From 91056b1976bfb7b755e53b1302f4ede2b5cbc05d Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 21 Jun 2010 10:01:24 +0000 Subject: [PATCH] Implement export of pkcs#12 objects using a direct agent connection. --- agent/ChangeLog | 8 +- agent/command.c | 102 +++++++++- agent/protect-tool.c | 105 ++-------- common/ChangeLog | 10 + common/sexputil.c | 6 +- common/util.h | 7 +- configure.ac | 2 +- sm/ChangeLog | 18 ++ sm/call-agent.c | 61 +++++- sm/export.c | 475 +++++++++++++++++++++---------------------- sm/gpgsm.c | 46 +---- sm/gpgsm.h | 8 +- sm/import.c | 9 +- sm/minip12.c | 7 +- sm/minip12.h | 2 +- 15 files changed, 458 insertions(+), 408 deletions(-) diff --git a/agent/ChangeLog b/agent/ChangeLog index 7ea18d943..fd0f7105c 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,9 @@ +2010-06-18 Werner Koch + + * protect-tool.c (store_private_key, rsa_key_check): + + * command.c (cmd_export_key): New. + 2010-06-15 Werner Koch * command.c (cmd_keywrap_key, cmd_import_key): New. @@ -2652,7 +2658,7 @@ Fri Aug 18 14:27:14 CEST 2000 Werner Koch Copyright 2001, 2002, 2003, 2004, 2005, - 2007, 2008, 2009 Free Software Foundation, Inc. + 2007, 2008, 2009, 2010 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/agent/command.c b/agent/command.c index 9bd5ce5c3..3a3b61ba8 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1,6 +1,6 @@ /* command.c - gpg-agent command handler * Copyright (C) 2001, 2002, 2003, 2004, 2005, - * 2006, 2008, 2009 Free Software Foundation, Inc. + * 2006, 2008, 2009, 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -38,6 +38,8 @@ #include #include "i18n.h" + + /* Maximum allowed size of the inquired ciphertext. */ #define MAXLEN_CIPHERTEXT 4096 /* Maximum allowed size of the key parameters. */ @@ -564,7 +566,7 @@ cmd_sigkey (assuan_context_t ctx, char *line) static const char hlp_setkeydesc[] = "SETKEYDESC plus_percent_escaped_string\n" "\n" - "Set a description to be used for the next PKSIGN or PKDECRYPT\n" + "Set a description to be used for the next PKSIGN, PKDECRYPT or EXPORT_KEY\n" "operation if this operation requires the entry of a passphrase. If\n" "this command is not used a default text will be used. Note, that\n" "this description implictly selects the label used for the entry\n" @@ -573,8 +575,8 @@ static const char hlp_setkeydesc[] = "\"passphrase\" is used. The description string should not contain\n" "blanks unless they are percent or '+' escaped.\n" "\n" - "The description is only valid for the next PKSIGN or PKDECRYPT\n" - "operation."; + "The description is only valid for the next PKSIGN, PKDECRYPT or\n" + "EXPORT_KEY operation."; static gpg_error_t cmd_setkeydesc (assuan_context_t ctx, char *line) { @@ -1481,7 +1483,7 @@ cmd_import_key (assuan_context_t ctx, char *line) if (!ctrl->server_local->import_key) { - err = gpg_error (GPG_ERR_BAD_KEY); + err = gpg_error (GPG_ERR_MISSING_KEY); goto leave; } @@ -1562,15 +1564,97 @@ cmd_import_key (assuan_context_t ctx, char *line) static const char hlp_export_key[] = - "EXPORT_KEY\n" - "\n"; + "EXPORT_KEY \n" + "\n" + "Export a secret key from the key store. The key will be encrypted\n" + "using the current session's key wrapping key (cf. command KEYWRAP_KEY)\n" + "using the AESWRAP-128 algorithm. The caller needs to retrieve that key\n" + "prior to using this command. The function takes the keygrip as argument.\n"; static gpg_error_t cmd_export_key (assuan_context_t ctx, char *line) { - gpg_error_t err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + ctrl_t ctrl = assuan_get_pointer (ctx); + gpg_error_t err; + unsigned char grip[20]; + gcry_sexp_t s_skey = NULL; + unsigned char *key = NULL; + size_t keylen; + gcry_cipher_hd_t cipherhd = NULL; + unsigned char *wrappedkey = NULL; + size_t wrappedkeylen; + if (!ctrl->server_local->export_key) + { + err = gpg_error (GPG_ERR_MISSING_KEY); + goto leave; + } - /* leave: */ + err = parse_keygrip (ctx, line, grip); + if (err) + goto leave; + + if (agent_key_available (grip)) + { + err = gpg_error (GPG_ERR_NO_SECKEY); + goto leave; + } + + err = agent_key_from_file (ctrl, ctrl->server_local->keydesc, grip, + NULL, CACHE_MODE_IGNORE, NULL, &s_skey); + if (err) + goto leave; + if (!s_skey) + { + /* Key is on a smartcard. Actually we should not see this here + because we do not pass a shadow_info variable to the above + function, thus it will return this error directly. */ + err = gpg_error (GPG_ERR_UNUSABLE_SECKEY); + goto leave; + } + + err = make_canon_sexp_pad (s_skey, 1, &key, &keylen); + if (err) + goto leave; + gcry_sexp_release (s_skey); + s_skey = NULL; + + err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128, + GCRY_CIPHER_MODE_AESWRAP, 0); + if (err) + goto leave; + err = gcry_cipher_setkey (cipherhd, + ctrl->server_local->export_key, KEYWRAP_KEYSIZE); + if (err) + goto leave; + + wrappedkeylen = keylen + 8; + wrappedkey = xtrymalloc (wrappedkeylen); + if (!wrappedkey) + { + err = gpg_error_from_syserror (); + goto leave; + } + + err = gcry_cipher_encrypt (cipherhd, wrappedkey, wrappedkeylen, key, keylen); + if (err) + goto leave; + xfree (key); + key = NULL; + gcry_cipher_close (cipherhd); + cipherhd = NULL; + + assuan_begin_confidential (ctx); + err = assuan_send_data (ctx, wrappedkey, wrappedkeylen); + assuan_end_confidential (ctx); + + + leave: + xfree (wrappedkey); + gcry_cipher_close (cipherhd); + xfree (key); + gcry_sexp_release (s_skey); + xfree (ctrl->server_local->keydesc); + ctrl->server_local->keydesc = NULL; return leave_cmd (ctx, err); } diff --git a/agent/protect-tool.c b/agent/protect-tool.c index 48186d2ac..f3fe1a8d8 100644 --- a/agent/protect-tool.c +++ b/agent/protect-tool.c @@ -544,88 +544,6 @@ show_keygrip (const char *fname) } -static int -rsa_key_check (struct rsa_secret_key_s *skey) -{ - int err = 0; - gcry_mpi_t t = gcry_mpi_snew (0); - gcry_mpi_t t1 = gcry_mpi_snew (0); - gcry_mpi_t t2 = gcry_mpi_snew (0); - gcry_mpi_t phi = gcry_mpi_snew (0); - - /* check that n == p * q */ - gcry_mpi_mul (t, skey->p, skey->q); - if (gcry_mpi_cmp( t, skey->n) ) - { - log_error ("RSA oops: n != p * q\n"); - err++; - } - - /* check that p is less than q */ - if (gcry_mpi_cmp (skey->p, skey->q) > 0) - { - gcry_mpi_t tmp; - - log_info ("swapping secret primes\n"); - tmp = gcry_mpi_copy (skey->p); - gcry_mpi_set (skey->p, skey->q); - gcry_mpi_set (skey->q, tmp); - gcry_mpi_release (tmp); - /* and must recompute u of course */ - gcry_mpi_invm (skey->u, skey->p, skey->q); - } - - /* check that e divides neither p-1 nor q-1 */ - gcry_mpi_sub_ui (t, skey->p, 1 ); - gcry_mpi_div (NULL, t, t, skey->e, 0); - if (!gcry_mpi_cmp_ui( t, 0) ) - { - log_error ("RSA oops: e divides p-1\n"); - err++; - } - gcry_mpi_sub_ui (t, skey->q, 1); - gcry_mpi_div (NULL, t, t, skey->e, 0); - if (!gcry_mpi_cmp_ui( t, 0)) - { - log_info ( "RSA oops: e divides q-1\n" ); - err++; - } - - /* check that d is correct. */ - gcry_mpi_sub_ui (t1, skey->p, 1); - gcry_mpi_sub_ui (t2, skey->q, 1); - gcry_mpi_mul (phi, t1, t2); - gcry_mpi_invm (t, skey->e, phi); - if (gcry_mpi_cmp (t, skey->d)) - { /* no: try universal exponent. */ - gcry_mpi_gcd (t, t1, t2); - gcry_mpi_div (t, NULL, phi, t, 0); - gcry_mpi_invm (t, skey->e, t); - if (gcry_mpi_cmp (t, skey->d)) - { - log_error ("RSA oops: bad secret exponent\n"); - err++; - } - } - - /* check for correctness of u */ - gcry_mpi_invm (t, skey->p, skey->q); - if (gcry_mpi_cmp (t, skey->u)) - { - log_info ( "RSA oops: bad u parameter\n"); - err++; - } - - if (err) - log_info ("RSA secret key check failed\n"); - - gcry_mpi_release (t); - gcry_mpi_release (t1); - gcry_mpi_release (t2); - gcry_mpi_release (phi); - - return err? -1:0; -} #if 0 /* A callback used by p12_parse to return a certificate. */ @@ -789,6 +707,7 @@ import_p12_file (const char *fname) +#if 0 static gcry_mpi_t * sexp_to_kparms (gcry_sexp_t sexp) { @@ -842,20 +761,20 @@ sexp_to_kparms (gcry_sexp_t sexp) gcry_sexp_release (list); return array; } - +#endif /* Check whether STRING is a KEYGRIP, i.e has the correct length and does only consist of uppercase hex characters. */ -static int -is_keygrip (const char *string) -{ - int i; +/* static int */ +/* is_keygrip (const char *string) */ +/* { */ +/* int i; */ - for(i=0; string[i] && i < 41; i++) - if (!strchr("01234567890ABCDEF", string[i])) - return 0; - return i == 40; -} +/* for(i=0; string[i] && i < 41; i++) */ +/* if (!strchr("01234567890ABCDEF", string[i])) */ +/* return 0; */ +/* return i == 40; */ +/* } */ #if 0 @@ -1195,6 +1114,7 @@ release_passphrase (char *pw) } } +#if 0 static int store_private_key (const unsigned char *grip, const void *buffer, size_t length, int force) @@ -1257,3 +1177,4 @@ store_private_key (const unsigned char *grip, xfree (fname); return 0; } +#endif diff --git a/common/ChangeLog b/common/ChangeLog index e5815738c..1f5637845 100644 --- a/common/ChangeLog +++ b/common/ChangeLog @@ -1,3 +1,13 @@ +2010-06-21 Werner Koch + + * util.h (xfree_fnc): New. + +2010-06-18 Werner Koch + + * util.h (GPG_ERR_MISSING_KEY) [!GPG_ERR_MISSING_KEY]: New. + + * sexputil.c (make_canon_sexp_pad): Add arg SECURE. + 2010-06-17 Werner Koch * sexputil.c (make_canon_sexp_pad): New. diff --git a/common/sexputil.c b/common/sexputil.c index b336145c4..1e9c766e9 100644 --- a/common/sexputil.c +++ b/common/sexputil.c @@ -72,9 +72,9 @@ make_canon_sexp (gcry_sexp_t sexp, unsigned char **r_buffer, size_t *r_buflen) /* Same as make_canon_sexp but pad the buffer to multiple of 64 - bits. */ + bits. If SECURE is set, secure memory will be allocated. */ gpg_error_t -make_canon_sexp_pad (gcry_sexp_t sexp, +make_canon_sexp_pad (gcry_sexp_t sexp, int secure, unsigned char **r_buffer, size_t *r_buflen) { size_t len; @@ -88,7 +88,7 @@ make_canon_sexp_pad (gcry_sexp_t sexp, if (!len) return gpg_error (GPG_ERR_BUG); len += (8 - len % 8) % 8; - buf = xtrycalloc (1, len); + buf = secure? xtrycalloc_secure (1, len) : xtrycalloc (1, len); if (!buf) return gpg_error_from_syserror (); if (!gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, buf, len)) diff --git a/common/util.h b/common/util.h index 519bc5d68..2735cef3d 100644 --- a/common/util.h +++ b/common/util.h @@ -23,6 +23,10 @@ #include /* We need this for the memory function protos. */ #include /* We need errno. */ #include /* We need gpg_error_t. */ +/* Add error codes available only in newer versions of libgpg-error. */ +#ifndef GPG_ERR_MISSING_KEY +#define GPG_ERR_MISSING_KEY 181 +#endif /* Hash function used with libksba. */ #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write) @@ -77,6 +81,7 @@ typedef char **rl_completion_func_t (const char *, int, int); #define xtryrealloc(a,b) gcry_realloc ((a),(b)) #define xtrystrdup(a) gcry_strdup ((a)) #define xfree(a) gcry_free ((a)) +#define xfree_fnc gcry_free #define xmalloc(a) gcry_xmalloc ((a)) #define xmalloc_secure(a) gcry_xmalloc_secure ((a)) @@ -146,7 +151,7 @@ gpg_error_t b64dec_finish (struct b64state *state); /*-- sexputil.c */ gpg_error_t make_canon_sexp (gcry_sexp_t sexp, unsigned char **r_buffer, size_t *r_buflen); -gpg_error_t make_canon_sexp_pad (gcry_sexp_t sexp, +gpg_error_t make_canon_sexp_pad (gcry_sexp_t sexp, int secure, unsigned char **r_buffer, size_t *r_buflen); gpg_error_t keygrip_from_canon_sexp (const unsigned char *key, size_t keylen, unsigned char *grip); diff --git a/configure.ac b/configure.ac index c06defd77..24ff41235 100644 --- a/configure.ac +++ b/configure.ac @@ -40,7 +40,7 @@ AC_INIT([gnupg], # sufficient. development_version=no -NEED_GPG_ERROR_VERSION=1.4 +NEED_GPG_ERROR_VERSION=1.8 NEED_LIBGCRYPT_API=1 NEED_LIBGCRYPT_VERSION=1.4.0 diff --git a/sm/ChangeLog b/sm/ChangeLog index 686baca3a..02f3347d2 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,21 @@ +2010-06-21 Werner Koch + + * minip12.c (p12_build): Change arg CERT to const void ptr. + (build_cert_sequence): Change arg CERT to const ptr. + + * gpgsm.c (main) : Use to estream. + (open_fwrite): Removed. + + * export.c: Include minip12.h. + (popen_protect_tool): Remove. + (export_p12): Use gpg-agent directly. Change calling convention. + (gpgsm_p12_export): Adjust for that change. Change arg FP to an + estream_t. + (do_putc): Remove. Change callers to es_putc. + (do_fputs): Likewise. + (print_short_info): Remove arg FP. + * call-agent.c (gpgsm_agent_export_key): new. + 2010-06-17 Werner Koch * import.c (parse_p12): Remove arg retfp. Use the agent's new diff --git a/sm/call-agent.c b/sm/call-agent.c index e77f03847..3bfa9f049 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -1079,9 +1079,10 @@ gpgsm_agent_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno) /* Ask for the passphrase (this is used for pkcs#12 import/export. On success the caller needs to free the string stored at R_PASSPHRASE. On error NULL will be stored at R_PASSPHRASE and an appropriate - error code returned. */ + error code returned. If REPEAT is true the agent tries to get a + new passphrase (i.e. asks the user to confirm it). */ gpg_error_t -gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, +gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat, char **r_passphrase) { gpg_error_t err; @@ -1098,7 +1099,9 @@ gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, if (desc_msg && *desc_msg && !(arg4 = percent_plus_escape (desc_msg))) return gpg_error_from_syserror (); - snprintf (line, DIM(line)-1, "GET_PASSPHRASE --data -- X X X %s", arg4); + snprintf (line, DIM(line)-1, "GET_PASSPHRASE --data%s -- X X X %s", + repeat? " --repeat=1 --check --qualitybar":"", + arg4); xfree (arg4); init_membuf_secure (&data, 64); @@ -1201,3 +1204,55 @@ gpgsm_agent_import_key (ctrl_t ctrl, const void *key, size_t keylen) NULL, NULL, inq_import_key_parms, &parm, NULL, NULL); return err; } + + + +/* Receive a secret key from the agent. KEYGRIP is the hexified + keygrip, DESC a prompt to be displayed with the agent's passphrase + question (needs to be plus+percent escaped). On success the key is + stored as a canonical S-expression at R_RESULT and R_RESULTLEN. */ +gpg_error_t +gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip, const char *desc, + unsigned char **r_result, size_t *r_resultlen) +{ + gpg_error_t err; + membuf_t data; + size_t len; + unsigned char *buf; + char line[ASSUAN_LINELENGTH]; + + *r_result = NULL; + + err = start_agent (ctrl); + if (err) + return err; + + if (desc) + { + snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc); + err = assuan_transact (agent_ctx, line, + NULL, NULL, NULL, NULL, NULL, NULL); + if (err) + return err; + } + + snprintf (line, DIM(line)-1, "EXPORT_KEY %s", keygrip); + + init_membuf_secure (&data, 1024); + err = assuan_transact (agent_ctx, line, + membuf_data_cb, &data, + default_inq_cb, ctrl, NULL, NULL); + if (err) + { + xfree (get_membuf (&data, &len)); + return err; + } + buf = get_membuf (&data, &len); + if (!buf) + return gpg_error_from_syserror (); + *r_result = buf; + *r_resultlen = len; + return 0; +} + + diff --git a/sm/export.c b/sm/export.c index 2ded1ff62..2cae9fe7c 100644 --- a/sm/export.c +++ b/sm/export.c @@ -34,8 +34,7 @@ #include "exechelp.h" #include "i18n.h" #include "sysutils.h" - - +#include "minip12.h" /* A table to store a fingerprint as used in a duplicates table. We don't need to hash here because a fingerprint is already a perfect @@ -57,11 +56,11 @@ typedef struct duptable_s *duptable_t; #define DUPTABLE_SIZE (1 << DUPTABLE_BITS) -static void print_short_info (ksba_cert_t cert, FILE *fp, estream_t stream); +static void print_short_info (ksba_cert_t cert, estream_t stream); static gpg_error_t export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen, const char *prompt, const char *keygrip, - estream_t *retfp); + void **r_result, size_t *r_resultlen); /* Create a table used to indetify duplicated certificates. */ @@ -255,7 +254,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream) { if (count) es_putc ('\n', stream); - print_short_info (cert, NULL, stream); + print_short_info (cert, stream); es_putc ('\n', stream); } count++; @@ -317,23 +316,22 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream) } -/* Export a certificates and its private key. */ +/* Export a certificate and its private key. */ void -gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp) +gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream) { + gpg_error_t err = 0; KEYDB_HANDLE hd; KEYDB_SEARCH_DESC *desc = NULL; Base64Context b64writer = NULL; ksba_writer_t writer; ksba_cert_t cert = NULL; - int rc=0; const unsigned char *image; size_t imagelen; char *keygrip = NULL; char *prompt; - char buffer[1024]; - int nread; - estream_t datafp = NULL; + void *data; + size_t datalen; hd = keydb_new (0); @@ -351,28 +349,28 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp) goto leave; } - rc = classify_user_id (name, desc); - if (rc) + err = classify_user_id (name, desc); + if (err) { log_error ("key `%s' not found: %s\n", - name, gpg_strerror (rc)); + name, gpg_strerror (err)); goto leave; } /* Lookup the certificate and make sure that it is unique. */ - rc = keydb_search (hd, desc, 1); - if (!rc) + err = keydb_search (hd, desc, 1); + if (!err) { - rc = keydb_get_cert (hd, &cert); - if (rc) + err = keydb_get_cert (hd, &cert); + if (err) { - log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc)); + log_error ("keydb_get_cert failed: %s\n", gpg_strerror (err)); goto leave; } next_ambiguous: - rc = keydb_search (hd, desc, 1); - if (!rc) + err = keydb_search (hd, desc, 1); + if (!err) { ksba_cert_t cert2 = NULL; @@ -385,14 +383,14 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp) } ksba_cert_release (cert2); } - rc = gpg_error (GPG_ERR_AMBIGUOUS_NAME); + err = gpg_error (GPG_ERR_AMBIGUOUS_NAME); } - else if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF) - rc = 0; - if (rc) + else if (err == -1 || gpg_err_code (err) == GPG_ERR_EOF) + err = 0; + if (err) { log_error ("key `%s' not found: %s\n", - name, gpg_strerror (rc)); + name, gpg_strerror (err)); goto leave; } } @@ -401,8 +399,8 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp) if (!keygrip || gpgsm_agent_havekey (ctrl, keygrip)) { /* Note, that the !keygrip case indicates a bad certificate. */ - rc = gpg_error (GPG_ERR_NO_SECKEY); - log_error ("can't export key `%s': %s\n", name, gpg_strerror (rc)); + err = gpg_error (GPG_ERR_NO_SECKEY); + log_error ("can't export key `%s': %s\n", name, gpg_strerror (err)); goto leave; } @@ -415,51 +413,44 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp) if (ctrl->create_pem) { - print_short_info (cert, fp, NULL); - putc ('\n', fp); + print_short_info (cert, stream); + es_putc ('\n', stream); } if (opt.p12_charset && ctrl->create_pem) { - fprintf (fp, "The passphrase is %s encoded.\n\n", - opt.p12_charset); + es_fprintf (stream, "The passphrase is %s encoded.\n\n", + opt.p12_charset); } ctrl->pem_name = "PKCS12"; - rc = gpgsm_create_writer (&b64writer, ctrl, fp, NULL, &writer); - if (rc) + err = gpgsm_create_writer (&b64writer, ctrl, NULL, stream, &writer); + if (err) { - log_error ("can't create writer: %s\n", gpg_strerror (rc)); + log_error ("can't create writer: %s\n", gpg_strerror (err)); goto leave; } - prompt = gpgsm_format_keydesc (cert); - rc = export_p12 (ctrl, image, imagelen, prompt, keygrip, &datafp); + err = export_p12 (ctrl, image, imagelen, prompt, keygrip, &data, &datalen); xfree (prompt); - if (rc) + if (err) goto leave; - es_rewind (datafp); - while ( (nread = es_fread (buffer, 1, sizeof buffer, datafp)) > 0 ) - if ((rc = ksba_writer_write (writer, buffer, nread))) - { - log_error ("write failed: %s\n", gpg_strerror (rc)); - goto leave; - } - if (es_ferror (datafp)) + err = ksba_writer_write (writer, data, datalen); + xfree (data); + if (err) { - rc = gpg_error_from_syserror (); - log_error ("error reading temporary file: %s\n", gpg_strerror (rc)); + log_error ("write failed: %s\n", gpg_strerror (err)); goto leave; } if (ctrl->create_pem) { /* We want one certificate per PEM block */ - rc = gpgsm_finish_writer (b64writer); - if (rc) + err = gpgsm_finish_writer (b64writer); + if (err) { - log_error ("write failed: %s\n", gpg_strerror (rc)); + log_error ("write failed: %s\n", gpg_strerror (err)); goto leave; } gpgsm_destroy_writer (b64writer); @@ -470,7 +461,6 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp) cert = NULL; leave: - es_fclose (datafp); gpgsm_destroy_writer (b64writer); ksba_cert_release (cert); xfree (desc); @@ -478,30 +468,9 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp) } -/* Call either es_putc or the plain putc. */ -static void -do_putc (int value, FILE *fp, estream_t stream) -{ - if (stream) - es_putc (value, stream); - else - putc (value, fp); -} - -/* Call either es_fputs or the plain fputs. */ -static void -do_fputs (const char *string, FILE *fp, estream_t stream) -{ - if (stream) - es_fputs (string, stream); - else - fputs (string, fp); -} - - /* Print some info about the certifciate CERT to FP or STREAM */ static void -print_short_info (ksba_cert_t cert, FILE *fp, estream_t stream) +print_short_info (ksba_cert_t cert, estream_t stream) { char *p; ksba_sexp_t sexp; @@ -509,18 +478,15 @@ print_short_info (ksba_cert_t cert, FILE *fp, estream_t stream) for (idx=0; (p = ksba_cert_get_issuer (cert, idx)); idx++) { - do_fputs ((!idx + es_fputs ((!idx ? "Issuer ...: " - : "\n aka ...: "), fp, stream); - if (stream) - gpgsm_es_print_name (stream, p); - else - gpgsm_print_name (fp, p); + : "\n aka ...: "), stream); + gpgsm_es_print_name (stream, p); xfree (p); } - do_putc ('\n', fp, stream); + es_putc ('\n', stream); - do_fputs ("Serial ...: ", fp, stream); + es_fputs ("Serial ...: ", stream); sexp = ksba_cert_get_serial (cert); if (sexp) { @@ -533,199 +499,208 @@ print_short_info (ksba_cert_t cert, FILE *fp, estream_t stream) for (len=0; *s && *s != ':' && digitp (s); s++) len = len*10 + atoi_1 (s); if (*s == ':') - { - if (stream) - es_write_hexstring (stream, s+1, len, 0, NULL); - else - print_hexstring (fp, s+1, len, 0); - } + es_write_hexstring (stream, s+1, len, 0, NULL); } xfree (sexp); } - do_putc ('\n', fp, stream); + es_putc ('\n', stream); for (idx=0; (p = ksba_cert_get_subject (cert, idx)); idx++) { - do_fputs ((!idx + es_fputs ((!idx ? "Subject ..: " - : "\n aka ..: "), fp, stream); - if (stream) - gpgsm_es_print_name (stream, p); - else - gpgsm_print_name (fp, p); + : "\n aka ..: "), stream); + gpgsm_es_print_name (stream, p); xfree (p); } - do_putc ('\n', fp, stream); + es_putc ('\n', stream); } -static gpg_error_t -popen_protect_tool (ctrl_t ctrl, const char *pgmname, - estream_t infile, estream_t outfile, - estream_t *statusfile, - const char *prompt, const char *keygrip, - pid_t *pid) + +/* Parse a private key S-expression and retutn a malloced array with + the RSA paramaters in pkcs#12 order. The caller needs to + deep-release this array. */ +static gcry_mpi_t * +sexp_to_kparms (gcry_sexp_t sexp) { - const char *argv[22]; - int i=0; + gcry_sexp_t list, l2; + const char *name; + const char *s; + size_t n; + int idx; + const char *elems; + gcry_mpi_t *array; - /* Make sure that the agent is running so that the protect tool is - able to ask for a passphrase. This has only an effect under W32 - where the agent is started on demand; sending a NOP does not harm - on other platforms. This is not really necessary anymore because - the protect tool does this now by itself; it does not harm either.*/ - gpgsm_agent_send_nop (ctrl); - - argv[i++] = "--homedir"; - argv[i++] = opt.homedir; - argv[i++] = "--p12-export"; - argv[i++] = "--have-cert"; - argv[i++] = "--prompt"; - argv[i++] = prompt?prompt:""; - argv[i++] = "--enable-status-msg"; - if (opt.p12_charset) + list = gcry_sexp_find_token (sexp, "private-key", 0 ); + if(!list) + return NULL; + l2 = gcry_sexp_cadr (list); + gcry_sexp_release (list); + list = l2; + name = gcry_sexp_nth_data (list, 0, &n); + if(!name || n != 3 || memcmp (name, "rsa", 3)) { - argv[i++] = "--p12-charset"; - argv[i++] = opt.p12_charset; + gcry_sexp_release (list); + return NULL; } - if (opt.agent_program) - { - argv[i++] = "--agent-program"; - argv[i++] = opt.agent_program; - } - argv[i++] = "--", - argv[i++] = keygrip, - argv[i] = NULL; - assert (i < sizeof argv); - return gnupg_spawn_process (pgmname, argv, infile, outfile, - setup_pinentry_env, (128|64), - statusfile, pid); + /* Parameter names used with RSA in the pkcs#12 order. */ + elems = "nedqp--u"; + array = xtrycalloc (strlen(elems) + 1, sizeof *array); + if (!array) + { + gcry_sexp_release (list); + return NULL; + } + for (idx=0, s=elems; *s; s++, idx++ ) + { + if (*s == '-') + continue; /* Computed below */ + l2 = gcry_sexp_find_token (list, s, 1); + if (l2) + { + array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); + gcry_sexp_release (l2); + } + if (!array[idx]) /* Required parameter not found or invalid. */ + { + for (idx=0; array[idx]; idx++) + gcry_mpi_release (array[idx]); + xfree (array); + gcry_sexp_release (list); + return NULL; + } + } + gcry_sexp_release (list); + + array[5] = gcry_mpi_snew (0); /* compute d mod (q-1) */ + gcry_mpi_sub_ui (array[5], array[3], 1); + gcry_mpi_mod (array[5], array[2], array[5]); + + array[6] = gcry_mpi_snew (0); /* compute d mod (p-1) */ + gcry_mpi_sub_ui (array[6], array[4], 1); + gcry_mpi_mod (array[6], array[3], array[6]); + + return array; } static gpg_error_t export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen, - const char *prompt, const char *keygrip, estream_t *retfp) + const char *prompt, const char *keygrip, + void **r_result, size_t *r_resultlen) { - const char *pgmname; - gpg_error_t err = 0, child_err = 0; - int c, cont_line; - unsigned int pos; - estream_t infp = NULL; - estream_t fp = NULL; - estream_t outfp = NULL; - char buffer[1024]; - pid_t pid = -1; - int bad_pass = 0; + gpg_error_t err = 0; + void *kek = NULL; + size_t keklen; + unsigned char *wrappedkey = NULL; + size_t wrappedkeylen; + gcry_cipher_hd_t cipherhd = NULL; + gcry_sexp_t s_skey = NULL; + gcry_mpi_t *kparms = NULL; + unsigned char *key = NULL; + size_t keylen; + char *passphrase = NULL; + unsigned char *result = NULL; + size_t resultlen; + int i; - if (!opt.protect_tool_program || !*opt.protect_tool_program) - pgmname = gnupg_module_name (GNUPG_MODULE_NAME_PROTECT_TOOL); - else - pgmname = opt.protect_tool_program; + *r_result = NULL; - infp = es_tmpfile (); - if (!infp) - { - err = gpg_error_from_syserror (); - log_error (_("error creating temporary file: %s\n"), strerror (errno)); - goto cleanup; - } - - if (es_fwrite (certimg, certimglen, 1, infp) != 1) - { - err = gpg_error_from_syserror (); - log_error (_("error writing to temporary file: %s\n"), - strerror (errno)); - goto cleanup; - } - - outfp = es_tmpfile (); - if (!outfp) - { - err = gpg_error_from_syserror (); - log_error (_("error creating temporary file: %s\n"), strerror (errno)); - goto cleanup; - } - - err = popen_protect_tool (ctrl, - pgmname, infp, outfp, &fp, prompt, keygrip, &pid); + /* Get the current KEK. */ + err = gpgsm_agent_keywrap_key (ctrl, 1, &kek, &keklen); if (err) { - pid = -1; - goto cleanup; - } - es_fclose (infp); - infp = NULL; - - /* Read stderr of the protect tool. */ - pos = 0; - cont_line = 0; - while ((c=es_getc (fp)) != EOF) - { - /* fixme: We could here grep for status information of the - protect tool to figure out better error codes for - CHILD_ERR. */ - buffer[pos++] = c; - if (pos >= sizeof buffer - 5 || c == '\n') - { - buffer[pos - (c == '\n')] = 0; - if (cont_line) - log_printf ("%s", buffer); - else - { - if (!strncmp (buffer, "gpg-protect-tool: [PROTECT-TOOL:] ",34)) - { - char *p, *pend; - - p = buffer + 34; - pend = strchr (p, ' '); - if (pend) - *pend = 0; - if ( !strcmp (p, "bad-passphrase")) - bad_pass++; - } - else - log_info ("%s", buffer); - } - pos = 0; - cont_line = (c != '\n'); - } + log_error ("error getting the KEK: %s\n", gpg_strerror (err)); + goto leave; } - if (pos) - { - buffer[pos] = 0; - if (cont_line) - log_printf ("%s\n", buffer); - else - log_info ("%s\n", buffer); - } - else if (cont_line) - log_printf ("\n"); - - /* If we found no error in the output of the child, setup a suitable - error code, which will later be reset if the exit status of the - child is 0. */ - if (!child_err) - child_err = gpg_error (GPG_ERR_DECRYPT_FAILED); - - cleanup: - es_fclose (infp); - es_fclose (fp); - if (pid != -1) - { - if (!gnupg_wait_process (pgmname, pid, 0, NULL)) - child_err = 0; - gnupg_release_process (pid); - } - if (!err) - err = child_err; + /* Receive the wrapped key from the agent. */ + err = gpgsm_agent_export_key (ctrl, keygrip, prompt, + &wrappedkey, &wrappedkeylen); if (err) - es_fclose (outfp); - else - *retfp = outfp; - if (bad_pass) + goto leave; + + + /* Unwrap the key. */ + err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128, + GCRY_CIPHER_MODE_AESWRAP, 0); + if (err) + goto leave; + err = gcry_cipher_setkey (cipherhd, kek, keklen); + if (err) + goto leave; + xfree (kek); + kek = NULL; + + if (wrappedkeylen < 24) + { + err = gpg_error (GPG_ERR_INV_LENGTH); + goto leave; + } + keylen = wrappedkeylen - 8; + key = xtrymalloc_secure (keylen); + if (!key) + { + err = gpg_error_from_syserror (); + goto leave; + } + err = gcry_cipher_decrypt (cipherhd, key, keylen, wrappedkey, wrappedkeylen); + if (err) + goto leave; + xfree (wrappedkey); + wrappedkey = NULL; + gcry_cipher_close (cipherhd); + cipherhd = NULL; + + + /* Convert to a gcrypt S-expression. */ + err = gcry_sexp_create (&s_skey, key, keylen, 0, xfree_fnc); + if (err) + goto leave; + key = NULL; /* Key is now owned by S_KEY. */ + + /* Get the parameters from the S-expression. */ + kparms = sexp_to_kparms (s_skey); + gcry_sexp_release (s_skey); + s_skey = NULL; + if (!kparms) + { + log_error ("error converting key parameters\n"); + err = GPG_ERR_BAD_SECKEY; + goto leave; + } + + err = gpgsm_agent_ask_passphrase + (ctrl, + i18n_utf8 ("Please enter the passphrase to protect the " + "new PKCS#12 object."), + 1, &passphrase); + if (err) + goto leave; + + result = p12_build (kparms, certimg, certimglen, passphrase, + opt.p12_charset, &resultlen); + xfree (passphrase); + passphrase = NULL; + if (!result) + err = gpg_error (GPG_ERR_GENERAL); + + leave: + xfree (key); + gcry_sexp_release (s_skey); + if (kparms) + { + for (i=0; kparms[i]; i++) + gcry_mpi_release (kparms[i]); + xfree (kparms); + } + gcry_cipher_close (cipherhd); + xfree (wrappedkey); + xfree (kek); + + if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE) { /* During export this is the passphrase used to unprotect the key and not the pkcs#12 thing as in export. Therefore we can @@ -733,6 +708,16 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen, zero keyid by a regular one. */ gpgsm_status (ctrl, STATUS_BAD_PASSPHRASE, "0000000000000000"); } + + if (err) + { + xfree (result); + } + else + { + *r_result = result; + *r_resultlen = resultlen; + } return err; } diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 41215b08d..819e28436 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -435,7 +435,6 @@ static void emergency_cleanup (void); static int check_special_filename (const char *fname, int for_write); static int open_read (const char *filename); static estream_t open_es_fread (const char *filename, const char *mode); -static FILE *open_fwrite (const char *filename); static estream_t open_es_fwrite (const char *filename); static void run_protect_tool (int argc, char **argv); @@ -1877,14 +1876,14 @@ main ( int argc, char **argv) case aExportSecretKeyP12: { - FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-"); + estream_t fp = open_es_fwrite (opt.outfile?opt.outfile:"-"); if (argc == 1) gpgsm_p12_export (&ctrl, *argv, fp); else wrong_args ("--export-secret-key-p12 KEY-ID"); - if (fp != stdout) - fclose (fp); + if (fp != es_stdout) + es_fclose (fp); } break; @@ -2091,45 +2090,6 @@ open_es_fread (const char *filename, const char *mode) } -/* Open FILENAME for fwrite and return the stream. Stop with an error - message in case of problems. "-" denotes stdout and if special - filenames are allowed the given fd is opened instead. Caller must - close the returned stream unless it is stdout. */ -static FILE * -open_fwrite (const char *filename) -{ - int fd; - FILE *fp; - - if (filename[0] == '-' && !filename[1]) - { - set_binary (stdout); - return stdout; - } - - fd = check_special_filename (filename, 1); - if (fd != -1) - { -#warning replace the line below - fp = NULL; /*fdopen (dup (fd), "wb"); */ - if (!fp) - { - log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno)); - gpgsm_exit (2); - } - set_binary (fp); - return fp; - } - fp = fopen (filename, "wb"); - if (!fp) - { - log_error (_("can't open `%s': %s\n"), filename, strerror (errno)); - gpgsm_exit (2); - } - return fp; -} - - /* Open FILENAME for fwrite and return an extended stream. Stop with an error message in case of problems. "-" denotes stdout and if special filenames are allowed the given fd is opened instead. diff --git a/sm/gpgsm.h b/sm/gpgsm.h index f065bfa11..a4b5540f1 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -344,7 +344,7 @@ int gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files, /*-- export.c --*/ void gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream); -void gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp); +void gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream); /*-- delete.c --*/ int gpgsm_delete (ctrl_t ctrl, strlist_t names); @@ -406,11 +406,15 @@ gpg_error_t gpgsm_agent_send_nop (ctrl_t ctrl); gpg_error_t gpgsm_agent_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno); gpg_error_t gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, - char **r_passphrase); + int repeat, char **r_passphrase); gpg_error_t gpgsm_agent_keywrap_key (ctrl_t ctrl, int forexport, void **r_kek, size_t *r_keklen); gpg_error_t gpgsm_agent_import_key (ctrl_t ctrl, const void *key, size_t keylen); +gpg_error_t gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip, + const char *desc, + unsigned char **r_result, + size_t *r_resultlen); /*-- call-dirmngr.c --*/ int gpgsm_dirmngr_isvalid (ctrl_t ctrl, diff --git a/sm/import.c b/sm/import.c index c920ac51a..69a64f1c8 100644 --- a/sm/import.c +++ b/sm/import.c @@ -759,8 +759,9 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats) err = gpgsm_agent_ask_passphrase - (ctrl, _("Please enter the passphrase to unprotect the PKCS#12 object."), - &passphrase); + (ctrl, + i18n_utf8 ("Please enter the passphrase to unprotect the PKCS#12 object."), + 0, &passphrase); if (err) goto leave; @@ -812,7 +813,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats) kparms = NULL; if (err) { - log_error ("failed to created S-expression from key: %s\n", + log_error ("failed to create S-expression from key: %s\n", gpg_strerror (err)); goto leave; } @@ -828,7 +829,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats) /* Convert to canonical encoding using a function which pads it to a multiple of 64 bits. We need this padding for AESWRAP. */ - err = make_canon_sexp_pad (s_key, &key, &keylen); + err = make_canon_sexp_pad (s_key, 1, &key, &keylen); if (err) { log_error ("error creating canonical S-expression\n"); diff --git a/sm/minip12.c b/sm/minip12.c index f50fbd419..d340f9821 100644 --- a/sm/minip12.c +++ b/sm/minip12.c @@ -2024,7 +2024,7 @@ build_cert_bag (unsigned char *buffer, size_t buflen, char *salt, static unsigned char * -build_cert_sequence (unsigned char *buffer, size_t buflen, +build_cert_sequence (const unsigned char *buffer, size_t buflen, const unsigned char *sha1hash, const char *keyidstr, size_t *r_length) { @@ -2144,7 +2144,7 @@ build_cert_sequence (unsigned char *buffer, size_t buflen, in R_LENGTH; return NULL in case of an error. If CHARSET is not NULL, re-encode PW to that character set. */ unsigned char * -p12_build (gcry_mpi_t *kparms, unsigned char *cert, size_t certlen, +p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen, const char *pw, const char *charset, size_t *r_length) { unsigned char *buffer = NULL; @@ -2298,6 +2298,7 @@ main (int argc, char **argv) unsigned char *buf; size_t buflen; gcry_mpi_t *result; + int badpass; if (argc != 3) { @@ -2330,7 +2331,7 @@ main (int argc, char **argv) } fclose (fp); - result = p12_parse (buf, buflen, argv[2], cert_cb, NULL); + result = p12_parse (buf, buflen, argv[2], cert_cb, NULL, &badpass); if (result) { int i, rc; diff --git a/sm/minip12.h b/sm/minip12.h index f2af70957..27f24f5a1 100644 --- a/sm/minip12.h +++ b/sm/minip12.h @@ -28,7 +28,7 @@ gcry_mpi_t *p12_parse (const unsigned char *buffer, size_t length, void *certcbarg, int *r_badpass); unsigned char *p12_build (gcry_mpi_t *kparms, - unsigned char *cert, size_t certlen, + const void *cert, size_t certlen, const char *pw, const char *charset, size_t *r_length);