security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-07 17:33:02 +01:00
Code Activity

gpg: Fix --quick-add-key for Weierstrass ECC with usage given.

Browse Source 
* g10/keygen.c (adjust_algo_for_ecdh_ecdsa): New.
(parse_algo_usage_expire): Adjust key algo.
--

GnuPG-bug-id: 7506
This commit is contained in:
Werner Koch 2025-02-05 11:03:30 +01:00
parent d70a7987f7
commit c08a3c2484
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
g10/keygen.c
View File

@ -199,6 +199,40 @@ get_default_pubkey_algo (void)
}
/* Depending on the USE some public key algorithms need to be changed.
* In particular this is the case for standard EC curves which may
* have either ECDSA or ECDH as their algo. The function returns the
* new algo if demanded by USE. IF the function can't decide the algo
* is returned as is and it is expected that a letter error check will
* kick in. If no change is required ALGO is returned as is. */
static int
adjust_algo_for_ecdh_ecdsa (int algo, unsigned int use, const char *curve)
{
int needalgo;
if (algo != PUBKEY_ALGO_ECDSA && algo != PUBKEY_ALGO_ECDH)
return algo; /* Not an algo we need to adjust. */
if (!curve || !*curve)
return algo; /* No curve given and thus we can't decide. */
if (!openpgp_is_curve_supported (curve, &needalgo, NULL))
return algo; /* Curve not supported - can't decide. */
if (needalgo)
return algo; /* No need to map the X{25519,488} curves because we
* would also need to change the curve. */
if (algo == PUBKEY_ALGO_ECDH
&& (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT)))
return PUBKEY_ALGO_ECDSA; /* Switch to the signing variant. */
if (algo == PUBKEY_ALGO_ECDSA
&& (use & (PUBKEY_USAGE_ENC)))
return PUBKEY_ALGO_ECDH; /* Switch to the encryption variant. */
return algo; /* Return as is. */
}
static void
print_status_key_created (int letter, PKT_public_key *pk, const char *handle)
{
@ -6204,6 +6238,9 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
return gpg_error (GPG_ERR_INV_VALUE);
}
/* Now do the tricky ECDSA/ECDH adjustment. */
algo = adjust_algo_for_ecdh_ecdsa (algo, use, curve);
/* Make sure a primary key has the CERT usage. */
if (!for_subkey)
use |= PUBKEY_USAGE_CERT;