From 276187f6b62a73e92b1c20f589510f80ab9e88d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
Date: Tue, 4 May 2021 18:35:29 +0200
Subject: [PATCH] core: Extend gpgme_key_sig_t with trust signature members.

* src/gpgme.h.in (struct _gpgme_key_sig): Add fields 'trust_depth',
'trust_value', and 'trust_scope'.
* src/key.c (gpgme_key_unref): Free trust_scope.
* src/keylist.c (keylist_colon_handler): Set the fields.
* tests/run-keylist.c (main): Print the fields.
--

The trust signature values are part of gpg's output since the year 2003.
This now adds support to gpgme.

GnuPG-bug-id: 5245, 5419
---
 NEWS                |  3 +++
 doc/gpgme.texi      | 11 +++++++++++
 src/gpgme.h.in      | 11 ++++++++++-
 src/key.c           |  1 +
 src/keylist.c       | 24 ++++++++++++++++++++++++
 tests/run-keylist.c |  3 +++
 6 files changed, 52 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 495e4af7..e8272bb0 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ Noteworthy changes in version 1.15.2 (unreleased)
 
  * Interface changes relative to the 1.15.1 release:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ gpgme_key_sig_t                       EXTENDED: New field 'trust_depth'.
+ gpgme_key_sig_t                       EXTENDED: New field 'trust_value'.
+ gpgme_key_sig_t                       EXTENDED: New field 'trust_scope'.
  GPGME_KEYSIGN_FORCE                   NEW.
  qt: CryptoConfig::entry               CHANGED: Added overload; deprecated old
 
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 11147862..ea6693ef 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -3706,6 +3706,13 @@ This is true if the key signature is invalid.
 @item unsigned int exportable : 1
 This is true if the key signature is exportable.
 
+@item unsigned int trust_depth : 8
+This is the depth of a trust signature, or 0 if the key signature is not
+a trust signature.
+
+@item unsigned int trust_value : 8
+This is the trust amount of a trust signature.
+
 @item gpgme_pubkey_algo_t pubkey_algo
 This is the public key algorithm used to create the signature.
 
@@ -3721,6 +3728,10 @@ the timestamp is invalid, and 0 if it is not available.
 This is the expiration timestamp of the key signature, or 0 if the key
 signature does not expire.
 
+@item char *trust_scope
+This is a regular expression that limits the scope of a trust signature.
+Users must be prepared to see a @code{NULL} value here.
+
 @item gpgme_error_t status
 This is the status of the signature and has the same meaning as the
 member of the same name in a @code{gpgme_signature_t} object.
diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index 0a90c8d2..6471f0ad 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -627,7 +627,13 @@ struct _gpgme_key_sig
   unsigned int exportable : 1;
 
   /* Internal to GPGME, do not use.  */
-  unsigned int _unused : 28;
+  unsigned int _unused : 12;
+
+  /* The depth of a trust signature, 0 if no trust signature.  */
+  unsigned int trust_depth : 8;
+
+  /* The trust value of a trust signature, 0 if no trust signature.  */
+  unsigned int trust_value : 8;
 
   /* The public key algorithm used to create the signature.  */
   gpgme_pubkey_algo_t pubkey_algo;
@@ -644,6 +650,9 @@ struct _gpgme_key_sig
   /* The expiration timestamp, 0 if the subkey does not expire.  */
   long int expires;
 
+  /* The scope of a trust signature.  Might be NULL.  */
+  char *trust_scope;
+
   /* Same as in gpgme_signature_t.  */
   gpgme_error_t status;
 
diff --git a/src/key.c b/src/key.c
index e4b85774..322bd0ac 100644
--- a/src/key.c
+++ b/src/key.c
@@ -369,6 +369,7 @@ gpgme_key_unref (gpgme_key_t key)
 	      notation = next_notation;
 	    }
 
+	  free (keysig->trust_scope);
           free (keysig);
 	  keysig = next_keysig;
         }
diff --git a/src/keylist.c b/src/keylist.c
index a4de3ad5..42743f07 100644
--- a/src/keylist.c
+++ b/src/keylist.c
@@ -967,6 +967,30 @@ keylist_colon_handler (void *priv, char *line)
       if (fields >= 7)
 	keysig->expires = _gpgme_parse_timestamp (field[6], NULL);
 
+      /* Field 8 has the trust depth and the trust value.  */
+      if (fields >= 8 && *field[7])
+        {
+          const char *trust_depth = field[7];
+          char *trust_value = strchr (field[7] + 1, ' ');
+          if (trust_value)
+            *(trust_value++) = '\0';
+          if (trust_value)
+            {
+              int depth = atoi (trust_depth);
+              int value = atoi (trust_value);
+
+              if (depth >= 1 && depth < 256)
+                keysig->trust_depth = depth;
+              if (value >= 1 && value < 256)
+                keysig->trust_value = value;
+            }
+        }
+
+      /* Field 9 has the trust signature scope (a regular expression).  */
+      if (fields >= 9)
+	if (_gpgme_decode_c_string (field[8], &keysig->trust_scope, 0))
+	  return gpg_error (GPG_ERR_ENOMEM);	/* FIXME */
+
       /* Field 11 has the signature class (eg, 0x30 means revoked).  */
       if (fields >= 11)
 	if (field[10][0] && field[10][1])
diff --git a/tests/run-keylist.c b/tests/run-keylist.c
index 23c61108..f0ab74e8 100644
--- a/tests/run-keylist.c
+++ b/tests/run-keylist.c
@@ -369,6 +369,9 @@ main (int argc, char **argv)
               printf ("     created: %s\n", isotimestr(ks->timestamp));
               printf ("     expires: %s\n", isotimestr(ks->expires));
               printf ("       class: %x\n", ks->sig_class);
+              printf (" trust depth: %u\n", ks->trust_depth);
+              printf (" trust value: %u\n", ks->trust_value);
+              printf (" trust scope: %s\n", nonnull (ks->trust_scope));
             }
         }