From fc8d9e474187d4d7ace4fa257d1ea32cdc740e37 Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Fri, 19 Jul 2002 05:08:54 +0000
Subject: [PATCH] * keyedit.c (keyedit_menu, menu_addrevoker): Allow specifying
 "sensitive" as an argument to an addrevoker command.  This sets the 0x40
 sensitive revoker flag.

* revoke.c (gen_desig_revoke): When generating a designated revocation,
include the direct key sig that contains the designated revoker subpacket.
This allows sensitive designated revocation subpackets to be exported.
Also indicate which revokers are sensitive in the first place.
---
 g10/ChangeLog | 12 +++++++++++
 g10/keyedit.c | 16 ++++++++++----
 g10/revoke.c  | 58 +++++++++++++++++++++++++++++++++++++++++++++++++--
 3 files changed, 80 insertions(+), 6 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 630afbd2e..d49c71b96 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,15 @@
+2002-07-18  David Shaw  <dshaw@jabberwocky.com>
+
+	* keyedit.c (keyedit_menu, menu_addrevoker): Allow specifying
+	"sensitive" as an argument to an addrevoker command.  This sets
+	the 0x40 sensitive revoker flag.
+
+	* revoke.c (gen_desig_revoke): When generating a designated
+	revocation, include the direct key sig that contains the
+	designated revoker subpacket.  This allows sensitive designated
+	revocation subpackets to be exported.  Also indicate which
+	revokers are sensitive in the first place.
+
 2002-07-17  David Shaw  <dshaw@jabberwocky.com>
 
 	* keyedit.c (show_key_with_all_names_colon): The 0x40 class bit in
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 8bf4ff2ee..7f298c0a5 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -49,7 +49,8 @@ static int menu_adduid( KBNODE keyblock, KBNODE sec_keyblock, int photo );
 static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock );
 static int  menu_delsig( KBNODE pub_keyblock );
 static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
-static int menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock );
+static int menu_addrevoker( KBNODE pub_keyblock,
+			    KBNODE sec_keyblock, int sensitive );
 static int menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock );
 static int menu_set_primary_uid( KBNODE pub_keyblock, KBNODE sec_keyblock );
 static int menu_set_preferences( KBNODE pub_keyblock, KBNODE sec_keyblock );
@@ -1255,11 +1256,17 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
 	    break;
 
 	  case cmdADDREVOKER:
-	    if( menu_addrevoker( keyblock, sec_keyblock ) ) {
+	    {
+	      int sensitive=0;
+
+	      if(arg_string && ascii_strcasecmp(arg_string,"sensitive")==0)
+		sensitive=1;
+	      if( menu_addrevoker( keyblock, sec_keyblock, sensitive ) ) {
 		redisplay = 1;
 		sec_modified = modified = 1;
 		merge_keys_and_selfsig( sec_keyblock );
 		merge_keys_and_selfsig( keyblock );
+	      }
 	    }
 	    break;
 
@@ -2169,7 +2176,7 @@ menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
  * Return true if there is a new revoker
  */
 static int
-menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock )
+menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
 {
   PKT_public_key *pk=NULL,*revoker_pk=NULL;
   PKT_secret_key *sk=NULL;
@@ -2254,8 +2261,9 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock )
 				"key as a designated revoker? (y/N): "))
 	continue;
 
-      /* todo: handle 0x40 sensitive flag here */
       revkey.class=0x80;
+      if(sensitive)
+	revkey.class|=0x40;
       revkey.algid=revoker_pk->pubkey_algo;
       free_public_key(revoker_pk);
       break;
diff --git a/g10/revoke.c b/g10/revoke.c
index ca67d80e5..af7c32ef4 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -147,7 +147,7 @@ gen_desig_revoke( const char *uname )
 	    char *p;
 	    u32 sk_keyid[2];
 	    PKT_user_id *uid=NULL;
-	    PKT_signature *selfsig=NULL;
+	    PKT_signature *selfsig=NULL,*revsig=NULL;
 
 	    any=1;
 	    keyid_from_sk(sk,sk_keyid);
@@ -172,7 +172,10 @@ gen_desig_revoke( const char *uname )
 	    p = get_user_id( sk_keyid, &n );
 	    tty_print_utf8_string( p, n );
 	    m_free(p);
-	    tty_printf("\n\n");
+	    tty_printf("\n");
+	    if(pk->revkey[i].class&0x40)
+	      tty_printf(_("(This is a sensitive revocation key)\n"));
+	    tty_printf("\n");
 
 	    if( !cpr_get_answer_is_yes("gen_desig_revoke.okay",
 		       _("Create a revocation certificate for this key? ")) )
@@ -225,6 +228,57 @@ gen_desig_revoke( const char *uname )
 	      goto leave;
 	    }
 
+	    /* Include the direct key signature that contains this
+               revocation key.  We're allowed to include sensitive
+               revocation keys along with a revocation, and this may
+               be the only time the recipient has seen it. */
+	    while(!revsig)
+	      {
+		KBNODE signode;
+
+		signode=find_next_kbnode(node,PKT_SIGNATURE);
+		if(!signode)
+		  break;
+
+		node=signode;
+
+		if(keyid[0]==signode->pkt->pkt.signature->keyid[0] &&
+		   keyid[1]==signode->pkt->pkt.signature->keyid[1] &&
+		   IS_KEY_SIG(signode->pkt->pkt.signature))
+		  {
+		    int j;
+
+		    for(j=0;j<signode->pkt->pkt.signature->numrevkeys;j++)
+		      {
+			if(pk->revkey[i].class==
+			   signode->pkt->pkt.signature->revkey[j]->class &&
+			   pk->revkey[i].algid==
+			   signode->pkt->pkt.signature->revkey[j]->algid &&
+			   memcmp(pk->revkey[i].fpr,
+				  signode->pkt->pkt.signature->revkey[j]->fpr,
+				  MAX_FINGERPRINT_LEN)==0)
+			  {
+			    revsig=signode->pkt->pkt.signature;
+			    break;
+			  }
+		      }
+		  }
+	      }
+
+	    if(revsig)
+	      {
+		pkt.pkttype = PKT_SIGNATURE;
+		pkt.pkt.signature = revsig;
+
+		rc = build_packet( out, &pkt );
+		if( rc ) {
+		  log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
+		  goto leave;
+		}
+	      }
+	    else
+	      BUG();
+
 	    init_packet( &pkt );
 	    pkt.pkttype = PKT_SIGNATURE;
 	    pkt.pkt.signature = sig;