Print NO_SECKEY status line in gpgsm.

This fixes bug#1020. 

12 files changed, 62 insertions, 17 deletions

diff --git a/agent/ChangeLog b/agent/ChangeLog
index a2e878db6..e84d1eb06 100644
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@@ -1,5 +1,8 @@
 2009-03-25  Werner Koch  <[email protected]>
 
+	* pkdecrypt.c (agent_pkdecrypt): Return a specific error message
+	if the key is not available.
+
 	* gpg-agent.c (main): Print a started message to show the real pid.
 
 2009-03-20  Werner Koch  <[email protected]>
diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c
index 80f92dd0c..75e8e8f73 100644
--- a/agent/pkdecrypt.c
+++ b/agent/pkdecrypt.c
@@ -69,7 +69,10 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
                             CACHE_MODE_NORMAL, &s_skey);
   if (rc)
     {
-      log_error ("failed to read the secret key\n");
+      if (gpg_err_code (rc) == GPG_ERR_ENOENT)
+        rc = gpg_error (GPG_ERR_NO_SECKEY);
+      else
+        log_error ("failed to read the secret key\n");
       goto leave;
     }
 
diff --git a/doc/DETAILS b/doc/DETAILS
index 6168264fe..7118b0fb1 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -309,12 +309,12 @@ more arguments in future versions.
         since epoch or an ISO 8601 string which can be detected by the
         presence of the letter 'T' inside.
 
-
-    ENC_TO  <long keyid>  <keytype>  <keylength>
-	The message is encrypted to this keyid.
-	keytype is the numerical value of the public key algorithm,
-	keylength is the length of the key or 0 if it is not known
-	(which is currently always the case).
+    ENC_TO  <long_keyid>  <keytype>  <keylength>
+	The message is encrypted to this LONG_KEYID.  KEYTYPE is the
+	numerical value of the public key algorithm or 0 if it is not
+	known, KEYLENGTH is the length of the key or 0 if it is not
+	known (which is currently always the case).  Gpg prints this
+	line always; Gpgsm only if it knows the certificate.
 
     NODATA  <what>
 	No data has been found. Codes for what are:
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 959655f35..d7db690fc 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,7 @@
+2009-03-25  Werner Koch  <[email protected]>
+
+	* mainproc.c (print_pkenc_list): Use snprintf.
+
 2009-03-17  Werner Koch  <[email protected]>
 
 	* call-agent.c (my_percent_plus_escape): Remove.
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 4678c1bfd..84a9de5f1 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -469,8 +469,8 @@ print_pkenc_list( struct kidlist_item *list, int failed )
 	if( list->reason == G10ERR_NO_SECKEY ) {
 	    if( is_status_enabled() ) {
 		char buf[20];
-		sprintf(buf,"%08lX%08lX", (ulong)list->kid[0],
-					  (ulong)list->kid[1] );
+		snprintf (buf, sizeof buf, "%08lX%08lX",
+                          (ulong)list->kid[0], (ulong)list->kid[1]);
 		write_status_text( STATUS_NO_SECKEY, buf );
 	    }
 	}
diff --git a/sm/ChangeLog b/sm/ChangeLog
index a98ce4d86..6b435dac8 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,3 +1,10 @@
+2009-03-25  Werner Koch  <[email protected]>
+
+	* decrypt.c (gpgsm_decrypt): Print ENC_TO and NO_SECKEY
+	stati.  Fixes bug#1020.
+	* fingerprint.c (gpgsm_get_short_fingerprint): Add arg R_HIGH and
+	change all callers.
+
 2009-03-23  Werner Koch  <[email protected]>
 
 	* delete.c (delete_one): Also delete ephemeral certificates if
diff --git a/sm/certdump.c b/sm/certdump.c
index c8854054b..d3390702d 100644
--- a/sm/certdump.c
+++ b/sm/certdump.c
@@ -952,7 +952,7 @@ gpgsm_format_keydesc (ksba_cert_t cert)
                          "created %s, expires %s.\n" ),
                        subject? subject:"?",
                        sn? sn: "?",
-                       gpgsm_get_short_fingerprint (cert),
+                       gpgsm_get_short_fingerprint (cert, NULL),
                        created, expires);
   
   i18n_switchback (orig_codeset);
diff --git a/sm/decrypt.c b/sm/decrypt.c
index 9ed47366a..8fb9f2dfd 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -362,6 +362,9 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
               ksba_sexp_t enc_val;
               char *hexkeygrip = NULL;
               char *desc = NULL;
+              char kidbuf[16+1];
+
+              *kidbuf = 0;
 
               rc = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial);
               if (rc == -1 && recp)
@@ -394,6 +397,25 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
                       log_error ("failed to get cert: %s\n", gpg_strerror (rc));
                       goto oops;     
                     }
+
+                  /* Print the ENC_TO status line.  Note that we can
+                     do so only if we have the certificate.  This is
+                     in contrast to gpg where the keyID is commonly
+                     included in the encrypted messages. It is too
+                     cumbersome to retrieve the used algorithm, thus
+                     we don't print it for now.  We also record the
+                     keyid for later use.  */
+                  {
+                    unsigned long kid[2];
+                    
+                    kid[0] = gpgsm_get_short_fingerprint (cert, kid+1);
+                    snprintf (kidbuf, sizeof kidbuf, "%08lX%08lX",
+                              kid[1], kid[0]);
+                    gpgsm_status2 (ctrl, STATUS_ENC_TO, 
+                                   kidbuf, "0", "0", NULL);
+                  }
+
+
                   /* Just in case there is a problem with the own
                      certificate we print this message - should never
                      happen of course */
@@ -430,6 +452,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
                     {
                       log_info ("decrypting session key failed: %s\n",
                                 gpg_strerror (rc));
+                      if (gpg_err_code (rc) == GPG_ERR_NO_SECKEY && *kidbuf)
+                        gpgsm_status2 (ctrl, STATUS_NO_SECKEY, kidbuf, NULL);
                     }
                   else
                     { /* setup the bulk decrypter */
diff --git a/sm/fingerprint.c b/sm/fingerprint.c
index addf56296..4704f5972 100644
--- a/sm/fingerprint.c
+++ b/sm/fingerprint.c
@@ -140,13 +140,16 @@ gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo)
 }
 
 /* Return a certificate ID.  These are the last 4 bytes of the SHA-1
-   fingerprint. */
+   fingerprint.  If R_HIGH is not NULL the next 4 bytes are stored
+   there. */
 unsigned long
-gpgsm_get_short_fingerprint (ksba_cert_t cert)
+gpgsm_get_short_fingerprint (ksba_cert_t cert, unsigned long *r_high)
 {
   unsigned char digest[20];
 
   gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL);
+  if (r_high)
+    *r_high = ((digest[12]<<24)|(digest[13]<<16)|(digest[14]<< 8)|digest[15]);
   return ((digest[16]<<24)|(digest[17]<<16)|(digest[18]<< 8)|digest[19]);
 }
 
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 0b16e51c2..e9327d217 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -229,7 +229,7 @@ int  gpgsm_parse_validation_model (const char *model);
 /*-- server.c --*/
 void gpgsm_server (certlist_t default_recplist);
 gpg_error_t gpgsm_status (ctrl_t ctrl, int no, const char *text);
-gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...);
+gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...) GNUPG_GCC_A_SENTINEL(0);
 gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
                                         gpg_err_code_t ec);
 gpg_error_t gpgsm_proxy_pinentry_notify (ctrl_t ctrl,
@@ -240,7 +240,8 @@ unsigned char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
                                       unsigned char *array, int *r_len);
 char *gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo);
 char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo);
-unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert);
+unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert,
+                                           unsigned long *r_high);
 unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array);
 char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert);
 int  gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);
diff --git a/sm/keylist.c b/sm/keylist.c
index 78f919d8f..2de1708a8 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -672,7 +672,7 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
   (void)have_secret;
 
   es_fprintf (fp, "           ID: 0x%08lX\n",
-              gpgsm_get_short_fingerprint (cert));
+              gpgsm_get_short_fingerprint (cert, NULL));
 
   sexp = ksba_cert_get_serial (cert);
   es_fputs ("          S/N: ", fp);
@@ -1042,7 +1042,7 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
   (void)have_secret;
 
   es_fprintf (fp, "           ID: 0x%08lX\n",
-              gpgsm_get_short_fingerprint (cert));
+              gpgsm_get_short_fingerprint (cert, NULL));
 
   sexp = ksba_cert_get_serial (cert);
   es_fputs ("          S/N: ", fp);
diff --git a/sm/verify.c b/sm/verify.c
index 11f147db5..77517c61f 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -450,7 +450,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
       else
         log_printf (_("[date not given]"));
       log_printf (_(" using certificate ID 0x%08lX\n"),
-                  gpgsm_get_short_fingerprint (cert));
+                  gpgsm_get_short_fingerprint (cert, NULL));
 
 
       if (msgdigest)