1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-08 12:44:23 +01:00

* keygen.c (write_keybinding, do_generate_keypair, generate_subkeypair):

Keep track of the unprotected subkey secret key so we can make a backsig
with it.
This commit is contained in:
David Shaw 2004-03-18 19:43:07 +00:00
parent 8615da464e
commit 8e5f3ce846
2 changed files with 42 additions and 30 deletions

View File

@ -1,5 +1,9 @@
2004-03-18 David Shaw <dshaw@jabberwocky.com> 2004-03-18 David Shaw <dshaw@jabberwocky.com>
* keygen.c (write_keybinding, do_generate_keypair,
generate_subkeypair): Keep track of the unprotected subkey secret
key so we can make a backsig with it.
* keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, * keygen.c (gen_elg, gen_dsa, gen_rsa, do_create,
do_generate_keypair, generate_subkeypair): New is_subkey argument do_generate_keypair, generate_subkeypair): New is_subkey argument
to set whether a generated key is a subkey. Do not overload the to set whether a generated key is a subkey. Do not overload the

View File

@ -1,5 +1,6 @@
/* keygen.c - generate a key pair /* keygen.c - generate a key pair
* Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
* 2004 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -38,7 +39,6 @@
#define MAX_PREFS 30 #define MAX_PREFS 30
enum para_name { enum para_name {
pKEYTYPE, pKEYTYPE,
pKEYLENGTH, pKEYLENGTH,
@ -606,8 +606,10 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_key *sk,
return rc; return rc;
} }
/* sub_sk is currently unused (reserved for backsigs) */
static int static int
write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_key *sk, write_keybinding( KBNODE root, KBNODE pub_root,
PKT_secret_key *pri_sk, PKT_secret_key *sub_sk,
unsigned int use ) unsigned int use )
{ {
PACKET *pkt; PACKET *pkt;
@ -641,7 +643,7 @@ write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_key *sk,
/* and make the signature */ /* and make the signature */
oduap.usage = use; oduap.usage = use;
oduap.pk = subpk; oduap.pk = subpk;
rc = make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0, 0, 0, 0, rc = make_keysig_packet( &sig, pk, NULL, subpk, pri_sk, 0x18, 0, 0, 0, 0,
keygen_add_key_flags_and_expire, &oduap ); keygen_add_key_flags_and_expire, &oduap );
if( rc ) { if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) ); log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
@ -2111,7 +2113,7 @@ do_generate_keypair( struct para_data_s *para,
{ {
KBNODE pub_root = NULL; KBNODE pub_root = NULL;
KBNODE sec_root = NULL; KBNODE sec_root = NULL;
PKT_secret_key *sk = NULL; PKT_secret_key *pri_sk = NULL, *sub_sk = NULL;
const char *s; const char *s;
struct revocation_key *revkey; struct revocation_key *revkey;
int rc; int rc;
@ -2184,14 +2186,14 @@ do_generate_keypair( struct para_data_s *para,
pub_root, sec_root, pub_root, sec_root,
get_parameter_dek( para, pPASSPHRASE_DEK ), get_parameter_dek( para, pPASSPHRASE_DEK ),
get_parameter_s2k( para, pPASSPHRASE_S2K ), get_parameter_s2k( para, pPASSPHRASE_S2K ),
&sk, &pri_sk,
get_parameter_u32( para, pKEYEXPIRE ), 0 ); get_parameter_u32( para, pKEYEXPIRE ), 0 );
if(!rc && (revkey=get_parameter_revkey(para,pREVOKER))) if(!rc && (revkey=get_parameter_revkey(para,pREVOKER)))
{ {
rc=write_direct_sig(pub_root,pub_root,sk,revkey); rc=write_direct_sig(pub_root,pub_root,pri_sk,revkey);
if(!rc) if(!rc)
write_direct_sig(sec_root,pub_root,sk,revkey); write_direct_sig(sec_root,pub_root,pri_sk,revkey);
} }
if( !rc && (s=get_parameter_value(para, pUSERID)) ) { if( !rc && (s=get_parameter_value(para, pUSERID)) ) {
@ -2199,10 +2201,10 @@ do_generate_keypair( struct para_data_s *para,
if( !rc ) if( !rc )
write_uid(sec_root, s ); write_uid(sec_root, s );
if( !rc ) if( !rc )
rc = write_selfsig(pub_root, pub_root, sk, rc = write_selfsig(pub_root, pub_root, pri_sk,
get_parameter_uint (para, pKEYUSAGE)); get_parameter_uint (para, pKEYUSAGE));
if( !rc ) if( !rc )
rc = write_selfsig(sec_root, pub_root, sk, rc = write_selfsig(sec_root, pub_root, pri_sk,
get_parameter_uint (para, pKEYUSAGE)); get_parameter_uint (para, pKEYUSAGE));
} }
@ -2212,14 +2214,14 @@ do_generate_keypair( struct para_data_s *para,
pub_root, sec_root, pub_root, sec_root,
get_parameter_dek( para, pPASSPHRASE_DEK ), get_parameter_dek( para, pPASSPHRASE_DEK ),
get_parameter_s2k( para, pPASSPHRASE_S2K ), get_parameter_s2k( para, pPASSPHRASE_S2K ),
NULL, &sub_sk,
get_parameter_u32( para, pSUBKEYEXPIRE ), 1 ); get_parameter_u32( para, pSUBKEYEXPIRE ), 1 );
if( !rc ) if( !rc )
rc = write_keybinding(pub_root, pub_root, sk, rc = write_keybinding(pub_root, pub_root, pri_sk, sub_sk,
get_parameter_uint (para, pSUBKEYUSAGE)); get_parameter_uint (para, pSUBKEYUSAGE));
if( !rc ) if( !rc )
rc = write_keybinding(sec_root, pub_root, sk, rc = write_keybinding(sec_root, pub_root, pri_sk, sub_sk,
get_parameter_uint (para, pSUBKEYUSAGE)); get_parameter_uint (para, pSUBKEYUSAGE));
did_sub = 1; did_sub = 1;
} }
@ -2322,8 +2324,12 @@ do_generate_keypair( struct para_data_s *para,
} }
release_kbnode( pub_root ); release_kbnode( pub_root );
release_kbnode( sec_root ); release_kbnode( sec_root );
if( sk ) /* the unprotected secret key */
free_secret_key(sk); /* the unprotected secret keys */
if( pri_sk )
free_secret_key(pri_sk);
if( sub_sk )
free_secret_key(sub_sk);
} }
@ -2336,7 +2342,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
{ {
int okay=0, rc=0; int okay=0, rc=0;
KBNODE node; KBNODE node;
PKT_secret_key *sk = NULL; /* this is the primary sk */ PKT_secret_key *pri_sk = NULL, *sub_sk = NULL;
int algo; int algo;
unsigned int use; unsigned int use;
u32 expire; u32 expire;
@ -2354,11 +2360,11 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
} }
/* make a copy of the sk to keep the protected one in the keyblock */ /* make a copy of the sk to keep the protected one in the keyblock */
sk = copy_secret_key( NULL, node->pkt->pkt.secret_key ); pri_sk = copy_secret_key( NULL, node->pkt->pkt.secret_key );
cur_time = make_timestamp(); cur_time = make_timestamp();
if( sk->timestamp > cur_time ) { if( pri_sk->timestamp > cur_time ) {
ulong d = sk->timestamp - cur_time; ulong d = pri_sk->timestamp - cur_time;
log_info( d==1 ? _("key has been created %lu second " log_info( d==1 ? _("key has been created %lu second "
"in future (time warp or clock problem)\n") "in future (time warp or clock problem)\n")
: _("key has been created %lu seconds " : _("key has been created %lu seconds "
@ -2369,14 +2375,14 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
} }
} }
if (sk->version < 4) { if (pri_sk->version < 4) {
log_info (_("NOTE: creating subkeys for v3 keys " log_info (_("NOTE: creating subkeys for v3 keys "
"is not OpenPGP compliant\n")); "is not OpenPGP compliant\n"));
goto leave; goto leave;
} }
/* unprotect to get the passphrase */ /* unprotect to get the passphrase */
switch( is_secret_key_protected( sk ) ) { switch( is_secret_key_protected( pri_sk ) ) {
case -1: case -1:
rc = G10ERR_PUBKEY_ALGO; rc = G10ERR_PUBKEY_ALGO;
break; break;
@ -2385,7 +2391,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
break; break;
default: default:
tty_printf("Key is protected.\n"); tty_printf("Key is protected.\n");
rc = check_secret_key( sk, 0 ); rc = check_secret_key( pri_sk, 0 );
if( !rc ) if( !rc )
passphrase = get_last_passphrase(); passphrase = get_last_passphrase();
break; break;
@ -2393,7 +2399,6 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
if( rc ) if( rc )
goto leave; goto leave;
algo = ask_algo( 1, &use ); algo = ask_algo( 1, &use );
assert(algo); assert(algo);
nbits = ask_keysize( algo ); nbits = ask_keysize( algo );
@ -2412,11 +2417,11 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
} }
rc = do_create( algo, nbits, pub_keyblock, sec_keyblock, rc = do_create( algo, nbits, pub_keyblock, sec_keyblock,
dek, s2k, NULL, expire, 1 ); dek, s2k, &sub_sk, expire, 1 );
if( !rc ) if( !rc )
rc = write_keybinding(pub_keyblock, pub_keyblock, sk, use); rc = write_keybinding(pub_keyblock, pub_keyblock, pri_sk, sub_sk, use);
if( !rc ) if( !rc )
rc = write_keybinding(sec_keyblock, pub_keyblock, sk, use); rc = write_keybinding(sec_keyblock, pub_keyblock, pri_sk, sub_sk, use);
if( !rc ) { if( !rc ) {
PKT_public_key *subpk = NULL; PKT_public_key *subpk = NULL;
@ -2436,8 +2441,11 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
m_free( passphrase ); m_free( passphrase );
m_free( dek ); m_free( dek );
m_free( s2k ); m_free( s2k );
if( sk ) /* release the copy of the (now unprotected) secret key */ /* release the copy of the (now unprotected) secret keys */
free_secret_key(sk); if( pri_sk )
free_secret_key(pri_sk);
if( sub_sk )
free_secret_key(sub_sk);
set_next_passphrase( NULL ); set_next_passphrase( NULL );
return okay; return okay;
} }