diff options
| author | Werner Koch <wk@gnupg.org> | 2013-03-15 15:46:03 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2013-03-19 17:26:42 +0100 |
| commit | 4bde12206c5bf199dc6e12a74af8da4558ba41bf (patch) | |
| tree | 23175bfae00ac2838223a853430956c0873ed588 | |
| parent | scd: ccid-driver supporting larger APDU. (diff) | |
| download | gnupg2-4bde12206c5bf199dc6e12a74af8da4558ba41bf.tar.xz gnupg2-4bde12206c5bf199dc6e12a74af8da4558ba41bf.zip | |
gpg: Distinguish between missing and cleared key flags.
* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--
We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature. Thus if key
flags are used in any way, the default key capabilities are never
used.
This allows to create a key with key flags set to all zero so it can't
be used. This better reflects common sense.
| -rw-r--r-- | g10/getkey.c | 8 | ||||
| -rw-r--r-- | include/cipher.h | 7 |
2 files changed, 13 insertions, 2 deletions
diff --git a/g10/getkey.c b/g10/getkey.c index 929427302..8cc560100 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1276,13 +1276,19 @@ parse_key_usage (PKT_signature * sig) if (flags) key_usage |= PUBKEY_USAGE_UNKNOWN; + + if (!key_usage) + key_usage |= PUBKEY_USAGE_NONE; } + else if (p) /* Key flags of length zero. */ + key_usage |= PUBKEY_USAGE_NONE; /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a capability that we do not handle. This serves to distinguish between a zero key usage which we handle as the default capabilities for that algorithm, and a usage that we do not - handle. */ + handle. Likewise we use PUBKEY_USAGE_NONE to indicate that + key_flags have been given but they do not specify any usage. */ return key_usage; } diff --git a/include/cipher.h b/include/cipher.h index 191e197bc..557ab70e1 100644 --- a/include/cipher.h +++ b/include/cipher.h @@ -54,9 +54,14 @@ #define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */ #define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */ -#define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys. */ +#define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys.*/ #define PUBKEY_USAGE_AUTH GCRY_PK_USAGE_AUTH /* Good for authentication. */ #define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN /* Unknown usage flag. */ +#define PUBKEY_USAGE_NONE 256 /* No usage given. */ +#if (GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR | GCRY_PK_USAGE_CERT \ + | GCRY_PK_USAGE_AUTH | GCRY_PK_USAGE_UNKN) >= 256 +# error Please choose another value for PUBKEY_USAGE_NONE +#endif #define DIGEST_ALGO_MD5 /* 1 */ GCRY_MD_MD5 #define DIGEST_ALGO_SHA1 /* 2 */ GCRY_MD_SHA1 |