security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Code Activity

gpg: Remove a mostly duplicated function.

Browse Source 
* g10/export.c (receive_seckey_from_agent): Add arg r_key.
(do_export_one_keyblock): Pass NULL for new arg.
(receive_raw_seckey_from_agent): Remove.
(export_secret_ssh_key): Use receive_seckey_from_agent.
* g10/keygen.c (card_store_key_with_backup): Pass NULL for new arg.
This commit is contained in:
Werner Koch 2022-12-01 12:28:15 +01:00
parent 0a93b5b96a
commit 1d88e14de7
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 36 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
g10/export.c
View File

@ -1249,28 +1249,45 @@ print_status_exported (PKT_public_key *pk)
* clear. * clear.
* *
* CACHE_NONCE_ADDR is used to share nonce for multiple key retrievals. * CACHE_NONCE_ADDR is used to share nonce for multiple key retrievals.
*
* If PK is NULL, the raw key is returned (e.g. for ssh export) at
* R_KEY. CLEARTEXT and CACHE_NONCE_ADDR ared ignored in this case.
*/ */
gpg_error_t gpg_error_t
receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd, receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
int cleartext, int cleartext,
char **cache_nonce_addr, const char *hexgrip, char **cache_nonce_addr, const char *hexgrip,
PKT_public_key *pk) PKT_public_key *pk, gcry_sexp_t *r_key)
{ {
gpg_error_t err = 0; gpg_error_t err = 0;
unsigned char *wrappedkey = NULL; unsigned char *wrappedkey = NULL;
size_t wrappedkeylen; size_t wrappedkeylen;
unsigned char *key = NULL; unsigned char *key = NULL;
size_t keylen, realkeylen; size_t keylen, realkeylen;
gcry_sexp_t s_skey; gcry_sexp_t s_skey = NULL;
char *prompt; char *prompt;
if (r_key)
*r_key = NULL;
if (opt.verbose) if (opt.verbose)
log_info ("key %s: asking agent for the secret parts\n", hexgrip); log_info ("key %s: asking agent for the secret parts\n", hexgrip);
prompt = gpg_format_keydesc (ctrl, pk, FORMAT_KEYDESC_EXPORT,1); if (pk)
err = agent_export_key (ctrl, hexgrip, prompt, !cleartext, cache_nonce_addr, {
prompt = gpg_format_keydesc (ctrl, pk, FORMAT_KEYDESC_EXPORT, 1);
err = agent_export_key (ctrl, hexgrip, prompt, !cleartext,
cache_nonce_addr,
&wrappedkey, &wrappedkeylen, &wrappedkey, &wrappedkeylen,
pk->keyid, pk->main_keyid, pk->pubkey_algo); pk->keyid, pk->main_keyid, pk->pubkey_algo);
}
else
{
prompt = gpg_format_keydesc (ctrl, NULL, FORMAT_KEYDESC_KEYGRIP, 1);
err = agent_export_key (ctrl, hexgrip, prompt, 0,
NULL,
&wrappedkey, &wrappedkeylen,
NULL, NULL, 0);
}
xfree (prompt); xfree (prompt);
if (err) if (err)
@ -1297,14 +1314,19 @@ receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
err = gcry_sexp_sscan (&s_skey, NULL, key, realkeylen); err = gcry_sexp_sscan (&s_skey, NULL, key, realkeylen);
if (!err) if (!err)
{ {
if (cleartext) if (pk && cleartext)
err = cleartext_secret_key_to_openpgp (s_skey, pk); err = cleartext_secret_key_to_openpgp (s_skey, pk);
else else if (pk)
err = transfer_format_to_openpgp (s_skey, pk); err = transfer_format_to_openpgp (s_skey, pk);
gcry_sexp_release (s_skey); else if (r_key)
{
*r_key = s_skey;
s_skey = NULL;
}
} }
unwraperror: unwraperror:
gcry_sexp_release (s_skey);
xfree (key); xfree (key);
xfree (wrappedkey); xfree (wrappedkey);
if (err) if (err)
@ -1811,7 +1833,7 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
{ {
err = receive_seckey_from_agent (ctrl, cipherhd, err = receive_seckey_from_agent (ctrl, cipherhd,
cleartext, &cache_nonce, cleartext, &cache_nonce,
hexgrip, pk); hexgrip, pk, NULL);
if (err) if (err)
{ {
if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
@ -2714,74 +2736,6 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
} }
/* Simplified version of receive_seckey_from_agent used to get the raw
* key. */
gpg_error_t
receive_raw_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
const char *hexgrip, gcry_sexp_t *r_key)
{
gpg_error_t err = 0;
unsigned char *wrappedkey = NULL;
size_t wrappedkeylen;
unsigned char *key = NULL;
size_t keylen, realkeylen;
gcry_sexp_t s_skey = NULL;
*r_key = NULL;
if (opt.verbose)
log_info ("key %s: asking agent for the secret parts\n", hexgrip);
{
char * prompt = gpg_format_keydesc (ctrl, NULL, FORMAT_KEYDESC_KEYGRIP, 1);
err = agent_export_key (ctrl, hexgrip, prompt, 0, NULL,
&wrappedkey, &wrappedkeylen,
NULL, NULL, 0);
xfree (prompt);
}
if (err)
goto leave;
if (wrappedkeylen < 24)
{
err = gpg_error (GPG_ERR_INV_LENGTH);
goto leave;
}
keylen = wrappedkeylen - 8;
key = xtrymalloc_secure (keylen);
if (!key)
{
err = gpg_error_from_syserror ();
goto leave;
}
err = gcry_cipher_decrypt (cipherhd, key, keylen, wrappedkey, wrappedkeylen);
if (err)
goto leave;
realkeylen = gcry_sexp_canon_len (key, keylen, NULL, &err);
if (!realkeylen)
goto leave; /* Invalid csexp. */
err = gcry_sexp_sscan (&s_skey, NULL, key, realkeylen);
if (!err)
{
gcry_log_debugsxp ("skey", s_skey);
*r_key = s_skey;
s_skey = NULL;
}
leave:
gcry_sexp_release (s_skey);
xfree (key);
xfree (wrappedkey);
if (err)
{
log_error ("key %s: error receiving key from agent:"
" %s%s\n", hexgrip, gpg_strerror (err),
"");
}
return err;
}
/* Export the key identified by USERID in the SSH secret key format. /* Export the key identified by USERID in the SSH secret key format.
* The USERID must be given in keygrip format (prefixed with a '&') * The USERID must be given in keygrip format (prefixed with a '&')
* and thus no OpenPGP key is required. The exported key is not * and thus no OpenPGP key is required. The exported key is not
@ -2827,7 +2781,8 @@ export_secret_ssh_key (ctrl_t ctrl, const char *userid)
if ((err = get_keywrap_key (ctrl, &cipherhd))) if ((err = get_keywrap_key (ctrl, &cipherhd)))
goto leave; goto leave;
err = receive_raw_seckey_from_agent (ctrl, cipherhd, hexgrip, &skey); err = receive_seckey_from_agent (ctrl, cipherhd, 0, NULL, hexgrip, NULL,
&skey);
if (err) if (err)
goto leave; goto leave;

2
g10/keygen.c
View File

@ -5287,7 +5287,7 @@ card_store_key_with_backup (ctrl_t ctrl, PKT_public_key *sub_psk,
} }
err = receive_seckey_from_agent (ctrl, cipherhd, 0, err = receive_seckey_from_agent (ctrl, cipherhd, 0,
&cache_nonce, hexgrip, sk); &cache_nonce, hexgrip, sk, NULL);
if (err) if (err)
{ {
log_error ("error getting secret key from agent: %s\n", log_error ("error getting secret key from agent: %s\n",

2
g10/main.h
View File

@ -434,7 +434,7 @@ gpg_error_t receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
int cleartext, int cleartext,
char **cache_nonce_addr, char **cache_nonce_addr,
const char *hexgrip, const char *hexgrip,
PKT_public_key *pk); PKT_public_key *pk, gcry_sexp_t *r_key);
gpg_error_t write_keyblock_to_output (kbnode_t keyblock, gpg_error_t write_keyblock_to_output (kbnode_t keyblock,
int with_armor, unsigned int options); int with_armor, unsigned int options);