summaryrefslogtreecommitdiffstats
path: root/agent/protect-tool.c
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2010-06-21 12:04:36 +0200
committerWerner Koch <wk@gnupg.org>2010-06-21 12:04:36 +0200
commit1e7b03ef25eeb038c8477425d2a5c939bec42135 (patch)
tree71b00d885a23af2547acf4eed13da486ff1b5575 /agent/protect-tool.c
parentImplement export of pkcs#12 objects using a direct agent connection. (diff)
downloadgnupg2-1e7b03ef25eeb038c8477425d2a5c939bec42135.tar.xz
gnupg2-1e7b03ef25eeb038c8477425d2a5c939bec42135.zip
Remove cruft.
Diffstat (limited to 'agent/protect-tool.c')
-rw-r--r--agent/protect-tool.c451
1 files changed, 0 insertions, 451 deletions
diff --git a/agent/protect-tool.c b/agent/protect-tool.c
index f3fe1a8d8..be0bfd2e2 100644
--- a/agent/protect-tool.c
+++ b/agent/protect-tool.c
@@ -62,7 +62,6 @@ enum cmd_and_opt_values
oS2Kcalibration,
oCanonical,
- oP12Charset,
oStore,
oForce,
oHaveCert,
@@ -96,13 +95,10 @@ static int opt_have_cert;
static const char *opt_passphrase;
static char *opt_prompt;
static int opt_status_msg;
-static const char *opt_p12_charset;
static const char *opt_agent_program;
static char *get_passphrase (int promptno);
static void release_passphrase (char *pw);
-static int store_private_key (const unsigned char *grip,
- const void *buffer, size_t length, int force);
static ARGPARSE_OPTS opts[] = {
@@ -122,8 +118,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oCanonical, "canonical", "write output in canonical format"),
ARGPARSE_s_s (oPassphrase, "passphrase", "|STRING|use passphrase STRING"),
- ARGPARSE_s_s (oP12Charset,"p12-charset",
- "|NAME|set charset for a new PKCS#12 passphrase to NAME"),
ARGPARSE_s_n (oHaveCert, "have-cert",
"certificate to export provided on STDIN"),
ARGPARSE_s_n (oStore, "store",
@@ -545,385 +539,6 @@ show_keygrip (const char *fname)
-#if 0
-/* A callback used by p12_parse to return a certificate. */
-static void
-import_p12_cert_cb (void *opaque, const unsigned char *cert, size_t certlen)
-{
- struct b64state state;
- gpg_error_t err, err2;
-
- (void)opaque;
-
- err = b64enc_start (&state, stdout, "CERTIFICATE");
- if (!err)
- err = b64enc_write (&state, cert, certlen);
- err2 = b64enc_finish (&state);
- if (!err)
- err = err2;
- if (err)
- log_error ("error writing armored certificate: %s\n", gpg_strerror (err));
-}
-
-static void
-import_p12_file (const char *fname)
-{
- char *buf;
- unsigned char *result;
- size_t buflen, resultlen, buf_off;
- int i;
- int rc;
- gcry_mpi_t *kparms;
- struct rsa_secret_key_s sk;
- gcry_sexp_t s_key;
- unsigned char *key;
- unsigned char grip[20];
- char *pw;
-
- /* fixme: we should release some stuff on error */
-
- buf = read_file (fname, &buflen);
- if (!buf)
- return;
-
- /* GnuPG 2.0.4 accidently created binary P12 files with the string
- "The passphrase is %s encoded.\n\n" prepended to the ASN.1 data.
- We fix that here. */
- if (buflen > 29 && !memcmp (buf, "The passphrase is ", 18))
- {
- for (buf_off=18; buf_off < buflen && buf[buf_off] != '\n'; buf_off++)
- ;
- buf_off++;
- if (buf_off < buflen && buf[buf_off] == '\n')
- buf_off++;
- }
- else
- buf_off = 0;
-
- kparms = p12_parse ((unsigned char*)buf+buf_off, buflen-buf_off,
- (pw=get_passphrase (2)),
- import_p12_cert_cb, NULL);
- release_passphrase (pw);
- xfree (buf);
- if (!kparms)
- {
- log_error ("error parsing or decrypting the PKCS-12 file\n");
- return;
- }
- for (i=0; kparms[i]; i++)
- ;
- if (i != 8)
- {
- log_error ("invalid structure of private key\n");
- return;
- }
-
-
-/* print_mpi (" n", kparms[0]); */
-/* print_mpi (" e", kparms[1]); */
-/* print_mpi (" d", kparms[2]); */
-/* print_mpi (" p", kparms[3]); */
-/* print_mpi (" q", kparms[4]); */
-/* print_mpi ("dmp1", kparms[5]); */
-/* print_mpi ("dmq1", kparms[6]); */
-/* print_mpi (" u", kparms[7]); */
-
- sk.n = kparms[0];
- sk.e = kparms[1];
- sk.d = kparms[2];
- sk.q = kparms[3];
- sk.p = kparms[4];
- sk.u = kparms[7];
- if (rsa_key_check (&sk))
- return;
-/* print_mpi (" n", sk.n); */
-/* print_mpi (" e", sk.e); */
-/* print_mpi (" d", sk.d); */
-/* print_mpi (" p", sk.p); */
-/* print_mpi (" q", sk.q); */
-/* print_mpi (" u", sk.u); */
-
- /* Create an S-expresion from the parameters. */
- rc = gcry_sexp_build (&s_key, NULL,
- "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
- sk.n, sk.e, sk.d, sk.p, sk.q, sk.u, NULL);
- for (i=0; i < 8; i++)
- gcry_mpi_release (kparms[i]);
- gcry_free (kparms);
- if (rc)
- {
- log_error ("failed to created S-expression from key: %s\n",
- gpg_strerror (rc));
- return;
- }
-
- /* Compute the keygrip. */
- if (!gcry_pk_get_keygrip (s_key, grip))
- {
- log_error ("can't calculate keygrip\n");
- return;
- }
- log_info ("keygrip: ");
- for (i=0; i < 20; i++)
- log_printf ("%02X", grip[i]);
- log_printf ("\n");
-
- /* Convert to canonical encoding. */
- buflen = gcry_sexp_sprint (s_key, GCRYSEXP_FMT_CANON, NULL, 0);
- assert (buflen);
- key = gcry_xmalloc_secure (buflen);
- buflen = gcry_sexp_sprint (s_key, GCRYSEXP_FMT_CANON, key, buflen);
- assert (buflen);
- gcry_sexp_release (s_key);
-
- pw = get_passphrase (4);
- rc = agent_protect (key, pw, &result, &resultlen);
- release_passphrase (pw);
- xfree (key);
- if (rc)
- {
- log_error ("protecting the key failed: %s\n", gpg_strerror (rc));
- return;
- }
-
- if (opt_armor)
- {
- char *p = make_advanced (result, resultlen);
- xfree (result);
- if (!p)
- return;
- result = (unsigned char*)p;
- resultlen = strlen (p);
- }
-
- if (opt_store)
- store_private_key (grip, result, resultlen, opt_force);
- else
- fwrite (result, resultlen, 1, stdout);
-
- xfree (result);
-}
-#endif
-
-
-
-#if 0
-static gcry_mpi_t *
-sexp_to_kparms (gcry_sexp_t sexp)
-{
- gcry_sexp_t list, l2;
- const char *name;
- const char *s;
- size_t n;
- int i, idx;
- const char *elems;
- gcry_mpi_t *array;
-
- list = gcry_sexp_find_token (sexp, "private-key", 0 );
- if(!list)
- return NULL;
- l2 = gcry_sexp_cadr (list);
- gcry_sexp_release (list);
- list = l2;
- name = gcry_sexp_nth_data (list, 0, &n);
- if(!name || n != 3 || memcmp (name, "rsa", 3))
- {
- gcry_sexp_release (list);
- return NULL;
- }
-
- /* Parameter names used with RSA. */
- elems = "nedpqu";
- array = xcalloc (strlen(elems) + 1, sizeof *array);
- for (idx=0, s=elems; *s; s++, idx++ )
- {
- l2 = gcry_sexp_find_token (list, s, 1);
- if (!l2)
- {
- for (i=0; i<idx; i++)
- gcry_mpi_release (array[i]);
- xfree (array);
- gcry_sexp_release (list);
- return NULL; /* required parameter not found */
- }
- array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
- gcry_sexp_release (l2);
- if (!array[idx])
- {
- for (i=0; i<idx; i++)
- gcry_mpi_release (array[i]);
- xfree (array);
- gcry_sexp_release (list);
- return NULL; /* required parameter is invalid */
- }
- }
-
- gcry_sexp_release (list);
- return array;
-}
-#endif
-
-/* Check whether STRING is a KEYGRIP, i.e has the correct length and
- does only consist of uppercase hex characters. */
-/* static int */
-/* is_keygrip (const char *string) */
-/* { */
-/* int i; */
-
-/* for(i=0; string[i] && i < 41; i++) */
-/* if (!strchr("01234567890ABCDEF", string[i])) */
-/* return 0; */
-/* return i == 40; */
-/* } */
-
-
-#if 0
-static void
-export_p12_file (const char *fname)
-{
- int rc;
- gcry_mpi_t kparms[9], *kp;
- unsigned char *key;
- size_t keylen;
- gcry_sexp_t private;
- struct rsa_secret_key_s sk;
- int i;
- unsigned char *cert = NULL;
- size_t certlen = 0;
- int keytype;
- size_t keylen_for_wipe = 0;
- char *pw;
-
- if ( is_keygrip (fname) )
- {
- char hexgrip[40+4+1];
- char *p;
-
- assert (strlen(fname) == 40);
- strcpy (stpcpy (hexgrip, fname), ".key");
-
- p = make_filename (opt_homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
- key = read_key (p);
- xfree (p);
- }
- else
- key = read_key (fname);
-
- if (!key)
- return;
-
- keytype = agent_private_key_type (key);
- if (keytype == PRIVATE_KEY_PROTECTED)
- {
- unsigned char *tmpkey;
- size_t tmplen;
-
- rc = agent_unprotect (key, (pw=get_passphrase (1)),
- NULL, &tmpkey, &tmplen);
- release_passphrase (pw);
- if (rc)
- {
- if (opt_status_msg && gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE )
- log_info ("[PROTECT-TOOL:] bad-passphrase\n");
- log_error ("unprotecting key `%s' failed: %s\n",
- fname, gpg_strerror (rc));
- xfree (key);
- return;
- }
- xfree (key);
- key = tmpkey;
- keylen_for_wipe = tmplen;
-
- keytype = agent_private_key_type (key);
- }
-
- if (keytype == PRIVATE_KEY_SHADOWED)
- {
- log_error ("`%s' is a shadowed private key - can't export it\n", fname);
- wipememory (key, keylen_for_wipe);
- xfree (key);
- return;
- }
- else if (keytype != PRIVATE_KEY_CLEAR)
- {
- log_error ("\%s' is not a private key\n", fname);
- wipememory (key, keylen_for_wipe);
- xfree (key);
- return;
- }
-
-
- if (opt_have_cert)
- {
- cert = (unsigned char*)read_file ("-", &certlen);
- if (!cert)
- {
- wipememory (key, keylen_for_wipe);
- xfree (key);
- return;
- }
- }
-
-
- if (gcry_sexp_new (&private, key, 0, 0))
- {
- log_error ("gcry_sexp_new failed\n");
- wipememory (key, keylen_for_wipe);
- xfree (key);
- xfree (cert);
- return;
- }
- wipememory (key, keylen_for_wipe);
- xfree (key);
-
- kp = sexp_to_kparms (private);
- gcry_sexp_release (private);
- if (!kp)
- {
- log_error ("error converting key parameters\n");
- xfree (cert);
- return;
- }
- sk.n = kp[0];
- sk.e = kp[1];
- sk.d = kp[2];
- sk.p = kp[3];
- sk.q = kp[4];
- sk.u = kp[5];
- xfree (kp);
-
-
- kparms[0] = sk.n;
- kparms[1] = sk.e;
- kparms[2] = sk.d;
- kparms[3] = sk.q;
- kparms[4] = sk.p;
- kparms[5] = gcry_mpi_snew (0); /* compute d mod (p-1) */
- gcry_mpi_sub_ui (kparms[5], kparms[3], 1);
- gcry_mpi_mod (kparms[5], sk.d, kparms[5]);
- kparms[6] = gcry_mpi_snew (0); /* compute d mod (q-1) */
- gcry_mpi_sub_ui (kparms[6], kparms[4], 1);
- gcry_mpi_mod (kparms[6], sk.d, kparms[6]);
- kparms[7] = sk.u;
- kparms[8] = NULL;
-
- pw = get_passphrase (3);
- key = p12_build (kparms, cert, certlen, pw, opt_p12_charset, &keylen);
- release_passphrase (pw);
- xfree (cert);
- for (i=0; i < 8; i++)
- gcry_mpi_release (kparms[i]);
- if (!key)
- return;
-
-#ifdef HAVE_DOSISH_SYSTEM
- setmode ( fileno (stdout) , O_BINARY );
-#endif
- fwrite (key, keylen, 1, stdout);
- xfree (key);
-}
-#endif
-
int
@@ -973,8 +588,6 @@ main (int argc, char **argv )
case oShadow: cmd = oShadow; break;
case oShowShadowInfo: cmd = oShowShadowInfo; break;
case oShowKeygrip: cmd = oShowKeygrip; break;
- case oP12Charset: opt_p12_charset = pargs.r.ret_str; break;
-
case oS2Kcalibration: cmd = oS2Kcalibration; break;
case oPassphrase: opt_passphrase = pargs.r.ret_str; break;
@@ -1114,67 +727,3 @@ release_passphrase (char *pw)
}
}
-#if 0
-static int
-store_private_key (const unsigned char *grip,
- const void *buffer, size_t length, int force)
-{
- char *fname;
- estream_t fp;
- char hexgrip[40+4+1];
-
- bin2hex (grip, 20, hexgrip);
- strcpy (hexgrip+40, ".key");
-
- fname = make_filename (opt_homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
- if (force)
- fp = es_fopen (fname, "wb");
- else
- {
- if (!access (fname, F_OK))
- {
- if (opt_status_msg)
- log_info ("[PROTECT-TOOL:] secretkey-exists\n");
- if (opt_no_fail_on_exist)
- log_info ("secret key file `%s' already exists\n", fname);
- else
- log_error ("secret key file `%s' already exists\n", fname);
- xfree (fname);
- return opt_no_fail_on_exist? 0 : -1;
- }
- /* FWIW: Under Windows Vista the standard fopen in the msvcrt
- fails if the "x" GNU extension is used. */
- fp = es_fopen (fname, "wbx");
- }
-
- if (!fp)
- {
- log_error ("can't create `%s': %s\n", fname, strerror (errno));
- xfree (fname);
- return -1;
- }
-
- if (es_fwrite (buffer, length, 1, fp) != 1)
- {
- log_error ("error writing `%s': %s\n", fname, strerror (errno));
- es_fclose (fp);
- gnupg_remove (fname);
- xfree (fname);
- return -1;
- }
- if (es_fclose (fp))
- {
- log_error ("error closing `%s': %s\n", fname, strerror (errno));
- gnupg_remove (fname);
- xfree (fname);
- return -1;
- }
- log_info ("secret key stored as `%s'\n", fname);
-
- if (opt_status_msg)
- log_info ("[PROTECT-TOOL:] secretkey-stored\n");
-
- xfree (fname);
- return 0;
-}
-#endif
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 03:22:27 +0100