gpg: Add option --assert-pubkey_algo.

* g10/keyid.c (parse_one_algo_string): New. (compare_pubkey_string_part): New. (compare_pubkey_string): New. * g10/verify.c (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo. * g10/options.h (opt): Add field assert_pubkey_algos. * g10/gpg.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Reorder RC modifications. Check assert_pubkey_algo_false. * common/status.h (ASSERT_PUBKEY_ALGOS): new. * common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if this macro is set. * g10/gpgv.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Check assert_pubkey_algo_false. * g10/t-keyid.c: New. * g10/Makefile.am: Add t-keyid. * g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and remove from other tests. (check_assert_signer_list): Ditto. (check_assert_pubkey_algo): Ditto. -- GnuPG-bug-id: 6946
2025-07-02 22:46:30 +02:00 · 2024-02-10 14:24:50 +01:00 · 2024-02-10 14:24:50 +01:00 · 302afcb6f6
commit 302afcb6f6
parent 5842eee805
20 changed files with 424 additions and 58 deletions
--- a/doc/DETAILS
+++ b/doc/DETAILS
@ -527,6 +527,12 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
    --assert-signer is used.  The fingerprint is printed with
    uppercase hex digits.

+*** ASSERT_PUBKEY_ALGO <fingerprint> <state> <algostr>
+    This is emitted when option --assert-pubkey-algo is used and the
+    signing algorithms is accepted according to that list if state is
+    1 or denied if state is 0.  The fingerprint is printed with
+    uppercase hex digits.
+
 *** SIG_ID  <radix64_string>  <sig_creation_date>  <sig-timestamp>
    This is emitted only for signatures of class 0 or 1 which have
    been verified okay.  The string is a signature id and may be used