Add methods to get key capabilities (#125)

* Add methods to get key capabilities Signed-off-by: Aditya Wasan <adityawasan55@gmail.com> * Use correct indetity to check for flags Signed-off-by: Aditya Wasan <adityawasan55@gmail.com> * Fix lint Signed-off-by: Aditya Wasan <adityawasan55@gmail.com> * Remove CanCertify and update CanSign to use SigningKey Signed-off-by: GitHub <noreply@github.com> * keyring: implement CanSign and CanEncrypt Signed-off-by: GitHub <noreply@github.com> * key/keyring: add tests for key capabilities Signed-off-by: GitHub <noreply@github.com> * Apply suggestions from code review Renames CanSign to CanVerify and adds an extended test for public-only keys to confirm CanVerify is true for them. Co-authored-by: wussler <aron@wussler.it> Co-authored-by: Harsh Shandilya <me@msfjarvis.dev> Co-authored-by: wussler <aron@wussler.it>
2021-04-09 16:02:10 +05:30 · 2021-04-09 16:02:10 +05:30 · 3dd1711707
commit 3dd1711707
parent 80b9a7aca2
4 changed files with 58 additions and 0 deletions
--- a/crypto/key.go
+++ b/crypto/key.go
@ -251,6 +251,18 @@ func (key *Key) GetPublicKey() (b []byte, err error) {

 // --- Key object properties

+// CanVerify returns true if any of the subkeys can be used for verification.
+func (key *Key) CanVerify() bool {
+	_, canVerify := key.entity.SigningKey(getNow())
+	return canVerify
+}
+
+// CanEncrypt returns true if any of the subkeys can be used for encryption.
+func (key *Key) CanEncrypt() bool {
+	_, canEncrypt := key.entity.EncryptionKey(getNow())
+	return canEncrypt
+}
+
 // IsExpired checks whether the key is expired.
 func (key *Key) IsExpired() bool {
 	_, ok := key.entity.EncryptionKey(getNow())
--- a/crypto/key_test.go
+++ b/crypto/key_test.go
@ -410,3 +410,18 @@ func TestToPublic(t *testing.T) {
 	assert.False(t, publicKey.IsPrivate())
 	assert.True(t, privateKey.IsPrivate())
 }
+
+func TestKeyCapabilities(t *testing.T) {
+	assert.True(t, keyTestEC.CanVerify())
+	assert.True(t, keyTestEC.CanEncrypt())
+	assert.True(t, keyTestRSA.CanVerify())
+	assert.True(t, keyTestRSA.CanEncrypt())
+
+	publicKey, err := keyTestEC.ToPublic()
+	if err != nil {
+		t.Fatal("Cannot make key public:", err)
+	}
+
+	assert.True(t, publicKey.CanVerify())
+	assert.True(t, publicKey.CanEncrypt())
+}
--- a/crypto/keyring.go
+++ b/crypto/keyring.go
@ -114,6 +114,28 @@ func (keyRing *KeyRing) GetIdentities() []*Identity {
 	return identities
 }

+// CanVerify returns true if any of the keys in the keyring can be used for verification.
+func (keyRing *KeyRing) CanVerify() bool {
+	keys := keyRing.GetKeys()
+	for _, key := range keys {
+		if key.CanVerify() {
+			return true
+		}
+	}
+	return false
+}
+
+// CanEncrypt returns true if any of the keys in the keyring can be used for encryption.
+func (keyRing *KeyRing) CanEncrypt() bool {
+	keys := keyRing.GetKeys()
+	for _, key := range keys {
+		if key.CanEncrypt() {
+			return true
+		}
+	}
+	return false
+}
+
 // GetKeyIDs returns array of IDs of keys in this KeyRing.
 func (keyRing *KeyRing) GetKeyIDs() []uint64 {
 	var res = make([]uint64, len(keyRing.entities))
--- a/crypto/keyring_test.go
+++ b/crypto/keyring_test.go
@ -222,3 +222,12 @@ func TestEncryptedDetachedSignature(t *testing.T) {
 		t.Fatal("Expected an error while verifying bad encSignature, got nil")
 	}
 }
+
+func TestKeyringCapabilities(t *testing.T) {
+	assert.True(t, keyRingTestPrivate.CanVerify())
+	assert.True(t, keyRingTestPrivate.CanEncrypt())
+	assert.True(t, keyRingTestPublic.CanVerify())
+	assert.True(t, keyRingTestPublic.CanEncrypt())
+	assert.True(t, keyRingTestMultiple.CanVerify())
+	assert.True(t, keyRingTestMultiple.CanEncrypt())
+}