security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-26 15:37:03 +01:00
Code Activity

gpg: Fix regression in secret key export.

Browse Source 
* agent/cvt-openpgp.c (convert_to_openpgp): Fix use
gcry_sexp_extract_param.
* g10/export.c (do_export_stream): Provide a proper prompt to the
agent.
--

NB: The export needs more work, in particular the ECC algorithms.
This commit is contained in:
Werner Koch 2014-04-15 16:40:48 +02:00
parent e549799db6
commit c4d983239a
3 changed files with 36 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
agent/command.c
View File

@ -2147,7 +2147,7 @@ cmd_export_key (assuan_context_t ctx, char *line)
if (!ctrl->server_local->export_key) if (!ctrl->server_local->export_key)
{ {
err = set_error (GPG_ERR_MISSING_KEY, "did you run KEYWRAP_KEY"); err = set_error (GPG_ERR_MISSING_KEY, "did you run KEYWRAP_KEY ?");
goto leave; goto leave;
} }

48
agent/cvt-openpgp.c
View File

@ -1,7 +1,7 @@
/* cvt-openpgp.c - Convert an OpenPGP key to our internal format. /* cvt-openpgp.c - Convert an OpenPGP key to our internal format.
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2006, 2009, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2006, 2009,
* 2010 Free Software Foundation, Inc. * 2010 Free Software Foundation, Inc.
* Copyright (C) 2013 Werner Koch * Copyright (C) 2013, 2014 Werner Koch
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -1134,7 +1134,6 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
gcry_sexp_t list, l2; gcry_sexp_t list, l2;
char *name; char *name;
const char *algoname; const char *algoname;
const char *elems;
int npkey, nskey; int npkey, nskey;
gcry_mpi_t array[10]; gcry_mpi_t array[10];
char protect_iv[16]; char protect_iv[16];
@ -1170,55 +1169,62 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
{ {
algoname = "rsa"; algoname = "rsa";
npkey = 2; npkey = 2;
elems = "nedpqu"; nskey = 6;
err = gcry_sexp_extract_param (list, NULL, "nedpqu",
array+0, array+1, array+2, array+3,
array+4, array+5, NULL);
} }
else if (!strcmp (name, "elg")) else if (!strcmp (name, "elg"))
{ {
algoname = "elg"; algoname = "elg";
npkey = 3; npkey = 3;
elems = "pgyx"; nskey = 4;
err = gcry_sexp_extract_param (list, NULL, "pgyx",
array+0, array+1, array+2, array+3,
NULL);
} }
else if (!strcmp (name, "dsa")) else if (!strcmp (name, "dsa"))
{ {
algoname = "dsa"; algoname = "dsa";
npkey = 4; npkey = 4;
elems = "pqgyx"; nskey = 5;
err = gcry_sexp_extract_param (list, NULL, "pqgyx",
array+0, array+1, array+2, array+3,
array+4, NULL);
} }
else if (!strcmp (name, "ecc")) else if (!strcmp (name, "ecc"))
{ {
/* FIXME: We need to use the curve parameter. */
algoname = "?"; /* Decide later by checking the usage. */ algoname = "?"; /* Decide later by checking the usage. */
npkey = 6; npkey = 6;
elems = "pabgnqd"; nskey = 7;
err = gcry_sexp_extract_param (list, NULL, "pabgnqd",
array+0, array+1, array+2, array+3,
array+4, array+5, array+6, NULL);
} }
else if (!strcmp (name, "ecdsa")) else if (!strcmp (name, "ecdsa"))
{ {
algoname = "ecdsa"; algoname = "ecdsa";
npkey = 6; npkey = 6;
elems = "pabgnqd"; nskey = 7;
err = gcry_sexp_extract_param (list, NULL, "pabgnqd",
array+0, array+1, array+2, array+3,
array+4, array+5, array+6, NULL);
} }
else if (!strcmp (name, "ecdh")) else if (!strcmp (name, "ecdh"))
{ {
algoname = "ecdh"; algoname = "ecdh";
npkey = 6; npkey = 6;
elems = "pabgnqd"; nskey= 7;
err = gcry_sexp_extract_param (list, NULL, "pabgnqd",
array+0, array+1, array+2, array+3,
array+4, array+5, array+6, NULL);
} }
else else
{ {
algoname = ""; err = gpg_error (GPG_ERR_PUBKEY_ALGO);
npkey = 0;
elems = NULL;
} }
xfree (name); xfree (name);
assert (!elems || strlen (elems) < DIM (array) );
nskey = elems? strlen (elems) : 0;
/* Extract the parameters and put them into an array. */
if (!elems)
err = gpg_error (GPG_ERR_PUBKEY_ALGO);
else
err = gcry_sexp_extract_param (list, NULL, elems,
array+0, array+1, array+2, array+3, array+4,
array+5, array+6, NULL);
gcry_sexp_release (list); gcry_sexp_release (list);
if (err) if (err)
return err; return err;

10
g10/export.c
View File

@ -830,6 +830,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
log_error ("public key packet not found in keyblock - skipped\n"); log_error ("public key packet not found in keyblock - skipped\n");
continue; continue;
} }
setup_main_keyids (keyblock); /* gpg_format_keydesc needs it. */
pk = node->pkt->pkt.public_key; pk = node->pkt->pkt.public_key;
keyid_from_pk (pk, keyid); keyid_from_pk (pk, keyid);
@ -1077,8 +1078,13 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
log_info ("key %s: asking agent for the secret parts\n", log_info ("key %s: asking agent for the secret parts\n",
keystr_with_sub (keyid, subkid)); keystr_with_sub (keyid, subkid));
err = agent_export_key (ctrl, hexgrip, "Key foo", NULL, {
&wrappedkey, &wrappedkeylen); char *prompt = gpg_format_keydesc (pk,
FORMAT_KEYDESC_EXPORT,1);
err = agent_export_key (ctrl, hexgrip, prompt, NULL,
&wrappedkey, &wrappedkeylen);
xfree (prompt);
}
if (err) if (err)
goto unwraperror; goto unwraperror;
if (wrappedkeylen < 24) if (wrappedkeylen < 24)