sm: Print the key types as standard key algorithm strings.

* sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ... (gpgsm_get_key_algo_info2): new. (gpgsm_pubkey_algo_string): New. * sm/keylist.c (list_cert_colon): Put curve into field 17 (list_cert_raw): Print the unified key algotithm string instead of the algo and size. (list_cert_std): Ditto. -- It is important to known whether a 256 bit ECC uses a NIST or a Brainpool curve. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2020-05-07 09:45:49 +02:00 · 2020-05-07 09:45:49 +02:00 · 5c29d25e6c
commit 5c29d25e6c
parent af45d884aa
5 changed files with 89 additions and 19 deletions
--- a/sm/fingerprint.c
+++ b/sm/fingerprint.c
@ -219,20 +219,25 @@ gpgsm_get_keygrip_hexstring (ksba_cert_t cert)


 /* Return the PK algorithm used by CERT as well as the length in bits
-   of the public key at NBITS. */
+ * of the public key at NBITS.  If R_CURVE is not NULL and an ECC
+ * algorithm is used the name or OID of the curve is stored there; the
+ * caller needs to free this value.  */
 int
-gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
+gpgsm_get_key_algo_info2 (ksba_cert_t cert, unsigned int *nbits, char **r_curve)
 {
  gcry_sexp_t s_pkey;
  int rc;
  ksba_sexp_t p;
  size_t n;
  gcry_sexp_t l1, l2;
+  const char *curve;
  const char *name;
  char namebuf[128];

  if (nbits)
    *nbits = 0;
+  if (r_curve)
+    *r_curve = NULL;

  p = ksba_cert_get_public_key (cert);
  if (!p)
@ -258,6 +263,24 @@ gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
      gcry_sexp_release (s_pkey);
      return 0;
    }
+
+  if (r_curve)
+    {
+      curve = gcry_pk_get_curve (l1, 0, NULL);
+      if (curve)
+        {
+          name = openpgp_oid_to_curve (openpgp_curve_to_oid (curve,
+                                                             NULL, NULL), 0);
+          *r_curve = xtrystrdup (name? name : curve);
+          if (!*r_curve)
+            {
+              gcry_sexp_release (l1);
+              gcry_sexp_release (s_pkey);
+              return 0;  /* Out of core.  */
+            }
+        }
+    }
+
  l2 = gcry_sexp_cadr (l1);
  gcry_sexp_release (l1);
  l1 = l2;
@ -277,6 +300,49 @@ gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
 }


+int
+gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
+{
+  return gpgsm_get_key_algo_info2 (cert, nbits, NULL);
+}
+
+
+/* This is a wrapper around pubkey_algo_string which takesa KSA
+ * certitificate instead of a Gcrypt public key.  Note that this
+ * function may return NULL on error.  */
+char *
+gpgsm_pubkey_algo_string (ksba_cert_t cert, int *r_algoid)
+{
+  gpg_error_t err;
+  gcry_sexp_t s_pkey;
+  ksba_sexp_t p;
+  size_t n;
+  enum gcry_pk_algos algoid;
+  char *algostr;
+
+  p = ksba_cert_get_public_key (cert);
+  if (!p)
+    return NULL;
+  n = gcry_sexp_canon_len (p, 0, NULL, NULL);
+  if (!n)
+    {
+      xfree (p);
+      return NULL;
+    }
+  err = gcry_sexp_sscan (&s_pkey, NULL, (char *)p, n);
+  xfree (p);
+  if (err)
+    return NULL;
+
+  algostr = pubkey_algo_string (s_pkey, r_algoid? &algoid : NULL);
+  if (algostr && r_algoid)
+    *r_algoid = algoid;
+
+  gcry_sexp_release (s_pkey);
+  return algostr;
+}
+
+
 /* If KEY is an RSA key, return its modulus.  For non-RSA keys or on
 * error return NULL.  */
 gcry_mpi_t