gpg: Store Link attributes for composite keys.

* g10/call-agent.c (agent_crosslink_keys): New. * g10/keygen.c (common_gen): Store the Link attribute. -- The Link attribute may be useful to quickly find the other part of a composite private key. GnuPG-bug-id: 6638
2025-02-12 18:23:04 +01:00 · 2025-02-07 11:10:09 +01:00 · 2025-02-07 11:10:09 +01:00 · 3738b0a99a
commit 3738b0a99a
parent 00c31f8b04
3 changed files with 57 additions and 0 deletions
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@ -2673,6 +2673,30 @@ agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, char **passwd_nonce_addr,
 }


+/* Add the Link attribute to both given keys.  */
+gpg_error_t
+agent_crosslink_keys (ctrl_t ctrl, const char *hexgrip1, const char *hexgrip2)
+{
+  gpg_error_t err;
+  char line[ASSUAN_LINELENGTH];
+
+  err = start_agent (ctrl, 0);
+  if (err)
+    goto leave;
+
+  snprintf (line, sizeof line, "KEYATTR %s Link: %s", hexgrip1, hexgrip2);
+  err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+  if (err)
+    goto leave;
+
+  snprintf (line, sizeof line, "KEYATTR %s Link: %s", hexgrip2, hexgrip1);
+  err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+
+ leave:
+  return err;
+}
+
+

 /* Call the agent to read the public key part for a given keygrip.
 * Values from FROMCARD:
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@ -202,6 +202,10 @@ gpg_error_t agent_genkey (ctrl_t ctrl,
                          const char *passphrase, time_t timestamp,
                          gcry_sexp_t *r_pubkey);

+/* Apply the Link attributes.  */
+gpg_error_t agent_crosslink_keys (ctrl_t ctrl,
+                                  const char *hexgrip1, const char *hexgrip2);
+
 /* Read a public key.  FROMCARD may be 0, 1, or 2. */
 gpg_error_t agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
                           unsigned char **r_pubkey);
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -1859,6 +1859,10 @@ common_gen (const char *keyparms, const char *keyparms2,

  if (keyparms2)
    {
+      unsigned char tmpgrip[KEYGRIP_LEN];
+      char hexgrip1[2*KEYGRIP_LEN+1];
+      char hexgrip2[2*KEYGRIP_LEN+1];
+
      err = agent_genkey (NULL, NULL, NULL, keyparms2,
                          1 /* No protection */,
                          NULL, timestamp,
@ -1870,6 +1874,31 @@ common_gen (const char *keyparms, const char *keyparms2,
          gcry_sexp_release (s_key);
          return err;
        }
+
+      if (!gcry_pk_get_keygrip (s_key, tmpgrip))
+        {
+          log_error ("error computing keygrip for generated key\n");
+          gcry_sexp_release (s_key);
+          gcry_sexp_release (s_key2);
+          return gpg_error (GPG_ERR_GENERAL);
+        }
+      bin2hex (tmpgrip, KEYGRIP_LEN, hexgrip1);
+      if (!gcry_pk_get_keygrip (s_key2, tmpgrip))
+        {
+          log_error ("error computing keygrip for generated key\n");
+          gcry_sexp_release (s_key);
+          gcry_sexp_release (s_key2);
+          return gpg_error (GPG_ERR_GENERAL);
+        }
+      bin2hex (tmpgrip, KEYGRIP_LEN, hexgrip2);
+      err = agent_crosslink_keys (NULL, hexgrip1, hexgrip2);
+      if (err)
+        {
+          log_error ("error setting link attributes for generated keys\n");
+          gcry_sexp_release (s_key);
+          gcry_sexp_release (s_key2);
+          return gpg_error (GPG_ERR_GENERAL);
+        }
    }

  if (common_gen_cb && common_gen_cb_parm)