Line | Count | Source |
1 | | /* export.c - Export keys in the OpenPGP defined format. |
2 | | * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, |
3 | | * 2005, 2010 Free Software Foundation, Inc. |
4 | | * Copyright (C) 1998-2016 Werner Koch |
5 | | * Copyright (C) 2022 g10 Code GmbH |
6 | | * |
7 | | * This file is part of GnuPG. |
8 | | * |
9 | | * GnuPG is free software; you can redistribute it and/or modify |
10 | | * it under the terms of the GNU General Public License as published by |
11 | | * the Free Software Foundation; either version 3 of the License, or |
12 | | * (at your option) any later version. |
13 | | * |
14 | | * GnuPG is distributed in the hope that it will be useful, |
15 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
17 | | * GNU General Public License for more details. |
18 | | * |
19 | | * You should have received a copy of the GNU General Public License |
20 | | * along with this program; if not, see <https://www.gnu.org/licenses/>. |
21 | | */ |
22 | | |
23 | | #include <config.h> |
24 | | #include <stdio.h> |
25 | | #include <stdlib.h> |
26 | | #include <string.h> |
27 | | #include <errno.h> |
28 | | |
29 | | #include "gpg.h" |
30 | | #include "options.h" |
31 | | #include "packet.h" |
32 | | #include "../common/status.h" |
33 | | #include "keydb.h" |
34 | | #include "../common/util.h" |
35 | | #include "main.h" |
36 | | #include "../common/i18n.h" |
37 | | #include "../common/membuf.h" |
38 | | #include "../common/host2net.h" |
39 | | #include "../common/zb32.h" |
40 | | #include "../common/recsel.h" |
41 | | #include "../common/mbox-util.h" |
42 | | #include "../common/init.h" |
43 | | #include "trustdb.h" |
44 | | #include "call-agent.h" |
45 | | #include "key-clean.h" |
46 | | #include "pkglue.h" |
47 | | |
48 | | |
49 | | /* An object to keep track of subkeys. */ |
50 | | struct subkey_list_s |
51 | | { |
52 | | struct subkey_list_s *next; |
53 | | u32 kid[2]; |
54 | | }; |
55 | | typedef struct subkey_list_s *subkey_list_t; |
56 | | |
57 | | |
58 | | /* An object to track statistics for export operations. */ |
59 | | struct export_stats_s |
60 | | { |
61 | | ulong count; /* Number of processed keys. */ |
62 | | ulong secret_count; /* Number of secret keys seen. */ |
63 | | ulong exported; /* Number of actual exported keys. */ |
64 | | }; |
65 | | |
66 | | |
67 | | /* Global variables to store the selectors created from |
68 | | * --export-filter keep-uid=EXPR. |
69 | | * --export-filter drop-subkey=EXPR. |
70 | | * --export-filter select=EXPR. |
71 | | * |
72 | | * FIXME: We should put this into the CTRL object but that requires a |
73 | | * lot more changes right now. |
74 | | */ |
75 | | static recsel_expr_t export_keep_uid; |
76 | | static recsel_expr_t export_drop_subkey; |
77 | | static recsel_expr_t export_select_filter; |
78 | | |
79 | | |
80 | | /* An object used for a linked list to implement the |
81 | | * push_export_filter/pop_export_filters functions. */ |
82 | | struct export_filter_attic_s |
83 | | { |
84 | | struct export_filter_attic_s *next; |
85 | | recsel_expr_t export_keep_uid; |
86 | | recsel_expr_t export_drop_subkey; |
87 | | recsel_expr_t export_select_filter; |
88 | | }; |
89 | | static struct export_filter_attic_s *export_filter_attic; |
90 | | |
91 | | |
92 | | |
93 | | /* Local prototypes. */ |
94 | | static int do_export (ctrl_t ctrl, strlist_t users, int secret, |
95 | | unsigned int options, export_stats_t stats); |
96 | | static int do_export_stream (ctrl_t ctrl, iobuf_t out, |
97 | | strlist_t users, int secret, |
98 | | kbnode_t *keyblock_out, unsigned int options, |
99 | | export_stats_t stats, int *any); |
100 | | static gpg_error_t print_dane_records |
101 | | /**/ (iobuf_t out, kbnode_t keyblock, PKT_public_key *pk, |
102 | | const void *data, size_t datalen); |
103 | | |
104 | | � |
105 | | static void |
106 | | cleanup_export_globals (void) |
107 | 0 | { |
108 | 0 | recsel_release (export_keep_uid); |
109 | 0 | export_keep_uid = NULL; |
110 | 0 | recsel_release (export_drop_subkey); |
111 | 0 | export_drop_subkey = NULL; |
112 | 0 | recsel_release (export_select_filter); |
113 | 0 | export_select_filter = NULL; |
114 | 0 | } |
115 | | |
116 | | |
117 | | /* Option parser for export options. See parse_options for |
118 | | details. */ |
119 | | int |
120 | | parse_export_options(char *str,unsigned int *options,int noisy) |
121 | 0 | { |
122 | 0 | struct parse_options export_opts[]= |
123 | 0 | { |
124 | 0 | {"export-local-sigs",EXPORT_LOCAL_SIGS,NULL, |
125 | 0 | N_("export signatures that are marked as local-only")}, |
126 | 0 | {"export-attributes",EXPORT_ATTRIBUTES,NULL, |
127 | 0 | N_("export attribute user IDs (generally photo IDs)")}, |
128 | 0 | {"export-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL, |
129 | 0 | N_("export revocation keys marked as \"sensitive\"")}, |
130 | 0 | {"export-clean",EXPORT_CLEAN,NULL, |
131 | 0 | N_("remove unusable parts from key during export")}, |
132 | 0 | {"export-realclean",EXPORT_MINIMAL|EXPORT_REALCLEAN|EXPORT_CLEAN,NULL, |
133 | 0 | NULL}, |
134 | 0 | {"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN,NULL, |
135 | 0 | N_("remove as much as possible from key during export")}, |
136 | 0 | {"keep-expired-subkeys",EXPORT_KEEP_EXPIRED,NULL, NULL }, |
137 | |
|
138 | 0 | {"export-dane", EXPORT_DANE_FORMAT, NULL, NULL }, |
139 | |
|
140 | 0 | {"export-revocs", EXPORT_REVOCS, NULL, |
141 | 0 | N_("export only revocation certificates") }, |
142 | |
|
143 | 0 | {"backup", EXPORT_BACKUP, NULL, |
144 | 0 | N_("use the GnuPG key backup format")}, |
145 | 0 | {"export-backup", EXPORT_BACKUP, NULL, NULL }, |
146 | |
|
147 | 0 | {"mode1003", EXPORT_MODE1003, NULL, |
148 | 0 | N_("export secret keys using the GnuPG format") }, |
149 | | |
150 | | /* Aliases for backward compatibility */ |
151 | 0 | {"include-local-sigs",EXPORT_LOCAL_SIGS,NULL,NULL}, |
152 | 0 | {"include-attributes",EXPORT_ATTRIBUTES,NULL,NULL}, |
153 | 0 | {"include-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL,NULL}, |
154 | | /* dummy */ |
155 | 0 | {"export-unusable-sigs",0,NULL,NULL}, |
156 | 0 | {"export-clean-sigs",0,NULL,NULL}, |
157 | 0 | {"export-clean-uids",0,NULL,NULL}, |
158 | 0 | {NULL,0,NULL,NULL} |
159 | | /* add tags for include revoked and disabled? */ |
160 | 0 | }; |
161 | 0 | int rc; |
162 | |
|
163 | 0 | rc = parse_options (str, options, export_opts, noisy); |
164 | 0 | if (!rc) |
165 | 0 | return 0; |
166 | | |
167 | | /* Alter other options we want or don't want for restore. */ |
168 | 0 | if ((*options & EXPORT_BACKUP)) |
169 | 0 | { |
170 | 0 | *options |= (EXPORT_LOCAL_SIGS | EXPORT_ATTRIBUTES |
171 | 0 | | EXPORT_SENSITIVE_REVKEYS); |
172 | 0 | *options &= ~(EXPORT_CLEAN | EXPORT_MINIMAL | EXPORT_REALCLEAN |
173 | 0 | | EXPORT_DANE_FORMAT); |
174 | 0 | } |
175 | |
|
176 | 0 | return rc; |
177 | 0 | } |
178 | | |
179 | | |
180 | | /* Parse and set an export filter from string. STRING has the format |
181 | | * "NAME=EXPR" with NAME being the name of the filter. Spaces before |
182 | | * and after NAME are not allowed. If this function is called several |
183 | | * times all expressions for the same NAME are concatenated. |
184 | | * Supported filter names are: |
185 | | * |
186 | | * - keep-uid :: If the expression evaluates to true for a certain |
187 | | * user ID packet, that packet and all it dependencies |
188 | | * will be exported. The expression may use these |
189 | | * variables: |
190 | | * |
191 | | * - uid :: The entire user ID. |
192 | | * - mbox :: The mail box part of the user ID. |
193 | | * - primary :: Evaluate to true for the primary user ID. |
194 | | * |
195 | | * - drop-subkey :: If the expression evaluates to true for a subkey |
196 | | * packet that subkey and all it dependencies will be |
197 | | * remove from the keyblock. The expression may use these |
198 | | * variables: |
199 | | * |
200 | | * - secret :: 1 for a secret subkey, else 0. |
201 | | * - key_algo :: Public key algorithm id |
202 | | * |
203 | | * - select :: The key is only exported if the filter returns true. |
204 | | */ |
205 | | gpg_error_t |
206 | | parse_and_set_export_filter (const char *string) |
207 | 0 | { |
208 | 0 | gpg_error_t err; |
209 | | |
210 | | /* Auto register the cleanup function. */ |
211 | 0 | register_mem_cleanup_func (cleanup_export_globals); |
212 | |
|
213 | 0 | if (!strncmp (string, "keep-uid=", 9)) |
214 | 0 | err = recsel_parse_expr (&export_keep_uid, string+9); |
215 | 0 | else if (!strncmp (string, "drop-subkey=", 12)) |
216 | 0 | err = recsel_parse_expr (&export_drop_subkey, string+12); |
217 | 0 | else if (!strncmp (string, "select=", 7)) |
218 | 0 | err = recsel_parse_expr (&export_select_filter, string+7); |
219 | 0 | else |
220 | 0 | err = gpg_error (GPG_ERR_INV_NAME); |
221 | |
|
222 | 0 | return err; |
223 | 0 | } |
224 | | |
225 | | |
226 | | /* Push the current export filters onto a stack so that new export |
227 | | * filters can be defined which will be active until the next |
228 | | * pop_export_filters or another push_export_filters. */ |
229 | | void |
230 | | push_export_filters (void) |
231 | 0 | { |
232 | 0 | struct export_filter_attic_s *item; |
233 | |
|
234 | 0 | item = xcalloc (1, sizeof *item); |
235 | 0 | item->export_keep_uid = export_keep_uid; |
236 | 0 | export_keep_uid = NULL; |
237 | 0 | item->export_drop_subkey = export_drop_subkey; |
238 | 0 | export_drop_subkey = NULL; |
239 | 0 | item->export_select_filter = export_select_filter; |
240 | 0 | export_select_filter = NULL; |
241 | 0 | item->next = export_filter_attic; |
242 | 0 | export_filter_attic = item; |
243 | 0 | } |
244 | | |
245 | | |
246 | | /* Revert the last push_export_filters. */ |
247 | | void |
248 | | pop_export_filters (void) |
249 | 0 | { |
250 | 0 | struct export_filter_attic_s *item; |
251 | |
|
252 | 0 | item = export_filter_attic; |
253 | 0 | if (!item) |
254 | 0 | BUG (); /* No corresponding push. */ |
255 | 0 | export_filter_attic = item->next; |
256 | 0 | cleanup_export_globals (); |
257 | 0 | export_keep_uid = item->export_keep_uid; |
258 | 0 | export_drop_subkey = item->export_drop_subkey; |
259 | 0 | export_select_filter = item->export_select_filter; |
260 | 0 | } |
261 | | |
262 | | |
263 | | |
264 | | /* Create a new export stats object initialized to zero. On error |
265 | | returns NULL and sets ERRNO. */ |
266 | | export_stats_t |
267 | | export_new_stats (void) |
268 | 0 | { |
269 | 0 | export_stats_t stats; |
270 | |
|
271 | 0 | return xtrycalloc (1, sizeof *stats); |
272 | 0 | } |
273 | | |
274 | | |
275 | | /* Release an export stats object. */ |
276 | | void |
277 | | export_release_stats (export_stats_t stats) |
278 | 0 | { |
279 | 0 | xfree (stats); |
280 | 0 | } |
281 | | |
282 | | |
283 | | /* Print export statistics using the status interface. */ |
284 | | void |
285 | | export_print_stats (export_stats_t stats) |
286 | 0 | { |
287 | 0 | if (!stats) |
288 | 0 | return; |
289 | | |
290 | 0 | if (is_status_enabled ()) |
291 | 0 | { |
292 | 0 | char buf[15*20]; |
293 | |
|
294 | 0 | snprintf (buf, sizeof buf, "%lu %lu %lu", |
295 | 0 | stats->count, |
296 | 0 | stats->secret_count, |
297 | 0 | stats->exported ); |
298 | 0 | write_status_text (STATUS_EXPORT_RES, buf); |
299 | 0 | } |
300 | 0 | } |
301 | | |
302 | | |
303 | | /* |
304 | | * Export public keys (to stdout or to --output FILE). |
305 | | * |
306 | | * Depending on opt.armor the output is armored. OPTIONS are defined |
307 | | * in main.h. If USERS is NULL, all keys will be exported. STATS is |
308 | | * either an export stats object for update or NULL. |
309 | | * |
310 | | * This function is the core of "gpg --export". |
311 | | */ |
312 | | int |
313 | | export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options, |
314 | | export_stats_t stats) |
315 | 0 | { |
316 | 0 | return do_export (ctrl, users, 0, options, stats); |
317 | 0 | } |
318 | | |
319 | | |
320 | | /* |
321 | | * Export secret keys (to stdout or to --output FILE). |
322 | | * |
323 | | * Depending on opt.armor the output is armored. OPTIONS are defined |
324 | | * in main.h. If USERS is NULL, all secret keys will be exported. |
325 | | * STATS is either an export stats object for update or NULL. |
326 | | * |
327 | | * This function is the core of "gpg --export-secret-keys". |
328 | | */ |
329 | | int |
330 | | export_seckeys (ctrl_t ctrl, strlist_t users, unsigned int options, |
331 | | export_stats_t stats) |
332 | 0 | { |
333 | 0 | return do_export (ctrl, users, 1, options, stats); |
334 | 0 | } |
335 | | |
336 | | |
337 | | /* |
338 | | * Export secret sub keys (to stdout or to --output FILE). |
339 | | * |
340 | | * This is the same as export_seckeys but replaces the primary key by |
341 | | * a stub key. Depending on opt.armor the output is armored. OPTIONS |
342 | | * are defined in main.h. If USERS is NULL, all secret subkeys will |
343 | | * be exported. STATS is either an export stats object for update or |
344 | | * NULL. |
345 | | * |
346 | | * This function is the core of "gpg --export-secret-subkeys". |
347 | | */ |
348 | | int |
349 | | export_secsubkeys (ctrl_t ctrl, strlist_t users, unsigned int options, |
350 | | export_stats_t stats) |
351 | 0 | { |
352 | 0 | return do_export (ctrl, users, 2, options, stats); |
353 | 0 | } |
354 | | |
355 | | |
356 | | /* |
357 | | * Export a single key into a memory buffer. STATS is either an |
358 | | * export stats object for update or NULL. If PREFIX is not NULL |
359 | | * PREFIXLEN bytes from PREFIX are prepended to the R_DATA. |
360 | | */ |
361 | | gpg_error_t |
362 | | export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options, |
363 | | const void *prefix, size_t prefixlen, |
364 | | export_stats_t stats, |
365 | | kbnode_t *r_keyblock, void **r_data, size_t *r_datalen) |
366 | 0 | { |
367 | 0 | gpg_error_t err; |
368 | 0 | iobuf_t iobuf; |
369 | 0 | int any; |
370 | 0 | strlist_t helplist; |
371 | |
|
372 | 0 | *r_keyblock = NULL; |
373 | 0 | *r_data = NULL; |
374 | 0 | *r_datalen = 0; |
375 | |
|
376 | 0 | helplist = NULL; |
377 | 0 | if (!add_to_strlist_try (&helplist, keyspec)) |
378 | 0 | return gpg_error_from_syserror (); |
379 | | |
380 | 0 | iobuf = iobuf_temp (); |
381 | 0 | if (prefix && prefixlen) |
382 | 0 | iobuf_write (iobuf, prefix, prefixlen); |
383 | 0 | err = do_export_stream (ctrl, iobuf, helplist, 0, r_keyblock, options, |
384 | 0 | stats, &any); |
385 | 0 | if (!err && !any) |
386 | 0 | err = gpg_error (GPG_ERR_NOT_FOUND); |
387 | 0 | if (!err) |
388 | 0 | { |
389 | 0 | const void *src; |
390 | 0 | size_t datalen; |
391 | |
|
392 | 0 | iobuf_flush_temp (iobuf); |
393 | 0 | src = iobuf_get_temp_buffer (iobuf); |
394 | 0 | datalen = iobuf_get_temp_length (iobuf); |
395 | 0 | if (!datalen) |
396 | 0 | err = gpg_error (GPG_ERR_NO_PUBKEY); |
397 | 0 | else if (!(*r_data = xtrymalloc (datalen))) |
398 | 0 | err = gpg_error_from_syserror (); |
399 | 0 | else |
400 | 0 | { |
401 | 0 | memcpy (*r_data, src, datalen); |
402 | 0 | *r_datalen = datalen; |
403 | 0 | } |
404 | 0 | } |
405 | 0 | iobuf_close (iobuf); |
406 | 0 | free_strlist (helplist); |
407 | 0 | if (err && *r_keyblock) |
408 | 0 | { |
409 | 0 | release_kbnode (*r_keyblock); |
410 | 0 | *r_keyblock = NULL; |
411 | 0 | } |
412 | 0 | return err; |
413 | 0 | } |
414 | | |
415 | | |
416 | | /* Export the keys identified by the list of strings in USERS. If |
417 | | Secret is false public keys will be exported. With secret true |
418 | | secret keys will be exported; in this case 1 means the entire |
419 | | secret keyblock and 2 only the subkeys. OPTIONS are the export |
420 | | options to apply. */ |
421 | | static int |
422 | | do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options, |
423 | | export_stats_t stats) |
424 | 0 | { |
425 | 0 | IOBUF out = NULL; |
426 | 0 | int any, rc; |
427 | 0 | armor_filter_context_t *afx = NULL; |
428 | |
|
429 | 0 | rc = open_outfile (GNUPG_INVALID_FD, NULL, 0, !!secret, &out); |
430 | 0 | if (rc) |
431 | 0 | return rc; |
432 | | |
433 | 0 | if ( opt.armor && !(options & EXPORT_DANE_FORMAT) ) |
434 | 0 | { |
435 | 0 | afx = new_armor_context (); |
436 | 0 | afx->what = secret? 5 : 1; |
437 | 0 | push_armor_filter (afx, out); |
438 | 0 | } |
439 | |
|
440 | 0 | rc = do_export_stream (ctrl, out, users, secret, NULL, options, stats, &any); |
441 | |
|
442 | 0 | if ( rc || !any ) |
443 | 0 | iobuf_cancel (out); |
444 | 0 | else |
445 | 0 | iobuf_close (out); |
446 | 0 | release_armor_context (afx); |
447 | 0 | return rc; |
448 | 0 | } |
449 | | |
450 | | |
451 | | |
452 | | /* Release an entire subkey list. */ |
453 | | static void |
454 | | release_subkey_list (subkey_list_t list) |
455 | 0 | { |
456 | 0 | while (list) |
457 | 0 | { |
458 | 0 | subkey_list_t tmp = list->next;; |
459 | 0 | xfree (list); |
460 | 0 | list = tmp; |
461 | 0 | } |
462 | 0 | } |
463 | | |
464 | | |
465 | | /* Returns true if NODE is a subkey and contained in LIST. */ |
466 | | static int |
467 | | subkey_in_list_p (subkey_list_t list, KBNODE node) |
468 | 0 | { |
469 | 0 | if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY |
470 | 0 | || node->pkt->pkttype == PKT_SECRET_SUBKEY ) |
471 | 0 | { |
472 | 0 | u32 kid[2]; |
473 | |
|
474 | 0 | keyid_from_pk (node->pkt->pkt.public_key, kid); |
475 | |
|
476 | 0 | for (; list; list = list->next) |
477 | 0 | if (list->kid[0] == kid[0] && list->kid[1] == kid[1]) |
478 | 0 | return 1; |
479 | 0 | } |
480 | 0 | return 0; |
481 | 0 | } |
482 | | |
483 | | /* Allocate a new subkey list item from NODE. */ |
484 | | static subkey_list_t |
485 | | new_subkey_list_item (KBNODE node) |
486 | 0 | { |
487 | 0 | subkey_list_t list = xcalloc (1, sizeof *list); |
488 | |
|
489 | 0 | if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY |
490 | 0 | || node->pkt->pkttype == PKT_SECRET_SUBKEY) |
491 | 0 | keyid_from_pk (node->pkt->pkt.public_key, list->kid); |
492 | |
|
493 | 0 | return list; |
494 | 0 | } |
495 | | |
496 | | |
497 | | /* Helper function to check whether the subkey at NODE actually |
498 | | matches the description at DESC. The function returns true if the |
499 | | key under question has been specified by an exact specification |
500 | | (keyID or fingerprint) and does match the one at NODE. It is |
501 | | assumed that the packet at NODE is either a public or secret |
502 | | subkey. */ |
503 | | int |
504 | | exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, kbnode_t node) |
505 | 0 | { |
506 | 0 | u32 kid[2]; |
507 | 0 | byte fpr[MAX_FINGERPRINT_LEN]; |
508 | 0 | size_t fprlen; |
509 | 0 | int result = 0; |
510 | |
|
511 | 0 | switch(desc->mode) |
512 | 0 | { |
513 | 0 | case KEYDB_SEARCH_MODE_SHORT_KID: |
514 | 0 | case KEYDB_SEARCH_MODE_LONG_KID: |
515 | 0 | keyid_from_pk (node->pkt->pkt.public_key, kid); |
516 | 0 | break; |
517 | | |
518 | 0 | case KEYDB_SEARCH_MODE_FPR: |
519 | 0 | fingerprint_from_pk (node->pkt->pkt.public_key, fpr, &fprlen); |
520 | 0 | break; |
521 | | |
522 | 0 | default: |
523 | 0 | break; |
524 | 0 | } |
525 | | |
526 | 0 | switch(desc->mode) |
527 | 0 | { |
528 | 0 | case KEYDB_SEARCH_MODE_SHORT_KID: |
529 | 0 | if (desc->u.kid[1] == kid[1]) |
530 | 0 | result = 1; |
531 | 0 | break; |
532 | | |
533 | 0 | case KEYDB_SEARCH_MODE_LONG_KID: |
534 | 0 | if (desc->u.kid[0] == kid[0] && desc->u.kid[1] == kid[1]) |
535 | 0 | result = 1; |
536 | 0 | break; |
537 | | |
538 | 0 | case KEYDB_SEARCH_MODE_FPR: |
539 | 0 | if (fprlen == desc->fprlen && !memcmp (desc->u.fpr, fpr, desc->fprlen)) |
540 | 0 | result = 1; |
541 | 0 | break; |
542 | | |
543 | 0 | default: |
544 | 0 | break; |
545 | 0 | } |
546 | | |
547 | 0 | return result; |
548 | 0 | } |
549 | | |
550 | | |
551 | | /* Return an error if the key represented by the S-expression S_KEY |
552 | | * and the OpenPGP key represented by PK do not use the same curve. */ |
553 | | static gpg_error_t |
554 | | match_curve_skey_pk (gcry_sexp_t s_key, PKT_public_key *pk) |
555 | 0 | { |
556 | 0 | gcry_sexp_t curve = NULL; |
557 | 0 | gcry_sexp_t flags = NULL; |
558 | 0 | char *curve_str = NULL; |
559 | 0 | char *flag; |
560 | 0 | const char *oidstr = NULL; |
561 | 0 | gcry_mpi_t curve_as_mpi = NULL; |
562 | 0 | gpg_error_t err; |
563 | 0 | int is_eddsa = 0; |
564 | 0 | int idx = 0; |
565 | |
|
566 | 0 | if (!(pk->pubkey_algo==PUBKEY_ALGO_ECDH |
567 | 0 | || pk->pubkey_algo==PUBKEY_ALGO_ECDSA |
568 | 0 | || pk->pubkey_algo==PUBKEY_ALGO_EDDSA |
569 | 0 | || pk->pubkey_algo==PUBKEY_ALGO_KYBER)) |
570 | 0 | return gpg_error (GPG_ERR_PUBKEY_ALGO); |
571 | | |
572 | 0 | curve = gcry_sexp_find_token (s_key, "curve", 0); |
573 | 0 | if (!curve) |
574 | 0 | { |
575 | 0 | log_error ("no reported curve\n"); |
576 | 0 | return gpg_error (GPG_ERR_UNKNOWN_CURVE); |
577 | 0 | } |
578 | 0 | curve_str = gcry_sexp_nth_string (curve, 1); |
579 | 0 | gcry_sexp_release (curve); curve = NULL; |
580 | 0 | if (!curve_str) |
581 | 0 | { |
582 | 0 | log_error ("no curve name\n"); |
583 | 0 | return gpg_error (GPG_ERR_UNKNOWN_CURVE); |
584 | 0 | } |
585 | 0 | if (!strcmp (curve_str, "Ed448")) |
586 | 0 | is_eddsa = 1; |
587 | 0 | oidstr = openpgp_curve_to_oid (curve_str, NULL, NULL, (pk->version > 4)); |
588 | 0 | if (!oidstr) |
589 | 0 | { |
590 | 0 | log_error ("no OID known for curve '%s'\n", curve_str); |
591 | 0 | xfree (curve_str); |
592 | 0 | return gpg_error (GPG_ERR_UNKNOWN_CURVE); |
593 | 0 | } |
594 | 0 | xfree (curve_str); |
595 | 0 | err = openpgp_oid_from_str (oidstr, &curve_as_mpi); |
596 | 0 | if (err) |
597 | 0 | return err; |
598 | 0 | if (gcry_mpi_cmp (pk->pkey[0], curve_as_mpi)) |
599 | 0 | { |
600 | 0 | log_error ("curves do not match\n"); |
601 | 0 | gcry_mpi_release (curve_as_mpi); |
602 | 0 | return gpg_error (GPG_ERR_INV_CURVE); |
603 | 0 | } |
604 | 0 | gcry_mpi_release (curve_as_mpi); |
605 | 0 | flags = gcry_sexp_find_token (s_key, "flags", 0); |
606 | 0 | if (flags) |
607 | 0 | { |
608 | 0 | for (idx = 1; idx < gcry_sexp_length (flags); idx++) |
609 | 0 | { |
610 | 0 | flag = gcry_sexp_nth_string (flags, idx); |
611 | 0 | if (flag && (strcmp ("eddsa", flag) == 0)) |
612 | 0 | is_eddsa = 1; |
613 | 0 | gcry_free (flag); |
614 | 0 | } |
615 | 0 | } |
616 | 0 | if (is_eddsa != (pk->pubkey_algo == PUBKEY_ALGO_EDDSA)) |
617 | 0 | { |
618 | 0 | log_error ("disagreement about EdDSA\n"); |
619 | 0 | err = gpg_error (GPG_ERR_INV_CURVE); |
620 | 0 | } |
621 | |
|
622 | 0 | return err; |
623 | 0 | } |
624 | | |
625 | | |
626 | | /* Return a canonicalized public key algorithms. This is used to |
627 | | compare different flavors of algorithms (e.g. ELG and ELG_E are |
628 | | considered the same). */ |
629 | | static enum gcry_pk_algos |
630 | | canon_pk_algo (enum gcry_pk_algos algo) |
631 | 0 | { |
632 | 0 | switch (algo) |
633 | 0 | { |
634 | 0 | case GCRY_PK_RSA: |
635 | 0 | case GCRY_PK_RSA_E: |
636 | 0 | case GCRY_PK_RSA_S: return GCRY_PK_RSA; |
637 | 0 | case GCRY_PK_ELG: |
638 | 0 | case GCRY_PK_ELG_E: return GCRY_PK_ELG; |
639 | 0 | case GCRY_PK_ECC: |
640 | 0 | case GCRY_PK_ECDSA: |
641 | 0 | case GCRY_PK_ECDH: return GCRY_PK_ECC; |
642 | 0 | default: return algo; |
643 | 0 | } |
644 | 0 | } |
645 | | |
646 | | |
647 | | /* Take an s-expression with the public and private key and change the |
648 | | * parameter array in PK to include the secret parameters. With |
649 | | * IS_PART2 set the second key from a composite key is merged into PK. */ |
650 | | static gpg_error_t |
651 | | secret_key_to_mode1003 (gcry_sexp_t s_key, PKT_public_key *pk, int is_part2) |
652 | 0 | { |
653 | 0 | gpg_error_t err; |
654 | 0 | gcry_sexp_t list = NULL; |
655 | 0 | gcry_sexp_t l2; |
656 | 0 | enum gcry_pk_algos pk_algo; |
657 | 0 | struct seckey_info *ski; |
658 | 0 | int idx; |
659 | 0 | char *string; |
660 | 0 | size_t npkey, nskey; |
661 | 0 | gcry_mpi_t pub_params[10] = { NULL }; |
662 | | |
663 | | /* We look for a private-key, then the first element in it tells us |
664 | | the type */ |
665 | 0 | list = gcry_sexp_find_token (s_key, "protected-private-key", 0); |
666 | 0 | if (!list) |
667 | 0 | list = gcry_sexp_find_token (s_key, "private-key", 0); |
668 | 0 | if (!list) |
669 | 0 | { |
670 | 0 | err = gpg_error (GPG_ERR_BAD_SECKEY); |
671 | 0 | goto leave; |
672 | 0 | } |
673 | | |
674 | | /* Parse the gcrypt PK algo and check that it is okay. */ |
675 | 0 | l2 = gcry_sexp_cadr (list); |
676 | 0 | if (!l2) |
677 | 0 | { |
678 | 0 | err = gpg_error (GPG_ERR_BAD_SECKEY); |
679 | 0 | goto leave; |
680 | 0 | } |
681 | 0 | gcry_sexp_release (list); |
682 | 0 | list = l2; |
683 | 0 | string = gcry_sexp_nth_string (list, 0); |
684 | 0 | if (!string) |
685 | 0 | { |
686 | 0 | err = gpg_error (GPG_ERR_BAD_SECKEY); |
687 | 0 | goto leave; |
688 | 0 | } |
689 | 0 | pk_algo = gcry_pk_map_name (string); |
690 | 0 | xfree (string); string = NULL; |
691 | 0 | if (gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey) |
692 | 0 | || !npkey) |
693 | 0 | { |
694 | 0 | err = gpg_error (GPG_ERR_BAD_SECKEY); |
695 | 0 | goto leave; |
696 | 0 | } |
697 | | |
698 | | /* Check that the pubkey algo and the received parameters matches |
699 | | * those from the public key. */ |
700 | | |
701 | 0 | switch (canon_pk_algo (pk_algo)) |
702 | 0 | { |
703 | 0 | case GCRY_PK_RSA: |
704 | 0 | if (!is_RSA (pk->pubkey_algo) || npkey != 2) |
705 | 0 | err = gpg_error (GPG_ERR_PUBKEY_ALGO); /* Does not match. */ |
706 | 0 | else |
707 | 0 | err = gcry_sexp_extract_param (list, NULL, "ne", |
708 | 0 | &pub_params[0], |
709 | 0 | &pub_params[1], |
710 | 0 | NULL); |
711 | 0 | break; |
712 | | |
713 | 0 | case GCRY_PK_DSA: |
714 | 0 | if (!is_DSA (pk->pubkey_algo) || npkey != 4) |
715 | 0 | err = gpg_error (GPG_ERR_PUBKEY_ALGO); /* Does not match. */ |
716 | 0 | else |
717 | 0 | err = gcry_sexp_extract_param (list, NULL, "pqgy", |
718 | 0 | &pub_params[0], |
719 | 0 | &pub_params[1], |
720 | 0 | &pub_params[2], |
721 | 0 | &pub_params[3], |
722 | 0 | NULL); |
723 | 0 | break; |
724 | | |
725 | 0 | case GCRY_PK_ELG: |
726 | 0 | if (!is_ELGAMAL (pk->pubkey_algo) || npkey != 3) |
727 | 0 | err = gpg_error (GPG_ERR_PUBKEY_ALGO); /* Does not match. */ |
728 | 0 | else |
729 | 0 | err = gcry_sexp_extract_param (list, NULL, "pgy", |
730 | 0 | &pub_params[0], |
731 | 0 | &pub_params[1], |
732 | 0 | &pub_params[2], |
733 | 0 | NULL); |
734 | 0 | break; |
735 | | |
736 | 0 | case GCRY_PK_ECC: |
737 | 0 | err = 0; |
738 | 0 | if (!(pk->pubkey_algo == PUBKEY_ALGO_ECDSA |
739 | 0 | || pk->pubkey_algo == PUBKEY_ALGO_ECDH |
740 | 0 | || pk->pubkey_algo == PUBKEY_ALGO_EDDSA |
741 | 0 | || pk->pubkey_algo == PUBKEY_ALGO_KYBER)) |
742 | 0 | { |
743 | 0 | err = gpg_error (GPG_ERR_PUBKEY_ALGO); /* Does not match. */ |
744 | 0 | goto leave; |
745 | 0 | } |
746 | 0 | npkey = 2; |
747 | 0 | if (pk->pubkey_algo == PUBKEY_ALGO_ECDH) |
748 | 0 | npkey++; |
749 | | /* Dedicated check of the curve. */ |
750 | 0 | pub_params[0] = NULL; |
751 | 0 | err = match_curve_skey_pk (list, pk); |
752 | 0 | if (err) |
753 | 0 | goto leave; |
754 | | /* ... and of the Q parameter. */ |
755 | 0 | err = sexp_extract_param_sos (list, "q", &pub_params[1]); |
756 | 0 | if (!err && (gcry_mpi_cmp (pk->pkey[1], pub_params[1]))) |
757 | 0 | err = gpg_error (GPG_ERR_BAD_PUBKEY); |
758 | 0 | break; |
759 | | |
760 | 0 | case GCRY_PK_KEM: /* This is Kyber768 or Kyber1024 */ |
761 | 0 | err = 0; |
762 | 0 | if (!(pk->pubkey_algo == PUBKEY_ALGO_KYBER) || !is_part2) |
763 | 0 | { |
764 | | /* The algorithm does not match or this function has not |
765 | | * been called with the flag for the second (Kyber) part. */ |
766 | 0 | err = gpg_error (GPG_ERR_PUBKEY_ALGO); |
767 | 0 | goto leave; |
768 | 0 | } |
769 | 0 | log_assert (npkey == 1); |
770 | 0 | err = gcry_sexp_extract_param (list, NULL, "/p", &pub_params[0], NULL); |
771 | 0 | if (err) |
772 | 0 | goto leave; |
773 | 0 | if (gcry_mpi_cmp (pk->pkey[2], pub_params[0])) |
774 | 0 | { |
775 | 0 | err = gpg_error (GPG_ERR_BAD_PUBKEY); |
776 | 0 | goto leave; |
777 | 0 | } |
778 | 0 | break; |
779 | | |
780 | 0 | default: |
781 | 0 | err = gpg_error (GPG_ERR_PUBKEY_ALGO); /* Unknown. */ |
782 | 0 | break; |
783 | 0 | } |
784 | 0 | if (err) |
785 | 0 | goto leave; |
786 | | |
787 | | /* Check that the public key parameters match. For ECC and Kyber we |
788 | | * already did this in the switch above. */ |
789 | 0 | if (canon_pk_algo (pk_algo) != GCRY_PK_ECC |
790 | 0 | && canon_pk_algo (pk_algo) != GCRY_PK_KEM) |
791 | 0 | { |
792 | 0 | for (idx=0; idx < npkey; idx++) |
793 | 0 | if (gcry_mpi_cmp (pk->pkey[idx], pub_params[idx])) |
794 | 0 | { |
795 | 0 | err = gpg_error (GPG_ERR_BAD_PUBKEY); |
796 | 0 | goto leave; |
797 | 0 | } |
798 | 0 | } |
799 | | |
800 | | /* For ECC+Kyber we need to adjust the npkey. */ |
801 | 0 | if (pk->pubkey_algo == PUBKEY_ALGO_KYBER) |
802 | 0 | npkey = 3; /* ECC + Kyber */ |
803 | | |
804 | | /* Note that we always have just one secret key parameter in |
805 | | * mode1003. That one is the entire s-expression as received from |
806 | | * the agent and thus also includes the public part. For a composite key |
807 | | * both s-expressions are simply concatenated. */ |
808 | 0 | nskey = npkey + 1; |
809 | 0 | if (nskey > PUBKEY_MAX_NSKEY) |
810 | 0 | { |
811 | 0 | err = gpg_error (GPG_ERR_BAD_SECKEY); |
812 | 0 | goto leave; |
813 | 0 | } |
814 | | |
815 | | /* Store the maybe protected secret key as an s-expression. */ |
816 | 0 | if (!is_part2) |
817 | 0 | { |
818 | 0 | pk->seckey_info = ski = xtrycalloc (1, sizeof *ski); |
819 | 0 | if (!ski) |
820 | 0 | { |
821 | 0 | err = gpg_error_from_syserror (); |
822 | 0 | goto leave; |
823 | 0 | } |
824 | 0 | ski->is_protected = 1; |
825 | 0 | ski->s2k.mode = 1003; |
826 | 0 | } |
827 | 0 | else |
828 | 0 | log_assert (pk->seckey_info); |
829 | | |
830 | | /* Store the entire s-expression as the secret parameter. */ |
831 | 0 | if (1) |
832 | 0 | { |
833 | 0 | unsigned char *buf; |
834 | 0 | size_t buflen; |
835 | |
|
836 | 0 | err = make_canon_sexp (s_key, &buf, &buflen); |
837 | 0 | if (err) |
838 | 0 | goto leave; |
839 | 0 | if (is_part2) /* Append secret s-expr to the existing one. */ |
840 | 0 | { |
841 | 0 | char const prefix[] = "(13:composite-key"; |
842 | 0 | unsigned int prefixlen = strlen (prefix); |
843 | 0 | const unsigned char *oldbuf; |
844 | 0 | unsigned int oldbuflen; |
845 | 0 | unsigned char *newbuf; |
846 | |
|
847 | 0 | log_assert (pk->pkey[npkey] && |
848 | 0 | gcry_mpi_get_flag (pk->pkey[npkey], GCRYMPI_FLAG_OPAQUE)); |
849 | 0 | oldbuf = gcry_mpi_get_opaque (pk->pkey[npkey], &oldbuflen); |
850 | 0 | oldbuflen = (oldbuflen +7)/8; /* Fixup bits to bytes */ |
851 | 0 | newbuf = xtrymalloc_secure (prefixlen + oldbuflen + buflen + 1); |
852 | 0 | if (!newbuf) |
853 | 0 | { |
854 | 0 | err = gpg_error_from_syserror (); |
855 | 0 | goto leave; |
856 | 0 | } |
857 | 0 | memcpy (newbuf, prefix, prefixlen); |
858 | 0 | memcpy (newbuf+prefixlen, oldbuf, oldbuflen); |
859 | 0 | memcpy (newbuf+prefixlen+oldbuflen, buf, buflen); |
860 | 0 | newbuf[prefixlen+oldbuflen+buflen] = ')'; /* close prefix */ |
861 | 0 | buf = newbuf; |
862 | 0 | buflen = prefixlen + oldbuflen + buflen + 1; |
863 | 0 | } |
864 | | /* Note that BUF is consumed by gcry_mpi_set_opaque. */ |
865 | 0 | pk->pkey[npkey] = gcry_mpi_set_opaque (NULL, buf, buflen*8); |
866 | 0 | for (idx=npkey+1; idx < PUBKEY_MAX_NSKEY; idx++) |
867 | 0 | pk->pkey[idx] = NULL; |
868 | 0 | } |
869 | | |
870 | 0 | leave: |
871 | 0 | gcry_sexp_release (list); |
872 | 0 | for (idx=0; idx < DIM(pub_params); idx++) |
873 | 0 | gcry_mpi_release (pub_params[idx]); |
874 | 0 | return err; |
875 | 0 | } |
876 | | |
877 | | |
878 | | /* Take a cleartext dump of a secret key in PK and change the |
879 | | * parameter array in PK to include the secret parameters. */ |
880 | | static gpg_error_t |
881 | | cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk) |
882 | 0 | { |
883 | 0 | gpg_error_t err; |
884 | 0 | gcry_sexp_t top_list; |
885 | 0 | gcry_sexp_t key = NULL; |
886 | 0 | char *key_type = NULL; |
887 | 0 | enum gcry_pk_algos pk_algo; |
888 | 0 | struct seckey_info *ski; |
889 | 0 | int idx, sec_start; |
890 | 0 | gcry_mpi_t pub_params[10] = { NULL }; |
891 | | |
892 | | /* we look for a private-key, then the first element in it tells us |
893 | | the type */ |
894 | 0 | top_list = gcry_sexp_find_token (s_key, "private-key", 0); |
895 | 0 | if (!top_list) |
896 | 0 | goto bad_seckey; |
897 | | |
898 | | /* ignore all S-expression after the first sublist -- we assume that |
899 | | they are comments or otherwise irrelevant to OpenPGP */ |
900 | 0 | if (gcry_sexp_length(top_list) < 2) |
901 | 0 | goto bad_seckey; |
902 | 0 | key = gcry_sexp_nth (top_list, 1); |
903 | 0 | if (!key) |
904 | 0 | goto bad_seckey; |
905 | 0 | key_type = gcry_sexp_nth_string(key, 0); |
906 | 0 | pk_algo = gcry_pk_map_name (key_type); |
907 | |
|
908 | 0 | log_assert (!pk->seckey_info); |
909 | | |
910 | 0 | pk->seckey_info = ski = xtrycalloc (1, sizeof *ski); |
911 | 0 | if (!ski) |
912 | 0 | { |
913 | 0 | err = gpg_error_from_syserror (); |
914 | 0 | goto leave; |
915 | 0 | } |
916 | | |
917 | 0 | switch (canon_pk_algo (pk_algo)) |
918 | 0 | { |
919 | 0 | case GCRY_PK_RSA: |
920 | 0 | if (!is_RSA (pk->pubkey_algo)) |
921 | 0 | goto bad_pubkey_algo; |
922 | 0 | err = gcry_sexp_extract_param (key, NULL, "ne", |
923 | 0 | &pub_params[0], |
924 | 0 | &pub_params[1], |
925 | 0 | NULL); |
926 | 0 | for (idx=0; idx < 2 && !err; idx++) |
927 | 0 | if (gcry_mpi_cmp(pk->pkey[idx], pub_params[idx])) |
928 | 0 | err = gpg_error (GPG_ERR_BAD_PUBKEY); |
929 | 0 | if (!err) |
930 | 0 | { |
931 | 0 | for (idx = 2; idx < 6 && !err; idx++) |
932 | 0 | { |
933 | 0 | gcry_mpi_release (pk->pkey[idx]); |
934 | 0 | pk->pkey[idx] = NULL; |
935 | 0 | } |
936 | 0 | err = gcry_sexp_extract_param (key, NULL, "dpqu", |
937 | 0 | &pk->pkey[2], |
938 | 0 | &pk->pkey[3], |
939 | 0 | &pk->pkey[4], |
940 | 0 | &pk->pkey[5], |
941 | 0 | NULL); |
942 | 0 | } |
943 | 0 | if (!err) |
944 | 0 | { |
945 | 0 | for (idx = 2; idx < 6; idx++) |
946 | 0 | ski->csum += checksum_mpi (pk->pkey[idx]); |
947 | 0 | } |
948 | 0 | break; |
949 | | |
950 | 0 | case GCRY_PK_DSA: |
951 | 0 | if (!is_DSA (pk->pubkey_algo)) |
952 | 0 | goto bad_pubkey_algo; |
953 | 0 | err = gcry_sexp_extract_param (key, NULL, "pqgy", |
954 | 0 | &pub_params[0], |
955 | 0 | &pub_params[1], |
956 | 0 | &pub_params[2], |
957 | 0 | &pub_params[3], |
958 | 0 | NULL); |
959 | 0 | for (idx=0; idx < 4 && !err; idx++) |
960 | 0 | if (gcry_mpi_cmp(pk->pkey[idx], pub_params[idx])) |
961 | 0 | err = gpg_error (GPG_ERR_BAD_PUBKEY); |
962 | 0 | if (!err) |
963 | 0 | { |
964 | 0 | gcry_mpi_release (pk->pkey[4]); |
965 | 0 | pk->pkey[4] = NULL; |
966 | 0 | err = gcry_sexp_extract_param (key, NULL, "x", |
967 | 0 | &pk->pkey[4], |
968 | 0 | NULL); |
969 | 0 | } |
970 | 0 | if (!err) |
971 | 0 | ski->csum += checksum_mpi (pk->pkey[4]); |
972 | 0 | break; |
973 | | |
974 | 0 | case GCRY_PK_ELG: |
975 | 0 | if (!is_ELGAMAL (pk->pubkey_algo)) |
976 | 0 | goto bad_pubkey_algo; |
977 | 0 | err = gcry_sexp_extract_param (key, NULL, "pgy", |
978 | 0 | &pub_params[0], |
979 | 0 | &pub_params[1], |
980 | 0 | &pub_params[2], |
981 | 0 | NULL); |
982 | 0 | for (idx=0; idx < 3 && !err; idx++) |
983 | 0 | if (gcry_mpi_cmp(pk->pkey[idx], pub_params[idx])) |
984 | 0 | err = gpg_error (GPG_ERR_BAD_PUBKEY); |
985 | 0 | if (!err) |
986 | 0 | { |
987 | 0 | gcry_mpi_release (pk->pkey[3]); |
988 | 0 | pk->pkey[3] = NULL; |
989 | 0 | err = gcry_sexp_extract_param (key, NULL, "x", |
990 | 0 | &pk->pkey[3], |
991 | 0 | NULL); |
992 | 0 | } |
993 | 0 | if (!err) |
994 | 0 | ski->csum += checksum_mpi (pk->pkey[3]); |
995 | 0 | break; |
996 | | |
997 | 0 | case GCRY_PK_ECC: |
998 | 0 | err = match_curve_skey_pk (key, pk); |
999 | 0 | if (err) |
1000 | 0 | goto leave; |
1001 | 0 | else |
1002 | 0 | err = sexp_extract_param_sos (key, "q", &pub_params[0]); |
1003 | 0 | if (!err && (gcry_mpi_cmp(pk->pkey[1], pub_params[0]))) |
1004 | 0 | err = gpg_error (GPG_ERR_BAD_PUBKEY); |
1005 | |
|
1006 | 0 | sec_start = 2; |
1007 | 0 | if (pk->pubkey_algo == PUBKEY_ALGO_ECDH) |
1008 | 0 | sec_start += 1; |
1009 | 0 | if (!err) |
1010 | 0 | { |
1011 | 0 | gcry_mpi_release (pk->pkey[sec_start]); |
1012 | 0 | pk->pkey[sec_start] = NULL; |
1013 | 0 | err = sexp_extract_param_sos (key, "d", &pk->pkey[sec_start]); |
1014 | 0 | } |
1015 | |
|
1016 | 0 | if (!err) |
1017 | 0 | ski->csum += checksum_mpi (pk->pkey[sec_start]); |
1018 | 0 | break; |
1019 | | |
1020 | 0 | default: |
1021 | 0 | pk->seckey_info = NULL; |
1022 | 0 | xfree (ski); |
1023 | 0 | err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); |
1024 | 0 | break; |
1025 | 0 | } |
1026 | | |
1027 | 0 | leave: |
1028 | 0 | gcry_sexp_release (top_list); |
1029 | 0 | gcry_sexp_release (key); |
1030 | 0 | gcry_free (key_type); |
1031 | |
|
1032 | 0 | for (idx=0; idx < DIM(pub_params); idx++) |
1033 | 0 | gcry_mpi_release (pub_params[idx]); |
1034 | 0 | return err; |
1035 | | |
1036 | 0 | bad_pubkey_algo: |
1037 | 0 | err = gpg_error (GPG_ERR_PUBKEY_ALGO); |
1038 | 0 | goto leave; |
1039 | | |
1040 | 0 | bad_seckey: |
1041 | 0 | err = gpg_error (GPG_ERR_BAD_SECKEY); |
1042 | 0 | goto leave; |
1043 | 0 | } |
1044 | | |
1045 | | |
1046 | | /* Use the key transfer format given in S_PGP to create the secinfo |
1047 | | structure in PK and change the parameter array in PK to include the |
1048 | | secret parameters. */ |
1049 | | static gpg_error_t |
1050 | | transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) |
1051 | 0 | { |
1052 | 0 | gpg_error_t err; |
1053 | 0 | gcry_sexp_t top_list; |
1054 | 0 | gcry_sexp_t list = NULL; |
1055 | 0 | char *curve = NULL; |
1056 | 0 | const char *value; |
1057 | 0 | size_t valuelen; |
1058 | 0 | char *string; |
1059 | 0 | int idx; |
1060 | 0 | int is_v4, is_protected; |
1061 | 0 | enum gcry_pk_algos pk_algo; |
1062 | 0 | int protect_algo = 0; |
1063 | 0 | char iv[16]; |
1064 | 0 | int ivlen = 0; |
1065 | 0 | int s2k_mode = 0; |
1066 | 0 | int s2k_algo = 0; |
1067 | 0 | byte s2k_salt[8]; |
1068 | 0 | u32 s2k_count = 0; |
1069 | 0 | int is_ecdh = 0; |
1070 | 0 | size_t npkey, nskey; |
1071 | 0 | gcry_mpi_t skey[10]; /* We support up to 9 parameters. */ |
1072 | 0 | int skeyidx = 0; |
1073 | 0 | struct seckey_info *ski; |
1074 | | |
1075 | | /* gcry_log_debugsxp ("transferkey", s_pgp); */ |
1076 | 0 | top_list = gcry_sexp_find_token (s_pgp, "openpgp-private-key", 0); |
1077 | 0 | if (!top_list) |
1078 | 0 | goto bad_seckey; |
1079 | | |
1080 | 0 | list = gcry_sexp_find_token (top_list, "version", 0); |
1081 | 0 | if (!list) |
1082 | 0 | goto bad_seckey; |
1083 | 0 | value = gcry_sexp_nth_data (list, 1, &valuelen); |
1084 | 0 | if (!value || valuelen != 1 || !(value[0] == '3' || value[0] == '4')) |
1085 | 0 | goto bad_seckey; |
1086 | 0 | is_v4 = (value[0] == '4'); |
1087 | |
|
1088 | 0 | gcry_sexp_release (list); |
1089 | 0 | list = gcry_sexp_find_token (top_list, "protection", 0); |
1090 | 0 | if (!list) |
1091 | 0 | goto bad_seckey; |
1092 | 0 | value = gcry_sexp_nth_data (list, 1, &valuelen); |
1093 | 0 | if (!value) |
1094 | 0 | goto bad_seckey; |
1095 | 0 | if (valuelen == 4 && !memcmp (value, "sha1", 4)) |
1096 | 0 | is_protected = 2; |
1097 | 0 | else if (valuelen == 3 && !memcmp (value, "sum", 3)) |
1098 | 0 | is_protected = 1; |
1099 | 0 | else if (valuelen == 4 && !memcmp (value, "none", 4)) |
1100 | 0 | is_protected = 0; |
1101 | 0 | else |
1102 | 0 | goto bad_seckey; |
1103 | 0 | if (is_protected) |
1104 | 0 | { |
1105 | 0 | string = gcry_sexp_nth_string (list, 2); |
1106 | 0 | if (!string) |
1107 | 0 | goto bad_seckey; |
1108 | 0 | protect_algo = gcry_cipher_map_name (string); |
1109 | 0 | xfree (string); |
1110 | |
|
1111 | 0 | value = gcry_sexp_nth_data (list, 3, &valuelen); |
1112 | 0 | if (!value || !valuelen || valuelen > sizeof iv) |
1113 | 0 | goto bad_seckey; |
1114 | 0 | memcpy (iv, value, valuelen); |
1115 | 0 | ivlen = valuelen; |
1116 | |
|
1117 | 0 | string = gcry_sexp_nth_string (list, 4); |
1118 | 0 | if (!string) |
1119 | 0 | goto bad_seckey; |
1120 | 0 | s2k_mode = strtol (string, NULL, 10); |
1121 | 0 | xfree (string); |
1122 | |
|
1123 | 0 | string = gcry_sexp_nth_string (list, 5); |
1124 | 0 | if (!string) |
1125 | 0 | goto bad_seckey; |
1126 | 0 | s2k_algo = gcry_md_map_name (string); |
1127 | 0 | xfree (string); |
1128 | |
|
1129 | 0 | value = gcry_sexp_nth_data (list, 6, &valuelen); |
1130 | 0 | if (!value || !valuelen || valuelen > sizeof s2k_salt) |
1131 | 0 | goto bad_seckey; |
1132 | 0 | memcpy (s2k_salt, value, valuelen); |
1133 | |
|
1134 | 0 | string = gcry_sexp_nth_string (list, 7); |
1135 | 0 | if (!string) |
1136 | 0 | goto bad_seckey; |
1137 | 0 | s2k_count = strtoul (string, NULL, 10); |
1138 | 0 | xfree (string); |
1139 | 0 | } |
1140 | | |
1141 | | /* Parse the gcrypt PK algo and check that it is okay. */ |
1142 | 0 | gcry_sexp_release (list); |
1143 | 0 | list = gcry_sexp_find_token (top_list, "algo", 0); |
1144 | 0 | if (!list) |
1145 | 0 | goto bad_seckey; |
1146 | 0 | string = gcry_sexp_nth_string (list, 1); |
1147 | 0 | if (!string) |
1148 | 0 | goto bad_seckey; |
1149 | 0 | pk_algo = gcry_pk_map_name (string); |
1150 | 0 | xfree (string); string = NULL; |
1151 | 0 | if (gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey) |
1152 | 0 | || gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &nskey) |
1153 | 0 | || !npkey || npkey >= nskey) |
1154 | 0 | goto bad_seckey; |
1155 | | |
1156 | | /* Check that the pubkey algo matches the one from the public key. */ |
1157 | 0 | switch (canon_pk_algo (pk_algo)) |
1158 | 0 | { |
1159 | 0 | case GCRY_PK_RSA: |
1160 | 0 | if (!is_RSA (pk->pubkey_algo)) |
1161 | 0 | pk_algo = 0; /* Does not match. */ |
1162 | 0 | break; |
1163 | 0 | case GCRY_PK_DSA: |
1164 | 0 | if (!is_DSA (pk->pubkey_algo)) |
1165 | 0 | pk_algo = 0; /* Does not match. */ |
1166 | 0 | break; |
1167 | 0 | case GCRY_PK_ELG: |
1168 | 0 | if (!is_ELGAMAL (pk->pubkey_algo)) |
1169 | 0 | pk_algo = 0; /* Does not match. */ |
1170 | 0 | break; |
1171 | 0 | case GCRY_PK_ECC: |
1172 | 0 | if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA) |
1173 | 0 | ; |
1174 | 0 | else if (pk->pubkey_algo == PUBKEY_ALGO_ECDH) |
1175 | 0 | is_ecdh = 1; |
1176 | 0 | else if (pk->pubkey_algo == PUBKEY_ALGO_EDDSA) |
1177 | 0 | ; |
1178 | 0 | else |
1179 | 0 | pk_algo = 0; /* Does not match. */ |
1180 | | /* For ECC we do not have the domain parameters thus fix our info. */ |
1181 | 0 | npkey = 1; |
1182 | 0 | nskey = 2; |
1183 | 0 | break; |
1184 | 0 | default: |
1185 | 0 | pk_algo = 0; /* Oops. */ |
1186 | 0 | break; |
1187 | 0 | } |
1188 | 0 | if (!pk_algo) |
1189 | 0 | { |
1190 | 0 | err = gpg_error (GPG_ERR_PUBKEY_ALGO); |
1191 | 0 | goto leave; |
1192 | 0 | } |
1193 | | |
1194 | | /* This check has to go after the ecc adjustments. */ |
1195 | 0 | if (nskey > PUBKEY_MAX_NSKEY) |
1196 | 0 | goto bad_seckey; |
1197 | | |
1198 | | /* Parse the key parameters. */ |
1199 | 0 | gcry_sexp_release (list); |
1200 | 0 | list = gcry_sexp_find_token (top_list, "skey", 0); |
1201 | 0 | if (!list) |
1202 | 0 | goto bad_seckey; |
1203 | 0 | for (idx=0;;) |
1204 | 0 | { |
1205 | 0 | int is_enc; |
1206 | |
|
1207 | 0 | value = gcry_sexp_nth_data (list, ++idx, &valuelen); |
1208 | 0 | if (!value && skeyidx >= npkey) |
1209 | 0 | break; /* Ready. */ |
1210 | | |
1211 | | /* Check for too many parameters. Note that depending on the |
1212 | | protection mode and version number we may see less than NSKEY |
1213 | | (but at least NPKEY+1) parameters. */ |
1214 | 0 | if (idx >= 2*nskey) |
1215 | 0 | goto bad_seckey; |
1216 | 0 | if (skeyidx >= DIM (skey)-1) |
1217 | 0 | goto bad_seckey; |
1218 | | |
1219 | 0 | if (!value || valuelen != 1 || !(value[0] == '_' || value[0] == 'e')) |
1220 | 0 | goto bad_seckey; |
1221 | 0 | is_enc = (value[0] == 'e'); |
1222 | 0 | value = gcry_sexp_nth_data (list, ++idx, &valuelen); |
1223 | 0 | if (!value || !valuelen) |
1224 | 0 | goto bad_seckey; |
1225 | 0 | if (is_enc |
1226 | 0 | || pk->pubkey_algo == PUBKEY_ALGO_ECDSA |
1227 | 0 | || pk->pubkey_algo == PUBKEY_ALGO_EDDSA |
1228 | 0 | || pk->pubkey_algo == PUBKEY_ALGO_ECDH) |
1229 | 0 | { |
1230 | 0 | unsigned int nbits = valuelen*8; |
1231 | 0 | const unsigned char *p = value; |
1232 | |
|
1233 | 0 | if (*p && nbits >= 8 && !(*p & 0x80)) |
1234 | 0 | if (--nbits >= 7 && !(*p & 0x40)) |
1235 | 0 | if (--nbits >= 6 && !(*p & 0x20)) |
1236 | 0 | if (--nbits >= 5 && !(*p & 0x10)) |
1237 | 0 | if (--nbits >= 4 && !(*p & 0x08)) |
1238 | 0 | if (--nbits >= 3 && !(*p & 0x04)) |
1239 | 0 | if (--nbits >= 2 && !(*p & 0x02)) |
1240 | 0 | if (--nbits >= 1 && !(*p & 0x01)) |
1241 | 0 | --nbits; |
1242 | |
|
1243 | 0 | skey[skeyidx] = gcry_mpi_set_opaque_copy (NULL, value, nbits); |
1244 | 0 | if (!skey[skeyidx]) |
1245 | 0 | goto outofmem; |
1246 | 0 | if (is_enc) |
1247 | 0 | gcry_mpi_set_flag (skey[skeyidx], GCRYMPI_FLAG_USER1); |
1248 | 0 | else |
1249 | 0 | gcry_mpi_set_flag (skey[skeyidx], GCRYMPI_FLAG_USER2); |
1250 | 0 | } |
1251 | 0 | else |
1252 | 0 | { |
1253 | 0 | if (gcry_mpi_scan (skey + skeyidx, GCRYMPI_FMT_STD, |
1254 | 0 | value, valuelen, NULL)) |
1255 | 0 | goto bad_seckey; |
1256 | 0 | } |
1257 | 0 | skeyidx++; |
1258 | 0 | } |
1259 | 0 | skey[skeyidx++] = NULL; |
1260 | |
|
1261 | 0 | gcry_sexp_release (list); list = NULL; |
1262 | | |
1263 | | /* We have no need for the CSUM value thus we don't parse it. */ |
1264 | | /* list = gcry_sexp_find_token (top_list, "csum", 0); */ |
1265 | | /* if (list) */ |
1266 | | /* { */ |
1267 | | /* string = gcry_sexp_nth_string (list, 1); */ |
1268 | | /* if (!string) */ |
1269 | | /* goto bad_seckey; */ |
1270 | | /* desired_csum = strtoul (string, NULL, 10); */ |
1271 | | /* xfree (string); */ |
1272 | | /* } */ |
1273 | | /* else */ |
1274 | | /* desired_csum = 0; */ |
1275 | | /* gcry_sexp_release (list); list = NULL; */ |
1276 | | |
1277 | | /* Get the curve name if any, */ |
1278 | 0 | list = gcry_sexp_find_token (top_list, "curve", 0); |
1279 | 0 | if (list) |
1280 | 0 | { |
1281 | 0 | curve = gcry_sexp_nth_string (list, 1); |
1282 | 0 | gcry_sexp_release (list); list = NULL; |
1283 | 0 | } |
1284 | |
|
1285 | 0 | gcry_sexp_release (top_list); top_list = NULL; |
1286 | | |
1287 | | /* log_debug ("XXX is_v4=%d\n", is_v4); */ |
1288 | | /* log_debug ("XXX pubkey_algo=%d\n", pubkey_algo); */ |
1289 | | /* log_debug ("XXX is_protected=%d\n", is_protected); */ |
1290 | | /* log_debug ("XXX protect_algo=%d\n", protect_algo); */ |
1291 | | /* log_printhex ("XXX iv", iv, ivlen); */ |
1292 | | /* log_debug ("XXX ivlen=%d\n", ivlen); */ |
1293 | | /* log_debug ("XXX s2k_mode=%d\n", s2k_mode); */ |
1294 | | /* log_debug ("XXX s2k_algo=%d\n", s2k_algo); */ |
1295 | | /* log_printhex ("XXX s2k_salt", s2k_salt, sizeof s2k_salt); */ |
1296 | | /* log_debug ("XXX s2k_count=%lu\n", (unsigned long)s2k_count); */ |
1297 | | /* for (idx=0; skey[idx]; idx++) */ |
1298 | | /* { */ |
1299 | | /* int is_enc = gcry_mpi_get_flag (skey[idx], GCRYMPI_FLAG_OPAQUE); */ |
1300 | | /* log_info ("XXX skey[%d]%s:", idx, is_enc? " (enc)":""); */ |
1301 | | /* if (is_enc) */ |
1302 | | /* { */ |
1303 | | /* void *p; */ |
1304 | | /* unsigned int nbits; */ |
1305 | | /* p = gcry_mpi_get_opaque (skey[idx], &nbits); */ |
1306 | | /* log_printhex (NULL, p, (nbits+7)/8); */ |
1307 | | /* } */ |
1308 | | /* else */ |
1309 | | /* gcry_mpi_dump (skey[idx]); */ |
1310 | | /* log_printf ("\n"); */ |
1311 | | /* } */ |
1312 | |
|
1313 | 0 | if (!is_v4 || is_protected != 2 ) |
1314 | 0 | { |
1315 | | /* We only support the v4 format and a SHA-1 checksum. */ |
1316 | 0 | err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); |
1317 | 0 | goto leave; |
1318 | 0 | } |
1319 | | |
1320 | | /* We need to change the received parameters for ECC algorithms. |
1321 | | The transfer format has the curve name and the parameters |
1322 | | separate. We put them all into the SKEY array. */ |
1323 | 0 | if (canon_pk_algo (pk_algo) == GCRY_PK_ECC) |
1324 | 0 | { |
1325 | 0 | const char *oidstr; |
1326 | | |
1327 | | /* Assert that all required parameters are available. We also |
1328 | | check that the array does not contain more parameters than |
1329 | | needed (this was used by some beta versions of 2.1. */ |
1330 | 0 | if (!curve || !skey[0] || !skey[1] || skey[2]) |
1331 | 0 | { |
1332 | 0 | err = gpg_error (GPG_ERR_INTERNAL); |
1333 | 0 | goto leave; |
1334 | 0 | } |
1335 | | |
1336 | 0 | oidstr = openpgp_curve_to_oid (curve, NULL, NULL, (pk->version > 4)); |
1337 | 0 | if (!oidstr) |
1338 | 0 | { |
1339 | 0 | log_error ("no OID known for curve '%s'\n", curve); |
1340 | 0 | err = gpg_error (GPG_ERR_UNKNOWN_CURVE); |
1341 | 0 | goto leave; |
1342 | 0 | } |
1343 | | /* Put the curve's OID into the MPI array. This requires |
1344 | | that we shift Q and D. For ECDH also insert the KDF parms. */ |
1345 | 0 | if (is_ecdh) |
1346 | 0 | { |
1347 | 0 | skey[4] = NULL; |
1348 | 0 | skey[3] = skey[1]; |
1349 | 0 | skey[2] = gcry_mpi_copy (pk->pkey[2]); |
1350 | 0 | } |
1351 | 0 | else |
1352 | 0 | { |
1353 | 0 | skey[3] = NULL; |
1354 | 0 | skey[2] = skey[1]; |
1355 | 0 | } |
1356 | 0 | skey[1] = skey[0]; |
1357 | 0 | skey[0] = NULL; |
1358 | 0 | err = openpgp_oid_from_str (oidstr, skey + 0); |
1359 | 0 | if (err) |
1360 | 0 | goto leave; |
1361 | | /* Fixup the NPKEY and NSKEY to match OpenPGP reality. */ |
1362 | 0 | npkey = 2 + is_ecdh; |
1363 | 0 | nskey = 3 + is_ecdh; |
1364 | | |
1365 | | /* for (idx=0; skey[idx]; idx++) */ |
1366 | | /* { */ |
1367 | | /* log_info ("YYY skey[%d]:", idx); */ |
1368 | | /* if (gcry_mpi_get_flag (skey[idx], GCRYMPI_FLAG_OPAQUE)) */ |
1369 | | /* { */ |
1370 | | /* void *p; */ |
1371 | | /* unsigned int nbits; */ |
1372 | | /* p = gcry_mpi_get_opaque (skey[idx], &nbits); */ |
1373 | | /* log_printhex (NULL, p, (nbits+7)/8); */ |
1374 | | /* } */ |
1375 | | /* else */ |
1376 | | /* gcry_mpi_dump (skey[idx]); */ |
1377 | | /* log_printf ("\n"); */ |
1378 | | /* } */ |
1379 | 0 | } |
1380 | | |
1381 | | /* Do some sanity checks. */ |
1382 | 0 | if (s2k_count > 255) |
1383 | 0 | { |
1384 | | /* We expect an already encoded S2K count. */ |
1385 | 0 | err = gpg_error (GPG_ERR_INV_DATA); |
1386 | 0 | goto leave; |
1387 | 0 | } |
1388 | 0 | err = openpgp_cipher_test_algo (protect_algo); |
1389 | 0 | if (err) |
1390 | 0 | goto leave; |
1391 | 0 | err = openpgp_md_test_algo (s2k_algo); |
1392 | 0 | if (err) |
1393 | 0 | goto leave; |
1394 | | |
1395 | | /* Check that the public key parameters match. Note that since |
1396 | | Libgcrypt 1.5 gcry_mpi_cmp handles opaque MPI correctly. */ |
1397 | 0 | for (idx=0; idx < npkey; idx++) |
1398 | 0 | if (gcry_mpi_cmp (pk->pkey[idx], skey[idx])) |
1399 | 0 | { |
1400 | 0 | err = gpg_error (GPG_ERR_BAD_PUBKEY); |
1401 | 0 | goto leave; |
1402 | 0 | } |
1403 | | |
1404 | | /* Check that the first secret key parameter in SKEY is encrypted |
1405 | | and that there are no more secret key parameters. The latter is |
1406 | | guaranteed by the v4 packet format. */ |
1407 | 0 | if (!gcry_mpi_get_flag (skey[npkey], GCRYMPI_FLAG_USER1)) |
1408 | 0 | goto bad_seckey; |
1409 | 0 | if (npkey+1 < DIM (skey) && skey[npkey+1]) |
1410 | 0 | goto bad_seckey; |
1411 | | |
1412 | | /* Check that the secret key parameters in PK are all set to NULL. */ |
1413 | 0 | for (idx=npkey; idx < nskey; idx++) |
1414 | 0 | if (pk->pkey[idx]) |
1415 | 0 | goto bad_seckey; |
1416 | | |
1417 | | /* Now build the protection info. */ |
1418 | 0 | pk->seckey_info = ski = xtrycalloc (1, sizeof *ski); |
1419 | 0 | if (!ski) |
1420 | 0 | { |
1421 | 0 | err = gpg_error_from_syserror (); |
1422 | 0 | goto leave; |
1423 | 0 | } |
1424 | | |
1425 | 0 | ski->is_protected = 1; |
1426 | 0 | ski->sha1chk = 1; |
1427 | 0 | ski->algo = protect_algo; |
1428 | 0 | ski->s2k.mode = s2k_mode; |
1429 | 0 | ski->s2k.hash_algo = s2k_algo; |
1430 | 0 | log_assert (sizeof ski->s2k.salt == sizeof s2k_salt); |
1431 | 0 | memcpy (ski->s2k.salt, s2k_salt, sizeof s2k_salt); |
1432 | 0 | ski->s2k.count = s2k_count; |
1433 | 0 | log_assert (ivlen <= sizeof ski->iv); |
1434 | 0 | memcpy (ski->iv, iv, ivlen); |
1435 | 0 | ski->ivlen = ivlen; |
1436 | | |
1437 | | /* Store the protected secret key parameter. */ |
1438 | 0 | pk->pkey[npkey] = skey[npkey]; |
1439 | 0 | skey[npkey] = NULL; |
1440 | | |
1441 | | /* That's it. */ |
1442 | |
|
1443 | 0 | leave: |
1444 | 0 | gcry_free (curve); |
1445 | 0 | gcry_sexp_release (list); |
1446 | 0 | gcry_sexp_release (top_list); |
1447 | 0 | for (idx=0; idx < skeyidx; idx++) |
1448 | 0 | gcry_mpi_release (skey[idx]); |
1449 | 0 | return err; |
1450 | | |
1451 | 0 | bad_seckey: |
1452 | 0 | err = gpg_error (GPG_ERR_BAD_SECKEY); |
1453 | 0 | goto leave; |
1454 | | |
1455 | 0 | outofmem: |
1456 | 0 | err = gpg_error (GPG_ERR_ENOMEM); |
1457 | 0 | goto leave; |
1458 | 0 | } |
1459 | | |
1460 | | |
1461 | | /* Print an "EXPORTED" status line. PK is the primary public key. */ |
1462 | | void |
1463 | | print_status_exported (PKT_public_key *pk) |
1464 | 0 | { |
1465 | 0 | char *hexfpr; |
1466 | |
|
1467 | 0 | if (!is_status_enabled ()) |
1468 | 0 | return; |
1469 | | |
1470 | 0 | hexfpr = hexfingerprint (pk, NULL, 0); |
1471 | 0 | write_status_text (STATUS_EXPORTED, hexfpr? hexfpr : "[?]"); |
1472 | 0 | xfree (hexfpr); |
1473 | 0 | } |
1474 | | |
1475 | | |
1476 | | /* |
1477 | | * Receive a secret key from agent specified by HEXGRIP. |
1478 | | * |
1479 | | * Since the key data from the agent is encrypted, decrypt it using |
1480 | | * CIPHERHD context. Then, parse the decrypted key data into transfer |
1481 | | * format, and put secret parameters into PK. |
1482 | | * |
1483 | | * If CLEARTEXT is 0, store the secret key material |
1484 | | * passphrase-protected. Otherwise, store secret key material in the |
1485 | | * clear. |
1486 | | * |
1487 | | * If MODE1003 is set, the key is requested in raw GnuPG format from |
1488 | | * the agent. This usually does not require a passphrase unless the |
1489 | | * gpg-agent has not yet used the key and needs to convert it to its |
1490 | | * internal format first. For the second key of a composite key IS_PART2 |
1491 | | * needs to be set. |
1492 | | * |
1493 | | * CACHE_NONCE_ADDR is used to share nonce for multiple key retrievals. |
1494 | | * |
1495 | | * If PK is NULL, the raw key is returned (e.g. for ssh export) at |
1496 | | * R_KEY. CLEARTEXT and CACHE_NONCE_ADDR ared ignored in this case. |
1497 | | */ |
1498 | | gpg_error_t |
1499 | | receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd, |
1500 | | int cleartext, int mode1003, int is_part2, |
1501 | | char **cache_nonce_addr, const char *hexgrip, |
1502 | | PKT_public_key *pk, gcry_sexp_t *r_key) |
1503 | 0 | { |
1504 | 0 | gpg_error_t err = 0; |
1505 | 0 | unsigned char *wrappedkey = NULL; |
1506 | 0 | size_t wrappedkeylen; |
1507 | 0 | unsigned char *key = NULL; |
1508 | 0 | size_t keylen, realkeylen; |
1509 | 0 | gcry_sexp_t s_skey = NULL; |
1510 | 0 | char *prompt; |
1511 | |
|
1512 | 0 | if (r_key) |
1513 | 0 | *r_key = NULL; |
1514 | 0 | if (opt.verbose) |
1515 | 0 | log_info ("key %s: asking agent for the secret parts\n", hexgrip); |
1516 | |
|
1517 | 0 | if (pk) |
1518 | 0 | { |
1519 | 0 | prompt = gpg_format_keydesc (ctrl, pk, FORMAT_KEYDESC_EXPORT, 1); |
1520 | 0 | err = agent_export_key (ctrl, hexgrip, prompt, !cleartext, mode1003, |
1521 | 0 | cache_nonce_addr, |
1522 | 0 | &wrappedkey, &wrappedkeylen, |
1523 | 0 | pk->keyid, pk->main_keyid, pk->pubkey_algo); |
1524 | 0 | } |
1525 | 0 | else |
1526 | 0 | { |
1527 | 0 | prompt = gpg_format_keydesc (ctrl, NULL, FORMAT_KEYDESC_KEYGRIP, 1); |
1528 | 0 | err = agent_export_key (ctrl, hexgrip, prompt, 0, 0, |
1529 | 0 | NULL, |
1530 | 0 | &wrappedkey, &wrappedkeylen, |
1531 | 0 | NULL, NULL, 0); |
1532 | 0 | } |
1533 | 0 | xfree (prompt); |
1534 | |
|
1535 | 0 | if (err) |
1536 | 0 | goto unwraperror; |
1537 | 0 | if (wrappedkeylen < 24) |
1538 | 0 | { |
1539 | 0 | err = gpg_error (GPG_ERR_INV_LENGTH); |
1540 | 0 | goto unwraperror; |
1541 | 0 | } |
1542 | 0 | keylen = wrappedkeylen - 8; |
1543 | 0 | key = xtrymalloc_secure (keylen); |
1544 | 0 | if (!key) |
1545 | 0 | { |
1546 | 0 | err = gpg_error_from_syserror (); |
1547 | 0 | goto unwraperror; |
1548 | 0 | } |
1549 | 0 | err = gcry_cipher_decrypt (cipherhd, key, keylen, wrappedkey, wrappedkeylen); |
1550 | 0 | if (err) |
1551 | 0 | goto unwraperror; |
1552 | 0 | realkeylen = gcry_sexp_canon_len (key, keylen, NULL, &err); |
1553 | 0 | if (!realkeylen) |
1554 | 0 | goto unwraperror; /* Invalid csexp. */ |
1555 | | |
1556 | 0 | err = gcry_sexp_sscan (&s_skey, NULL, key, realkeylen); |
1557 | 0 | if (!err) |
1558 | 0 | { |
1559 | 0 | if (pk && mode1003) |
1560 | 0 | err = secret_key_to_mode1003 (s_skey, pk, is_part2); |
1561 | 0 | else if (pk && cleartext) |
1562 | 0 | err = cleartext_secret_key_to_openpgp (s_skey, pk); |
1563 | 0 | else if (pk) |
1564 | 0 | err = transfer_format_to_openpgp (s_skey, pk); |
1565 | 0 | else if (r_key) |
1566 | 0 | { |
1567 | 0 | *r_key = s_skey; |
1568 | 0 | s_skey = NULL; |
1569 | 0 | } |
1570 | 0 | } |
1571 | |
|
1572 | 0 | unwraperror: |
1573 | 0 | gcry_sexp_release (s_skey); |
1574 | 0 | xfree (key); |
1575 | 0 | xfree (wrappedkey); |
1576 | 0 | if (err) |
1577 | 0 | { |
1578 | 0 | log_error ("key %s: error receiving key from agent:" |
1579 | 0 | " %s%s\n", hexgrip, gpg_strerror (err), |
1580 | 0 | gpg_err_code (err) == GPG_ERR_FULLY_CANCELED? |
1581 | 0 | "":_(" - skipped")); |
1582 | 0 | } |
1583 | 0 | return err; |
1584 | 0 | } |
1585 | | |
1586 | | |
1587 | | /* Write KEYBLOCK either to stdout or to the file set with the |
1588 | | * --output option. This is a simplified version of do_export_stream |
1589 | | * which supports only a few export options. */ |
1590 | | gpg_error_t |
1591 | | write_keyblock_to_output (kbnode_t keyblock, int with_armor, |
1592 | | unsigned int options) |
1593 | 0 | { |
1594 | 0 | gpg_error_t err; |
1595 | 0 | const char *fname; |
1596 | 0 | iobuf_t out; |
1597 | 0 | kbnode_t node; |
1598 | 0 | armor_filter_context_t *afx = NULL; |
1599 | 0 | iobuf_t out_help = NULL; |
1600 | 0 | PKT_public_key *pk = NULL; |
1601 | |
|
1602 | 0 | fname = opt.outfile? opt.outfile : "-"; |
1603 | 0 | if (is_secured_filename (fname) ) |
1604 | 0 | return gpg_error (GPG_ERR_EPERM); |
1605 | | |
1606 | 0 | out = iobuf_create (fname, 0); |
1607 | 0 | if (!out) |
1608 | 0 | { |
1609 | 0 | err = gpg_error_from_syserror (); |
1610 | 0 | log_error(_("can't create '%s': %s\n"), fname, gpg_strerror (err)); |
1611 | 0 | return err; |
1612 | 0 | } |
1613 | 0 | if (opt.verbose) |
1614 | 0 | log_info (_("writing to '%s'\n"), iobuf_get_fname_nonnull (out)); |
1615 | |
|
1616 | 0 | if ((options & EXPORT_DANE_FORMAT)) |
1617 | 0 | { |
1618 | 0 | with_armor = 0; |
1619 | 0 | out_help = iobuf_temp (); |
1620 | 0 | } |
1621 | |
|
1622 | 0 | if (with_armor) |
1623 | 0 | { |
1624 | 0 | afx = new_armor_context (); |
1625 | 0 | afx->what = 1; |
1626 | 0 | push_armor_filter (afx, out); |
1627 | 0 | } |
1628 | |
|
1629 | 0 | for (node = keyblock; node; node = node->next) |
1630 | 0 | { |
1631 | 0 | if (is_deleted_kbnode (node)) |
1632 | 0 | continue; |
1633 | 0 | if (node->pkt->pkttype == PKT_RING_TRUST) |
1634 | 0 | continue; /* Skip - they should not be here anyway. */ |
1635 | | |
1636 | 0 | if (!pk && (node->pkt->pkttype == PKT_PUBLIC_KEY |
1637 | 0 | || node->pkt->pkttype == PKT_SECRET_KEY)) |
1638 | 0 | pk = node->pkt->pkt.public_key; |
1639 | |
|
1640 | 0 | if ((options & EXPORT_BACKUP)) |
1641 | 0 | err = build_packet_and_meta (out_help? out_help : out, node->pkt); |
1642 | 0 | else |
1643 | 0 | err = build_packet (out_help? out_help : out, node->pkt); |
1644 | 0 | if (err) |
1645 | 0 | { |
1646 | 0 | log_error ("build_packet(%d) failed: %s\n", |
1647 | 0 | node->pkt->pkttype, gpg_strerror (err) ); |
1648 | 0 | goto leave; |
1649 | 0 | } |
1650 | 0 | } |
1651 | 0 | err = 0; |
1652 | |
|
1653 | 0 | if (out_help && pk && (options & EXPORT_DANE_FORMAT)) |
1654 | 0 | { |
1655 | 0 | const void *data; |
1656 | 0 | size_t datalen; |
1657 | |
|
1658 | 0 | iobuf_flush_temp (out_help); |
1659 | 0 | data = iobuf_get_temp_buffer (out_help); |
1660 | 0 | datalen = iobuf_get_temp_length (out_help); |
1661 | |
|
1662 | 0 | err = print_dane_records (out, keyblock, pk, data, datalen); |
1663 | 0 | } |
1664 | |
|
1665 | 0 | leave: |
1666 | 0 | if (err) |
1667 | 0 | iobuf_cancel (out); |
1668 | 0 | else |
1669 | 0 | iobuf_close (out); |
1670 | 0 | iobuf_cancel (out_help); |
1671 | 0 | release_armor_context (afx); |
1672 | 0 | return err; |
1673 | 0 | } |
1674 | | |
1675 | | |
1676 | | /* |
1677 | | * Apply the keep-uid filter to the keyblock. The deleted nodes are |
1678 | | * marked and thus the caller should call commit_kbnode afterwards. |
1679 | | * KEYBLOCK must not have any blocks marked as deleted. |
1680 | | */ |
1681 | | static void |
1682 | | apply_keep_uid_filter (ctrl_t ctrl, kbnode_t keyblock, recsel_expr_t selector) |
1683 | 0 | { |
1684 | 0 | kbnode_t node; |
1685 | 0 | struct impex_filter_parm_s parm; |
1686 | |
|
1687 | 0 | parm.ctrl = ctrl; |
1688 | |
|
1689 | 0 | for (node = keyblock->next; node; node = node->next ) |
1690 | 0 | { |
1691 | 0 | if (node->pkt->pkttype == PKT_USER_ID) |
1692 | 0 | { |
1693 | 0 | parm.node = node; |
1694 | 0 | if (!recsel_select (selector, impex_filter_getval, &parm)) |
1695 | 0 | { |
1696 | | /* log_debug ("keep-uid: deleting '%s'\n", */ |
1697 | | /* node->pkt->pkt.user_id->name); */ |
1698 | | /* The UID packet and all following packets up to the |
1699 | | * next UID or a subkey. */ |
1700 | 0 | delete_kbnode (node); |
1701 | 0 | for (; node->next |
1702 | 0 | && node->next->pkt->pkttype != PKT_USER_ID |
1703 | 0 | && node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY |
1704 | 0 | && node->next->pkt->pkttype != PKT_SECRET_SUBKEY ; |
1705 | 0 | node = node->next) |
1706 | 0 | delete_kbnode (node->next); |
1707 | 0 | } |
1708 | | /* else */ |
1709 | | /* log_debug ("keep-uid: keeping '%s'\n", */ |
1710 | | /* node->pkt->pkt.user_id->name); */ |
1711 | 0 | } |
1712 | 0 | } |
1713 | 0 | } |
1714 | | |
1715 | | |
1716 | | /* |
1717 | | * Apply the drop-subkey filter to the keyblock. The deleted nodes are |
1718 | | * marked and thus the caller should call commit_kbnode afterwards. |
1719 | | * KEYBLOCK must not have any blocks marked as deleted. |
1720 | | */ |
1721 | | static void |
1722 | | apply_drop_subkey_filter (ctrl_t ctrl, kbnode_t keyblock, |
1723 | | recsel_expr_t selector) |
1724 | 0 | { |
1725 | 0 | kbnode_t node; |
1726 | 0 | struct impex_filter_parm_s parm; |
1727 | |
|
1728 | 0 | parm.ctrl = ctrl; |
1729 | |
|
1730 | 0 | for (node = keyblock->next; node; node = node->next ) |
1731 | 0 | { |
1732 | 0 | if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY |
1733 | 0 | || node->pkt->pkttype == PKT_SECRET_SUBKEY) |
1734 | 0 | { |
1735 | 0 | parm.node = node; |
1736 | 0 | if (recsel_select (selector, impex_filter_getval, &parm)) |
1737 | 0 | { |
1738 | | /*log_debug ("drop-subkey: deleting a key\n");*/ |
1739 | | /* The subkey packet and all following packets up to the |
1740 | | * next subkey. */ |
1741 | 0 | delete_kbnode (node); |
1742 | 0 | for (; node->next |
1743 | 0 | && node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY |
1744 | 0 | && node->next->pkt->pkttype != PKT_SECRET_SUBKEY ; |
1745 | 0 | node = node->next) |
1746 | 0 | delete_kbnode (node->next); |
1747 | 0 | } |
1748 | 0 | } |
1749 | 0 | } |
1750 | 0 | } |
1751 | | |
1752 | | |
1753 | | /* Print DANErecords for all user IDs in KEYBLOCK to OUT. The data |
1754 | | * for the record is taken from (DATA,DATELEN). PK is the public key |
1755 | | * packet with the primary key. */ |
1756 | | static gpg_error_t |
1757 | | print_dane_records (iobuf_t out, kbnode_t keyblock, PKT_public_key *pk, |
1758 | | const void *data, size_t datalen) |
1759 | 0 | { |
1760 | 0 | gpg_error_t err = 0; |
1761 | 0 | kbnode_t kbctx, node; |
1762 | 0 | PKT_user_id *uid; |
1763 | 0 | char *mbox = NULL; |
1764 | 0 | char hashbuf[32]; |
1765 | 0 | char *hash = NULL; |
1766 | 0 | char *domain; |
1767 | 0 | const char *s; |
1768 | 0 | unsigned int len; |
1769 | 0 | estream_t fp = NULL; |
1770 | 0 | char *hexdata = NULL; |
1771 | 0 | char *hexfpr; |
1772 | |
|
1773 | 0 | hexfpr = hexfingerprint (pk, NULL, 0); |
1774 | 0 | if (!hexfpr) |
1775 | 0 | { |
1776 | 0 | err = gpg_error_from_syserror (); |
1777 | 0 | goto leave; |
1778 | 0 | } |
1779 | 0 | hexdata = bin2hex (data, datalen, NULL); |
1780 | 0 | if (!hexdata) |
1781 | 0 | { |
1782 | 0 | err = gpg_error_from_syserror (); |
1783 | 0 | goto leave; |
1784 | 0 | } |
1785 | 0 | ascii_strlwr (hexdata); |
1786 | 0 | fp = es_fopenmem (0, "rw,samethread"); |
1787 | 0 | if (!fp) |
1788 | 0 | { |
1789 | 0 | err = gpg_error_from_syserror (); |
1790 | 0 | goto leave; |
1791 | 0 | } |
1792 | | |
1793 | 0 | for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));) |
1794 | 0 | { |
1795 | 0 | if (node->pkt->pkttype != PKT_USER_ID) |
1796 | 0 | continue; |
1797 | 0 | uid = node->pkt->pkt.user_id; |
1798 | |
|
1799 | 0 | if (uid->flags.expired || uid->flags.revoked) |
1800 | 0 | continue; |
1801 | | |
1802 | 0 | xfree (mbox); |
1803 | 0 | mbox = mailbox_from_userid (uid->name, 0); |
1804 | 0 | if (!mbox) |
1805 | 0 | continue; |
1806 | | |
1807 | 0 | domain = strchr (mbox, '@'); |
1808 | 0 | *domain++ = 0; |
1809 | |
|
1810 | 0 | if (1) |
1811 | 0 | { |
1812 | 0 | es_fprintf (fp, "$ORIGIN _openpgpkey.%s.\n; %s\n; ", domain, hexfpr); |
1813 | 0 | print_utf8_buffer (fp, uid->name, uid->len); |
1814 | 0 | es_putc ('\n', fp); |
1815 | 0 | gcry_md_hash_buffer (GCRY_MD_SHA256, hashbuf, mbox, strlen (mbox)); |
1816 | 0 | xfree (hash); |
1817 | 0 | hash = bin2hex (hashbuf, 28, NULL); |
1818 | 0 | if (!hash) |
1819 | 0 | { |
1820 | 0 | err = gpg_error_from_syserror (); |
1821 | 0 | goto leave; |
1822 | 0 | } |
1823 | 0 | ascii_strlwr (hash); |
1824 | 0 | len = strlen (hexdata)/2; |
1825 | 0 | es_fprintf (fp, "%s TYPE61 \\# %u (\n", hash, len); |
1826 | 0 | for (s = hexdata; ;) |
1827 | 0 | { |
1828 | 0 | es_fprintf (fp, "\t%.64s\n", s); |
1829 | 0 | if (strlen (s) < 64) |
1830 | 0 | break; |
1831 | 0 | s += 64; |
1832 | 0 | } |
1833 | 0 | es_fputs ("\t)\n\n", fp); |
1834 | 0 | } |
1835 | 0 | } |
1836 | | |
1837 | | /* Make sure it is a string and write it. */ |
1838 | 0 | es_fputc (0, fp); |
1839 | 0 | { |
1840 | 0 | void *vp; |
1841 | |
|
1842 | 0 | if (es_fclose_snatch (fp, &vp, NULL)) |
1843 | 0 | { |
1844 | 0 | err = gpg_error_from_syserror (); |
1845 | 0 | goto leave; |
1846 | 0 | } |
1847 | 0 | fp = NULL; |
1848 | 0 | iobuf_writestr (out, vp); |
1849 | 0 | es_free (vp); |
1850 | 0 | } |
1851 | 0 | err = 0; |
1852 | |
|
1853 | 0 | leave: |
1854 | 0 | xfree (hash); |
1855 | 0 | xfree (mbox); |
1856 | 0 | es_fclose (fp); |
1857 | 0 | xfree (hexdata); |
1858 | 0 | xfree (hexfpr); |
1859 | 0 | return err; |
1860 | 0 | } |
1861 | | |
1862 | | |
1863 | | /* Helper for do_export_stream which writes one keyblock to OUT. */ |
1864 | | static gpg_error_t |
1865 | | do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, |
1866 | | iobuf_t out, int secret, unsigned int options, |
1867 | | export_stats_t stats, int *any, |
1868 | | KEYDB_SEARCH_DESC *desc, size_t ndesc, |
1869 | | size_t descindex, gcry_cipher_hd_t cipherhd) |
1870 | 0 | { |
1871 | 0 | gpg_error_t err = gpg_error (GPG_ERR_NOT_FOUND); |
1872 | 0 | char *cache_nonce = NULL; |
1873 | 0 | subkey_list_t subkey_list = NULL; /* Track already processed subkeys. */ |
1874 | 0 | int skip_until_subkey = 0; |
1875 | 0 | int cleartext = 0; |
1876 | 0 | int cleartext2 = 0; |
1877 | 0 | char *hexgrip = NULL; |
1878 | 0 | char *p; |
1879 | 0 | const char *hexgrip2; |
1880 | 0 | char *serialno = NULL; |
1881 | 0 | char *serialno2 = NULL; |
1882 | 0 | PKT_public_key *pk; |
1883 | 0 | u32 subkidbuf[2], *subkid; |
1884 | 0 | kbnode_t kbctx, node; |
1885 | | |
1886 | | /* NB: walk_kbnode skips packets marked as deleted. */ |
1887 | 0 | for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); ) |
1888 | 0 | { |
1889 | 0 | if (skip_until_subkey) |
1890 | 0 | { |
1891 | 0 | if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) |
1892 | 0 | skip_until_subkey = 0; |
1893 | 0 | else |
1894 | 0 | continue; |
1895 | 0 | } |
1896 | | |
1897 | | /* We used to use comment packets, but not any longer. In |
1898 | | * case we still have comments on a key, strip them here |
1899 | | * before we call build_packet(). */ |
1900 | 0 | if (node->pkt->pkttype == PKT_COMMENT) |
1901 | 0 | continue; |
1902 | | |
1903 | | /* Skip ring trust packets - they should not be here anyway. */ |
1904 | 0 | if (node->pkt->pkttype == PKT_RING_TRUST) |
1905 | 0 | continue; |
1906 | | |
1907 | | /* If exact is set, then we only export what was requested |
1908 | | * (plus the primary key, if the user didn't specifically |
1909 | | * request it). */ |
1910 | 0 | if (desc[descindex].exact && node->pkt->pkttype == PKT_PUBLIC_SUBKEY) |
1911 | 0 | { |
1912 | 0 | if (!exact_subkey_match_p (desc+descindex, node)) |
1913 | 0 | { |
1914 | | /* Before skipping this subkey, check whether any |
1915 | | * other description wants an exact match on a |
1916 | | * subkey and include that subkey into the output |
1917 | | * too. Need to add this subkey to a list so that |
1918 | | * it won't get processed a second time. |
1919 | | * |
1920 | | * So the first step here is to check that list and |
1921 | | * skip in any case if the key is in that list. |
1922 | | * |
1923 | | * We need this whole mess because the import |
1924 | | * function of GnuPG < 2.1 is not able to merge |
1925 | | * secret keys and thus it is useless to output them |
1926 | | * as two separate keys and have import merge them. |
1927 | | */ |
1928 | 0 | if (subkey_in_list_p (subkey_list, node)) |
1929 | 0 | skip_until_subkey = 1; /* Already processed this one. */ |
1930 | 0 | else |
1931 | 0 | { |
1932 | 0 | size_t j; |
1933 | |
|
1934 | 0 | for (j=0; j < ndesc; j++) |
1935 | 0 | if (j != descindex && desc[j].exact |
1936 | 0 | && exact_subkey_match_p (desc+j, node)) |
1937 | 0 | break; |
1938 | 0 | if (!(j < ndesc)) |
1939 | 0 | skip_until_subkey = 1; /* No other one matching. */ |
1940 | 0 | } |
1941 | 0 | } |
1942 | |
|
1943 | 0 | if (skip_until_subkey) |
1944 | 0 | continue; |
1945 | | |
1946 | | /* Mark this one as processed. */ |
1947 | 0 | { |
1948 | 0 | subkey_list_t tmp = new_subkey_list_item (node); |
1949 | 0 | tmp->next = subkey_list; |
1950 | 0 | subkey_list = tmp; |
1951 | 0 | } |
1952 | 0 | } |
1953 | | |
1954 | 0 | if (node->pkt->pkttype == PKT_SIGNATURE) |
1955 | 0 | { |
1956 | | /* Do not export packets which are marked as not |
1957 | | * exportable. */ |
1958 | 0 | if (!(options & EXPORT_LOCAL_SIGS) |
1959 | 0 | && !node->pkt->pkt.signature->flags.exportable) |
1960 | 0 | continue; /* not exportable */ |
1961 | | |
1962 | | /* Do not export packets with a "sensitive" revocation key |
1963 | | * unless the user wants us to. Note that we do export |
1964 | | * these when issuing the actual revocation (see revoke.c). */ |
1965 | 0 | if (!(options & EXPORT_SENSITIVE_REVKEYS) |
1966 | 0 | && node->pkt->pkt.signature->revkey) |
1967 | 0 | { |
1968 | 0 | int i; |
1969 | |
|
1970 | 0 | for (i = 0; i < node->pkt->pkt.signature->numrevkeys; i++) |
1971 | 0 | if ((node->pkt->pkt.signature->revkey[i].class & 0x40)) |
1972 | 0 | break; |
1973 | 0 | if (i < node->pkt->pkt.signature->numrevkeys) |
1974 | 0 | continue; |
1975 | 0 | } |
1976 | 0 | } |
1977 | | |
1978 | | /* Don't export attribs? */ |
1979 | 0 | if (!(options & EXPORT_ATTRIBUTES) |
1980 | 0 | && node->pkt->pkttype == PKT_USER_ID |
1981 | 0 | && node->pkt->pkt.user_id->attrib_data) |
1982 | 0 | { |
1983 | | /* Skip until we get to something that is not an attrib or a |
1984 | | * signature on an attrib. */ |
1985 | 0 | while (kbctx->next && kbctx->next->pkt->pkttype == PKT_SIGNATURE) |
1986 | 0 | kbctx = kbctx->next; |
1987 | |
|
1988 | 0 | continue; |
1989 | 0 | } |
1990 | | |
1991 | 0 | if (secret && (node->pkt->pkttype == PKT_PUBLIC_KEY |
1992 | 0 | || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)) |
1993 | 0 | { |
1994 | 0 | pk = node->pkt->pkt.public_key; |
1995 | 0 | if (node->pkt->pkttype == PKT_PUBLIC_KEY) |
1996 | 0 | subkid = NULL; |
1997 | 0 | else |
1998 | 0 | { |
1999 | 0 | keyid_from_pk (pk, subkidbuf); |
2000 | 0 | subkid = subkidbuf; |
2001 | 0 | } |
2002 | |
|
2003 | 0 | if (pk->seckey_info) |
2004 | 0 | { |
2005 | 0 | log_error ("key %s: oops: seckey_info already set" |
2006 | 0 | " - skipped\n", keystr_with_sub (keyid, subkid)); |
2007 | 0 | skip_until_subkey = 1; |
2008 | 0 | continue; |
2009 | 0 | } |
2010 | | |
2011 | 0 | xfree (hexgrip); |
2012 | 0 | err = hexkeygrip_from_pk (pk, &hexgrip); |
2013 | 0 | if (err) |
2014 | 0 | { |
2015 | 0 | log_error ("key %s: error computing keygrip: %s" |
2016 | 0 | " - skipped\n", keystr_with_sub (keyid, subkid), |
2017 | 0 | gpg_strerror (err)); |
2018 | 0 | skip_until_subkey = 1; |
2019 | 0 | err = 0; |
2020 | 0 | continue; |
2021 | 0 | } |
2022 | | |
2023 | | /* In case of a composite key let hexgrip2 point to the second. */ |
2024 | 0 | if ((p = strchr (hexgrip, ','))) |
2025 | 0 | { |
2026 | 0 | *p = 0; |
2027 | 0 | hexgrip2 = p+1; |
2028 | 0 | } |
2029 | 0 | else |
2030 | 0 | hexgrip2 = NULL; |
2031 | |
|
2032 | 0 | xfree (serialno); |
2033 | 0 | serialno = NULL; |
2034 | 0 | xfree (serialno2); |
2035 | 0 | serialno2 = NULL; |
2036 | 0 | if (secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY) |
2037 | 0 | { |
2038 | | /* We are asked not to export the secret parts of the |
2039 | | * primary key. Make up an error code to create the |
2040 | | * stub. */ |
2041 | 0 | err = GPG_ERR_NOT_FOUND; |
2042 | 0 | } |
2043 | 0 | else |
2044 | 0 | { |
2045 | 0 | err = agent_get_keyinfo (ctrl, hexgrip, &serialno, &cleartext); |
2046 | 0 | if (!err && hexgrip2) |
2047 | 0 | err = agent_get_keyinfo (ctrl,hexgrip2,&serialno2,&cleartext2); |
2048 | 0 | } |
2049 | |
|
2050 | 0 | if (!err && hexgrip2) |
2051 | 0 | { |
2052 | | /* Dual key with two keygrips needs a special case. For |
2053 | | * example, we may have one key on card and the other on |
2054 | | * disk or even both on disk or both on card. There are |
2055 | | * two many combinations and thus we resort to using |
2056 | | * mode1003 which stores both s-expression received from |
2057 | | * gpg-agent in the OpenPGP format (the special 1003 |
2058 | | * mode). That means that they stub is also stored. We |
2059 | | * do this even if both keys are on card. */ |
2060 | 0 | struct seckey_info *ski; |
2061 | |
|
2062 | 0 | if (pk->pubkey_algo != PUBKEY_ALGO_KYBER) |
2063 | 0 | err = gpg_error (GPG_ERR_NOT_SUPPORTED); |
2064 | |
|
2065 | 0 | if (!err) |
2066 | 0 | err = receive_seckey_from_agent (ctrl, cipherhd, |
2067 | 0 | cleartext, |
2068 | 0 | 1, /* Force mode1003 */ |
2069 | 0 | 0, /* First part. */ |
2070 | 0 | &cache_nonce, |
2071 | 0 | hexgrip, pk, NULL); |
2072 | 0 | if (!err) |
2073 | 0 | err = receive_seckey_from_agent (ctrl, cipherhd, |
2074 | 0 | cleartext, |
2075 | 0 | 1, /* Force mode1003 */ |
2076 | 0 | 1, /* Second part. */ |
2077 | 0 | &cache_nonce, |
2078 | 0 | hexgrip2, pk, NULL); |
2079 | |
|
2080 | 0 | if (err) |
2081 | 0 | { |
2082 | | /* If we receive a fully canceled error we stop |
2083 | | * immediately. If we receive a cancel for a public |
2084 | | * key we also stop immediately because a |
2085 | | * public/secret key is always required first If we |
2086 | | * receive a subkey we skip to the next subkey. */ |
2087 | 0 | if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED |
2088 | 0 | || (node->pkt->pkttype == PKT_PUBLIC_KEY |
2089 | 0 | && gpg_err_code (err) == GPG_ERR_CANCELED)) |
2090 | 0 | goto leave; |
2091 | 0 | write_status_error ("export_keys.secret", err); |
2092 | 0 | skip_until_subkey = 1; |
2093 | 0 | err = 0; |
2094 | 0 | } |
2095 | 0 | else |
2096 | 0 | { |
2097 | 0 | pk->seckey_info = ski = xtrycalloc (1, sizeof *ski); |
2098 | 0 | if (!ski) |
2099 | 0 | { |
2100 | 0 | err = gpg_error_from_syserror (); |
2101 | 0 | goto leave; |
2102 | 0 | } |
2103 | | |
2104 | 0 | ski->is_protected = 1; /* Required for mode1003. */ |
2105 | 0 | ski->s2k.mode = 1003; /* Mode 1003. */ |
2106 | |
|
2107 | 0 | if ((options & EXPORT_BACKUP)) |
2108 | 0 | err = build_packet_and_meta (out, node->pkt); |
2109 | 0 | else |
2110 | 0 | err = build_packet (out, node->pkt); |
2111 | 0 | if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) |
2112 | 0 | { |
2113 | 0 | stats->exported++; |
2114 | 0 | if (!(options & EXPORT_NO_STATUS)) |
2115 | 0 | print_status_exported (node->pkt->pkt.public_key); |
2116 | 0 | } |
2117 | 0 | } |
2118 | 0 | } |
2119 | 0 | else if ((!err && (serialno || serialno2)) |
2120 | 0 | && secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY) |
2121 | 0 | { |
2122 | | /* It does not make sense to export a key with its |
2123 | | * primary key on card using a non-key stub. Thus we |
2124 | | * skip those keys when used with --export-secret-subkeys. */ |
2125 | 0 | log_info (_("key %s: key material on-card - skipped\n"), |
2126 | 0 | keystr_with_sub (keyid, subkid)); |
2127 | 0 | skip_until_subkey = 1; |
2128 | 0 | } |
2129 | 0 | else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND |
2130 | 0 | || (!err && serialno)) |
2131 | 0 | { |
2132 | | /* Create a key stub. */ |
2133 | 0 | struct seckey_info *ski; |
2134 | 0 | const char *s; |
2135 | |
|
2136 | 0 | pk->seckey_info = ski = xtrycalloc (1, sizeof *ski); |
2137 | 0 | if (!ski) |
2138 | 0 | { |
2139 | 0 | err = gpg_error_from_syserror (); |
2140 | 0 | goto leave; |
2141 | 0 | } |
2142 | | |
2143 | 0 | ski->is_protected = 1; |
2144 | 0 | if (err) |
2145 | 0 | ski->s2k.mode = 1001; /* GNU dummy (no secret key). */ |
2146 | 0 | else |
2147 | 0 | { |
2148 | 0 | ski->s2k.mode = 1002; /* GNU-divert-to-card. */ |
2149 | 0 | for (s=serialno; sizeof (ski->ivlen) && *s && s[1]; |
2150 | 0 | ski->ivlen++, s += 2) |
2151 | 0 | ski->iv[ski->ivlen] = xtoi_2 (s); |
2152 | 0 | } |
2153 | |
|
2154 | 0 | if ((options & EXPORT_BACKUP)) |
2155 | 0 | err = build_packet_and_meta (out, node->pkt); |
2156 | 0 | else |
2157 | 0 | err = build_packet (out, node->pkt); |
2158 | 0 | if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) |
2159 | 0 | { |
2160 | 0 | stats->exported++; |
2161 | 0 | if (!(options & EXPORT_NO_STATUS)) |
2162 | 0 | print_status_exported (node->pkt->pkt.public_key); |
2163 | 0 | } |
2164 | 0 | } |
2165 | 0 | else if (!err) |
2166 | 0 | { |
2167 | 0 | err = receive_seckey_from_agent (ctrl, cipherhd, |
2168 | 0 | cleartext, |
2169 | 0 | !!(options & EXPORT_MODE1003), |
2170 | 0 | 0, |
2171 | 0 | &cache_nonce, |
2172 | 0 | hexgrip, pk, NULL); |
2173 | 0 | if (err) |
2174 | 0 | { |
2175 | | /* If we receive a fully canceled error we stop |
2176 | | * immediately. If we receive a cancel for a public |
2177 | | * key we also stop immediately because a |
2178 | | * public/secret key is always required first |
2179 | | * (right, we could instead write a stub key but |
2180 | | * that is also kind of surprising). If we receive |
2181 | | * a subkey we skip to the next subkey. */ |
2182 | 0 | if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED |
2183 | 0 | || (node->pkt->pkttype == PKT_PUBLIC_KEY |
2184 | 0 | && gpg_err_code (err) == GPG_ERR_CANCELED)) |
2185 | 0 | goto leave; |
2186 | 0 | write_status_error ("export_keys.secret", err); |
2187 | 0 | skip_until_subkey = 1; |
2188 | 0 | err = 0; |
2189 | 0 | } |
2190 | 0 | else |
2191 | 0 | { |
2192 | 0 | if ((options & EXPORT_BACKUP)) |
2193 | 0 | err = build_packet_and_meta (out, node->pkt); |
2194 | 0 | else |
2195 | 0 | err = build_packet (out, node->pkt); |
2196 | 0 | if (node->pkt->pkttype == PKT_PUBLIC_KEY) |
2197 | 0 | { |
2198 | 0 | stats->exported++; |
2199 | 0 | if (!(options & EXPORT_NO_STATUS)) |
2200 | 0 | print_status_exported (node->pkt->pkt.public_key); |
2201 | 0 | } |
2202 | 0 | } |
2203 | 0 | } |
2204 | 0 | else |
2205 | 0 | { |
2206 | 0 | log_error ("key %s: error getting keyinfo from agent: %s" |
2207 | 0 | " - skipped\n", keystr_with_sub (keyid, subkid), |
2208 | 0 | gpg_strerror (err)); |
2209 | 0 | skip_until_subkey = 1; |
2210 | 0 | err = 0; |
2211 | 0 | } |
2212 | | |
2213 | 0 | xfree (pk->seckey_info); |
2214 | 0 | pk->seckey_info = NULL; |
2215 | 0 | { |
2216 | 0 | int i; |
2217 | 0 | for (i = pubkey_get_npkey (pk->pubkey_algo); |
2218 | 0 | i < pubkey_get_nskey (pk->pubkey_algo); i++) |
2219 | 0 | { |
2220 | 0 | gcry_mpi_release (pk->pkey[i]); |
2221 | 0 | pk->pkey[i] = NULL; |
2222 | 0 | } |
2223 | 0 | } |
2224 | 0 | } |
2225 | 0 | else /* Not secret or common packets. */ |
2226 | 0 | { |
2227 | 0 | if ((options & EXPORT_BACKUP)) |
2228 | 0 | err = build_packet_and_meta (out, node->pkt); |
2229 | 0 | else |
2230 | 0 | err = build_packet (out, node->pkt); |
2231 | 0 | if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) |
2232 | 0 | { |
2233 | 0 | stats->exported++; |
2234 | 0 | if (!(options & EXPORT_NO_STATUS)) |
2235 | 0 | print_status_exported (node->pkt->pkt.public_key); |
2236 | 0 | } |
2237 | 0 | } |
2238 | | |
2239 | | |
2240 | 0 | if (err) |
2241 | 0 | { |
2242 | 0 | log_error ("build_packet(%d) failed: %s\n", |
2243 | 0 | node->pkt->pkttype, gpg_strerror (err)); |
2244 | 0 | goto leave; |
2245 | 0 | } |
2246 | | |
2247 | 0 | if (!skip_until_subkey) |
2248 | 0 | *any = 1; |
2249 | 0 | } |
2250 | | |
2251 | 0 | leave: |
2252 | 0 | release_subkey_list (subkey_list); |
2253 | 0 | xfree (serialno); |
2254 | 0 | xfree (serialno2); |
2255 | 0 | xfree (hexgrip); |
2256 | 0 | xfree (cache_nonce); |
2257 | 0 | return err; |
2258 | 0 | } |
2259 | | |
2260 | | |
2261 | | /* Helper for do_export_stream which writes the own revocations |
2262 | | * certificates (if any) from KEYBLOCK to OUT. */ |
2263 | | static gpg_error_t |
2264 | | do_export_revocs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, |
2265 | | iobuf_t out, unsigned int options, int *any) |
2266 | 0 | { |
2267 | 0 | gpg_error_t err = 0; |
2268 | 0 | kbnode_t kbctx, node; |
2269 | 0 | PKT_signature *sig; |
2270 | |
|
2271 | 0 | (void)ctrl; |
2272 | | |
2273 | | /* NB: walk_kbnode skips packets marked as deleted. */ |
2274 | 0 | for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); ) |
2275 | 0 | { |
2276 | 0 | if (node->pkt->pkttype != PKT_SIGNATURE) |
2277 | 0 | continue; |
2278 | 0 | sig = node->pkt->pkt.signature; |
2279 | | |
2280 | | /* We are only interested in revocation certificates. */ |
2281 | 0 | if (!(IS_KEY_REV (sig) || IS_UID_REV (sig) || IS_SUBKEY_REV (sig))) |
2282 | 0 | continue; |
2283 | | |
2284 | 0 | if (!(sig->keyid[0] == keyid[0] && sig->keyid[1] == keyid[1])) |
2285 | 0 | continue; /* Not a self-signature. */ |
2286 | | |
2287 | | /* Do not export signature packets which are marked as not |
2288 | | * exportable. */ |
2289 | 0 | if (!(options & EXPORT_LOCAL_SIGS) |
2290 | 0 | && !sig->flags.exportable) |
2291 | 0 | continue; /* not exportable */ |
2292 | | |
2293 | | /* Do not export packets with a "sensitive" revocation key |
2294 | | * unless the user wants us to. */ |
2295 | 0 | if (!(options & EXPORT_SENSITIVE_REVKEYS) |
2296 | 0 | && sig->revkey) |
2297 | 0 | { |
2298 | 0 | int i; |
2299 | |
|
2300 | 0 | for (i = 0; i < sig->numrevkeys; i++) |
2301 | 0 | if ((sig->revkey[i].class & 0x40)) |
2302 | 0 | break; |
2303 | 0 | if (i < sig->numrevkeys) |
2304 | 0 | continue; |
2305 | 0 | } |
2306 | | |
2307 | 0 | if (!sig->flags.checked) |
2308 | 0 | { |
2309 | 0 | log_info ("signature not marked as checked - ignored\n"); |
2310 | 0 | continue; |
2311 | 0 | } |
2312 | 0 | if (!sig->flags.valid) |
2313 | 0 | { |
2314 | 0 | log_info ("signature not not valid - ignored\n"); |
2315 | 0 | continue; |
2316 | 0 | } |
2317 | | |
2318 | 0 | err = build_packet (out, node->pkt); |
2319 | 0 | if (err) |
2320 | 0 | { |
2321 | 0 | log_error ("build_packet(%d) failed: %s\n", |
2322 | 0 | node->pkt->pkttype, gpg_strerror (err)); |
2323 | 0 | goto leave; |
2324 | 0 | } |
2325 | 0 | *any = 1; |
2326 | 0 | } |
2327 | | |
2328 | 0 | leave: |
2329 | 0 | return err; |
2330 | 0 | } |
2331 | | |
2332 | | |
2333 | | /* For secret key export we need to setup a decryption context. |
2334 | | * Returns 0 and the context at r_cipherhd. */ |
2335 | | static gpg_error_t |
2336 | | get_keywrap_key (ctrl_t ctrl, gcry_cipher_hd_t *r_cipherhd) |
2337 | 0 | { |
2338 | | #ifdef ENABLE_SELINUX_HACKS |
2339 | | (void)ctrl; |
2340 | | *r_cipherhd = NULL; |
2341 | | log_error (_("exporting secret keys not allowed\n")); |
2342 | | return gpg_error (GPG_ERR_NOT_SUPPORTED); |
2343 | | #else |
2344 | 0 | gpg_error_t err; |
2345 | 0 | void *kek = NULL; |
2346 | 0 | size_t keklen; |
2347 | 0 | gcry_cipher_hd_t cipherhd; |
2348 | |
|
2349 | 0 | *r_cipherhd = NULL; |
2350 | |
|
2351 | 0 | err = agent_keywrap_key (ctrl, 1, &kek, &keklen); |
2352 | 0 | if (err) |
2353 | 0 | { |
2354 | 0 | log_error ("error getting the KEK: %s\n", gpg_strerror (err)); |
2355 | 0 | return err; |
2356 | 0 | } |
2357 | | |
2358 | 0 | err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128, |
2359 | 0 | GCRY_CIPHER_MODE_AESWRAP, 0); |
2360 | 0 | if (!err) |
2361 | 0 | err = gcry_cipher_setkey (cipherhd, kek, keklen); |
2362 | 0 | if (err) |
2363 | 0 | log_error ("error setting up an encryption context: %s\n", |
2364 | 0 | gpg_strerror (err)); |
2365 | |
|
2366 | 0 | if (!err) |
2367 | 0 | *r_cipherhd = cipherhd; |
2368 | 0 | else |
2369 | 0 | gcry_cipher_close (cipherhd); |
2370 | 0 | xfree (kek); |
2371 | 0 | return err; |
2372 | 0 | #endif |
2373 | 0 | } |
2374 | | |
2375 | | |
2376 | | /* Export the keys identified by the list of strings in USERS to the |
2377 | | stream OUT. If SECRET is false public keys will be exported. With |
2378 | | secret true secret keys will be exported; in this case 1 means the |
2379 | | entire secret keyblock and 2 only the subkeys. OPTIONS are the |
2380 | | export options to apply. If KEYBLOCK_OUT is not NULL, AND the exit |
2381 | | code is zero, a pointer to the first keyblock found and exported |
2382 | | will be stored at this address; no other keyblocks are exported in |
2383 | | this case. The caller must free the returned keyblock. If any |
2384 | | key has been exported true is stored at ANY. */ |
2385 | | static int |
2386 | | do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, |
2387 | | kbnode_t *keyblock_out, unsigned int options, |
2388 | | export_stats_t stats, int *any) |
2389 | 0 | { |
2390 | 0 | gpg_error_t err = 0; |
2391 | 0 | PACKET pkt; |
2392 | 0 | kbnode_t keyblock = NULL; |
2393 | 0 | kbnode_t node; |
2394 | 0 | size_t ndesc, descindex; |
2395 | 0 | KEYDB_SEARCH_DESC *desc = NULL; |
2396 | 0 | KEYDB_HANDLE kdbhd; |
2397 | 0 | strlist_t sl; |
2398 | 0 | gcry_cipher_hd_t cipherhd = NULL; |
2399 | 0 | struct export_stats_s dummystats; |
2400 | 0 | iobuf_t out_help = NULL; |
2401 | |
|
2402 | 0 | if (!stats) |
2403 | 0 | stats = &dummystats; |
2404 | 0 | *any = 0; |
2405 | 0 | init_packet (&pkt); |
2406 | 0 | kdbhd = keydb_new (ctrl); |
2407 | 0 | if (!kdbhd) |
2408 | 0 | return gpg_error_from_syserror (); |
2409 | | |
2410 | | /* For the DANE format open a helper iobuf and |
2411 | | * enforce some options. */ |
2412 | 0 | if ((options & EXPORT_DANE_FORMAT)) |
2413 | 0 | { |
2414 | 0 | out_help = iobuf_temp (); |
2415 | 0 | options |= EXPORT_MINIMAL | EXPORT_CLEAN; |
2416 | 0 | } |
2417 | |
|
2418 | 0 | if (!users) |
2419 | 0 | { |
2420 | 0 | ndesc = 1; |
2421 | 0 | desc = xcalloc (ndesc, sizeof *desc); |
2422 | 0 | desc[0].mode = KEYDB_SEARCH_MODE_FIRST; |
2423 | 0 | } |
2424 | 0 | else |
2425 | 0 | { |
2426 | 0 | for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) |
2427 | 0 | ; |
2428 | 0 | desc = xmalloc ( ndesc * sizeof *desc); |
2429 | |
|
2430 | 0 | for (ndesc=0, sl=users; sl; sl = sl->next) |
2431 | 0 | { |
2432 | 0 | if (!(err=classify_user_id (sl->d, desc+ndesc, 1))) |
2433 | 0 | ndesc++; |
2434 | 0 | else |
2435 | 0 | log_error (_("key \"%s\" not found: %s\n"), |
2436 | 0 | sl->d, gpg_strerror (err)); |
2437 | 0 | } |
2438 | |
|
2439 | 0 | keydb_disable_caching (kdbhd); /* We are looping the search. */ |
2440 | | |
2441 | | /* It would be nice to see which of the given users did actually |
2442 | | match one in the keyring. To implement this we need to have |
2443 | | a found flag for each entry in desc. To set this flag we |
2444 | | must check all those entries after a match to mark all |
2445 | | matched one - currently we stop at the first match. To do |
2446 | | this we need an extra flag to enable this feature. */ |
2447 | 0 | } |
2448 | | |
2449 | | /* For secret key export we need to setup a decryption context. */ |
2450 | 0 | if (secret && (err = get_keywrap_key (ctrl, &cipherhd))) |
2451 | 0 | goto leave; |
2452 | | |
2453 | 0 | for (;;) |
2454 | 0 | { |
2455 | 0 | u32 keyid[2]; |
2456 | 0 | PKT_public_key *pk; |
2457 | |
|
2458 | 0 | err = keydb_search (kdbhd, desc, ndesc, &descindex); |
2459 | 0 | if (!users) |
2460 | 0 | desc[0].mode = KEYDB_SEARCH_MODE_NEXT; |
2461 | 0 | if (err) |
2462 | 0 | break; |
2463 | | |
2464 | | /* Read the keyblock. */ |
2465 | 0 | release_kbnode (keyblock); |
2466 | 0 | keyblock = NULL; |
2467 | 0 | err = keydb_get_keyblock (kdbhd, &keyblock); |
2468 | 0 | if (err) |
2469 | 0 | { |
2470 | 0 | log_error (_("error reading keyblock: %s\n"), gpg_strerror (err)); |
2471 | 0 | goto leave; |
2472 | 0 | } |
2473 | | |
2474 | 0 | node = find_kbnode (keyblock, PKT_PUBLIC_KEY); |
2475 | 0 | if (!node) |
2476 | 0 | { |
2477 | 0 | log_error ("public key packet not found in keyblock - skipped\n"); |
2478 | 0 | continue; |
2479 | 0 | } |
2480 | 0 | stats->count++; |
2481 | 0 | setup_main_keyids (keyblock); /* gpg_format_keydesc needs it. */ |
2482 | 0 | pk = node->pkt->pkt.public_key; |
2483 | 0 | keyid_from_pk (pk, keyid); |
2484 | | |
2485 | | /* If a secret key export is required we need to check whether |
2486 | | we have a secret key at all and if so create the seckey_info |
2487 | | structure. */ |
2488 | 0 | if (secret) |
2489 | 0 | { |
2490 | 0 | if (agent_probe_any_secret_key (ctrl, keyblock)) |
2491 | 0 | continue; /* No secret key (neither primary nor subkey). */ |
2492 | | |
2493 | | /* No v3 keys with GNU mode 1001. */ |
2494 | 0 | if (secret == 2 && pk->version == 3) |
2495 | 0 | { |
2496 | 0 | log_info (_("key %s: PGP 2.x style key - skipped\n"), |
2497 | 0 | keystr (keyid)); |
2498 | 0 | continue; |
2499 | 0 | } |
2500 | | |
2501 | | /* The agent does not yet allow export of v3 packets. It is |
2502 | | actually questionable whether we should allow them at |
2503 | | all. */ |
2504 | 0 | if (pk->version == 3) |
2505 | 0 | { |
2506 | 0 | log_info ("key %s: PGP 2.x style key (v3) export " |
2507 | 0 | "not supported - skipped\n", keystr (keyid)); |
2508 | 0 | continue; |
2509 | 0 | } |
2510 | 0 | stats->secret_count++; |
2511 | 0 | } |
2512 | | |
2513 | | /* Always do the cleaning on the public key part if requested. |
2514 | | * A designated revocation is never stripped, even with |
2515 | | * export-minimal set. */ |
2516 | 0 | if ((options & EXPORT_CLEAN)) |
2517 | 0 | { |
2518 | 0 | merge_keys_and_selfsig (ctrl, keyblock); |
2519 | 0 | clean_all_uids (ctrl, keyblock, opt.verbose, options, NULL, NULL); |
2520 | 0 | clean_all_subkeys (ctrl, keyblock, opt.verbose, |
2521 | 0 | (options&EXPORT_KEEP_EXPIRED)? KEY_CLEAN_INVALID : |
2522 | 0 | (options&EXPORT_MINIMAL)? KEY_CLEAN_ALL |
2523 | 0 | /**/ : KEY_CLEAN_AUTHENCR, |
2524 | 0 | NULL, NULL); |
2525 | 0 | commit_kbnode (&keyblock); |
2526 | 0 | } |
2527 | 0 | else if (export_keep_uid || export_drop_subkey || export_select_filter) |
2528 | 0 | { |
2529 | | /* Need to merge so that for example the "usage" property |
2530 | | * has been setup. */ |
2531 | 0 | merge_keys_and_selfsig (ctrl, keyblock); |
2532 | 0 | } |
2533 | | |
2534 | |
|
2535 | 0 | if (export_select_filter) |
2536 | 0 | { |
2537 | 0 | int selected = 0; |
2538 | 0 | struct impex_filter_parm_s parm; |
2539 | 0 | parm.ctrl = ctrl; |
2540 | |
|
2541 | 0 | for (parm.node = keyblock; parm.node; parm.node = parm.node->next) |
2542 | 0 | { |
2543 | 0 | if (recsel_select (export_select_filter, |
2544 | 0 | impex_filter_getval, &parm)) |
2545 | 0 | { |
2546 | 0 | selected = 1; |
2547 | 0 | break; |
2548 | 0 | } |
2549 | 0 | } |
2550 | 0 | if (!selected) |
2551 | 0 | continue; /* Skip this keyblock. */ |
2552 | 0 | } |
2553 | | |
2554 | 0 | if (export_keep_uid) |
2555 | 0 | { |
2556 | 0 | commit_kbnode (&keyblock); |
2557 | 0 | apply_keep_uid_filter (ctrl, keyblock, export_keep_uid); |
2558 | 0 | commit_kbnode (&keyblock); |
2559 | 0 | } |
2560 | |
|
2561 | 0 | if (export_drop_subkey) |
2562 | 0 | { |
2563 | 0 | commit_kbnode (&keyblock); |
2564 | 0 | apply_drop_subkey_filter (ctrl, keyblock, export_drop_subkey); |
2565 | 0 | commit_kbnode (&keyblock); |
2566 | 0 | } |
2567 | | |
2568 | | /* And write it. */ |
2569 | 0 | if ((options & EXPORT_REVOCS)) |
2570 | 0 | err = do_export_revocs (ctrl, keyblock, keyid, |
2571 | 0 | out_help? out_help : out, |
2572 | 0 | options, any); |
2573 | 0 | else |
2574 | 0 | err = do_export_one_keyblock (ctrl, keyblock, keyid, |
2575 | 0 | out_help? out_help : out, |
2576 | 0 | secret, options, stats, any, |
2577 | 0 | desc, ndesc, descindex, cipherhd); |
2578 | 0 | if (err) |
2579 | 0 | break; |
2580 | | |
2581 | 0 | if (keyblock_out) |
2582 | 0 | { |
2583 | 0 | *keyblock_out = keyblock; |
2584 | 0 | break; |
2585 | 0 | } |
2586 | | |
2587 | 0 | if (out_help && (options & EXPORT_DANE_FORMAT)) |
2588 | 0 | { |
2589 | | /* We want to write DANE records. OUT_HELP has the |
2590 | | * keyblock and we print a record for each uid to OUT. */ |
2591 | 0 | const void *data; |
2592 | 0 | size_t datalen; |
2593 | |
|
2594 | 0 | iobuf_flush_temp (out_help); |
2595 | 0 | data = iobuf_get_temp_buffer (out_help); |
2596 | 0 | datalen = iobuf_get_temp_length (out_help); |
2597 | |
|
2598 | 0 | err = print_dane_records (out, keyblock, pk, data, datalen); |
2599 | 0 | if (err) |
2600 | 0 | goto leave; |
2601 | | |
2602 | 0 | iobuf_close (out_help); |
2603 | 0 | out_help = iobuf_temp (); |
2604 | 0 | } |
2605 | |
|
2606 | 0 | } |
2607 | 0 | if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) |
2608 | 0 | err = 0; |
2609 | |
|
2610 | 0 | leave: |
2611 | 0 | iobuf_cancel (out_help); |
2612 | 0 | gcry_cipher_close (cipherhd); |
2613 | 0 | xfree(desc); |
2614 | 0 | keydb_release (kdbhd); |
2615 | 0 | if (err || !keyblock_out) |
2616 | 0 | release_kbnode( keyblock ); |
2617 | 0 | if( !*any && !opt.quiet) |
2618 | 0 | log_info (_("WARNING: nothing exported\n")); |
2619 | 0 | return err; |
2620 | 0 | } |
2621 | | |
2622 | | |
2623 | | � |
2624 | | /* Write the uint32 VALUE to MB in networ byte order. */ |
2625 | | static void |
2626 | | mb_write_uint32 (membuf_t *mb, u32 value) |
2627 | 0 | { |
2628 | 0 | unsigned char buffer[4]; |
2629 | |
|
2630 | 0 | ulongtobuf (buffer, (ulong)value); |
2631 | 0 | put_membuf (mb, buffer, 4); |
2632 | 0 | } |
2633 | | |
2634 | | /* Write the byte C to MB. */ |
2635 | | static void |
2636 | | mb_write_uint8 (membuf_t *mb, int c) |
2637 | 0 | { |
2638 | 0 | unsigned char buf[1]; |
2639 | |
|
2640 | 0 | buf[0] = c; |
2641 | 0 | put_membuf (mb, buf, 1); |
2642 | 0 | } |
2643 | | |
2644 | | |
2645 | | /* Simple wrapper around put_membuf. */ |
2646 | | static void |
2647 | | mb_write_data (membuf_t *mb, const void *data, size_t datalen) |
2648 | 0 | { |
2649 | 0 | put_membuf (mb, data, datalen); |
2650 | 0 | } |
2651 | | |
2652 | | /* Write STRING with terminating Nul to MB. */ |
2653 | | static void |
2654 | | mb_write_cstring (membuf_t *mb, const char *string) |
2655 | 0 | { |
2656 | 0 | put_membuf (mb, string, strlen (string)+1); |
2657 | 0 | } |
2658 | | |
2659 | | /* Write an SSH style string to MB. */ |
2660 | | static void |
2661 | | mb_write_string (membuf_t *mb, const void *string, size_t n) |
2662 | 0 | { |
2663 | 0 | mb_write_uint32 (mb, (u32)n); |
2664 | 0 | mb_write_data (mb, string, n); |
2665 | 0 | } |
2666 | | |
2667 | | /* Write an MPI as SSH style string to MB */ |
2668 | | static void |
2669 | | mb_write_mpi (membuf_t *mb, gcry_mpi_t mpi, int strip_prefix) |
2670 | 0 | { |
2671 | 0 | unsigned int nbits; |
2672 | 0 | const unsigned char *p; |
2673 | 0 | size_t n; |
2674 | |
|
2675 | 0 | if (gcry_mpi_get_flag (mpi, GCRYMPI_FLAG_OPAQUE)) |
2676 | 0 | { |
2677 | 0 | p = gcry_mpi_get_opaque (mpi, &nbits); |
2678 | 0 | n = (nbits + 7) / 8; |
2679 | |
|
2680 | 0 | if (strip_prefix && n > 1 && p[0] == 0x40) |
2681 | 0 | { |
2682 | | /* We need to strip our 0x40 prefix. */ |
2683 | 0 | p++; |
2684 | 0 | n--; |
2685 | 0 | } |
2686 | 0 | mb_write_string (mb, p, n); |
2687 | 0 | } |
2688 | 0 | else |
2689 | 0 | { |
2690 | 0 | gpg_error_t err; |
2691 | 0 | unsigned char *buf; |
2692 | |
|
2693 | 0 | err = gcry_mpi_aprint (GCRYMPI_FMT_SSH, &buf, &n, mpi); |
2694 | 0 | if (err) |
2695 | 0 | set_membuf_err (mb, err); |
2696 | 0 | else |
2697 | 0 | { |
2698 | 0 | mb_write_data (mb, buf, n); |
2699 | 0 | gcry_free (buf); |
2700 | 0 | } |
2701 | 0 | } |
2702 | 0 | } |
2703 | | |
2704 | | |
2705 | | � |
2706 | | static gpg_error_t |
2707 | | key_to_sshblob (membuf_t *mb, const char *identifier, ...) |
2708 | 0 | { |
2709 | 0 | va_list arg_ptr; |
2710 | 0 | gpg_error_t err = 0; |
2711 | 0 | unsigned char nbuf[4]; |
2712 | 0 | unsigned char *buf; |
2713 | 0 | size_t buflen; |
2714 | 0 | gcry_mpi_t a; |
2715 | |
|
2716 | 0 | buflen = strlen (identifier); |
2717 | 0 | ulongtobuf (nbuf, (ulong)buflen); |
2718 | 0 | put_membuf (mb, nbuf, 4); |
2719 | 0 | put_membuf (mb, identifier, buflen); |
2720 | 0 | if (buflen > 11 && !memcmp (identifier, "ecdsa-sha2-", 11)) |
2721 | 0 | { |
2722 | | /* Store the name of the curve taken from the identifier. */ |
2723 | 0 | ulongtobuf (nbuf, (ulong)(buflen - 11)); |
2724 | 0 | put_membuf (mb, nbuf, 4); |
2725 | 0 | put_membuf (mb, identifier+11, buflen - 11); |
2726 | 0 | } |
2727 | 0 | va_start (arg_ptr, identifier); |
2728 | 0 | while ((a = va_arg (arg_ptr, gcry_mpi_t))) |
2729 | 0 | { |
2730 | 0 | if (gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE)) |
2731 | 0 | { |
2732 | 0 | unsigned int nbits; |
2733 | 0 | const unsigned char *p; |
2734 | |
|
2735 | 0 | p = gcry_mpi_get_opaque (a, &nbits); |
2736 | 0 | buflen = (nbits + 7) / 8; |
2737 | |
|
2738 | 0 | if (!strcmp (identifier, "ssh-ed25519") |
2739 | 0 | && buflen > 1 && p[0] == 0x40) |
2740 | 0 | { |
2741 | | /* We need to strip our 0x40 prefix. */ |
2742 | 0 | put_membuf (mb, "\x00\x00\x00\x20", 4); |
2743 | 0 | put_membuf (mb, p+1, buflen-1); |
2744 | 0 | } |
2745 | 0 | else |
2746 | 0 | { |
2747 | 0 | unsigned char c; |
2748 | |
|
2749 | 0 | c = buflen >> 24; |
2750 | 0 | put_membuf (mb, &c, 1); |
2751 | 0 | c = buflen >> 16; |
2752 | 0 | put_membuf (mb, &c, 1); |
2753 | 0 | c = buflen >> 8; |
2754 | 0 | put_membuf (mb, &c, 1); |
2755 | 0 | c = buflen; |
2756 | 0 | put_membuf (mb, &c, 1); |
2757 | 0 | put_membuf (mb, p, buflen); |
2758 | 0 | } |
2759 | 0 | } |
2760 | 0 | else |
2761 | 0 | { |
2762 | 0 | err = gcry_mpi_aprint (GCRYMPI_FMT_SSH, &buf, &buflen, a); |
2763 | 0 | if (err) |
2764 | 0 | break; |
2765 | 0 | put_membuf (mb, buf, buflen); |
2766 | 0 | gcry_free (buf); |
2767 | 0 | } |
2768 | 0 | } |
2769 | 0 | va_end (arg_ptr); |
2770 | 0 | return err; |
2771 | 0 | } |
2772 | | |
2773 | | |
2774 | | static gpg_error_t |
2775 | | export_one_ssh_key (estream_t fp, PKT_public_key *pk) |
2776 | 0 | { |
2777 | 0 | gpg_error_t err; |
2778 | 0 | const char *identifier = NULL; |
2779 | 0 | membuf_t mb; |
2780 | 0 | void *blob; |
2781 | 0 | size_t bloblen; |
2782 | |
|
2783 | 0 | init_membuf (&mb, 4096); |
2784 | |
|
2785 | 0 | switch (pk->pubkey_algo) |
2786 | 0 | { |
2787 | 0 | case PUBKEY_ALGO_DSA: |
2788 | 0 | identifier = "ssh-dss"; |
2789 | 0 | err = key_to_sshblob (&mb, identifier, |
2790 | 0 | pk->pkey[0], pk->pkey[1], pk->pkey[2], pk->pkey[3], |
2791 | 0 | NULL); |
2792 | 0 | break; |
2793 | | |
2794 | 0 | case PUBKEY_ALGO_RSA: |
2795 | 0 | case PUBKEY_ALGO_RSA_S: |
2796 | 0 | identifier = "ssh-rsa"; |
2797 | 0 | err = key_to_sshblob (&mb, identifier, pk->pkey[1], pk->pkey[0], NULL); |
2798 | 0 | break; |
2799 | | |
2800 | 0 | case PUBKEY_ALGO_ECDSA: |
2801 | 0 | { |
2802 | 0 | char *curveoid; |
2803 | 0 | const char *curve; |
2804 | |
|
2805 | 0 | curveoid = openpgp_oid_to_str (pk->pkey[0]); |
2806 | 0 | if (!curveoid) |
2807 | 0 | err = gpg_error_from_syserror (); |
2808 | 0 | else if (!(curve = openpgp_oid_to_curve (curveoid, 0))) |
2809 | 0 | err = gpg_error (GPG_ERR_UNKNOWN_CURVE); |
2810 | 0 | else |
2811 | 0 | { |
2812 | 0 | if (!strcmp (curve, "nistp256")) |
2813 | 0 | identifier = "ecdsa-sha2-nistp256"; |
2814 | 0 | else if (!strcmp (curve, "nistp384")) |
2815 | 0 | identifier = "ecdsa-sha2-nistp384"; |
2816 | 0 | else if (!strcmp (curve, "nistp521")) |
2817 | 0 | identifier = "ecdsa-sha2-nistp521"; |
2818 | |
|
2819 | 0 | if (!identifier) |
2820 | 0 | err = gpg_error (GPG_ERR_UNKNOWN_CURVE); |
2821 | 0 | else |
2822 | 0 | err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL); |
2823 | 0 | } |
2824 | 0 | xfree (curveoid); |
2825 | 0 | } |
2826 | 0 | break; |
2827 | | |
2828 | 0 | case PUBKEY_ALGO_EDDSA: |
2829 | 0 | if (openpgp_oid_is_ed25519 (pk->pkey[0])) |
2830 | 0 | { |
2831 | 0 | identifier = "ssh-ed25519"; |
2832 | 0 | err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL); |
2833 | 0 | } |
2834 | 0 | else if (openpgp_oid_is_ed448 (pk->pkey[0])) |
2835 | 0 | { |
2836 | 0 | identifier = "ssh-ed448"; |
2837 | 0 | err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL); |
2838 | 0 | } |
2839 | 0 | else |
2840 | 0 | err = gpg_error (GPG_ERR_UNKNOWN_CURVE); |
2841 | 0 | break; |
2842 | | |
2843 | 0 | case PUBKEY_ALGO_ELGAMAL_E: |
2844 | 0 | case PUBKEY_ALGO_ELGAMAL: |
2845 | 0 | err = gpg_error (GPG_ERR_UNUSABLE_PUBKEY); |
2846 | 0 | break; |
2847 | | |
2848 | 0 | default: |
2849 | 0 | err = GPG_ERR_PUBKEY_ALGO; |
2850 | 0 | break; |
2851 | 0 | } |
2852 | | |
2853 | 0 | if (err) |
2854 | 0 | goto leave; |
2855 | | |
2856 | 0 | blob = get_membuf (&mb, &bloblen); |
2857 | 0 | if (blob) |
2858 | 0 | { |
2859 | 0 | gpgrt_b64state_t b64_state; |
2860 | |
|
2861 | 0 | es_fprintf (fp, "%s ", identifier); |
2862 | 0 | b64_state = gpgrt_b64enc_start (fp, ""); |
2863 | 0 | if (!b64_state) |
2864 | 0 | { |
2865 | 0 | xfree (blob); |
2866 | 0 | goto leave; |
2867 | 0 | } |
2868 | | |
2869 | 0 | err = gpgrt_b64enc_write (b64_state, blob, bloblen); |
2870 | 0 | gpgrt_b64enc_finish (b64_state); |
2871 | |
|
2872 | 0 | es_fprintf (fp, " openpgp:0x%08lX\n", (ulong)keyid_from_pk (pk, NULL)); |
2873 | 0 | xfree (blob); |
2874 | 0 | } |
2875 | | |
2876 | 0 | leave: |
2877 | 0 | xfree (get_membuf (&mb, NULL)); |
2878 | 0 | return err; |
2879 | 0 | } |
2880 | | |
2881 | | /* Export the key identified by USERID in the SSH public key format. |
2882 | | The function exports the latest subkey with Authentication |
2883 | | capability unless the '!' suffix is used to export a specific |
2884 | | key. */ |
2885 | | gpg_error_t |
2886 | | export_ssh_key (ctrl_t ctrl, const char *userid) |
2887 | 0 | { |
2888 | 0 | gpg_error_t err; |
2889 | 0 | kbnode_t keyblock = NULL; |
2890 | 0 | KEYDB_SEARCH_DESC desc; |
2891 | 0 | u32 latest_date; |
2892 | 0 | u32 curtime = make_timestamp (); |
2893 | 0 | kbnode_t latest_key, node; |
2894 | 0 | PKT_public_key *pk; |
2895 | 0 | estream_t fp = NULL; |
2896 | 0 | const char *fname = "-"; |
2897 | | |
2898 | | /* We need to know whether the key has been specified using the |
2899 | | exact syntax ('!' suffix). Thus we need to run a |
2900 | | classify_user_id on our own. */ |
2901 | 0 | err = classify_user_id (userid, &desc, 1); |
2902 | | |
2903 | | /* Get the public key. */ |
2904 | 0 | if (!err) |
2905 | 0 | { |
2906 | 0 | getkey_ctx_t getkeyctx; |
2907 | |
|
2908 | 0 | err = get_pubkey_byname (ctrl, GET_PUBKEY_NO_AKL, |
2909 | 0 | &getkeyctx, NULL, userid, &keyblock, |
2910 | 0 | NULL, |
2911 | 0 | 0 /* Only usable keys or given exact. */); |
2912 | 0 | if (!err) |
2913 | 0 | { |
2914 | 0 | err = getkey_next (ctrl, getkeyctx, NULL, NULL); |
2915 | 0 | if (!err) |
2916 | 0 | err = gpg_error (GPG_ERR_AMBIGUOUS_NAME); |
2917 | 0 | else if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY) |
2918 | 0 | err = 0; |
2919 | 0 | } |
2920 | 0 | getkey_end (ctrl, getkeyctx); |
2921 | 0 | } |
2922 | 0 | if (err) |
2923 | 0 | { |
2924 | 0 | log_error (_("key \"%s\" not found: %s\n"), userid, gpg_strerror (err)); |
2925 | 0 | return err; |
2926 | 0 | } |
2927 | | |
2928 | | /* The finish_lookup code in getkey.c does not handle auth keys, |
2929 | | thus we have to duplicate the code here to find the latest |
2930 | | subkey. However, if the key has been found using an exact match |
2931 | | ('!' notation) we use that key without any further checks and |
2932 | | even allow the use of the primary key. */ |
2933 | 0 | latest_date = 0; |
2934 | 0 | latest_key = NULL; |
2935 | 0 | for (node = keyblock; node; node = node->next) |
2936 | 0 | { |
2937 | 0 | if ((node->pkt->pkttype == PKT_PUBLIC_SUBKEY |
2938 | 0 | || node->pkt->pkttype == PKT_PUBLIC_KEY) |
2939 | 0 | && node->pkt->pkt.public_key->flags.exact) |
2940 | 0 | { |
2941 | 0 | latest_key = node; |
2942 | 0 | break; |
2943 | 0 | } |
2944 | 0 | } |
2945 | 0 | if (!latest_key) |
2946 | 0 | { |
2947 | 0 | for (node = keyblock; node; node = node->next) |
2948 | 0 | { |
2949 | 0 | if (node->pkt->pkttype != PKT_PUBLIC_SUBKEY) |
2950 | 0 | continue; |
2951 | | |
2952 | 0 | pk = node->pkt->pkt.public_key; |
2953 | 0 | if (DBG_LOOKUP) |
2954 | 0 | log_debug ("\tchecking subkey %08lX\n", |
2955 | 0 | (ulong) keyid_from_pk (pk, NULL)); |
2956 | 0 | if (!(pk->pubkey_usage & PUBKEY_USAGE_AUTH)) |
2957 | 0 | { |
2958 | 0 | if (DBG_LOOKUP) |
2959 | 0 | log_debug ("\tsubkey not usable for authentication\n"); |
2960 | 0 | continue; |
2961 | 0 | } |
2962 | 0 | if (!pk->flags.valid) |
2963 | 0 | { |
2964 | 0 | if (DBG_LOOKUP) |
2965 | 0 | log_debug ("\tsubkey not valid\n"); |
2966 | 0 | continue; |
2967 | 0 | } |
2968 | 0 | if (pk->flags.revoked) |
2969 | 0 | { |
2970 | 0 | if (DBG_LOOKUP) |
2971 | 0 | log_debug ("\tsubkey has been revoked\n"); |
2972 | 0 | continue; |
2973 | 0 | } |
2974 | 0 | if (pk->has_expired) |
2975 | 0 | { |
2976 | 0 | if (DBG_LOOKUP) |
2977 | 0 | log_debug ("\tsubkey has expired\n"); |
2978 | 0 | continue; |
2979 | 0 | } |
2980 | 0 | if (pk->timestamp > curtime && !opt.ignore_valid_from) |
2981 | 0 | { |
2982 | 0 | if (DBG_LOOKUP) |
2983 | 0 | log_debug ("\tsubkey not yet valid\n"); |
2984 | 0 | continue; |
2985 | 0 | } |
2986 | 0 | if (DBG_LOOKUP) |
2987 | 0 | log_debug ("\tsubkey might be fine\n"); |
2988 | | /* In case a key has a timestamp of 0 set, we make sure that it |
2989 | | is used. A better change would be to compare ">=" but that |
2990 | | might also change the selected keys and is as such a more |
2991 | | intrusive change. */ |
2992 | 0 | if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date)) |
2993 | 0 | { |
2994 | 0 | latest_date = pk->timestamp; |
2995 | 0 | latest_key = node; |
2996 | 0 | } |
2997 | 0 | } |
2998 | | |
2999 | | /* If no subkey was suitable check the primary key. */ |
3000 | 0 | if (!latest_key |
3001 | 0 | && (node = keyblock) && node->pkt->pkttype == PKT_PUBLIC_KEY) |
3002 | 0 | { |
3003 | 0 | pk = node->pkt->pkt.public_key; |
3004 | 0 | if (DBG_LOOKUP) |
3005 | 0 | log_debug ("\tchecking primary key %08lX\n", |
3006 | 0 | (ulong) keyid_from_pk (pk, NULL)); |
3007 | 0 | if (!(pk->pubkey_usage & PUBKEY_USAGE_AUTH)) |
3008 | 0 | { |
3009 | 0 | if (DBG_LOOKUP) |
3010 | 0 | log_debug ("\tprimary key not usable for authentication\n"); |
3011 | 0 | } |
3012 | 0 | else if (!pk->flags.valid) |
3013 | 0 | { |
3014 | 0 | if (DBG_LOOKUP) |
3015 | 0 | log_debug ("\tprimary key not valid\n"); |
3016 | 0 | } |
3017 | 0 | else if (pk->flags.revoked) |
3018 | 0 | { |
3019 | 0 | if (DBG_LOOKUP) |
3020 | 0 | log_debug ("\tprimary key has been revoked\n"); |
3021 | 0 | } |
3022 | 0 | else if (pk->has_expired) |
3023 | 0 | { |
3024 | 0 | if (DBG_LOOKUP) |
3025 | 0 | log_debug ("\tprimary key has expired\n"); |
3026 | 0 | } |
3027 | 0 | else if (pk->timestamp > curtime && !opt.ignore_valid_from) |
3028 | 0 | { |
3029 | 0 | if (DBG_LOOKUP) |
3030 | 0 | log_debug ("\tprimary key not yet valid\n"); |
3031 | 0 | } |
3032 | 0 | else |
3033 | 0 | { |
3034 | 0 | if (DBG_LOOKUP) |
3035 | 0 | log_debug ("\tprimary key is fine\n"); |
3036 | 0 | latest_date = pk->timestamp; |
3037 | 0 | latest_key = node; |
3038 | 0 | } |
3039 | 0 | } |
3040 | 0 | } |
3041 | |
|
3042 | 0 | if (!latest_key) |
3043 | 0 | { |
3044 | 0 | err = gpg_error (GPG_ERR_UNUSABLE_PUBKEY); |
3045 | 0 | log_error (_("key \"%s\" not found: %s\n"), userid, gpg_strerror (err)); |
3046 | 0 | goto leave; |
3047 | 0 | } |
3048 | | |
3049 | 0 | pk = latest_key->pkt->pkt.public_key; |
3050 | 0 | if (DBG_LOOKUP) |
3051 | 0 | log_debug ("\tusing key %08lX\n", (ulong) keyid_from_pk (pk, NULL)); |
3052 | |
|
3053 | 0 | if (opt.outfile && *opt.outfile && strcmp (opt.outfile, "-")) |
3054 | 0 | fp = es_fopen ((fname = opt.outfile), "w"); |
3055 | 0 | else |
3056 | 0 | fp = es_stdout; |
3057 | 0 | if (!fp) |
3058 | 0 | { |
3059 | 0 | err = gpg_error_from_syserror (); |
3060 | 0 | log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err)); |
3061 | 0 | goto leave; |
3062 | 0 | } |
3063 | | |
3064 | 0 | err = export_one_ssh_key (fp, pk); |
3065 | 0 | if (err) |
3066 | 0 | goto leave; |
3067 | | |
3068 | 0 | if (es_ferror (fp)) |
3069 | 0 | err = gpg_error_from_syserror (); |
3070 | 0 | else |
3071 | 0 | { |
3072 | 0 | if (fp != es_stdout && es_fclose (fp)) |
3073 | 0 | err = gpg_error_from_syserror (); |
3074 | 0 | fp = NULL; |
3075 | 0 | } |
3076 | |
|
3077 | 0 | if (err) |
3078 | 0 | log_error (_("error writing '%s': %s\n"), fname, gpg_strerror (err)); |
3079 | |
|
3080 | 0 | leave: |
3081 | 0 | if (fp != es_stdout) |
3082 | 0 | es_fclose (fp); |
3083 | 0 | release_kbnode (keyblock); |
3084 | 0 | return err; |
3085 | 0 | } |
3086 | | |
3087 | | |
3088 | | /* Export the key identified by USERID in the SSH secret key format. |
3089 | | * The USERID must be given in keygrip format (prefixed with a '&') |
3090 | | * and thus no OpenPGP key is required. The exported key is not |
3091 | | * protected. */ |
3092 | | gpg_error_t |
3093 | | export_secret_ssh_key (ctrl_t ctrl, const char *userid) |
3094 | 0 | { |
3095 | 0 | gpg_error_t err; |
3096 | 0 | KEYDB_SEARCH_DESC desc; |
3097 | 0 | estream_t fp = NULL; |
3098 | 0 | const char *fname = "-"; |
3099 | 0 | gcry_cipher_hd_t cipherhd = NULL; |
3100 | 0 | char hexgrip[KEYGRIP_LEN * 2 + 1]; |
3101 | 0 | gcry_sexp_t skey = NULL; |
3102 | 0 | gcry_sexp_t skeyalgo = NULL; |
3103 | 0 | const char *identifier = NULL; |
3104 | 0 | membuf_t mb; |
3105 | 0 | membuf_t mb2; |
3106 | 0 | void *blob = NULL; |
3107 | 0 | size_t bloblen; |
3108 | 0 | const char *s; |
3109 | 0 | size_t n; |
3110 | 0 | char *p; |
3111 | 0 | int pkalgo; |
3112 | 0 | int i; |
3113 | 0 | gcry_mpi_t keyparam[10] = { NULL }; |
3114 | 0 | gpgrt_b64state_t b64_state; |
3115 | |
|
3116 | 0 | init_membuf_secure (&mb, 1024); |
3117 | 0 | init_membuf_secure (&mb2, 1024); |
3118 | | |
3119 | | /* Check that a keygrip has been given. */ |
3120 | 0 | err = classify_user_id (userid, &desc, 1); |
3121 | 0 | if (err || desc.mode != KEYDB_SEARCH_MODE_KEYGRIP ) |
3122 | 0 | { |
3123 | 0 | log_error (_("key \"%s\" not found: %s\n"), userid, |
3124 | 0 | err? gpg_strerror (err) : "Not a Keygrip" ); |
3125 | 0 | goto leave; |
3126 | 0 | } |
3127 | | |
3128 | 0 | bin2hex (desc.u.grip, KEYGRIP_LEN, hexgrip); |
3129 | |
|
3130 | 0 | if ((err = get_keywrap_key (ctrl, &cipherhd))) |
3131 | 0 | goto leave; |
3132 | | |
3133 | 0 | err = receive_seckey_from_agent (ctrl, cipherhd, 0, 0, 0, NULL, hexgrip, NULL, |
3134 | 0 | &skey); |
3135 | 0 | if (err) |
3136 | 0 | goto leave; |
3137 | | |
3138 | | /* Get the type of the key expression. */ |
3139 | 0 | s = gcry_sexp_nth_data (skey, 0, &n); |
3140 | 0 | if (!s || !(n == 11 && !memcmp (s, "private-key", 11))) |
3141 | 0 | { |
3142 | 0 | log_info ("Note: only on-disk secret keys may be exported\n"); |
3143 | 0 | err = gpg_error (GPG_ERR_NO_SECKEY); |
3144 | 0 | goto leave; |
3145 | 0 | } |
3146 | | |
3147 | 0 | mb_write_cstring (&mb, "openssh-key-v1"); /* Auth_Magic. */ |
3148 | 0 | mb_write_string (&mb, "none", 4); /* ciphername */ |
3149 | 0 | mb_write_string (&mb, "none", 4); /* kdfname */ |
3150 | 0 | mb_write_uint32 (&mb, 0); /* kdfoptions */ |
3151 | 0 | mb_write_uint32 (&mb, 1); /* number of keys */ |
3152 | |
|
3153 | 0 | pkalgo = get_pk_algo_from_key (skey); |
3154 | 0 | switch (pkalgo) |
3155 | 0 | { |
3156 | 0 | case PUBKEY_ALGO_RSA: |
3157 | 0 | case PUBKEY_ALGO_RSA_S: |
3158 | 0 | identifier = "ssh-rsa"; |
3159 | 0 | err = gcry_sexp_extract_param (skey, NULL, "nedpq", |
3160 | 0 | &keyparam[0], |
3161 | 0 | &keyparam[1], |
3162 | 0 | &keyparam[2], |
3163 | 0 | &keyparam[3], |
3164 | 0 | &keyparam[4], |
3165 | 0 | NULL); |
3166 | 0 | if (err) |
3167 | 0 | goto leave; |
3168 | 0 | mb_write_string (&mb2, identifier, strlen (identifier)); |
3169 | 0 | mb_write_mpi (&mb2, keyparam[1], 0); /* e (right, e is first here) */ |
3170 | 0 | mb_write_mpi (&mb2, keyparam[0], 0); /* n */ |
3171 | | /* Append public to the output block as an SSH string. */ |
3172 | 0 | p = get_membuf (&mb2, &n); |
3173 | 0 | if (!p) |
3174 | 0 | { |
3175 | 0 | err = gpg_error_from_syserror (); |
3176 | 0 | goto leave; |
3177 | 0 | } |
3178 | 0 | mb_write_string (&mb, p, n); |
3179 | 0 | xfree (p); |
3180 | 0 | init_membuf_secure (&mb2, 1024); |
3181 | 0 | mb_write_string (&mb2, identifier, strlen (identifier)); |
3182 | 0 | { |
3183 | 0 | char checkbytes[4]; |
3184 | 0 | gcry_create_nonce (checkbytes, sizeof checkbytes); |
3185 | 0 | mb_write_data (&mb2, checkbytes, sizeof checkbytes); |
3186 | 0 | mb_write_data (&mb2, checkbytes, sizeof checkbytes); |
3187 | 0 | } |
3188 | 0 | mb_write_mpi (&mb2, keyparam[0], 0); /* n */ |
3189 | 0 | mb_write_mpi (&mb2, keyparam[1], 0); /* e */ |
3190 | | /*FIXME: Fixup u,p,q to match the OpenSSH format. */ |
3191 | 0 | mb_write_mpi (&mb2, keyparam[2], 0); /* d */ |
3192 | 0 | mb_write_mpi (&mb2, keyparam[1], 0); /* iqmp1 */ |
3193 | 0 | mb_write_mpi (&mb2, keyparam[3], 0); /* p */ |
3194 | 0 | mb_write_mpi (&mb2, keyparam[4], 0); /* q */ |
3195 | | /* Fixme: take the comment from skey. */ |
3196 | 0 | mb_write_string (&mb2, "<comment>", 9); |
3197 | | /* Pad to a blocksize of 8 (for cipher "none"). */ |
3198 | 0 | i = 0; |
3199 | 0 | while (peek_membuf (&mb2, &n) && (n % 8)) |
3200 | 0 | mb_write_uint8 (&mb2, ++i); |
3201 | | /* Append encrypted block to the output as an SSH string. */ |
3202 | 0 | p = get_membuf (&mb2, &n); |
3203 | 0 | if (!p) |
3204 | 0 | { |
3205 | 0 | err = gpg_error_from_syserror (); |
3206 | 0 | goto leave; |
3207 | 0 | } |
3208 | 0 | mb_write_string (&mb, p, n); |
3209 | 0 | xfree (p); |
3210 | 0 | err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); |
3211 | 0 | break; |
3212 | | |
3213 | | /* case PUBKEY_ALGO_ECDSA: */ |
3214 | | /* { */ |
3215 | | /* char *curveoid; */ |
3216 | | /* const char *curve; */ |
3217 | | |
3218 | | /* curveoid = openpgp_oid_to_str (pk->pkey[0]); */ |
3219 | | /* if (!curveoid) */ |
3220 | | /* err = gpg_error_from_syserror (); */ |
3221 | | /* else if (!(curve = openpgp_oid_to_curve (curveoid, 0))) */ |
3222 | | /* err = gpg_error (GPG_ERR_UNKNOWN_CURVE); */ |
3223 | | /* else */ |
3224 | | /* { */ |
3225 | | /* if (!strcmp (curve, "nistp256")) */ |
3226 | | /* identifier = "ecdsa-sha2-nistp256"; */ |
3227 | | /* else if (!strcmp (curve, "nistp384")) */ |
3228 | | /* identifier = "ecdsa-sha2-nistp384"; */ |
3229 | | /* else if (!strcmp (curve, "nistp521")) */ |
3230 | | /* identifier = "ecdsa-sha2-nistp521"; */ |
3231 | | |
3232 | | /* if (!identifier) */ |
3233 | | /* err = gpg_error (GPG_ERR_UNKNOWN_CURVE); */ |
3234 | | /* else */ |
3235 | | /* err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL); */ |
3236 | | /* } */ |
3237 | | /* xfree (curveoid); */ |
3238 | | /* } */ |
3239 | | /* break; */ |
3240 | | |
3241 | | /* case PUBKEY_ALGO_EDDSA: */ |
3242 | | /* if (openpgp_oid_is_ed25519 (pk->pkey[0])) */ |
3243 | | /* { */ |
3244 | | /* identifier = "ssh-ed25519"; */ |
3245 | | /* err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL); */ |
3246 | | /* } */ |
3247 | | /* else if (openpgp_oid_is_ed448 (pk->pkey[0])) */ |
3248 | | /* { */ |
3249 | | /* identifier = "ssh-ed448"; */ |
3250 | | /* err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL); */ |
3251 | | /* } */ |
3252 | | /* else */ |
3253 | | /* err = gpg_error (GPG_ERR_UNKNOWN_CURVE); */ |
3254 | | /* break; */ |
3255 | | |
3256 | 0 | case PUBKEY_ALGO_DSA: |
3257 | 0 | log_info ("Note: export of ssh-dsa keys is not supported\n"); |
3258 | 0 | err = gpg_error (GPG_ERR_NOT_SUPPORTED); |
3259 | 0 | break; |
3260 | | |
3261 | 0 | case PUBKEY_ALGO_ELGAMAL_E: |
3262 | 0 | case PUBKEY_ALGO_ELGAMAL: |
3263 | 0 | err = gpg_error (GPG_ERR_UNUSABLE_SECKEY); |
3264 | 0 | break; |
3265 | | |
3266 | 0 | default: |
3267 | 0 | err = GPG_ERR_PUBKEY_ALGO; |
3268 | 0 | break; |
3269 | 0 | } |
3270 | | |
3271 | 0 | if (err) |
3272 | 0 | goto leave; |
3273 | | |
3274 | 0 | blob = get_membuf (&mb, &bloblen); |
3275 | 0 | if (!blob) |
3276 | 0 | { |
3277 | 0 | err = gpg_error_from_syserror (); |
3278 | 0 | goto leave; |
3279 | 0 | } |
3280 | | |
3281 | 0 | if (opt.outfile && *opt.outfile && strcmp (opt.outfile, "-")) |
3282 | 0 | fp = es_fopen ((fname = opt.outfile), "w"); |
3283 | 0 | else |
3284 | 0 | fp = es_stdout; |
3285 | 0 | if (!fp) |
3286 | 0 | { |
3287 | 0 | err = gpg_error_from_syserror (); |
3288 | 0 | log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err)); |
3289 | 0 | goto leave; |
3290 | 0 | } |
3291 | | |
3292 | 0 | b64_state = gpgrt_b64enc_start (fp, "OPENSSH PRIVATE_KEY"); |
3293 | 0 | if (!b64_state) |
3294 | 0 | goto leave; |
3295 | 0 | err = gpgrt_b64enc_write (b64_state, blob, bloblen); |
3296 | 0 | gpgrt_b64enc_finish (b64_state); |
3297 | 0 | if (err) |
3298 | 0 | goto leave; |
3299 | | |
3300 | 0 | if (es_ferror (fp)) |
3301 | 0 | err = gpg_error_from_syserror (); |
3302 | 0 | else |
3303 | 0 | { |
3304 | 0 | if (fp != es_stdout && es_fclose (fp)) |
3305 | 0 | err = gpg_error_from_syserror (); |
3306 | 0 | fp = NULL; |
3307 | 0 | } |
3308 | |
|
3309 | 0 | log_info ("Beware: the private key is not protected;" |
3310 | 0 | " use \"ssh-keygen -p\" to protect it\n"); |
3311 | 0 | if (err) |
3312 | 0 | log_error (_("error writing '%s': %s\n"), fname, gpg_strerror (err)); |
3313 | | |
3314 | |
|
3315 | 0 | leave: |
3316 | 0 | xfree (blob); |
3317 | 0 | gcry_sexp_release (skey); |
3318 | 0 | gcry_sexp_release (skeyalgo); |
3319 | 0 | gcry_cipher_close (cipherhd); |
3320 | 0 | xfree (get_membuf (&mb2, NULL)); |
3321 | 0 | xfree (get_membuf (&mb, NULL)); |
3322 | 0 | if (fp != es_stdout) |
3323 | 0 | es_fclose (fp); |
3324 | 0 | return err; |
3325 | 0 | } |