gpg: Fix regression in secret key export.

* agent/cvt-openpgp.c (convert_to_openpgp): Fix use gcry_sexp_extract_param. * g10/export.c (do_export_stream): Provide a proper prompt to the agent. -- NB: The export needs more work, in particular the ECC algorithms.
2025-01-26 15:37:03 +01:00 · 2014-04-15 16:40:48 +02:00 · 2014-04-15 16:40:48 +02:00 · c4d983239a
commit c4d983239a
parent e549799db6
3 changed files with 36 additions and 24 deletions
--- a/agent/command.c
+++ b/agent/command.c
@ -2147,7 +2147,7 @@ cmd_export_key (assuan_context_t ctx, char *line)

  if (!ctrl->server_local->export_key)
    {
-      err = set_error (GPG_ERR_MISSING_KEY, "did you run KEYWRAP_KEY");
+      err = set_error (GPG_ERR_MISSING_KEY, "did you run KEYWRAP_KEY ?");
      goto leave;
    }

--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@ -1,7 +1,7 @@
 /* cvt-openpgp.c - Convert an OpenPGP key to our internal format.
 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2006, 2009,
 *               2010 Free Software Foundation, Inc.
- * Copyright (C) 2013 Werner Koch
+ * Copyright (C) 2013, 2014 Werner Koch
 *
 * This file is part of GnuPG.
 *
@ -1134,7 +1134,6 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
  gcry_sexp_t list, l2;
  char *name;
  const char *algoname;
-  const char *elems;
  int npkey, nskey;
  gcry_mpi_t array[10];
  char protect_iv[16];
@ -1170,55 +1169,62 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
    {
      algoname = "rsa";
      npkey = 2;
-      elems = "nedpqu";
+      nskey = 6;
+      err = gcry_sexp_extract_param (list, NULL, "nedpqu",
+                                     array+0, array+1, array+2, array+3,
+                                     array+4, array+5, NULL);
    }
  else if (!strcmp (name, "elg"))
    {
      algoname = "elg";
      npkey = 3;
-      elems = "pgyx";
+      nskey = 4;
+      err = gcry_sexp_extract_param (list, NULL, "pgyx",
+                                     array+0, array+1, array+2, array+3,
+                                     NULL);
    }
  else if (!strcmp (name, "dsa"))
    {
      algoname = "dsa";
      npkey = 4;
-      elems = "pqgyx";
+      nskey = 5;
+      err = gcry_sexp_extract_param (list, NULL, "pqgyx",
+                                     array+0, array+1, array+2, array+3,
+                                     array+4, NULL);
    }
  else if (!strcmp (name, "ecc"))
    {
+      /* FIXME: We need to use the curve parameter.  */
      algoname = "?"; /* Decide later by checking the usage.  */
      npkey = 6;
-      elems = "pabgnqd";
+      nskey = 7;
+      err = gcry_sexp_extract_param (list, NULL, "pabgnqd",
+                                     array+0, array+1, array+2, array+3,
+                                     array+4, array+5, array+6, NULL);
    }
  else if (!strcmp (name, "ecdsa"))
    {
      algoname = "ecdsa";
      npkey = 6;
-      elems = "pabgnqd";
+      nskey = 7;
+      err = gcry_sexp_extract_param (list, NULL, "pabgnqd",
+                                     array+0, array+1, array+2, array+3,
+                                     array+4, array+5, array+6, NULL);
    }
  else if (!strcmp (name, "ecdh"))
    {
      algoname = "ecdh";
      npkey = 6;
-      elems = "pabgnqd";
+      nskey= 7;
+      err = gcry_sexp_extract_param (list, NULL, "pabgnqd",
+                                     array+0, array+1, array+2, array+3,
+                                     array+4, array+5, array+6, NULL);
    }
  else
    {
-      algoname = "";
-      npkey = 0;
-      elems = NULL;
+      err = gpg_error (GPG_ERR_PUBKEY_ALGO);
    }
  xfree (name);
-  assert (!elems || strlen (elems) < DIM (array) );
-  nskey = elems? strlen (elems) : 0;
-
-  /* Extract the parameters and put them into an array.  */
-  if (!elems)
-    err = gpg_error (GPG_ERR_PUBKEY_ALGO);
-  else
-    err = gcry_sexp_extract_param (list, NULL, elems,
-                                   array+0, array+1, array+2, array+3, array+4,
-                                   array+5, array+6, NULL);
  gcry_sexp_release (list);
  if (err)
    return err;
--- a/g10/export.c
+++ b/g10/export.c
@ -830,6 +830,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
          log_error ("public key packet not found in keyblock - skipped\n");
          continue;
        }
+      setup_main_keyids (keyblock);  /* gpg_format_keydesc needs it.  */
      pk = node->pkt->pkt.public_key;
      keyid_from_pk (pk, keyid);

@ -1077,8 +1078,13 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
                    log_info ("key %s: asking agent for the secret parts\n",
                              keystr_with_sub (keyid, subkid));

-                  err = agent_export_key (ctrl, hexgrip, "Key foo", NULL,
-                                          &wrappedkey, &wrappedkeylen);
+                  {
+                    char *prompt = gpg_format_keydesc (pk,
+                                                       FORMAT_KEYDESC_EXPORT,1);
+                    err = agent_export_key (ctrl, hexgrip, prompt, NULL,
+                                            &wrappedkey, &wrappedkeylen);
+                    xfree (prompt);
+                  }
                  if (err)
                    goto unwraperror;
                  if (wrappedkeylen < 24)