From 7468c9ab9b1171aaf0853a9c847e753eea3e735d Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 20 Jun 2002 12:13:44 +0000 Subject: [PATCH] * verify.c (calc_sig_summary): Set bad policy for wrong key usage. (skip_token): New. (_gpgme_verify_status_handler): Watch out for wrong key usage. (gpgme_get_sig_string_attr): Hack to return info on the key usage. Does now make use of the former RESERVED argument which has been renamed to WHATIDX. (gpgme_get_sig_ulong_attr): Renamed RESERVED to WHATIDX. * gpgme.texi (Verify): Explain the new whatidx variable. --- trunk/doc/ChangeLog | 4 ++++ trunk/doc/gpgme.texi | 29 +++++++++++++++++++---------- trunk/gpgme/ChangeLog | 10 ++++++++++ trunk/gpgme/gpgme.h | 6 +++--- trunk/gpgme/verify.c | 41 ++++++++++++++++++++++++++++++++++------- 5 files changed, 70 insertions(+), 20 deletions(-) diff --git a/trunk/doc/ChangeLog b/trunk/doc/ChangeLog index 19a292c..3c9cee8 100644 --- a/trunk/doc/ChangeLog +++ b/trunk/doc/ChangeLog @@ -1,3 +1,7 @@ +2002-06-20 Werner Koch + + * gpgme.texi (Verify): Explain the new whatidx variable. + 2002-06-10 Werner Koch * gpgme.texi (Verify): Document attribute GPGME_ATTR_ERRTOK. diff --git a/trunk/doc/gpgme.texi b/trunk/doc/gpgme.texi index cd5e57f..9f07ee9 100644 --- a/trunk/doc/gpgme.texi +++ b/trunk/doc/gpgme.texi @@ -2217,25 +2217,34 @@ fingerprint of the key which signed the plaintext, or @code{NULL} if no verification could be performed. @end deftypefun -@deftypefun {const char *} gpgme_get_sig_string_attr (@w{GpgmeCtx @var{ctx}}, @w{int @var{idx}}, @w{GpgmeAttr @var{what}}, @w{int @var{reserved}}) +@deftypefun {const char *} gpgme_get_sig_string_attr (@w{GpgmeCtx @var{ctx}}, @w{int @var{idx}}, @w{GpgmeAttr @var{what}}, @w{int @var{whatidx}}) This function is similar to @code{gpgme_get_sig_status} but may be used to retrieve more detailed information. @var{ctx} should be the context used for the last signature verification, @var{idx} is used to enumerate -over all signatures starting with @code{0} and @var{reserved} should be -@code{0} for now. +over all signatures starting with @code{0} and @var{whatidx} should be +@code{0} for unless otherwise stated. -The attributes @var{what} currently supports are -@code{GPGME_ATTR_FPR} to return the fingerprint of the key used to -create the signature and @code{GPGME_ERRTOK} to return a token -with a more detailed error description. +The following values may be used for @var{what}: +@table @code +@item GPGME_ATTR_FPR +Return the fingerprint of the key used to create the signature. + +@item GPGME_ATTR_ERRTOK +Return a token with a more detailed error description. A @var{whatidx} +of @code{0} returns an error token associated with validity calculation, +a value of @code{1} return an error token related to the certifixate +checking. + +@end table @end deftypefun -@deftypefun {const char *} gpgme_get_sig_ulong_attr (@w{GpgmeCtx @var{ctx}}, @w{int @var{idx}}, @w{GpgmeAttr @var{waht}}, @w{int @var{reserved}}) -This fucntion is similar to @code{gpgme_get_sig_string_attr} but used +@deftypefun {const char *} gpgme_get_sig_ulong_attr (@w{GpgmeCtx @var{ctx}}, @w{int @var{idx}}, @w{GpgmeAttr @var{waht}}, @w{int @var{whatidx}}) +This function is similar to @code{gpgme_get_sig_string_attr} but used for attributes which can be represented by an @code{unsigned long} data type. @var{ctx} should be the context used for the last signature verification, @var{idx} is used to enumerate over all signatures -starting with @code{0} and @var{reserved} should be @code{0} for now. +starting with @code{0} and @var{whatidx} should be @code{0} for unless +otherwise stated. The following values may be used for @var{what}: @table @code diff --git a/trunk/gpgme/ChangeLog b/trunk/gpgme/ChangeLog index c017b08..5c68e9c 100644 --- a/trunk/gpgme/ChangeLog +++ b/trunk/gpgme/ChangeLog @@ -1,3 +1,13 @@ +2002-06-20 Werner Koch + + * verify.c (calc_sig_summary): Set bad policy for wrong key usage. + (skip_token): New. + (_gpgme_verify_status_handler): Watch out for wrong key usage. + (gpgme_get_sig_string_attr): Hack to return info on the key + usage. Does now make use of the former RESERVED argument which + has been renamed to WHATIDX. + (gpgme_get_sig_ulong_attr): Renamed RESERVED to WHATIDX. + 2002-06-14 Marcus Brinkmann * wait.c (do_select): Return -1 on error, and 0 if nothing to run. diff --git a/trunk/gpgme/gpgme.h b/trunk/gpgme/gpgme.h index cc781cd..798ebd7 100644 --- a/trunk/gpgme/gpgme.h +++ b/trunk/gpgme/gpgme.h @@ -317,11 +317,11 @@ const char *gpgme_get_sig_status (GpgmeCtx ctx, int idx, /* Retrieve certain attributes of a signature. IDX is the index number of the signature after a successful verify operation. WHAT is an attribute where GPGME_ATTR_EXPIRE is probably the most useful - one. RESERVED must be passed as 0. */ + one. WHATIDX is to be passed as 0 for most attributes . */ unsigned long gpgme_get_sig_ulong_attr (GpgmeCtx c, int idx, - GpgmeAttr what, int reserved); + GpgmeAttr what, int whatidx); const char *gpgme_get_sig_string_attr (GpgmeCtx c, int idx, - GpgmeAttr what, int reserved); + GpgmeAttr what, int whatidx); /* Get the key used to create signature IDX in CTX and return it in diff --git a/trunk/gpgme/verify.c b/trunk/gpgme/verify.c index fe99aa9..1005426 100644 --- a/trunk/gpgme/verify.c +++ b/trunk/gpgme/verify.c @@ -44,6 +44,7 @@ struct verify_result_s ulong timestamp; /* Signature creation time. */ ulong exptimestamp; /* signature exipration time or 0 */ GpgmeValidity validity; + int wrong_key_usage; char trust_errtok[31]; /* error token send with the trust status */ }; @@ -82,6 +83,23 @@ is_token (const char *string, const char *token, size_t *next) return 1; } +static int +skip_token (const char *string, size_t *next) +{ + size_t n = 0; + + for (;*string && *string != ' '; string++, n++) + ; + for (;*string == ' '; string++, n++) + ; + if (!*string) + return 0; + if (next) + *next = n; + return 1; +} + + static size_t copy_token (const char *string, char *buffer, size_t length) { @@ -306,6 +324,12 @@ _gpgme_verify_status_handler (GpgmeCtx ctx, GpgStatusCode code, char *args) ctx->result.verify->status = GPGME_SIG_STAT_ERROR; } + else if (skip_token (args, &n) && n) + { + args += n; + if (is_token (args, "Wrong_Key_Usage", NULL)) + ctx->result.verify->wrong_key_usage = 1; + } break; case STATUS_EOF: @@ -548,6 +572,9 @@ calc_sig_summary (VerifyResult result) else if (*result->trust_errtok) sum |= GPGME_SIGSUM_SYS_ERROR; + if (result->wrong_key_usage) + sum |= GPGME_SIGSUM_BAD_POLICY; + /* Set the valid flag when the signature is unquestionable valid. */ if ((sum & GPGME_SIGSUM_GREEN) && !(sum & ~GPGME_SIGSUM_GREEN)) @@ -558,15 +585,13 @@ calc_sig_summary (VerifyResult result) const char * -gpgme_get_sig_string_attr (GpgmeCtx c, int idx, GpgmeAttr what, int reserved) +gpgme_get_sig_string_attr (GpgmeCtx c, int idx, GpgmeAttr what, int whatidx) { VerifyResult result; if (!c || c->pending || !c->result.verify) return NULL; /* No results yet or verification error. */ - if (reserved) - return NULL; /* We might want to use it to enumerate attributes of - one signature */ + for (result = c->result.verify; result && idx > 0; result = result->next, idx--) ; @@ -578,7 +603,10 @@ gpgme_get_sig_string_attr (GpgmeCtx c, int idx, GpgmeAttr what, int reserved) case GPGME_ATTR_FPR: return result->fpr; case GPGME_ATTR_ERRTOK: - return result->trust_errtok; + if (whatidx == 1) + return result->wrong_key_usage? "Wrong_Key_Usage":""; + else + return result->trust_errtok; default: break; } @@ -592,8 +620,7 @@ gpgme_get_sig_ulong_attr (GpgmeCtx c, int idx, GpgmeAttr what, int reserved) if (!c || c->pending || !c->result.verify) return 0; /* No results yet or verification error. */ - if (reserved) - return 0; + for (result = c->result.verify; result && idx > 0; result = result->next, idx--) ; -- 2.26.2