1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-17 14:07:03 +01:00

gpg: Support key flags for RENC, TIME, and GROUP.

* g10/packet.h (PUBKEY_USAGE_RENC): New.
(PUBKEY_USAGE_TIME): New.
(PUBKEY_USAGE_GROUP): New.
* g10/getkey.c (parse_key_usage): Set the new key flags.
* g10/keyedit.c (show_key_with_all_names_colon): Show the new key
flags.
* g10/keyid.c (usagestr_from_pk): Ditto
* g10/keylist.c (print_capabilities): Ditto.
* g10/keygen.c (parse_usagestr): Parse line and set new flags.
(quickgen_set_para): Show flags.
--

See draft-koch-openpgp-2015-rfc4880bis-00 for the current version.
Actually these flags have been in the draft for years now.  This patch
is a first step to make use of them.
This commit is contained in:
Werner Koch 2022-09-07 10:34:05 +02:00
parent a5d9be1e28
commit 202ed9e281
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
7 changed files with 58 additions and 3 deletions

View File

@ -192,6 +192,9 @@ described here.
- s :: Sign - s :: Sign
- c :: Certify - c :: Certify
- a :: Authentication - a :: Authentication
- r :: Restricted encryption (subkey only use)
- t :: Timestamping
- g :: Group key
- ? :: Unknown capability - ? :: Unknown capability
A key may have any combination of them in any order. In addition A key may have any combination of them in any order. In addition
@ -1593,6 +1596,8 @@ Description of some debug flags:
calculate a RMD160 hash value from it. This is used calculate a RMD160 hash value from it. This is used
as the fingerprint and the low 64 bits are the keyid. as the fingerprint and the low 64 bits are the keyid.
** gnupg.org notations
** Simplified revocation certificates ** Simplified revocation certificates
Revocation certificates consist only of the signature packet; Revocation certificates consist only of the signature packet;
"--import" knows how to handle this. The rationale behind it is to "--import" knows how to handle this. The rationale behind it is to

View File

@ -2531,11 +2531,29 @@ parse_key_usage (PKT_signature * sig)
flags &= ~0x20; flags &= ~0x20;
} }
if ((flags & 0x80))
{
key_usage |= PUBKEY_USAGE_GROUP;
flags &= ~0x80;
}
if (flags) if (flags)
key_usage |= PUBKEY_USAGE_UNKNOWN; key_usage |= PUBKEY_USAGE_UNKNOWN;
n--;
p++;
if (n)
{
flags = *p;
if ((flags & 0x04))
key_usage |= PUBKEY_USAGE_RENC;
if ((flags & 0x08))
key_usage |= PUBKEY_USAGE_TIME;
}
if (!key_usage) if (!key_usage)
key_usage |= PUBKEY_USAGE_NONE; key_usage |= PUBKEY_USAGE_NONE;
} }
else if (p) /* Key flags of length zero. */ else if (p) /* Key flags of length zero. */
key_usage |= PUBKEY_USAGE_NONE; key_usage |= PUBKEY_USAGE_NONE;

View File

@ -3464,6 +3464,12 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
es_putc ('c', fp); es_putc ('c', fp);
if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH)) if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH))
es_putc ('a', fp); es_putc ('a', fp);
if ((pk->pubkey_usage & PUBKEY_USAGE_RENC))
es_putc ('r', fp);
if ((pk->pubkey_usage & PUBKEY_USAGE_TIME))
es_putc ('t', fp);
if ((pk->pubkey_usage & PUBKEY_USAGE_GROUP))
es_putc ('g', fp);
es_putc ('\n', fp); es_putc ('\n', fp);
print_fingerprint (ctrl, fp, pk, 0); print_fingerprint (ctrl, fp, pk, 0);

View File

@ -3778,6 +3778,12 @@ parse_usagestr (const char *usagestr)
use |= PUBKEY_USAGE_AUTH; use |= PUBKEY_USAGE_AUTH;
else if (!ascii_strcasecmp (s, "cert")) else if (!ascii_strcasecmp (s, "cert"))
use |= PUBKEY_USAGE_CERT; use |= PUBKEY_USAGE_CERT;
else if (!ascii_strcasecmp (s, "renc"))
use |= PUBKEY_USAGE_RENC;
else if (!ascii_strcasecmp (s, "time"))
use |= PUBKEY_USAGE_TIME;
else if (!ascii_strcasecmp (s, "group"))
use |= PUBKEY_USAGE_GROUP;
else else
{ {
xfree (tokens); xfree (tokens);
@ -4322,14 +4328,17 @@ quickgen_set_para (struct para_data_s *para, int for_subkey,
{ {
struct para_data_s *r; struct para_data_s *r;
r = xmalloc_clear (sizeof *r + 30); r = xmalloc_clear (sizeof *r + 50);
r->key = for_subkey? pSUBKEYUSAGE : pKEYUSAGE; r->key = for_subkey? pSUBKEYUSAGE : pKEYUSAGE;
if (use) if (use)
snprintf (r->u.value, 30, "%s%s%s%s", snprintf (r->u.value, 30, "%s%s%s%s%s%s%s",
(use & PUBKEY_USAGE_ENC)? "encr " : "", (use & PUBKEY_USAGE_ENC)? "encr " : "",
(use & PUBKEY_USAGE_SIG)? "sign " : "", (use & PUBKEY_USAGE_SIG)? "sign " : "",
(use & PUBKEY_USAGE_AUTH)? "auth " : "", (use & PUBKEY_USAGE_AUTH)? "auth " : "",
(use & PUBKEY_USAGE_CERT)? "cert " : ""); (use & PUBKEY_USAGE_CERT)? "cert " : "",
(use & PUBKEY_USAGE_RENC)? "renc " : "",
(use & PUBKEY_USAGE_TIME)? "time " : "",
(use & PUBKEY_USAGE_GROUP)?"group ": "");
else else
strcpy (r->u.value, for_subkey ? "encr" : "sign"); strcpy (r->u.value, for_subkey ? "encr" : "sign");
r->next = para; r->next = para;

View File

@ -712,6 +712,13 @@ usagestr_from_pk (PKT_public_key *pk, int fill)
if ( (use & PUBKEY_USAGE_AUTH) ) if ( (use & PUBKEY_USAGE_AUTH) )
buffer[i++] = 'A'; buffer[i++] = 'A';
if ( (use & PUBKEY_USAGE_RENC) )
buffer[i++] = 'R';
if ( (use & PUBKEY_USAGE_TIME) )
buffer[i++] = 'T';
if ( (use & PUBKEY_USAGE_GROUP) )
buffer[i++] = 'G';
while (fill && i < 4) while (fill && i < 4)
buffer[i++] = ' '; buffer[i++] = ' ';

View File

@ -924,6 +924,13 @@ print_capabilities (ctrl_t ctrl, PKT_public_key *pk, KBNODE keyblock)
if ((use & PUBKEY_USAGE_AUTH)) if ((use & PUBKEY_USAGE_AUTH))
es_putc ('a', es_stdout); es_putc ('a', es_stdout);
if (use & PUBKEY_USAGE_RENC)
es_putc ('r', es_stdout);
if ((use & PUBKEY_USAGE_TIME))
es_putc ('t', es_stdout);
if ((use & PUBKEY_USAGE_GROUP))
es_putc ('g', es_stdout);
if ((use & PUBKEY_USAGE_UNKNOWN)) if ((use & PUBKEY_USAGE_UNKNOWN))
es_putc ('?', es_stdout); es_putc ('?', es_stdout);

View File

@ -56,6 +56,9 @@
| GCRY_PK_USAGE_AUTH | GCRY_PK_USAGE_UNKN) >= 256 | GCRY_PK_USAGE_AUTH | GCRY_PK_USAGE_UNKN) >= 256
# error Please choose another value for PUBKEY_USAGE_NONE # error Please choose another value for PUBKEY_USAGE_NONE
#endif #endif
#define PUBKEY_USAGE_GROUP 512 /* Group flag. */
#define PUBKEY_USAGE_RENC 1024 /* Restricted encryption. */
#define PUBKEY_USAGE_TIME 2048 /* Timestamp use. */
/* Helper macros. */ /* Helper macros. */
#define is_RSA(a) ((a)==PUBKEY_ALGO_RSA || (a)==PUBKEY_ALGO_RSA_E \ #define is_RSA(a) ((a)==PUBKEY_ALGO_RSA || (a)==PUBKEY_ALGO_RSA_E \