Add support for non hidden and hidden recipient

Use -r to provide non-hidden recipient, Use -R to provide hidden recipient.
2024-09-24 18:59:01 +00:00 · 2017-03-03 21:19:04 +00:00 · 2017-03-03 21:19:04 +00:00 · c793e0b132
commit c793e0b132
parent 6352a1d417
2 changed files with 45 additions and 18 deletions
--- a/extras/test/runtests
+++ b/extras/test/runtests
@ -59,7 +59,7 @@ typeset -A results

 tests=(dig forge lock badpass open close passwd chksum bind setkey recip-dig 
 		recip-forge recip-lock recip-open recip-close recip-passwd recip-resize 
-		recip-setkey shared shared-passwd shared-setkey recip-default)
+		recip-setkey recip-default recip-hidden shared shared-passwd shared-setkey)

 { test $RESIZER = 1 } && { tests+=(resize) }
 { test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) }
@ -193,7 +193,7 @@ test-tomb-recip() {
    tt close recip
 }

-test-tomb-default() {
+test-tomb-recip-default() {

 	notice "wiping all default.tomb* in /tmp"
 	rm -f /tmp/default.tomb /tmp/default.tomb.key
@ -210,6 +210,23 @@ test-tomb-default() {
    { test $res = 0 } && { results+=(recip-default SUCCESS) }
 }

+test-tomb-recip-hidden() {
+
+	notice "wiping all hidden.tomb* in /tmp"
+	rm -f /tmp/hidden.tomb /tmp/hidden.tomb.key
+	
+	notice "Testing tomb with hidden recipient"
+	res=0
+    tt dig -s 20 /tmp/hidden.tomb
+    { test $? = 0 } || { res=1 }
+    tt forge /tmp/hidden.tomb.key -g -R $gpgid_1 --ignore-swap --unsafe --use-urandom
+    { test $? = 0 } || { res=1 }
+	tt lock /tmp/hidden.tomb -k /tmp/hidden.tomb.key \
+        --ignore-swap --unsafe -g -R $gpgid_1
+    { test $? = 0 } || { res=1 }
+    { test $res = 0 } && { results+=(recip-hidden SUCCESS) }
+}
+
 test-tomb-shared() {

 	notice "wiping all shared.tomb* in /tmp"
@ -381,7 +398,8 @@ startloops=(`sudo losetup -a |cut -d: -f1`)
 # isolated function (also called with source)
 test-tomb-create
 test-tomb-recip
-test-tomb-default
+test-tomb-recip-default
+test-tomb-recip-hidden
 test-tomb-shared

 notice "Testing open with wrong password"
--- a/39
+++ b/39
@ -654,6 +654,7 @@ usage() {
    _print " -f     force operation (i.e. even if swap is active)"
    _print " -g     use a GnuPG key to encrypt a tomb key"
    _print " -r     provide GnuPG recipients (separated by coma)"
+    _print " -R     provide GnuPG hidden recipients (separated by coma)"
    _print " --shared active sharing feature"
    [[ $KDF == 1 ]] && {
        _print " --kdf  forge keys armored against dictionary attacks"
@ -1002,10 +1003,10 @@ gpg_decrypt() {
        gpgpopt=()
        
        # GPG option '--try-secret-key' exist since GPG 2.1
-        { option_is_set -r } && [[ $gpgver =~ "2.1." ]] && {
+        { option_is_set -R } && [[ $gpgver =~ "2.1." ]] && {
            typeset -a recipients
-            recipients=(${(s:,:)$(option_value -r)})
-            { ! is_valid_recipients $recipients } && {
+            recipients=(${(s:,:)$(option_value -R)})
+            { is_valid_recipients $recipients } || {
                 _failure "You set an invalid GPG ID."
            }
            gpgpopt=(`_recipients_arg "--try-secret-key" $recipients`)
@ -1230,6 +1231,7 @@ gen_key() {
    local algopt="`option_value -o`"
    local algo="${algopt:-AES256}"
    local gpgpass opt
+    local recipients_opt
    typeset -a gpgopt
    # here user is prompted for key password
    tombpass=""
@ -1237,10 +1239,17 @@ gen_key() {

    { option_is_set -g } && {
        gpgopt=(--encrypt)
-        
-        { option_is_set -r } && {
+
+        { option_is_set -r || option_is_set -R } && {
            typeset -a recipients
-            recipients=(${(s:,:)$(option_value -r)})
+            { option_is_set -r } && {
+                recipients=(${(s:,:)$(option_value -r)})
+                recipients_opt="--recipient"
+            } || {
+                recipients=(${(s:,:)$(option_value -R)})
+                recipients_opt="--hidden-recipient"
+            }
+                
            [ "${#recipients}" -gt 1 ] && {
                if option_is_set --shared; then
                    _warning "You are going to encrypt a tomb key with ${#recipients} recipients."
@ -1258,7 +1267,7 @@ gen_key() {
                _failure "You set an invalid GPG ID."
            }
            
-            gpgopt+=(`_recipients_arg "--hidden-recipient" $recipients`)
+            gpgopt+=(`_recipients_arg "$recipients_opt" $recipients`)
        } || {
            _message "No recipient specified, using default GPG key."
            gpgopt+=("--default-recipient-self")
@ -2754,19 +2763,19 @@ main() {
    main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe g -gpgkey=g)
    subcommands_opts[__default]=""
    # -o in open and mount is used to pass alternate mount options
-    subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: r: "
+    subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: r: R: "
    subcommands_opts[mount]=${subcommands_opts[open]}

    subcommands_opts[create]="" # deprecated, will issue warning

    # -o in forge and lock is used to pass an alternate cipher.
-    subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: -shared "
+    subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: R: -shared "
    subcommands_opts[dig]="-ignore-swap s: -size=s "
-    subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: r: "
-    subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: -shared "
+    subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: r: R: "
+    subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -shared "
    subcommands_opts[engrave]="k: "

-    subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: -shared "
+    subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -shared "
    subcommands_opts[close]=""
    subcommands_opts[help]=""
    subcommands_opts[slam]=""
@ -2776,14 +2785,14 @@ main() {
    subcommands_opts[search]=""

    subcommands_opts[help]=""
-    subcommands_opts[bury]="k: -tomb-pwd: r: "
-    subcommands_opts[exhume]="k: -tomb-pwd: r: "
+    subcommands_opts[bury]="k: -tomb-pwd: r: R: "
+    subcommands_opts[exhume]="k: -tomb-pwd: r: R: "
    # subcommands_opts[decompose]=""
    # subcommands_opts[recompose]=""
    # subcommands_opts[install]=""
    subcommands_opts[askpass]=""
    subcommands_opts[source]=""
-    subcommands_opts[resize]="-ignore-swap s: -size=s k: -tomb-pwd: r: "
+    subcommands_opts[resize]="-ignore-swap s: -size=s k: -tomb-pwd: r: R: "
    subcommands_opts[check]="-ignore-swap "
    #    subcommands_opts[translate]=""