diff options
| author | Werner Koch <[email protected]> | 2022-11-16 16:15:36 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2022-11-25 12:58:14 +0000 |
| commit | ce50dea7cfe16ab4acf2600b1ef40d47635c93d8 (patch) | |
| tree | d4a503180a95bff440ce5fcaf0a81860491151c6 | |
| parent | scd:nks: Fix ECC signing if key not given by keygrip. (diff) | |
| download | gnupg-ce50dea7cfe16ab4acf2600b1ef40d47635c93d8.tar.gz gnupg-ce50dea7cfe16ab4acf2600b1ef40d47635c93d8.zip | |
gpg: Add a notation to encryption subkeys in de-vs mode.
* g10/keygen.c (struct opaque_data_usage_and_pk): Add cpl_notation.
(do_add_notation): New.
(keygen_add_key_flags_and_expire): Set [email protected] notation if
requested.
(write_keybinding): Request notation for subkeys in de-vs mode.
--
GnuPG-bug-id: 6279
| -rw-r--r-- | g10/keygen.c | 60 |
1 files changed, 57 insertions, 3 deletions
diff --git a/g10/keygen.c b/g10/keygen.c index 80d65c444..2041d30af 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -121,9 +121,11 @@ struct output_control_s }; -struct opaque_data_usage_and_pk { - unsigned int usage; - PKT_public_key *pk; +struct opaque_data_usage_and_pk +{ + unsigned int usage; + const char *cpl_notation; + PKT_public_key *pk; }; @@ -151,6 +153,9 @@ static gpg_error_t gen_card_key (int keyno, int algo, int is_primary, u32 expireval); static unsigned int get_keysize_range (int algo, unsigned int *min, unsigned int *max); +static void do_add_notation (PKT_signature *sig, + const char *name, const char *value, + int critical); @@ -301,12 +306,16 @@ keygen_add_key_flags (PKT_signature *sig, void *opaque) } +/* This is only used to write the key binding signature. It is not + * used for the primary key. */ static int keygen_add_key_flags_and_expire (PKT_signature *sig, void *opaque) { struct opaque_data_usage_and_pk *oduap = opaque; do_add_key_flags (sig, oduap->usage); + if (oduap->cpl_notation) + do_add_notation (sig, "[email protected]", oduap->cpl_notation, 0); return keygen_add_key_expire (sig, oduap->pk); } @@ -789,6 +798,44 @@ keygen_add_keyserver_url(PKT_signature *sig, void *opaque) return 0; } + +/* This function is used to add a notations to a signature. In + * general the caller should have cleared exiting notations before + * adding new ones. For example by calling: + * + * delete_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION); + * delete_sig_subpkt(sig->unhashed,SIGSUBPKT_NOTATION); + * + * Only human readable notaions may be added. NAME and value are + * expected to be UTF-* strings. + */ +static void +do_add_notation (PKT_signature *sig, const char *name, const char *value, + int critical) +{ + unsigned char *buf; + unsigned int n1,n2; + + n1 = strlen (name); + n2 = strlen (value); + + buf = xmalloc (8 + n1 + n2); + + buf[0] = 0x80; /* human readable. */ + buf[1] = buf[2] = buf[3] = 0; + buf[4] = n1 >> 8; + buf[5] = n1; + buf[6] = n2 >> 8; + buf[7] = n2; + memcpy (buf+8, name, n1); + memcpy (buf+8+n1, value, n2); + build_sig_subpkt (sig, + (SIGSUBPKT_NOTATION|(critical?SIGSUBPKT_FLAG_CRITICAL:0)), + buf, 8+n1+n2 ); + xfree (buf); +} + + int keygen_add_notations(PKT_signature *sig,void *opaque) { @@ -838,6 +885,7 @@ keygen_add_notations(PKT_signature *sig,void *opaque) return 0; } + int keygen_add_revkey (PKT_signature *sig, void *opaque) { @@ -1096,6 +1144,12 @@ write_keybinding (ctrl_t ctrl, kbnode_t root, /* Make the signature. */ oduap.usage = use; + if ((use & PUBKEY_USAGE_ENC) + && opt.compliance == CO_DE_VS + && gnupg_rng_is_compliant (CO_DE_VS)) + oduap.cpl_notation = "de-vs"; + else + oduap.cpl_notation = NULL; oduap.pk = sub_pk; err = make_keysig_packet (ctrl, &sig, pri_pk, NULL, sub_pk, pri_psk, 0x18, 0, timestamp, 0, |