From ee1827b8c127745135712a044aae5f780d603804 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Mon, 29 Nov 2004 21:07:08 +0000 Subject: [PATCH] * getkey.c (parse_key_usage): New function to parse out key usage flags. Set PUBKEY_USAGE_UNKNOWN to handle flags (i.e. authentication) that we don't understand in this branch. (fixup_uidnode, merge_selfsigs_main, merge_selfsigs_subkey): Call it from here to remove duplicate code. This is bug 378. --- g10/ChangeLog | 15 ++++++-- g10/getkey.c | 103 ++++++++++++++++++++++++++++++-------------------- 2 files changed, 73 insertions(+), 45 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index 3efd090bb..b268c1e45 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,11 @@ +2004-11-29 David Shaw + + * getkey.c (parse_key_usage): New function to parse out key usage + flags. Set PUBKEY_USAGE_UNKNOWN to handle flags + (i.e. authentication) that we don't understand in this branch. + (fixup_uidnode, merge_selfsigs_main, merge_selfsigs_subkey): Call + it from here to remove duplicate code. This is bug 378. + 2004-09-13 David Shaw * getkey.c (premerge_public_with_secret): Fix subkey<->binding sig @@ -14,9 +22,10 @@ * hkp.c (dehtmlize): Understand the quote character (i.e. """) in HTML responses. - * keydb.h, getkey.c (get_user_id_printable): Rename to - get_user_id_native and remove the printable stuff since we're - print-ifying valid utf8 characters. Change all callers in + * keydb.h, getkey.c (get_user_id_printable, + get_user_id_string_printable): Rename to get_user_id_native and + get_user_id_string_native and remove the printable stuff since + we're print-ifying valid utf8 characters. Change all callers in import.c, sign.c, and encode.c. 2004-08-19 David Shaw diff --git a/g10/getkey.c b/g10/getkey.c index b5b6cc4b9..733cb1aed 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1248,6 +1248,45 @@ merge_keys_and_selfsig( KBNODE keyblock ) } } +static int +parse_key_usage(PKT_signature *sig) +{ + int key_usage=0; + const byte *p; + size_t n; + byte flags; + + p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_KEY_FLAGS,&n); + if(p && n) + { + /* first octet of the keyflags */ + flags=*p; + + if(flags & 3) + { + key_usage |= PUBKEY_USAGE_SIG; + flags&=~3; + } + + if(flags & 12) + { + key_usage |= PUBKEY_USAGE_ENC; + flags&=~12; + } + + if(flags) + key_usage |= PUBKEY_USAGE_UNKNOWN; + } + + /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a + capability that we do not handle. This serves to distinguish + between a zero key usage which we handle as the default + capabilities for that algorithm, and a usage that we do not + handle. */ + + return key_usage; +} + /* * Apply information from SIGNODE (which is the valid self-signature * associated with that UID) to the UIDNODE: @@ -1280,17 +1319,7 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated ) uid->expiredate = sig->expiredate; /* store the key flags in the helper variable for later processing */ - uid->help_key_usage = 0; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n ); - if ( p && n ) { - /* first octet of the keyflags */ - if ( (*p & 3) ) - uid->help_key_usage |= PUBKEY_USAGE_SIG; - if ( (*p & 12) ) - uid->help_key_usage |= PUBKEY_USAGE_ENC; - /* Note: we do not set the CERT flag here because it can be assumed - * that thre is no real policy to set it. */ - } + uid->help_key_usage=parse_key_usage(sig); /* ditto or the key expiration */ uid->help_key_expire = 0; @@ -1480,33 +1509,27 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked ) pk->numrevkeys*sizeof(struct revocation_key)); } - if ( signode ) { + if ( signode ) + { /* some information from a direct key signature take precedence * over the same information given in UID sigs. */ PKT_signature *sig = signode->pkt->pkt.signature; const byte *p; - size_t n; - - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n ); - if ( p && n ) { - /* first octet of the keyflags */ - if ( (*p & 3) ) - key_usage |= PUBKEY_USAGE_SIG; - if ( (*p & 12) ) - key_usage |= PUBKEY_USAGE_ENC; - } + + key_usage=parse_key_usage(sig); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); - if ( p ) { - key_expire = keytimestamp + buffer_to_u32(p); - key_expire_seen = 1; - } + if ( p ) + { + key_expire = keytimestamp + buffer_to_u32(p); + key_expire_seen = 1; + } /* mark that key as valid: one direct key signature should * render a key as valid */ pk->is_valid = 1; - } + } /* pass 1.5: look for key revocation signatures that were not made by the key (i.e. did a revocation key issue a revocation for @@ -1831,7 +1854,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode ) u32 keytimestamp = 0; u32 key_expire = 0; const byte *p; - size_t n; if ( subnode->pkt->pkttype != PKT_PUBLIC_SUBKEY ) BUG (); @@ -1889,23 +1911,20 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode ) subpk->is_valid = 1; sig = signode->pkt->pkt.signature; sig->flags.chosen_selfsig=1; /* so we know which selfsig we chose later */ - - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n ); - if ( p && n ) { - /* first octet of the keyflags */ - if ( (*p & 3) ) - key_usage |= PUBKEY_USAGE_SIG; - if ( (*p & 12) ) - key_usage |= PUBKEY_USAGE_ENC; - } - if ( !key_usage ) { /* no key flags at all: get it from the algo */ + + key_usage=parse_key_usage(sig); + if ( !key_usage ) + { + /* no key flags at all: get it from the algo */ key_usage = openpgp_pk_algo_usage ( subpk->pubkey_algo ); - } - else { /* check that the usage matches the usage as given by the algo */ + } + else + { + /* check that the usage matches the usage as given by the algo */ int x = openpgp_pk_algo_usage ( subpk->pubkey_algo ); if ( x ) /* mask it down to the actual allowed usage */ - key_usage &= x; - } + key_usage &= x; + } /* Type 20 Elgamal subkeys, any subkey on a type 20 primary, or any subkey on an old v3 Elgamal(e) primary are not usable. */