From 882ab7fef9bf4440900c32d7463469307224f11a Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 12 Aug 2024 14:50:08 +0200
Subject: gpg: Improve decryption diagnostic for an ADSK key.

* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant.
* g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant.
* g10/pubkey-enc.c (get_session_key): Consider an ADSK also as "marked
for encryption use".
(get_it): Print a note if an ADSK key was used.  Use the new
get_pubkeyblock flag.
* g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk.
(get_pubkeyblock): Factor all code out to ...
(get_pubkeyblock_ext): new.
(finish_lookup): Add new arg allow_adsk and make use of it.
--

This patch solves two purposes:
- We write a note that the ADSK key was used for decryption
- We avoid running into a
  "oops: public key not found for preference check\n"
  due to ADSK keys.  The error is mostly harmless but lets gpg return
  with an exit code of 2.
---
 g10/pubkey-enc.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'g10/pubkey-enc.c')

diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 563077803..dced3dfb0 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -143,7 +143,7 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek)
           else if (opt.try_all_secrets
                    || (k->keyid[0] == keyid[0] && k->keyid[1] == keyid[1]))
             {
-              if (!opt.quiet && !(sk->pubkey_usage & PUBKEY_USAGE_ENC))
+              if (!opt.quiet && !(sk->pubkey_usage & PUBKEY_USAGE_XENC_MASK))
                 log_info (_("used key is not marked for encryption use.\n"));
             }
           else
@@ -156,7 +156,7 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek)
               if (!opt.quiet && !k->keyid[0] && !k->keyid[1])
                 {
                   log_info (_("okay, we are the anonymous recipient.\n"));
-                  if (!(sk->pubkey_usage & PUBKEY_USAGE_ENC))
+                  if (!(sk->pubkey_usage & PUBKEY_USAGE_XENC_MASK))
                     log_info (_("used key is not marked for encryption use.\n")
                               );
                 }
@@ -443,7 +443,7 @@ get_it (ctrl_t ctrl,
   {
     PKT_public_key *pk = NULL;
     PKT_public_key *mainpk = NULL;
-    KBNODE pkb = get_pubkeyblock (ctrl, keyid);
+    KBNODE pkb = get_pubkeyblock_ext (ctrl, keyid, GET_PUBKEYBLOCK_FLAG_ADSK);
 
     if (!pkb)
       {
@@ -495,6 +495,13 @@ get_it (ctrl_t ctrl,
           }
       }
 
+    if (pk && !(pk->pubkey_usage & PUBKEY_USAGE_ENC)
+        && (pk->pubkey_usage & PUBKEY_USAGE_RENC))
+      {
+        log_info (_("Note: ADSK key has been used for decryption"));
+        log_printf ("\n");
+      }
+
     if (pk && pk->flags.revoked)
       {
         log_info (_("Note: key has been revoked"));
@@ -512,7 +519,7 @@ get_it (ctrl_t ctrl,
 
         /* Note that we do not want to create a trustdb just for
          * getting the ownertrust: If there is no trustdb there can't
-         * be ulitmately trusted key anyway and thus the ownertrust
+         * be an ultimately trusted key anyway and thus the ownertrust
          * value is irrelevant.  */
         write_status_printf (STATUS_DECRYPTION_KEY, "%s %s %c",
                              pkhex, mainpkhex,
-- 
cgit v1.2.3