[Pkg-gnupg-commit] [gpgme] 42/103: Add flag 'is_de_vs' to decryption results and signatures.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Dec 14 18:53:02 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gpgme.
commit 05fa2a9c7764b28fdac35eb72631439df948ca0e
Author: Justus Winter <justus at g10code.com>
Date: Tue May 30 14:35:57 2017 +0200
Add flag 'is_de_vs' to decryption results and signatures.
* NEWS: Update.
* lang/cpp/src/decryptionresult.cpp (DecryptionResult::isDeVs): New
function.
* lang/cpp/src/decryptionresult.h (DecryptionResult::isDeVs): New
prototype.
* lang/cpp/src/verificationresult.cpp (Signature::isDeVs): New
function.
* lang/cpp/src/verificationresult.h (Signature::isDeVs): New
prototype.
* lang/python/src/results.py (DecryptResult): Turn field 'is_de_vs'
into a boolean.
(Signature): Likewise.
* src/decrypt.c (_gpgme_decrypt_status_handler): Handle the new
compliance status line.
* src/verify.c (_gpgme_verify_status_handler): Likewise.
* src/gpgme.h.in (gpgme_status_code_t): Add new status codes for the
new status lines.
* src/keylist.c (parse_pub_field18): Move function to 'util.h'.
(keylist_colon_handler): Adapt callsites.
* src/status-table.c (status_table): Add new status lines.
* src/util.h (PARSE_COMPLIANCE_FLAGS): New macro. This used to be
'parse_pub_field18', but turned into a macro to make it polymorphic.
--
When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD. This information can the be presented to the user.
GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus at g10code.com>
---
NEWS | 9 +++++++++
lang/cpp/src/decryptionresult.cpp | 5 +++++
lang/cpp/src/decryptionresult.h | 1 +
lang/cpp/src/verificationresult.cpp | 5 +++++
lang/cpp/src/verificationresult.h | 1 +
lang/python/src/results.py | 4 ++--
src/decrypt.c | 4 ++++
src/gpgme.h.in | 15 ++++++++++++---
src/keylist.c | 21 ++-------------------
src/status-table.c | 2 ++
src/util.h | 22 ++++++++++++++++++++++
src/verify.c | 4 ++++
12 files changed, 69 insertions(+), 24 deletions(-)
diff --git a/NEWS b/NEWS
index 0520768..b4a0d88 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,15 @@
Noteworthy changes in version 1.9.1 (unreleased)
------------------------------------------------
+ * Interface changes relative to the 1.9.0 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ gpgme_decrypt_result_t EXTENDED: New field 'is_de_vs'.
+ gpgme_signature_t EXTENDED: New field 'is_de_vs'.
+ cpp: DecryptionResult::isDeVs NEW.
+ cpp: Signature::isDeVs NEW.
+ py: DecryptResult EXTENDED: New boolean field 'is_de_vs'.
+ py: Signature EXTENDED: New boolean field 'is_de_vs'.
Noteworthy changes in version 1.9.0 (2017-03-28)
------------------------------------------------
diff --git a/lang/cpp/src/decryptionresult.cpp b/lang/cpp/src/decryptionresult.cpp
index 05f7e75..d1c991b 100644
--- a/lang/cpp/src/decryptionresult.cpp
+++ b/lang/cpp/src/decryptionresult.cpp
@@ -110,6 +110,11 @@ bool GpgME::DecryptionResult::isWrongKeyUsage() const
return d && d->res.wrong_key_usage;
}
+bool GpgME::DecryptionResult::isDeVs() const
+{
+ return d && d->res.is_de_vs;
+}
+
const char *GpgME::DecryptionResult::fileName() const
{
return d ? d->res.file_name : 0 ;
diff --git a/lang/cpp/src/decryptionresult.h b/lang/cpp/src/decryptionresult.h
index cd3ab7c..57705b4 100644
--- a/lang/cpp/src/decryptionresult.h
+++ b/lang/cpp/src/decryptionresult.h
@@ -73,6 +73,7 @@ public:
return isWrongKeyUsage();
}
bool isWrongKeyUsage() const;
+ bool isDeVs() const;
const char *fileName() const;
diff --git a/lang/cpp/src/verificationresult.cpp b/lang/cpp/src/verificationresult.cpp
index 8d90a7d..6dacd9f 100644
--- a/lang/cpp/src/verificationresult.cpp
+++ b/lang/cpp/src/verificationresult.cpp
@@ -278,6 +278,11 @@ bool GpgME::Signature::isVerifiedUsingChainModel() const
return !isNull() && d->sigs[idx]->chain_model;
}
+bool GpgME::Signature::isDeVs() const
+{
+ return !isNull() && d->sigs[idx]->is_de_vs;
+}
+
GpgME::Signature::PKAStatus GpgME::Signature::pkaStatus() const
{
if (!isNull()) {
diff --git a/lang/cpp/src/verificationresult.h b/lang/cpp/src/verificationresult.h
index 765fb79..3f6299c 100644
--- a/lang/cpp/src/verificationresult.h
+++ b/lang/cpp/src/verificationresult.h
@@ -136,6 +136,7 @@ public:
}
bool isWrongKeyUsage() const;
bool isVerifiedUsingChainModel() const;
+ bool isDeVs() const;
enum PKAStatus {
UnknownPKAStatus, PKAVerificationFailed, PKAVerificationSucceeded
diff --git a/lang/python/src/results.py b/lang/python/src/results.py
index 46ebeec..bfd0f68 100644
--- a/lang/python/src/results.py
+++ b/lang/python/src/results.py
@@ -80,7 +80,7 @@ class Recipient(Result):
pass
class DecryptResult(Result):
- _type = dict(wrong_key_usage=bool)
+ _type = dict(wrong_key_usage=bool, is_de_vs=bool)
_map = dict(recipients=Recipient)
class NewSignature(Result):
@@ -93,7 +93,7 @@ class Notation(Result):
pass
class Signature(Result):
- _type = dict(wrong_key_usage=bool, chain_model=bool)
+ _type = dict(wrong_key_usage=bool, chain_model=bool, is_de_vs=bool)
_map = dict(notations=Notation)
class VerifyResult(Result):
diff --git a/src/decrypt.c b/src/decrypt.c
index f30f80f..3b18909 100644
--- a/src/decrypt.c
+++ b/src/decrypt.c
@@ -321,6 +321,10 @@ _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code,
}
break;
+ case GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE:
+ PARSE_COMPLIANCE_FLAGS (args, &opd->result);
+ break;
+
default:
break;
}
diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index 24b21e7..867219a 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -1312,8 +1312,12 @@ struct _gpgme_op_decrypt_result
/* Key should not have been used for encryption. */
unsigned int wrong_key_usage : 1;
+ /* True if the message was encrypted in compliance to the de-vs
+ * mode. */
+ unsigned int is_de_vs : 1;
+
/* Internal to GPGME, do not use. */
- int _unused : 31;
+ int _unused : 30;
gpgme_recipient_t recipients;
@@ -1490,8 +1494,11 @@ struct _gpgme_signature
/* Validity has been verified using the chain model. */
unsigned int chain_model : 1;
+ /* True if the signature is in compliance to the de-vs mode. */
+ unsigned int is_de_vs : 1;
+
/* Internal to GPGME, do not use. */
- int _unused : 28;
+ int _unused : 27;
gpgme_validity_t validity;
gpgme_error_t validity_reason;
@@ -2468,7 +2475,9 @@ typedef enum
GPGME_STATUS_TOFU_USER = 95,
GPGME_STATUS_TOFU_STATS = 96,
GPGME_STATUS_TOFU_STATS_LONG = 97,
- GPGME_STATUS_NOTATION_FLAGS = 98
+ GPGME_STATUS_NOTATION_FLAGS = 98,
+ GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE = 99,
+ GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE = 100
}
gpgme_status_code_t;
diff --git a/src/keylist.c b/src/keylist.c
index e16ba4d..5e1c61e 100644
--- a/src/keylist.c
+++ b/src/keylist.c
@@ -416,23 +416,6 @@ parse_sec_field15 (gpgme_key_t key, gpgme_subkey_t subkey, char *field)
}
-/* Parse the compliance field. */
-static void
-parse_pub_field18 (gpgme_subkey_t subkey, char *field)
-{
- char *p, *endp;
- unsigned long ul;
-
- for (p = field; p && (ul = strtoul (p, &endp, 10)) && p != endp; p = endp)
- {
- switch (ul)
- {
- case 23: subkey->is_de_vs = 1; break;
- }
- }
-}
-
-
/* Parse a tfs record. */
static gpg_error_t
parse_tfs_record (gpgme_user_id_t uid, char **field, int nfield)
@@ -731,7 +714,7 @@ keylist_colon_handler (void *priv, char *line)
/* Field 18 has the compliance flags. */
if (fields >= 17 && *field[17])
- parse_pub_field18 (subkey, field[17]);
+ PARSE_COMPLIANCE_FLAGS (field[17], subkey);
if (fields >= 20)
{
@@ -814,7 +797,7 @@ keylist_colon_handler (void *priv, char *line)
/* Field 18 has the compliance flags. */
if (fields >= 17 && *field[17])
- parse_pub_field18 (subkey, field[17]);
+ PARSE_COMPLIANCE_FLAGS (field[17], subkey);
break;
diff --git a/src/status-table.c b/src/status-table.c
index 6451134..afc7eab 100644
--- a/src/status-table.c
+++ b/src/status-table.c
@@ -56,6 +56,7 @@ static struct status_table_s status_table[] =
{ "DECRYPTION_INFO", GPGME_STATUS_DECRYPTION_INFO },
{ "DECRYPTION_OKAY", GPGME_STATUS_DECRYPTION_OKAY },
{ "DELETE_PROBLEM", GPGME_STATUS_DELETE_PROBLEM },
+ { "DECRYPTION_COMPLIANCE_MODE", GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE },
{ "ENC_TO", GPGME_STATUS_ENC_TO },
{ "END_DECRYPTION", GPGME_STATUS_END_DECRYPTION },
{ "END_ENCRYPTION", GPGME_STATUS_END_ENCRYPTION },
@@ -137,6 +138,7 @@ static struct status_table_s status_table[] =
{ "UNEXPECTED", GPGME_STATUS_UNEXPECTED },
{ "USERID_HINT", GPGME_STATUS_USERID_HINT },
{ "VALIDSIG", GPGME_STATUS_VALIDSIG },
+ { "VERIFICATION_COMPLIANCE_MODE", GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE },
{NULL, 0}
};
diff --git a/src/util.h b/src/util.h
index 7b7924c..fd22d75 100644
--- a/src/util.h
+++ b/src/util.h
@@ -224,4 +224,26 @@ extern struct assuan_malloc_hooks _gpgme_assuan_malloc_hooks;
int _gpgme_assuan_log_cb (assuan_context_t ctx, void *hook,
unsigned int cat, const char *msg);
+
+
+/* Parse the compliance field. */
+#define PARSE_COMPLIANCE_FLAGS(flags, result) \
+ do { \
+ char *comp_p, *comp_endp; \
+ unsigned long comp_ul; \
+ \
+ for (comp_p = (flags); \
+ comp_p \
+ && (comp_ul = strtoul (comp_p, &comp_endp, 10)) \
+ && comp_p != comp_endp; \
+ comp_p = comp_endp) \
+ { \
+ switch (comp_ul) \
+ { \
+ case 23: (result)->is_de_vs = 1; break; \
+ } \
+ } \
+ } while (0)
+
+
#endif /* UTIL_H */
diff --git a/src/verify.c b/src/verify.c
index 900f925..ee730a3 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -1078,6 +1078,10 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args)
if (err)
return err;
+ case GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE:
+ PARSE_COMPLIANCE_FLAGS (args, opd->current_sig);
+ break;
+
default:
break;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gpgme.git
More information about the Pkg-gnupg-commit
mailing list