Add flag 'is_de_vs' to decryption results and signatures.

* NEWS: Update.
* lang/cpp/src/decryptionresult.cpp (DecryptionResult::isDeVs): New
function.
* lang/cpp/src/decryptionresult.h (DecryptionResult::isDeVs): New
prototype.
* lang/cpp/src/verificationresult.cpp (Signature::isDeVs): New
function.
* lang/cpp/src/verificationresult.h (Signature::isDeVs): New
prototype.
* lang/python/src/results.py (DecryptResult): Turn field 'is_de_vs'
into a boolean.
(Signature): Likewise.
* src/decrypt.c (_gpgme_decrypt_status_handler): Handle the new
compliance status line.
* src/verify.c (_gpgme_verify_status_handler): Likewise.
* src/gpgme.h.in (gpgme_status_code_t): Add new status codes for the
new status lines.
* src/keylist.c (parse_pub_field18): Move function to 'util.h'.
(keylist_colon_handler): Adapt callsites.
* src/status-table.c (status_table): Add new status lines.
* src/util.h (PARSE_COMPLIANCE_FLAGS): New macro.  This used to be
'parse_pub_field18', but turned into a macro to make it polymorphic.
--

When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD.  This information can the be presented to the user.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <[email protected]>

6 files changed, 46 insertions, 22 deletions

diff --git a/src/decrypt.c b/src/decrypt.c
index f30f80f6..3b189093 100644
--- a/src/decrypt.c
+++ b/src/decrypt.c
@@ -321,6 +321,10 @@ _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code,
         }
       break;
 
+    case GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE:
+      PARSE_COMPLIANCE_FLAGS (args, &opd->result);
+      break;
+
     default:
       break;
     }
diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index 24b21e7d..867219a4 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -1312,8 +1312,12 @@ struct _gpgme_op_decrypt_result
   /* Key should not have been used for encryption.  */
   unsigned int wrong_key_usage : 1;
 
+  /* True if the message was encrypted in compliance to the de-vs
+   * mode.  */
+  unsigned int is_de_vs : 1;
+
   /* Internal to GPGME, do not use.  */
-  int _unused : 31;
+  int _unused : 30;
 
   gpgme_recipient_t recipients;
 
@@ -1490,8 +1494,11 @@ struct _gpgme_signature
   /* Validity has been verified using the chain model. */
   unsigned int chain_model : 1;
 
+  /* True if the signature is in compliance to the de-vs mode.  */
+  unsigned int is_de_vs : 1;
+
   /* Internal to GPGME, do not use.  */
-  int _unused : 28;
+  int _unused : 27;
 
   gpgme_validity_t validity;
   gpgme_error_t validity_reason;
@@ -2468,7 +2475,9 @@ typedef enum
     GPGME_STATUS_TOFU_USER = 95,
     GPGME_STATUS_TOFU_STATS = 96,
     GPGME_STATUS_TOFU_STATS_LONG = 97,
-    GPGME_STATUS_NOTATION_FLAGS = 98
+    GPGME_STATUS_NOTATION_FLAGS = 98,
+    GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE = 99,
+    GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE = 100
   }
 gpgme_status_code_t;
 
diff --git a/src/keylist.c b/src/keylist.c
index e16ba4d1..5e1c61e6 100644
--- a/src/keylist.c
+++ b/src/keylist.c
@@ -416,23 +416,6 @@ parse_sec_field15 (gpgme_key_t key, gpgme_subkey_t subkey, char *field)
 }
 
 
-/* Parse the compliance field.  */
-static void
-parse_pub_field18 (gpgme_subkey_t subkey, char *field)
-{
-  char *p, *endp;
-  unsigned long ul;
-
-  for (p = field; p && (ul = strtoul (p, &endp, 10)) && p != endp; p = endp)
-    {
-      switch (ul)
-        {
-        case 23: subkey->is_de_vs = 1; break;
-        }
-    }
-}
-
-
 /* Parse a tfs record.  */
 static gpg_error_t
 parse_tfs_record (gpgme_user_id_t uid, char **field, int nfield)
@@ -731,7 +714,7 @@ keylist_colon_handler (void *priv, char *line)
 
       /* Field 18 has the compliance flags.  */
       if (fields >= 17 && *field[17])
-        parse_pub_field18 (subkey, field[17]);
+        PARSE_COMPLIANCE_FLAGS (field[17], subkey);
 
       if (fields >= 20)
         {
@@ -814,7 +797,7 @@ keylist_colon_handler (void *priv, char *line)
 
       /* Field 18 has the compliance flags.  */
       if (fields >= 17 && *field[17])
-        parse_pub_field18 (subkey, field[17]);
+        PARSE_COMPLIANCE_FLAGS (field[17], subkey);
 
       break;
 
diff --git a/src/status-table.c b/src/status-table.c
index 64511345..afc7eab8 100644
--- a/src/status-table.c
+++ b/src/status-table.c
@@ -56,6 +56,7 @@ static struct status_table_s status_table[] =
   { "DECRYPTION_INFO",   GPGME_STATUS_DECRYPTION_INFO  },
   { "DECRYPTION_OKAY", GPGME_STATUS_DECRYPTION_OKAY },
   { "DELETE_PROBLEM", GPGME_STATUS_DELETE_PROBLEM },
+  { "DECRYPTION_COMPLIANCE_MODE", GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE },
   { "ENC_TO", GPGME_STATUS_ENC_TO },
   { "END_DECRYPTION", GPGME_STATUS_END_DECRYPTION },
   { "END_ENCRYPTION", GPGME_STATUS_END_ENCRYPTION },
@@ -137,6 +138,7 @@ static struct status_table_s status_table[] =
   { "UNEXPECTED", GPGME_STATUS_UNEXPECTED },
   { "USERID_HINT", GPGME_STATUS_USERID_HINT },
   { "VALIDSIG", GPGME_STATUS_VALIDSIG },
+  { "VERIFICATION_COMPLIANCE_MODE", GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE },
   {NULL, 0}
 };
 
diff --git a/src/util.h b/src/util.h
index 7b7924cf..fd22d754 100644
--- a/src/util.h
+++ b/src/util.h
@@ -224,4 +224,26 @@ extern struct assuan_malloc_hooks _gpgme_assuan_malloc_hooks;
 int _gpgme_assuan_log_cb (assuan_context_t ctx, void *hook,
 			  unsigned int cat, const char *msg);
 
+
+
+/* Parse the compliance field.  */
+#define PARSE_COMPLIANCE_FLAGS(flags, result)				\
+  do {									\
+    char *comp_p, *comp_endp;						\
+    unsigned long comp_ul;						\
+									\
+    for (comp_p = (flags);						\
+	 comp_p								\
+	   && (comp_ul = strtoul (comp_p, &comp_endp, 10))		\
+	   && comp_p != comp_endp;					\
+	 comp_p = comp_endp)						\
+      {									\
+	switch (comp_ul)						\
+	  {								\
+	  case 23: (result)->is_de_vs = 1; break;			\
+	  }								\
+      }									\
+  } while (0)
+
+
 #endif /* UTIL_H */
diff --git a/src/verify.c b/src/verify.c
index 900f925d..ee730a34 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -1078,6 +1078,10 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args)
       if (err)
 	return err;
 
+    case GPGME_STATUS_VERIFICATION_COMPLIANCE_MODE:
+      PARSE_COMPLIANCE_FLAGS (args, opd->current_sig);
+      break;
+
     default:
       break;
     }