4 files changed, 31 insertions, 3 deletions

diff --git a/openpgp-ffi/examples/decrypt-with.c b/openpgp-ffi/examples/decrypt-with.c
index 0f2662ab..8343f34d 100644
--- a/openpgp-ffi/examples/decrypt-with.c
+++ b/openpgp-ffi/examples/decrypt-with.c
@@ -210,7 +210,7 @@ main (int argc, char **argv)
   };
   plaintext = pgp_decryptor_new (&err, source,
                                  get_public_keys_cb, decrypt_cb,
-                                 check_cb, &cookie, 0);
+                                 check_cb, NULL, &cookie, 0);
   if (! plaintext)
     error (1, 0, "pgp_decryptor_new: %s", pgp_error_to_string (err));
 
diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h
index 554a8306..1e8315b5 100644
--- a/openpgp-ffi/include/sequoia/openpgp.h
+++ b/openpgp-ffi/include/sequoia/openpgp.h
@@ -1564,6 +1564,7 @@ pgp_reader_t pgp_decryptor_new (pgp_error_t *errp, pgp_reader_t input,
     pgp_decryptor_get_public_keys_cb_t get_public_keys,
     pgp_decryptor_decrypt_cb_t decrypt,
     pgp_decryptor_check_cb_t check,
+    pgp_decryptor_inspect_cb_t inspect,
     void *cookie, time_t time);
 
 /*/
diff --git a/openpgp-ffi/include/sequoia/openpgp/types.h b/openpgp-ffi/include/sequoia/openpgp/types.h
index 42dfb727..b6003b1d 100644
--- a/openpgp-ffi/include/sequoia/openpgp/types.h
+++ b/openpgp-ffi/include/sequoia/openpgp/types.h
@@ -522,4 +522,7 @@ typedef pgp_status_t (*pgp_decryptor_decrypt_cb_t) (void *,
 typedef pgp_status_t (*pgp_decryptor_check_cb_t) (void *,
     pgp_message_structure_t);
 
+typedef pgp_status_t (*pgp_decryptor_inspect_cb_t) (void *,
+    pgp_packet_parser_t);
+
 #endif
diff --git a/openpgp-ffi/src/parse/stream.rs b/openpgp-ffi/src/parse/stream.rs
index 5b8ed62b..b887f5e6 100644
--- a/openpgp-ffi/src/parse/stream.rs
+++ b/openpgp-ffi/src/parse/stream.rs
@@ -48,6 +48,7 @@ use super::super::{
     tpk::TPK,
     packet::signature::Signature,
     packet::key::Key,
+    parse::PacketParser,
     revocation_status::RevocationStatus,
 };
 
@@ -278,6 +279,12 @@ type GetPublicKeysCallback = fn(*mut HelperCookie,
                                 &mut *mut *mut TPK, *mut usize,
                                 *mut FreeCallback) -> Status;
 
+/// Inspect packets as they are decrypted.
+///
+/// This function is called on every packet that the decryptor
+/// observes.
+type InspectCallback = fn(*mut HelperCookie, *const PacketParser) -> Status;
+
 /// Decrypts the message.
 ///
 /// This function is called with every `PKESK` and `SKESK` found in
@@ -638,6 +645,7 @@ fn pgp_detached_verifier_new<'a>(errp: Option<&mut *mut ::error::Error>,
 
 struct DHelper {
     vhelper: VHelper,
+    inspect_cb: Option<InspectCallback>,
     decrypt_cb: DecryptCallback,
 }
 
@@ -645,11 +653,13 @@ impl DHelper {
     fn new(get_public_keys: GetPublicKeysCallback,
            decrypt: DecryptCallback,
            check: CheckCallback,
+           inspect: Option<InspectCallback>,
            cookie: *mut HelperCookie)
        -> Self
     {
         DHelper {
             vhelper: VHelper::new(get_public_keys, check, cookie),
+            inspect_cb: inspect,
             decrypt_cb: decrypt,
         }
     }
@@ -670,6 +680,19 @@ impl VerificationHelper for DHelper {
 }
 
 impl DecryptionHelper for DHelper {
+    fn inspect(&mut self, pp: &PacketParser) -> failure::Fallible<()> {
+        if let Some(cb) = self.inspect_cb {
+            match cb(self.vhelper.cookie, pp) {
+                Status::Success => Ok(()),
+                // XXX: Convert the status to an error better.
+                status => Err(failure::format_err!(
+                    "Inspect Callback returned an error: {:?}", status).into()),
+            }
+        } else {
+            Ok(())
+        }
+    }
+
     fn decrypt<D>(&mut self, pkesks: &[PKESK], skesks: &[SKESK],
                   mut decrypt: D)
                   -> openpgp::Result<Option<openpgp::Fingerprint>>
@@ -860,7 +883,7 @@ impl DecryptionHelper for DHelper {
 ///   };
 ///   plaintext = pgp_decryptor_new (NULL, source,
 ///                                  get_public_keys_cb, decrypt_cb,
-///                                  check_cb, &cookie, 1554542219);
+///                                  check_cb, NULL, &cookie, 1554542219);
 ///   assert (plaintext);
 ///
 ///   nread = pgp_reader_read (NULL, plaintext, buf, sizeof buf);
@@ -880,12 +903,13 @@ fn pgp_decryptor_new<'a>(errp: Option<&mut *mut ::error::Error>,
                          get_public_keys: GetPublicKeysCallback,
                          decrypt: DecryptCallback,
                          check: CheckCallback,
+                         inspect: Option<InspectCallback>,
                          cookie: *mut HelperCookie,
                          time: time_t)
                          -> Maybe<io::Reader>
 {
     let helper = DHelper::new(
-        get_public_keys, decrypt, check, cookie);
+        get_public_keys, decrypt, check, inspect, cookie);
 
     Decryptor::from_reader(input.ref_mut_raw(), helper, maybe_time(time))
         .map(|r| io::ReaderKind::Generic(Box::new(r)))