gpg: Prepare parser for the new attestation certificates.

* common/openpgpdefs.h (SIGSUBPKT_ATTST_SIGS): New.
* g10/keydb.h (IS_ATTST_SIGS): New.
(IS_CERT): Include the new one.
* g10/sign.c (mk_notation_policy_etc): Do not put notations into
attestation key signatures.
* g10/parse-packet.c (dump_sig_subpkt): Add new arg digest_algo.
Print the attestation sigs.
(parse_one_sig_subpkt): Support SIGSUBPKT_ATTST_SIGS.
(can_handle_critical): Ditto.
(enum_sig_subpkt): Pass digest algo to dump_sig_subpkt.
--

This change allows to list the new subpacket with --list-packets.
Example output:

  :signature packet: algo 22, keyid C694723A1370EAB1
          version 4, created 1567097576, md5len 0, sigclass 0x16
          digest algo 8, begin of digest ff 0c
          hashed subpkt 2 len 4 (sig created 2019-08-29)
          hashed subpkt 37 len 32 (attst-sigs: 1
                                   A794C6E9CCFE2F34C67E07[...])
          hashed subpkt 33 len 21 (issuer fpr v4 156A3872[...])
          subpkt 16 len 8 (issuer key ID C694723A1370EAB1)
          data: [256 bits]
          data: [256 bits]

GnuPG-bug-id: 4694
Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 6 insertions, 2 deletions

diff --git a/g10/sign.c b/g10/sign.c
index d71580639..691c3d6d1 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -86,7 +86,9 @@ mk_notation_policy_etc (PKT_signature *sig,
   args.pksk = pksk;
 
   /* Notation data. */
-  if (IS_SIG(sig) && opt.sig_notations)
+  if (IS_ATTST_SIGS(sig))
+    ;
+  else if (IS_SIG(sig) && opt.sig_notations)
     nd = opt.sig_notations;
   else if (IS_CERT(sig) && opt.cert_notations)
     nd = opt.cert_notations;
@@ -113,7 +115,9 @@ mk_notation_policy_etc (PKT_signature *sig,
     }
 
   /* Set policy URL. */
-  if (IS_SIG(sig) && opt.sig_policy_url)
+  if (IS_ATTST_SIGS(sig))
+    ;
+  else if (IS_SIG(sig) && opt.sig_policy_url)
     pu = opt.sig_policy_url;
   else if (IS_CERT(sig) && opt.cert_policy_url)
     pu = opt.cert_policy_url;