subkey binding signature with no usage flags and/or a critical notation
Werner Koch
wk at gnupg.org
Fri Mar 15 15:52:16 CET 2013
On Thu, 14 Mar 2013 17:05, dkg at fifthhorseman.net said:
> On 03/13/2013 06:27 PM, David Shaw wrote:
>> Yes. Having no flags set at all is treated as if there is no subpacket present. This may not be the best behavior.
>
> yeah, i think this needs fixing.
What about this untested patch against master:
commit 8f8f3984e82a025cf1384132a419f67f39c7e07d
Author: Werner Koch <wk at gnupg.org>
Date: Fri Mar 15 15:46:03 2013 +0100
gpg: Distinguish between missing and cleared key flags.
* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--
We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature. Thus if key
flags are used in any way, the default key capabilities are never
used.
This allows to create a key with key flags set to all zero so it can't
be used. This better reflects common sense.
Modified g10/getkey.c
diff --git a/g10/getkey.c b/g10/getkey.c
index 9294273..8cc5601 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1276,13 +1276,19 @@ parse_key_usage (PKT_signature * sig)
if (flags)
key_usage |= PUBKEY_USAGE_UNKNOWN;
+
+ if (!key_usage)
+ key_usage |= PUBKEY_USAGE_NONE;
}
+ else if (p) /* Key flags of length zero. */
+ key_usage |= PUBKEY_USAGE_NONE;
/* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
capability that we do not handle. This serves to distinguish
between a zero key usage which we handle as the default
capabilities for that algorithm, and a usage that we do not
- handle. */
+ handle. Likewise we use PUBKEY_USAGE_NONE to indicate that
+ key_flags have been given but they do not specify any usage. */
return key_usage;
}
Modified include/cipher.h
diff --git a/include/cipher.h b/include/cipher.h
index 191e197..557ab70 100644
--- a/include/cipher.h
+++ b/include/cipher.h
@@ -54,9 +54,14 @@
#define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */
#define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */
-#define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys. */
+#define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys.*/
#define PUBKEY_USAGE_AUTH GCRY_PK_USAGE_AUTH /* Good for authentication. */
#define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN /* Unknown usage flag. */
+#define PUBKEY_USAGE_NONE 256 /* No usage given. */
+#if (GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR | GCRY_PK_USAGE_CERT \
+ | GCRY_PK_USAGE_AUTH | GCRY_PK_USAGE_UNKN) >= 256
+# error Please choose another value for PUBKEY_USAGE_NONE
+#endif
#define DIGEST_ALGO_MD5 /* 1 */ GCRY_MD_MD5
#define DIGEST_ALGO_SHA1 /* 2 */ GCRY_MD_SHA1
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list