diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2023-07-07 13:57:59 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2023-07-07 15:22:03 +0200 |
commit | 9e48a064e55e5ee61bc8caf6d7d0979c398aa4cd (patch) | |
tree | 2acfa90127206209d1ce574a97838adcb5f88b00 /openpgp/src | |
parent | a9c4715115ceaf766b277cc89bcda52f42cb0b75 (diff) |
openpgp: Better support early v4 certificates.
- If there is no key flags subpacket. Match on the key role and
algorithm and synthesize one. We do this to better support very
early v4 certificates, where either the binding signature is a v3
signature and cannot contain subpackets, or it is a v4 signature,
but the key's capabilities were implied by the public key algorithm.
- We only match on public key algorithms used at the time.
Diffstat (limited to 'openpgp/src')
-rw-r--r-- | openpgp/src/cert.rs | 15 | ||||
-rw-r--r-- | openpgp/src/cert/amalgamation/key.rs | 60 |
2 files changed, 73 insertions, 2 deletions
diff --git a/openpgp/src/cert.rs b/openpgp/src/cert.rs index 0170b0e8..f1f233da 100644 --- a/openpgp/src/cert.rs +++ b/openpgp/src/cert.rs @@ -7267,12 +7267,23 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= let vcert = c.with_policy(&np, None)?; assert_eq!(vcert.keys().subkeys().count(), 1); - // XXX: Unfortunately, it being a v3 signature, the subkey has - // no keyflags, limiting its usefulness for now. + // A v3 signature has no subpackets, so there are no key + // flags. But, we then consider the key role and public key + // algorithm. + assert_eq!(vcert.keys().for_signing().count(), 1); + assert_eq!(vcert.keys().for_transport_encryption().count(), 1); // The subkey is interesting because it is bound using a v3 // signature. assert_eq!(c.keys().subkeys().with_policy(&np, None).count(), 1); + + // A v3 signature has no subpackets, so there are no key + // flags. But, we then consider the key role and public key + // algorithm. + assert_eq!(c.keys().with_policy(&np, None).for_signing().count(), 1); + assert_eq!(c.keys().with_policy(&np, None) + .for_transport_encryption().count(), 1); + Ok(()) } } diff --git a/openpgp/src/cert/amalgamation/key.rs b/openpgp/src/cert/amalgamation/key.rs index fb6ce57b..f04010a4 100644 --- a/openpgp/src/cert/amalgamation/key.rs +++ b/openpgp/src/cert/amalgamation/key.rs @@ -1874,6 +1874,11 @@ impl<'a, P, R, R2> ValidKeyAmalgamation<'a, P, R, R2> /// a key's flags may change depending on the policy and the /// reference time. /// + /// To increase compatibility with early v4 certificates, if there + /// is no key flags subpacket on the considered signatures, we + /// infer the key flags from the key's role and public key + /// algorithm. + /// /// [`Key Flags`]: https://tools.ietf.org/html/rfc4880#section-5.2.3.21 /// [SSS]: https://de.wikipedia.org/wiki/Shamir%E2%80%99s_Secret_Sharing /// [Section 5.2.3.3 of RFC 4880]: https://tools.ietf.org/html/rfc4880#section-5.2.3.3 @@ -1898,6 +1903,61 @@ impl<'a, P, R, R2> ValidKeyAmalgamation<'a, P, R, R2> /// ``` pub fn key_flags(&self) -> Option<KeyFlags> { self.map(|s| s.key_flags()) + .or_else(|| { + // There is no key flags subpacket. Match on the key + // role and algorithm and synthesize one. We do this + // to better support very early v4 certificates, where + // either the binding signature is a v3 signature and + // cannot contain subpackets, or it is a v4 signature, + // but the key's capabilities were implied by the + // public key algorithm. + use crate::types::PublicKeyAlgorithm; + + // XXX: We cannot know whether this is a primary key + // or not because of + // https://gitlab.com/sequoia-pgp/sequoia/-/issues/1036 + let is_primary = false; + + // We only match on public key algorithms used at the + // time. + #[allow(deprecated)] + match (is_primary, self.key().pk_algo()) { + (true, PublicKeyAlgorithm::RSAEncryptSign) => + Some(KeyFlags::empty() + .set_certification() + .set_transport_encryption() + .set_storage_encryption() + .set_signing()), + + (true, _) => + Some(KeyFlags::empty() + .set_certification() + .set_signing()), + + (false, PublicKeyAlgorithm::RSAEncryptSign) => + Some(KeyFlags::empty() + .set_transport_encryption() + .set_storage_encryption() + .set_signing()), + + (false, + | PublicKeyAlgorithm::RSASign + | PublicKeyAlgorithm::DSA) => + Some(KeyFlags::empty().set_signing()), + + (false, + | PublicKeyAlgorithm::RSAEncrypt + | PublicKeyAlgorithm::ElGamalEncrypt + | PublicKeyAlgorithm::ElGamalEncryptSign) => + Some(KeyFlags::empty() + .set_transport_encryption() + .set_storage_encryption()), + + // Be conservative: newer algorithms don't get to + // benefit from implicit key flags. + (false, _) => None, + } + }) } /// Returns whether the key has at least one of the specified key |