Add flag 'is_de_vs' to decryption results and signatures.
* NEWS: Update. * lang/cpp/src/decryptionresult.cpp (DecryptionResult::isDeVs): New function. * lang/cpp/src/decryptionresult.h (DecryptionResult::isDeVs): New prototype. * lang/cpp/src/verificationresult.cpp (Signature::isDeVs): New function. * lang/cpp/src/verificationresult.h (Signature::isDeVs): New prototype. * lang/python/src/results.py (DecryptResult): Turn field 'is_de_vs' into a boolean. (Signature): Likewise. * src/decrypt.c (_gpgme_decrypt_status_handler): Handle the new compliance status line. * src/verify.c (_gpgme_verify_status_handler): Likewise. * src/gpgme.h.in (gpgme_status_code_t): Add new status codes for the new status lines. * src/keylist.c (parse_pub_field18): Move function to 'util.h'. (keylist_colon_handler): Adapt callsites. * src/status-table.c (status_table): Add new status lines. * src/util.h (PARSE_COMPLIANCE_FLAGS): New macro. This used to be 'parse_pub_field18', but turned into a macro to make it polymorphic. -- When decrypting data and verifying signatures, report whether the operations are in compliance with the criteria for data classified as VS-NfD. This information can the be presented to the user. GnuPG-bug-id: 3059 Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
parent
92574406fb
commit
05fa2a9c77
9
NEWS
9
NEWS
@ -1,6 +1,15 @@
|
|||||||
Noteworthy changes in version 1.9.1 (unreleased)
|
Noteworthy changes in version 1.9.1 (unreleased)
|
||||||
------------------------------------------------
|
------------------------------------------------
|
||||||
|
|
||||||
|
* Interface changes relative to the 1.9.0 release:
|
||||||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
gpgme_decrypt_result_t EXTENDED: New field 'is_de_vs'.
|
||||||
|
gpgme_signature_t EXTENDED: New field 'is_de_vs'.
|
||||||
|
cpp: DecryptionResult::isDeVs NEW.
|
||||||
|
cpp: Signature::isDeVs NEW.
|
||||||
|
py: DecryptResult EXTENDED: New boolean field 'is_de_vs'.
|
||||||
|
py: Signature EXTENDED: New boolean field 'is_de_vs'.
|
||||||
|
|
||||||
Noteworthy changes in version 1.9.0 (2017-03-28)
|
Noteworthy changes in version 1.9.0 (2017-03-28)
|
||||||
------------------------------------------------
|
------------------------------------------------
|
||||||
|
@ -110,6 +110,11 @@ bool GpgME::DecryptionResult::isWrongKeyUsage() const
|
|||||||
return d && d->res.wrong_key_usage;
|
return d && d->res.wrong_key_usage;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool GpgME::DecryptionResult::isDeVs() const
|
||||||
|
{
|
||||||
|
return d && d->res.is_de_vs;
|
||||||
|
}
|
||||||
|
|
||||||
const char *GpgME::DecryptionResult::fileName() const
|
const char *GpgME::DecryptionResult::fileName() const
|
||||||
{
|
{
|
||||||
return d ? d->res.file_name : 0 ;
|
return d ? d->res.file_name : 0 ;
|
||||||
|
@ -73,6 +73,7 @@ public:
|
|||||||
return isWrongKeyUsage();
|
return isWrongKeyUsage();
|
||||||
}
|
}
|
||||||
bool isWrongKeyUsage() const;
|
bool isWrongKeyUsage() const;
|
||||||
|
bool isDeVs() const;
|
||||||
|
|
||||||
const char *fileName() const;
|
const char *fileName() const;
|
||||||
|
|
||||||
|
@ -278,6 +278,11 @@ bool GpgME::Signature::isVerifiedUsingChainModel() const
|
|||||||
return !isNull() && d->sigs[idx]->chain_model;
|
return !isNull() && d->sigs[idx]->chain_model;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool GpgME::Signature::isDeVs() const
|
||||||
|
{
|
||||||
|
return !isNull() && d->sigs[idx]->is_de_vs;
|
||||||
|
}
|
||||||
|
|
||||||
GpgME::Signature::PKAStatus GpgME::Signature::pkaStatus() const
|
GpgME::Signature::PKAStatus GpgME::Signature::pkaStatus() const
|
||||||
{
|
{
|
||||||
if (!isNull()) {
|
if (!isNull()) {
|
||||||
|
@ -136,6 +136,7 @@ public:
|
|||||||
}
|
}
|
||||||
bool isWrongKeyUsage() const;
|
bool isWrongKeyUsage() const;
|
||||||
bool isVerifiedUsingChainModel() const;
|
bool isVerifiedUsingChainModel() const;
|
||||||
|
bool isDeVs() const;
|
||||||
|
|
||||||
enum PKAStatus {
|
enum PKAStatus {
|
||||||
UnknownPKAStatus, PKAVerificationFailed, PKAVerificationSucceeded
|
UnknownPKAStatus, PKAVerificationFailed, PKAVerificationSucceeded
|
||||||
|
@ -80,7 +80,7 @@ class Recipient(Result):
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
class DecryptResult(Result):
|
class DecryptResult(Result):
|
||||||
_type = dict(wrong_key_usage=bool)
|
_type = dict(wrong_key_usage=bool, is_de_vs=bool)
|
||||||
_map = dict(recipients=Recipient)
|
_map = dict(recipients=Recipient)
|
||||||
|
|
||||||
class NewSignature(Result):
|
class NewSignature(Result):
|
||||||
@ -93,7 +93,7 @@ class Notation(Result):
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
class Signature(Result):
|
class Signature(Result):
|
||||||
_type = dict(wrong_key_usage=bool, chain_model=bool)
|
_type = dict(wrong_key_usage=bool, chain_model=bool, is_de_vs=bool)
|
||||||
_map = dict(notations=Notation)
|
_map = dict(notations=Notation)
|
||||||
|
|
||||||
class VerifyResult(Result):
|
class VerifyResult(Result):
|
||||||
|
@ -321,6 +321,10 @@ _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code,
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE:
|
||||||
|
PARSE_COMPLIANCE_FLAGS (args, &opd->result);
|
||||||
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -1312,8 +1312,12 @@ struct _gpgme_op_decrypt_result
|
|||||||
/* Key should not have been used for encryption. */
|
/* Key should not have been used for encryption. */
|
||||||
unsigned int wrong_key_usage : 1;
|
unsigned int wrong_key_usage : 1;
|
||||||
|
|
||||||
|
/* True if the message was encrypted in compliance to the de-vs
|
||||||
|
* mode. */
|
||||||
|
unsigned int is_de_vs : 1;
|
||||||
|
|
||||||
/* Internal to GPGME, do not use. */
|
/* Internal to GPGME, do not use. */
|
||||||
int _unused : 31;
|
int _unused : 30;
|
||||||
|
|
||||||
gpgme_recipient_t recipients;
|
gpgme_recipient_t recipients;
|
||||||
|
|
||||||
@ -1490,8 +1494,11 @@ struct _gpgme_signature
|
|||||||
/* Validity has been verified using the chain model. */
|
/* Validity has been verified using the chain model. */
|
||||||
unsigned int chain_model : 1;
|
unsigned int chain_model : 1;
|
||||||
|
|
||||||
|
/* True if the signature is in compliance to the de-vs mode. */
|
||||||
|
unsigned int is_de_vs : 1;
|
||||||
|
|
||||||
/* Internal to GPGME, do not use. */
|
/* Internal to GPGME, do not use. */
|
||||||
int _unused : 28;
|
int _unused : 27;
|
||||||
|
|
||||||
gpgme_validity_t validity;
|
gpgme_validity_t validity;
|
||||||
gpgme_error_t validity_reason;
|
gpgme_error_t validity_reason;
|
||||||
@ -2468,7 +2475,9 @@ typedef enum
|
|||||||
GPGME_STATUS_TOFU_USER = 95,
|
GPGME_STATUS_TOFU_USER = 95,
|
||||||
GPGME_STATUS_TOFU_STATS = 96,
|
GPGME_STATUS_TOFU_STATS = 96,
|
||||||
GPGME_STATUS_TOFU_STATS_LONG = 97,
|
GPGME_STATUS_TOFU_STATS_LONG = 97,
|
||||||
GPGME_STATUS_NOTATION_FLAGS = 98
|
GPGME_STATUS_NOTATION_FLAGS = 98,
|
||||||
|
GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE = 99,
|
||||||
|
GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE = 100
|
||||||
}
|
}
|
||||||
gpgme_status_code_t;
|
gpgme_status_code_t;
|
||||||
|
|
||||||
|
@ -416,23 +416,6 @@ parse_sec_field15 (gpgme_key_t key, gpgme_subkey_t subkey, char *field)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Parse the compliance field. */
|
|
||||||
static void
|
|
||||||
parse_pub_field18 (gpgme_subkey_t subkey, char *field)
|
|
||||||
{
|
|
||||||
char *p, *endp;
|
|
||||||
unsigned long ul;
|
|
||||||
|
|
||||||
for (p = field; p && (ul = strtoul (p, &endp, 10)) && p != endp; p = endp)
|
|
||||||
{
|
|
||||||
switch (ul)
|
|
||||||
{
|
|
||||||
case 23: subkey->is_de_vs = 1; break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* Parse a tfs record. */
|
/* Parse a tfs record. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
parse_tfs_record (gpgme_user_id_t uid, char **field, int nfield)
|
parse_tfs_record (gpgme_user_id_t uid, char **field, int nfield)
|
||||||
@ -731,7 +714,7 @@ keylist_colon_handler (void *priv, char *line)
|
|||||||
|
|
||||||
/* Field 18 has the compliance flags. */
|
/* Field 18 has the compliance flags. */
|
||||||
if (fields >= 17 && *field[17])
|
if (fields >= 17 && *field[17])
|
||||||
parse_pub_field18 (subkey, field[17]);
|
PARSE_COMPLIANCE_FLAGS (field[17], subkey);
|
||||||
|
|
||||||
if (fields >= 20)
|
if (fields >= 20)
|
||||||
{
|
{
|
||||||
@ -814,7 +797,7 @@ keylist_colon_handler (void *priv, char *line)
|
|||||||
|
|
||||||
/* Field 18 has the compliance flags. */
|
/* Field 18 has the compliance flags. */
|
||||||
if (fields >= 17 && *field[17])
|
if (fields >= 17 && *field[17])
|
||||||
parse_pub_field18 (subkey, field[17]);
|
PARSE_COMPLIANCE_FLAGS (field[17], subkey);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -56,6 +56,7 @@ static struct status_table_s status_table[] =
|
|||||||
{ "DECRYPTION_INFO", GPGME_STATUS_DECRYPTION_INFO },
|
{ "DECRYPTION_INFO", GPGME_STATUS_DECRYPTION_INFO },
|
||||||
{ "DECRYPTION_OKAY", GPGME_STATUS_DECRYPTION_OKAY },
|
{ "DECRYPTION_OKAY", GPGME_STATUS_DECRYPTION_OKAY },
|
||||||
{ "DELETE_PROBLEM", GPGME_STATUS_DELETE_PROBLEM },
|
{ "DELETE_PROBLEM", GPGME_STATUS_DELETE_PROBLEM },
|
||||||
|
{ "DECRYPTION_COMPLIANCE_MODE", GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE },
|
||||||
{ "ENC_TO", GPGME_STATUS_ENC_TO },
|
{ "ENC_TO", GPGME_STATUS_ENC_TO },
|
||||||
{ "END_DECRYPTION", GPGME_STATUS_END_DECRYPTION },
|
{ "END_DECRYPTION", GPGME_STATUS_END_DECRYPTION },
|
||||||
{ "END_ENCRYPTION", GPGME_STATUS_END_ENCRYPTION },
|
{ "END_ENCRYPTION", GPGME_STATUS_END_ENCRYPTION },
|
||||||
@ -137,6 +138,7 @@ static struct status_table_s status_table[] =
|
|||||||
{ "UNEXPECTED", GPGME_STATUS_UNEXPECTED },
|
{ "UNEXPECTED", GPGME_STATUS_UNEXPECTED },
|
||||||
{ "USERID_HINT", GPGME_STATUS_USERID_HINT },
|
{ "USERID_HINT", GPGME_STATUS_USERID_HINT },
|
||||||
{ "VALIDSIG", GPGME_STATUS_VALIDSIG },
|
{ "VALIDSIG", GPGME_STATUS_VALIDSIG },
|
||||||
|
{ "VERIFICATION_COMPLIANCE_MODE", GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE },
|
||||||
{NULL, 0}
|
{NULL, 0}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
22
src/util.h
22
src/util.h
@ -224,4 +224,26 @@ extern struct assuan_malloc_hooks _gpgme_assuan_malloc_hooks;
|
|||||||
int _gpgme_assuan_log_cb (assuan_context_t ctx, void *hook,
|
int _gpgme_assuan_log_cb (assuan_context_t ctx, void *hook,
|
||||||
unsigned int cat, const char *msg);
|
unsigned int cat, const char *msg);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/* Parse the compliance field. */
|
||||||
|
#define PARSE_COMPLIANCE_FLAGS(flags, result) \
|
||||||
|
do { \
|
||||||
|
char *comp_p, *comp_endp; \
|
||||||
|
unsigned long comp_ul; \
|
||||||
|
\
|
||||||
|
for (comp_p = (flags); \
|
||||||
|
comp_p \
|
||||||
|
&& (comp_ul = strtoul (comp_p, &comp_endp, 10)) \
|
||||||
|
&& comp_p != comp_endp; \
|
||||||
|
comp_p = comp_endp) \
|
||||||
|
{ \
|
||||||
|
switch (comp_ul) \
|
||||||
|
{ \
|
||||||
|
case 23: (result)->is_de_vs = 1; break; \
|
||||||
|
} \
|
||||||
|
} \
|
||||||
|
} while (0)
|
||||||
|
|
||||||
|
|
||||||
#endif /* UTIL_H */
|
#endif /* UTIL_H */
|
||||||
|
@ -1078,6 +1078,10 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args)
|
|||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
|
case GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE:
|
||||||
|
PARSE_COMPLIANCE_FLAGS (args, opd->current_sig);
|
||||||
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user