* keygen.c (do_add_key_flags, parse_parameter_usage)

(do_generate_keypair): Add support the proposed AUTH key flag. * getkey.c (fixup_uidnode, merge_selfsigs_main) (merge_selfsigs_subkey, premerge_public_with_secret): Ditto. * keylist.c (print_capabilities): Ditto.
2025-01-03 12:11:33 +01:00 · 2003-09-05 07:40:18 +00:00 · 2003-09-05 07:40:18 +00:00 · 3598504854
commit 3598504854
parent 936250aac9
6 changed files with 49 additions and 17 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,11 @@
+2003-09-04  Werner Koch  <wk@gnupg.org>
+
+	* keygen.c (do_add_key_flags, parse_parameter_usage) 
+	(do_generate_keypair): Add support the proposed AUTH key flag.
+	* getkey.c (fixup_uidnode, merge_selfsigs_main) 
+	(merge_selfsigs_subkey, premerge_public_with_secret): Ditto.
+	* keylist.c (print_capabilities): Ditto.
+
 2003-08-25  Timo Schulz  <twoaday@freakmail.de>

 	* pkglue.c (mpi_from_sexp): New. Used to factor out
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -1255,12 +1255,14 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
    p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
    if ( p && n ) {
        /* first octet of the keyflags */   
-        if ( (*p & 3) )
+        if ( (*p & 0x03) )
            uid->help_key_usage |= PUBKEY_USAGE_SIG;
-        if ( (*p & 12) )    
+        if ( (*p & 0x0c) )    
            uid->help_key_usage |= PUBKEY_USAGE_ENC;
        /* Note: we do not set the CERT flag here because it can be assumed
         * that thre is no real policy to set it. */
+        if ( (*p & 0x20) )    
+            uid->help_key_usage |= PUBKEY_USAGE_AUTH;
    }

    /* ditto or the key expiration */
@ -1468,10 +1470,12 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
        p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
        if ( p && n ) {
            /* first octet of the keyflags */   
-            if ( (*p & 3) )
+            if ( (*p & 0x03) )
                key_usage |= PUBKEY_USAGE_SIG;
-            if ( (*p & 12) )    
+            if ( (*p & 0x0c) )    
                key_usage |= PUBKEY_USAGE_ENC;
+            if ( (*p & 0x20) )    
+                key_usage |= PUBKEY_USAGE_AUTH;
        }

 	p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
@ -1858,10 +1862,12 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
    p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
    if ( p && n ) {
        /* first octet of the keyflags */   
-        if ( (*p & 3) )
+        if ( (*p & 0x03) )
            key_usage |= PUBKEY_USAGE_SIG;
-        if ( (*p & 12) )    
+        if ( (*p & 0x0c) )    
            key_usage |= PUBKEY_USAGE_ENC;
+        if ( (*p & 0x20) )    
+            key_usage |= PUBKEY_USAGE_AUTH;
    }
    if ( !key_usage ) { /* no key flags at all: get it from the algo */
        key_usage = openpgp_pk_algo_usage ( subpk->pubkey_algo );
@ -2059,7 +2065,8 @@ premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
                            /* The secret parts are not available so
                               we can't use that key for signing etc.
                               Fix the pubkey usage */
-                            pk->pubkey_usage &= ~PUBKEY_USAGE_SIG;
+                            pk->pubkey_usage &= ~(PUBKEY_USAGE_SIG
+                                                  |PUBKEY_USAGE_AUTH);
                        }
                        /* transfer flag bits 0 and 1 to the pubblock */
                        pub->flag |= (sec->flag &3);
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -150,6 +150,8 @@ do_add_key_flags (PKT_signature *sig, unsigned int use)
        buf[0] |= 0x01 | 0x02;
    if (use & PUBKEY_USAGE_ENC)
        buf[0] |= 0x04 | 0x08;
+    if (use & PUBKEY_USAGE_AUTH)
+        buf[0] |= 0x20;
    build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
 }

@ -1784,6 +1786,8 @@ parse_parameter_usage (const char *fname,
            use |= PUBKEY_USAGE_SIG;
        else if ( !ascii_strcasecmp (p, "encrypt") )
            use |= PUBKEY_USAGE_ENC;
+        else if ( !ascii_strcasecmp (p, "auth") )
+            use |= PUBKEY_USAGE_AUTH;
        else {
            log_error("%s:%d: invalid usage list\n", fname, r->lnr );
            return -1; /* error */
@ -2552,11 +2556,10 @@ do_generate_keypair (struct para_data_s *para,
      rc = gen_card_key (PUBKEY_ALGO_RSA, 3, pub_root, sec_root,
                         get_parameter_u32 (para, pKEYEXPIRE), para);

-      /* FIXME: Change the usage to AUTH. */
      if (!rc)
-	rc = write_keybinding (pub_root, pub_root, sk, PUBKEY_USAGE_SIG);
+	rc = write_keybinding (pub_root, pub_root, sk, PUBKEY_USAGE_AUTH);
      if (!rc)
-	rc = write_keybinding (sec_root, pub_root, sk, PUBKEY_USAGE_SIG);
+	rc = write_keybinding (sec_root, pub_root, sk, PUBKEY_USAGE_AUTH);
    }


--- a/g10/keylist.c
+++ b/g10/keylist.c
@ -405,20 +405,23 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
    {
      unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage;
    
-      if ( use & PUBKEY_USAGE_ENC )
+      if ( (use & PUBKEY_USAGE_ENC) )
        putchar ('e');

-      if ( use & PUBKEY_USAGE_SIG )
+      if ( (use & PUBKEY_USAGE_SIG) )
 	{
 	  putchar ('s');
 	  if( pk? pk->is_primary : sk->is_primary )
 	    putchar ('c');
 	}
+
+      if ( (use & PUBKEY_USAGE_AUTH) )
+        putchar ('a');
    }

    if ( keyblock ) { /* figure out the usable capabilities */
        KBNODE k;
-        int enc=0, sign=0, cert=0, disabled=0;
+        int enc=0, sign=0, cert=0, auth=0, disabled=0;

        for (k=keyblock; k; k = k->next ) {
            if ( k->pkt->pkttype == PKT_PUBLIC_KEY 
@ -429,14 +432,16 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
 		  disabled=pk_is_disabled(pk);

                if ( pk->is_valid && !pk->is_revoked && !pk->has_expired ) {
-                    if ( pk->pubkey_usage & PUBKEY_USAGE_ENC )
+                    if ( (pk->pubkey_usage & PUBKEY_USAGE_ENC) )
                        enc = 1;
-                    if ( pk->pubkey_usage & PUBKEY_USAGE_SIG )
+                    if ( (pk->pubkey_usage & PUBKEY_USAGE_SIG) )
 		      {
 			sign = 1;
 			if(pk->is_primary)
 			  cert = 1;
 		      }
+                    if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) )
+                      auth = 1;
                }
            }
            else if ( k->pkt->pkttype == PKT_SECRET_KEY 
@ -444,14 +449,16 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
                sk = k->pkt->pkt.secret_key;
                if ( sk->is_valid && !sk->is_revoked && !sk->has_expired
 		     && sk->protect.s2k.mode!=1001 ) {
-                    if ( sk->pubkey_usage & PUBKEY_USAGE_ENC )
+                    if ( (sk->pubkey_usage & PUBKEY_USAGE_ENC) )
                        enc = 1;
-                    if ( sk->pubkey_usage & PUBKEY_USAGE_SIG )
+                    if ( (sk->pubkey_usage & PUBKEY_USAGE_SIG) )
 		      {
 			sign = 1;
 			if(sk->is_primary)
 			  cert = 1;
 		      }
+                    if ( (sk->pubkey_usage & PUBKEY_USAGE_AUTH) )
+                        auth = 1;
                }
            }
        }
@ -461,6 +468,8 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
            putchar ('S');
        if (cert)
            putchar ('C');
+        if (auth)
+            putchar ('A');
        if (disabled)
            putchar ('D');
    }
--- a/include/ChangeLog
+++ b/include/ChangeLog
@ -1,3 +1,7 @@
+2003-09-04  Werner Koch  <wk@gnupg.org>
+
+	* cipher.h (PUBKEY_USAGE_AUTH): Added.
+
 2003-07-03  Werner Koch  <wk@gnupg.org>

 	* cipher.h (DBG_CIPHER,g10c_debug_mode): Removed.
--- a/include/cipher.h
+++ b/include/cipher.h
@ -48,6 +48,7 @@
 #define PUBKEY_USAGE_SIG     GCRY_PK_USAGE_SIGN	 
 #define PUBKEY_USAGE_ENC     GCRY_PK_USAGE_ENCR
 #define PUBKEY_USAGE_CERT    4      /* key is also good to certify other keys*/
+#define PUBKEY_USAGE_AUTH    8

 #define DIGEST_ALGO_MD5       GCRY_MD_MD5
 #define DIGEST_ALGO_SHA1      GCRY_MD_SHA1