sm: Allow combination of usage flags --gen-key.

* sm/certreqgen.c (create_request): Re-implement building of the
key-usage extension.
--

GnuPG-bug-id: 2029
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-10-28 18:57:53 +01:00
parent e095a3fcf2
commit 8b6c83dcb0
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 46 additions and 31 deletions

View File

@ -917,38 +917,53 @@ create_request (ctrl_t ctrl,
/* Set key usage flags. */
use = get_parameter_uint (para, pKEYUSAGE);
if (use == GCRY_PK_USAGE_SIGN)
if (use)
{
/* For signing only we encode the bits:
KSBA_KEYUSAGE_DIGITAL_SIGNATURE
KSBA_KEYUSAGE_NON_REPUDIATION */
err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
"\x03\x02\x06\xC0", 4);
}
else if (use == GCRY_PK_USAGE_ENCR)
{
/* For encrypt only we encode the bits:
KSBA_KEYUSAGE_KEY_ENCIPHERMENT
KSBA_KEYUSAGE_DATA_ENCIPHERMENT */
err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
"\x03\x02\x04\x30", 4);
}
else if (use == GCRY_PK_USAGE_CERT)
{
/* For certify only we encode the bits:
KSBA_KEYUSAGE_KEY_CERT_SIGN
KSBA_KEYUSAGE_CRL_SIGN */
err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
"\x03\x02\x01\x06", 4);
}
else
err = 0; /* Both or none given: don't request one. */
if (err)
{
log_error ("error setting the key usage: %s\n",
gpg_strerror (err));
rc = err;
goto leave;
unsigned int mask, pos;
unsigned char der[4];
der[0] = 0x03;
der[1] = 0x02;
der[2] = 0;
der[3] = 0;
if ((use & GCRY_PK_USAGE_SIGN))
{
/* For signing only we encode the bits:
KSBA_KEYUSAGE_DIGITAL_SIGNATURE
KSBA_KEYUSAGE_NON_REPUDIATION = 0b11 -> 0b11000000 */
der[3] |= 0xc0;
}
if ((use & GCRY_PK_USAGE_ENCR))
{
/* For encrypt only we encode the bits:
KSBA_KEYUSAGE_KEY_ENCIPHERMENT
KSBA_KEYUSAGE_DATA_ENCIPHERMENT = 0b1100 -> 0b00110000 */
der[3] |= 0x30;
}
if ((use & GCRY_PK_USAGE_CERT))
{
/* For certify only we encode the bits:
KSBA_KEYUSAGE_KEY_CERT_SIGN
KSBA_KEYUSAGE_CRL_SIGN = 0b1100000 -> 0b00000110 */
der[3] |= 0x06;
}
/* Count number of unused bits. */
for (mask=1, pos=0; pos < 8 * sizeof mask; pos++, mask <<= 1)
{
if ((der[3] & mask))
break;
der[2]++;
}
err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, der, 4);
if (err)
{
log_error ("error setting the key usage: %s\n",
gpg_strerror (err));
rc = err;
goto leave;
}
}