mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
* keygen.c (write_keybinding, do_generate_keypair, generate_subkeypair):
Keep track of the unprotected subkey secret key so we can make a backsig with it.
This commit is contained in:
parent
8615da464e
commit
8e5f3ce846
@ -1,5 +1,9 @@
|
|||||||
2004-03-18 David Shaw <dshaw@jabberwocky.com>
|
2004-03-18 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* keygen.c (write_keybinding, do_generate_keypair,
|
||||||
|
generate_subkeypair): Keep track of the unprotected subkey secret
|
||||||
|
key so we can make a backsig with it.
|
||||||
|
|
||||||
* keygen.c (gen_elg, gen_dsa, gen_rsa, do_create,
|
* keygen.c (gen_elg, gen_dsa, gen_rsa, do_create,
|
||||||
do_generate_keypair, generate_subkeypair): New is_subkey argument
|
do_generate_keypair, generate_subkeypair): New is_subkey argument
|
||||||
to set whether a generated key is a subkey. Do not overload the
|
to set whether a generated key is a subkey. Do not overload the
|
||||||
|
64
g10/keygen.c
64
g10/keygen.c
@ -1,5 +1,6 @@
|
|||||||
/* keygen.c - generate a key pair
|
/* keygen.c - generate a key pair
|
||||||
* Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
|
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
|
||||||
|
* 2004 Free Software Foundation, Inc.
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -38,7 +39,6 @@
|
|||||||
|
|
||||||
#define MAX_PREFS 30
|
#define MAX_PREFS 30
|
||||||
|
|
||||||
|
|
||||||
enum para_name {
|
enum para_name {
|
||||||
pKEYTYPE,
|
pKEYTYPE,
|
||||||
pKEYLENGTH,
|
pKEYLENGTH,
|
||||||
@ -606,8 +606,10 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_key *sk,
|
|||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* sub_sk is currently unused (reserved for backsigs) */
|
||||||
static int
|
static int
|
||||||
write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_key *sk,
|
write_keybinding( KBNODE root, KBNODE pub_root,
|
||||||
|
PKT_secret_key *pri_sk, PKT_secret_key *sub_sk,
|
||||||
unsigned int use )
|
unsigned int use )
|
||||||
{
|
{
|
||||||
PACKET *pkt;
|
PACKET *pkt;
|
||||||
@ -641,7 +643,7 @@ write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_key *sk,
|
|||||||
/* and make the signature */
|
/* and make the signature */
|
||||||
oduap.usage = use;
|
oduap.usage = use;
|
||||||
oduap.pk = subpk;
|
oduap.pk = subpk;
|
||||||
rc = make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0, 0, 0, 0,
|
rc = make_keysig_packet( &sig, pk, NULL, subpk, pri_sk, 0x18, 0, 0, 0, 0,
|
||||||
keygen_add_key_flags_and_expire, &oduap );
|
keygen_add_key_flags_and_expire, &oduap );
|
||||||
if( rc ) {
|
if( rc ) {
|
||||||
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
|
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
|
||||||
@ -2111,7 +2113,7 @@ do_generate_keypair( struct para_data_s *para,
|
|||||||
{
|
{
|
||||||
KBNODE pub_root = NULL;
|
KBNODE pub_root = NULL;
|
||||||
KBNODE sec_root = NULL;
|
KBNODE sec_root = NULL;
|
||||||
PKT_secret_key *sk = NULL;
|
PKT_secret_key *pri_sk = NULL, *sub_sk = NULL;
|
||||||
const char *s;
|
const char *s;
|
||||||
struct revocation_key *revkey;
|
struct revocation_key *revkey;
|
||||||
int rc;
|
int rc;
|
||||||
@ -2184,14 +2186,14 @@ do_generate_keypair( struct para_data_s *para,
|
|||||||
pub_root, sec_root,
|
pub_root, sec_root,
|
||||||
get_parameter_dek( para, pPASSPHRASE_DEK ),
|
get_parameter_dek( para, pPASSPHRASE_DEK ),
|
||||||
get_parameter_s2k( para, pPASSPHRASE_S2K ),
|
get_parameter_s2k( para, pPASSPHRASE_S2K ),
|
||||||
&sk,
|
&pri_sk,
|
||||||
get_parameter_u32( para, pKEYEXPIRE ), 0 );
|
get_parameter_u32( para, pKEYEXPIRE ), 0 );
|
||||||
|
|
||||||
if(!rc && (revkey=get_parameter_revkey(para,pREVOKER)))
|
if(!rc && (revkey=get_parameter_revkey(para,pREVOKER)))
|
||||||
{
|
{
|
||||||
rc=write_direct_sig(pub_root,pub_root,sk,revkey);
|
rc=write_direct_sig(pub_root,pub_root,pri_sk,revkey);
|
||||||
if(!rc)
|
if(!rc)
|
||||||
write_direct_sig(sec_root,pub_root,sk,revkey);
|
write_direct_sig(sec_root,pub_root,pri_sk,revkey);
|
||||||
}
|
}
|
||||||
|
|
||||||
if( !rc && (s=get_parameter_value(para, pUSERID)) ) {
|
if( !rc && (s=get_parameter_value(para, pUSERID)) ) {
|
||||||
@ -2199,10 +2201,10 @@ do_generate_keypair( struct para_data_s *para,
|
|||||||
if( !rc )
|
if( !rc )
|
||||||
write_uid(sec_root, s );
|
write_uid(sec_root, s );
|
||||||
if( !rc )
|
if( !rc )
|
||||||
rc = write_selfsig(pub_root, pub_root, sk,
|
rc = write_selfsig(pub_root, pub_root, pri_sk,
|
||||||
get_parameter_uint (para, pKEYUSAGE));
|
get_parameter_uint (para, pKEYUSAGE));
|
||||||
if( !rc )
|
if( !rc )
|
||||||
rc = write_selfsig(sec_root, pub_root, sk,
|
rc = write_selfsig(sec_root, pub_root, pri_sk,
|
||||||
get_parameter_uint (para, pKEYUSAGE));
|
get_parameter_uint (para, pKEYUSAGE));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2212,13 +2214,13 @@ do_generate_keypair( struct para_data_s *para,
|
|||||||
pub_root, sec_root,
|
pub_root, sec_root,
|
||||||
get_parameter_dek( para, pPASSPHRASE_DEK ),
|
get_parameter_dek( para, pPASSPHRASE_DEK ),
|
||||||
get_parameter_s2k( para, pPASSPHRASE_S2K ),
|
get_parameter_s2k( para, pPASSPHRASE_S2K ),
|
||||||
NULL,
|
&sub_sk,
|
||||||
get_parameter_u32( para, pSUBKEYEXPIRE ), 1 );
|
get_parameter_u32( para, pSUBKEYEXPIRE ), 1 );
|
||||||
if( !rc )
|
if( !rc )
|
||||||
rc = write_keybinding(pub_root, pub_root, sk,
|
rc = write_keybinding(pub_root, pub_root, pri_sk, sub_sk,
|
||||||
get_parameter_uint (para, pSUBKEYUSAGE));
|
get_parameter_uint (para, pSUBKEYUSAGE));
|
||||||
if( !rc )
|
if( !rc )
|
||||||
rc = write_keybinding(sec_root, pub_root, sk,
|
rc = write_keybinding(sec_root, pub_root, pri_sk, sub_sk,
|
||||||
get_parameter_uint (para, pSUBKEYUSAGE));
|
get_parameter_uint (para, pSUBKEYUSAGE));
|
||||||
did_sub = 1;
|
did_sub = 1;
|
||||||
}
|
}
|
||||||
@ -2322,8 +2324,12 @@ do_generate_keypair( struct para_data_s *para,
|
|||||||
}
|
}
|
||||||
release_kbnode( pub_root );
|
release_kbnode( pub_root );
|
||||||
release_kbnode( sec_root );
|
release_kbnode( sec_root );
|
||||||
if( sk ) /* the unprotected secret key */
|
|
||||||
free_secret_key(sk);
|
/* the unprotected secret keys */
|
||||||
|
if( pri_sk )
|
||||||
|
free_secret_key(pri_sk);
|
||||||
|
if( sub_sk )
|
||||||
|
free_secret_key(sub_sk);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -2336,7 +2342,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
|
|||||||
{
|
{
|
||||||
int okay=0, rc=0;
|
int okay=0, rc=0;
|
||||||
KBNODE node;
|
KBNODE node;
|
||||||
PKT_secret_key *sk = NULL; /* this is the primary sk */
|
PKT_secret_key *pri_sk = NULL, *sub_sk = NULL;
|
||||||
int algo;
|
int algo;
|
||||||
unsigned int use;
|
unsigned int use;
|
||||||
u32 expire;
|
u32 expire;
|
||||||
@ -2354,11 +2360,11 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* make a copy of the sk to keep the protected one in the keyblock */
|
/* make a copy of the sk to keep the protected one in the keyblock */
|
||||||
sk = copy_secret_key( NULL, node->pkt->pkt.secret_key );
|
pri_sk = copy_secret_key( NULL, node->pkt->pkt.secret_key );
|
||||||
|
|
||||||
cur_time = make_timestamp();
|
cur_time = make_timestamp();
|
||||||
if( sk->timestamp > cur_time ) {
|
if( pri_sk->timestamp > cur_time ) {
|
||||||
ulong d = sk->timestamp - cur_time;
|
ulong d = pri_sk->timestamp - cur_time;
|
||||||
log_info( d==1 ? _("key has been created %lu second "
|
log_info( d==1 ? _("key has been created %lu second "
|
||||||
"in future (time warp or clock problem)\n")
|
"in future (time warp or clock problem)\n")
|
||||||
: _("key has been created %lu seconds "
|
: _("key has been created %lu seconds "
|
||||||
@ -2369,14 +2375,14 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (sk->version < 4) {
|
if (pri_sk->version < 4) {
|
||||||
log_info (_("NOTE: creating subkeys for v3 keys "
|
log_info (_("NOTE: creating subkeys for v3 keys "
|
||||||
"is not OpenPGP compliant\n"));
|
"is not OpenPGP compliant\n"));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* unprotect to get the passphrase */
|
/* unprotect to get the passphrase */
|
||||||
switch( is_secret_key_protected( sk ) ) {
|
switch( is_secret_key_protected( pri_sk ) ) {
|
||||||
case -1:
|
case -1:
|
||||||
rc = G10ERR_PUBKEY_ALGO;
|
rc = G10ERR_PUBKEY_ALGO;
|
||||||
break;
|
break;
|
||||||
@ -2385,7 +2391,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
|
|||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
tty_printf("Key is protected.\n");
|
tty_printf("Key is protected.\n");
|
||||||
rc = check_secret_key( sk, 0 );
|
rc = check_secret_key( pri_sk, 0 );
|
||||||
if( !rc )
|
if( !rc )
|
||||||
passphrase = get_last_passphrase();
|
passphrase = get_last_passphrase();
|
||||||
break;
|
break;
|
||||||
@ -2393,7 +2399,6 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
|
|||||||
if( rc )
|
if( rc )
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
|
|
||||||
algo = ask_algo( 1, &use );
|
algo = ask_algo( 1, &use );
|
||||||
assert(algo);
|
assert(algo);
|
||||||
nbits = ask_keysize( algo );
|
nbits = ask_keysize( algo );
|
||||||
@ -2412,11 +2417,11 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
|
|||||||
}
|
}
|
||||||
|
|
||||||
rc = do_create( algo, nbits, pub_keyblock, sec_keyblock,
|
rc = do_create( algo, nbits, pub_keyblock, sec_keyblock,
|
||||||
dek, s2k, NULL, expire, 1 );
|
dek, s2k, &sub_sk, expire, 1 );
|
||||||
if( !rc )
|
if( !rc )
|
||||||
rc = write_keybinding(pub_keyblock, pub_keyblock, sk, use);
|
rc = write_keybinding(pub_keyblock, pub_keyblock, pri_sk, sub_sk, use);
|
||||||
if( !rc )
|
if( !rc )
|
||||||
rc = write_keybinding(sec_keyblock, pub_keyblock, sk, use);
|
rc = write_keybinding(sec_keyblock, pub_keyblock, pri_sk, sub_sk, use);
|
||||||
if( !rc ) {
|
if( !rc ) {
|
||||||
PKT_public_key *subpk = NULL;
|
PKT_public_key *subpk = NULL;
|
||||||
|
|
||||||
@ -2436,8 +2441,11 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
|
|||||||
m_free( passphrase );
|
m_free( passphrase );
|
||||||
m_free( dek );
|
m_free( dek );
|
||||||
m_free( s2k );
|
m_free( s2k );
|
||||||
if( sk ) /* release the copy of the (now unprotected) secret key */
|
/* release the copy of the (now unprotected) secret keys */
|
||||||
free_secret_key(sk);
|
if( pri_sk )
|
||||||
|
free_secret_key(pri_sk);
|
||||||
|
if( sub_sk )
|
||||||
|
free_secret_key(sub_sk);
|
||||||
set_next_passphrase( NULL );
|
set_next_passphrase( NULL );
|
||||||
return okay;
|
return okay;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user