gpgsm: Print the key types as standard key algorithm strings.

* sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ... (gpgsm_get_key_algo_info2): new. * sm/keylist.c (list_cert_colon): Put curve into field 17 (list_cert_raw): Print the unified key algotithm string instead of the algo and size. (list_cert_std): Ditto. -- It is important to known whether a 256 bit ECC uses a NIST or a Brainpool curve. Signed-off-by: Werner Koch <wk@gnupg.org> Backported-from-master: 5c29d25e6c7c0a5a63ab4c46d4624217307adb78 GnuPG-bug-id: 6253
2025-03-28 22:49:59 +01:00 · 2020-05-07 09:45:49 +02:00 · 2020-05-07 09:45:49 +02:00 · 9f1181e1a7
commit 9f1181e1a7
parent 5ae2632002
3 changed files with 49 additions and 16 deletions
--- a/sm/fingerprint.c
+++ b/sm/fingerprint.c
@ -219,20 +219,25 @@ gpgsm_get_keygrip_hexstring (ksba_cert_t cert)
 /* Return the PK algorithm used by CERT as well as the length in bits
-   of the public key at NBITS. */
+ * of the public key at NBITS.  If R_CURVE is not NULL and an ECC
 * algorithm is used the name or OID of the curve is stored there; the
 * caller needs to free this value.  */
 int
-gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
+gpgsm_get_key_algo_info2 (ksba_cert_t cert, unsigned int *nbits, char **r_curve)
 {
  gcry_sexp_t s_pkey;
  int rc;
  ksba_sexp_t p;
  size_t n;
  gcry_sexp_t l1, l2;
  const char *curve;
  const char *name;
  char namebuf[128];
  if (nbits)
    *nbits = 0;
  if (r_curve)
    *r_curve = NULL;
  p = ksba_cert_get_public_key (cert);
  if (!p)
@ -258,6 +263,24 @@ gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
      gcry_sexp_release (s_pkey);
      return 0;
    }
  if (r_curve)
    {
      curve = gcry_pk_get_curve (l1, 0, NULL);
      if (curve)
        {
          name = openpgp_oid_to_curve (openpgp_curve_to_oid (curve,
                                                             NULL, NULL), 0);
          *r_curve = xtrystrdup (name? name : curve);
          if (!*r_curve)
            {
              gcry_sexp_release (l1);
              gcry_sexp_release (s_pkey);
              return 0;  /* Out of core.  */
            }
        }
    }
  l2 = gcry_sexp_cadr (l1);
  gcry_sexp_release (l1);
  l1 = l2;
@ -277,8 +300,15 @@ gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
 }
-/* This is a wrapper around pubkey_algo_string which takes a KSBA
+int
- * certificate instead of a Gcrypt public key.  Note that this
+gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
 {
  return gpgsm_get_key_algo_info2 (cert, nbits, NULL);
 }
 /* This is a wrapper around pubkey_algo_string which takesa KSA
 * certitificate instead of a Gcrypt public key.  Note that this
 * function may return NULL on error.  */
 char *
 gpgsm_pubkey_algo_string (ksba_cert_t cert, int *r_algoid)
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -281,6 +281,8 @@ unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert,
 unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array);
 char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert);
 int  gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);
 int  gpgsm_get_key_algo_info2 (ksba_cert_t cert, unsigned int *nbits,
                               char **r_curve);
 char *gpgsm_pubkey_algo_string (ksba_cert_t cert, int *r_algoid);
 char *gpgsm_get_certid (ksba_cert_t cert);
--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -408,6 +408,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
  gpg_error_t valerr;
  int algo;
  unsigned int nbits;
  char *curve = NULL;
  const char *chain_id;
  char *chain_id_buffer = NULL;
  int is_root = 0;
@ -499,7 +500,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
  if (*truststring)
    es_fputs (truststring, fp);
-  algo = gpgsm_get_key_algo_info (cert, &nbits);
+  algo = gpgsm_get_key_algo_info2 (cert, &nbits, &curve);
  es_fprintf (fp, ":%u:%d:%s:", nbits, algo, fpr+24);
  ksba_cert_get_validity (cert, 0, t);
@ -563,6 +564,8 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
    }
  es_putc (':', fp);  /* End of field 15. */
  es_putc (':', fp);  /* End of field 16. */
  if (curve)
    es_fputs (curve, fp);
  es_putc (':', fp);  /* End of field 17. */
  print_compliance_flags (cert, algo, nbits, fp);
  es_putc (':', fp);  /* End of field 18. */
@ -626,6 +629,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
      xfree (p);
    }
  xfree (kludge_uid);
  xfree (curve);
 }
@ -829,12 +833,11 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
  es_fprintf (fp, "     hashAlgo: %s%s%s%s\n", oid, s?" (":"",s?s:"",s?")":"");
  {
-    const char *algoname;
+    char *algostr;
    unsigned int nbits;
-    algoname = gcry_pk_algo_name (gpgsm_get_key_algo_info (cert, &nbits));
+    algostr = gpgsm_pubkey_algo_string (cert, NULL);
-    es_fprintf (fp, "      keyType: %u bit %s\n",
+    es_fprintf (fp, "      keyType: %s\n", algostr? algostr : "[error]");
-                nbits, algoname? algoname:"?");
+    xfree (algostr);
  }
  /* subjectKeyIdentifier */
@ -1192,15 +1195,13 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
  {
-    const char *algoname;
+    char *algostr;
    unsigned int nbits;
-    algoname = gcry_pk_algo_name (gpgsm_get_key_algo_info (cert, &nbits));
+    algostr = gpgsm_pubkey_algo_string (cert, NULL);
-    es_fprintf (fp, "     key type: %u bit %s\n",
+    es_fprintf (fp, "     key type: %s\n", algostr? algostr : "[error]");
-                nbits, algoname? algoname:"?");
+    xfree (algostr);
  }
  err = ksba_cert_get_key_usage (cert, &kusage);
  if (gpg_err_code (err) != GPG_ERR_NO_DATA)
    {