summaryrefslogtreecommitdiffstats
path: root/g10/export.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:14:06 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:14:06 +0000
commiteee068778cb28ecf3c14e1bf843a95547d72c42d (patch)
tree0e07b30ddc5ea579d682d5dbe57998200d1c9ab7 /g10/export.c
parentInitial commit. (diff)
downloadgnupg2-eee068778cb28ecf3c14e1bf843a95547d72c42d.tar.xz
gnupg2-eee068778cb28ecf3c14e1bf843a95547d72c42d.zip
Adding upstream version 2.2.40.upstream/2.2.40
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'g10/export.c')
-rw-r--r--g10/export.c2475
1 files changed, 2475 insertions, 0 deletions
diff --git a/g10/export.c b/g10/export.c
new file mode 100644
index 0000000..e98af59
--- /dev/null
+++ b/g10/export.c
@@ -0,0 +1,2475 @@
+/* export.c - Export keys in the OpenPGP defined format.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ * 2005, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 1998-2016 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "packet.h"
+#include "../common/status.h"
+#include "keydb.h"
+#include "../common/util.h"
+#include "main.h"
+#include "../common/i18n.h"
+#include "../common/membuf.h"
+#include "../common/host2net.h"
+#include "../common/zb32.h"
+#include "../common/recsel.h"
+#include "../common/mbox-util.h"
+#include "../common/init.h"
+#include "trustdb.h"
+#include "call-agent.h"
+#include "key-clean.h"
+
+
+/* An object to keep track of subkeys. */
+struct subkey_list_s
+{
+ struct subkey_list_s *next;
+ u32 kid[2];
+};
+typedef struct subkey_list_s *subkey_list_t;
+
+
+/* An object to track statistics for export operations. */
+struct export_stats_s
+{
+ ulong count; /* Number of processed keys. */
+ ulong secret_count; /* Number of secret keys seen. */
+ ulong exported; /* Number of actual exported keys. */
+};
+
+
+/* A global variable to store the selector created from
+ * --export-filter keep-uid=EXPR.
+ * --export-filter drop-subkey=EXPR.
+ *
+ * FIXME: We should put this into the CTRL object but that requires a
+ * lot more changes right now.
+ */
+static recsel_expr_t export_keep_uid;
+static recsel_expr_t export_drop_subkey;
+
+
+/* An object used for a linked list to implement the
+ * push_export_filter/pop_export_filters functions. */
+struct export_filter_attic_s
+{
+ struct export_filter_attic_s *next;
+ recsel_expr_t export_keep_uid;
+ recsel_expr_t export_drop_subkey;
+};
+static struct export_filter_attic_s *export_filter_attic;
+
+
+
+/* Local prototypes. */
+static int do_export (ctrl_t ctrl, strlist_t users, int secret,
+ unsigned int options, export_stats_t stats);
+static int do_export_stream (ctrl_t ctrl, iobuf_t out,
+ strlist_t users, int secret,
+ kbnode_t *keyblock_out, unsigned int options,
+ export_stats_t stats, int *any);
+static gpg_error_t print_pka_or_dane_records
+/**/ (iobuf_t out, kbnode_t keyblock, PKT_public_key *pk,
+ const void *data, size_t datalen,
+ int print_pka, int print_dane);
+
+
+static void
+cleanup_export_globals (void)
+{
+ recsel_release (export_keep_uid);
+ export_keep_uid = NULL;
+ recsel_release (export_drop_subkey);
+ export_drop_subkey = NULL;
+}
+
+
+/* Option parser for export options. See parse_options fro
+ details. */
+int
+parse_export_options(char *str,unsigned int *options,int noisy)
+{
+ struct parse_options export_opts[]=
+ {
+ {"export-local-sigs",EXPORT_LOCAL_SIGS,NULL,
+ N_("export signatures that are marked as local-only")},
+ {"export-attributes",EXPORT_ATTRIBUTES,NULL,
+ N_("export attribute user IDs (generally photo IDs)")},
+ {"export-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL,
+ N_("export revocation keys marked as \"sensitive\"")},
+ {"export-clean",EXPORT_CLEAN,NULL,
+ N_("remove unusable parts from key during export")},
+ {"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN,NULL,
+ N_("remove as much as possible from key during export")},
+
+ {"export-pka", EXPORT_PKA_FORMAT, NULL, NULL },
+ {"export-dane", EXPORT_DANE_FORMAT, NULL, NULL },
+
+ {"backup", EXPORT_BACKUP, NULL,
+ N_("use the GnuPG key backup format")},
+ {"export-backup", EXPORT_BACKUP, NULL, NULL },
+
+ /* Aliases for backward compatibility */
+ {"include-local-sigs",EXPORT_LOCAL_SIGS,NULL,NULL},
+ {"include-attributes",EXPORT_ATTRIBUTES,NULL,NULL},
+ {"include-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL,NULL},
+ /* dummy */
+ {"export-unusable-sigs",0,NULL,NULL},
+ {"export-clean-sigs",0,NULL,NULL},
+ {"export-clean-uids",0,NULL,NULL},
+ {NULL,0,NULL,NULL}
+ /* add tags for include revoked and disabled? */
+ };
+ int rc;
+
+ rc = parse_options (str, options, export_opts, noisy);
+ if (rc && (*options & EXPORT_BACKUP))
+ {
+ /* Alter other options we want or don't want for restore. */
+ *options |= (EXPORT_LOCAL_SIGS | EXPORT_ATTRIBUTES
+ | EXPORT_SENSITIVE_REVKEYS);
+ *options &= ~(EXPORT_CLEAN | EXPORT_MINIMAL
+ | EXPORT_PKA_FORMAT | EXPORT_DANE_FORMAT);
+ }
+ return rc;
+}
+
+
+/* Parse and set an export filter from string. STRING has the format
+ * "NAME=EXPR" with NAME being the name of the filter. Spaces before
+ * and after NAME are not allowed. If this function is called several
+ * times all expressions for the same NAME are concatenated.
+ * Supported filter names are:
+ *
+ * - keep-uid :: If the expression evaluates to true for a certain
+ * user ID packet, that packet and all it dependencies
+ * will be exported. The expression may use these
+ * variables:
+ *
+ * - uid :: The entire user ID.
+ * - mbox :: The mail box part of the user ID.
+ * - primary :: Evaluate to true for the primary user ID.
+ *
+ * - drop-subkey :: If the expression evaluates to true for a subkey
+ * packet that subkey and all it dependencies will be
+ * remove from the keyblock. The expression may use these
+ * variables:
+ *
+ * - secret :: 1 for a secret subkey, else 0.
+ * - key_algo :: Public key algorithm id
+ */
+gpg_error_t
+parse_and_set_export_filter (const char *string)
+{
+ gpg_error_t err;
+
+ /* Auto register the cleanup function. */
+ register_mem_cleanup_func (cleanup_export_globals);
+
+ if (!strncmp (string, "keep-uid=", 9))
+ err = recsel_parse_expr (&export_keep_uid, string+9);
+ else if (!strncmp (string, "drop-subkey=", 12))
+ err = recsel_parse_expr (&export_drop_subkey, string+12);
+ else
+ err = gpg_error (GPG_ERR_INV_NAME);
+
+ return err;
+}
+
+
+/* Push the current export filters onto a stack so that new export
+ * filters can be defined which will be active until the next
+ * pop_export_filters or another push_export_filters. */
+void
+push_export_filters (void)
+{
+ struct export_filter_attic_s *item;
+
+ item = xcalloc (1, sizeof *item);
+ item->export_keep_uid = export_keep_uid;
+ export_keep_uid = NULL;
+ item->export_drop_subkey = export_drop_subkey;
+ export_drop_subkey = NULL;
+ item->next = export_filter_attic;
+ export_filter_attic = item;
+}
+
+
+/* Revert the last push_export_filters. */
+void
+pop_export_filters (void)
+{
+ struct export_filter_attic_s *item;
+
+ item = export_filter_attic;
+ if (!item)
+ BUG (); /* No corresponding push. */
+ export_filter_attic = item->next;
+ cleanup_export_globals ();
+ export_keep_uid = item->export_keep_uid;
+ export_drop_subkey = item->export_drop_subkey;
+}
+
+
+
+/* Create a new export stats object initialized to zero. On error
+ returns NULL and sets ERRNO. */
+export_stats_t
+export_new_stats (void)
+{
+ export_stats_t stats;
+
+ return xtrycalloc (1, sizeof *stats);
+}
+
+
+/* Release an export stats object. */
+void
+export_release_stats (export_stats_t stats)
+{
+ xfree (stats);
+}
+
+
+/* Print export statistics using the status interface. */
+void
+export_print_stats (export_stats_t stats)
+{
+ if (!stats)
+ return;
+
+ if (is_status_enabled ())
+ {
+ char buf[15*20];
+
+ snprintf (buf, sizeof buf, "%lu %lu %lu",
+ stats->count,
+ stats->secret_count,
+ stats->exported );
+ write_status_text (STATUS_EXPORT_RES, buf);
+ }
+}
+
+
+/*
+ * Export public keys (to stdout or to --output FILE).
+ *
+ * Depending on opt.armor the output is armored. OPTIONS are defined
+ * in main.h. If USERS is NULL, all keys will be exported. STATS is
+ * either an export stats object for update or NULL.
+ *
+ * This function is the core of "gpg --export".
+ */
+int
+export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options,
+ export_stats_t stats)
+{
+ return do_export (ctrl, users, 0, options, stats);
+}
+
+
+/*
+ * Export secret keys (to stdout or to --output FILE).
+ *
+ * Depending on opt.armor the output is armored. OPTIONS are defined
+ * in main.h. If USERS is NULL, all secret keys will be exported.
+ * STATS is either an export stats object for update or NULL.
+ *
+ * This function is the core of "gpg --export-secret-keys".
+ */
+int
+export_seckeys (ctrl_t ctrl, strlist_t users, unsigned int options,
+ export_stats_t stats)
+{
+ return do_export (ctrl, users, 1, options, stats);
+}
+
+
+/*
+ * Export secret sub keys (to stdout or to --output FILE).
+ *
+ * This is the same as export_seckeys but replaces the primary key by
+ * a stub key. Depending on opt.armor the output is armored. OPTIONS
+ * are defined in main.h. If USERS is NULL, all secret subkeys will
+ * be exported. STATS is either an export stats object for update or
+ * NULL.
+ *
+ * This function is the core of "gpg --export-secret-subkeys".
+ */
+int
+export_secsubkeys (ctrl_t ctrl, strlist_t users, unsigned int options,
+ export_stats_t stats)
+{
+ return do_export (ctrl, users, 2, options, stats);
+}
+
+
+/*
+ * Export a single key into a memory buffer. STATS is either an
+ * export stats object for update or NULL. If PREFIX is not NULL
+ * PREFIXLEN bytes from PREFIX are prepended to the R_DATA.
+ */
+gpg_error_t
+export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options,
+ const void *prefix, size_t prefixlen,
+ export_stats_t stats,
+ kbnode_t *r_keyblock, void **r_data, size_t *r_datalen)
+{
+ gpg_error_t err;
+ iobuf_t iobuf;
+ int any;
+ strlist_t helplist;
+
+ *r_keyblock = NULL;
+ *r_data = NULL;
+ *r_datalen = 0;
+
+ helplist = NULL;
+ if (!add_to_strlist_try (&helplist, keyspec))
+ return gpg_error_from_syserror ();
+
+ iobuf = iobuf_temp ();
+ if (prefix && prefixlen)
+ iobuf_write (iobuf, prefix, prefixlen);
+ err = do_export_stream (ctrl, iobuf, helplist, 0, r_keyblock, options,
+ stats, &any);
+ if (!err && !any)
+ err = gpg_error (GPG_ERR_NOT_FOUND);
+ if (!err)
+ {
+ const void *src;
+ size_t datalen;
+
+ iobuf_flush_temp (iobuf);
+ src = iobuf_get_temp_buffer (iobuf);
+ datalen = iobuf_get_temp_length (iobuf);
+ if (!datalen)
+ err = gpg_error (GPG_ERR_NO_PUBKEY);
+ else if (!(*r_data = xtrymalloc (datalen)))
+ err = gpg_error_from_syserror ();
+ else
+ {
+ memcpy (*r_data, src, datalen);
+ *r_datalen = datalen;
+ }
+ }
+ iobuf_close (iobuf);
+ free_strlist (helplist);
+ if (err && *r_keyblock)
+ {
+ release_kbnode (*r_keyblock);
+ *r_keyblock = NULL;
+ }
+ return err;
+}
+
+
+/* Export the keys identified by the list of strings in USERS. If
+ Secret is false public keys will be exported. With secret true
+ secret keys will be exported; in this case 1 means the entire
+ secret keyblock and 2 only the subkeys. OPTIONS are the export
+ options to apply. */
+static int
+do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options,
+ export_stats_t stats)
+{
+ IOBUF out = NULL;
+ int any, rc;
+ armor_filter_context_t *afx = NULL;
+ compress_filter_context_t zfx;
+
+ memset( &zfx, 0, sizeof zfx);
+
+ rc = open_outfile (-1, NULL, 0, !!secret, &out );
+ if (rc)
+ return rc;
+
+ if ( opt.armor && !(options & (EXPORT_PKA_FORMAT|EXPORT_DANE_FORMAT)) )
+ {
+ afx = new_armor_context ();
+ afx->what = secret? 5 : 1;
+ push_armor_filter (afx, out);
+ }
+
+ rc = do_export_stream (ctrl, out, users, secret, NULL, options, stats, &any);
+
+ if ( rc || !any )
+ iobuf_cancel (out);
+ else
+ iobuf_close (out);
+ release_armor_context (afx);
+ return rc;
+}
+
+
+
+/* Release an entire subkey list. */
+static void
+release_subkey_list (subkey_list_t list)
+{
+ while (list)
+ {
+ subkey_list_t tmp = list->next;;
+ xfree (list);
+ list = tmp;
+ }
+}
+
+
+/* Returns true if NODE is a subkey and contained in LIST. */
+static int
+subkey_in_list_p (subkey_list_t list, KBNODE node)
+{
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY )
+ {
+ u32 kid[2];
+
+ keyid_from_pk (node->pkt->pkt.public_key, kid);
+
+ for (; list; list = list->next)
+ if (list->kid[0] == kid[0] && list->kid[1] == kid[1])
+ return 1;
+ }
+ return 0;
+}
+
+/* Allocate a new subkey list item from NODE. */
+static subkey_list_t
+new_subkey_list_item (KBNODE node)
+{
+ subkey_list_t list = xcalloc (1, sizeof *list);
+
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY)
+ keyid_from_pk (node->pkt->pkt.public_key, list->kid);
+
+ return list;
+}
+
+
+/* Helper function to check whether the subkey at NODE actually
+ matches the description at DESC. The function returns true if the
+ key under question has been specified by an exact specification
+ (keyID or fingerprint) and does match the one at NODE. It is
+ assumed that the packet at NODE is either a public or secret
+ subkey. */
+int
+exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, kbnode_t node)
+{
+ u32 kid[2];
+ byte fpr[MAX_FINGERPRINT_LEN];
+ size_t fprlen;
+ int result = 0;
+
+ switch(desc->mode)
+ {
+ case KEYDB_SEARCH_MODE_SHORT_KID:
+ case KEYDB_SEARCH_MODE_LONG_KID:
+ keyid_from_pk (node->pkt->pkt.public_key, kid);
+ break;
+
+ case KEYDB_SEARCH_MODE_FPR16:
+ case KEYDB_SEARCH_MODE_FPR20:
+ case KEYDB_SEARCH_MODE_FPR:
+ fingerprint_from_pk (node->pkt->pkt.public_key, fpr,&fprlen);
+ break;
+
+ default:
+ break;
+ }
+
+ switch(desc->mode)
+ {
+ case KEYDB_SEARCH_MODE_SHORT_KID:
+ if (desc->u.kid[1] == kid[1])
+ result = 1;
+ break;
+
+ case KEYDB_SEARCH_MODE_LONG_KID:
+ if (desc->u.kid[0] == kid[0] && desc->u.kid[1] == kid[1])
+ result = 1;
+ break;
+
+ case KEYDB_SEARCH_MODE_FPR16:
+ if (!memcmp (desc->u.fpr, fpr, 16))
+ result = 1;
+ break;
+
+ case KEYDB_SEARCH_MODE_FPR20:
+ case KEYDB_SEARCH_MODE_FPR:
+ if (!memcmp (desc->u.fpr, fpr, 20))
+ result = 1;
+ break;
+
+ default:
+ break;
+ }
+
+ return result;
+}
+
+
+/* Return an error if the key represented by the S-expression S_KEY
+ * and the OpenPGP key represented by PK do not use the same curve. */
+static gpg_error_t
+match_curve_skey_pk (gcry_sexp_t s_key, PKT_public_key *pk)
+{
+ gcry_sexp_t curve = NULL;
+ gcry_sexp_t flags = NULL;
+ char *curve_str = NULL;
+ char *flag;
+ const char *oidstr = NULL;
+ gcry_mpi_t curve_as_mpi = NULL;
+ gpg_error_t err;
+ int is_eddsa = 0;
+ int idx = 0;
+
+ if (!(pk->pubkey_algo==PUBKEY_ALGO_ECDH
+ || pk->pubkey_algo==PUBKEY_ALGO_ECDSA
+ || pk->pubkey_algo==PUBKEY_ALGO_EDDSA))
+ return gpg_error (GPG_ERR_PUBKEY_ALGO);
+
+ curve = gcry_sexp_find_token (s_key, "curve", 0);
+ if (!curve)
+ {
+ log_error ("no reported curve\n");
+ return gpg_error (GPG_ERR_UNKNOWN_CURVE);
+ }
+ curve_str = gcry_sexp_nth_string (curve, 1);
+ gcry_sexp_release (curve); curve = NULL;
+ if (!curve_str)
+ {
+ log_error ("no curve name\n");
+ return gpg_error (GPG_ERR_UNKNOWN_CURVE);
+ }
+ oidstr = openpgp_curve_to_oid (curve_str, NULL, NULL);
+ if (!oidstr)
+ {
+ log_error ("no OID known for curve '%s'\n", curve_str);
+ xfree (curve_str);
+ return gpg_error (GPG_ERR_UNKNOWN_CURVE);
+ }
+ xfree (curve_str);
+ err = openpgp_oid_from_str (oidstr, &curve_as_mpi);
+ if (err)
+ return err;
+ if (gcry_mpi_cmp (pk->pkey[0], curve_as_mpi))
+ {
+ log_error ("curves do not match\n");
+ gcry_mpi_release (curve_as_mpi);
+ return gpg_error (GPG_ERR_INV_CURVE);
+ }
+ gcry_mpi_release (curve_as_mpi);
+ flags = gcry_sexp_find_token (s_key, "flags", 0);
+ if (flags)
+ {
+ for (idx = 1; idx < gcry_sexp_length (flags); idx++)
+ {
+ flag = gcry_sexp_nth_string (flags, idx);
+ if (flag && (strcmp ("eddsa", flag) == 0))
+ is_eddsa = 1;
+ gcry_free (flag);
+ }
+ }
+ if (is_eddsa != (pk->pubkey_algo == PUBKEY_ALGO_EDDSA))
+ {
+ log_error ("disagreement about EdDSA\n");
+ err = gpg_error (GPG_ERR_INV_CURVE);
+ }
+
+ return err;
+}
+
+
+/* Return a canonicalized public key algoithms. This is used to
+ compare different flavors of algorithms (e.g. ELG and ELG_E are
+ considered the same). */
+static enum gcry_pk_algos
+canon_pk_algo (enum gcry_pk_algos algo)
+{
+ switch (algo)
+ {
+ case GCRY_PK_RSA:
+ case GCRY_PK_RSA_E:
+ case GCRY_PK_RSA_S: return GCRY_PK_RSA;
+ case GCRY_PK_ELG:
+ case GCRY_PK_ELG_E: return GCRY_PK_ELG;
+ case GCRY_PK_ECC:
+ case GCRY_PK_ECDSA:
+ case GCRY_PK_ECDH: return GCRY_PK_ECC;
+ default: return algo;
+ }
+}
+
+
+/* Take a cleartext dump of a secret key in PK and change the
+ * parameter array in PK to include the secret parameters. */
+static gpg_error_t
+cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk)
+{
+ gpg_error_t err;
+ gcry_sexp_t top_list;
+ gcry_sexp_t key = NULL;
+ char *key_type = NULL;
+ enum gcry_pk_algos pk_algo;
+ struct seckey_info *ski;
+ int idx, sec_start;
+ gcry_mpi_t pub_params[10] = { NULL };
+
+ /* we look for a private-key, then the first element in it tells us
+ the type */
+ top_list = gcry_sexp_find_token (s_key, "private-key", 0);
+ if (!top_list)
+ goto bad_seckey;
+
+ /* ignore all S-expression after the first sublist -- we assume that
+ they are comments or otherwise irrelevant to OpenPGP */
+ if (gcry_sexp_length(top_list) < 2)
+ goto bad_seckey;
+ key = gcry_sexp_nth (top_list, 1);
+ if (!key)
+ goto bad_seckey;
+ key_type = gcry_sexp_nth_string(key, 0);
+ pk_algo = gcry_pk_map_name (key_type);
+
+ log_assert (!pk->seckey_info);
+
+ pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
+ if (!ski)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+
+ switch (canon_pk_algo (pk_algo))
+ {
+ case GCRY_PK_RSA:
+ if (!is_RSA (pk->pubkey_algo))
+ goto bad_pubkey_algo;
+ err = gcry_sexp_extract_param (key, NULL, "ne",
+ &pub_params[0],
+ &pub_params[1],
+ NULL);
+ for (idx=0; idx < 2 && !err; idx++)
+ if (gcry_mpi_cmp(pk->pkey[idx], pub_params[idx]))
+ err = gpg_error (GPG_ERR_BAD_PUBKEY);
+ if (!err)
+ {
+ for (idx = 2; idx < 6 && !err; idx++)
+ {
+ gcry_mpi_release (pk->pkey[idx]);
+ pk->pkey[idx] = NULL;
+ }
+ err = gcry_sexp_extract_param (key, NULL, "dpqu",
+ &pk->pkey[2],
+ &pk->pkey[3],
+ &pk->pkey[4],
+ &pk->pkey[5],
+ NULL);
+ }
+ if (!err)
+ {
+ for (idx = 2; idx < 6; idx++)
+ ski->csum += checksum_mpi (pk->pkey[idx]);
+ }
+ break;
+
+ case GCRY_PK_DSA:
+ if (!is_DSA (pk->pubkey_algo))
+ goto bad_pubkey_algo;
+ err = gcry_sexp_extract_param (key, NULL, "pqgy",
+ &pub_params[0],
+ &pub_params[1],
+ &pub_params[2],
+ &pub_params[3],
+ NULL);
+ for (idx=0; idx < 4 && !err; idx++)
+ if (gcry_mpi_cmp(pk->pkey[idx], pub_params[idx]))
+ err = gpg_error (GPG_ERR_BAD_PUBKEY);
+ if (!err)
+ {
+ gcry_mpi_release (pk->pkey[4]);
+ pk->pkey[4] = NULL;
+ err = gcry_sexp_extract_param (key, NULL, "x",
+ &pk->pkey[4],
+ NULL);
+ }
+ if (!err)
+ ski->csum += checksum_mpi (pk->pkey[4]);
+ break;
+
+ case GCRY_PK_ELG:
+ if (!is_ELGAMAL (pk->pubkey_algo))
+ goto bad_pubkey_algo;
+ err = gcry_sexp_extract_param (key, NULL, "pgy",
+ &pub_params[0],
+ &pub_params[1],
+ &pub_params[2],
+ NULL);
+ for (idx=0; idx < 3 && !err; idx++)
+ if (gcry_mpi_cmp(pk->pkey[idx], pub_params[idx]))
+ err = gpg_error (GPG_ERR_BAD_PUBKEY);
+ if (!err)
+ {
+ gcry_mpi_release (pk->pkey[3]);
+ pk->pkey[3] = NULL;
+ err = gcry_sexp_extract_param (key, NULL, "x",
+ &pk->pkey[3],
+ NULL);
+ }
+ if (!err)
+ ski->csum += checksum_mpi (pk->pkey[3]);
+ break;
+
+ case GCRY_PK_ECC:
+ err = match_curve_skey_pk (key, pk);
+ if (err)
+ goto leave;
+ if (!err)
+ err = gcry_sexp_extract_param (key, NULL, "q",
+ &pub_params[0],
+ NULL);
+ if (!err && (gcry_mpi_cmp(pk->pkey[1], pub_params[0])))
+ err = gpg_error (GPG_ERR_BAD_PUBKEY);
+
+ sec_start = 2;
+ if (pk->pubkey_algo == PUBKEY_ALGO_ECDH)
+ sec_start += 1;
+ if (!err)
+ {
+ gcry_mpi_release (pk->pkey[sec_start]);
+ pk->pkey[sec_start] = NULL;
+ err = gcry_sexp_extract_param (key, NULL, "d",
+ &pk->pkey[sec_start],
+ NULL);
+ }
+
+ if (!err)
+ ski->csum += checksum_mpi (pk->pkey[sec_start]);
+ break;
+
+ default:
+ pk->seckey_info = NULL;
+ xfree (ski);
+ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ break;
+ }
+
+ leave:
+ gcry_sexp_release (top_list);
+ gcry_sexp_release (key);
+ gcry_free (key_type);
+
+ for (idx=0; idx < DIM(pub_params); idx++)
+ gcry_mpi_release (pub_params[idx]);
+ return err;
+
+ bad_pubkey_algo:
+ err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+ goto leave;
+
+ bad_seckey:
+ err = gpg_error (GPG_ERR_BAD_SECKEY);
+ goto leave;
+}
+
+
+/* Use the key transfer format given in S_PGP to create the secinfo
+ structure in PK and change the parameter array in PK to include the
+ secret parameters. */
+static gpg_error_t
+transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
+{
+ gpg_error_t err;
+ gcry_sexp_t top_list;
+ gcry_sexp_t list = NULL;
+ char *curve = NULL;
+ const char *value;
+ size_t valuelen;
+ char *string;
+ int idx;
+ int is_v4, is_protected;
+ enum gcry_pk_algos pk_algo;
+ int protect_algo = 0;
+ char iv[16];
+ int ivlen = 0;
+ int s2k_mode = 0;
+ int s2k_algo = 0;
+ byte s2k_salt[8];
+ u32 s2k_count = 0;
+ int is_ecdh = 0;
+ size_t npkey, nskey;
+ gcry_mpi_t skey[10]; /* We support up to 9 parameters. */
+ int skeyidx = 0;
+ struct seckey_info *ski;
+
+ /* gcry_log_debugsxp ("transferkey", s_pgp); */
+ top_list = gcry_sexp_find_token (s_pgp, "openpgp-private-key", 0);
+ if (!top_list)
+ goto bad_seckey;
+
+ list = gcry_sexp_find_token (top_list, "version", 0);
+ if (!list)
+ goto bad_seckey;
+ value = gcry_sexp_nth_data (list, 1, &valuelen);
+ if (!value || valuelen != 1 || !(value[0] == '3' || value[0] == '4'))
+ goto bad_seckey;
+ is_v4 = (value[0] == '4');
+
+ gcry_sexp_release (list);
+ list = gcry_sexp_find_token (top_list, "protection", 0);
+ if (!list)
+ goto bad_seckey;
+ value = gcry_sexp_nth_data (list, 1, &valuelen);
+ if (!value)
+ goto bad_seckey;
+ if (valuelen == 4 && !memcmp (value, "sha1", 4))
+ is_protected = 2;
+ else if (valuelen == 3 && !memcmp (value, "sum", 3))
+ is_protected = 1;
+ else if (valuelen == 4 && !memcmp (value, "none", 4))
+ is_protected = 0;
+ else
+ goto bad_seckey;
+ if (is_protected)
+ {
+ string = gcry_sexp_nth_string (list, 2);
+ if (!string)
+ goto bad_seckey;
+ protect_algo = gcry_cipher_map_name (string);
+ xfree (string);
+
+ value = gcry_sexp_nth_data (list, 3, &valuelen);
+ if (!value || !valuelen || valuelen > sizeof iv)
+ goto bad_seckey;
+ memcpy (iv, value, valuelen);
+ ivlen = valuelen;
+
+ string = gcry_sexp_nth_string (list, 4);
+ if (!string)
+ goto bad_seckey;
+ s2k_mode = strtol (string, NULL, 10);
+ xfree (string);
+
+ string = gcry_sexp_nth_string (list, 5);
+ if (!string)
+ goto bad_seckey;
+ s2k_algo = gcry_md_map_name (string);
+ xfree (string);
+
+ value = gcry_sexp_nth_data (list, 6, &valuelen);
+ if (!value || !valuelen || valuelen > sizeof s2k_salt)
+ goto bad_seckey;
+ memcpy (s2k_salt, value, valuelen);
+
+ string = gcry_sexp_nth_string (list, 7);
+ if (!string)
+ goto bad_seckey;
+ s2k_count = strtoul (string, NULL, 10);
+ xfree (string);
+ }
+
+ /* Parse the gcrypt PK algo and check that it is okay. */
+ gcry_sexp_release (list);
+ list = gcry_sexp_find_token (top_list, "algo", 0);
+ if (!list)
+ goto bad_seckey;
+ string = gcry_sexp_nth_string (list, 1);
+ if (!string)
+ goto bad_seckey;
+ pk_algo = gcry_pk_map_name (string);
+ xfree (string); string = NULL;
+ if (gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey)
+ || gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &nskey)
+ || !npkey || npkey >= nskey)
+ goto bad_seckey;
+
+ /* Check that the pubkey algo matches the one from the public key. */
+ switch (canon_pk_algo (pk_algo))
+ {
+ case GCRY_PK_RSA:
+ if (!is_RSA (pk->pubkey_algo))
+ pk_algo = 0; /* Does not match. */
+ break;
+ case GCRY_PK_DSA:
+ if (!is_DSA (pk->pubkey_algo))
+ pk_algo = 0; /* Does not match. */
+ break;
+ case GCRY_PK_ELG:
+ if (!is_ELGAMAL (pk->pubkey_algo))
+ pk_algo = 0; /* Does not match. */
+ break;
+ case GCRY_PK_ECC:
+ if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
+ ;
+ else if (pk->pubkey_algo == PUBKEY_ALGO_ECDH)
+ is_ecdh = 1;
+ else if (pk->pubkey_algo == PUBKEY_ALGO_EDDSA)
+ ;
+ else
+ pk_algo = 0; /* Does not match. */
+ /* For ECC we do not have the domain parameters thus fix our info. */
+ npkey = 1;
+ nskey = 2;
+ break;
+ default:
+ pk_algo = 0; /* Oops. */
+ break;
+ }
+ if (!pk_algo)
+ {
+ err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+ goto leave;
+ }
+
+ /* This check has to go after the ecc adjustments. */
+ if (nskey > PUBKEY_MAX_NSKEY)
+ goto bad_seckey;
+
+ /* Parse the key parameters. */
+ gcry_sexp_release (list);
+ list = gcry_sexp_find_token (top_list, "skey", 0);
+ if (!list)
+ goto bad_seckey;
+ for (idx=0;;)
+ {
+ int is_enc;
+
+ value = gcry_sexp_nth_data (list, ++idx, &valuelen);
+ if (!value && skeyidx >= npkey)
+ break; /* Ready. */
+
+ /* Check for too many parameters. Note that depending on the
+ protection mode and version number we may see less than NSKEY
+ (but at least NPKEY+1) parameters. */
+ if (idx >= 2*nskey)
+ goto bad_seckey;
+ if (skeyidx >= DIM (skey)-1)
+ goto bad_seckey;
+
+ if (!value || valuelen != 1 || !(value[0] == '_' || value[0] == 'e'))
+ goto bad_seckey;
+ is_enc = (value[0] == 'e');
+ value = gcry_sexp_nth_data (list, ++idx, &valuelen);
+ if (!value || !valuelen)
+ goto bad_seckey;
+ if (is_enc)
+ {
+ void *p = xtrymalloc (valuelen);
+ if (!p)
+ goto outofmem;
+ memcpy (p, value, valuelen);
+ skey[skeyidx] = gcry_mpi_set_opaque (NULL, p, valuelen*8);
+ if (!skey[skeyidx])
+ goto outofmem;
+ }
+ else
+ {
+ if (gcry_mpi_scan (skey + skeyidx, GCRYMPI_FMT_STD,
+ value, valuelen, NULL))
+ goto bad_seckey;
+ }
+ skeyidx++;
+ }
+ skey[skeyidx++] = NULL;
+
+ gcry_sexp_release (list); list = NULL;
+
+ /* We have no need for the CSUM value thus we don't parse it. */
+ /* list = gcry_sexp_find_token (top_list, "csum", 0); */
+ /* if (list) */
+ /* { */
+ /* string = gcry_sexp_nth_string (list, 1); */
+ /* if (!string) */
+ /* goto bad_seckey; */
+ /* desired_csum = strtoul (string, NULL, 10); */
+ /* xfree (string); */
+ /* } */
+ /* else */
+ /* desired_csum = 0; */
+ /* gcry_sexp_release (list); list = NULL; */
+
+ /* Get the curve name if any, */
+ list = gcry_sexp_find_token (top_list, "curve", 0);
+ if (list)
+ {
+ curve = gcry_sexp_nth_string (list, 1);
+ gcry_sexp_release (list); list = NULL;
+ }
+
+ gcry_sexp_release (top_list); top_list = NULL;
+
+ /* log_debug ("XXX is_v4=%d\n", is_v4); */
+ /* log_debug ("XXX pubkey_algo=%d\n", pubkey_algo); */
+ /* log_debug ("XXX is_protected=%d\n", is_protected); */
+ /* log_debug ("XXX protect_algo=%d\n", protect_algo); */
+ /* log_printhex (iv, ivlen, "XXX iv"); */
+ /* log_debug ("XXX ivlen=%d\n", ivlen); */
+ /* log_debug ("XXX s2k_mode=%d\n", s2k_mode); */
+ /* log_debug ("XXX s2k_algo=%d\n", s2k_algo); */
+ /* log_printhex (s2k_salt, sizeof s2k_salt, "XXX s2k_salt"); */
+ /* log_debug ("XXX s2k_count=%lu\n", (unsigned long)s2k_count); */
+ /* for (idx=0; skey[idx]; idx++) */
+ /* { */
+ /* int is_enc = gcry_mpi_get_flag (skey[idx], GCRYMPI_FLAG_OPAQUE); */
+ /* log_info ("XXX skey[%d]%s:", idx, is_enc? " (enc)":""); */
+ /* if (is_enc) */
+ /* { */
+ /* void *p; */
+ /* unsigned int nbits; */
+ /* p = gcry_mpi_get_opaque (skey[idx], &nbits); */
+ /* log_printhex ( p, (nbits+7)/8, NULL); */
+ /* } */
+ /* else */
+ /* gcry_mpi_dump (skey[idx]); */
+ /* log_printf ("\n"); */
+ /* } */
+
+ if (!is_v4 || is_protected != 2 )
+ {
+ /* We only support the v4 format and a SHA-1 checksum. */
+ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ goto leave;
+ }
+
+ /* We need to change the received parameters for ECC algorithms.
+ The transfer format has the curve name and the parameters
+ separate. We put them all into the SKEY array. */
+ if (canon_pk_algo (pk_algo) == GCRY_PK_ECC)
+ {
+ const char *oidstr;
+
+ /* Assert that all required parameters are available. We also
+ check that the array does not contain more parameters than
+ needed (this was used by some beta versions of 2.1. */
+ if (!curve || !skey[0] || !skey[1] || skey[2])
+ {
+ err = gpg_error (GPG_ERR_INTERNAL);
+ goto leave;
+ }
+
+ oidstr = openpgp_curve_to_oid (curve, NULL, NULL);
+ if (!oidstr)
+ {
+ log_error ("no OID known for curve '%s'\n", curve);
+ err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
+ goto leave;
+ }
+ /* Put the curve's OID into the MPI array. This requires
+ that we shift Q and D. For ECDH also insert the KDF parms. */
+ if (is_ecdh)
+ {
+ skey[4] = NULL;
+ skey[3] = skey[1];
+ skey[2] = gcry_mpi_copy (pk->pkey[2]);
+ }
+ else
+ {
+ skey[3] = NULL;
+ skey[2] = skey[1];
+ }
+ skey[1] = skey[0];
+ skey[0] = NULL;
+ err = openpgp_oid_from_str (oidstr, skey + 0);
+ if (err)
+ goto leave;
+ /* Fixup the NPKEY and NSKEY to match OpenPGP reality. */
+ npkey = 2 + is_ecdh;
+ nskey = 3 + is_ecdh;
+
+ /* for (idx=0; skey[idx]; idx++) */
+ /* { */
+ /* log_info ("YYY skey[%d]:", idx); */
+ /* if (gcry_mpi_get_flag (skey[idx], GCRYMPI_FLAG_OPAQUE)) */
+ /* { */
+ /* void *p; */
+ /* unsigned int nbits; */
+ /* p = gcry_mpi_get_opaque (skey[idx], &nbits); */
+ /* log_printhex (p, (nbits+7)/8, NULL); */
+ /* } */
+ /* else */
+ /* gcry_mpi_dump (skey[idx]); */
+ /* log_printf ("\n"); */
+ /* } */
+ }
+
+ /* Do some sanity checks. */
+ if (s2k_count > 255)
+ {
+ /* We expect an already encoded S2K count. */
+ err = gpg_error (GPG_ERR_INV_DATA);
+ goto leave;
+ }
+ err = openpgp_cipher_test_algo (protect_algo);
+ if (err)
+ goto leave;
+ err = openpgp_md_test_algo (s2k_algo);
+ if (err)
+ goto leave;
+
+ /* Check that the public key parameters match. Note that since
+ Libgcrypt 1.5 gcry_mpi_cmp handles opaque MPI correctly. */
+ for (idx=0; idx < npkey; idx++)
+ if (gcry_mpi_cmp (pk->pkey[idx], skey[idx]))
+ {
+ err = gpg_error (GPG_ERR_BAD_PUBKEY);
+ goto leave;
+ }
+
+ /* Check that the first secret key parameter in SKEY is encrypted
+ and that there are no more secret key parameters. The latter is
+ guaranteed by the v4 packet format. */
+ if (!gcry_mpi_get_flag (skey[npkey], GCRYMPI_FLAG_OPAQUE))
+ goto bad_seckey;
+ if (npkey+1 < DIM (skey) && skey[npkey+1])
+ goto bad_seckey;
+
+ /* Check that the secret key parameters in PK are all set to NULL. */
+ for (idx=npkey; idx < nskey; idx++)
+ if (pk->pkey[idx])
+ goto bad_seckey;
+
+ /* Now build the protection info. */
+ pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
+ if (!ski)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+
+ ski->is_protected = 1;
+ ski->sha1chk = 1;
+ ski->algo = protect_algo;
+ ski->s2k.mode = s2k_mode;
+ ski->s2k.hash_algo = s2k_algo;
+ log_assert (sizeof ski->s2k.salt == sizeof s2k_salt);
+ memcpy (ski->s2k.salt, s2k_salt, sizeof s2k_salt);
+ ski->s2k.count = s2k_count;
+ log_assert (ivlen <= sizeof ski->iv);
+ memcpy (ski->iv, iv, ivlen);
+ ski->ivlen = ivlen;
+
+ /* Store the protected secret key parameter. */
+ pk->pkey[npkey] = skey[npkey];
+ skey[npkey] = NULL;
+
+ /* That's it. */
+
+ leave:
+ gcry_free (curve);
+ gcry_sexp_release (list);
+ gcry_sexp_release (top_list);
+ for (idx=0; idx < skeyidx; idx++)
+ gcry_mpi_release (skey[idx]);
+ return err;
+
+ bad_seckey:
+ err = gpg_error (GPG_ERR_BAD_SECKEY);
+ goto leave;
+
+ outofmem:
+ err = gpg_error (GPG_ERR_ENOMEM);
+ goto leave;
+}
+
+
+/* Print an "EXPORTED" status line. PK is the primary public key. */
+static void
+print_status_exported (PKT_public_key *pk)
+{
+ char *hexfpr;
+
+ if (!is_status_enabled ())
+ return;
+
+ hexfpr = hexfingerprint (pk, NULL, 0);
+ write_status_text (STATUS_EXPORTED, hexfpr? hexfpr : "[?]");
+ xfree (hexfpr);
+}
+
+
+/*
+ * Receive a secret key from agent specified by HEXGRIP.
+ *
+ * Since the key data from the agent is encrypted, decrypt it using
+ * CIPHERHD context. Then, parse the decrypted key data into transfer
+ * format, and put secret parameters into PK.
+ *
+ * If CLEARTEXT is 0, store the secret key material
+ * passphrase-protected. Otherwise, store secret key material in the
+ * clear.
+ *
+ * CACHE_NONCE_ADDR is used to share nonce for multple key retrievals.
+ */
+gpg_error_t
+receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
+ int cleartext,
+ char **cache_nonce_addr, const char *hexgrip,
+ PKT_public_key *pk)
+{
+ gpg_error_t err = 0;
+ unsigned char *wrappedkey = NULL;
+ size_t wrappedkeylen;
+ unsigned char *key = NULL;
+ size_t keylen, realkeylen;
+ gcry_sexp_t s_skey;
+ char *prompt;
+
+ if (opt.verbose)
+ log_info ("key %s: asking agent for the secret parts\n", hexgrip);
+
+ prompt = gpg_format_keydesc (ctrl, pk, FORMAT_KEYDESC_EXPORT,1);
+ err = agent_export_key (ctrl, hexgrip, prompt, !cleartext, cache_nonce_addr,
+ &wrappedkey, &wrappedkeylen,
+ pk->keyid, pk->main_keyid, pk->pubkey_algo);
+ xfree (prompt);
+
+ if (err)
+ goto unwraperror;
+ if (wrappedkeylen < 24)
+ {
+ err = gpg_error (GPG_ERR_INV_LENGTH);
+ goto unwraperror;
+ }
+ keylen = wrappedkeylen - 8;
+ key = xtrymalloc_secure (keylen);
+ if (!key)
+ {
+ err = gpg_error_from_syserror ();
+ goto unwraperror;
+ }
+ err = gcry_cipher_decrypt (cipherhd, key, keylen, wrappedkey, wrappedkeylen);
+ if (err)
+ goto unwraperror;
+ realkeylen = gcry_sexp_canon_len (key, keylen, NULL, &err);
+ if (!realkeylen)
+ goto unwraperror; /* Invalid csexp. */
+
+ err = gcry_sexp_sscan (&s_skey, NULL, key, realkeylen);
+ if (!err)
+ {
+ if (cleartext)
+ err = cleartext_secret_key_to_openpgp (s_skey, pk);
+ else
+ err = transfer_format_to_openpgp (s_skey, pk);
+ gcry_sexp_release (s_skey);
+ }
+
+ unwraperror:
+ xfree (key);
+ xfree (wrappedkey);
+ if (err)
+ {
+ log_error ("key %s: error receiving key from agent:"
+ " %s%s\n", hexgrip, gpg_strerror (err),
+ gpg_err_code (err) == GPG_ERR_FULLY_CANCELED?
+ "":_(" - skipped"));
+ }
+ return err;
+}
+
+
+/* Write KEYBLOCK either to stdout or to the file set with the
+ * --output option. This is a simplified version of do_export_stream
+ * which supports only a few export options. */
+gpg_error_t
+write_keyblock_to_output (kbnode_t keyblock, int with_armor,
+ unsigned int options)
+{
+ gpg_error_t err;
+ const char *fname;
+ iobuf_t out;
+ kbnode_t node;
+ armor_filter_context_t *afx = NULL;
+ iobuf_t out_help = NULL;
+ PKT_public_key *pk = NULL;
+
+ fname = opt.outfile? opt.outfile : "-";
+ if (is_secured_filename (fname) )
+ return gpg_error (GPG_ERR_EPERM);
+
+ out = iobuf_create (fname, 0);
+ if (!out)
+ {
+ err = gpg_error_from_syserror ();
+ log_error(_("can't create '%s': %s\n"), fname, gpg_strerror (err));
+ return err;
+ }
+ if (opt.verbose)
+ log_info (_("writing to '%s'\n"), iobuf_get_fname_nonnull (out));
+
+ if ((options & (EXPORT_PKA_FORMAT|EXPORT_DANE_FORMAT)))
+ {
+ with_armor = 0;
+ out_help = iobuf_temp ();
+ }
+
+ if (with_armor)
+ {
+ afx = new_armor_context ();
+ afx->what = 1;
+ push_armor_filter (afx, out);
+ }
+
+ for (node = keyblock; node; node = node->next)
+ {
+ if (is_deleted_kbnode (node))
+ continue;
+ if (node->pkt->pkttype == PKT_RING_TRUST)
+ continue; /* Skip - they should not be here anyway. */
+
+ if (!pk && (node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_SECRET_KEY))
+ pk = node->pkt->pkt.public_key;
+
+ if ((options & EXPORT_BACKUP))
+ err = build_packet_and_meta (out_help? out_help : out, node->pkt);
+ else
+ err = build_packet (out_help? out_help : out, node->pkt);
+ if (err)
+ {
+ log_error ("build_packet(%d) failed: %s\n",
+ node->pkt->pkttype, gpg_strerror (err) );
+ goto leave;
+ }
+ }
+ err = 0;
+
+ if (out_help && pk)
+ {
+ const void *data;
+ size_t datalen;
+
+ iobuf_flush_temp (out_help);
+ data = iobuf_get_temp_buffer (out_help);
+ datalen = iobuf_get_temp_length (out_help);
+
+ err = print_pka_or_dane_records (out,
+ keyblock, pk, data, datalen,
+ (options & EXPORT_PKA_FORMAT),
+ (options & EXPORT_DANE_FORMAT));
+ }
+
+ leave:
+ if (err)
+ iobuf_cancel (out);
+ else
+ iobuf_close (out);
+ iobuf_cancel (out_help);
+ release_armor_context (afx);
+ return err;
+}
+
+
+/*
+ * Apply the keep-uid filter to the keyblock. The deleted nodes are
+ * marked and thus the caller should call commit_kbnode afterwards.
+ * KEYBLOCK must not have any blocks marked as deleted.
+ */
+static void
+apply_keep_uid_filter (ctrl_t ctrl, kbnode_t keyblock, recsel_expr_t selector)
+{
+ kbnode_t node;
+ struct impex_filter_parm_s parm;
+
+ parm.ctrl = ctrl;
+
+ for (node = keyblock->next; node; node = node->next )
+ {
+ if (node->pkt->pkttype == PKT_USER_ID)
+ {
+ parm.node = node;
+ if (!recsel_select (selector, impex_filter_getval, &parm))
+ {
+ /* log_debug ("keep-uid: deleting '%s'\n", */
+ /* node->pkt->pkt.user_id->name); */
+ /* The UID packet and all following packets up to the
+ * next UID or a subkey. */
+ delete_kbnode (node);
+ for (; node->next
+ && node->next->pkt->pkttype != PKT_USER_ID
+ && node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY
+ && node->next->pkt->pkttype != PKT_SECRET_SUBKEY ;
+ node = node->next)
+ delete_kbnode (node->next);
+ }
+ /* else */
+ /* log_debug ("keep-uid: keeping '%s'\n", */
+ /* node->pkt->pkt.user_id->name); */
+ }
+ }
+}
+
+
+/*
+ * Apply the drop-subkey filter to the keyblock. The deleted nodes are
+ * marked and thus the caller should call commit_kbnode afterwards.
+ * KEYBLOCK must not have any blocks marked as deleted.
+ */
+static void
+apply_drop_subkey_filter (ctrl_t ctrl, kbnode_t keyblock,
+ recsel_expr_t selector)
+{
+ kbnode_t node;
+ struct impex_filter_parm_s parm;
+
+ parm.ctrl = ctrl;
+
+ for (node = keyblock->next; node; node = node->next )
+ {
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY)
+ {
+ parm.node = node;
+ if (recsel_select (selector, impex_filter_getval, &parm))
+ {
+ /*log_debug ("drop-subkey: deleting a key\n");*/
+ /* The subkey packet and all following packets up to the
+ * next subkey. */
+ delete_kbnode (node);
+ for (; node->next
+ && node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY
+ && node->next->pkt->pkttype != PKT_SECRET_SUBKEY ;
+ node = node->next)
+ delete_kbnode (node->next);
+ }
+ }
+ }
+}
+
+
+/* Print DANE or PKA records for all user IDs in KEYBLOCK to OUT. The
+ * data for the record is taken from (DATA,DATELEN). PK is the public
+ * key packet with the primary key. */
+static gpg_error_t
+print_pka_or_dane_records (iobuf_t out, kbnode_t keyblock, PKT_public_key *pk,
+ const void *data, size_t datalen,
+ int print_pka, int print_dane)
+{
+ gpg_error_t err = 0;
+ kbnode_t kbctx, node;
+ PKT_user_id *uid;
+ char *mbox = NULL;
+ char hashbuf[32];
+ char *hash = NULL;
+ char *domain;
+ const char *s;
+ unsigned int len;
+ estream_t fp = NULL;
+ char *hexdata = NULL;
+ char *hexfpr;
+
+ hexfpr = hexfingerprint (pk, NULL, 0);
+ if (!hexfpr)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ hexdata = bin2hex (data, datalen, NULL);
+ if (!hexdata)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ ascii_strlwr (hexdata);
+ fp = es_fopenmem (0, "rw,samethread");
+ if (!fp)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+
+ for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
+ {
+ if (node->pkt->pkttype != PKT_USER_ID)
+ continue;
+ uid = node->pkt->pkt.user_id;
+
+ if (uid->flags.expired || uid->flags.revoked)
+ continue;
+
+ xfree (mbox);
+ mbox = mailbox_from_userid (uid->name);
+ if (!mbox)
+ continue;
+
+ domain = strchr (mbox, '@');
+ *domain++ = 0;
+
+ if (print_pka)
+ {
+ es_fprintf (fp, "$ORIGIN _pka.%s.\n; %s\n; ", domain, hexfpr);
+ print_utf8_buffer (fp, uid->name, uid->len);
+ es_putc ('\n', fp);
+ gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox));
+ xfree (hash);
+ hash = zb32_encode (hashbuf, 8*20);
+ if (!hash)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ len = strlen (hexfpr)/2;
+ es_fprintf (fp, "%s TYPE37 \\# %u 0006 0000 00 %02X %s\n\n",
+ hash, 6 + len, len, hexfpr);
+ }
+
+ if (print_dane && hexdata)
+ {
+ es_fprintf (fp, "$ORIGIN _openpgpkey.%s.\n; %s\n; ", domain, hexfpr);
+ print_utf8_buffer (fp, uid->name, uid->len);
+ es_putc ('\n', fp);
+ gcry_md_hash_buffer (GCRY_MD_SHA256, hashbuf, mbox, strlen (mbox));
+ xfree (hash);
+ hash = bin2hex (hashbuf, 28, NULL);
+ if (!hash)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ ascii_strlwr (hash);
+ len = strlen (hexdata)/2;
+ es_fprintf (fp, "%s TYPE61 \\# %u (\n", hash, len);
+ for (s = hexdata; ;)
+ {
+ es_fprintf (fp, "\t%.64s\n", s);
+ if (strlen (s) < 64)
+ break;
+ s += 64;
+ }
+ es_fputs ("\t)\n\n", fp);
+ }
+ }
+
+ /* Make sure it is a string and write it. */
+ es_fputc (0, fp);
+ {
+ void *vp;
+
+ if (es_fclose_snatch (fp, &vp, NULL))
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ fp = NULL;
+ iobuf_writestr (out, vp);
+ es_free (vp);
+ }
+ err = 0;
+
+ leave:
+ xfree (hash);
+ xfree (mbox);
+ es_fclose (fp);
+ xfree (hexdata);
+ xfree (hexfpr);
+ return err;
+}
+
+
+/* Helper for do_export_stream which writes one keyblock to OUT. */
+static gpg_error_t
+do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
+ iobuf_t out, int secret, unsigned int options,
+ export_stats_t stats, int *any,
+ KEYDB_SEARCH_DESC *desc, size_t ndesc,
+ size_t descindex, gcry_cipher_hd_t cipherhd)
+{
+ gpg_error_t err = gpg_error (GPG_ERR_NOT_FOUND);
+ char *cache_nonce = NULL;
+ subkey_list_t subkey_list = NULL; /* Track already processed subkeys. */
+ int skip_until_subkey = 0;
+ int cleartext = 0;
+ char *hexgrip = NULL;
+ char *serialno = NULL;
+ PKT_public_key *pk;
+ u32 subkidbuf[2], *subkid;
+ kbnode_t kbctx, node;
+
+ /* NB: walk_kbnode skips packets marked as deleted. */
+ for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); )
+ {
+ if (skip_until_subkey)
+ {
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ skip_until_subkey = 0;
+ else
+ continue;
+ }
+
+ /* We used to use comment packets, but not any longer. In
+ * case we still have comments on a key, strip them here
+ * before we call build_packet(). */
+ if (node->pkt->pkttype == PKT_COMMENT)
+ continue;
+
+ /* Skip ring trust packets - they should not ne here anyway. */
+ if (node->pkt->pkttype == PKT_RING_TRUST)
+ continue;
+
+ /* If exact is set, then we only export what was requested
+ * (plus the primary key, if the user didn't specifically
+ * request it). */
+ if (desc[descindex].exact && node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ if (!exact_subkey_match_p (desc+descindex, node))
+ {
+ /* Before skipping this subkey, check whether any
+ * other description wants an exact match on a
+ * subkey and include that subkey into the output
+ * too. Need to add this subkey to a list so that
+ * it won't get processed a second time.
+ *
+ * So the first step here is to check that list and
+ * skip in any case if the key is in that list.
+ *
+ * We need this whole mess because the import
+ * function of GnuPG < 2.1 is not able to merge
+ * secret keys and thus it is useless to output them
+ * as two separate keys and have import merge them.
+ */
+ if (subkey_in_list_p (subkey_list, node))
+ skip_until_subkey = 1; /* Already processed this one. */
+ else
+ {
+ size_t j;
+
+ for (j=0; j < ndesc; j++)
+ if (j != descindex && desc[j].exact
+ && exact_subkey_match_p (desc+j, node))
+ break;
+ if (!(j < ndesc))
+ skip_until_subkey = 1; /* No other one matching. */
+ }
+ }
+
+ if (skip_until_subkey)
+ continue;
+
+ /* Mark this one as processed. */
+ {
+ subkey_list_t tmp = new_subkey_list_item (node);
+ tmp->next = subkey_list;
+ subkey_list = tmp;
+ }
+ }
+
+ if (node->pkt->pkttype == PKT_SIGNATURE)
+ {
+ /* Do not export packets which are marked as not
+ * exportable. */
+ if (!(options & EXPORT_LOCAL_SIGS)
+ && !node->pkt->pkt.signature->flags.exportable)
+ continue; /* not exportable */
+
+ /* Do not export packets with a "sensitive" revocation key
+ * unless the user wants us to. Note that we do export
+ * these when issuing the actual revocation (see revoke.c). */
+ if (!(options & EXPORT_SENSITIVE_REVKEYS)
+ && node->pkt->pkt.signature->revkey)
+ {
+ int i;
+
+ for (i = 0; i < node->pkt->pkt.signature->numrevkeys; i++)
+ if ((node->pkt->pkt.signature->revkey[i].class & 0x40))
+ break;
+ if (i < node->pkt->pkt.signature->numrevkeys)
+ continue;
+ }
+ }
+
+ /* Don't export attribs? */
+ if (!(options & EXPORT_ATTRIBUTES)
+ && node->pkt->pkttype == PKT_USER_ID
+ && node->pkt->pkt.user_id->attrib_data)
+ {
+ /* Skip until we get to something that is not an attrib or a
+ * signature on an attrib. */
+ while (kbctx->next && kbctx->next->pkt->pkttype == PKT_SIGNATURE)
+ kbctx = kbctx->next;
+
+ continue;
+ }
+
+ if (secret && (node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY))
+ {
+ pk = node->pkt->pkt.public_key;
+ if (node->pkt->pkttype == PKT_PUBLIC_KEY)
+ subkid = NULL;
+ else
+ {
+ keyid_from_pk (pk, subkidbuf);
+ subkid = subkidbuf;
+ }
+
+ if (pk->seckey_info)
+ {
+ log_error ("key %s: oops: seckey_info already set"
+ " - skipped\n", keystr_with_sub (keyid, subkid));
+ skip_until_subkey = 1;
+ continue;
+ }
+
+ xfree (hexgrip);
+ err = hexkeygrip_from_pk (pk, &hexgrip);
+ if (err)
+ {
+ log_error ("key %s: error computing keygrip: %s"
+ " - skipped\n", keystr_with_sub (keyid, subkid),
+ gpg_strerror (err));
+ skip_until_subkey = 1;
+ err = 0;
+ continue;
+ }
+
+ xfree (serialno);
+ serialno = NULL;
+ if (secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY)
+ {
+ /* We are asked not to export the secret parts of the
+ * primary key. Make up an error code to create the
+ * stub. */
+ err = GPG_ERR_NOT_FOUND;
+ }
+ else
+ err = agent_get_keyinfo (ctrl, hexgrip, &serialno, &cleartext);
+
+ if ((!err && serialno)
+ && secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY)
+ {
+ /* It does not make sense to export a key with its
+ * primary key on card using a non-key stub. Thus we
+ * skip those keys when used with --export-secret-subkeys. */
+ log_info (_("key %s: key material on-card - skipped\n"),
+ keystr_with_sub (keyid, subkid));
+ skip_until_subkey = 1;
+ }
+ else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND
+ || (!err && serialno))
+ {
+ /* Create a key stub. */
+ struct seckey_info *ski;
+ const char *s;
+
+ pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
+ if (!ski)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+
+ ski->is_protected = 1;
+ if (err)
+ ski->s2k.mode = 1001; /* GNU dummy (no secret key). */
+ else
+ {
+ ski->s2k.mode = 1002; /* GNU-divert-to-card. */
+ for (s=serialno; sizeof (ski->ivlen) && *s && s[1];
+ ski->ivlen++, s += 2)
+ ski->iv[ski->ivlen] = xtoi_2 (s);
+ }
+
+ if ((options & EXPORT_BACKUP))
+ err = build_packet_and_meta (out, node->pkt);
+ else
+ err = build_packet (out, node->pkt);
+ if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY)
+ {
+ stats->exported++;
+ print_status_exported (node->pkt->pkt.public_key);
+ }
+ }
+ else if (!err)
+ {
+ err = receive_seckey_from_agent (ctrl, cipherhd,
+ cleartext, &cache_nonce,
+ hexgrip, pk);
+ if (err)
+ {
+ if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
+ goto leave;
+ skip_until_subkey = 1;
+ err = 0;
+ }
+ else
+ {
+ if ((options & EXPORT_BACKUP))
+ err = build_packet_and_meta (out, node->pkt);
+ else
+ err = build_packet (out, node->pkt);
+ if (node->pkt->pkttype == PKT_PUBLIC_KEY)
+ {
+ stats->exported++;
+ print_status_exported (node->pkt->pkt.public_key);
+ }
+ }
+ }
+ else
+ {
+ log_error ("key %s: error getting keyinfo from agent: %s"
+ " - skipped\n", keystr_with_sub (keyid, subkid),
+ gpg_strerror (err));
+ skip_until_subkey = 1;
+ err = 0;
+ }
+
+ xfree (pk->seckey_info);
+ pk->seckey_info = NULL;
+ {
+ int i;
+ for (i = pubkey_get_npkey (pk->pubkey_algo);
+ i < pubkey_get_nskey (pk->pubkey_algo); i++)
+ {
+ gcry_mpi_release (pk->pkey[i]);
+ pk->pkey[i] = NULL;
+ }
+ }
+ }
+ else /* Not secret or common packets. */
+ {
+ if ((options & EXPORT_BACKUP))
+ err = build_packet_and_meta (out, node->pkt);
+ else
+ err = build_packet (out, node->pkt);
+ if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY)
+ {
+ stats->exported++;
+ print_status_exported (node->pkt->pkt.public_key);
+ }
+ }
+
+ if (err)
+ {
+ log_error ("build_packet(%d) failed: %s\n",
+ node->pkt->pkttype, gpg_strerror (err));
+ goto leave;
+ }
+
+ if (!skip_until_subkey)
+ *any = 1;
+ }
+
+ leave:
+ release_subkey_list (subkey_list);
+ xfree (serialno);
+ xfree (hexgrip);
+ xfree (cache_nonce);
+ return err;
+}
+
+
+/* Export the keys identified by the list of strings in USERS to the
+ stream OUT. If SECRET is false public keys will be exported. With
+ secret true secret keys will be exported; in this case 1 means the
+ entire secret keyblock and 2 only the subkeys. OPTIONS are the
+ export options to apply. If KEYBLOCK_OUT is not NULL, AND the exit
+ code is zero, a pointer to the first keyblock found and exported
+ will be stored at this address; no other keyblocks are exported in
+ this case. The caller must free the returned keyblock. If any
+ key has been exported true is stored at ANY. */
+static int
+do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
+ kbnode_t *keyblock_out, unsigned int options,
+ export_stats_t stats, int *any)
+{
+ gpg_error_t err = 0;
+ PACKET pkt;
+ kbnode_t keyblock = NULL;
+ kbnode_t node;
+ size_t ndesc, descindex;
+ KEYDB_SEARCH_DESC *desc = NULL;
+ KEYDB_HANDLE kdbhd;
+ strlist_t sl;
+ gcry_cipher_hd_t cipherhd = NULL;
+ struct export_stats_s dummystats;
+ iobuf_t out_help = NULL;
+
+ if (!stats)
+ stats = &dummystats;
+ *any = 0;
+ init_packet (&pkt);
+ kdbhd = keydb_new ();
+ if (!kdbhd)
+ return gpg_error_from_syserror ();
+
+ /* For the PKA and DANE format open a helper iobuf and for DANE
+ * enforce some options. */
+ if ((options & (EXPORT_PKA_FORMAT | EXPORT_DANE_FORMAT)))
+ {
+ out_help = iobuf_temp ();
+ if ((options & EXPORT_DANE_FORMAT))
+ options |= EXPORT_MINIMAL | EXPORT_CLEAN;
+ }
+
+ if (!users)
+ {
+ ndesc = 1;
+ desc = xcalloc (ndesc, sizeof *desc);
+ desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
+ }
+ else
+ {
+ for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
+ ;
+ desc = xmalloc ( ndesc * sizeof *desc);
+
+ for (ndesc=0, sl=users; sl; sl = sl->next)
+ {
+ if (!(err=classify_user_id (sl->d, desc+ndesc, 1)))
+ ndesc++;
+ else
+ log_error (_("key \"%s\" not found: %s\n"),
+ sl->d, gpg_strerror (err));
+ }
+
+ keydb_disable_caching (kdbhd); /* We are looping the search. */
+
+ /* It would be nice to see which of the given users did actually
+ match one in the keyring. To implement this we need to have
+ a found flag for each entry in desc. To set this flag we
+ must check all those entries after a match to mark all
+ matched one - currently we stop at the first match. To do
+ this we need an extra flag to enable this feature. */
+ }
+
+#ifdef ENABLE_SELINUX_HACKS
+ if (secret)
+ {
+ log_error (_("exporting secret keys not allowed\n"));
+ err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+ goto leave;
+ }
+#endif
+
+ /* For secret key export we need to setup a decryption context. */
+ if (secret)
+ {
+ void *kek = NULL;
+ size_t keklen;
+
+ err = agent_keywrap_key (ctrl, 1, &kek, &keklen);
+ if (err)
+ {
+ log_error ("error getting the KEK: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+
+ /* Prepare a cipher context. */
+ err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128,
+ GCRY_CIPHER_MODE_AESWRAP, 0);
+ if (!err)
+ err = gcry_cipher_setkey (cipherhd, kek, keklen);
+ if (err)
+ {
+ log_error ("error setting up an encryption context: %s\n",
+ gpg_strerror (err));
+ goto leave;
+ }
+ xfree (kek);
+ kek = NULL;
+ }
+
+ for (;;)
+ {
+ u32 keyid[2];
+ PKT_public_key *pk;
+
+ err = keydb_search (kdbhd, desc, ndesc, &descindex);
+ if (!users)
+ desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
+ if (err)
+ break;
+
+ /* Read the keyblock. */
+ release_kbnode (keyblock);
+ keyblock = NULL;
+ err = keydb_get_keyblock (kdbhd, &keyblock);
+ if (err)
+ {
+ log_error (_("error reading keyblock: %s\n"), gpg_strerror (err));
+ goto leave;
+ }
+
+ node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
+ if (!node)
+ {
+ log_error ("public key packet not found in keyblock - skipped\n");
+ continue;
+ }
+ stats->count++;
+ setup_main_keyids (keyblock); /* gpg_format_keydesc needs it. */
+ pk = node->pkt->pkt.public_key;
+ keyid_from_pk (pk, keyid);
+
+ /* If a secret key export is required we need to check whether
+ we have a secret key at all and if so create the seckey_info
+ structure. */
+ if (secret)
+ {
+ if (agent_probe_any_secret_key (ctrl, keyblock))
+ continue; /* No secret key (neither primary nor subkey). */
+
+ /* No v3 keys with GNU mode 1001. */
+ if (secret == 2 && pk->version == 3)
+ {
+ log_info (_("key %s: PGP 2.x style key - skipped\n"),
+ keystr (keyid));
+ continue;
+ }
+
+ /* The agent does not yet allow export of v3 packets. It is
+ actually questionable whether we should allow them at
+ all. */
+ if (pk->version == 3)
+ {
+ log_info ("key %s: PGP 2.x style key (v3) export "
+ "not yet supported - skipped\n", keystr (keyid));
+ continue;
+ }
+ stats->secret_count++;
+ }
+
+ /* Always do the cleaning on the public key part if requested.
+ * A designated revocation is never stripped, even with
+ * export-minimal set. */
+ if ((options & EXPORT_CLEAN))
+ {
+ merge_keys_and_selfsig (ctrl, keyblock);
+ clean_all_uids (ctrl, keyblock, opt.verbose,
+ (options&EXPORT_MINIMAL), NULL, NULL);
+ clean_all_subkeys (ctrl, keyblock, opt.verbose,
+ (options&EXPORT_MINIMAL)? KEY_CLEAN_ALL
+ /**/ : KEY_CLEAN_AUTHENCR,
+ NULL, NULL);
+ commit_kbnode (&keyblock);
+ }
+
+ if (export_keep_uid)
+ {
+ commit_kbnode (&keyblock);
+ apply_keep_uid_filter (ctrl, keyblock, export_keep_uid);
+ commit_kbnode (&keyblock);
+ }
+
+ if (export_drop_subkey)
+ {
+ commit_kbnode (&keyblock);
+ apply_drop_subkey_filter (ctrl, keyblock, export_drop_subkey);
+ commit_kbnode (&keyblock);
+ }
+
+ /* And write it. */
+ err = do_export_one_keyblock (ctrl, keyblock, keyid,
+ out_help? out_help : out,
+ secret, options, stats, any,
+ desc, ndesc, descindex, cipherhd);
+ if (err)
+ break;
+
+ if (keyblock_out)
+ {
+ *keyblock_out = keyblock;
+ break;
+ }
+
+ if (out_help)
+ {
+ /* We want to write PKA or DANE records. OUT_HELP has the
+ * keyblock and we print a record for each uid to OUT. */
+ const void *data;
+ size_t datalen;
+
+ iobuf_flush_temp (out_help);
+ data = iobuf_get_temp_buffer (out_help);
+ datalen = iobuf_get_temp_length (out_help);
+
+ err = print_pka_or_dane_records (out,
+ keyblock, pk, data, datalen,
+ (options & EXPORT_PKA_FORMAT),
+ (options & EXPORT_DANE_FORMAT));
+ if (err)
+ goto leave;
+
+ iobuf_close (out_help);
+ out_help = iobuf_temp ();
+ }
+
+ }
+ if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
+ err = 0;
+
+ leave:
+ iobuf_cancel (out_help);
+ gcry_cipher_close (cipherhd);
+ xfree(desc);
+ keydb_release (kdbhd);
+ if (err || !keyblock_out)
+ release_kbnode( keyblock );
+ if( !*any )
+ log_info(_("WARNING: nothing exported\n"));
+ return err;
+}
+
+
+
+
+static gpg_error_t
+key_to_sshblob (membuf_t *mb, const char *identifier, ...)
+{
+ va_list arg_ptr;
+ gpg_error_t err = 0;
+ unsigned char nbuf[4];
+ unsigned char *buf;
+ size_t buflen;
+ gcry_mpi_t a;
+
+ ulongtobuf (nbuf, (ulong)strlen (identifier));
+ put_membuf (mb, nbuf, 4);
+ put_membuf_str (mb, identifier);
+ if (!strncmp (identifier, "ecdsa-sha2-", 11))
+ {
+ ulongtobuf (nbuf, (ulong)strlen (identifier+11));
+ put_membuf (mb, nbuf, 4);
+ put_membuf_str (mb, identifier+11);
+ }
+ va_start (arg_ptr, identifier);
+ while ((a = va_arg (arg_ptr, gcry_mpi_t)))
+ {
+ err = gcry_mpi_aprint (GCRYMPI_FMT_SSH, &buf, &buflen, a);
+ if (err)
+ break;
+ if (!strcmp (identifier, "ssh-ed25519")
+ && buflen > 5 && buf[4] == 0x40)
+ {
+ /* We need to strip our 0x40 prefix. */
+ put_membuf (mb, "\x00\x00\x00\x20", 4);
+ put_membuf (mb, buf+5, buflen-5);
+ }
+ else
+ put_membuf (mb, buf, buflen);
+ gcry_free (buf);
+ }
+ va_end (arg_ptr);
+ return err;
+}
+
+/* Export the key identified by USERID in the SSH public key format.
+ The function exports the latest subkey with Authentication
+ capability unless the '!' suffix is used to export a specific
+ key. */
+gpg_error_t
+export_ssh_key (ctrl_t ctrl, const char *userid)
+{
+ gpg_error_t err;
+ kbnode_t keyblock = NULL;
+ KEYDB_SEARCH_DESC desc;
+ u32 latest_date;
+ u32 curtime = make_timestamp ();
+ kbnode_t latest_key, node;
+ PKT_public_key *pk;
+ const char *identifier = NULL;
+ membuf_t mb;
+ estream_t fp = NULL;
+ struct b64state b64_state;
+ const char *fname = "-";
+
+ init_membuf (&mb, 4096);
+
+ /* We need to know whether the key has been specified using the
+ exact syntax ('!' suffix). Thus we need to run a
+ classify_user_id on our own. */
+ err = classify_user_id (userid, &desc, 1);
+
+ /* Get the public key. */
+ if (!err)
+ {
+ getkey_ctx_t getkeyctx;
+
+ err = get_pubkey_byname (ctrl, GET_PUBKEY_NO_AKL,
+ &getkeyctx, NULL, userid, &keyblock,
+ NULL,
+ 0 /* Only usable keys or given exact. */);
+ if (!err)
+ {
+ err = getkey_next (ctrl, getkeyctx, NULL, NULL);
+ if (!err)
+ err = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
+ else if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY)
+ err = 0;
+ }
+ getkey_end (ctrl, getkeyctx);
+ }
+ if (err)
+ {
+ log_error (_("key \"%s\" not found: %s\n"), userid, gpg_strerror (err));
+ return err;
+ }
+
+ /* The finish_lookup code in getkey.c does not handle auth keys,
+ thus we have to duplicate the code here to find the latest
+ subkey. However, if the key has been found using an exact match
+ ('!' notation) we use that key without any further checks and
+ even allow the use of the primary key. */
+ latest_date = 0;
+ latest_key = NULL;
+ for (node = keyblock; node; node = node->next)
+ {
+ if ((node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_PUBLIC_KEY)
+ && node->pkt->pkt.public_key->flags.exact)
+ {
+ latest_key = node;
+ break;
+ }
+ }
+ if (!latest_key)
+ {
+ for (node = keyblock; node; node = node->next)
+ {
+ if (node->pkt->pkttype != PKT_PUBLIC_SUBKEY)
+ continue;
+
+ pk = node->pkt->pkt.public_key;
+ if (DBG_LOOKUP)
+ log_debug ("\tchecking subkey %08lX\n",
+ (ulong) keyid_from_pk (pk, NULL));
+ if (!(pk->pubkey_usage & PUBKEY_USAGE_AUTH))
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tsubkey not usable for authentication\n");
+ continue;
+ }
+ if (!pk->flags.valid)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tsubkey not valid\n");
+ continue;
+ }
+ if (pk->flags.revoked)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tsubkey has been revoked\n");
+ continue;
+ }
+ if (pk->has_expired)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tsubkey has expired\n");
+ continue;
+ }
+ if (pk->timestamp > curtime && !opt.ignore_valid_from)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tsubkey not yet valid\n");
+ continue;
+ }
+ if (DBG_LOOKUP)
+ log_debug ("\tsubkey might be fine\n");
+ /* In case a key has a timestamp of 0 set, we make sure that it
+ is used. A better change would be to compare ">=" but that
+ might also change the selected keys and is as such a more
+ intrusive change. */
+ if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date))
+ {
+ latest_date = pk->timestamp;
+ latest_key = node;
+ }
+ }
+
+ /* If no subkey was suitable check the primary key. */
+ if (!latest_key
+ && (node = keyblock) && node->pkt->pkttype == PKT_PUBLIC_KEY)
+ {
+ pk = node->pkt->pkt.public_key;
+ if (DBG_LOOKUP)
+ log_debug ("\tchecking primary key %08lX\n",
+ (ulong) keyid_from_pk (pk, NULL));
+ if (!(pk->pubkey_usage & PUBKEY_USAGE_AUTH))
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key not usable for authentication\n");
+ }
+ else if (!pk->flags.valid)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key not valid\n");
+ }
+ else if (pk->flags.revoked)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key has been revoked\n");
+ }
+ else if (pk->has_expired)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key has expired\n");
+ }
+ else if (pk->timestamp > curtime && !opt.ignore_valid_from)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key not yet valid\n");
+ }
+ else
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key is fine\n");
+ latest_date = pk->timestamp;
+ latest_key = node;
+ }
+ }
+ }
+
+ if (!latest_key)
+ {
+ err = gpg_error (GPG_ERR_UNUSABLE_PUBKEY);
+ log_error (_("key \"%s\" not found: %s\n"), userid, gpg_strerror (err));
+ goto leave;
+ }
+
+ pk = latest_key->pkt->pkt.public_key;
+ if (DBG_LOOKUP)
+ log_debug ("\tusing key %08lX\n", (ulong) keyid_from_pk (pk, NULL));
+
+ switch (pk->pubkey_algo)
+ {
+ case PUBKEY_ALGO_DSA:
+ identifier = "ssh-dss";
+ err = key_to_sshblob (&mb, identifier,
+ pk->pkey[0], pk->pkey[1], pk->pkey[2], pk->pkey[3],
+ NULL);
+ break;
+
+ case PUBKEY_ALGO_RSA:
+ case PUBKEY_ALGO_RSA_S:
+ identifier = "ssh-rsa";
+ err = key_to_sshblob (&mb, identifier, pk->pkey[1], pk->pkey[0], NULL);
+ break;
+
+ case PUBKEY_ALGO_ECDSA:
+ {
+ char *curveoid;
+ const char *curve;
+
+ curveoid = openpgp_oid_to_str (pk->pkey[0]);
+ if (!curveoid)
+ err = gpg_error_from_syserror ();
+ else if (!(curve = openpgp_oid_to_curve (curveoid, 0)))
+ err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
+ else
+ {
+ if (!strcmp (curve, "nistp256"))
+ identifier = "ecdsa-sha2-nistp256";
+ else if (!strcmp (curve, "nistp384"))
+ identifier = "ecdsa-sha2-nistp384";
+ else if (!strcmp (curve, "nistp521"))
+ identifier = "ecdsa-sha2-nistp521";
+
+ if (!identifier)
+ err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
+ else
+ err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL);
+ }
+ xfree (curveoid);
+ }
+ break;
+
+ case PUBKEY_ALGO_EDDSA:
+ if (!openpgp_oid_is_ed25519 (pk->pkey[0]))
+ err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
+ else
+ {
+ identifier = "ssh-ed25519";
+ err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL);
+ }
+ break;
+
+ case PUBKEY_ALGO_ELGAMAL_E:
+ case PUBKEY_ALGO_ELGAMAL:
+ err = gpg_error (GPG_ERR_UNUSABLE_PUBKEY);
+ break;
+
+ default:
+ err = GPG_ERR_PUBKEY_ALGO;
+ break;
+ }
+
+ if (!identifier)
+ goto leave;
+
+ if (opt.outfile && *opt.outfile && strcmp (opt.outfile, "-"))
+ fp = es_fopen ((fname = opt.outfile), "w");
+ else
+ fp = es_stdout;
+ if (!fp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
+ goto leave;
+ }
+
+ es_fprintf (fp, "%s ", identifier);
+ err = b64enc_start_es (&b64_state, fp, "");
+ if (!err)
+ {
+ void *blob;
+ size_t bloblen;
+
+ blob = get_membuf (&mb, &bloblen);
+ if (blob)
+ {
+ err = b64enc_write (&b64_state, blob, bloblen);
+ xfree (blob);
+ if (err)
+ goto leave;
+ }
+ err = b64enc_finish (&b64_state);
+ }
+ if (err)
+ goto leave;
+ es_fprintf (fp, " openpgp:0x%08lX\n", (ulong)keyid_from_pk (pk, NULL));
+
+ if (es_ferror (fp))
+ err = gpg_error_from_syserror ();
+ else
+ {
+ if (fp != es_stdout && es_fclose (fp))
+ err = gpg_error_from_syserror ();
+ fp = NULL;
+ }
+
+ if (err)
+ log_error (_("error writing '%s': %s\n"), fname, gpg_strerror (err));
+
+ leave:
+ if (fp != es_stdout)
+ es_fclose (fp);
+ xfree (get_membuf (&mb, NULL));
+ release_kbnode (keyblock);
+ return err;
+}