summaryrefslogtreecommitdiffstats
path: root/g10
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2022-12-01 12:28:15 +0100
committerWerner Koch <wk@gnupg.org>2022-12-02 10:09:58 +0100
commit1d88e14de751b19ae5637c4f6b0a1882c2f3b554 (patch)
treedd759c6716d8b268e294ad56742b6072b4ab5520 /g10
parenttests: Simplify fake-pinentry to use the option only. (diff)
downloadgnupg2-1d88e14de751b19ae5637c4f6b0a1882c2f3b554.tar.xz
gnupg2-1d88e14de751b19ae5637c4f6b0a1882c2f3b554.zip
gpg: Remove a mostly duplicated function.
* g10/export.c (receive_seckey_from_agent): Add arg r_key. (do_export_one_keyblock): Pass NULL for new arg. (receive_raw_seckey_from_agent): Remove. (export_secret_ssh_key): Use receive_seckey_from_agent. * g10/keygen.c (card_store_key_with_backup): Pass NULL for new arg.
Diffstat (limited to '')
-rw-r--r--g10/export.c113
-rw-r--r--g10/keygen.c2
-rw-r--r--g10/main.h2
3 files changed, 36 insertions, 81 deletions
diff --git a/g10/export.c b/g10/export.c
index 0187788f0..3d4413068 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -1249,28 +1249,45 @@ print_status_exported (PKT_public_key *pk)
* clear.
*
* CACHE_NONCE_ADDR is used to share nonce for multiple key retrievals.
+ *
+ * If PK is NULL, the raw key is returned (e.g. for ssh export) at
+ * R_KEY. CLEARTEXT and CACHE_NONCE_ADDR ared ignored in this case.
*/
gpg_error_t
receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
int cleartext,
char **cache_nonce_addr, const char *hexgrip,
- PKT_public_key *pk)
+ PKT_public_key *pk, gcry_sexp_t *r_key)
{
gpg_error_t err = 0;
unsigned char *wrappedkey = NULL;
size_t wrappedkeylen;
unsigned char *key = NULL;
size_t keylen, realkeylen;
- gcry_sexp_t s_skey;
+ gcry_sexp_t s_skey = NULL;
char *prompt;
+ if (r_key)
+ *r_key = NULL;
if (opt.verbose)
log_info ("key %s: asking agent for the secret parts\n", hexgrip);
- prompt = gpg_format_keydesc (ctrl, pk, FORMAT_KEYDESC_EXPORT,1);
- err = agent_export_key (ctrl, hexgrip, prompt, !cleartext, cache_nonce_addr,
- &wrappedkey, &wrappedkeylen,
- pk->keyid, pk->main_keyid, pk->pubkey_algo);
+ if (pk)
+ {
+ prompt = gpg_format_keydesc (ctrl, pk, FORMAT_KEYDESC_EXPORT, 1);
+ err = agent_export_key (ctrl, hexgrip, prompt, !cleartext,
+ cache_nonce_addr,
+ &wrappedkey, &wrappedkeylen,
+ pk->keyid, pk->main_keyid, pk->pubkey_algo);
+ }
+ else
+ {
+ prompt = gpg_format_keydesc (ctrl, NULL, FORMAT_KEYDESC_KEYGRIP, 1);
+ err = agent_export_key (ctrl, hexgrip, prompt, 0,
+ NULL,
+ &wrappedkey, &wrappedkeylen,
+ NULL, NULL, 0);
+ }
xfree (prompt);
if (err)
@@ -1297,14 +1314,19 @@ receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
err = gcry_sexp_sscan (&s_skey, NULL, key, realkeylen);
if (!err)
{
- if (cleartext)
+ if (pk && cleartext)
err = cleartext_secret_key_to_openpgp (s_skey, pk);
- else
+ else if (pk)
err = transfer_format_to_openpgp (s_skey, pk);
- gcry_sexp_release (s_skey);
+ else if (r_key)
+ {
+ *r_key = s_skey;
+ s_skey = NULL;
+ }
}
unwraperror:
+ gcry_sexp_release (s_skey);
xfree (key);
xfree (wrappedkey);
if (err)
@@ -1811,7 +1833,7 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
{
err = receive_seckey_from_agent (ctrl, cipherhd,
cleartext, &cache_nonce,
- hexgrip, pk);
+ hexgrip, pk, NULL);
if (err)
{
if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
@@ -2714,74 +2736,6 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
}
-/* Simplified version of receive_seckey_from_agent used to get the raw
- * key. */
-gpg_error_t
-receive_raw_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
- const char *hexgrip, gcry_sexp_t *r_key)
-{
- gpg_error_t err = 0;
- unsigned char *wrappedkey = NULL;
- size_t wrappedkeylen;
- unsigned char *key = NULL;
- size_t keylen, realkeylen;
- gcry_sexp_t s_skey = NULL;
-
- *r_key = NULL;
- if (opt.verbose)
- log_info ("key %s: asking agent for the secret parts\n", hexgrip);
-
- {
- char * prompt = gpg_format_keydesc (ctrl, NULL, FORMAT_KEYDESC_KEYGRIP, 1);
- err = agent_export_key (ctrl, hexgrip, prompt, 0, NULL,
- &wrappedkey, &wrappedkeylen,
- NULL, NULL, 0);
- xfree (prompt);
- }
- if (err)
- goto leave;
-
- if (wrappedkeylen < 24)
- {
- err = gpg_error (GPG_ERR_INV_LENGTH);
- goto leave;
- }
- keylen = wrappedkeylen - 8;
- key = xtrymalloc_secure (keylen);
- if (!key)
- {
- err = gpg_error_from_syserror ();
- goto leave;
- }
- err = gcry_cipher_decrypt (cipherhd, key, keylen, wrappedkey, wrappedkeylen);
- if (err)
- goto leave;
- realkeylen = gcry_sexp_canon_len (key, keylen, NULL, &err);
- if (!realkeylen)
- goto leave; /* Invalid csexp. */
-
- err = gcry_sexp_sscan (&s_skey, NULL, key, realkeylen);
- if (!err)
- {
- gcry_log_debugsxp ("skey", s_skey);
- *r_key = s_skey;
- s_skey = NULL;
- }
-
- leave:
- gcry_sexp_release (s_skey);
- xfree (key);
- xfree (wrappedkey);
- if (err)
- {
- log_error ("key %s: error receiving key from agent:"
- " %s%s\n", hexgrip, gpg_strerror (err),
- "");
- }
- return err;
-}
-
-
/* Export the key identified by USERID in the SSH secret key format.
* The USERID must be given in keygrip format (prefixed with a '&')
* and thus no OpenPGP key is required. The exported key is not
@@ -2827,7 +2781,8 @@ export_secret_ssh_key (ctrl_t ctrl, const char *userid)
if ((err = get_keywrap_key (ctrl, &cipherhd)))
goto leave;
- err = receive_raw_seckey_from_agent (ctrl, cipherhd, hexgrip, &skey);
+ err = receive_seckey_from_agent (ctrl, cipherhd, 0, NULL, hexgrip, NULL,
+ &skey);
if (err)
goto leave;
diff --git a/g10/keygen.c b/g10/keygen.c
index c2f2dcc9d..8e2c092fc 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -5287,7 +5287,7 @@ card_store_key_with_backup (ctrl_t ctrl, PKT_public_key *sub_psk,
}
err = receive_seckey_from_agent (ctrl, cipherhd, 0,
- &cache_nonce, hexgrip, sk);
+ &cache_nonce, hexgrip, sk, NULL);
if (err)
{
log_error ("error getting secret key from agent: %s\n",
diff --git a/g10/main.h b/g10/main.h
index 6d5ba77ac..968465ebd 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -434,7 +434,7 @@ gpg_error_t receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
int cleartext,
char **cache_nonce_addr,
const char *hexgrip,
- PKT_public_key *pk);
+ PKT_public_key *pk, gcry_sexp_t *r_key);
gpg_error_t write_keyblock_to_output (kbnode_t keyblock,
int with_armor, unsigned int options);