From 3598504854fd5f2709c35ea5075184a0a253ef50 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 5 Sep 2003 07:40:18 +0000
Subject: [PATCH] * keygen.c (do_add_key_flags, parse_parameter_usage)
 (do_generate_keypair): Add support the proposed AUTH key flag. * getkey.c
 (fixup_uidnode, merge_selfsigs_main) (merge_selfsigs_subkey,
 premerge_public_with_secret): Ditto. * keylist.c (print_capabilities): Ditto.

---
 g10/ChangeLog     |  8 ++++++++
 g10/getkey.c      | 21 ++++++++++++++-------
 g10/keygen.c      |  9 ++++++---
 g10/keylist.c     | 23 ++++++++++++++++-------
 include/ChangeLog |  4 ++++
 include/cipher.h  |  1 +
 6 files changed, 49 insertions(+), 17 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 274637283..afc16cb94 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,11 @@
+2003-09-04  Werner Koch  <wk@gnupg.org>
+
+	* keygen.c (do_add_key_flags, parse_parameter_usage) 
+	(do_generate_keypair): Add support the proposed AUTH key flag.
+	* getkey.c (fixup_uidnode, merge_selfsigs_main) 
+	(merge_selfsigs_subkey, premerge_public_with_secret): Ditto.
+	* keylist.c (print_capabilities): Ditto.
+
 2003-08-25  Timo Schulz  <twoaday@freakmail.de>
 
 	* pkglue.c (mpi_from_sexp): New. Used to factor out
diff --git a/g10/getkey.c b/g10/getkey.c
index c13d96dfb..7eda9384c 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1255,12 +1255,14 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
     p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
     if ( p && n ) {
         /* first octet of the keyflags */   
-        if ( (*p & 3) )
+        if ( (*p & 0x03) )
             uid->help_key_usage |= PUBKEY_USAGE_SIG;
-        if ( (*p & 12) )    
+        if ( (*p & 0x0c) )    
             uid->help_key_usage |= PUBKEY_USAGE_ENC;
         /* Note: we do not set the CERT flag here because it can be assumed
          * that thre is no real policy to set it. */
+        if ( (*p & 0x20) )    
+            uid->help_key_usage |= PUBKEY_USAGE_AUTH;
     }
 
     /* ditto or the key expiration */
@@ -1468,10 +1470,12 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
         p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
         if ( p && n ) {
             /* first octet of the keyflags */   
-            if ( (*p & 3) )
+            if ( (*p & 0x03) )
                 key_usage |= PUBKEY_USAGE_SIG;
-            if ( (*p & 12) )    
+            if ( (*p & 0x0c) )    
                 key_usage |= PUBKEY_USAGE_ENC;
+            if ( (*p & 0x20) )    
+                key_usage |= PUBKEY_USAGE_AUTH;
         }
 
 	p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
@@ -1858,10 +1862,12 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
     p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
     if ( p && n ) {
         /* first octet of the keyflags */   
-        if ( (*p & 3) )
+        if ( (*p & 0x03) )
             key_usage |= PUBKEY_USAGE_SIG;
-        if ( (*p & 12) )    
+        if ( (*p & 0x0c) )    
             key_usage |= PUBKEY_USAGE_ENC;
+        if ( (*p & 0x20) )    
+            key_usage |= PUBKEY_USAGE_AUTH;
     }
     if ( !key_usage ) { /* no key flags at all: get it from the algo */
         key_usage = openpgp_pk_algo_usage ( subpk->pubkey_algo );
@@ -2059,7 +2065,8 @@ premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
                             /* The secret parts are not available so
                                we can't use that key for signing etc.
                                Fix the pubkey usage */
-                            pk->pubkey_usage &= ~PUBKEY_USAGE_SIG;
+                            pk->pubkey_usage &= ~(PUBKEY_USAGE_SIG
+                                                  |PUBKEY_USAGE_AUTH);
                         }
                         /* transfer flag bits 0 and 1 to the pubblock */
                         pub->flag |= (sec->flag &3);
diff --git a/g10/keygen.c b/g10/keygen.c
index 1840a58c7..84857ae62 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -150,6 +150,8 @@ do_add_key_flags (PKT_signature *sig, unsigned int use)
         buf[0] |= 0x01 | 0x02;
     if (use & PUBKEY_USAGE_ENC)
         buf[0] |= 0x04 | 0x08;
+    if (use & PUBKEY_USAGE_AUTH)
+        buf[0] |= 0x20;
     build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
 }
 
@@ -1784,6 +1786,8 @@ parse_parameter_usage (const char *fname,
             use |= PUBKEY_USAGE_SIG;
         else if ( !ascii_strcasecmp (p, "encrypt") )
             use |= PUBKEY_USAGE_ENC;
+        else if ( !ascii_strcasecmp (p, "auth") )
+            use |= PUBKEY_USAGE_AUTH;
         else {
             log_error("%s:%d: invalid usage list\n", fname, r->lnr );
             return -1; /* error */
@@ -2552,11 +2556,10 @@ do_generate_keypair (struct para_data_s *para,
       rc = gen_card_key (PUBKEY_ALGO_RSA, 3, pub_root, sec_root,
                          get_parameter_u32 (para, pKEYEXPIRE), para);
 
-      /* FIXME: Change the usage to AUTH. */
       if (!rc)
-	rc = write_keybinding (pub_root, pub_root, sk, PUBKEY_USAGE_SIG);
+	rc = write_keybinding (pub_root, pub_root, sk, PUBKEY_USAGE_AUTH);
       if (!rc)
-	rc = write_keybinding (sec_root, pub_root, sk, PUBKEY_USAGE_SIG);
+	rc = write_keybinding (sec_root, pub_root, sk, PUBKEY_USAGE_AUTH);
     }
 
 
diff --git a/g10/keylist.c b/g10/keylist.c
index b5549fb47..081782785 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -405,20 +405,23 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
     {
       unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage;
     
-      if ( use & PUBKEY_USAGE_ENC )
+      if ( (use & PUBKEY_USAGE_ENC) )
         putchar ('e');
 
-      if ( use & PUBKEY_USAGE_SIG )
+      if ( (use & PUBKEY_USAGE_SIG) )
 	{
 	  putchar ('s');
 	  if( pk? pk->is_primary : sk->is_primary )
 	    putchar ('c');
 	}
+
+      if ( (use & PUBKEY_USAGE_AUTH) )
+        putchar ('a');
     }
 
     if ( keyblock ) { /* figure out the usable capabilities */
         KBNODE k;
-        int enc=0, sign=0, cert=0, disabled=0;
+        int enc=0, sign=0, cert=0, auth=0, disabled=0;
 
         for (k=keyblock; k; k = k->next ) {
             if ( k->pkt->pkttype == PKT_PUBLIC_KEY 
@@ -429,14 +432,16 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
 		  disabled=pk_is_disabled(pk);
 
                 if ( pk->is_valid && !pk->is_revoked && !pk->has_expired ) {
-                    if ( pk->pubkey_usage & PUBKEY_USAGE_ENC )
+                    if ( (pk->pubkey_usage & PUBKEY_USAGE_ENC) )
                         enc = 1;
-                    if ( pk->pubkey_usage & PUBKEY_USAGE_SIG )
+                    if ( (pk->pubkey_usage & PUBKEY_USAGE_SIG) )
 		      {
 			sign = 1;
 			if(pk->is_primary)
 			  cert = 1;
 		      }
+                    if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) )
+                      auth = 1;
                 }
             }
             else if ( k->pkt->pkttype == PKT_SECRET_KEY 
@@ -444,14 +449,16 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
                 sk = k->pkt->pkt.secret_key;
                 if ( sk->is_valid && !sk->is_revoked && !sk->has_expired
 		     && sk->protect.s2k.mode!=1001 ) {
-                    if ( sk->pubkey_usage & PUBKEY_USAGE_ENC )
+                    if ( (sk->pubkey_usage & PUBKEY_USAGE_ENC) )
                         enc = 1;
-                    if ( sk->pubkey_usage & PUBKEY_USAGE_SIG )
+                    if ( (sk->pubkey_usage & PUBKEY_USAGE_SIG) )
 		      {
 			sign = 1;
 			if(sk->is_primary)
 			  cert = 1;
 		      }
+                    if ( (sk->pubkey_usage & PUBKEY_USAGE_AUTH) )
+                        auth = 1;
                 }
             }
         }
@@ -461,6 +468,8 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
             putchar ('S');
         if (cert)
             putchar ('C');
+        if (auth)
+            putchar ('A');
         if (disabled)
             putchar ('D');
     }
diff --git a/include/ChangeLog b/include/ChangeLog
index 7d8191a2d..380d63b45 100644
--- a/include/ChangeLog
+++ b/include/ChangeLog
@@ -1,3 +1,7 @@
+2003-09-04  Werner Koch  <wk@gnupg.org>
+
+	* cipher.h (PUBKEY_USAGE_AUTH): Added.
+
 2003-07-03  Werner Koch  <wk@gnupg.org>
 
 	* cipher.h (DBG_CIPHER,g10c_debug_mode): Removed.
diff --git a/include/cipher.h b/include/cipher.h
index 56a1b2000..90cedb051 100644
--- a/include/cipher.h
+++ b/include/cipher.h
@@ -48,6 +48,7 @@
 #define PUBKEY_USAGE_SIG     GCRY_PK_USAGE_SIGN	 
 #define PUBKEY_USAGE_ENC     GCRY_PK_USAGE_ENCR
 #define PUBKEY_USAGE_CERT    4      /* key is also good to certify other keys*/
+#define PUBKEY_USAGE_AUTH    8
 
 #define DIGEST_ALGO_MD5       GCRY_MD_MD5
 #define DIGEST_ALGO_SHA1      GCRY_MD_SHA1