1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

g10: Support primary key generation by keygrip.

* g10/keygen.c (para_name): Add pKEYGRIP.
(generate_keypair): Use pKEYGRIP for key generation.
(do_generate_keypair): Call do_create_from_keygrip with pKEYGRIP.

--

https://lists.gnupg.org/pipermail/gnupg-devel/2017-February/032591.html

Reported-by: Alon Bar-Lev <alon.barlev@gmail.com>
Suggested-by: Peter Lebbing <peter@digitalbrains.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2017-02-21 08:27:23 +09:00
parent a022baa4a4
commit 3fc69224b7

View File

@ -89,7 +89,8 @@ enum para_name {
pSERIALNO, pSERIALNO,
pCARDBACKUPKEY, pCARDBACKUPKEY,
pHANDLE, pHANDLE,
pKEYSERVER pKEYSERVER,
pKEYGRIP
}; };
struct para_data_s { struct para_data_s {
@ -3654,6 +3655,7 @@ read_parameter_file (ctrl_t ctrl, const char *fname )
{ "Revoker", pREVOKER }, { "Revoker", pREVOKER },
{ "Handle", pHANDLE }, { "Handle", pHANDLE },
{ "Keyserver", pKEYSERVER }, { "Keyserver", pKEYSERVER },
{ "Keygrip", pKEYGRIP },
{ NULL, 0 } { NULL, 0 }
}; };
IOBUF fp; IOBUF fp;
@ -4175,13 +4177,41 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
else if (full) /* Full featured key generation. */ else if (full) /* Full featured key generation. */
{ {
int subkey_algo; int subkey_algo;
char *key_from_hexgrip = NULL;
algo = ask_algo (ctrl, 0, &subkey_algo, &use, &key_from_hexgrip);
if (key_from_hexgrip)
{
r = xmalloc_clear( sizeof *r + 20 );
r->key = pKEYTYPE;
sprintf( r->u.value, "%d", algo);
r->next = para;
para = r;
if (use)
{
r = xmalloc_clear( sizeof *r + 25 );
r->key = pKEYUSAGE;
sprintf( r->u.value, "%s%s%s",
(use & PUBKEY_USAGE_SIG)? "sign ":"",
(use & PUBKEY_USAGE_ENC)? "encrypt ":"",
(use & PUBKEY_USAGE_AUTH)? "auth":"" );
r->next = para;
para = r;
}
r = xmalloc_clear( sizeof *r + 40 );
r->key = pKEYGRIP;
strcpy (r->u.value, key_from_hexgrip);
r->next = para;
para = r;
xfree (key_from_hexgrip);
}
else
{
char *curve = NULL; char *curve = NULL;
/* Fixme: To support creating a primary key by keygrip we better
also define the keyword for the parameter file. Note that
the subkey case will never be asserted if a keygrip has been
given. */
algo = ask_algo (ctrl, 0, &subkey_algo, &use, NULL);
if (subkey_algo) if (subkey_algo)
{ {
/* Create primary and subkey at once. */ /* Create primary and subkey at once. */
@ -4307,6 +4337,7 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
xfree (curve); xfree (curve);
} }
}
else /* Default key generation. */ else /* Default key generation. */
{ {
int subalgo; int subalgo;
@ -4547,6 +4578,9 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
int did_sub = 0; int did_sub = 0;
u32 timestamp; u32 timestamp;
char *cache_nonce = NULL; char *cache_nonce = NULL;
int algo;
u32 expire;
const char *key_from_hexgrip = NULL;
if (outctrl->dryrun) if (outctrl->dryrun)
{ {
@ -4612,20 +4646,26 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
node of the subkey but that is more work than just to pass the node of the subkey but that is more work than just to pass the
current timestamp. */ current timestamp. */
if (!card) algo = get_parameter_algo( para, pKEYTYPE, NULL );
err = do_create (get_parameter_algo( para, pKEYTYPE, NULL ), expire = get_parameter_u32( para, pKEYEXPIRE );
key_from_hexgrip = get_parameter_value (para, pKEYGRIP);
if (key_from_hexgrip)
err = do_create_from_keygrip (ctrl, algo, key_from_hexgrip,
pub_root, timestamp, expire, 0);
else if (!card)
err = do_create (algo,
get_parameter_uint( para, pKEYLENGTH ), get_parameter_uint( para, pKEYLENGTH ),
get_parameter_value (para, pKEYCURVE), get_parameter_value (para, pKEYCURVE),
pub_root, pub_root,
timestamp, timestamp,
get_parameter_u32( para, pKEYEXPIRE ), 0, expire, 0,
outctrl->keygen_flags, outctrl->keygen_flags,
get_parameter_passphrase (para), get_parameter_passphrase (para),
&cache_nonce, NULL); &cache_nonce, NULL);
else else
err = gen_card_key (1, get_parameter_algo( para, pKEYTYPE, NULL ), err = gen_card_key (1, algo,
1, pub_root, &timestamp, 1, pub_root, &timestamp,
get_parameter_u32 (para, pKEYEXPIRE)); expire);
/* Get the pointer to the generated public key packet. */ /* Get the pointer to the generated public key packet. */
if (!err) if (!err)