mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
a9e0905342
* agent/cache.c: Fix typos. * agent/call-pinentry.c: Likewise. * agent/call-scd.c: Likewise. * agent/command-ssh.c: Likewise. * agent/command.c: Likewise. * agent/divert-scd.c: Likewise. * agent/findkey.c: Likewise. * agent/gpg-agent.c: Likewise. * agent/w32main.c: Likewise. * common/argparse.c: Likewise. * common/audit.c: Likewise. * common/audit.h: Likewise. * common/convert.c: Likewise. * common/dotlock.c: Likewise. * common/exechelp-posix.c: Likewise. * common/exechelp-w32.c: Likewise. * common/exechelp-w32ce.c: Likewise. * common/exechelp.h: Likewise. * common/helpfile.c: Likewise. * common/i18n.h: Likewise. * common/iobuf.c: Likewise. * common/iobuf.h: Likewise. * common/localename.c: Likewise. * common/logging.c: Likewise. * common/openpgp-oid.c: Likewise. * common/session-env.c: Likewise. * common/sexputil.c: Likewise. * common/sysutils.c: Likewise. * common/t-sexputil.c: Likewise. * common/ttyio.c: Likewise. * common/util.h: Likewise. * dirmngr/cdblib.c: Likewise. * dirmngr/certcache.c: Likewise. * dirmngr/crlcache.c: Likewise. * dirmngr/dirmngr-client.c: Likewise. * dirmngr/dirmngr.c: Likewise. * dirmngr/dirmngr_ldap.c: Likewise. * dirmngr/dns-stuff.c: Likewise. * dirmngr/http.c: Likewise. * dirmngr/ks-engine-hkp.c: Likewise. * dirmngr/ks-engine-ldap.c: Likewise. * dirmngr/ldap-wrapper.c: Likewise. * dirmngr/ldap.c: Likewise. * dirmngr/misc.c: Likewise. * dirmngr/ocsp.c: Likewise. * dirmngr/validate.c: Likewise. * g10/encrypt.c: Likewise. * g10/getkey.c: Likewise. * g10/gpg.c: Likewise. * g10/gpgv.c: Likewise. * g10/import.c: Likewise. * g10/keydb.c: Likewise. * g10/keydb.h: Likewise. * g10/keygen.c: Likewise. * g10/keyid.c: Likewise. * g10/keylist.c: Likewise. * g10/keyring.c: Likewise. * g10/mainproc.c: Likewise. * g10/misc.c: Likewise. * g10/options.h: Likewise. * g10/packet.h: Likewise. * g10/parse-packet.c: Likewise. * g10/pkclist.c: Likewise. * g10/pkglue.c: Likewise. * g10/plaintext.c: Likewise. * g10/server.c: Likewise. * g10/sig-check.c: Likewise. * g10/sqlite.c: Likewise. * g10/tdbio.c: Likewise. * g10/test-stubs.c: Likewise. * g10/tofu.c: Likewise. * g10/trust.c: Likewise. * g10/trustdb.c: Likewise. * g13/create.c: Likewise. * g13/mountinfo.c: Likewise. * kbx/keybox-blob.c: Likewise. * kbx/keybox-file.c: Likewise. * kbx/keybox-init.c: Likewise. * kbx/keybox-search-desc.h: Likewise. * kbx/keybox-search.c: Likewise. * kbx/keybox-update.c: Likewise. * scd/apdu.c: Likewise. * scd/app-openpgp.c: Likewise. * scd/app-p15.c: Likewise. * scd/app.c: Likewise. * scd/ccid-driver.c: Likewise. * scd/command.c: Likewise. * scd/iso7816.c: Likewise. * sm/base64.c: Likewise. * sm/call-agent.c: Likewise. * sm/call-dirmngr.c: Likewise. * sm/certchain.c: Likewise. * sm/gpgsm.c: Likewise. * sm/import.c: Likewise. * sm/keydb.c: Likewise. * sm/minip12.c: Likewise. * sm/qualified.c: Likewise. * sm/server.c: Likewise. * tools/gpg-check-pattern.c: Likewise. * tools/gpgconf-comp.c: Likewise. * tools/gpgkey2ssh.c: Likewise. * tools/gpgparsemail.c: Likewise. * tools/gpgtar.c: Likewise. * tools/rfc822parse.c: Likewise. * tools/symcryptrun.c: Likewise. Signed-off-by: Justus Winter <justus@g10code.com>
338 lines
8.3 KiB
C
338 lines
8.3 KiB
C
/* gpgkey2ssh.c - Converter (Debug helper)
|
||
* Copyright (C) 2005 Free Software Foundation, Inc.
|
||
*
|
||
* This file is part of GnuPG.
|
||
*
|
||
* GnuPG is free software; you can redistribute it and/or modify it
|
||
* under the terms of the GNU General Public License as published by
|
||
* the Free Software Foundation; either version 3 of the License, or
|
||
* (at your option) any later version.
|
||
*
|
||
* GnuPG is distributed in the hope that it will be useful, but WITHOUT
|
||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
|
||
* License for more details.
|
||
*
|
||
* You should have received a copy of the GNU General Public License
|
||
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||
*/
|
||
|
||
/*
|
||
FIXME: This tool needs some cleanup:
|
||
|
||
- Do not use assert() for error output.
|
||
- Add proper option parsing and standard options.
|
||
- retrieve_key_material needs to take the ordinal at field 1 in account.
|
||
0 Write a man page.
|
||
*/
|
||
|
||
#include <config.h>
|
||
|
||
#include <gcrypt.h>
|
||
#include <unistd.h>
|
||
#include <stdlib.h>
|
||
#include <assert.h>
|
||
#include <stdio.h>
|
||
#include <errno.h>
|
||
|
||
#include "util.h"
|
||
#include "sysutils.h"
|
||
|
||
|
||
|
||
typedef struct pkdbuf
|
||
{
|
||
unsigned char *buffer;
|
||
size_t buffer_n;
|
||
} pkdbuf_t;
|
||
|
||
|
||
|
||
/* Retrieve the public key material for the RSA key, whose fingerprint
|
||
is FPR, from gpg output, which can be read through the stream FP.
|
||
The RSA modulus will be stored at the address of M and MLEN, the
|
||
public exponent at E and ELEN. Returns zero on success, an error
|
||
code on failure. Caller must release the allocated buffers at M
|
||
and E if the function returns success. */
|
||
static gpg_error_t
|
||
retrieve_key_material (FILE *fp, const char *hexkeyid, int *algorithm_id,
|
||
pkdbuf_t **pkdbuf, size_t *pkdbuf_n)
|
||
{
|
||
pkdbuf_t *pkdbuf_new;
|
||
pkdbuf_t *pkdbuf_tmp;
|
||
size_t pkdbuf_new_n;
|
||
gcry_error_t err = 0;
|
||
char *line = NULL; /* read_line() buffer. */
|
||
size_t line_size = 0; /* Helper for for read_line. */
|
||
int found_key = 0; /* Helper to find a matching key. */
|
||
int id;
|
||
unsigned char *buffer;
|
||
size_t buffer_n;
|
||
int i;
|
||
|
||
pkdbuf_new = NULL;
|
||
pkdbuf_new_n = 0;
|
||
id = 0;
|
||
|
||
/* Loop over all records until we have found the subkey
|
||
corresponding to the fingerprint. In general the first record
|
||
should be the pub record, but we don't rely on that. Given that
|
||
we only need to look at one key, it is sufficient to compare the
|
||
keyid so that we don't need to look at "fpr" records. */
|
||
for (;;)
|
||
{
|
||
char *p;
|
||
char *fields[6];
|
||
int nfields;
|
||
size_t max_length;
|
||
gcry_mpi_t mpi;
|
||
|
||
max_length = 4096;
|
||
i = read_line (fp, &line, &line_size, &max_length);
|
||
if (!i)
|
||
break; /* EOF. */
|
||
if (i < 0)
|
||
{
|
||
err = gpg_error_from_syserror ();
|
||
goto leave; /* Error. */
|
||
}
|
||
if (!max_length)
|
||
{
|
||
err = gpg_error (GPG_ERR_TRUNCATED);
|
||
goto leave; /* Line truncated - we better stop processing. */
|
||
}
|
||
|
||
/* Parse the line into fields. */
|
||
for (nfields=0, p=line; p && nfields < DIM (fields); nfields++)
|
||
{
|
||
fields[nfields] = p;
|
||
p = strchr (p, ':');
|
||
if (p)
|
||
*(p++) = 0;
|
||
}
|
||
if (!nfields)
|
||
continue; /* No fields at all - skip line. */
|
||
|
||
if (!found_key)
|
||
{
|
||
if ( (!strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") )
|
||
&& nfields > 4 &&
|
||
(((strlen (hexkeyid) == 8)
|
||
&& (strlen (fields[4]) == 16)
|
||
&& (! strcmp (fields[4] + 8, hexkeyid)))
|
||
|| ((strlen (hexkeyid) == 16)
|
||
&& (! strcmp (fields[4], hexkeyid)))))
|
||
{
|
||
found_key = 1;
|
||
/* Save algorithm ID. */
|
||
id = atoi (fields[3]);
|
||
}
|
||
continue;
|
||
}
|
||
|
||
if ( !strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") )
|
||
break; /* Next key - stop. */
|
||
|
||
if ( strcmp (fields[0], "pkd") )
|
||
continue; /* Not a key data record. */
|
||
|
||
/* FIXME, necessary? */
|
||
|
||
i = atoi (fields[1]);
|
||
if ((nfields < 4) || (i < 0))
|
||
{
|
||
err = gpg_error (GPG_ERR_GENERAL);
|
||
goto leave;
|
||
}
|
||
|
||
err = gcry_mpi_scan (&mpi, GCRYMPI_FMT_HEX, fields[3], 0, NULL);
|
||
if (err)
|
||
mpi = NULL;
|
||
|
||
err = gcry_mpi_aprint (GCRYMPI_FMT_STD, &buffer, &buffer_n, mpi);
|
||
gcry_mpi_release (mpi);
|
||
if (err)
|
||
goto leave;
|
||
|
||
pkdbuf_tmp = xrealloc (pkdbuf_new, sizeof (*pkdbuf_new) * (pkdbuf_new_n + 1));
|
||
if (pkdbuf_new != pkdbuf_tmp)
|
||
pkdbuf_new = pkdbuf_tmp;
|
||
pkdbuf_new[pkdbuf_new_n].buffer = buffer;
|
||
pkdbuf_new[pkdbuf_new_n].buffer_n = buffer_n;
|
||
pkdbuf_new_n++;
|
||
}
|
||
|
||
*algorithm_id = id;
|
||
*pkdbuf = pkdbuf_new;
|
||
*pkdbuf_n = pkdbuf_new_n;
|
||
|
||
leave:
|
||
|
||
if (err)
|
||
if (pkdbuf_new)
|
||
{
|
||
for (i = 0; i < pkdbuf_new_n; i++)
|
||
xfree (pkdbuf_new[i].buffer);
|
||
xfree (pkdbuf_new);
|
||
}
|
||
xfree (line);
|
||
|
||
return err;
|
||
}
|
||
|
||
|
||
|
||
int
|
||
key_to_blob (unsigned char **blob, size_t *blob_n, const char *identifier, ...)
|
||
{
|
||
unsigned char *blob_new;
|
||
size_t blob_new_n;
|
||
unsigned char uint32_buffer[4];
|
||
u32 identifier_n;
|
||
FILE *stream;
|
||
va_list ap;
|
||
int ret;
|
||
pkdbuf_t *pkd;
|
||
|
||
stream = gnupg_tmpfile ();
|
||
assert (stream);
|
||
|
||
identifier_n = strlen (identifier);
|
||
uint32_buffer[0] = identifier_n >> 24;
|
||
uint32_buffer[1] = identifier_n >> 16;
|
||
uint32_buffer[2] = identifier_n >> 8;
|
||
uint32_buffer[3] = identifier_n >> 0;
|
||
ret = fwrite (uint32_buffer, sizeof (uint32_buffer), 1, stream);
|
||
assert (ret == 1);
|
||
ret = fwrite (identifier, identifier_n, 1, stream);
|
||
assert (ret == 1);
|
||
|
||
va_start (ap, identifier);
|
||
while (1)
|
||
{
|
||
pkd = va_arg (ap, pkdbuf_t *);
|
||
if (! pkd)
|
||
break;
|
||
|
||
uint32_buffer[0] = pkd->buffer_n >> 24;
|
||
uint32_buffer[1] = pkd->buffer_n >> 16;
|
||
uint32_buffer[2] = pkd->buffer_n >> 8;
|
||
uint32_buffer[3] = pkd->buffer_n >> 0;
|
||
ret = fwrite (uint32_buffer, sizeof (uint32_buffer), 1, stream);
|
||
assert (ret == 1);
|
||
ret = fwrite (pkd->buffer, pkd->buffer_n, 1, stream);
|
||
assert (ret == 1);
|
||
}
|
||
|
||
va_end (ap);
|
||
|
||
blob_new_n = ftell (stream);
|
||
rewind (stream);
|
||
|
||
blob_new = xmalloc (blob_new_n);
|
||
ret = fread (blob_new, blob_new_n, 1, stream);
|
||
assert (ret == 1);
|
||
|
||
*blob = blob_new;
|
||
*blob_n = blob_new_n;
|
||
|
||
fclose (stream);
|
||
|
||
return 0;
|
||
}
|
||
|
||
int
|
||
main (int argc, char **argv)
|
||
{
|
||
const char *keyid;
|
||
int algorithm_id;
|
||
pkdbuf_t *pkdbuf;
|
||
size_t pkdbuf_n;
|
||
char *command = NULL;
|
||
FILE *fp;
|
||
int ret;
|
||
gcry_error_t err;
|
||
unsigned char *blob;
|
||
size_t blob_n;
|
||
struct b64state b64_state;
|
||
const char *identifier;
|
||
|
||
pkdbuf = NULL;
|
||
pkdbuf_n = 0;
|
||
|
||
algorithm_id = 0; /* (avoid cc warning) */
|
||
identifier = NULL; /* (avoid cc warning) */
|
||
|
||
if (argc != 2)
|
||
{
|
||
fprintf (stderr, "Usage: %s KEYID\n", argv[0]);
|
||
exit (1);
|
||
}
|
||
if (strcmp (argv[1], "--help") == 0)
|
||
{
|
||
fprintf (stderr, "Usage: %s KEYID\n", argv[0]);
|
||
fprintf (stderr, "\n");
|
||
fprintf (stderr,
|
||
"Convert a gpg key to a format appropriate for inclusion in an\n"
|
||
"ssh authorized_keys file.\n");
|
||
exit (0);
|
||
}
|
||
|
||
keyid = argv[1];
|
||
|
||
asprintf (&command,
|
||
"gpg2 --list-keys --with-colons --with-key-data '%s'",
|
||
keyid);
|
||
if (! command)
|
||
{
|
||
fprintf (stderr, "Out of memory.\n");
|
||
exit (1);
|
||
}
|
||
|
||
fp = popen (command, "r");
|
||
if (! fp)
|
||
{
|
||
fprintf (stderr, "Failed to running: '%s'\n", command);
|
||
exit (1);
|
||
}
|
||
|
||
err = retrieve_key_material (fp, keyid, &algorithm_id, &pkdbuf, &pkdbuf_n);
|
||
if (err)
|
||
{
|
||
fprintf (stderr, "Error looking up key: %s\n", gpg_strerror (err));
|
||
exit (1);
|
||
}
|
||
if (! ((algorithm_id == 1) || (algorithm_id == 17)))
|
||
{
|
||
fprintf (stderr, "Unsupported algorithm: %d\n", algorithm_id);
|
||
exit (1);
|
||
}
|
||
|
||
if (algorithm_id == 1)
|
||
{
|
||
identifier = "ssh-rsa";
|
||
ret = key_to_blob (&blob, &blob_n, identifier,
|
||
&pkdbuf[1], &pkdbuf[0], NULL);
|
||
}
|
||
else if (algorithm_id == 17)
|
||
{
|
||
identifier = "ssh-dss";
|
||
ret = key_to_blob (&blob, &blob_n, identifier,
|
||
&pkdbuf[0], &pkdbuf[1], &pkdbuf[2], &pkdbuf[3], NULL);
|
||
}
|
||
assert (! ret);
|
||
|
||
printf ("%s ", identifier);
|
||
|
||
err = b64enc_start (&b64_state, stdout, "");
|
||
assert (! err);
|
||
err = b64enc_write (&b64_state, blob, blob_n);
|
||
assert (! err);
|
||
err = b64enc_finish (&b64_state);
|
||
assert (! err);
|
||
|
||
printf (" COMMENT\n");
|
||
|
||
return 0;
|
||
}
|