[svn] GnuPG - r5417 - trunk/g10
svn author wk
cvs at cvs.gnupg.org
Mon Sep 6 21:57:45 CEST 2010
Author: wk
Date: 2010-09-06 21:57:42 +0200 (Mon, 06 Sep 2010)
New Revision: 5417
Modified:
trunk/g10/ChangeLog
trunk/g10/build-packet.c
trunk/g10/card-util.c
trunk/g10/delkey.c
trunk/g10/export.c
trunk/g10/free-packet.c
trunk/g10/getkey.c
trunk/g10/import.c
trunk/g10/keydb.h
trunk/g10/keyedit.c
trunk/g10/keyid.c
trunk/g10/keylist.c
trunk/g10/keyring.c
trunk/g10/main.h
trunk/g10/mainproc.c
trunk/g10/packet.h
trunk/g10/parse-packet.c
trunk/g10/passphrase.c
trunk/g10/pubkey-enc.c
trunk/g10/sign.c
Log:
Removed more secret key related code.
It builds fine and passes some of the tests but there are quite some
features which don't work yet.
[The diff below has been truncated]
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2010-09-03 09:14:45 UTC (rev 5416)
+++ trunk/g10/ChangeLog 2010-09-06 19:57:42 UTC (rev 5417)
@@ -1,3 +1,53 @@
+2010-09-06 Werner Koch <wk at g10code.com>
+
+
+ * card-util.c (card_status): Remove stub creation fro GnuPG >= 2.
+ (card_store_subkey): Temporary disable this code.
+
+ * keyedit.c (show_key_with_all_names): Merge secret and public key
+ parts.
+ (show_basic_key_info): Ditto.
+ * delkey.c (do_delete_key): Ditto.
+ * export.c (subkey_in_list_p, exact_subkey_match_p): Ditto.
+ (new_subkey_list_item): Ditto.
+
+ * keyid.c (keystr_from_sk, keystr_from_sk_with_sub)
+ (keyid_from_sk, nbits_from_sk, datestr_from_sk)
+ (expirestr_from_sk, colon_datestr_from_sk, fingerprint_from_sk)
+ (serialno_and_fpr_from_sk, do_fingerprint_md_sk): Remove.
+
+ * import.c (print_import_ok): Remove arg SK.
+ (import_secret_one): Adjust for seckey_info format.
+ (transfer_secret_keys): Ditto. Use gpg_format_keydesc.
+ (sec_to_pub_keyblock): Simplify.
+ (pub_to_sec_keyblock): Remove.
+ (auto_create_card_key_stub): Remove - not anymore needed.
+ (update_sec_keyblock_with_cardinfo): Remove.
+ (import_secret_one): Use arg option instead of the global option.
+
+ * free-packet.c (copy_public_key): Adjust for seckey_info format.
+ (copy_public_parts_to_secret_key, copy_secret_key)
+ (cmp_secret_keys, cmp_public_secret_key): Remove.
+
+ * passphrase.c (gpg_format_keydesc): Add arg MODE and change all
+ callers.
+ * keyring.c (keyring_search): Remove special case for secret keys.
+ * mainproc.c (struct mainproc_context): Remove unused field
+ LAST_SECKEY.
+ * parse-packet.c (parse_key): Rewrite to cope with new seckey_info
+ format.
+ * build-packet.c (do_public_key, do_secret_key): Merge code into ...
+ (do_key): .. new. Cope with seckey_info format.
+
+2010-09-03 Werner Koch <wk at g10code.com>
+
+ * packet.h (struct seckey_info): New.
+ (PKT_public_key): Increase size of PKEY to allow storing of secret
+ keys. Add field SECKEY_INFO.
+ (PKT_secret_key): Remove.
+ * free-packet.c (release_public_key_parts): Take care of change.
+ (release_secret_key_parts, free_secret_key): Remove.
+
2010-09-02 Werner Koch <wk at g10code.com>
* import.c (transfer_secret_keys, import_secret_one): Enable stats.
Modified: trunk/g10/build-packet.c
===================================================================
--- trunk/g10/build-packet.c 2010-09-03 09:14:45 UTC (rev 5416)
+++ trunk/g10/build-packet.c 2010-09-06 19:57:42 UTC (rev 5417)
@@ -1,6 +1,6 @@
/* build-packet.c - assemble packets and write them
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
- * 2006 Free Software Foundation, Inc.
+ * 2006, 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -35,8 +35,7 @@
#include "options.h"
static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid );
-static int do_public_key( IOBUF out, int ctb, PKT_public_key *pk );
-static int do_secret_key( IOBUF out, int ctb, PKT_secret_key *pk );
+static int do_key (iobuf_t out, int ctb, PKT_public_key *pk);
static int do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc );
static int do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc );
static u32 calc_plaintext( PKT_plaintext *pt );
@@ -107,11 +106,9 @@
break;
case PKT_PUBLIC_SUBKEY:
case PKT_PUBLIC_KEY:
- rc = do_public_key( out, ctb, pkt->pkt.public_key );
- break;
case PKT_SECRET_SUBKEY:
case PKT_SECRET_KEY:
- rc = do_secret_key( out, ctb, pkt->pkt.secret_key );
+ rc = do_key (out, ctb, pkt->pkt.public_key);
break;
case PKT_SYMKEY_ENC:
rc = do_symkey_enc( out, ctb, pkt->pkt.symkey_enc );
@@ -242,198 +239,162 @@
return 0;
}
-static int
-do_public_key( IOBUF out, int ctb, PKT_public_key *pk )
-{
- int rc = 0;
- int n, i;
- IOBUF a = iobuf_temp();
-
- if ( !pk->version )
- iobuf_put( a, 3 );
- else
- iobuf_put( a, pk->version );
- write_32(a, pk->timestamp );
- if ( pk->version < 4 )
- {
- u16 ndays;
- if ( pk->expiredate )
- ndays = (u16)((pk->expiredate - pk->timestamp) / 86400L);
- else
- ndays = 0;
- write_16(a, ndays );
- }
- iobuf_put (a, pk->pubkey_algo );
- n = pubkey_get_npkey ( pk->pubkey_algo );
- if ( !n )
- write_fake_data( a, pk->pkey[0] );
- for (i=0; i < n && !rc ; i++ )
- rc = mpi_write(a, pk->pkey[i] );
- if (!rc)
- {
- write_header2 (out, ctb, iobuf_get_temp_length(a), pk->hdrbytes);
- rc = iobuf_write_temp ( out, a );
- }
-
- iobuf_close(a);
- return rc;
-}
-
-
static int
-do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
+do_key (iobuf_t out, int ctb, PKT_public_key *pk)
{
- int rc = 0;
+ gpg_error_t err = 0;
int i, nskey, npkey;
- IOBUF a = iobuf_temp(); /* Build in a self-enlarging buffer. */
+ iobuf_t a = iobuf_temp(); /* Build in a self-enlarging buffer. */
/* Write the version number - if none is specified, use 3 */
- if ( !sk->version )
+ if ( !pk->version )
iobuf_put ( a, 3 );
else
- iobuf_put ( a, sk->version );
- write_32 (a, sk->timestamp );
+ iobuf_put ( a, pk->version );
+ write_32 (a, pk->timestamp );
/* v3 needs the expiration time. */
- if ( sk->version < 4 )
+ if ( pk->version < 4 )
{
u16 ndays;
- if ( sk->expiredate )
- ndays = (u16)((sk->expiredate - sk->timestamp) / 86400L);
+ if ( pk->expiredate )
+ ndays = (u16)((pk->expiredate - pk->timestamp) / 86400L);
else
ndays = 0;
write_16(a, ndays);
}
- iobuf_put (a, sk->pubkey_algo );
+ iobuf_put (a, pk->pubkey_algo );
/* Get number of secret and public parameters. They are held in one
array first the public ones, then the secret ones. */
- nskey = pubkey_get_nskey ( sk->pubkey_algo );
- npkey = pubkey_get_npkey ( sk->pubkey_algo );
+ nskey = pubkey_get_nskey (pk->pubkey_algo);
+ npkey = pubkey_get_npkey (pk->pubkey_algo);
/* If we don't have any public parameters - which is the case if we
don't know the algorithm used - the parameters are stored as one
blob in a faked (opaque) MPI. */
- if ( !npkey )
+ if (!npkey)
{
- write_fake_data( a, sk->skey[0] );
+ write_fake_data (a, pk->pkey[0]);
goto leave;
}
- assert ( npkey < nskey );
+ assert (npkey < nskey);
/* Writing the public parameters is easy. */
for (i=0; i < npkey; i++ )
- if ((rc = mpi_write (a, sk->skey[i])))
+ if ((err = mpi_write (a, pk->pkey[i])))
goto leave;
- /* Build the header for protected (encrypted) secret parameters. */
- if ( sk->is_protected )
+ if (pk->seckey_info)
{
- if ( is_RSA(sk->pubkey_algo)
- && sk->version < 4
- && !sk->protect.s2k.mode )
+ /* This is a secret key packet. */
+ struct seckey_info *ski = pk->seckey_info;
+
+ /* Build the header for protected (encrypted) secret parameters. */
+ if (ski->is_protected)
{
- /* The simple rfc1991 (v3) way. */
- iobuf_put (a, sk->protect.algo );
- iobuf_write (a, sk->protect.iv, sk->protect.ivlen );
- }
- else
- {
- /* OpenPGP protection according to rfc2440. */
- iobuf_put(a, sk->protect.sha1chk? 0xfe : 0xff );
- iobuf_put(a, sk->protect.algo );
- if ( sk->protect.s2k.mode >= 1000 )
+ if ( is_RSA (pk->pubkey_algo) && pk->version < 4 && !ski->s2k.mode )
{
- /* These modes are not possible in OpenPGP, we use them
- to implement our extensions, 101 can be seen as a
- private/experimental extension (this is not specified
- in rfc2440 but the same scheme is used for all other
- algorithm identifiers) */
- iobuf_put(a, 101 );
- iobuf_put(a, sk->protect.s2k.hash_algo );
- iobuf_write(a, "GNU", 3 );
- iobuf_put(a, sk->protect.s2k.mode - 1000 );
- }
- else
+ /* The simple rfc1991 (v3) way. */
+ iobuf_put (a, ski->algo );
+ iobuf_write (a, ski->iv, ski->ivlen);
+ }
+ else
{
- iobuf_put(a, sk->protect.s2k.mode );
- iobuf_put(a, sk->protect.s2k.hash_algo );
- }
- if ( sk->protect.s2k.mode == 1
- || sk->protect.s2k.mode == 3 )
- iobuf_write (a, sk->protect.s2k.salt, 8 );
+ /* OpenPGP protection according to rfc2440. */
+ iobuf_put (a, ski->sha1chk? 0xfe : 0xff);
+ iobuf_put (a, ski->algo);
+ if (ski->s2k.mode >= 1000)
+ {
+ /* These modes are not possible in OpenPGP, we use
+ them to implement our extensions, 101 can be
+ viewed as a private/experimental extension (this
+ is not specified in rfc2440 but the same scheme
+ is used for all other algorithm identifiers). */
+ iobuf_put (a, 101);
+ iobuf_put (a, ski->s2k.hash_algo);
+ iobuf_write (a, "GNU", 3 );
+ iobuf_put (a, ski->s2k.mode - 1000);
+ }
+ else
+ {
+ iobuf_put (a, ski->s2k.mode);
+ iobuf_put (a, ski->s2k.hash_algo);
+ }
- if ( sk->protect.s2k.mode == 3 )
- iobuf_put (a, sk->protect.s2k.count );
+ if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
+ iobuf_write (a, ski->s2k.salt, 8);
- /* For our special modes 1001, 1002 we do not need an IV. */
- if ( sk->protect.s2k.mode != 1001
- && sk->protect.s2k.mode != 1002 )
- iobuf_write (a, sk->protect.iv, sk->protect.ivlen );
- }
- }
- else
- iobuf_put (a, 0 );
+ if (ski->s2k.mode == 3)
+ iobuf_put (a, ski->s2k.count);
- if ( sk->protect.s2k.mode == 1001 )
- ; /* GnuPG extension - don't write a secret key at all. */
- else if ( sk->protect.s2k.mode == 1002 )
- {
- /* GnuPG extension - divert to OpenPGP smartcard. */
- iobuf_put(a, sk->protect.ivlen ); /* Length of the serial number
- or 0 for no serial
- number. */
- /* The serial number gets stored in the IV field. */
- iobuf_write(a, sk->protect.iv, sk->protect.ivlen);
- }
- else if ( sk->is_protected && sk->version >= 4 )
- {
- /* The secret key is protected - write it out as it is. */
- byte *p;
- unsigned int ndatabits;
-
- assert (gcry_mpi_get_flag (sk->skey[npkey], GCRYMPI_FLAG_OPAQUE));
- p = gcry_mpi_get_opaque (sk->skey[npkey], &ndatabits );
- iobuf_write (a, p, (ndatabits+7)/8 );
- }
- else if ( sk->is_protected )
- {
- /* The secret key is protected the old v4 way. */
- for ( ; i < nskey; i++ )
+ /* For our special modes 1001, 1002 we do not need an IV. */
+ if (ski->s2k.mode != 1001 && ski->s2k.mode != 1002)
+ iobuf_write (a, ski->iv, ski->ivlen);
+ }
+ }
+ else /* Not protected. */
+ iobuf_put (a, 0 );
+
+ if (ski->s2k.mode == 1001)
+ ; /* GnuPG extension - don't write a secret key at all. */
+ else if (ski->s2k.mode == 1002)
+ {
+ /* GnuPG extension - divert to OpenPGP smartcard. */
+ /* Length of the serial number or 0 for no serial number. */
+ iobuf_put (a, ski->ivlen );
+ /* The serial number gets stored in the IV field. */
+ iobuf_write (a, ski->iv, ski->ivlen);
+ }
+ else if (ski->is_protected && pk->version >= 4)
{
+ /* The secret key is protected - write it out as it is. */
byte *p;
unsigned int ndatabits;
+
+ assert (gcry_mpi_get_flag (pk->pkey[npkey], GCRYMPI_FLAG_OPAQUE));
+ p = gcry_mpi_get_opaque (pk->pkey[npkey], &ndatabits);
+ iobuf_write (a, p, (ndatabits+7)/8 );
+ }
+ else if (ski->is_protected)
+ {
+ /* The secret key is protected the old v4 way. */
+ for ( ; i < nskey; i++ )
+ {
+ byte *p;
+ unsigned int ndatabits;
- assert (gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE));
- p = gcry_mpi_get_opaque (sk->skey[i], &ndatabits);
- iobuf_write (a, p, (ndatabits+7)/8);
+ assert (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE));
+ p = gcry_mpi_get_opaque (pk->pkey[i], &ndatabits);
+ iobuf_write (a, p, (ndatabits+7)/8);
+ }
+ write_16 (a, ski->csum );
}
- write_16(a, sk->csum );
+ else
+ {
+ /* Non-protected key. */
+ for ( ; i < nskey; i++ )
+ if ( (err = mpi_write (a, pk->pkey[i])))
+ goto leave;
+ write_16 (a, ski->csum );
+ }
}
- else
- {
- /* Non-protected key. */
- for ( ; i < nskey; i++ )
- if ( (rc = mpi_write (a, sk->skey[i])))
- goto leave;
- write_16 (a, sk->csum );
- }
leave:
- if (!rc)
+ if (!err)
{
/* Build the header of the packet - which we must do after
writing all the other stuff, so that we know the length of
the packet */
- write_header2(out, ctb, iobuf_get_temp_length(a), sk->hdrbytes);
- /* And finally write it out the real stream */
- rc = iobuf_write_temp( out, a );
+ write_header2 (out, ctb, iobuf_get_temp_length(a), pk->hdrbytes);
+ /* And finally write it out to the real stream. */
+ err = iobuf_write_temp (out, a);
}
- iobuf_close(a); /* Close the remporary buffer */
- return rc;
+ iobuf_close (a); /* Close the temporary buffer */
+ return err;
}
static int
Modified: trunk/g10/card-util.c
===================================================================
--- trunk/g10/card-util.c 2010-09-03 09:14:45 UTC (rev 5416)
+++ trunk/g10/card-util.c 2010-09-06 19:57:42 UTC (rev 5417)
@@ -207,6 +207,9 @@
case 0x0005: return "ZeitControl";
case 0x002A: return "Magrathea";
+
+ case 0xF517: return "FSIJ";
+
/* 0x00000 and 0xFFFF are defined as test cards per spec,
0xFFF00 to 0xFFFE are assigned for use with randomly created
serial numbers. */
@@ -581,6 +584,7 @@
print_pubkey_info (fp, pk);
+#if GNUPG_MAJOR_VERSION == 1
if ( !get_seckeyblock_byfprint (&keyblock, thefpr, 20) )
print_card_key_info (fp, keyblock);
else if ( !get_keyblock_byfprint (&keyblock, thefpr, 20) )
@@ -599,6 +603,7 @@
}
release_kbnode (keyblock);
+#endif /* GNUPG_MAJOR_VERSION == 1 */
}
else
tty_fprintf (fp, "[none]\n");
@@ -1514,150 +1519,151 @@
int
card_store_subkey (KBNODE node, int use)
{
- struct agent_card_info_s info;
- int okay = 0;
- int rc;
- int keyno, i;
- PKT_secret_key *copied_sk = NULL;
- PKT_secret_key *sk;
- size_t n;
- const char *s;
- int allow_keyno[3];
- unsigned int nbits;
+/* struct agent_card_info_s info; */
+/* int okay = 0; */
+/* int rc; */
+/* int keyno, i; */
+/* PKT_secret_key *copied_sk = NULL; */
+/* PKT_secret_key *sk; */
+/* size_t n; */
+/* const char *s; */
+/* int allow_keyno[3]; */
+/* unsigned int nbits; */
- assert (node->pkt->pkttype == PKT_SECRET_KEY
- || node->pkt->pkttype == PKT_SECRET_SUBKEY);
- sk = node->pkt->pkt.secret_key;
+/* assert (node->pkt->pkttype == PKT_SECRET_KEY */
+/* || node->pkt->pkttype == PKT_SECRET_SUBKEY); */
+/* sk = node->pkt->pkt.secret_key; */
- if (get_info_for_key_operation (&info))
- return 0;
+/* if (get_info_for_key_operation (&info)) */
+/* return 0; */
- if (!info.extcap.ki)
- {
- tty_printf ("The card does not support the import of keys\n");
- tty_printf ("\n");
- goto leave;
- }
+/* if (!info.extcap.ki) */
+/* { */
+/* tty_printf ("The card does not support the import of keys\n"); */
+/* tty_printf ("\n"); */
+/* goto leave; */
+/* } */
- show_card_key_info (&info);
+/* show_card_key_info (&info); */
- nbits = nbits_from_sk (sk);
+/* nbits = nbits_from_sk (sk); */
- if (!is_RSA (sk->pubkey_algo) || (!info.is_v2 && nbits != 1024) )
- {
- tty_printf ("You may only store a 1024 bit RSA key on the card\n");
- tty_printf ("\n");
- goto leave;
- }
+/* if (!is_RSA (sk->pubkey_algo) || (!info.is_v2 && nbits != 1024) ) */
+/* { */
+/* tty_printf ("You may only store a 1024 bit RSA key on the card\n"); */
+/* tty_printf ("\n"); */
+/* goto leave; */
+/* } */
- allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG)));
- allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC)));
- allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH)));
+/* allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG))); */
+/* allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC))); */
+/* allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH))); */
- tty_printf (_("Please select where to store the key:\n"));
+/* tty_printf (_("Please select where to store the key:\n")); */
- if (allow_keyno[0])
- tty_printf (_(" (1) Signature key\n"));
- if (allow_keyno[1])
- tty_printf (_(" (2) Encryption key\n"));
- if (allow_keyno[2])
- tty_printf (_(" (3) Authentication key\n"));
+/* if (allow_keyno[0]) */
+/* tty_printf (_(" (1) Signature key\n")); */
+/* if (allow_keyno[1]) */
+/* tty_printf (_(" (2) Encryption key\n")); */
+/* if (allow_keyno[2]) */
+/* tty_printf (_(" (3) Authentication key\n")); */
- for (;;)
- {
- char *answer = cpr_get ("cardedit.genkeys.storekeytype",
- _("Your selection? "));
- cpr_kill_prompt();
- if (*answer == CONTROL_D || !*answer)
- {
- xfree (answer);
- goto leave;
- }
- keyno = *answer? atoi(answer): 0;
- xfree(answer);
- if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1])
- {
- if (info.is_v2 && !info.extcap.aac
- && info.key_attr[keyno-1].nbits != nbits)
- {
- tty_printf ("Key does not match the card's capability.\n");
- }
- else
- break; /* Okay. */
- }
- else
- tty_printf(_("Invalid selection.\n"));
- }
+/* for (;;) */
+/* { */
+/* char *answer = cpr_get ("cardedit.genkeys.storekeytype", */
+/* _("Your selection? ")); */
+/* cpr_kill_prompt(); */
+/* if (*answer == CONTROL_D || !*answer) */
+/* { */
+/* xfree (answer); */
+/* goto leave; */
+/* } */
+/* keyno = *answer? atoi(answer): 0; */
+/* xfree(answer); */
+/* if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1]) */
+/* { */
+/* if (info.is_v2 && !info.extcap.aac */
+/* && info.key_attr[keyno-1].nbits != nbits) */
+/* { */
+/* tty_printf ("Key does not match the card's capability.\n"); */
+/* } */
+/* else */
+/* break; /\* Okay. *\/ */
+/* } */
+/* else */
+/* tty_printf(_("Invalid selection.\n")); */
+/* } */
- if (replace_existing_key_p (&info, keyno))
- goto leave;
+/* if (replace_existing_key_p (&info, keyno)) */
+/* goto leave; */
- /* Unprotect key. */
- switch (is_secret_key_protected (sk) )
- {
- case 0: /* Not protected. */
- break;
- case -1:
- log_error (_("unknown key protection algorithm\n"));
- goto leave;
- default:
- if (sk->protect.s2k.mode == 1001)
- {
- log_error (_("secret parts of key are not available\n"));
- goto leave;
- }
- if (sk->protect.s2k.mode == 1002)
- {
- log_error (_("secret key already stored on a card\n"));
- goto leave;
- }
- /* We better copy the key before we unprotect it. */
- copied_sk = sk = copy_secret_key (NULL, sk);
- rc = 0/*check_secret_key (sk, 0)*/;
- if (rc)
- goto leave;
- }
+/* /\* Unprotect key. *\/ */
+/* switch (is_secret_key_protected (sk) ) */
+/* { */
+/* case 0: /\* Not protected. *\/ */
+/* break; */
+/* case -1: */
+/* log_error (_("unknown key protection algorithm\n")); */
+/* goto leave; */
+/* default: */
+/* if (sk->protect.s2k.mode == 1001) */
+/* { */
+/* log_error (_("secret parts of key are not available\n")); */
+/* goto leave; */
+/* } */
+/* if (sk->protect.s2k.mode == 1002) */
+/* { */
+/* log_error (_("secret key already stored on a card\n")); */
+/* goto leave; */
+/* } */
+/* /\* We better copy the key before we unprotect it. *\/ */
+/* copied_sk = sk = copy_secret_key (NULL, sk); */
+/* rc = 0/\*check_secret_key (sk, 0)*\/; */
+/* if (rc) */
+/* goto leave; */
+/* } */
-#warning code save_unprotected_key_to_card
- /* rc = save_unprotected_key_to_card (sk, keyno); */
- /* if (rc) */
- /* { */
- /* log_error (_("error writing key to card: %s\n"), gpg_strerror (rc)); */
- /* goto leave; */
- /* } */
+/* #warning code save_unprotected_key_to_card */
+/* /\* rc = save_unprotected_key_to_card (sk, keyno); *\/ */
+/* /\* if (rc) *\/ */
+/* /\* { *\/ */
+/* /\* log_error (_("error writing key to card: %s\n"), gpg_strerror (rc)); *\/ */
+/* /\* goto leave; *\/ */
+/* /\* } *\/ */
- /* Get back to the maybe protected original secret key. */
- if (copied_sk)
- {
- free_secret_key (copied_sk);
- copied_sk = NULL;
- }
- sk = node->pkt->pkt.secret_key;
+/* /\* Get back to the maybe protected original secret key. *\/ */
+/* if (copied_sk) */
+/* { */
+/* free_secret_key (copied_sk); */
+/* copied_sk = NULL; */
+/* } */
+/* sk = node->pkt->pkt.secret_key; */
- /* Get rid of the secret key parameters and store the serial numer. */
- n = pubkey_get_nskey (sk->pubkey_algo);
- for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++)
- {
- gcry_mpi_release (sk->skey[i]);
- sk->skey[i] = NULL;
- }
- i = pubkey_get_npkey (sk->pubkey_algo);
- sk->skey[i] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8);
- sk->is_protected = 1;
- sk->protect.s2k.mode = 1002;
- s = info.serialno;
- for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
- sk->protect.ivlen++, s += 2)
- sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
+/* /\* Get rid of the secret key parameters and store the serial numer. *\/ */
+/* n = pubkey_get_nskey (sk->pubkey_algo); */
+/* for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++) */
+/* { */
+/* gcry_mpi_release (sk->skey[i]); */
+/* sk->skey[i] = NULL; */
+/* } */
+/* i = pubkey_get_npkey (sk->pubkey_algo); */
+/* sk->skey[i] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8); */
+/* sk->is_protected = 1; */
+/* sk->protect.s2k.mode = 1002; */
+/* s = info.serialno; */
+/* for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1]; */
+/* sk->protect.ivlen++, s += 2) */
+/* sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s); */
- okay = 1;
+/* okay = 1; */
- leave:
- if (copied_sk)
- free_secret_key (copied_sk);
- agent_release_card_info (&info);
- return okay;
+/* leave: */
+/* if (copied_sk) */
+/* free_secret_key (copied_sk); */
+/* agent_release_card_info (&info); */
+/* return okay; */
+ return -1;
}
Modified: trunk/g10/delkey.c
===================================================================
--- trunk/g10/delkey.c 2010-09-03 09:14:45 UTC (rev 5416)
+++ trunk/g10/delkey.c 2010-09-06 19:57:42 UTC (rev 5417)
@@ -54,7 +54,6 @@
KBNODE node;
KEYDB_HANDLE hd = keydb_new ();
PKT_public_key *pk = NULL;
- PKT_secret_key *sk = NULL;
u32 keyid[2];
int okay=0;
int yes;
@@ -91,30 +90,21 @@
goto leave;
}
- if( secret )
+ pk = node->pkt->pkt.public_key;
+ keyid_from_pk( pk, keyid );
+
+ if (!force)
{
- sk = node->pkt->pkt.secret_key;
- keyid_from_sk( sk, keyid );
+ if (have_secret_key_with_kid (keyid))
+ {
+ *r_sec_avail = 1;
+ rc = -1;
+ goto leave;
+ }
+ else
+ rc = 0;
}
- else
- {
- /* public */
- pk = node->pkt->pkt.public_key;
- keyid_from_pk( pk, keyid );
- if(!force)
- {
- if (have_secret_key_with_kid (keyid))
- {
- *r_sec_avail = 1;
- rc = -1;
- goto leave;
- }
- else
- rc = 0;
- }
- }
-
if( rc )
rc = 0;
else if (opt.batch && exactmatch)
@@ -133,9 +123,9 @@
}
else {
if( secret )
- print_seckey_info( sk );
+ print_seckey_info (pk);
else
- print_pubkey_info(NULL, pk );
+ print_pubkey_info (NULL, pk );
tty_printf( "\n" );
yes = cpr_get_answer_is_yes( secret? "delete_key.secret.okay"
Modified: trunk/g10/export.c
===================================================================
--- trunk/g10/export.c 2010-09-03 09:14:45 UTC (rev 5416)
+++ trunk/g10/export.c 2010-09-06 19:57:42 UTC (rev 5417)
@@ -190,10 +190,7 @@
{
u32 kid[2];
- if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
- keyid_from_pk (node->pkt->pkt.public_key, kid);
- else
- keyid_from_sk (node->pkt->pkt.secret_key, kid);
+ keyid_from_pk (node->pkt->pkt.public_key, kid);
for (; list; list = list->next)
if (list->kid[0] == kid[0] && list->kid[1] == kid[1])
@@ -208,10 +205,9 @@
{
subkey_list_t list = xcalloc (1, sizeof *list);
- if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY)
keyid_from_pk (node->pkt->pkt.public_key, list->kid);
- else if (node->pkt->pkttype == PKT_SECRET_SUBKEY)
- keyid_from_sk (node->pkt->pkt.secret_key, list->kid);
return list;
}
@@ -235,19 +231,13 @@
{
case KEYDB_SEARCH_MODE_SHORT_KID:
case KEYDB_SEARCH_MODE_LONG_KID:
- if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
- keyid_from_pk (node->pkt->pkt.public_key, kid);
- else
- keyid_from_sk (node->pkt->pkt.secret_key, kid);
+ keyid_from_pk (node->pkt->pkt.public_key, kid);
break;
case KEYDB_SEARCH_MODE_FPR16:
case KEYDB_SEARCH_MODE_FPR20:
case KEYDB_SEARCH_MODE_FPR:
- if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
- fingerprint_from_pk (node->pkt->pkt.public_key, fpr,&fprlen);
- else
- fingerprint_from_sk (node->pkt->pkt.secret_key, fpr,&fprlen);
+ fingerprint_from_pk (node->pkt->pkt.public_key, fpr,&fprlen);
break;
default:
@@ -287,451 +277,466 @@
/* If keyblock_out is non-NULL, AND the exit code is zero, then it
contains a pointer to the first keyblock found and exported. No
- other keyblocks are exported. The caller must free it. */
+ other keyblocks are exported. The caller must free it. */
static int
-do_export_stream( IOBUF out, strlist_t users, int secret,
- KBNODE *keyblock_out, unsigned int options, int *any )
+do_export_stream (iobuf_t out, strlist_t users, int secret,
+ kbnode_t *keyblock_out, unsigned int options, int *any)
{
- int rc = 0;
- gpg_error_t err;
- PACKET pkt;
- KBNODE keyblock = NULL;
- KBNODE kbctx, node;
- size_t ndesc, descindex;
- KEYDB_SEARCH_DESC *desc = NULL;
- subkey_list_t subkey_list = NULL; /* Track alreay processed subkeys. */
- KEYDB_HANDLE kdbhd;
- strlist_t sl;
- int indent = 0;
+ gpg_error_t err = 0;
+ PACKET pkt;
+ KBNODE keyblock = NULL;
+ KBNODE kbctx, node;
+ size_t ndesc, descindex;
+ KEYDB_SEARCH_DESC *desc = NULL;
+ subkey_list_t subkey_list = NULL; /* Track already processed subkeys. */
+ KEYDB_HANDLE kdbhd;
+ strlist_t sl;
+ int indent = 0;
- *any = 0;
- init_packet( &pkt );
- kdbhd = keydb_new ();
+ *any = 0;
+ init_packet (&pkt);
+ kdbhd = keydb_new ();
- if (!users) {
- ndesc = 1;
- desc = xcalloc ( ndesc, sizeof *desc );
- desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
+ if (!users)
+ {
+ ndesc = 1;
+ desc = xcalloc (ndesc, sizeof *desc);
+ desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
}
- else {
- for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
- ;
- desc = xmalloc ( ndesc * sizeof *desc);
+ else
+ {
+ for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
+ ;
+ desc = xmalloc ( ndesc * sizeof *desc);
- for (ndesc=0, sl=users; sl; sl = sl->next) {
- if (!(err=classify_user_id (sl->d, desc+ndesc)))
- ndesc++;
- else
- log_error (_("key \"%s\" not found: %s\n"),
- sl->d, gpg_strerror (err));
+ for (ndesc=0, sl=users; sl; sl = sl->next)
+ {
+ if (!(err=classify_user_id (sl->d, desc+ndesc)))
+ ndesc++;
+ else
+ log_error (_("key \"%s\" not found: %s\n"),
+ sl->d, gpg_strerror (err));
}
- /* It would be nice to see which of the given users did
- actually match one in the keyring. To implement this we
- need to have a found flag for each entry in desc and to set
- this we must check all those entries after a match to mark
- all matched one - currently we stop at the first match. To
- do this we need an extra flag to enable this feature so */
+ /* It would be nice to see which of the given users did actually
+ match one in the keyring. To implement this we need to have
+ a found flag for each entry in desc. To set this flag we
+ must check all those entries after a match to mark all
+ matched one - currently we stop at the first match. To do
+ this we need an extra flag to enable this feature. */
}
#ifdef ENABLE_SELINUX_HACKS
- if (secret) {
- log_error (_("exporting secret keys not allowed\n"));
- rc = G10ERR_GENERAL;
- goto leave;
+ if (secret)
+ {
+ log_error (_("exporting secret keys not allowed\n"));
+ err = G10ERR_GENERAL;
+ goto leave;
}
#endif
- while (!(rc = keydb_search2 (kdbhd, desc, ndesc, &descindex))) {
- int sha1_warned=0,skip_until_subkey=0;
- u32 sk_keyid[2];
+ while (!(err = keydb_search2 (kdbhd, desc, ndesc, &descindex)))
+ {
+ int sha1_warned = 0;
+ int skip_until_subkey = 0;
+ u32 keyid[2];
- if (!users)
- desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
+ if (!users)
+ desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
- /* Read the keyblock. */
- rc = keydb_get_keyblock (kdbhd, &keyblock );
- if( rc ) {
- log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
- goto leave;
+ /* Read the keyblock. */
+ err = keydb_get_keyblock (kdbhd, &keyblock);
+ if (err)
+ {
+ log_error (_("error reading keyblock: %s\n"), gpg_strerror (err));
+ goto leave;
}
- if((node=find_kbnode(keyblock,PKT_SECRET_KEY)))
- {
- PKT_secret_key *sk=node->pkt->pkt.secret_key;
+ if ((node=find_kbnode(keyblock, PKT_SECRET_KEY)))
+ {
+ PKT_public_key *pk = node->pkt->pkt.public_key;
- keyid_from_sk(sk,sk_keyid);
+ keyid_from_pk (pk, keyid);
- /* We can't apply GNU mode 1001 on an unprotected key. */
- if( secret == 2 && !sk->is_protected )
- {
- log_info(_("key %s: not protected - skipped\n"),
- keystr(sk_keyid));
- continue;
- }
+ /* We can't apply GNU mode 1001 on an unprotected key. */
+ if( secret == 2
+ && pk->seckey_info && !pk->seckey_info->is_protected )
+ {
+ log_info (_("key %s: not protected - skipped\n"),
+ keystr (keyid));
+ continue;
+ }
- /* No v3 keys with GNU mode 1001. */
- if( secret == 2 && sk->version == 3 )
- {
- log_info(_("key %s: PGP 2.x style key - skipped\n"),
- keystr(sk_keyid));
- continue;
- }
+ /* No v3 keys with GNU mode 1001. */
+ if( secret == 2 && pk->version == 3 )
+ {
+ log_info(_("key %s: PGP 2.x style key - skipped\n"),
+ keystr (keyid));
+ continue;
+ }
- /* It does not make sense to export a key with a primary
- key on card using a non-key stub. We simply skip those
- keys when used with --export-secret-subkeys. */
- if (secret == 2 && sk->is_protected
- && sk->protect.s2k.mode == 1002 )
- {
- log_info(_("key %s: key material on-card - skipped\n"),
- keystr(sk_keyid));
- continue;
- }
- }
- else
- {
- /* It's a public key export, so do the cleaning if
- requested. Note that both export-clean and
- export-minimal only apply to UID sigs (0x10, 0x11,
- 0x12, and 0x13). A designated revocation is never
- stripped, even with export-minimal set. */
+ /* It does not make sense to export a key with a primary
+ key on card using a non-key stub. We simply skip those
+ keys when used with --export-secret-subkeys. */
+ if (secret == 2
+ && pk->seckey_info && pk->seckey_info->is_protected
+ && pk->seckey_info->s2k.mode == 1002 )
+ {
+ log_info(_("key %s: key material on-card - skipped\n"),
+ keystr (keyid));
+ continue;
+ }
+ }
+ else
+ {
+ /* It's a public key export, so do the cleaning if
+ requested. Note that both export-clean and
+ export-minimal only apply to UID sigs (0x10, 0x11, 0x12,
+ and 0x13). A designated revocation is never stripped,
+ even with export-minimal set. */
+ if ( (options & EXPORT_CLEAN) )
+ clean_key (keyblock, opt.verbose, options&EXPORT_MINIMAL,
+ NULL, NULL);
+ }
- if(options&EXPORT_CLEAN)
- clean_key(keyblock,opt.verbose,options&EXPORT_MINIMAL,NULL,NULL);
- }
+ /* And write it. */
+ for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); )
+ {
+ if (skip_until_subkey)
+ {
+ if (node->pkt->pkttype==PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype==PKT_SECRET_SUBKEY)
+ skip_until_subkey = 0;
+ else
+ continue;
+ }
- /* And write it. */
- for( kbctx=NULL; (node = walk_kbnode( keyblock, &kbctx, 0 )); ) {
- if( skip_until_subkey )
- {
- if(node->pkt->pkttype==PKT_PUBLIC_SUBKEY
- || node->pkt->pkttype==PKT_SECRET_SUBKEY)
- skip_until_subkey=0;
- else
- continue;
- }
+ /* We used to use comment packets, but not any longer. In
+ case we still have comments on a key, strip them here
+ before we call build_packet(). */
+ if (node->pkt->pkttype == PKT_COMMENT)
+ continue;
- /* We used to use comment packets, but not any longer. In
- case we still have comments on a key, strip them here
- before we call build_packet(). */
- if( node->pkt->pkttype == PKT_COMMENT )
- continue;
+ /* Make sure that ring_trust packets never get exported. */
+ if (node->pkt->pkttype == PKT_RING_TRUST)
+ continue;
- /* Make sure that ring_trust packets never get exported. */
- if (node->pkt->pkttype == PKT_RING_TRUST)
- continue;
-
- /* If exact is set, then we only export what was requested
- (plus the primary key, if the user didn't specifically
- request it). */
- if(desc[descindex].exact
- && (node->pkt->pkttype==PKT_PUBLIC_SUBKEY
- || node->pkt->pkttype==PKT_SECRET_SUBKEY))
- {
- if (!exact_subkey_match_p (desc+descindex, node))
- {
- /* Before skipping this subkey, check whether any
- other description wants an exact match on a
- subkey and include that subkey into the output
- too. Need to add this subkey to a list so that
- it won't get processed a second time.
+ /* If exact is set, then we only export what was requested
+ (plus the primary key, if the user didn't specifically
+ request it). */
+ if (desc[descindex].exact
+ && (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY))
+ {
+ if (!exact_subkey_match_p (desc+descindex, node))
+ {
+ /* Before skipping this subkey, check whether any
+ other description wants an exact match on a
+ subkey and include that subkey into the output
+ too. Need to add this subkey to a list so that
+ it won't get processed a second time.
- So the first step here is to check that list and
- skip in any case if the key is in that list.
+ So the first step here is to check that list and
+ skip in any case if the key is in that list.
- We need this whole mess because the import
- function is not able to merge secret keys and
- thus it is useless to output them as two
- separate keys and have import merge them. */
- if (subkey_in_list_p (subkey_list, node))
- skip_until_subkey = 1; /* Already processed this one. */
- else
- {
- size_t j;
+ We need this whole mess because the import
+ function is not able to merge secret keys and
+ thus it is useless to output them as two separate
+ keys and have import merge them. */
+ if (subkey_in_list_p (subkey_list, node))
+ skip_until_subkey = 1; /* Already processed this one. */
+ else
+ {
+ size_t j;
- for (j=0; j < ndesc; j++)
- if (j != descindex && desc[j].exact
- && exact_subkey_match_p (desc+j, node))
- break;
- if (!(j < ndesc))
- skip_until_subkey = 1; /* No other one matching. */
- }
- }
+ for (j=0; j < ndesc; j++)
+ if (j != descindex && desc[j].exact
+ && exact_subkey_match_p (desc+j, node))
+ break;
+ if (!(j < ndesc))
+ skip_until_subkey = 1; /* No other one matching. */
+ }
+ }
- if(skip_until_subkey)
- continue;
+ if(skip_until_subkey)
+ continue;
- /* Mark this one as processed. */
- {
- subkey_list_t tmp = new_subkey_list_item (node);
- tmp->next = subkey_list;
- subkey_list = tmp;
- }
- }
+ /* Mark this one as processed. */
+ {
+ subkey_list_t tmp = new_subkey_list_item (node);
+ tmp->next = subkey_list;
+ subkey_list = tmp;
+ }
+ }
- if(node->pkt->pkttype==PKT_SIGNATURE)
- {
- /* do not export packets which are marked as not
- exportable */
- if(!(options&EXPORT_LOCAL_SIGS)
- && !node->pkt->pkt.signature->flags.exportable)
- continue; /* not exportable */
+ if (node->pkt->pkttype == PKT_SIGNATURE)
+ {
+ /* Do not export packets which are marked as not
+ exportable. */
+ if (!(options&EXPORT_LOCAL_SIGS)
+ && !node->pkt->pkt.signature->flags.exportable)
+ continue; /* not exportable */
- /* Do not export packets with a "sensitive" revocation
- key unless the user wants us to. Note that we do
- export these when issuing the actual revocation
- (see revoke.c). */
- if(!(options&EXPORT_SENSITIVE_REVKEYS)
- && node->pkt->pkt.signature->revkey)
- {
- int i;
+ /* Do not export packets with a "sensitive" revocation
+ key unless the user wants us to. Note that we do
+ export these when issuing the actual revocation
+ (see revoke.c). */
+ if (!(options&EXPORT_SENSITIVE_REVKEYS)
+ && node->pkt->pkt.signature->revkey)
+ {
+ int i;
+
+ for (i=0;i<node->pkt->pkt.signature->numrevkeys;i++)
+ if ( (node->pkt->pkt.signature->revkey[i]->class & 0x40))
+ break;
- for(i=0;i<node->pkt->pkt.signature->numrevkeys;i++)
- if(node->pkt->pkt.signature->revkey[i]->class & 0x40)
- break;
+ if (i < node->pkt->pkt.signature->numrevkeys)
+ continue;
+ }
+ }
- if(i<node->pkt->pkt.signature->numrevkeys)
- continue;
- }
- }
-
- /* Don't export attribs? */
- if( !(options&EXPORT_ATTRIBUTES) &&
- node->pkt->pkttype == PKT_USER_ID &&
- node->pkt->pkt.user_id->attrib_data ) {
+ /* Don't export attribs? */
+ if (!(options&EXPORT_ATTRIBUTES)
+ && node->pkt->pkttype == PKT_USER_ID
+ && node->pkt->pkt.user_id->attrib_data )
+ {
/* Skip until we get to something that is not an attrib
or a signature on an attrib */
- while(kbctx->next && kbctx->next->pkt->pkttype==PKT_SIGNATURE) {
- kbctx=kbctx->next;
- }
+ while (kbctx->next && kbctx->next->pkt->pkttype==PKT_SIGNATURE)
+ kbctx = kbctx->next;
continue;
}
- if( secret == 2 && node->pkt->pkttype == PKT_SECRET_KEY )
- {
- /* We don't want to export the secret parts of the
- * primary key, this is done by using GNU protection mode 1001
- */
- int save_mode = node->pkt->pkt.secret_key->protect.s2k.mode;
- node->pkt->pkt.secret_key->protect.s2k.mode = 1001;
- if ((options&EXPORT_SEXP_FORMAT))
- rc = build_sexp (out, node->pkt, &indent);
- else
- rc = build_packet (out, node->pkt);
- node->pkt->pkt.secret_key->protect.s2k.mode = save_mode;
- }
- else if (secret == 2 && node->pkt->pkttype == PKT_SECRET_SUBKEY
- && (opt.export_options&EXPORT_RESET_SUBKEY_PASSWD))
- {
- /* If the subkey is protected reset the passphrase to
- export an unprotected subkey. This feature is
- useful in cases of a subkey copied to an unattended
- machine where a passphrase is not required. */
- PKT_secret_key *sk_save, *sk;
+ if (secret == 2 && node->pkt->pkttype == PKT_SECRET_KEY)
+ {
+ /* We don't want to export the secret parts of the
+ * primary key, this is done by temporary switching to
+ * GNU protection mode 1001. */
+ int save_mode = node->pkt->pkt.public_key->seckey_info->s2k.mode;
+ node->pkt->pkt.public_key->seckey_info->s2k.mode = 1001;
+ if ((options&EXPORT_SEXP_FORMAT))
+ err = build_sexp (out, node->pkt, &indent);
+ else
+ err = build_packet (out, node->pkt);
+ node->pkt->pkt.public_key->seckey_info->s2k.mode = save_mode;
+ }
+ else if (secret == 2 && node->pkt->pkttype == PKT_SECRET_SUBKEY
+ && (opt.export_options&EXPORT_RESET_SUBKEY_PASSWD))
+ {
+ /* If the subkey is protected reset the passphrase to
+ export an unprotected subkey. This feature is useful
+ in cases of a subkey copied to an unattended machine
+ where a passphrase is not required. */
+ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ goto leave;
+#warning We need to implement this
+ /* PKT_secret_key *sk_save, *sk; */
- sk_save = node->pkt->pkt.secret_key;
- sk = copy_secret_key (NULL, sk_save);
- node->pkt->pkt.secret_key = sk;
+ /* sk_save = node->pkt->pkt.secret_key; */
+ /* sk = copy_secret_key (NULL, sk_save); */
+ /* node->pkt->pkt.secret_key = sk; */
- log_info (_("about to export an unprotected subkey\n"));
- switch (is_secret_key_protected (sk))
- {
- case -1:
- rc = G10ERR_PUBKEY_ALGO;
- break;
- case 0:
- break;
- default:
- if (sk->protect.s2k.mode == 1001)
- ; /* No secret parts. */
- else if( sk->protect.s2k.mode == 1002 )
- ; /* Card key stub. */
- else
- {
- /* rc = check_secret_key( sk, 0 ); */
- }
- break;
- }
- if (rc)
- {
- node->pkt->pkt.secret_key = sk_save;
- free_secret_key (sk);
- log_error (_("failed to unprotect the subkey: %s\n"),
- g10_errstr (rc));
- goto leave;
- }
+ /* log_info (_("about to export an unprotected subkey\n")); */
+ /* switch (is_secret_key_protected (sk)) */
+ /* { */
+ /* case -1: */
+ /* err = gpg_error (GPG_ERR_PUBKEY_ALGO); */
+ /* break; */
+ /* case 0: */
+ /* break; */
+ /* default: */
+ /* if (sk->protect.s2k.mode == 1001) */
+ /* ; /\* No secret parts. *\/ */
+ /* else if( sk->protect.s2k.mode == 1002 ) */
+ /* ; /\* Card key stub. *\/ */
+ /* else */
+ /* { */
+ /* /\* err = check_secret_key( sk, 0 ); *\/ */
+ /* } */
+ /* break; */
+ /* } */
+ /* if (err) */
+ /* { */
+ /* node->pkt->pkt.secret_key = sk_save; */
+ /* free_secret_key (sk); */
+ /* log_error (_("failed to unprotect the subkey: %s\n"), */
+ /* g10_errstr (rc)); */
+ /* goto leave; */
+ /* } */
- if ((options&EXPORT_SEXP_FORMAT))
- rc = build_sexp (out, node->pkt, &indent);
- else
- rc = build_packet (out, node->pkt);
+ /* if ((options&EXPORT_SEXP_FORMAT)) */
+ /* err = build_sexp (out, node->pkt, &indent); */
+ /* else */
+ /* err = build_packet (out, node->pkt); */
- node->pkt->pkt.secret_key = sk_save;
- free_secret_key (sk);
- }
- else
- {
- /* Warn the user if the secret key or any of the secret
- subkeys are protected with SHA1 and we have
- simple_sk_checksum set. */
- if(!sha1_warned && opt.simple_sk_checksum &&
- (node->pkt->pkttype==PKT_SECRET_KEY ||
- node->pkt->pkttype==PKT_SECRET_SUBKEY) &&
- node->pkt->pkt.secret_key->protect.sha1chk)
- {
- /* I hope this warning doesn't confuse people. */
- log_info(_("WARNING: secret key %s does not have a "
- "simple SK checksum\n"),keystr(sk_keyid));
+ /* node->pkt->pkt.secret_key = sk_save; */
+ /* free_secret_key (sk); */
+ }
+ else
+ {
+ /* Warn the user if the secret key or any of the secret
+ subkeys are protected with SHA1 and we have
+ simple_sk_checksum set. */
+ if (!sha1_warned && opt.simple_sk_checksum &&
+ (node->pkt->pkttype == PKT_SECRET_KEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY)
+ && node->pkt->pkt.public_key->seckey_info->sha1chk)
+ {
+ /* I hope this warning doesn't confuse people. */
+ log_info(_("WARNING: secret key %s does not have a "
+ "simple SK checksum\n"), keystr (keyid));
- sha1_warned=1;
- }
+ sha1_warned = 1;
+ }
- if ((options&EXPORT_SEXP_FORMAT))
- rc = build_sexp (out, node->pkt, &indent);
- else
- rc = build_packet (out, node->pkt);
- }
+ if ((options&EXPORT_SEXP_FORMAT))
+ err = build_sexp (out, node->pkt, &indent);
+ else
+ err = build_packet (out, node->pkt);
+ }
- if( rc ) {
- log_error("build_packet(%d) failed: %s\n",
- node->pkt->pkttype, g10_errstr(rc) );
- goto leave;
+ if (err)
+ {
+ log_error ("build_packet(%d) failed: %s\n",
+ node->pkt->pkttype, gpg_strerror (err));
+ goto leave;
}
}
- if ((options&EXPORT_SEXP_FORMAT) && indent)
- {
- for (; indent; indent--)
- iobuf_put (out, ')');
- iobuf_put (out, '\n');
- }
+ if ((options&EXPORT_SEXP_FORMAT) && indent)
+ {
+ for (; indent; indent--)
+ iobuf_put (out, ')');
+ iobuf_put (out, '\n');
+ }
- ++*any;
- if(keyblock_out)
- {
- *keyblock_out=keyblock;
- break;
- }
+ ++*any;
+ if(keyblock_out)
+ {
+ *keyblock_out=keyblock;
+ break;
+ }
}
- if ((options&EXPORT_SEXP_FORMAT) && indent)
- {
- for (; indent; indent--)
- iobuf_put (out, ')');
- iobuf_put (out, '\n');
- }
- if( rc == -1 )
- rc = 0;
+ if ((options&EXPORT_SEXP_FORMAT) && indent)
+ {
+ for (; indent; indent--)
+ iobuf_put (out, ')');
+ iobuf_put (out, '\n');
+ }
+ if( err == -1 )
+ err = 0;
- leave:
- release_subkey_list (subkey_list);
- xfree(desc);
- keydb_release (kdbhd);
- if(rc || keyblock_out==NULL)
- release_kbnode( keyblock );
- if( !*any )
- log_info(_("WARNING: nothing exported\n"));
- return rc;
+ leave:
+ release_subkey_list (subkey_list);
+ xfree(desc);
+ keydb_release (kdbhd);
+ if (err || !keyblock_out)
+ release_kbnode( keyblock );
+ if( !*any )
+ log_info(_("WARNING: nothing exported\n"));
+ return err;
}
-static int
-write_sexp_line (iobuf_t out, int *indent, const char *text)
-{
- int i;
+/* static int */
+/* write_sexp_line (iobuf_t out, int *indent, const char *text) */
+/* { */
+/* int i; */
- for (i=0; i < *indent; i++)
- iobuf_put (out, ' ');
- iobuf_writestr (out, text);
- return 0;
-}
+/* for (i=0; i < *indent; i++) */
+/* iobuf_put (out, ' '); */
+/* iobuf_writestr (out, text); */
+/* return 0; */
+/* } */
-static int
-write_sexp_keyparm (iobuf_t out, int *indent, const char *name, gcry_mpi_t a)
-{
- int rc;
- unsigned char *buffer;
+/* static int */
+/* write_sexp_keyparm (iobuf_t out, int *indent, const char *name, gcry_mpi_t a) */
+/* { */
+/* int rc; */
+/* unsigned char *buffer; */
- write_sexp_line (out, indent, "(");
- iobuf_writestr (out, name);
- iobuf_writestr (out, " #");
+/* write_sexp_line (out, indent, "("); */
+/* iobuf_writestr (out, name); */
+/* iobuf_writestr (out, " #"); */
- rc = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, a);
- assert (!rc);
- iobuf_writestr (out, buffer);
- iobuf_writestr (out, "#)");
- gcry_free (buffer);
- return 0;
-}
+/* rc = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, a); */
+/* assert (!rc); */
+/* iobuf_writestr (out, buffer); */
+/* iobuf_writestr (out, "#)"); */
+/* gcry_free (buffer); */
+/* return 0; */
+/* } */
static int
build_sexp_seckey (iobuf_t out, PACKET *pkt, int *indent)
{
- PKT_secret_key *sk = pkt->pkt.secret_key;
- char tmpbuf[100];
+ /* FIXME: Not yet implemented. */
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ /* PKT_secret_key *sk = pkt->pkt.secret_key; */
+ /* char tmpbuf[100]; */
- if (pkt->pkttype == PKT_SECRET_KEY)
- {
- iobuf_writestr (out, "(openpgp-key\n");
- (*indent)++;
- }
- else
- {
- iobuf_writestr (out, " (subkey\n");
- (*indent)++;
- }
- (*indent)++;
- write_sexp_line (out, indent, "(private-key\n");
More information about the Gnupg-commits
mailing list