From e3cc410003a91e7ab4c267e1285c0c4c57775be9 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 24 Jul 2025 14:12:37 +0200
Subject: gpgv: New option --print-notation.

* g10/keylist.c (print_matching_notations): New.
* g10/mainproc.c (check_sig_and_print): Call this.
* g10/options.h (opt): Add field print_notations.
* g10/gpgv.c (oPrintNotation): New.
(opts): Add "print-notation".
(main): Implement.
--

I had the code floating around but can't remember what triggered me to
write this.  But it might eventually be useful, so better apply it.
---
 doc/HACKING    | 20 ++++++++++++++++++++
 doc/gpgv.texi  |  5 +++++
 g10/gpgv.c     |  7 +++++++
 g10/keylist.c  | 35 +++++++++++++++++++++++++++++++++++
 g10/main.h     |  1 +
 g10/mainproc.c |  1 +
 g10/options.h  |  1 +
 7 files changed, 70 insertions(+)

diff --git a/doc/HACKING b/doc/HACKING
index cb7e400fc..8cf49f4bd 100644
--- a/doc/HACKING
+++ b/doc/HACKING
@@ -443,3 +443,23 @@ plaintext packets and so on.  The file g10/encode.c might be a good
 starting point to see how it is used - actually this is the other way:
 constructing messages using pushed filters but it may be easier to
 understand.
+
+** Notes on how to create test data
+
+On 2016-02-28 we created a lot of AEAD test data using a command
+similar to this:
+
+--8<---------------cut here---------------start------------->8---
+for algo in eax ocb; do
+ for csize in 6 7 12 13 14 30; do
+  for len in 0 $(seq 0 200) $(seq 8100 8200) $(seq 16350 16400) \
+               $(seq 20000 20100); do
+   awk </dev/null -v i=$len 'BEGIN{while(i){i--;printf"~"}}' \
+     | gpg --no-options -v --rfc4880bis --batch --passphrase "abc" \
+           --s2k-count 1025 --s2k-digest-algo sha256 -z0 \
+           --force-aead --aead-algo $algo --cipher aes -a \
+           --chunk-size $csize -c >symenc-aead-eax-c$csize-$len.asc
+  done
+ done
+done
+--8<---------------cut here---------------end--------------->8---
diff --git a/doc/gpgv.texi b/doc/gpgv.texi
index 159c8dddb..005ff422f 100644
--- a/doc/gpgv.texi
+++ b/doc/gpgv.texi
@@ -122,6 +122,11 @@ refer to the file descriptor n and not to a file with that name.
 @opindex assert-pubkey-algo
 This option works in the same way as described for @command{gpg}.
 
+@item --print-notation @var{name}
+@itemx -N @var{name}
+If the signature verifies print the notation @var{name} to stdout if
+it exists.
+
 @end table
 
 @mansect return value
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 6d3d25f50..686fc8891 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -58,6 +58,7 @@ enum cmd_and_opt_values {
   oQuiet	  = 'q',
   oVerbose	  = 'v',
   oOutput	  = 'o',
+  oPrintNotation  = 'N',
   oBatch	  = 500,
   oKeyring,
   oIgnoreTimeConflict,
@@ -91,6 +92,8 @@ static gpgrt_opt_t opts[] = {
   ARGPARSE_s_s (oWeakDigest, "weak-digest",
                 N_("|ALGO|reject signatures made with ALGO")),
   ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
+  ARGPARSE_s_s (oPrintNotation, "print-notation",
+                N_("|NAME|print the notation NAME to stdout")),
   ARGPARSE_s_s (oDebug, "debug", "@"),
   ARGPARSE_s_s (oAssertPubkeyAlgo,"assert-pubkey-algo", "@"),
 
@@ -267,6 +270,10 @@ main( int argc, char **argv )
             }
           break;
 
+        case oPrintNotation:
+          append_to_strlist (&opt.print_notations, pargs.r.ret_str);
+          break;
+
         default : pargs.err = ARGPARSE_PRINT_ERROR; break;
 	}
     }
diff --git a/g10/keylist.c b/g10/keylist.c
index 1c531126f..42e9f65f5 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -709,6 +709,41 @@ show_notation (PKT_signature * sig, int indent, int mode, int which)
 }
 
 
+/* Output all the notation data in SIG matching a name given by
+ * --print-notation to stdout.  */
+void
+print_matching_notations (PKT_signature *sig)
+{
+  notation_t nd, notations;
+  strlist_t sl;
+  const char *s;
+
+  if (!opt.print_notations)
+    return;
+
+  notations = sig_to_notation (sig);
+  for (nd = notations; nd; nd = nd->next)
+    {
+      for (sl=opt.print_notations; sl; sl = sl->next)
+        if (!strcmp (sl->d, nd->name))
+          break;
+      if (!sl || !*nd->value)
+        continue;
+      es_fprintf (es_stdout, "%s: ", nd->name);
+      for (s = nd->value; *s; s++)
+        {
+          if (*s == '\n')
+            es_fprintf (es_stdout, "\n%*s", (int)strlen (nd->name)+2, "");
+          else if (*s >= ' ' || *s != '\t')
+            es_putc (*s, es_stdout);
+        }
+      es_putc ('\n', es_stdout);
+    }
+
+  free_notation (notations);
+}
+
+
 static void
 print_signature_stats (struct keylist_context *s)
 {
diff --git a/g10/main.h b/g10/main.h
index c0a3d5fa2..5d96b5e27 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -488,6 +488,7 @@ void show_preferences (PKT_user_id *uid, int indent, int mode, int verbose);
 void show_policy_url(PKT_signature *sig,int indent,int mode);
 void show_keyserver_url(PKT_signature *sig,int indent,int mode);
 void show_notation(PKT_signature *sig,int indent,int mode,int which);
+void print_matching_notations (PKT_signature *sig);
 void dump_attribs (const PKT_user_id *uid, PKT_public_key *pk);
 void set_attrib_fd(int fd);
 void print_key_info (ctrl_t ctrl, estream_t fp, int indent,
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 22d12799d..5a7961099 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -2497,6 +2497,7 @@ check_sig_and_print (CTX c, kbnode_t node)
                 ));
           else
             show_notation (sig, 0, 2, 0);
+          print_matching_notations (sig);
         }
 
       /* Fill PKSTRBUF with the algostring in case we later need it.  */
diff --git a/g10/options.h b/g10/options.h
index cd5c19f45..28fc2207a 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -214,6 +214,7 @@ struct
   int no_encrypt_to;
   int encrypt_to_default_key;
   int interactive;
+  strlist_t print_notations;       /* Name of notations to print. */
   struct notation *sig_notations;
   struct notation *cert_notations;
   strlist_t sig_policy_url;
-- 
cgit v1.2.3