknown"));
1977 while (!gpg_ctx_op_complete (gpg)) {
1978 if (gpg_ctx_op_step (gpg, err) == -1) {
1979 gpg_ctx_op_cancel (gpg);
1986 if (gpg_ctx_op_wait (gpg) != 0) {
1987 const char *diagnostics;
1991 diagnostics = gpg_ctx_get_diagnostics (gpg);
1994 g_set_error_literal (err, GMIME_ERROR, errno, diagnostics);
2004 g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED, _("PGP support is not enabled in this build"));
2007 #endif /* ENABLE_CRYPTOGRAPHY */
2011 static GMimeDecryptResult *
2012 gpg_decrypt (GMimeCryptoContext *context, GMimeStream *istream,
2013 GMimeStream *ostream, GError **err)
2015 #ifdef ENABLE_CRYPTOGRAPHY
2016 GMimeGpgContext *ctx = (GMimeGpgContext *) context;
2017 GMimeDecryptResult *result;
2018 const char *diagnostics;
2019 struct _GpgCtx *gpg;
2022 gpg = gpg_ctx_new (ctx);
2023 gpg_ctx_set_mode (gpg, GPG_CTX_MODE_DECRYPT);
2024 gpg_ctx_set_use_agent (gpg, ctx->use_agent);
2025 gpg_ctx_set_istream (gpg, istream);
2026 gpg_ctx_set_ostream (gpg, ostream);
2028 if (gpg_ctx_op_start (gpg) == -1) {
2029 g_set_error (err, GMIME_ERROR, errno,
2030 _("Failed to execute gpg: %s"),
2031 errno ? g_strerror (errno) : _("Unknown"));
2037 while (!gpg_ctx_op_complete (gpg)) {
2038 if (gpg_ctx_op_step (gpg, err) == -1) {
2039 gpg_ctx_op_cancel (gpg);
2046 if (gpg_ctx_op_wait (gpg) != 0 && !gpg->decrypt_okay) {
2048 diagnostics = gpg_ctx_get_diagnostics (gpg);
2051 g_set_error_literal (err, GMIME_ERROR, errno, diagnostics);
2057 result = g_mime_decrypt_result_new ();
2058 result->recipients = gpg->encrypted_to;
2059 result->signatures = gpg->signatures;
2060 result->cipher = gpg->cipher;
2061 result->mdc = gpg->digest;
2062 gpg->encrypted_to = NULL;
2063 gpg->signatures = NULL;
2069 g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED, _("PGP support is not enabled in this build"));
2072 #endif /* ENABLE_CRYPTOGRAPHY */
2076 gpg_import_keys (GMimeCryptoContext *context, GMimeStream *istream, GError **err)
2078 #ifdef ENABLE_CRYPTOGRAPHY
2079 GMimeGpgContext *ctx = (GMimeGpgContext *) context;
2080 struct _GpgCtx *gpg;
2082 gpg = gpg_ctx_new (ctx);
2083 gpg_ctx_set_mode (gpg, GPG_CTX_MODE_IMPORT);
2084 gpg_ctx_set_istream (gpg, istream);
2086 if (gpg_ctx_op_start (gpg) == -1) {
2087 g_set_error (err, GMIME_ERROR, errno,
2088 _("Failed to execute gpg: %s"),
2089 errno ? g_strerror (errno) : _("Unknown"));
2095 while (!gpg_ctx_op_complete (gpg)) {
2096 if (gpg_ctx_op_step (gpg, err) == -1) {
2097 gpg_ctx_op_cancel (gpg);
2104 if (gpg_ctx_op_wait (gpg) != 0) {
2105 const char *diagnostics;
2109 diagnostics = gpg_ctx_get_diagnostics (gpg);
2112 g_set_error_literal (err, GMIME_ERROR, errno, diagnostics);
2122 g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED, _("PGP support is not enabled in this build"));
2125 #endif /* ENABLE_CRYPTOGRAPHY */
2129 gpg_export_keys (GMimeCryptoContext *context, GPtrArray *keys, GMimeStream *ostream, GError **err)
2131 #ifdef ENABLE_CRYPTOGRAPHY
2132 GMimeGpgContext *ctx = (GMimeGpgContext *) context;
2133 struct _GpgCtx *gpg;
2136 gpg = gpg_ctx_new (ctx);
2137 gpg_ctx_set_mode (gpg, GPG_CTX_MODE_EXPORT);
2138 gpg_ctx_set_armor (gpg, TRUE);
2139 gpg_ctx_set_ostream (gpg, ostream);
2141 for (i = 0; i < keys->len; i++) {
2142 gpg_ctx_add_recipient (gpg, keys->pdata[i]);
2145 if (gpg_ctx_op_start (gpg) == -1) {
2146 g_set_error (err, GMIME_ERROR, errno,
2147 _("Failed to execute gpg: %s"),
2148 errno ? g_strerror (errno) : _("Unknown"));
2154 while (!gpg_ctx_op_complete (gpg)) {
2155 if (gpg_ctx_op_step (gpg, err) == -1) {
2156 gpg_ctx_op_cancel (gpg);
2163 if (gpg_ctx_op_wait (gpg) != 0) {
2164 const char *diagnostics;
2168 diagnostics = gpg_ctx_get_diagnostics (gpg);
2171 g_set_error_literal (err, GMIME_ERROR, errno, diagnostics);
2181 g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED, _("PGP support is not enabled in this build"));
2184 #endif /* ENABLE_CRYPTOGRAPHY */
2189 * g_mime_gpg_context_new:
2190 * @request_passwd: a #GMimePasswordRequestFunc
2191 * @path: path to gpg binary
2193 * Creates a new gpg crypto context object.
2195 * Returns: a new gpg crypto context object.
2197 GMimeCryptoContext *
2198 g_mime_gpg_context_new (GMimePasswordRequestFunc request_passwd, const char *path)
2200 #ifdef ENABLE_CRYPTOGRAPHY
2201 GMimeCryptoContext *crypto;
2202 GMimeGpgContext *ctx;
2204 g_return_val_if_fail (path != NULL, NULL);
2206 ctx = g_object_newv (GMIME_TYPE_GPG_CONTEXT, 0, NULL);
2207 ctx->path = g_strdup (path);
2209 crypto = (GMimeCryptoContext *) ctx;
2210 crypto->request_passwd = request_passwd;
2215 #endif /* ENABLE_CRYPTOGRAPHY */
2220 * g_mime_gpg_context_get_auto_key_retrieve:
2221 * @ctx: a #GMimeGpgContext
2223 * Gets the @auto_key_retrieve flag on the gpg context.
2225 * Returns: the @auto_key_retrieve flag on the gpg context.
2228 g_mime_gpg_context_get_auto_key_retrieve (GMimeGpgContext *ctx)
2230 g_return_val_if_fail (GMIME_IS_GPG_CONTEXT (ctx), FALSE);
2232 return ctx->auto_key_retrieve;
2237 * g_mime_gpg_context_set_auto_key_retrieve:
2238 * @ctx: a #GMimeGpgContext
2239 * @auto_key_retrieve: auto-retrieve keys from a keys server
2241 * Sets the @auto_key_retrieve flag on the gpg context which is used
2242 * for signature verification.
2245 g_mime_gpg_context_set_auto_key_retrieve (GMimeGpgContext *ctx, gboolean auto_key_retrieve)
2247 g_return_if_fail (GMIME_IS_GPG_CONTEXT (ctx));
2249 ctx->auto_key_retrieve = auto_key_retrieve;
2254 * g_mime_gpg_context_get_always_trust:
2255 * @ctx: a #GMimeGpgContext
2257 * Gets the always_trust flag on the gpg context.
2259 * Returns: the always_trust flag on the gpg context.
2262 g_mime_gpg_context_get_always_trust (GMimeGpgContext *ctx)
2264 g_return_val_if_fail (GMIME_IS_GPG_CONTEXT (ctx), FALSE);
2266 return ctx->always_trust;
2271 * g_mime_gpg_context_set_always_trust:
2272 * @ctx: a #GMimeGpgContext
2273 * @always_trust: always trust flag
2275 * Sets the @always_trust flag on the gpg context which is used for
2279 g_mime_gpg_context_set_always_trust (GMimeGpgContext *ctx, gboolean always_trust)
2281 g_return_if_fail (GMIME_IS_GPG_CONTEXT (ctx));
2283 ctx->always_trust = always_trust;
2288 * g_mime_gpg_context_get_use_agent:
2289 * @ctx: a #GMimeGpgContext
2291 * Gets the use_agent flag on the gpg context.
2293 * Returns: the use_agent flag on the gpg context, which indicates
2294 * that GnuPG should attempt to use gpg-agent for credentials.
2297 g_mime_gpg_context_get_use_agent (GMimeGpgContext *ctx)
2299 g_return_val_if_fail (GMIME_IS_GPG_CONTEXT (ctx), FALSE);
2301 return ctx->use_agent;
2306 * g_mime_gpg_context_set_use_agent:
2307 * @ctx: a #GMimeGpgContext
2308 * @use_agent: always trust flag
2310 * Sets the @use_agent flag on the gpg context, which indicates that
2311 * GnuPG should attempt to use gpg-agent for credentials.
2314 g_mime_gpg_context_set_use_agent (GMimeGpgContext *ctx, gboolean use_agent)
2316 g_return_if_fail (GMIME_IS_GPG_CONTEXT (ctx));
2318 ctx->use_agent = use_agent;