mirror of
git://git.gnupg.org/gnupg.git
synced 2025-04-17 15:44:34 +02:00
sm: Allow combination of usage flags --gen-key.
* sm/certreqgen.c (create_request): Re-implement building of the key-usage extension. -- GnuPG-bug-id: 2029 Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch
parent
e095a3fcf2
commit
8b6c83dcb0
@ -917,32 +917,46 @@ create_request (ctrl_t ctrl,
|
|||||||
|
|
||||||
/* Set key usage flags. */
|
/* Set key usage flags. */
|
||||||
use = get_parameter_uint (para, pKEYUSAGE);
|
use = get_parameter_uint (para, pKEYUSAGE);
|
||||||
if (use == GCRY_PK_USAGE_SIGN)
|
if (use)
|
||||||
|
{
|
||||||
|
unsigned int mask, pos;
|
||||||
|
unsigned char der[4];
|
||||||
|
|
||||||
|
der[0] = 0x03;
|
||||||
|
der[1] = 0x02;
|
||||||
|
der[2] = 0;
|
||||||
|
der[3] = 0;
|
||||||
|
if ((use & GCRY_PK_USAGE_SIGN))
|
||||||
{
|
{
|
||||||
/* For signing only we encode the bits:
|
/* For signing only we encode the bits:
|
||||||
KSBA_KEYUSAGE_DIGITAL_SIGNATURE
|
KSBA_KEYUSAGE_DIGITAL_SIGNATURE
|
||||||
KSBA_KEYUSAGE_NON_REPUDIATION */
|
KSBA_KEYUSAGE_NON_REPUDIATION = 0b11 -> 0b11000000 */
|
||||||
err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
|
der[3] |= 0xc0;
|
||||||
"\x03\x02\x06\xC0", 4);
|
|
||||||
}
|
}
|
||||||
else if (use == GCRY_PK_USAGE_ENCR)
|
if ((use & GCRY_PK_USAGE_ENCR))
|
||||||
{
|
{
|
||||||
/* For encrypt only we encode the bits:
|
/* For encrypt only we encode the bits:
|
||||||
KSBA_KEYUSAGE_KEY_ENCIPHERMENT
|
KSBA_KEYUSAGE_KEY_ENCIPHERMENT
|
||||||
KSBA_KEYUSAGE_DATA_ENCIPHERMENT */
|
KSBA_KEYUSAGE_DATA_ENCIPHERMENT = 0b1100 -> 0b00110000 */
|
||||||
err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
|
der[3] |= 0x30;
|
||||||
"\x03\x02\x04\x30", 4);
|
|
||||||
}
|
}
|
||||||
else if (use == GCRY_PK_USAGE_CERT)
|
if ((use & GCRY_PK_USAGE_CERT))
|
||||||
{
|
{
|
||||||
/* For certify only we encode the bits:
|
/* For certify only we encode the bits:
|
||||||
KSBA_KEYUSAGE_KEY_CERT_SIGN
|
KSBA_KEYUSAGE_KEY_CERT_SIGN
|
||||||
KSBA_KEYUSAGE_CRL_SIGN */
|
KSBA_KEYUSAGE_CRL_SIGN = 0b1100000 -> 0b00000110 */
|
||||||
err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
|
der[3] |= 0x06;
|
||||||
"\x03\x02\x01\x06", 4);
|
|
||||||
}
|
}
|
||||||
else
|
|
||||||
err = 0; /* Both or none given: don't request one. */
|
/* Count number of unused bits. */
|
||||||
|
for (mask=1, pos=0; pos < 8 * sizeof mask; pos++, mask <<= 1)
|
||||||
|
{
|
||||||
|
if ((der[3] & mask))
|
||||||
|
break;
|
||||||
|
der[2]++;
|
||||||
|
}
|
||||||
|
|
||||||
|
err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, der, 4);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error setting the key usage: %s\n",
|
log_error ("error setting the key usage: %s\n",
|
||||||
@ -950,6 +964,7 @@ create_request (ctrl_t ctrl,
|
|||||||
rc = err;
|
rc = err;
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* See whether we want to create an X.509 certificate. */
|
/* See whether we want to create an X.509 certificate. */
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user