Merge pull request rnpgp#285 from riboseinc/dewyatt-add-key-flag-printing

Add key flag loading/printing in listed keys.

Author: kriskwiatkowski

src/lib/key_store_pgp.c

@@ -205,6 +205,10 @@ cb_keyring_read(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
         revocation->code = pkt->u.ss_revocation.code;
         revocation->reason = rnp_strdup(pgp_show_ss_rr_code(pkt->u.ss_revocation.code));
         break;
+    case PGP_PTAG_SS_KEY_FLAGS:
+        key = &keyring->keys[keyring->keyc - 1];
+        key->flags = pkt->u.ss_key_flags.contents[0];
+        break;
     case PGP_PTAG_CT_SIGNATURE_FOOTER:
     case PGP_PARSER_ERRCODE:
         break;

src/lib/packet-print.c

@@ -100,6 +100,7 @@ __RCSID("$NetBSD: packet-print.c,v 1.42 2012/02/22 06:29:40 agc Exp $");
 #define SIGNATURE_PADDING "          "
 
 /* static functions */
+static bool format_key_usage(char *buffer, size_t size, uint8_t flags);
 extern ec_curve_desc_t ec_curves[PGP_CURVE_MAX];
 
 static void
@@ -385,14 +386,17 @@ psubkeybinding(char *buf, size_t size, const pgp_key_t *key, const char *expired
 {
     char keyid[512];
     char t[32];
+    char key_usage[8];
 
+    format_key_usage(key_usage, sizeof(key_usage), key->flags);
     return snprintf(buf,
                     size,
-                    "encryption %d/%s %s %s %s\n",
+                    "encryption %d/%s %s %s [%s] %s\n",
                     numkeybits(&key->enckey),
                     pgp_show_pka(key->enckey.alg),
                     rnp_strhexdump(keyid, key->encid, PGP_KEY_ID_SIZE, ""),
                     ptimestr(t, sizeof(t), key->enckey.birthtime),
+                    key_usage,
                     expired);
 }
 
@@ -557,6 +561,29 @@ format_uid_notice(char *                 buffer,
     return n;
 }
 
+static bool
+format_key_usage(char *buffer, size_t size, uint8_t flags)
+{
+    static const pgp_bit_map_t flags_map[] = {
+      {PGP_KF_ENCRYPT_COMMS | PGP_KF_ENCRYPT_STORAGE, "E"},
+      {PGP_KF_SIGN, "S"},
+      {PGP_KF_CERTIFY, "C"},
+      {PGP_KF_AUTH, "A"},
+    };
+
+    *buffer = '\0';
+    for (size_t i = 0; i < PGP_ARRAY_SIZE(flags_map); i++) {
+        if (flags & flags_map[i].mask) {
+            const size_t current_length = strlen(buffer);
+            if (current_length == size - 1) {
+                return false;
+            }
+            strncat(buffer, flags_map[i].string, size - current_length - 1);
+        }
+    }
+    return true;
+}
+
 #ifndef KB
 #define KB(x) ((x) *1024)
 #endif
@@ -584,6 +611,7 @@ pgp_sprint_keydata(pgp_io_t *             io,
     char     fingerprint[(PGP_FINGERPRINT_SIZE * 3) + 1];
     char     expiration_notice[128];
     char     birthtime[32];
+    char     key_usage[8];
 
     if (key->revoked)
         return -1;
@@ -628,6 +656,10 @@ pgp_sprint_keydata(pgp_io_t *             io,
 
     ptimestr(birthtime, sizeof(birthtime), pubkey->birthtime);
 
+    if (!format_key_usage(key_usage, sizeof(key_usage), key->flags)) {
+        return -1;
+    }
+
     /* XXX: For now we assume that the output string won't exceed 16KiB
      *      in length but this is completely arbitrary. What this
      *      really needs is some objective facts to base this
@@ -639,12 +671,13 @@ pgp_sprint_keydata(pgp_io_t *             io,
     if (string != NULL) {
         total_length = snprintf(string,
                                 KB(16),
-                                "%s %d/%s %s %s %s\nKey fingerprint: %s\n%s",
+                                "%s %d/%s %s %s [%s] %s\nKey fingerprint: %s\n%s",
                                 header,
                                 numkeybits(pubkey),
                                 pgp_show_pka(pubkey->alg),
                                 keyid,
                                 birthtime,
+                                key_usage,
                                 expiration_notice,
                                 fingerprint,
                                 uid_notices);
@@ -668,6 +701,7 @@ pgp_sprint_json(pgp_io_t *             io,
 {
     char     keyid[PGP_KEY_ID_SIZE * 3];
     char     fp[(PGP_FINGERPRINT_SIZE * 3) + 1];
+    char     key_usage[8];
     int      r;
     unsigned i;
     unsigned j;
@@ -676,6 +710,10 @@ pgp_sprint_json(pgp_io_t *             io,
         return -1;
     }
 
+    if (!format_key_usage(key_usage, sizeof(key_usage), key->flags)) {
+        return -1;
+    }
+
     // add the top-level values
     json_object_object_add(keyjson, "header", json_object_new_string(header));
     json_object_object_add(keyjson, "key bits", json_object_new_int(numkeybits(pubkey)));
@@ -691,6 +729,8 @@ pgp_sprint_json(pgp_io_t *             io,
         rnp_strhexdump(fp, key->sigfingerprint.fingerprint, key->sigfingerprint.length, "")));
     json_object_object_add(keyjson, "birthtime", json_object_new_int(pubkey->birthtime));
     json_object_object_add(keyjson, "duration", json_object_new_int(pubkey->duration));
+    json_object_object_add(keyjson, "flags", json_object_new_int(key->flags));
+    json_object_object_add(keyjson, "usage", json_object_new_string(key_usage));
 
     // iterating through the uids
     for (i = 0; i < key->uidc; i++) {

src/lib/packet.h

@@ -606,6 +606,22 @@ typedef enum {
     PGP_SIG_3RD_PARTY = 0x50 /* Third-Party Confirmation signature */
 } pgp_sig_type_t;
 
+/** Key Flags
+ *
+ * \see RFC4880 5.2.3.21
+ */
+typedef enum {
+    PGP_KF_CERTIFY = 0x01,         /* This key may be used to certify other keys. */
+    PGP_KF_SIGN = 0x02,            /* This key may be used to sign data. */
+    PGP_KF_ENCRYPT_COMMS = 0x04,   /* This key may be used to encrypt communications. */
+    PGP_KF_ENCRYPT_STORAGE = 0x08, /* This key may be used to encrypt storage. */
+    PGP_KF_SPLIT = 0x10,           /* The private component of this key may have been split
+                                            by a secret-sharing mechanism. */
+    PGP_KF_AUTH = 0x20,            /* This key may be used for authentication. */
+    PGP_KF_SHARED = 0x80           /* The private component of this key may be in the
+                                            possession of more than one person. */
+} pgp_key_flags_t;
+
 /** Struct to hold params of an RSA signature */
 typedef struct pgp_rsa_sig_t {
     BIGNUM *sig; /* the signature value (m^d % n) */
@@ -1004,6 +1020,7 @@ typedef struct pgp_key_t {
     DYNARRAY(pgp_revoke_t, revoke);    /* array of signature revocations */
     pgp_content_enum  type;            /* type of key */
     pgp_keydata_key_t key;             /* pubkey/seckey data */
+    uint8_t           flags;           /* key flags */
     pgp_pubkey_t      sigkey;          /* signature key */
     uint8_t           sigid[PGP_KEY_ID_SIZE];
     pgp_fingerprint_t sigfingerprint; /* pgp signature fingerprint */

src/lib/rnp.c

@@ -325,6 +325,10 @@ format_json_key(FILE *fp, json_object *obj, const int psigs)
         birthtime = (int64_t) strtoll(json_object_get_string(tmp), NULL, 10);
         p(fp, " ", ptimestr(tbuf, sizeof(tbuf), birthtime), NULL);
 
+        if (json_object_object_get_ex(obj, "usage", &tmp)) {
+            p(fp, " [", json_object_get_string(tmp), "]", NULL);
+        }
+
         if (json_object_object_get_ex(obj, "duration", &tmp)) {
             duration = (int64_t) strtoll(json_object_get_string(tmp), NULL, 10);
             if (duration > 0) {
@@ -356,6 +360,7 @@ format_json_key(FILE *fp, json_object *obj, const int psigs)
 
     if (json_object_object_get_ex(obj, "encryption", &tmp)) {
         if (!json_object_is_type(tmp, json_type_null)) {
+            json_object *usage;
             p(fp, "encryption", NULL);
             pobj(fp, json_object_array_get_idx(tmp, 0), 1); /* size */
             p(fp, "/", NULL);
@@ -368,8 +373,11 @@ format_json_key(FILE *fp, json_object *obj, const int psigs)
                        sizeof(tbuf),
                        (time_t) strtoll(
                          json_object_get_string(json_object_array_get_idx(tmp, 3)), NULL, 10)),
-              "\n",
               NULL);
+            if (json_object_object_get_ex(obj, "usage", &usage)) {
+                p(fp, " [", json_object_get_string(usage), "]", NULL);
+            }
+            p(fp, "\n", NULL);
         }
     }