Add flag 'is_de_vs' to decryption results and signatures.

* NEWS: Update.
* lang/cpp/src/decryptionresult.cpp (DecryptionResult::isDeVs): New
function.
* lang/cpp/src/decryptionresult.h (DecryptionResult::isDeVs): New
prototype.
* lang/cpp/src/verificationresult.cpp (Signature::isDeVs): New
function.
* lang/cpp/src/verificationresult.h (Signature::isDeVs): New
prototype.
* lang/python/src/results.py (DecryptResult): Turn field 'is_de_vs'
into a boolean.
(Signature): Likewise.
* src/decrypt.c (_gpgme_decrypt_status_handler): Handle the new
compliance status line.
* src/verify.c (_gpgme_verify_status_handler): Likewise.
* src/gpgme.h.in (gpgme_status_code_t): Add new status codes for the
new status lines.
* src/keylist.c (parse_pub_field18): Move function to 'util.h'.
(keylist_colon_handler): Adapt callsites.
* src/status-table.c (status_table): Add new status lines.
* src/util.h (PARSE_COMPLIANCE_FLAGS): New macro.  This used to be
'parse_pub_field18', but turned into a macro to make it polymorphic.
--

When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD.  This information can the be presented to the user.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
Justus Winter 2017-05-30 14:35:57 +02:00
parent 92574406fb
commit 05fa2a9c77
No known key found for this signature in database
GPG Key ID: DD1A52F9DA8C9020
12 changed files with 69 additions and 24 deletions

9
NEWS
View File

@ -1,6 +1,15 @@
Noteworthy changes in version 1.9.1 (unreleased) Noteworthy changes in version 1.9.1 (unreleased)
------------------------------------------------ ------------------------------------------------
* Interface changes relative to the 1.9.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgme_decrypt_result_t EXTENDED: New field 'is_de_vs'.
gpgme_signature_t EXTENDED: New field 'is_de_vs'.
cpp: DecryptionResult::isDeVs NEW.
cpp: Signature::isDeVs NEW.
py: DecryptResult EXTENDED: New boolean field 'is_de_vs'.
py: Signature EXTENDED: New boolean field 'is_de_vs'.
Noteworthy changes in version 1.9.0 (2017-03-28) Noteworthy changes in version 1.9.0 (2017-03-28)
------------------------------------------------ ------------------------------------------------

View File

@ -110,6 +110,11 @@ bool GpgME::DecryptionResult::isWrongKeyUsage() const
return d && d->res.wrong_key_usage; return d && d->res.wrong_key_usage;
} }
bool GpgME::DecryptionResult::isDeVs() const
{
return d && d->res.is_de_vs;
}
const char *GpgME::DecryptionResult::fileName() const const char *GpgME::DecryptionResult::fileName() const
{ {
return d ? d->res.file_name : 0 ; return d ? d->res.file_name : 0 ;

View File

@ -73,6 +73,7 @@ public:
return isWrongKeyUsage(); return isWrongKeyUsage();
} }
bool isWrongKeyUsage() const; bool isWrongKeyUsage() const;
bool isDeVs() const;
const char *fileName() const; const char *fileName() const;

View File

@ -278,6 +278,11 @@ bool GpgME::Signature::isVerifiedUsingChainModel() const
return !isNull() && d->sigs[idx]->chain_model; return !isNull() && d->sigs[idx]->chain_model;
} }
bool GpgME::Signature::isDeVs() const
{
return !isNull() && d->sigs[idx]->is_de_vs;
}
GpgME::Signature::PKAStatus GpgME::Signature::pkaStatus() const GpgME::Signature::PKAStatus GpgME::Signature::pkaStatus() const
{ {
if (!isNull()) { if (!isNull()) {

View File

@ -136,6 +136,7 @@ public:
} }
bool isWrongKeyUsage() const; bool isWrongKeyUsage() const;
bool isVerifiedUsingChainModel() const; bool isVerifiedUsingChainModel() const;
bool isDeVs() const;
enum PKAStatus { enum PKAStatus {
UnknownPKAStatus, PKAVerificationFailed, PKAVerificationSucceeded UnknownPKAStatus, PKAVerificationFailed, PKAVerificationSucceeded

View File

@ -80,7 +80,7 @@ class Recipient(Result):
pass pass
class DecryptResult(Result): class DecryptResult(Result):
_type = dict(wrong_key_usage=bool) _type = dict(wrong_key_usage=bool, is_de_vs=bool)
_map = dict(recipients=Recipient) _map = dict(recipients=Recipient)
class NewSignature(Result): class NewSignature(Result):
@ -93,7 +93,7 @@ class Notation(Result):
pass pass
class Signature(Result): class Signature(Result):
_type = dict(wrong_key_usage=bool, chain_model=bool) _type = dict(wrong_key_usage=bool, chain_model=bool, is_de_vs=bool)
_map = dict(notations=Notation) _map = dict(notations=Notation)
class VerifyResult(Result): class VerifyResult(Result):

View File

@ -321,6 +321,10 @@ _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code,
} }
break; break;
case GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE:
PARSE_COMPLIANCE_FLAGS (args, &opd->result);
break;
default: default:
break; break;
} }

View File

@ -1312,8 +1312,12 @@ struct _gpgme_op_decrypt_result
/* Key should not have been used for encryption. */ /* Key should not have been used for encryption. */
unsigned int wrong_key_usage : 1; unsigned int wrong_key_usage : 1;
/* True if the message was encrypted in compliance to the de-vs
* mode. */
unsigned int is_de_vs : 1;
/* Internal to GPGME, do not use. */ /* Internal to GPGME, do not use. */
int _unused : 31; int _unused : 30;
gpgme_recipient_t recipients; gpgme_recipient_t recipients;
@ -1490,8 +1494,11 @@ struct _gpgme_signature
/* Validity has been verified using the chain model. */ /* Validity has been verified using the chain model. */
unsigned int chain_model : 1; unsigned int chain_model : 1;
/* True if the signature is in compliance to the de-vs mode. */
unsigned int is_de_vs : 1;
/* Internal to GPGME, do not use. */ /* Internal to GPGME, do not use. */
int _unused : 28; int _unused : 27;
gpgme_validity_t validity; gpgme_validity_t validity;
gpgme_error_t validity_reason; gpgme_error_t validity_reason;
@ -2468,7 +2475,9 @@ typedef enum
GPGME_STATUS_TOFU_USER = 95, GPGME_STATUS_TOFU_USER = 95,
GPGME_STATUS_TOFU_STATS = 96, GPGME_STATUS_TOFU_STATS = 96,
GPGME_STATUS_TOFU_STATS_LONG = 97, GPGME_STATUS_TOFU_STATS_LONG = 97,
GPGME_STATUS_NOTATION_FLAGS = 98 GPGME_STATUS_NOTATION_FLAGS = 98,
GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE = 99,
GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE = 100
} }
gpgme_status_code_t; gpgme_status_code_t;

View File

@ -416,23 +416,6 @@ parse_sec_field15 (gpgme_key_t key, gpgme_subkey_t subkey, char *field)
} }
/* Parse the compliance field. */
static void
parse_pub_field18 (gpgme_subkey_t subkey, char *field)
{
char *p, *endp;
unsigned long ul;
for (p = field; p && (ul = strtoul (p, &endp, 10)) && p != endp; p = endp)
{
switch (ul)
{
case 23: subkey->is_de_vs = 1; break;
}
}
}
/* Parse a tfs record. */ /* Parse a tfs record. */
static gpg_error_t static gpg_error_t
parse_tfs_record (gpgme_user_id_t uid, char **field, int nfield) parse_tfs_record (gpgme_user_id_t uid, char **field, int nfield)
@ -731,7 +714,7 @@ keylist_colon_handler (void *priv, char *line)
/* Field 18 has the compliance flags. */ /* Field 18 has the compliance flags. */
if (fields >= 17 && *field[17]) if (fields >= 17 && *field[17])
parse_pub_field18 (subkey, field[17]); PARSE_COMPLIANCE_FLAGS (field[17], subkey);
if (fields >= 20) if (fields >= 20)
{ {
@ -814,7 +797,7 @@ keylist_colon_handler (void *priv, char *line)
/* Field 18 has the compliance flags. */ /* Field 18 has the compliance flags. */
if (fields >= 17 && *field[17]) if (fields >= 17 && *field[17])
parse_pub_field18 (subkey, field[17]); PARSE_COMPLIANCE_FLAGS (field[17], subkey);
break; break;

View File

@ -56,6 +56,7 @@ static struct status_table_s status_table[] =
{ "DECRYPTION_INFO", GPGME_STATUS_DECRYPTION_INFO }, { "DECRYPTION_INFO", GPGME_STATUS_DECRYPTION_INFO },
{ "DECRYPTION_OKAY", GPGME_STATUS_DECRYPTION_OKAY }, { "DECRYPTION_OKAY", GPGME_STATUS_DECRYPTION_OKAY },
{ "DELETE_PROBLEM", GPGME_STATUS_DELETE_PROBLEM }, { "DELETE_PROBLEM", GPGME_STATUS_DELETE_PROBLEM },
{ "DECRYPTION_COMPLIANCE_MODE", GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE },
{ "ENC_TO", GPGME_STATUS_ENC_TO }, { "ENC_TO", GPGME_STATUS_ENC_TO },
{ "END_DECRYPTION", GPGME_STATUS_END_DECRYPTION }, { "END_DECRYPTION", GPGME_STATUS_END_DECRYPTION },
{ "END_ENCRYPTION", GPGME_STATUS_END_ENCRYPTION }, { "END_ENCRYPTION", GPGME_STATUS_END_ENCRYPTION },
@ -137,6 +138,7 @@ static struct status_table_s status_table[] =
{ "UNEXPECTED", GPGME_STATUS_UNEXPECTED }, { "UNEXPECTED", GPGME_STATUS_UNEXPECTED },
{ "USERID_HINT", GPGME_STATUS_USERID_HINT }, { "USERID_HINT", GPGME_STATUS_USERID_HINT },
{ "VALIDSIG", GPGME_STATUS_VALIDSIG }, { "VALIDSIG", GPGME_STATUS_VALIDSIG },
{ "VERIFICATION_COMPLIANCE_MODE", GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE },
{NULL, 0} {NULL, 0}
}; };

View File

@ -224,4 +224,26 @@ extern struct assuan_malloc_hooks _gpgme_assuan_malloc_hooks;
int _gpgme_assuan_log_cb (assuan_context_t ctx, void *hook, int _gpgme_assuan_log_cb (assuan_context_t ctx, void *hook,
unsigned int cat, const char *msg); unsigned int cat, const char *msg);
/* Parse the compliance field. */
#define PARSE_COMPLIANCE_FLAGS(flags, result) \
do { \
char *comp_p, *comp_endp; \
unsigned long comp_ul; \
\
for (comp_p = (flags); \
comp_p \
&& (comp_ul = strtoul (comp_p, &comp_endp, 10)) \
&& comp_p != comp_endp; \
comp_p = comp_endp) \
{ \
switch (comp_ul) \
{ \
case 23: (result)->is_de_vs = 1; break; \
} \
} \
} while (0)
#endif /* UTIL_H */ #endif /* UTIL_H */

View File

@ -1078,6 +1078,10 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args)
if (err) if (err)
return err; return err;
case GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE:
PARSE_COMPLIANCE_FLAGS (args, opd->current_sig);
break;
default: default:
break; break;
} }