From 955baf04364721457cd99aad21942523cd50498c Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 20 Jun 2016 23:58:16 +0200 Subject: gpg: Add experimental support for an issuer fpr. * common/openpgpdefs.h (SIGSUBPKT_ISSUER_FPR): New. * g10/build-packet.c (build_sig_subpkt_from_sig): Add arg PKSK and insert the issuer fpr if needed. * g10/sign.c (write_signature_packets): Pass signing key. (make_keysig_packet): Ditto. (update_keysig_packet): Ditto. * g10/parse-packet.c (dump_sig_subpkt): Print issuer fpr. (parse_one_sig_subpkt): Detect issuer fpr. (can_handle_critical): Add issuer fpr. * g10/mainproc.c (check_sig_and_print): Try to get key via fingerprint. * g10/gpgv.c (keyserver_import_fprint): New stub. * g10/test-stubs.c (keyserver_import_fprint): New stub. -- This support is enabled with the --rfc4880bis option and intended to test to recently proposed issuer fpr. Signed-off-by: Werner Koch --- g10/build-packet.c | 49 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 35 insertions(+), 14 deletions(-) (limited to 'g10/build-packet.c') diff --git a/g10/build-packet.c b/g10/build-packet.c index 2745734b4..21cd004a8 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -972,28 +972,49 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type, sig->unhashed = newarea; } -/**************** +/* * Put all the required stuff from SIG into subpackets of sig. + * PKSK is the signing key. * Hmmm, should we delete those subpackets which are in a wrong area? */ void -build_sig_subpkt_from_sig( PKT_signature *sig ) +build_sig_subpkt_from_sig (PKT_signature *sig, PKT_public_key *pksk) { u32 u; - byte buf[8]; + byte buf[1+MAX_FINGERPRINT_LEN]; + size_t fprlen; - u = sig->keyid[0]; - buf[0] = (u >> 24) & 0xff; - buf[1] = (u >> 16) & 0xff; - buf[2] = (u >> 8) & 0xff; - buf[3] = u & 0xff; - u = sig->keyid[1]; - buf[4] = (u >> 24) & 0xff; - buf[5] = (u >> 16) & 0xff; - buf[6] = (u >> 8) & 0xff; - buf[7] = u & 0xff; - build_sig_subpkt( sig, SIGSUBPKT_ISSUER, buf, 8 ); + /* For v4 keys we need to write the ISSUER subpacket. We do not + * want that for a future v5 format. */ + if (pksk->version < 5) + { + u = sig->keyid[0]; + buf[0] = (u >> 24) & 0xff; + buf[1] = (u >> 16) & 0xff; + buf[2] = (u >> 8) & 0xff; + buf[3] = u & 0xff; + u = sig->keyid[1]; + buf[4] = (u >> 24) & 0xff; + buf[5] = (u >> 16) & 0xff; + buf[6] = (u >> 8) & 0xff; + buf[7] = u & 0xff; + build_sig_subpkt (sig, SIGSUBPKT_ISSUER, buf, 8); + } + + /* For a future v5 keys we write the ISSUER_FPR subpacket. We + * also write that for a v4 key is experimental support for + * RFC4880bis is requested. */ + if (pksk->version > 4 || opt.flags.rfc4880bis) + { + fingerprint_from_pk (pksk, buf+1, &fprlen); + if (fprlen == 20) + { + buf[0] = pksk->version; + build_sig_subpkt (sig, SIGSUBPKT_ISSUER_FPR, buf, 21); + } + } + /* Write the timestamp. */ u = sig->timestamp; buf[0] = (u >> 24) & 0xff; buf[1] = (u >> 16) & 0xff; -- cgit v1.2.3