doc/

2004-05-21  Marcus Brinkmann  <marcus@g10code.de>

	* gpgme.texi (Decrypt): Add note about new field wrong_key_usage
	of gpgme_decrypt_result_t.

gpgme/
2004-05-21  Marcus Brinkmann  <marcus@g10code.de>

	* gpgme.h (struct _gpgme_decrypt_result): New fields
	wrong_key_usage and _unused.
	* decrypt.c (_gpgme_decrypt_status_handler): Don't skip over
	character after a matched string, as in a protocol error this
	could skip over the trailing binary zero.
	Handle decrypt.keyusage error notifications.

NEWS

@@ -4,8 +4,13 @@ Noteworthy changes in version 0.9.0 (unreleased)
  * The type gpgme_key_t has now a new field keylist_mode that contains
    the keylist mode that was active at the time the key was retrieved.
 
+ * The type gpgme_decrypt_result_t has a new field "wrong_key_usage"
+   that contains a flag indicating that the key should not have been
+   used for encryption.
+
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 gpgme_key_t			EXTENDED: New field keylist_mode.
+gpgme_decrypt_result_t		EXTENDED: New field wrong_key_usage.
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

TODO

@@ -96,6 +96,8 @@ Hey Emacs, this is -*- outline -*- mode!
    password is required by crypto engine. !!
 ** Verify must not fail on NODATA premature if auto-key-retrieval failed.
    It should not fail silently if it knows there is an error. !!!
+** decrypt-verify sets wrong_key_usage even if not "verify.keyusage" is
+   encountered, but "decrypt.keyusage".  Is this correct?  !!
 ** All operations: Better error reporting. !!
 ** Export status handler need much more work. !!!
 ** Import should return a useful error when one happened.

doc/ChangeLog

@@ -1,5 +1,8 @@
 2004-05-21  Marcus Brinkmann  <marcus@g10code.de>
 
+	* gpgme.texi (Decrypt): Add note about new field wrong_key_usage
+	of gpgme_decrypt_result_t.
+
 	* gpgme.texi (Key Management): Add note about new field
 	keylist_mode of gpgme_key_t.
 

doc/gpgme.texi

@@ -3523,6 +3523,9 @@ members:
 @item char *unsupported_algorithm
 If an unsupported algorithm was encountered, this string describes the
 algorithm that is not supported.
+
+@item unsigned int wrong_key_usage : 1
+This is true if the key was not used according to its policy.
 @end table
 @end deftp
 
@@ -3608,7 +3611,7 @@ following members:
 This is a pointer to the next new signature structure in the linked
 list, or @code{NULL} if this is the last element.
 
-@item gpgme_sigsum_t summary;
+@item gpgme_sigsum_t summary
 This is a bit vector giving a summary of the signature status.  It
 provides an easy interface to a defined semantic of the signature
 status.  Checking just one bit is sufficient to see whether a
@@ -3701,7 +3704,7 @@ The creation timestamp of this signature.
 The expiration timestamp of this signature, or 0 if the signature does
 not expire.
 
-@item unsigned int wrong_key_usage : 1;
+@item unsigned int wrong_key_usage : 1
 This is true if the key was not used according to its policy.
 
 @item gpgme_validity_t validity

gpgme/ChangeLog

@@ -1,5 +1,12 @@
 2004-05-21  Marcus Brinkmann  <marcus@g10code.de>
 
+	* gpgme.h (struct _gpgme_decrypt_result): New fields
+	wrong_key_usage and _unused.
+	* decrypt.c (_gpgme_decrypt_status_handler): Don't skip over
+	character after a matched string, as in a protocol error this
+	could skip over the trailing binary zero.
+	Handle decrypt.keyusage error notifications.
+
 	* gpgme.h (struct _gpgme_key): New member keylist_mode.
 	* keylist.c (keylist_colon_handler): Set the keylist_mode of KEY.
 

gpgme/decrypt.c

@@ -1,6 +1,6 @@
 /* decrypt.c - Decrypt function.
    Copyright (C) 2000 Werner Koch (dd9jn)
-   Copyright (C) 2001, 2002, 2003 g10 Code GmbH
+   Copyright (C) 2001, 2002, 2003, 2004 g10 Code GmbH
 
    This file is part of GPGME.
  
@@ -105,14 +105,16 @@ _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code,
 
     case GPGME_STATUS_ERROR:
       /* Note that this is an informational status code which should
-         not lead to an erro retunr unless it is something not related
-         to the backend. */
+         not lead to an error return unless it is something not
+         related to the backend.  */
       {
 	const char d_alg[] = "decrypt.algorithm";
 	const char u_alg[] = "Unsupported_Algorithm";
+	const char k_alg[] = "decrypt.keyusage";
+
 	if (!strncmp (args, d_alg, sizeof (d_alg) - 1))
 	  {
-	    args += sizeof (d_alg);
+	    args += sizeof (d_alg) - 1;
 	    while (*args == ' ')
 	      args++;
 
@@ -120,7 +122,7 @@ _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code,
 	      {
 		char *end;
 
-		args += sizeof (u_alg);
+		args += sizeof (u_alg) - 1;
 		while (*args == ' ')
 		  args++;
 
@@ -136,6 +138,18 @@ _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code,
 		  }
 	      }
 	  }
+	else if (!strncmp (args, k_alg, sizeof (k_alg) - 1))
+	  {
+	    gpgme_error_t err;
+
+	    args += sizeof (k_alg) - 1;
+	    while (*args == ' ')
+	      args++;
+
+	    err = _gpgme_map_gnupg_error (args);
+	    if (gpg_err_code (err) == GPG_ERR_WRONG_KEY_USAGE)
+	      opd->result.wrong_key_usage = 1;
+	  }
       }
       break;
         

gpgme/gpgme.h

@@ -1063,6 +1063,12 @@ gpgme_error_t gpgme_op_encrypt_sign (gpgme_ctx_t ctx, gpgme_key_t recp[],
 struct _gpgme_op_decrypt_result
 {
   char *unsupported_algorithm;
+
+  /* Key should not have been used for encryption.  */
+  unsigned int wrong_key_usage : 1;
+
+  /* Internal to GPGME, do not use.  */
+  int _unused : 31;
 };
 typedef struct _gpgme_op_decrypt_result *gpgme_decrypt_result_t;
 
@@ -1192,6 +1198,7 @@ struct _gpgme_signature
   /* Signature exipration time or 0.  */
   unsigned long exp_timestamp;
 
+  /* Key should not have been used for signing.  */
   unsigned int wrong_key_usage : 1;
 
   /* Internal to GPGME, do not use.  */