1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00

gpg: Remove a mostly duplicated function.

* g10/export.c (receive_seckey_from_agent): Add arg r_key.
(do_export_one_keyblock): Pass NULL for new arg.
(receive_raw_seckey_from_agent): Remove.
(export_secret_ssh_key): Use receive_seckey_from_agent.
* g10/keygen.c (card_store_key_with_backup): Pass NULL for new arg.
This commit is contained in:
Werner Koch 2022-12-01 12:28:15 +01:00
parent 0a93b5b96a
commit 1d88e14de7
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 36 additions and 81 deletions

View File

@ -1249,28 +1249,45 @@ print_status_exported (PKT_public_key *pk)
* clear.
*
* CACHE_NONCE_ADDR is used to share nonce for multiple key retrievals.
*
* If PK is NULL, the raw key is returned (e.g. for ssh export) at
* R_KEY. CLEARTEXT and CACHE_NONCE_ADDR ared ignored in this case.
*/
gpg_error_t
receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
int cleartext,
char **cache_nonce_addr, const char *hexgrip,
PKT_public_key *pk)
PKT_public_key *pk, gcry_sexp_t *r_key)
{
gpg_error_t err = 0;
unsigned char *wrappedkey = NULL;
size_t wrappedkeylen;
unsigned char *key = NULL;
size_t keylen, realkeylen;
gcry_sexp_t s_skey;
gcry_sexp_t s_skey = NULL;
char *prompt;
if (r_key)
*r_key = NULL;
if (opt.verbose)
log_info ("key %s: asking agent for the secret parts\n", hexgrip);
prompt = gpg_format_keydesc (ctrl, pk, FORMAT_KEYDESC_EXPORT,1);
err = agent_export_key (ctrl, hexgrip, prompt, !cleartext, cache_nonce_addr,
&wrappedkey, &wrappedkeylen,
pk->keyid, pk->main_keyid, pk->pubkey_algo);
if (pk)
{
prompt = gpg_format_keydesc (ctrl, pk, FORMAT_KEYDESC_EXPORT, 1);
err = agent_export_key (ctrl, hexgrip, prompt, !cleartext,
cache_nonce_addr,
&wrappedkey, &wrappedkeylen,
pk->keyid, pk->main_keyid, pk->pubkey_algo);
}
else
{
prompt = gpg_format_keydesc (ctrl, NULL, FORMAT_KEYDESC_KEYGRIP, 1);
err = agent_export_key (ctrl, hexgrip, prompt, 0,
NULL,
&wrappedkey, &wrappedkeylen,
NULL, NULL, 0);
}
xfree (prompt);
if (err)
@ -1297,14 +1314,19 @@ receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
err = gcry_sexp_sscan (&s_skey, NULL, key, realkeylen);
if (!err)
{
if (cleartext)
if (pk && cleartext)
err = cleartext_secret_key_to_openpgp (s_skey, pk);
else
else if (pk)
err = transfer_format_to_openpgp (s_skey, pk);
gcry_sexp_release (s_skey);
else if (r_key)
{
*r_key = s_skey;
s_skey = NULL;
}
}
unwraperror:
gcry_sexp_release (s_skey);
xfree (key);
xfree (wrappedkey);
if (err)
@ -1811,7 +1833,7 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
{
err = receive_seckey_from_agent (ctrl, cipherhd,
cleartext, &cache_nonce,
hexgrip, pk);
hexgrip, pk, NULL);
if (err)
{
if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
@ -2714,74 +2736,6 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
}
/* Simplified version of receive_seckey_from_agent used to get the raw
* key. */
gpg_error_t
receive_raw_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
const char *hexgrip, gcry_sexp_t *r_key)
{
gpg_error_t err = 0;
unsigned char *wrappedkey = NULL;
size_t wrappedkeylen;
unsigned char *key = NULL;
size_t keylen, realkeylen;
gcry_sexp_t s_skey = NULL;
*r_key = NULL;
if (opt.verbose)
log_info ("key %s: asking agent for the secret parts\n", hexgrip);
{
char * prompt = gpg_format_keydesc (ctrl, NULL, FORMAT_KEYDESC_KEYGRIP, 1);
err = agent_export_key (ctrl, hexgrip, prompt, 0, NULL,
&wrappedkey, &wrappedkeylen,
NULL, NULL, 0);
xfree (prompt);
}
if (err)
goto leave;
if (wrappedkeylen < 24)
{
err = gpg_error (GPG_ERR_INV_LENGTH);
goto leave;
}
keylen = wrappedkeylen - 8;
key = xtrymalloc_secure (keylen);
if (!key)
{
err = gpg_error_from_syserror ();
goto leave;
}
err = gcry_cipher_decrypt (cipherhd, key, keylen, wrappedkey, wrappedkeylen);
if (err)
goto leave;
realkeylen = gcry_sexp_canon_len (key, keylen, NULL, &err);
if (!realkeylen)
goto leave; /* Invalid csexp. */
err = gcry_sexp_sscan (&s_skey, NULL, key, realkeylen);
if (!err)
{
gcry_log_debugsxp ("skey", s_skey);
*r_key = s_skey;
s_skey = NULL;
}
leave:
gcry_sexp_release (s_skey);
xfree (key);
xfree (wrappedkey);
if (err)
{
log_error ("key %s: error receiving key from agent:"
" %s%s\n", hexgrip, gpg_strerror (err),
"");
}
return err;
}
/* Export the key identified by USERID in the SSH secret key format.
* The USERID must be given in keygrip format (prefixed with a '&')
* and thus no OpenPGP key is required. The exported key is not
@ -2827,7 +2781,8 @@ export_secret_ssh_key (ctrl_t ctrl, const char *userid)
if ((err = get_keywrap_key (ctrl, &cipherhd)))
goto leave;
err = receive_raw_seckey_from_agent (ctrl, cipherhd, hexgrip, &skey);
err = receive_seckey_from_agent (ctrl, cipherhd, 0, NULL, hexgrip, NULL,
&skey);
if (err)
goto leave;

View File

@ -5287,7 +5287,7 @@ card_store_key_with_backup (ctrl_t ctrl, PKT_public_key *sub_psk,
}
err = receive_seckey_from_agent (ctrl, cipherhd, 0,
&cache_nonce, hexgrip, sk);
&cache_nonce, hexgrip, sk, NULL);
if (err)
{
log_error ("error getting secret key from agent: %s\n",

View File

@ -434,7 +434,7 @@ gpg_error_t receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
int cleartext,
char **cache_nonce_addr,
const char *hexgrip,
PKT_public_key *pk);
PKT_public_key *pk, gcry_sexp_t *r_key);
gpg_error_t write_keyblock_to_output (kbnode_t keyblock,
int with_armor, unsigned int options);