Print NO_SECKEY status line in gpgsm.

This fixes bug#1020.

sm/ChangeLog

@@ -1,3 +1,10 @@
+2009-03-25  Werner Koch  <wk@g10code.com>
+
+	* decrypt.c (gpgsm_decrypt): Print ENC_TO and NO_SECKEY
+	stati.  Fixes bug#1020.
+	* fingerprint.c (gpgsm_get_short_fingerprint): Add arg R_HIGH and
+	change all callers.
+
 2009-03-23  Werner Koch  <wk@g10code.com>
 
 	* delete.c (delete_one): Also delete ephemeral certificates if

sm/certdump.c

@@ -952,7 +952,7 @@ gpgsm_format_keydesc (ksba_cert_t cert)
                          "created %s, expires %s.\n" ),
                        subject? subject:"?",
                        sn? sn: "?",
-                       gpgsm_get_short_fingerprint (cert),
+                       gpgsm_get_short_fingerprint (cert, NULL),
                        created, expires);
   
   i18n_switchback (orig_codeset);

sm/decrypt.c

@@ -362,6 +362,9 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
               ksba_sexp_t enc_val;
               char *hexkeygrip = NULL;
               char *desc = NULL;
+              char kidbuf[16+1];
+
+              *kidbuf = 0;
 
               rc = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial);
               if (rc == -1 && recp)
@@ -394,6 +397,25 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
                       log_error ("failed to get cert: %s\n", gpg_strerror (rc));
                       goto oops;     
                     }
+
+                  /* Print the ENC_TO status line.  Note that we can
+                     do so only if we have the certificate.  This is
+                     in contrast to gpg where the keyID is commonly
+                     included in the encrypted messages. It is too
+                     cumbersome to retrieve the used algorithm, thus
+                     we don't print it for now.  We also record the
+                     keyid for later use.  */
+                  {
+                    unsigned long kid[2];
+                    
+                    kid[0] = gpgsm_get_short_fingerprint (cert, kid+1);
+                    snprintf (kidbuf, sizeof kidbuf, "%08lX%08lX",
+                              kid[1], kid[0]);
+                    gpgsm_status2 (ctrl, STATUS_ENC_TO, 
+                                   kidbuf, "0", "0", NULL);
+                  }
+
+
                   /* Just in case there is a problem with the own
                      certificate we print this message - should never
                      happen of course */
@@ -430,6 +452,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
                     {
                       log_info ("decrypting session key failed: %s\n",
                                 gpg_strerror (rc));
+                      if (gpg_err_code (rc) == GPG_ERR_NO_SECKEY && *kidbuf)
+                        gpgsm_status2 (ctrl, STATUS_NO_SECKEY, kidbuf, NULL);
                     }
                   else
                     { /* setup the bulk decrypter */

sm/fingerprint.c

@@ -140,13 +140,16 @@ gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo)
 }
 
 /* Return a certificate ID.  These are the last 4 bytes of the SHA-1
-   fingerprint. */
+   fingerprint.  If R_HIGH is not NULL the next 4 bytes are stored
+   there. */
 unsigned long
-gpgsm_get_short_fingerprint (ksba_cert_t cert)
+gpgsm_get_short_fingerprint (ksba_cert_t cert, unsigned long *r_high)
 {
   unsigned char digest[20];
 
   gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL);
+  if (r_high)
+    *r_high = ((digest[12]<<24)|(digest[13]<<16)|(digest[14]<< 8)|digest[15]);
   return ((digest[16]<<24)|(digest[17]<<16)|(digest[18]<< 8)|digest[19]);
 }
 

sm/gpgsm.h

@@ -229,7 +229,7 @@ int  gpgsm_parse_validation_model (const char *model);
 /*-- server.c --*/
 void gpgsm_server (certlist_t default_recplist);
 gpg_error_t gpgsm_status (ctrl_t ctrl, int no, const char *text);
-gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...);
+gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...) GNUPG_GCC_A_SENTINEL(0);
 gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
                                         gpg_err_code_t ec);
 gpg_error_t gpgsm_proxy_pinentry_notify (ctrl_t ctrl,
@@ -240,7 +240,8 @@ unsigned char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
                                       unsigned char *array, int *r_len);
 char *gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo);
 char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo);
-unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert);
+unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert,
+                                           unsigned long *r_high);
 unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array);
 char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert);
 int  gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);

sm/keylist.c

@@ -672,7 +672,7 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
   (void)have_secret;
 
   es_fprintf (fp, "           ID: 0x%08lX\n",
-              gpgsm_get_short_fingerprint (cert));
+              gpgsm_get_short_fingerprint (cert, NULL));
 
   sexp = ksba_cert_get_serial (cert);
   es_fputs ("          S/N: ", fp);
@@ -1042,7 +1042,7 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
   (void)have_secret;
 
   es_fprintf (fp, "           ID: 0x%08lX\n",
-              gpgsm_get_short_fingerprint (cert));
+              gpgsm_get_short_fingerprint (cert, NULL));
 
   sexp = ksba_cert_get_serial (cert);
   es_fputs ("          S/N: ", fp);

sm/verify.c

@@ -450,7 +450,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
       else
         log_printf (_("[date not given]"));
       log_printf (_(" using certificate ID 0x%08lX\n"),
-                  gpgsm_get_short_fingerprint (cert));
+                  gpgsm_get_short_fingerprint (cert, NULL));
 
 
       if (msgdigest)