security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-10 22:32:02 +01:00
Code Activity

gpg: Improve the new parse_subkey_algostr_usagestr fucntion.

Browse Source 
* g10/keygen.c (parse_usagestr): Allow "cert".
(generate_subkeypair): Factor expire parsing out to ...
(parse_subkey_algostr_usagestr): here.  Rename to ...
(parse_algo_usage_expire): this.  Add arg 'for_subkey'.  Set CERT for
primary key and check that it is not set for subkeys.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-06-02 17:01:54 +02:00
parent 8f2a053a0f
commit dcc4cd8382
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 34 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
g10/keygen.c
View File

@ -51,6 +51,7 @@
is inside the bounds enforced by ask_keysize and gen_xxx. */ is inside the bounds enforced by ask_keysize and gen_xxx. */
#define DEFAULT_STD_ALGO PUBKEY_ALGO_RSA #define DEFAULT_STD_ALGO PUBKEY_ALGO_RSA
#define DEFAULT_STD_KEYSIZE 2048 #define DEFAULT_STD_KEYSIZE 2048
#define DEFAULT_STD_KEYUSE (PUBKEY_USAGE_CERT|PUBKEY_USAGE_SIG)
#define DEFAULT_STD_CURVE NULL #define DEFAULT_STD_CURVE NULL
#define DEFAULT_STD_SUBALGO PUBKEY_ALGO_RSA #define DEFAULT_STD_SUBALGO PUBKEY_ALGO_RSA
#define DEFAULT_STD_SUBKEYSIZE 2048 #define DEFAULT_STD_SUBKEYSIZE 2048
@ -2937,6 +2938,8 @@ parse_usagestr (const char *usagestr)
use |= PUBKEY_USAGE_ENC; use |= PUBKEY_USAGE_ENC;
else if (!ascii_strcasecmp (s, "auth")) else if (!ascii_strcasecmp (s, "auth"))
use |= PUBKEY_USAGE_AUTH; use |= PUBKEY_USAGE_AUTH;
else if (!ascii_strcasecmp (s, "cert"))
use |= PUBKEY_USAGE_CERT;
else else
{ {
xfree (tokens); xfree (tokens);
@ -4316,13 +4319,15 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
gpg_error_t gpg_error_t
parse_subkey_algostr_usagestr (ctrl_t ctrl, const char *algostr, parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
const char *usagestr, const char *algostr, const char *usagestr,
int *r_algo, unsigned int *r_usage, const char *expirestr,
unsigned int *r_nbits, char **r_curve) int *r_algo, unsigned int *r_usage, u32 *r_expire,
unsigned int *r_nbits, char **r_curve)
{ {
int algo; int algo;
unsigned int use, nbits; unsigned int use, nbits;
u32 expire;
int wantuse; int wantuse;
unsigned int min, def, max; unsigned int min, def, max;
const char *curve = NULL; const char *curve = NULL;
@ -4348,7 +4353,7 @@ parse_subkey_algostr_usagestr (ctrl_t ctrl, const char *algostr,
else if (!strncmp (algostr, "rsa", 3)) else if (!strncmp (algostr, "rsa", 3))
{ {
algo = PUBKEY_ALGO_RSA; algo = PUBKEY_ALGO_RSA;
use = DEFAULT_STD_SUBKEYUSE; use = for_subkey? DEFAULT_STD_SUBKEYUSE : DEFAULT_STD_KEYUSE;
if (algostr[3]) if (algostr[3])
nbits = atoi (algostr + 3); nbits = atoi (algostr + 3);
} }
@ -4395,6 +4400,27 @@ parse_subkey_algostr_usagestr (ctrl_t ctrl, const char *algostr,
else else
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
/* Make sure a primary key has the CERT usage. */
if (!for_subkey)
use |= PUBKEY_USAGE_CERT;
/* Check that usage is possible. */
if (/**/((use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT))
&& !pubkey_get_nsig (algo))
|| ((use & PUBKEY_USAGE_ENC)
&& !pubkey_get_nenc (algo))
|| (for_subkey && (use & PUBKEY_USAGE_CERT)))
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
/* Parse the expire string. */
if (!expirestr || !*expirestr || !strcmp (expirestr, "none")
|| !strcmp (expirestr, "never") || !strcmp (expirestr, "-"))
expire = 0;
else
expire = parse_expire_string (expirestr);
if (expire == (u32)-1 )
return gpg_error (GPG_ERR_INV_VALUE);
/* Make sure the keysize is in the allowed range. */ /* Make sure the keysize is in the allowed range. */
get_keysize_range (algo, &min, &def, &max); get_keysize_range (algo, &min, &def, &max);
if (!nbits) if (!nbits)
@ -4414,6 +4440,7 @@ parse_subkey_algostr_usagestr (ctrl_t ctrl, const char *algostr,
} }
*r_algo = algo; *r_algo = algo;
*r_usage = use; *r_usage = use;
*r_expire = expire;
*r_nbits = nbits; *r_nbits = nbits;
return 0; return 0;
} }
@ -4522,31 +4549,10 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
} }
else /* Unattended mode. */ else /* Unattended mode. */
{ {
err = parse_subkey_algostr_usagestr (ctrl, algostr, usagestr, err = parse_algo_usage_expire (ctrl, 1, algostr, usagestr, expirestr,
&algo, &use, &nbits, &curve); &algo, &use, &expire, &nbits, &curve);
if (err) if (err)
goto leave; goto leave;
if (!expirestr || !*expirestr || !strcmp (expirestr, "none")
|| !strcmp (expirestr, "never") || !strcmp (expirestr, "-"))
expire = 0;
else
expire = parse_expire_string (expirestr);
if (expire == (u32)-1 )
{
err = gpg_error (GPG_ERR_INV_VALUE);
goto leave;
}
/* Check that usage is possible. */
if ( ((use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT))
&& !pubkey_get_nsig (algo))
|| ((use & PUBKEY_USAGE_ENC)
&& !pubkey_get_nenc (algo)))
{
err = gpg_error (GPG_ERR_WRONG_KEY_USAGE);
goto leave;
}
} }
if (hexgrip) if (hexgrip)