1 /* findkey.c - Locate the secret key
2 * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007,
3 * 2010, 2011 Free Software Foundation, Inc.
4 * Copyright (C) 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
33 #include <npth.h> /* (we use pth_sleep) */
37 #include "../common/ssh-utils.h"
43 /* Helper to pass data to the check callback of the unprotect function. */
44 struct try_unprotect_arg_s
47 const unsigned char *protected_key;
48 unsigned char *unprotected_key;
49 int change_required; /* Set by the callback to indicate that the
50 user should change the passphrase. */
54 /* Write an S-expression formatted key to our key storage. With FORCE
55 passed as true an existing key with the given GRIP will get
58 agent_write_private_key (const unsigned char *grip,
59 const void *buffer, size_t length, int force)
65 bin2hex (grip, 20, hexgrip);
66 strcpy (hexgrip+40, ".key");
68 fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
70 /* FIXME: Write to a temp file first so that write failures during
71 key updates won't lead to a key loss. */
73 if (!force && !access (fname, F_OK))
75 log_error ("secret key file '%s' already exists\n", fname);
77 return gpg_error (GPG_ERR_EEXIST);
80 fp = es_fopen (fname, force? "wb,mode=-rw" : "wbx,mode=-rw");
83 gpg_error_t tmperr = gpg_error_from_syserror ();
84 log_error ("can't create '%s': %s\n", fname, gpg_strerror (tmperr));
89 if (es_fwrite (buffer, length, 1, fp) != 1)
91 gpg_error_t tmperr = gpg_error_from_syserror ();
92 log_error ("error writing '%s': %s\n", fname, gpg_strerror (tmperr));
100 gpg_error_t tmperr = gpg_error_from_syserror ();
101 log_error ("error closing '%s': %s\n", fname, gpg_strerror (tmperr));
102 gnupg_remove (fname);
106 bump_key_eventcounter ();
112 /* Callback function to try the unprotection from the passphrase query
115 try_unprotect_cb (struct pin_entry_info_s *pi)
117 struct try_unprotect_arg_s *arg = pi->check_cb_arg;
118 ctrl_t ctrl = arg->ctrl;
121 gnupg_isotime_t now, protected_at, tmptime;
124 assert (!arg->unprotected_key);
126 arg->change_required = 0;
127 err = agent_unprotect (ctrl, arg->protected_key, pi->pin, protected_at,
128 &arg->unprotected_key, &dummy);
131 if (!opt.max_passphrase_days || ctrl->in_passwd)
132 return 0; /* No regular passphrase change required. */
136 /* No protection date known - must force passphrase change. */
137 desc = xtrystrdup (L_("Note: This passphrase has never been changed.%0A"
138 "Please change it now."));
140 return gpg_error_from_syserror ();
144 gnupg_get_isotime (now);
145 gnupg_copy_time (tmptime, protected_at);
146 err = add_days_to_isotime (tmptime, opt.max_passphrase_days);
149 if (strcmp (now, tmptime) > 0 )
151 /* Passphrase "expired". */
153 (L_("This passphrase has not been changed%%0A"
154 "since %.4s-%.2s-%.2s. Please change it now."),
155 protected_at, protected_at+4, protected_at+6);
157 return gpg_error_from_syserror ();
163 /* Change required. */
164 if (opt.enforce_passphrase_constraints)
166 err = agent_get_confirmation (ctrl, desc,
167 L_("Change passphrase"), NULL, 0);
169 arg->change_required = 1;
173 err = agent_get_confirmation (ctrl, desc,
174 L_("Change passphrase"),
175 L_("I'll change it later"), 0);
177 arg->change_required = 1;
178 else if (gpg_err_code (err) == GPG_ERR_CANCELED
179 || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
189 /* Modify a Key description, replacing certain special format
190 characters. List of currently supported replacements:
192 %% - Replaced by a single %
193 %c - Replaced by the content of COMMENT.
194 %C - Same as %c but put into parentheses.
195 %F - Replaced by an ssh style fingerprint computed from KEY.
197 The functions returns 0 on success or an error code. On success a
198 newly allocated string is stored at the address of RESULT.
201 modify_description (const char *in, const char *comment, const gcry_sexp_t key,
204 size_t comment_length;
210 char *ssh_fpr = NULL;
212 comment_length = strlen (comment);
213 in_len = strlen (in);
215 /* First pass calculates the length, second pass does the actual
219 for (pass=0; pass < 2; pass++)
222 for (i = 0; i < in_len; i++)
236 case 'c': /* Comment. */
239 memcpy (out, comment, comment_length);
240 out += comment_length;
243 out_len += comment_length;
246 case 'C': /* Comment. */
252 memcpy (out, comment, comment_length);
253 out += comment_length;
257 out_len += comment_length + 2;
260 case 'F': /* SSH style fingerprint. */
262 ssh_get_fingerprint_string (key, &ssh_fpr);
266 out = stpcpy (out, ssh_fpr);
268 out_len += strlen (ssh_fpr);
272 default: /* Invalid special sequences are kept as they are. */
283 else if (in[i] == '%')
296 *result = out = xtrymalloc (out_len + 1);
300 return gpg_error_from_syserror ();
306 assert (*result + out_len == out);
313 /* Unprotect the canconical encoded S-expression key in KEYBUF. GRIP
314 should be the hex encoded keygrip of that key to be used with the
315 caching mechanism. DESC_TEXT may be set to override the default
316 description used for the pinentry. If LOOKUP_TTL is given this
317 function is used to lookup the default ttl. If R_PASSPHRASE is not
318 NULL, the function succeeded and the key was protected the used
319 passphrase (entered or from the cache) is stored there; if not NULL
320 will be stored. The caller needs to free the returned
323 unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
324 unsigned char **keybuf, const unsigned char *grip,
325 cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
328 struct pin_entry_info_s *pi;
329 struct try_unprotect_arg_s arg;
331 unsigned char *result;
336 *r_passphrase = NULL;
338 bin2hex (grip, 20, hexgrip);
340 /* Initially try to get it using a cache nonce. */
345 pw = agent_get_cache (cache_nonce, CACHE_MODE_NONCE);
348 rc = agent_unprotect (ctrl, *keybuf, pw, NULL, &result, &resultlen);
363 /* First try to get it from the cache - if there is none or we can't
364 unprotect it, we fall back to ask the user */
365 if (cache_mode != CACHE_MODE_IGNORE)
370 pw = agent_get_cache (hexgrip, cache_mode);
373 rc = agent_unprotect (ctrl, *keybuf, pw, NULL, &result, &resultlen);
376 if (cache_mode == CACHE_MODE_NORMAL)
377 agent_store_cache_hit (hexgrip);
389 else if (cache_mode == CACHE_MODE_NORMAL)
391 /* The standard use of GPG keys is to have a signing and an
392 encryption subkey. Commonly both use the same
393 passphrase. We try to help the user to enter the
394 passphrase only once by silently trying the last
395 correctly entered passphrase. Checking one additional
396 passphrase should be acceptable; despite the S2K
397 introduced delays. The assumed workflow is:
399 1. Read encrypted message in a MUA and thus enter a
400 passphrase for the encryption subkey.
402 2. Reply to that mail with an encrypted and signed
403 mail, thus entering the passphrase for the signing
406 We can often avoid the passphrase entry in the second
407 step. We do this only in normal mode, so not to
408 interfere with unrelated cache entries. */
409 pw = agent_get_cache (NULL, cache_mode);
412 rc = agent_unprotect (ctrl, *keybuf, pw, NULL,
413 &result, &resultlen);
429 /* If the pinentry is currently in use, we wait up to 60 seconds
430 for it to close and check the cache again. This solves a common
431 situation where several requests for unprotecting a key have
432 been made but the user is still entering the passphrase for
433 the first request. Because all requests to agent_askpin are
434 serialized they would then pop up one after the other to
435 request the passphrase - despite that the user has already
436 entered it and is then available in the cache. This
437 implementation is not race free but in the worst case the
438 user has to enter the passphrase only once more. */
439 if (pinentry_active_p (ctrl, 0))
442 if (!pinentry_active_p (ctrl, 60))
444 /* We need to give the other thread a chance to actually put
445 it into the cache. */
449 /* Timeout - better call pinentry now the plain way. */
453 pi = gcry_calloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
455 return gpg_error_from_syserror ();
456 pi->max_length = MAX_PASSPHRASE_LEN + 1;
457 pi->min_digits = 0; /* we want a real passphrase */
460 pi->check_cb = try_unprotect_cb;
462 arg.protected_key = *keybuf;
463 arg.unprotected_key = NULL;
464 arg.change_required = 0;
465 pi->check_cb_arg = &arg;
467 rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi, hexgrip, cache_mode);
470 assert (arg.unprotected_key);
471 if (arg.change_required)
473 /* The callback told as that the user should change their
474 passphrase. Present the dialog to do. */
475 size_t canlen, erroff;
478 assert (arg.unprotected_key);
479 canlen = gcry_sexp_canon_len (arg.unprotected_key, 0, NULL, NULL);
480 rc = gcry_sexp_sscan (&s_skey, &erroff,
481 (char*)arg.unprotected_key, canlen);
484 log_error ("failed to build S-Exp (off=%u): %s\n",
485 (unsigned int)erroff, gpg_strerror (rc));
486 wipememory (arg.unprotected_key, canlen);
487 xfree (arg.unprotected_key);
491 rc = agent_protect_and_store (ctrl, s_skey, NULL);
492 gcry_sexp_release (s_skey);
495 log_error ("changing the passphrase failed: %s\n",
497 wipememory (arg.unprotected_key, canlen);
498 xfree (arg.unprotected_key);
505 /* Passphrase is fine. */
506 agent_put_cache (hexgrip, cache_mode, pi->pin,
507 lookup_ttl? lookup_ttl (hexgrip) : 0);
508 agent_store_cache_hit (hexgrip);
509 if (r_passphrase && *pi->pin)
510 *r_passphrase = xtrystrdup (pi->pin);
513 *keybuf = arg.unprotected_key;
520 /* Read the key identified by GRIP from the private key directory and
521 return it as an gcrypt S-expression object in RESULT. On failure
522 returns an error code and stores NULL at RESULT. */
524 read_key_file (const unsigned char *grip, gcry_sexp_t *result)
531 size_t buflen, erroff;
533 char hexgrip[40+4+1];
537 bin2hex (grip, 20, hexgrip);
538 strcpy (hexgrip+40, ".key");
540 fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
541 fp = es_fopen (fname, "rb");
544 rc = gpg_error_from_syserror ();
545 if (gpg_err_code (rc) != GPG_ERR_ENOENT)
546 log_error ("can't open '%s': %s\n", fname, strerror (errno));
551 if (fstat (es_fileno (fp), &st))
553 rc = gpg_error_from_syserror ();
554 log_error ("can't stat '%s': %s\n", fname, strerror (errno));
561 buf = xtrymalloc (buflen+1);
564 rc = gpg_error_from_syserror ();
565 log_error ("error allocating %zu bytes for '%s': %s\n",
566 buflen, fname, strerror (errno));
574 if (es_fread (buf, buflen, 1, fp) != 1)
576 rc = gpg_error_from_syserror ();
577 log_error ("error reading %zu bytes from '%s': %s\n",
578 buflen, fname, strerror (errno));
585 /* Convert the file into a gcrypt S-expression object. */
586 rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
592 log_error ("failed to build S-Exp (off=%u): %s\n",
593 (unsigned int)erroff, gpg_strerror (rc));
601 /* Remove the key identified by GRIP from the private key directory. */
603 remove_key_file (const unsigned char *grip)
607 char hexgrip[40+4+1];
609 bin2hex (grip, 20, hexgrip);
610 strcpy (hexgrip+40, ".key");
611 fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
612 if (gnupg_remove (fname))
613 err = gpg_error_from_syserror ();
619 /* Return the secret key as an S-Exp in RESULT after locating it using
620 the GRIP. If the operation shall be diverted to a token, an
621 allocated S-expression with the shadow_info part from the file is
622 stored at SHADOW_INFO; if not NULL will be stored at SHADOW_INFO.
623 CACHE_MODE defines now the cache shall be used. DESC_TEXT may be
624 set to present a custom description for the pinentry. LOOKUP_TTL
625 is an optional function to convey a TTL to the cache manager; we do
626 not simply pass the TTL value because the value is only needed if
627 an unprotect action was needed and looking up the TTL may have some
628 overhead (e.g. scanning the sshcontrol file). If a CACHE_NONCE is
629 given that cache item is first tried to get a passphrase. If
630 R_PASSPHRASE is not NULL, the function succeeded and the key was
631 protected the used passphrase (entered or from the cache) is stored
632 there; if not NULL will be stored. The caller needs to free the
633 returned passphrase. */
635 agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
636 const char *desc_text,
637 const unsigned char *grip, unsigned char **shadow_info,
638 cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
639 gcry_sexp_t *result, char **r_passphrase)
643 size_t len, buflen, erroff;
650 *r_passphrase = NULL;
652 rc = read_key_file (grip, &s_skey);
655 if (gpg_err_code (rc) == GPG_ERR_ENOENT)
656 rc = gpg_error (GPG_ERR_NO_SECKEY);
660 /* For use with the protection functions we also need the key as an
661 canonical encoded S-expression in a buffer. Create this buffer
663 rc = make_canon_sexp (s_skey, &buf, &len);
667 switch (agent_private_key_type (buf))
669 case PRIVATE_KEY_CLEAR:
670 break; /* no unprotection needed */
671 case PRIVATE_KEY_OPENPGP_NONE:
673 unsigned char *buf_new;
676 rc = agent_unprotect (ctrl, buf, "", NULL, &buf_new, &buf_newlen);
678 log_error ("failed to convert unprotected openpgp key: %s\n",
687 case PRIVATE_KEY_PROTECTED:
689 char *desc_text_final;
690 char *comment = NULL;
692 /* Note, that we will take the comment as a C string for
693 display purposes; i.e. all stuff beyond a Nul character is
696 gcry_sexp_t comment_sexp;
698 comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0);
700 comment = gcry_sexp_nth_string (comment_sexp, 1);
701 gcry_sexp_release (comment_sexp);
704 desc_text_final = NULL;
706 rc = modify_description (desc_text, comment? comment:"", s_skey,
712 rc = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip,
713 cache_mode, lookup_ttl, r_passphrase);
715 log_error ("failed to unprotect the secret key: %s\n",
719 xfree (desc_text_final);
722 case PRIVATE_KEY_SHADOWED:
725 const unsigned char *s;
728 rc = agent_get_shadow_info (buf, &s);
731 n = gcry_sexp_canon_len (s, 0, NULL,NULL);
733 *shadow_info = xtrymalloc (n);
738 memcpy (*shadow_info, s, n);
743 log_error ("get_shadow_info failed: %s\n", gpg_strerror (rc));
746 rc = gpg_error (GPG_ERR_UNUSABLE_SECKEY);
749 log_error ("invalid private key format\n");
750 rc = gpg_error (GPG_ERR_BAD_SECKEY);
753 gcry_sexp_release (s_skey);
760 xfree (*r_passphrase);
761 *r_passphrase = NULL;
766 buflen = gcry_sexp_canon_len (buf, 0, NULL, NULL);
767 rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
768 wipememory (buf, buflen);
772 log_error ("failed to build S-Exp (off=%u): %s\n",
773 (unsigned int)erroff, gpg_strerror (rc));
776 xfree (*r_passphrase);
777 *r_passphrase = NULL;
787 /* Return the string name from the S-expression S_KEY as well as a
788 string describing the names of the parameters. ALGONAMESIZE and
789 ELEMSSIZE give the allocated size of the provided buffers. The
790 buffers may be NULL if not required. If R_LIST is not NULL the top
791 level list will be stored there; the caller needs to release it in
794 key_parms_from_sexp (gcry_sexp_t s_key, gcry_sexp_t *r_list,
795 char *r_algoname, size_t algonamesize,
796 char *r_elems, size_t elemssize)
798 gcry_sexp_t list, l2;
799 const char *name, *algoname, *elems;
805 list = gcry_sexp_find_token (s_key, "shadowed-private-key", 0 );
807 list = gcry_sexp_find_token (s_key, "protected-private-key", 0 );
809 list = gcry_sexp_find_token (s_key, "private-key", 0 );
812 log_error ("invalid private key format\n");
813 return gpg_error (GPG_ERR_BAD_SECKEY);
816 l2 = gcry_sexp_cadr (list);
817 gcry_sexp_release (list);
819 name = gcry_sexp_nth_data (list, 0, &n);
820 if (n==3 && !memcmp (name, "rsa", 3))
825 else if (n==3 && !memcmp (name, "dsa", 3))
830 else if (n==3 && !memcmp (name, "ecc", 3))
835 else if (n==5 && !memcmp (name, "ecdsa", 5))
840 else if (n==4 && !memcmp (name, "ecdh", 4))
845 else if (n==3 && !memcmp (name, "elg", 3))
852 log_error ("unknown private key algorithm\n");
853 gcry_sexp_release (list);
854 return gpg_error (GPG_ERR_BAD_SECKEY);
859 if (strlen (algoname) >= algonamesize)
860 return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
861 strcpy (r_algoname, algoname);
865 if (strlen (elems) >= elemssize)
866 return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
867 strcpy (r_elems, elems);
873 gcry_sexp_release (list);
879 /* Return true if KEYPARMS holds an EdDSA key. */
881 is_eddsa (gcry_sexp_t keyparms)
889 list = gcry_sexp_find_token (keyparms, "flags", 0);
890 for (i = list ? gcry_sexp_length (list)-1 : 0; i > 0; i--)
892 s = gcry_sexp_nth_data (list, i, &n);
894 continue; /* Not a data element. */
896 if (n == 5 && !memcmp (s, "eddsa", 5))
902 gcry_sexp_release (list);
907 /* Return the public key algorithm number if S_KEY is a DSA style key.
908 If it is not a DSA style key, return 0. */
910 agent_is_dsa_key (gcry_sexp_t s_key)
919 if (key_parms_from_sexp (s_key, &list, algoname, sizeof algoname, NULL, 0))
920 return 0; /* Error - assume it is not an DSA key. */
922 if (!strcmp (algoname, "dsa"))
923 result = GCRY_PK_DSA;
924 else if (!strcmp (algoname, "ecc"))
929 result = GCRY_PK_ECDSA;
931 else if (!strcmp (algoname, "ecdsa"))
932 result = GCRY_PK_ECDSA;
936 gcry_sexp_release (list);
941 /* Return true if S_KEY is an EdDSA key as used with curve Ed25519. */
943 agent_is_eddsa_key (gcry_sexp_t s_key)
952 if (key_parms_from_sexp (s_key, &list, algoname, sizeof algoname, NULL, 0))
953 return 0; /* Error - assume it is not an EdDSA key. */
955 if (!strcmp (algoname, "ecc") && is_eddsa (list))
957 else if (!strcmp (algoname, "eddsa")) /* backward compatibility. */
962 gcry_sexp_release (list);
967 /* Return the key for the keygrip GRIP. The result is stored at
968 RESULT. This function extracts the key from the private key
969 database and returns it as an S-expression object as it is. On
970 failure an error code is returned and NULL stored at RESULT. */
972 agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip,
982 err = read_key_file (grip, &s_skey);
989 /* Return the public key for the keygrip GRIP. The result is stored
990 at RESULT. This function extracts the public key from the private
991 key database. On failure an error code is returned and NULL stored
994 agent_public_key_from_file (ctrl_t ctrl,
995 const unsigned char *grip,
1001 const char *algoname, *elems;
1003 gcry_mpi_t array[10];
1004 gcry_sexp_t curve = NULL;
1005 gcry_sexp_t flags = NULL;
1006 gcry_sexp_t uri_sexp, comment_sexp;
1007 const char *uri, *comment;
1008 size_t uri_length, comment_length;
1010 void *args[2+7+2+2+1]; /* Size is 2 + max. # of elements + 2 for uri + 2
1011 for comment + end-of-list. */
1013 gcry_sexp_t list = NULL;
1020 err = read_key_file (grip, &s_skey);
1024 for (i=0; i < DIM (array); i++)
1027 err = extract_private_key (s_skey, 0, &algoname, &npkey, NULL, &elems,
1028 array, DIM (array), &curve, &flags);
1031 gcry_sexp_release (s_skey);
1037 uri_sexp = gcry_sexp_find_token (s_skey, "uri", 0);
1039 uri = gcry_sexp_nth_data (uri_sexp, 1, &uri_length);
1043 comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0);
1045 comment = gcry_sexp_nth_data (comment_sexp, 1, &comment_length);
1047 gcry_sexp_release (s_skey);
1051 /* FIXME: The following thing is pretty ugly code; we should
1052 investigate how to make it cleaner. Probably code to handle
1053 canonical S-expressions in a memory buffer is better suited for
1054 such a task. After all that is what we do in protect.c. Neeed
1055 to find common patterns and write a straightformward API to use
1057 assert (sizeof (size_t) <= sizeof (void*));
1059 format = xtrymalloc (15+4+7*npkey+10+15+1+1);
1062 err = gpg_error_from_syserror ();
1063 for (i=0; array[i]; i++)
1064 gcry_mpi_release (array[i]);
1065 gcry_sexp_release (curve);
1066 gcry_sexp_release (flags);
1067 gcry_sexp_release (uri_sexp);
1068 gcry_sexp_release (comment_sexp);
1073 p = stpcpy (stpcpy (format, "(public-key("), algoname);
1074 p = stpcpy (p, "%S%S"); /* curve name and flags. */
1075 args[argidx++] = &curve;
1076 args[argidx++] = &flags;
1077 for (idx=0, s=elems; idx < npkey; idx++)
1081 p = stpcpy (p, " %m)");
1082 assert (argidx < DIM (args));
1083 args[argidx++] = &array[idx];
1088 p = stpcpy (p, "(uri %b)");
1089 assert (argidx+1 < DIM (args));
1090 args[argidx++] = (void *)&uri_length;
1091 args[argidx++] = (void *)&uri;
1095 p = stpcpy (p, "(comment %b)");
1096 assert (argidx+1 < DIM (args));
1097 args[argidx++] = (void *)&comment_length;
1098 args[argidx++] = (void*)&comment;
1102 assert (argidx < DIM (args));
1103 args[argidx] = NULL;
1105 err = gcry_sexp_build_array (&list, NULL, format, args);
1107 for (i=0; array[i]; i++)
1108 gcry_mpi_release (array[i]);
1109 gcry_sexp_release (curve);
1110 gcry_sexp_release (flags);
1111 gcry_sexp_release (uri_sexp);
1112 gcry_sexp_release (comment_sexp);
1121 /* Check whether the the secret key identified by GRIP is available.
1122 Returns 0 is the key is available. */
1124 agent_key_available (const unsigned char *grip)
1128 char hexgrip[40+4+1];
1130 bin2hex (grip, 20, hexgrip);
1131 strcpy (hexgrip+40, ".key");
1133 fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
1134 result = !access (fname, R_OK)? 0 : -1;
1141 /* Return the information about the secret key specified by the binary
1142 keygrip GRIP. If the key is a shadowed one the shadow information
1143 will be stored at the address R_SHADOW_INFO as an allocated
1146 agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
1147 int *r_keytype, unsigned char **r_shadow_info)
1157 *r_keytype = PRIVATE_KEY_UNKNOWN;
1159 *r_shadow_info = NULL;
1164 err = read_key_file (grip, &sexp);
1167 if (gpg_err_code (err) == GPG_ERR_ENOENT)
1168 return gpg_error (GPG_ERR_NOT_FOUND);
1172 err = make_canon_sexp (sexp, &buf, &len);
1173 gcry_sexp_release (sexp);
1178 keytype = agent_private_key_type (buf);
1181 case PRIVATE_KEY_CLEAR:
1182 case PRIVATE_KEY_OPENPGP_NONE:
1184 case PRIVATE_KEY_PROTECTED:
1185 /* If we ever require it we could retrieve the comment fields
1188 case PRIVATE_KEY_SHADOWED:
1191 const unsigned char *s;
1194 err = agent_get_shadow_info (buf, &s);
1197 n = gcry_sexp_canon_len (s, 0, NULL, NULL);
1199 *r_shadow_info = xtrymalloc (n);
1200 if (!*r_shadow_info)
1201 err = gpg_error_from_syserror ();
1203 memcpy (*r_shadow_info, s, n);
1208 err = gpg_error (GPG_ERR_BAD_SECKEY);
1212 if (!err && r_keytype)
1213 *r_keytype = keytype;
1221 /* Delete the key with GRIP from the disk after having asked for
1222 confirmation using DESC_TEXT. If FORCE is set the fucntion won't
1223 require a confirmation via Pinentry or warns if the key is also
1226 Common error codes are:
1229 GPG_ERR_NOT_CONFIRMED
1232 agent_delete_key (ctrl_t ctrl, const char *desc_text,
1233 const unsigned char *grip, int force)
1236 gcry_sexp_t s_skey = NULL;
1237 unsigned char *buf = NULL;
1239 char *desc_text_final = NULL;
1240 char *comment = NULL;
1241 ssh_control_file_t cf = NULL;
1242 char hexgrip[40+4+1];
1243 char *default_desc = NULL;
1245 err = read_key_file (grip, &s_skey);
1246 if (gpg_err_code (err) == GPG_ERR_ENOENT)
1247 err = gpg_error (GPG_ERR_NO_SECKEY);
1251 err = make_canon_sexp (s_skey, &buf, &len);
1255 switch (agent_private_key_type (buf))
1257 case PRIVATE_KEY_CLEAR:
1258 case PRIVATE_KEY_OPENPGP_NONE:
1259 case PRIVATE_KEY_PROTECTED:
1260 bin2hex (grip, 20, hexgrip);
1265 default_desc = xtryasprintf
1266 (L_("Do you really want to delete the key identified by keygrip%%0A"
1267 " %s%%0A %%C%%0A?"), hexgrip);
1268 desc_text = default_desc;
1271 /* Note, that we will take the comment as a C string for
1272 display purposes; i.e. all stuff beyond a Nul character is
1275 gcry_sexp_t comment_sexp;
1277 comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0);
1279 comment = gcry_sexp_nth_string (comment_sexp, 1);
1280 gcry_sexp_release (comment_sexp);
1284 err = modify_description (desc_text, comment? comment:"", s_skey,
1289 err = agent_get_confirmation (ctrl, desc_text_final,
1290 L_("Delete key"), L_("No"), 0);
1294 cf = ssh_open_control_file ();
1297 if (!ssh_search_control_file (cf, hexgrip, NULL, NULL, NULL))
1299 err = agent_get_confirmation
1301 L_("Warning: This key is also listed for use with SSH!\n"
1302 "Deleting the key might remove your ability to "
1303 "access remote machines."),
1304 L_("Delete key"), L_("No"), 0);
1310 err = remove_key_file (grip);
1313 case PRIVATE_KEY_SHADOWED:
1314 err = gpg_error (GPG_ERR_KEY_ON_CARD);
1318 log_error ("invalid private key format\n");
1319 err = gpg_error (GPG_ERR_BAD_SECKEY);
1324 ssh_close_control_file (cf);
1325 gcry_free (comment);
1326 xfree (desc_text_final);
1327 xfree (default_desc);
1329 gcry_sexp_release (s_skey);
projects / platform / upstream / gpg2.git / blob