Basic PKA support.

NEWS

@@ -19,11 +19,19 @@ Noteworthy changes in version 1.1.1 (unreleased)
    compatibility is provided.  In other words: If free() worked for
    you before, it will keep working.
 
+ * New status codes GPGME_PKA_TRUST_GOOD and GPGME_PKA_TRUST_BAD.
+   They are analyzed by the verify handlers and made available in the
+   new PKA_TRUST field of the signature result structure.
+
+
  * Interface changes relative to the 1.1.0 release:
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 gpgme_key_sig_t			EXTENDED: New field notations.
 GPGME_KEYLIST_MODE_SIG_NOTATIONS NEW
 gpgme_free			NEW
+GPGME_STATUS_PKA_TRUST_BAD      NEW
+GPGME_STATUS_PKA_TRUST_GOOD     NEW
+gpgme_signature_t               EXTENDED: New field pka_trust.
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

doc/ChangeLog

@@ -1,3 +1,7 @@
+2005-12-20  Werner Koch  <wk@g10code.com>
+
+	* gpgme.texi (Verify): Document pka_trust.
+
 2005-12-06  Werner Koch  <wk@g10code.com>
 
 	* gpgme.texi (Key Management): Updated to match the fixes for

doc/gpgme.texi

@@ -3985,6 +3985,22 @@ not expire.
 @item unsigned int wrong_key_usage : 1
 This is true if the key was not used according to its policy.
 
+@item unsigned int pka_trust : 2
+This is set to the trust information gained by means of the PKA system.
+Values are:
+  @table @code
+  @item 0
+        No PKA information available or verification not possible.
+  @item 1
+        PKA verification failed. 
+  @item 2
+        PKA verification succeeded.
+  @item 3
+        Reserved for future use.
+  @end table
+Depending on the configuration of the engine, this metric may also be
+reflected by the validity of the signature.
+
 @item gpgme_validity_t validity
 The validity of the signature.
 

gpgme/ChangeLog

@@ -1,3 +1,10 @@
+2005-12-20  Werner Koch  <wk@g10code.com>
+
+	* gpgme.h (gpgme_status_code_t): Added GPGME_STATUS_PKA_TRUST_BAD
+	and GPGME_STATUS_PKA_TRUST_GOOD.
+	(gpgme_signature_t): New field pka_trust.
+	* verify.c (_gpgme_verify_status_handler): Set pka_trust.
+
 2005-12-06  Werner Koch  <wk@g10code.com>
 
 	* keylist.c (keylist_colon_handler): Store fingerprints of the

gpgme/gpgme.h

@@ -445,6 +445,8 @@ typedef enum
     GPGME_STATUS_SC_OP_SUCCESS,
     GPGME_STATUS_CARDCTRL,
     GPGME_STATUS_BACKUP_KEY_CREATED,
+    GPGME_STATUS_PKA_TRUST_BAD,
+    GPGME_STATUS_PKA_TRUST_GOOD,
 
     GPGME_STATUS_PLAINTEXT
   }
@@ -1318,8 +1320,11 @@ struct _gpgme_signature
   /* Key should not have been used for signing.  */
   unsigned int wrong_key_usage : 1;
 
+  /* PKA status: 0 = not available, 1 = bad, 2 = okay, 3 = RFU. */
+  unsigned int pka_trust : 2;
+
   /* Internal to GPGME, do not use.  */
-  int _unused : 31;
+  int _unused : 29;
 
   gpgme_validity_t validity;
   gpgme_error_t validity_reason;

gpgme/verify.c

@@ -651,6 +651,15 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args)
       return sig ? parse_trust (sig, code, args)
 	: gpg_error (GPG_ERR_INV_ENGINE);
 
+    case GPGME_STATUS_PKA_TRUST_BAD:
+    case GPGME_STATUS_PKA_TRUST_GOOD:
+      opd->only_newsig_seen = 0;
+      if (sig && !sig->pka_trust)
+        sig->pka_trust = code == GPGME_STATUS_PKA_TRUST_GOOD? 2 : 1;
+      /* FIXME: We should set the mailbox which is the argument to
+         these status codes into a new field. */
+      break;
+
     case GPGME_STATUS_ERROR:
       opd->only_newsig_seen = 0;
       /* The error status is informational, so we don't return an

tests/gpgsm/t-keylist.c

@@ -345,6 +345,13 @@ main (int argc, char **argv)
 		   key->uids->next->uid);
 	  exit (1);
 	}
+      if (key->uids->next && strcmp (key->uids->next->uid, keys[i].email))
+	{
+	  fprintf (stderr, "Unexpected email in user ID: %s\n",
+		   key->uids->next->uid);
+	  exit (1);
+	}
+
 
 
       gpgme_key_unref (key);