From 05fa2a9c7764b28fdac35eb72631439df948ca0e Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Tue, 30 May 2017 14:35:57 +0200 Subject: [PATCH] Add flag 'is_de_vs' to decryption results and signatures. * NEWS: Update. * lang/cpp/src/decryptionresult.cpp (DecryptionResult::isDeVs): New function. * lang/cpp/src/decryptionresult.h (DecryptionResult::isDeVs): New prototype. * lang/cpp/src/verificationresult.cpp (Signature::isDeVs): New function. * lang/cpp/src/verificationresult.h (Signature::isDeVs): New prototype. * lang/python/src/results.py (DecryptResult): Turn field 'is_de_vs' into a boolean. (Signature): Likewise. * src/decrypt.c (_gpgme_decrypt_status_handler): Handle the new compliance status line. * src/verify.c (_gpgme_verify_status_handler): Likewise. * src/gpgme.h.in (gpgme_status_code_t): Add new status codes for the new status lines. * src/keylist.c (parse_pub_field18): Move function to 'util.h'. (keylist_colon_handler): Adapt callsites. * src/status-table.c (status_table): Add new status lines. * src/util.h (PARSE_COMPLIANCE_FLAGS): New macro. This used to be 'parse_pub_field18', but turned into a macro to make it polymorphic. -- When decrypting data and verifying signatures, report whether the operations are in compliance with the criteria for data classified as VS-NfD. This information can the be presented to the user. GnuPG-bug-id: 3059 Signed-off-by: Justus Winter --- NEWS | 9 +++++++++ lang/cpp/src/decryptionresult.cpp | 5 +++++ lang/cpp/src/decryptionresult.h | 1 + lang/cpp/src/verificationresult.cpp | 5 +++++ lang/cpp/src/verificationresult.h | 1 + lang/python/src/results.py | 4 ++-- src/decrypt.c | 4 ++++ src/gpgme.h.in | 15 ++++++++++++--- src/keylist.c | 21 ++------------------- src/status-table.c | 2 ++ src/util.h | 22 ++++++++++++++++++++++ src/verify.c | 4 ++++ 12 files changed, 69 insertions(+), 24 deletions(-) diff --git a/NEWS b/NEWS index 05207685..b4a0d883 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,15 @@ Noteworthy changes in version 1.9.1 (unreleased) ------------------------------------------------ + * Interface changes relative to the 1.9.0 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + gpgme_decrypt_result_t EXTENDED: New field 'is_de_vs'. + gpgme_signature_t EXTENDED: New field 'is_de_vs'. + cpp: DecryptionResult::isDeVs NEW. + cpp: Signature::isDeVs NEW. + py: DecryptResult EXTENDED: New boolean field 'is_de_vs'. + py: Signature EXTENDED: New boolean field 'is_de_vs'. Noteworthy changes in version 1.9.0 (2017-03-28) ------------------------------------------------ diff --git a/lang/cpp/src/decryptionresult.cpp b/lang/cpp/src/decryptionresult.cpp index 05f7e754..d1c991be 100644 --- a/lang/cpp/src/decryptionresult.cpp +++ b/lang/cpp/src/decryptionresult.cpp @@ -110,6 +110,11 @@ bool GpgME::DecryptionResult::isWrongKeyUsage() const return d && d->res.wrong_key_usage; } +bool GpgME::DecryptionResult::isDeVs() const +{ + return d && d->res.is_de_vs; +} + const char *GpgME::DecryptionResult::fileName() const { return d ? d->res.file_name : 0 ; diff --git a/lang/cpp/src/decryptionresult.h b/lang/cpp/src/decryptionresult.h index cd3ab7c4..57705b48 100644 --- a/lang/cpp/src/decryptionresult.h +++ b/lang/cpp/src/decryptionresult.h @@ -73,6 +73,7 @@ public: return isWrongKeyUsage(); } bool isWrongKeyUsage() const; + bool isDeVs() const; const char *fileName() const; diff --git a/lang/cpp/src/verificationresult.cpp b/lang/cpp/src/verificationresult.cpp index 8d90a7db..6dacd9fb 100644 --- a/lang/cpp/src/verificationresult.cpp +++ b/lang/cpp/src/verificationresult.cpp @@ -278,6 +278,11 @@ bool GpgME::Signature::isVerifiedUsingChainModel() const return !isNull() && d->sigs[idx]->chain_model; } +bool GpgME::Signature::isDeVs() const +{ + return !isNull() && d->sigs[idx]->is_de_vs; +} + GpgME::Signature::PKAStatus GpgME::Signature::pkaStatus() const { if (!isNull()) { diff --git a/lang/cpp/src/verificationresult.h b/lang/cpp/src/verificationresult.h index 765fb79d..3f6299ca 100644 --- a/lang/cpp/src/verificationresult.h +++ b/lang/cpp/src/verificationresult.h @@ -136,6 +136,7 @@ public: } bool isWrongKeyUsage() const; bool isVerifiedUsingChainModel() const; + bool isDeVs() const; enum PKAStatus { UnknownPKAStatus, PKAVerificationFailed, PKAVerificationSucceeded diff --git a/lang/python/src/results.py b/lang/python/src/results.py index 46ebeec6..bfd0f683 100644 --- a/lang/python/src/results.py +++ b/lang/python/src/results.py @@ -80,7 +80,7 @@ class Recipient(Result): pass class DecryptResult(Result): - _type = dict(wrong_key_usage=bool) + _type = dict(wrong_key_usage=bool, is_de_vs=bool) _map = dict(recipients=Recipient) class NewSignature(Result): @@ -93,7 +93,7 @@ class Notation(Result): pass class Signature(Result): - _type = dict(wrong_key_usage=bool, chain_model=bool) + _type = dict(wrong_key_usage=bool, chain_model=bool, is_de_vs=bool) _map = dict(notations=Notation) class VerifyResult(Result): diff --git a/src/decrypt.c b/src/decrypt.c index f30f80f6..3b189093 100644 --- a/src/decrypt.c +++ b/src/decrypt.c @@ -321,6 +321,10 @@ _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code, } break; + case GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE: + PARSE_COMPLIANCE_FLAGS (args, &opd->result); + break; + default: break; } diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 24b21e7d..867219a4 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1312,8 +1312,12 @@ struct _gpgme_op_decrypt_result /* Key should not have been used for encryption. */ unsigned int wrong_key_usage : 1; + /* True if the message was encrypted in compliance to the de-vs + * mode. */ + unsigned int is_de_vs : 1; + /* Internal to GPGME, do not use. */ - int _unused : 31; + int _unused : 30; gpgme_recipient_t recipients; @@ -1490,8 +1494,11 @@ struct _gpgme_signature /* Validity has been verified using the chain model. */ unsigned int chain_model : 1; + /* True if the signature is in compliance to the de-vs mode. */ + unsigned int is_de_vs : 1; + /* Internal to GPGME, do not use. */ - int _unused : 28; + int _unused : 27; gpgme_validity_t validity; gpgme_error_t validity_reason; @@ -2468,7 +2475,9 @@ typedef enum GPGME_STATUS_TOFU_USER = 95, GPGME_STATUS_TOFU_STATS = 96, GPGME_STATUS_TOFU_STATS_LONG = 97, - GPGME_STATUS_NOTATION_FLAGS = 98 + GPGME_STATUS_NOTATION_FLAGS = 98, + GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE = 99, + GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE = 100 } gpgme_status_code_t; diff --git a/src/keylist.c b/src/keylist.c index e16ba4d1..5e1c61e6 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -416,23 +416,6 @@ parse_sec_field15 (gpgme_key_t key, gpgme_subkey_t subkey, char *field) } -/* Parse the compliance field. */ -static void -parse_pub_field18 (gpgme_subkey_t subkey, char *field) -{ - char *p, *endp; - unsigned long ul; - - for (p = field; p && (ul = strtoul (p, &endp, 10)) && p != endp; p = endp) - { - switch (ul) - { - case 23: subkey->is_de_vs = 1; break; - } - } -} - - /* Parse a tfs record. */ static gpg_error_t parse_tfs_record (gpgme_user_id_t uid, char **field, int nfield) @@ -731,7 +714,7 @@ keylist_colon_handler (void *priv, char *line) /* Field 18 has the compliance flags. */ if (fields >= 17 && *field[17]) - parse_pub_field18 (subkey, field[17]); + PARSE_COMPLIANCE_FLAGS (field[17], subkey); if (fields >= 20) { @@ -814,7 +797,7 @@ keylist_colon_handler (void *priv, char *line) /* Field 18 has the compliance flags. */ if (fields >= 17 && *field[17]) - parse_pub_field18 (subkey, field[17]); + PARSE_COMPLIANCE_FLAGS (field[17], subkey); break; diff --git a/src/status-table.c b/src/status-table.c index 64511345..afc7eab8 100644 --- a/src/status-table.c +++ b/src/status-table.c @@ -56,6 +56,7 @@ static struct status_table_s status_table[] = { "DECRYPTION_INFO", GPGME_STATUS_DECRYPTION_INFO }, { "DECRYPTION_OKAY", GPGME_STATUS_DECRYPTION_OKAY }, { "DELETE_PROBLEM", GPGME_STATUS_DELETE_PROBLEM }, + { "DECRYPTION_COMPLIANCE_MODE", GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE }, { "ENC_TO", GPGME_STATUS_ENC_TO }, { "END_DECRYPTION", GPGME_STATUS_END_DECRYPTION }, { "END_ENCRYPTION", GPGME_STATUS_END_ENCRYPTION }, @@ -137,6 +138,7 @@ static struct status_table_s status_table[] = { "UNEXPECTED", GPGME_STATUS_UNEXPECTED }, { "USERID_HINT", GPGME_STATUS_USERID_HINT }, { "VALIDSIG", GPGME_STATUS_VALIDSIG }, + { "VERIFICATION_COMPLIANCE_MODE", GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE }, {NULL, 0} }; diff --git a/src/util.h b/src/util.h index 7b7924cf..fd22d754 100644 --- a/src/util.h +++ b/src/util.h @@ -224,4 +224,26 @@ extern struct assuan_malloc_hooks _gpgme_assuan_malloc_hooks; int _gpgme_assuan_log_cb (assuan_context_t ctx, void *hook, unsigned int cat, const char *msg); + + +/* Parse the compliance field. */ +#define PARSE_COMPLIANCE_FLAGS(flags, result) \ + do { \ + char *comp_p, *comp_endp; \ + unsigned long comp_ul; \ + \ + for (comp_p = (flags); \ + comp_p \ + && (comp_ul = strtoul (comp_p, &comp_endp, 10)) \ + && comp_p != comp_endp; \ + comp_p = comp_endp) \ + { \ + switch (comp_ul) \ + { \ + case 23: (result)->is_de_vs = 1; break; \ + } \ + } \ + } while (0) + + #endif /* UTIL_H */ diff --git a/src/verify.c b/src/verify.c index 900f925d..ee730a34 100644 --- a/src/verify.c +++ b/src/verify.c @@ -1078,6 +1078,10 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args) if (err) return err; + case GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE: + PARSE_COMPLIANCE_FLAGS (args, opd->current_sig); + break; + default: break; }