security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-11 22:01:08 +02:00
Code Activity

* keygen.c (do_add_key_flags, parse_parameter_usage)

Browse Source 
(do_generate_keypair): Add support the proposed AUTH key flag.
* getkey.c (fixup_uidnode, merge_selfsigs_main)
(merge_selfsigs_subkey, premerge_public_with_secret): Ditto.
* keylist.c (print_capabilities): Ditto.
This commit is contained in:
Werner Koch 2003-09-05 07:40:18 +00:00
parent 936250aac9
commit 3598504854
6 changed files with 49 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
g10/ChangeLog
View File

@ -1,3 +1,11 @@
2003-09-04 Werner Koch <wk@gnupg.org>
* keygen.c (do_add_key_flags, parse_parameter_usage)
(do_generate_keypair): Add support the proposed AUTH key flag.
* getkey.c (fixup_uidnode, merge_selfsigs_main)
(merge_selfsigs_subkey, premerge_public_with_secret): Ditto.
* keylist.c (print_capabilities): Ditto.
2003-08-25 Timo Schulz <twoaday@freakmail.de> 2003-08-25 Timo Schulz <twoaday@freakmail.de>
* pkglue.c (mpi_from_sexp): New. Used to factor out * pkglue.c (mpi_from_sexp): New. Used to factor out

21
g10/getkey.c
View File

@ -1255,12 +1255,14 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n ); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
if ( p && n ) { if ( p && n ) {
/* first octet of the keyflags */ /* first octet of the keyflags */
if ( (*p & 3) ) if ( (*p & 0x03) )
uid->help_key_usage |= PUBKEY_USAGE_SIG; uid->help_key_usage |= PUBKEY_USAGE_SIG;
if ( (*p & 12) ) if ( (*p & 0x0c) )
uid->help_key_usage |= PUBKEY_USAGE_ENC; uid->help_key_usage |= PUBKEY_USAGE_ENC;
/* Note: we do not set the CERT flag here because it can be assumed /* Note: we do not set the CERT flag here because it can be assumed
* that thre is no real policy to set it. */ * that thre is no real policy to set it. */
if ( (*p & 0x20) )
uid->help_key_usage |= PUBKEY_USAGE_AUTH;
} }
/* ditto or the key expiration */ /* ditto or the key expiration */
@ -1468,10 +1470,12 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n ); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
if ( p && n ) { if ( p && n ) {
/* first octet of the keyflags */ /* first octet of the keyflags */
if ( (*p & 3) ) if ( (*p & 0x03) )
key_usage |= PUBKEY_USAGE_SIG; key_usage |= PUBKEY_USAGE_SIG;
if ( (*p & 12) ) if ( (*p & 0x0c) )
key_usage |= PUBKEY_USAGE_ENC; key_usage |= PUBKEY_USAGE_ENC;
if ( (*p & 0x20) )
key_usage |= PUBKEY_USAGE_AUTH;
} }
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
@ -1858,10 +1862,12 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n ); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
if ( p && n ) { if ( p && n ) {
/* first octet of the keyflags */ /* first octet of the keyflags */
if ( (*p & 3) ) if ( (*p & 0x03) )
key_usage |= PUBKEY_USAGE_SIG; key_usage |= PUBKEY_USAGE_SIG;
if ( (*p & 12) ) if ( (*p & 0x0c) )
key_usage |= PUBKEY_USAGE_ENC; key_usage |= PUBKEY_USAGE_ENC;
if ( (*p & 0x20) )
key_usage |= PUBKEY_USAGE_AUTH;
} }
if ( !key_usage ) { /* no key flags at all: get it from the algo */ if ( !key_usage ) { /* no key flags at all: get it from the algo */
key_usage = openpgp_pk_algo_usage ( subpk->pubkey_algo ); key_usage = openpgp_pk_algo_usage ( subpk->pubkey_algo );
@ -2059,7 +2065,8 @@ premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
/* The secret parts are not available so /* The secret parts are not available so
we can't use that key for signing etc. we can't use that key for signing etc.
Fix the pubkey usage */ Fix the pubkey usage */
pk->pubkey_usage &= ~PUBKEY_USAGE_SIG; pk->pubkey_usage &= ~(PUBKEY_USAGE_SIG
|PUBKEY_USAGE_AUTH);
} }
/* transfer flag bits 0 and 1 to the pubblock */ /* transfer flag bits 0 and 1 to the pubblock */
pub->flag |= (sec->flag &3); pub->flag |= (sec->flag &3);

9
g10/keygen.c
View File

@ -150,6 +150,8 @@ do_add_key_flags (PKT_signature *sig, unsigned int use)
buf[0] |= 0x01 | 0x02; buf[0] |= 0x01 | 0x02;
if (use & PUBKEY_USAGE_ENC) if (use & PUBKEY_USAGE_ENC)
buf[0] |= 0x04 | 0x08; buf[0] |= 0x04 | 0x08;
if (use & PUBKEY_USAGE_AUTH)
buf[0] |= 0x20;
build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
} }
@ -1784,6 +1786,8 @@ parse_parameter_usage (const char *fname,
use |= PUBKEY_USAGE_SIG; use |= PUBKEY_USAGE_SIG;
else if ( !ascii_strcasecmp (p, "encrypt") ) else if ( !ascii_strcasecmp (p, "encrypt") )
use |= PUBKEY_USAGE_ENC; use |= PUBKEY_USAGE_ENC;
else if ( !ascii_strcasecmp (p, "auth") )
use |= PUBKEY_USAGE_AUTH;
else { else {
log_error("%s:%d: invalid usage list\n", fname, r->lnr ); log_error("%s:%d: invalid usage list\n", fname, r->lnr );
return -1; /* error */ return -1; /* error */
@ -2552,11 +2556,10 @@ do_generate_keypair (struct para_data_s *para,
rc = gen_card_key (PUBKEY_ALGO_RSA, 3, pub_root, sec_root, rc = gen_card_key (PUBKEY_ALGO_RSA, 3, pub_root, sec_root,
get_parameter_u32 (para, pKEYEXPIRE), para); get_parameter_u32 (para, pKEYEXPIRE), para);
/* FIXME: Change the usage to AUTH. */
if (!rc) if (!rc)
rc = write_keybinding (pub_root, pub_root, sk, PUBKEY_USAGE_SIG); rc = write_keybinding (pub_root, pub_root, sk, PUBKEY_USAGE_AUTH);
if (!rc) if (!rc)
rc = write_keybinding (sec_root, pub_root, sk, PUBKEY_USAGE_SIG); rc = write_keybinding (sec_root, pub_root, sk, PUBKEY_USAGE_AUTH);
} }

23
g10/keylist.c
View File

@ -405,20 +405,23 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
{ {
unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage; unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage;
if ( use & PUBKEY_USAGE_ENC ) if ( (use & PUBKEY_USAGE_ENC) )
putchar ('e'); putchar ('e');
if ( use & PUBKEY_USAGE_SIG ) if ( (use & PUBKEY_USAGE_SIG) )
{ {
putchar ('s'); putchar ('s');
if( pk? pk->is_primary : sk->is_primary ) if( pk? pk->is_primary : sk->is_primary )
putchar ('c'); putchar ('c');
} }
if ( (use & PUBKEY_USAGE_AUTH) )
putchar ('a');
} }
if ( keyblock ) { /* figure out the usable capabilities */ if ( keyblock ) { /* figure out the usable capabilities */
KBNODE k; KBNODE k;
int enc=0, sign=0, cert=0, disabled=0; int enc=0, sign=0, cert=0, auth=0, disabled=0;
for (k=keyblock; k; k = k->next ) { for (k=keyblock; k; k = k->next ) {
if ( k->pkt->pkttype == PKT_PUBLIC_KEY if ( k->pkt->pkttype == PKT_PUBLIC_KEY
@ -429,14 +432,16 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
disabled=pk_is_disabled(pk); disabled=pk_is_disabled(pk);
if ( pk->is_valid && !pk->is_revoked && !pk->has_expired ) { if ( pk->is_valid && !pk->is_revoked && !pk->has_expired ) {
if ( pk->pubkey_usage & PUBKEY_USAGE_ENC ) if ( (pk->pubkey_usage & PUBKEY_USAGE_ENC) )
enc = 1; enc = 1;
if ( pk->pubkey_usage & PUBKEY_USAGE_SIG ) if ( (pk->pubkey_usage & PUBKEY_USAGE_SIG) )
{ {
sign = 1; sign = 1;
if(pk->is_primary) if(pk->is_primary)
cert = 1; cert = 1;
} }
if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) )
auth = 1;
} }
} }
else if ( k->pkt->pkttype == PKT_SECRET_KEY else if ( k->pkt->pkttype == PKT_SECRET_KEY
@ -444,14 +449,16 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
sk = k->pkt->pkt.secret_key; sk = k->pkt->pkt.secret_key;
if ( sk->is_valid && !sk->is_revoked && !sk->has_expired if ( sk->is_valid && !sk->is_revoked && !sk->has_expired
&& sk->protect.s2k.mode!=1001 ) { && sk->protect.s2k.mode!=1001 ) {
if ( sk->pubkey_usage & PUBKEY_USAGE_ENC ) if ( (sk->pubkey_usage & PUBKEY_USAGE_ENC) )
enc = 1; enc = 1;
if ( sk->pubkey_usage & PUBKEY_USAGE_SIG ) if ( (sk->pubkey_usage & PUBKEY_USAGE_SIG) )
{ {
sign = 1; sign = 1;
if(sk->is_primary) if(sk->is_primary)
cert = 1; cert = 1;
} }
if ( (sk->pubkey_usage & PUBKEY_USAGE_AUTH) )
auth = 1;
} }
} }
} }
@ -461,6 +468,8 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
putchar ('S'); putchar ('S');
if (cert) if (cert)
putchar ('C'); putchar ('C');
if (auth)
putchar ('A');
if (disabled) if (disabled)
putchar ('D'); putchar ('D');
} }

4
include/ChangeLog
View File

@ -1,3 +1,7 @@
2003-09-04 Werner Koch <wk@gnupg.org>
* cipher.h (PUBKEY_USAGE_AUTH): Added.
2003-07-03 Werner Koch <wk@gnupg.org> 2003-07-03 Werner Koch <wk@gnupg.org>
* cipher.h (DBG_CIPHER,g10c_debug_mode): Removed. * cipher.h (DBG_CIPHER,g10c_debug_mode): Removed.

1
include/cipher.h
View File

@ -48,6 +48,7 @@
#define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN #define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN
#define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR #define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR
#define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/ #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/
#define PUBKEY_USAGE_AUTH 8
#define DIGEST_ALGO_MD5 GCRY_MD_MD5 #define DIGEST_ALGO_MD5 GCRY_MD_MD5
#define DIGEST_ALGO_SHA1 GCRY_MD_SHA1 #define DIGEST_ALGO_SHA1 GCRY_MD_SHA1