Slightly improved and cleaner GPG error handling (there is still plen…

…ty of room for improvement). git-svn-id: file:///home/mbr/svn/fwknop/trunk@52 510a4753-2344-4c79-9c09-4d669213fbeb
mrash · Feb 1, 2009 · 7008774 · 7008774
1 parent 1f443da
commit 7008774
Show file tree

Hide file tree

Showing 8 changed files with 280 additions and 224 deletions.
diff --git a/fko/cipher_funcs.h b/fko/cipher_funcs.h
@@ -38,8 +38,10 @@ size_t rij_encrypt(unsigned char *in, size_t len, const char *key, unsigned char
 size_t rij_decrypt(unsigned char *in, size_t len, const char *key, unsigned char *out);
 
 #if HAVE_LIBGPGME
-int gpg_encrypt(unsigned char *in, size_t len, const char *signer, const char *recip, unsigned char **out, size_t *out_sz);
-int gpg_decrypt(unsigned char *in, size_t len, const char *key, unsigned char **out, size_t *out_sz);
+int gpg_encrypt(fko_ctx_t ctx, const char *enc_key);
+//int gpg_encrypt(unsigned char *in, size_t len, const char *signer, const char *recip, unsigned char **out, size_t *out_sz);
+//int gpg_decrypt(unsigned char *in, size_t len, const char *key, unsigned char **out, size_t *out_sz);
+int gpg_decrypt(fko_ctx_t ctx, const char *enc_key, size_t b64_len);
 #endif /* HAVE_LIBGPGME */
 
 #endif /* CIPHER_FUNCS_H */

diff --git a/fko/fko.h b/fko/fko.h
@@ -95,7 +95,7 @@ typedef enum {
     FKO_ERROR_GPGME_PLAINTEXT_DATA_OBJ,
     FKO_ERROR_GPGME_SET_PROTOCOL,
     FKO_ERROR_GPGME_CIPHER_DATA_OBJ,
-    FKO_ERROR_GPGME_BAD_SIGNER_PASSPHRASE,
+    FKO_ERROR_GPGME_BAD_PASSPHRASE,
     FKO_ERROR_GPGME_ENCRYPT_SIGN,
     FKO_ERROR_GPGME_CONTEXT_SIGNER_KEY,
     FKO_ERROR_GPGME_SIGNER_KEYLIST_START,
@@ -106,14 +106,14 @@ typedef enum {
     FKO_ERROR_GPGME_RECIPIENT_KEYLIST_START,
     FKO_ERROR_GPGME_RECIPIENT_KEY_NOT_FOUND,
     FKO_ERROR_GPGME_RECIPIENT_KEY_AMBIGUOUS,
-    FKO_ERROR_GPGME_DECRYPT_VERIFY,
+    FKO_ERROR_GPGME_DECRYPT_FAILED,
 
     FKO_LAST_ERROR
 } fko_error_codes_t;
 
 /* Macro that returns true if the given error code is a gpg-related error.
 */
-#define IS_GPG_ERROR(x) (x > GPGME_ERR_START && x < LAST_ERROR)
+#define IS_GPG_ERROR(x) (x > GPGME_ERR_START && x < FKO_LAST_ERROR)
 
 /* General Defaults
 */
@@ -179,6 +179,7 @@ int fko_set_gpg_recipient(fko_ctx_t ctx, const char *recip);
 char* fko_get_gpg_recipient(fko_ctx_t ctx);
 int fko_set_gpg_signer(fko_ctx_t ctx, const char *signer);
 char* fko_get_gpg_signer(fko_ctx_t ctx);
+const char* fko_gpg_errorstr(fko_ctx_t ctx);
 
 #endif /* FKO_H */
 

diff --git a/fko/fko_common.h b/fko/fko_common.h
@@ -61,6 +61,12 @@
   #define END_C_DECLS
 #endif /* __cplusplus */
 
+/* Pull in gpgme.h if we have it.
+*/
+#if HAVE_LIBGPGME
+  #include <gpgme.h>
+#endif
+
 #include "fko_types.h"
 #include "fko_util.h"
 #include "fko_limits.h"

diff --git a/fko/fko_context.h b/fko/fko_context.h
@@ -61,6 +61,15 @@ struct fko_context {
     /* For gpgme support */
     char           *gpg_recipient;
     char           *gpg_signer;
+
+    gpgme_ctx_t     gpg_ctx;
+    gpgme_key_t     recipient_key;
+    gpgme_key_t     signer_key;
+
+    gpgme_decrypt_result_t  gpg_decrypt_result;
+    gpgme_verify_result_t   gpg_verify_result;
+
+    gpgme_error_t   gpg_err;
 #endif /* HAVE_LIBGPGME */
 };
 

diff --git a/fko/fko_encryption.c b/fko/fko_encryption.c
@@ -152,12 +152,12 @@ _rijndael_decrypt(fko_ctx_t ctx, const char *dec_key, int b64_len)
 /* Prep and encrypt using gpgme
 */
 int
-_gpg_encrypt(fko_ctx_t ctx, const char *enc_key)
+gpg_encrypt(fko_ctx_t ctx, const char *enc_key)
 {
     int             res;
     char           *plain;
     char           *b64cipher;
-    unsigned char  *cipher;
+    unsigned char  *cipher = NULL;
     size_t          cipher_len;
 
     /* First make sure we have signer and recipient keys set.
@@ -174,16 +174,22 @@ _gpg_encrypt(fko_ctx_t ctx, const char *enc_key)
 
     sprintf(plain, "%s:%s", ctx->encoded_msg, ctx->digest);
 
-    res = gpgme_encrypt(
+    res = gpgme_encrypt(ctx,
         (unsigned char*)plain, strlen(plain),
-        ctx->gpg_signer, ctx->gpg_recipient,
         enc_key, &cipher, &cipher_len
     );
 
     /* --DSS XXX: Better parsing of what went wrong would be nice :)
     */
     if(res != FKO_SUCCESS)
+    {
+        free(plain);
+
+        if(cipher)
+            free(cipher);
+
         return(res);
+    }
 
     /* Now make a bucket for the base64-encoded version and populate it.
     */
@@ -211,10 +217,11 @@ _gpg_encrypt(fko_ctx_t ctx, const char *enc_key)
 /* Prep and encrypt using gpgme
 */
 int
-_gpg_decrypt(fko_ctx_t ctx, const char *dec_key, int b64_len)
+gpg_decrypt(fko_ctx_t ctx, const char *dec_key, size_t b64_len)
 {
     unsigned char  *cipher;
-    size_t          cipher_len, pt_len;
+    size_t          cipher_len;
+    int             res;
 
     /* First make sure we have signer and recipient keys set.
     if(ctx->gpg_signer == NULL || ctx->gpg_recipient == NULL)
@@ -237,15 +244,18 @@ _gpg_decrypt(fko_ctx_t ctx, const char *dec_key, int b64_len)
     if(ctx->encoded_msg == NULL)
         return(FKO_ERROR_MEMORY_ALLOCATION);
 
-    pt_len = gpgme_decrypt(cipher, cipher_len,
-        ctx->gpg_signer, ctx->gpg_recipient,
+    res = gpgme_decrypt(ctx, cipher, cipher_len,
         dec_key,  (unsigned char**)&ctx->encoded_msg, &cipher_len
     );
+
 
     /* Done with cipher...
     */
     free(cipher);
 
+    if(res != FKO_SUCCESS)
+        return(res);
+
     /* XXX: We could put some kind of sanity check  of the decrypted
      *      data here
     */
@@ -327,7 +337,7 @@ fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key)
 
     else if(ctx->encryption_type == FKO_ENCRYPTION_GPG)
 #if HAVE_LIBGPGME
-        return(_gpg_encrypt(ctx, enc_key));
+        return(gpg_encrypt(ctx, enc_key));
 #else
         return(FKO_ERROR_UNSUPPORTED_FEATURE);
 #endif
@@ -361,7 +371,7 @@ fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key)
     {
         ctx->encryption_type = FKO_ENCRYPTION_GPG;
 #if HAVE_LIBGPGME
-        return(_gpg_decrypt(ctx, dec_key, b64_len));
+        return(gpg_decrypt(ctx, dec_key, b64_len));
 #else
         return(FKO_ERROR_UNSUPPORTED_FEATURE);
 #endif