diff options
| author | Werner Koch <wk@gnupg.org> | 2003-09-05 09:40:18 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2003-09-05 09:40:18 +0200 |
| commit | 3598504854fd5f2709c35ea5075184a0a253ef50 (patch) | |
| tree | 9b1bb7d6a3db043cfb6eb28e69ddadc28c186c6a | |
| parent | * configure.ac (HAVE_LIBUSB): Added a simple test for libusb. (diff) | |
| download | gnupg2-3598504854fd5f2709c35ea5075184a0a253ef50.tar.xz gnupg2-3598504854fd5f2709c35ea5075184a0a253ef50.zip | |
* keygen.c (do_add_key_flags, parse_parameter_usage)
(do_generate_keypair): Add support the proposed AUTH key flag.
* getkey.c (fixup_uidnode, merge_selfsigs_main)
(merge_selfsigs_subkey, premerge_public_with_secret): Ditto.
* keylist.c (print_capabilities): Ditto.
| -rw-r--r-- | g10/ChangeLog | 8 | ||||
| -rw-r--r-- | g10/getkey.c | 21 | ||||
| -rw-r--r-- | g10/keygen.c | 9 | ||||
| -rw-r--r-- | g10/keylist.c | 23 | ||||
| -rw-r--r-- | include/ChangeLog | 4 | ||||
| -rw-r--r-- | include/cipher.h | 1 |
6 files changed, 49 insertions, 17 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 274637283..afc16cb94 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,11 @@ +2003-09-04 Werner Koch <wk@gnupg.org> + + * keygen.c (do_add_key_flags, parse_parameter_usage) + (do_generate_keypair): Add support the proposed AUTH key flag. + * getkey.c (fixup_uidnode, merge_selfsigs_main) + (merge_selfsigs_subkey, premerge_public_with_secret): Ditto. + * keylist.c (print_capabilities): Ditto. + 2003-08-25 Timo Schulz <twoaday@freakmail.de> * pkglue.c (mpi_from_sexp): New. Used to factor out diff --git a/g10/getkey.c b/g10/getkey.c index c13d96dfb..7eda9384c 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1255,12 +1255,14 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated ) p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n ); if ( p && n ) { /* first octet of the keyflags */ - if ( (*p & 3) ) + if ( (*p & 0x03) ) uid->help_key_usage |= PUBKEY_USAGE_SIG; - if ( (*p & 12) ) + if ( (*p & 0x0c) ) uid->help_key_usage |= PUBKEY_USAGE_ENC; /* Note: we do not set the CERT flag here because it can be assumed * that thre is no real policy to set it. */ + if ( (*p & 0x20) ) + uid->help_key_usage |= PUBKEY_USAGE_AUTH; } /* ditto or the key expiration */ @@ -1468,10 +1470,12 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked ) p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n ); if ( p && n ) { /* first octet of the keyflags */ - if ( (*p & 3) ) + if ( (*p & 0x03) ) key_usage |= PUBKEY_USAGE_SIG; - if ( (*p & 12) ) + if ( (*p & 0x0c) ) key_usage |= PUBKEY_USAGE_ENC; + if ( (*p & 0x20) ) + key_usage |= PUBKEY_USAGE_AUTH; } p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); @@ -1858,10 +1862,12 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode ) p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n ); if ( p && n ) { /* first octet of the keyflags */ - if ( (*p & 3) ) + if ( (*p & 0x03) ) key_usage |= PUBKEY_USAGE_SIG; - if ( (*p & 12) ) + if ( (*p & 0x0c) ) key_usage |= PUBKEY_USAGE_ENC; + if ( (*p & 0x20) ) + key_usage |= PUBKEY_USAGE_AUTH; } if ( !key_usage ) { /* no key flags at all: get it from the algo */ key_usage = openpgp_pk_algo_usage ( subpk->pubkey_algo ); @@ -2059,7 +2065,8 @@ premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock ) /* The secret parts are not available so we can't use that key for signing etc. Fix the pubkey usage */ - pk->pubkey_usage &= ~PUBKEY_USAGE_SIG; + pk->pubkey_usage &= ~(PUBKEY_USAGE_SIG + |PUBKEY_USAGE_AUTH); } /* transfer flag bits 0 and 1 to the pubblock */ pub->flag |= (sec->flag &3); diff --git a/g10/keygen.c b/g10/keygen.c index 1840a58c7..84857ae62 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -150,6 +150,8 @@ do_add_key_flags (PKT_signature *sig, unsigned int use) buf[0] |= 0x01 | 0x02; if (use & PUBKEY_USAGE_ENC) buf[0] |= 0x04 | 0x08; + if (use & PUBKEY_USAGE_AUTH) + buf[0] |= 0x20; build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); } @@ -1784,6 +1786,8 @@ parse_parameter_usage (const char *fname, use |= PUBKEY_USAGE_SIG; else if ( !ascii_strcasecmp (p, "encrypt") ) use |= PUBKEY_USAGE_ENC; + else if ( !ascii_strcasecmp (p, "auth") ) + use |= PUBKEY_USAGE_AUTH; else { log_error("%s:%d: invalid usage list\n", fname, r->lnr ); return -1; /* error */ @@ -2552,11 +2556,10 @@ do_generate_keypair (struct para_data_s *para, rc = gen_card_key (PUBKEY_ALGO_RSA, 3, pub_root, sec_root, get_parameter_u32 (para, pKEYEXPIRE), para); - /* FIXME: Change the usage to AUTH. */ if (!rc) - rc = write_keybinding (pub_root, pub_root, sk, PUBKEY_USAGE_SIG); + rc = write_keybinding (pub_root, pub_root, sk, PUBKEY_USAGE_AUTH); if (!rc) - rc = write_keybinding (sec_root, pub_root, sk, PUBKEY_USAGE_SIG); + rc = write_keybinding (sec_root, pub_root, sk, PUBKEY_USAGE_AUTH); } diff --git a/g10/keylist.c b/g10/keylist.c index b5549fb47..081782785 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -405,20 +405,23 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock) { unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage; - if ( use & PUBKEY_USAGE_ENC ) + if ( (use & PUBKEY_USAGE_ENC) ) putchar ('e'); - if ( use & PUBKEY_USAGE_SIG ) + if ( (use & PUBKEY_USAGE_SIG) ) { putchar ('s'); if( pk? pk->is_primary : sk->is_primary ) putchar ('c'); } + + if ( (use & PUBKEY_USAGE_AUTH) ) + putchar ('a'); } if ( keyblock ) { /* figure out the usable capabilities */ KBNODE k; - int enc=0, sign=0, cert=0, disabled=0; + int enc=0, sign=0, cert=0, auth=0, disabled=0; for (k=keyblock; k; k = k->next ) { if ( k->pkt->pkttype == PKT_PUBLIC_KEY @@ -429,14 +432,16 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock) disabled=pk_is_disabled(pk); if ( pk->is_valid && !pk->is_revoked && !pk->has_expired ) { - if ( pk->pubkey_usage & PUBKEY_USAGE_ENC ) + if ( (pk->pubkey_usage & PUBKEY_USAGE_ENC) ) enc = 1; - if ( pk->pubkey_usage & PUBKEY_USAGE_SIG ) + if ( (pk->pubkey_usage & PUBKEY_USAGE_SIG) ) { sign = 1; if(pk->is_primary) cert = 1; } + if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) ) + auth = 1; } } else if ( k->pkt->pkttype == PKT_SECRET_KEY @@ -444,14 +449,16 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock) sk = k->pkt->pkt.secret_key; if ( sk->is_valid && !sk->is_revoked && !sk->has_expired && sk->protect.s2k.mode!=1001 ) { - if ( sk->pubkey_usage & PUBKEY_USAGE_ENC ) + if ( (sk->pubkey_usage & PUBKEY_USAGE_ENC) ) enc = 1; - if ( sk->pubkey_usage & PUBKEY_USAGE_SIG ) + if ( (sk->pubkey_usage & PUBKEY_USAGE_SIG) ) { sign = 1; if(sk->is_primary) cert = 1; } + if ( (sk->pubkey_usage & PUBKEY_USAGE_AUTH) ) + auth = 1; } } } @@ -461,6 +468,8 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock) putchar ('S'); if (cert) putchar ('C'); + if (auth) + putchar ('A'); if (disabled) putchar ('D'); } diff --git a/include/ChangeLog b/include/ChangeLog index 7d8191a2d..380d63b45 100644 --- a/include/ChangeLog +++ b/include/ChangeLog @@ -1,3 +1,7 @@ +2003-09-04 Werner Koch <wk@gnupg.org> + + * cipher.h (PUBKEY_USAGE_AUTH): Added. + 2003-07-03 Werner Koch <wk@gnupg.org> * cipher.h (DBG_CIPHER,g10c_debug_mode): Removed. diff --git a/include/cipher.h b/include/cipher.h index 56a1b2000..90cedb051 100644 --- a/include/cipher.h +++ b/include/cipher.h @@ -48,6 +48,7 @@ #define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN #define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/ +#define PUBKEY_USAGE_AUTH 8 #define DIGEST_ALGO_MD5 GCRY_MD_MD5 #define DIGEST_ALGO_SHA1 GCRY_MD_SHA1 |