diff options
| author | Werner Koch <[email protected]> | 2023-03-01 16:22:20 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2023-03-01 16:22:20 +0000 |
| commit | 3a18378a92af63f5bccbe78efa546acb04e8a0f8 (patch) | |
| tree | a373fb90df2102fd82f9a265353cf3afb8ef0b6c /g10/keygen.c | |
| parent | agent: Show "no secret key" instead of "card removed". (diff) | |
| download | gnupg-3a18378a92af63f5bccbe78efa546acb04e8a0f8.tar.gz gnupg-3a18378a92af63f5bccbe78efa546acb04e8a0f8.zip | |
gpg: Allow adding of Additional Decryption Subkeys.
* g10/free-packet.c (copy_public_key): Factor some code out to ...
(copy_public_key_basics): new.
* g10/build-packet.c (build_sig_subpkt_from_sig): New arg signhints.
* g10/packet.h (PUBKEY_USAGE_RENC): Fix value.
(SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): Moved from sign.c.
(SIGNHINT_ADSK): New.
(PKT_public_key): Change pubkey_usage from byte to u16.
(PKT_user_id): Cosmetic fix: change help_key_usage from int to u16.
* g10/getkey.c (parse_key_usage): Make public.
* g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in
account.
* g10/sign.c (update_keysig_packet): Set SIGNHINT_ADSK.
(make_keysig_packet): Ditto.
(do_sign): No time warp check in ADSK mode.
* g10/sig-check.c (check_signature_metadata_validity): Ditto.
* g10/keygen.c (struct opaque_data_usage_and_pk): Remove.
(write_keybinding): Do not use the removed struct.
(do_add_key_flags): Support PUBKEY_USAGE_RENC and others.
(keygen_add_key_flags_and_expire): Rewrite and make public.
* g10/keyedit.c (enum cmdids): Add cmdADDADSK.
(keyedit_menu): Add command "addadsk".
(menu_addadsk): New.
--
This makes use of a new encryption flag:
The "restricted encryption key" (2nd,0x04) does not take part in any
automatic selection of encryption keys. It is only found on a
subkey signature (type 0x18), one that refers to the key the flag
applies to.
Followup patches will add encryption support and a --quick command.
GnuPG-bug-id: 6395
Diffstat (limited to 'g10/keygen.c')
| -rw-r--r-- | g10/keygen.c | 53 |
1 files changed, 24 insertions, 29 deletions
diff --git a/g10/keygen.c b/g10/keygen.c index 2e07015c6..c97783124 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -130,12 +130,6 @@ struct output_control_s }; -struct opaque_data_usage_and_pk { - unsigned int usage; - PKT_public_key *pk; -}; - - /* FIXME: These globals vars are ugly. And using MAX_PREFS even for * aeads is useless, given that we don't expects more than a very few * algorithms. */ @@ -256,22 +250,27 @@ write_uid (kbnode_t root, const char *s) static void do_add_key_flags (PKT_signature *sig, unsigned int use) { - byte buf[1]; - - buf[0] = 0; - - /* The spec says that all primary keys MUST be able to certify. */ - if(sig->sig_class!=0x18) - buf[0] |= 0x01; + byte buf[2] = { 0, 0 }; - if (use & PUBKEY_USAGE_SIG) - buf[0] |= 0x02; - if (use & PUBKEY_USAGE_ENC) - buf[0] |= 0x04 | 0x08; - if (use & PUBKEY_USAGE_AUTH) - buf[0] |= 0x20; + /* The spec says that all primary keys MUST be able to certify. */ + if ( sig->sig_class != 0x18 ) + buf[0] |= 0x01; - build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); + if (use & PUBKEY_USAGE_SIG) + buf[0] |= 0x02; + if (use & PUBKEY_USAGE_ENC) + buf[0] |= 0x04 | 0x08; + if (use & PUBKEY_USAGE_AUTH) + buf[0] |= 0x20; + if (use & PUBKEY_USAGE_GROUP) + buf[0] |= 0x80; + + if (use & PUBKEY_USAGE_RENC) + buf[1] |= 0x04; + if (use & PUBKEY_USAGE_TIME) + buf[1] |= 0x08; + + build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, buf[1]? 2:1); } @@ -318,13 +317,11 @@ keygen_add_key_flags (PKT_signature *sig, void *opaque) } -static int +int keygen_add_key_flags_and_expire (PKT_signature *sig, void *opaque) { - struct opaque_data_usage_and_pk *oduap = opaque; - - do_add_key_flags (sig, oduap->usage); - return keygen_add_key_expire (sig, oduap->pk); + keygen_add_key_flags (sig, opaque); + return keygen_add_key_expire (sig, opaque); } @@ -1215,7 +1212,6 @@ write_keybinding (ctrl_t ctrl, kbnode_t root, PKT_signature *sig; KBNODE node; PKT_public_key *pri_pk, *sub_pk; - struct opaque_data_usage_and_pk oduap; if (opt.verbose) log_info(_("writing key binding signature\n")); @@ -1241,11 +1237,10 @@ write_keybinding (ctrl_t ctrl, kbnode_t root, BUG(); /* Make the signature. */ - oduap.usage = use; - oduap.pk = sub_pk; + sub_pk->pubkey_usage = use; err = make_keysig_packet (ctrl, &sig, pri_pk, NULL, sub_pk, pri_psk, 0x18, timestamp, 0, - keygen_add_key_flags_and_expire, &oduap, + keygen_add_key_flags_and_expire, sub_pk, cache_nonce); if (err) { |