1 /* findkey.c - Locate the secret key
2 * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007,
3 * 2010, 2011 Free Software Foundation, Inc.
4 * Copyright (C) 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
33 #include <npth.h> /* (we use pth_sleep) */
37 #include "../common/ssh-utils.h"
43 /* Helper to pass data to the check callback of the unprotect function. */
44 struct try_unprotect_arg_s
47 const unsigned char *protected_key;
48 unsigned char *unprotected_key;
49 int change_required; /* Set by the callback to indicate that the
50 user should change the passphrase. */
54 /* Write an S-expression formatted key to our key storage. With FORCE
55 passed as true an existing key with the given GRIP will get
58 agent_write_private_key (const unsigned char *grip,
59 const void *buffer, size_t length, int force)
65 bin2hex (grip, 20, hexgrip);
66 strcpy (hexgrip+40, ".key");
68 fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
70 /* FIXME: Write to a temp file first so that write failures during
71 key updates won't lead to a key loss. */
73 if (!force && !access (fname, F_OK))
75 log_error ("secret key file '%s' already exists\n", fname);
77 return gpg_error (GPG_ERR_EEXIST);
80 fp = es_fopen (fname, force? "wb,mode=-rw" : "wbx,mode=-rw");
83 gpg_error_t tmperr = gpg_error_from_syserror ();
84 log_error ("can't create '%s': %s\n", fname, gpg_strerror (tmperr));
89 if (es_fwrite (buffer, length, 1, fp) != 1)
91 gpg_error_t tmperr = gpg_error_from_syserror ();
92 log_error ("error writing '%s': %s\n", fname, gpg_strerror (tmperr));
100 gpg_error_t tmperr = gpg_error_from_syserror ();
101 log_error ("error closing '%s': %s\n", fname, gpg_strerror (tmperr));
102 gnupg_remove (fname);
106 bump_key_eventcounter ();
112 /* Callback function to try the unprotection from the passphrase query
115 try_unprotect_cb (struct pin_entry_info_s *pi)
117 struct try_unprotect_arg_s *arg = pi->check_cb_arg;
120 gnupg_isotime_t now, protected_at, tmptime;
123 assert (!arg->unprotected_key);
125 arg->change_required = 0;
126 err = agent_unprotect (arg->ctrl, arg->protected_key, pi->pin, protected_at,
127 &arg->unprotected_key, &dummy);
130 if (!opt.max_passphrase_days || arg->ctrl->in_passwd)
131 return 0; /* No regular passphrase change required. */
135 /* No protection date known - must force passphrase change. */
136 desc = xtrystrdup (_("Note: This passphrase has never been changed.%0A"
137 "Please change it now."));
139 return gpg_error_from_syserror ();
143 gnupg_get_isotime (now);
144 gnupg_copy_time (tmptime, protected_at);
145 err = add_days_to_isotime (tmptime, opt.max_passphrase_days);
148 if (strcmp (now, tmptime) > 0 )
150 /* Passphrase "expired". */
152 (_("This passphrase has not been changed%%0A"
153 "since %.4s-%.2s-%.2s. Please change it now."),
154 protected_at, protected_at+4, protected_at+6);
156 return gpg_error_from_syserror ();
162 /* Change required. */
163 if (opt.enforce_passphrase_constraints)
165 err = agent_get_confirmation (arg->ctrl, desc,
166 _("Change passphrase"), NULL, 0);
168 arg->change_required = 1;
172 err = agent_get_confirmation (arg->ctrl, desc,
173 _("Change passphrase"),
174 _("I'll change it later"), 0);
176 arg->change_required = 1;
177 else if (gpg_err_code (err) == GPG_ERR_CANCELED
178 || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
188 /* Modify a Key description, replacing certain special format
189 characters. List of currently supported replacements:
191 %% - Replaced by a single %
192 %c - Replaced by the content of COMMENT.
193 %C - Same as %c but put into parentheses.
194 %F - Replaced by an ssh style fingerprint computed from KEY.
196 The functions returns 0 on success or an error code. On success a
197 newly allocated string is stored at the address of RESULT.
200 modify_description (const char *in, const char *comment, const gcry_sexp_t key,
203 size_t comment_length;
209 char *ssh_fpr = NULL;
211 comment_length = strlen (comment);
212 in_len = strlen (in);
214 /* First pass calculates the length, second pass does the actual
218 for (pass=0; pass < 2; pass++)
221 for (i = 0; i < in_len; i++)
235 case 'c': /* Comment. */
238 memcpy (out, comment, comment_length);
239 out += comment_length;
242 out_len += comment_length;
245 case 'C': /* Comment. */
251 memcpy (out, comment, comment_length);
252 out += comment_length;
256 out_len += comment_length + 2;
259 case 'F': /* SSH style fingerprint. */
261 ssh_get_fingerprint_string (key, &ssh_fpr);
265 out = stpcpy (out, ssh_fpr);
267 out_len += strlen (ssh_fpr);
271 default: /* Invalid special sequences are kept as they are. */
282 else if (in[i] == '%')
295 *result = out = xtrymalloc (out_len + 1);
299 return gpg_error_from_syserror ();
305 assert (*result + out_len == out);
312 /* Unprotect the canconical encoded S-expression key in KEYBUF. GRIP
313 should be the hex encoded keygrip of that key to be used with the
314 caching mechanism. DESC_TEXT may be set to override the default
315 description used for the pinentry. If LOOKUP_TTL is given this
316 function is used to lookup the default ttl. If R_PASSPHRASE is not
317 NULL, the function succeeded and the key was protected the used
318 passphrase (entered or from the cache) is stored there; if not NULL
319 will be stored. The caller needs to free the returned
322 unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
323 unsigned char **keybuf, const unsigned char *grip,
324 cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
327 struct pin_entry_info_s *pi;
328 struct try_unprotect_arg_s arg;
330 unsigned char *result;
335 *r_passphrase = NULL;
337 bin2hex (grip, 20, hexgrip);
339 /* Initially try to get it using a cache nonce. */
344 pw = agent_get_cache (cache_nonce, CACHE_MODE_NONCE);
347 rc = agent_unprotect (ctrl, *keybuf, pw, NULL, &result, &resultlen);
362 /* First try to get it from the cache - if there is none or we can't
363 unprotect it, we fall back to ask the user */
364 if (cache_mode != CACHE_MODE_IGNORE)
369 pw = agent_get_cache (hexgrip, cache_mode);
372 rc = agent_unprotect (ctrl, *keybuf, pw, NULL, &result, &resultlen);
375 if (cache_mode == CACHE_MODE_NORMAL)
376 agent_store_cache_hit (hexgrip);
388 else if (cache_mode == CACHE_MODE_NORMAL)
390 /* The standard use of GPG keys is to have a signing and an
391 encryption subkey. Commonly both use the same
392 passphrase. We try to help the user to enter the
393 passphrase only once by silently trying the last
394 correctly entered passphrase. Checking one additional
395 passphrase should be acceptable; despite the S2K
396 introduced delays. The assumed workflow is:
398 1. Read encrypted message in a MUA and thus enter a
399 passphrase for the encryption subkey.
401 2. Reply to that mail with an encrypted and signed
402 mail, thus entering the passphrase for the signing
405 We can often avoid the passphrase entry in the second
406 step. We do this only in normal mode, so not to
407 interfere with unrelated cache entries. */
408 pw = agent_get_cache (NULL, cache_mode);
411 rc = agent_unprotect (ctrl, *keybuf, pw, NULL,
412 &result, &resultlen);
428 /* If the pinentry is currently in use, we wait up to 60 seconds
429 for it to close and check the cache again. This solves a common
430 situation where several requests for unprotecting a key have
431 been made but the user is still entering the passphrase for
432 the first request. Because all requests to agent_askpin are
433 serialized they would then pop up one after the other to
434 request the passphrase - despite that the user has already
435 entered it and is then available in the cache. This
436 implementation is not race free but in the worst case the
437 user has to enter the passphrase only once more. */
438 if (pinentry_active_p (ctrl, 0))
441 if (!pinentry_active_p (ctrl, 60))
443 /* We need to give the other thread a chance to actually put
444 it into the cache. */
448 /* Timeout - better call pinentry now the plain way. */
452 pi = gcry_calloc_secure (1, sizeof (*pi) + 100);
454 return gpg_error_from_syserror ();
455 pi->max_length = 100;
456 pi->min_digits = 0; /* we want a real passphrase */
459 pi->check_cb = try_unprotect_cb;
461 arg.protected_key = *keybuf;
462 arg.unprotected_key = NULL;
463 arg.change_required = 0;
464 pi->check_cb_arg = &arg;
466 rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi, hexgrip, cache_mode);
469 assert (arg.unprotected_key);
470 if (arg.change_required)
472 /* The callback told as that the user should change their
473 passphrase. Present the dialog to do. */
474 size_t canlen, erroff;
477 assert (arg.unprotected_key);
478 canlen = gcry_sexp_canon_len (arg.unprotected_key, 0, NULL, NULL);
479 rc = gcry_sexp_sscan (&s_skey, &erroff,
480 (char*)arg.unprotected_key, canlen);
483 log_error ("failed to build S-Exp (off=%u): %s\n",
484 (unsigned int)erroff, gpg_strerror (rc));
485 wipememory (arg.unprotected_key, canlen);
486 xfree (arg.unprotected_key);
490 rc = agent_protect_and_store (ctrl, s_skey, NULL);
491 gcry_sexp_release (s_skey);
494 log_error ("changing the passphrase failed: %s\n",
496 wipememory (arg.unprotected_key, canlen);
497 xfree (arg.unprotected_key);
504 /* Passphrase is fine. */
505 agent_put_cache (hexgrip, cache_mode, pi->pin,
506 lookup_ttl? lookup_ttl (hexgrip) : 0);
507 agent_store_cache_hit (hexgrip);
508 if (r_passphrase && *pi->pin)
509 *r_passphrase = xtrystrdup (pi->pin);
512 *keybuf = arg.unprotected_key;
519 /* Read the key identified by GRIP from the private key directory and
520 return it as an gcrypt S-expression object in RESULT. On failure
521 returns an error code and stores NULL at RESULT. */
523 read_key_file (const unsigned char *grip, gcry_sexp_t *result)
530 size_t buflen, erroff;
532 char hexgrip[40+4+1];
536 bin2hex (grip, 20, hexgrip);
537 strcpy (hexgrip+40, ".key");
539 fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
540 fp = es_fopen (fname, "rb");
543 rc = gpg_error_from_syserror ();
544 if (gpg_err_code (rc) != GPG_ERR_ENOENT)
545 log_error ("can't open '%s': %s\n", fname, strerror (errno));
550 if (fstat (es_fileno (fp), &st))
552 rc = gpg_error_from_syserror ();
553 log_error ("can't stat '%s': %s\n", fname, strerror (errno));
560 buf = xtrymalloc (buflen+1);
563 rc = gpg_error_from_syserror ();
564 log_error ("error allocating %zu bytes for '%s': %s\n",
565 buflen, fname, strerror (errno));
573 if (es_fread (buf, buflen, 1, fp) != 1)
575 rc = gpg_error_from_syserror ();
576 log_error ("error reading %zu bytes from '%s': %s\n",
577 buflen, fname, strerror (errno));
584 /* Convert the file into a gcrypt S-expression object. */
585 rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
591 log_error ("failed to build S-Exp (off=%u): %s\n",
592 (unsigned int)erroff, gpg_strerror (rc));
600 /* Remove the key identified by GRIP from the private key directory. */
602 remove_key_file (const unsigned char *grip)
606 char hexgrip[40+4+1];
608 bin2hex (grip, 20, hexgrip);
609 strcpy (hexgrip+40, ".key");
610 fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
611 if (gnupg_remove (fname))
612 err = gpg_error_from_syserror ();
618 /* Return the secret key as an S-Exp in RESULT after locating it using
619 the GRIP. If the operation shall be diverted to a token, an
620 allocated S-expression with the shadow_info part from the file is
621 stored at SHADOW_INFO; if not NULL will be stored at SHADOW_INFO.
622 CACHE_MODE defines now the cache shall be used. DESC_TEXT may be
623 set to present a custom description for the pinentry. LOOKUP_TTL
624 is an optional function to convey a TTL to the cache manager; we do
625 not simply pass the TTL value because the value is only needed if
626 an unprotect action was needed and looking up the TTL may have some
627 overhead (e.g. scanning the sshcontrol file). If a CACHE_NONCE is
628 given that cache item is first tried to get a passphrase. If
629 R_PASSPHRASE is not NULL, the function succeeded and the key was
630 protected the used passphrase (entered or from the cache) is stored
631 there; if not NULL will be stored. The caller needs to free the
632 returned passphrase. */
634 agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
635 const char *desc_text,
636 const unsigned char *grip, unsigned char **shadow_info,
637 cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
638 gcry_sexp_t *result, char **r_passphrase)
642 size_t len, buflen, erroff;
649 *r_passphrase = NULL;
651 rc = read_key_file (grip, &s_skey);
654 if (gpg_err_code (rc) == GPG_ERR_ENOENT)
655 rc = gpg_error (GPG_ERR_NO_SECKEY);
659 /* For use with the protection functions we also need the key as an
660 canonical encoded S-expression in a buffer. Create this buffer
662 rc = make_canon_sexp (s_skey, &buf, &len);
666 switch (agent_private_key_type (buf))
668 case PRIVATE_KEY_CLEAR:
669 break; /* no unprotection needed */
670 case PRIVATE_KEY_OPENPGP_NONE:
672 unsigned char *buf_new;
675 rc = agent_unprotect (ctrl, buf, "", NULL, &buf_new, &buf_newlen);
677 log_error ("failed to convert unprotected openpgp key: %s\n",
686 case PRIVATE_KEY_PROTECTED:
688 char *desc_text_final;
689 char *comment = NULL;
691 /* Note, that we will take the comment as a C string for
692 display purposes; i.e. all stuff beyond a Nul character is
695 gcry_sexp_t comment_sexp;
697 comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0);
699 comment = gcry_sexp_nth_string (comment_sexp, 1);
700 gcry_sexp_release (comment_sexp);
703 desc_text_final = NULL;
705 rc = modify_description (desc_text, comment? comment:"", s_skey,
711 rc = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip,
712 cache_mode, lookup_ttl, r_passphrase);
714 log_error ("failed to unprotect the secret key: %s\n",
718 xfree (desc_text_final);
721 case PRIVATE_KEY_SHADOWED:
724 const unsigned char *s;
727 rc = agent_get_shadow_info (buf, &s);
730 n = gcry_sexp_canon_len (s, 0, NULL,NULL);
732 *shadow_info = xtrymalloc (n);
737 memcpy (*shadow_info, s, n);
742 log_error ("get_shadow_info failed: %s\n", gpg_strerror (rc));
745 rc = gpg_error (GPG_ERR_UNUSABLE_SECKEY);
748 log_error ("invalid private key format\n");
749 rc = gpg_error (GPG_ERR_BAD_SECKEY);
752 gcry_sexp_release (s_skey);
759 xfree (*r_passphrase);
760 *r_passphrase = NULL;
765 buflen = gcry_sexp_canon_len (buf, 0, NULL, NULL);
766 rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
767 wipememory (buf, buflen);
771 log_error ("failed to build S-Exp (off=%u): %s\n",
772 (unsigned int)erroff, gpg_strerror (rc));
775 xfree (*r_passphrase);
776 *r_passphrase = NULL;
786 /* Return the string name from the S-expression S_KEY as well as a
787 string describing the names of the parameters. ALGONAMESIZE and
788 ELEMSSIZE give the allocated size of the provided buffers. The
789 buffers may be NULL if not required. If R_LIST is not NULL the top
790 level list will be stored there; the caller needs to release it in
793 key_parms_from_sexp (gcry_sexp_t s_key, gcry_sexp_t *r_list,
794 char *r_algoname, size_t algonamesize,
795 char *r_elems, size_t elemssize)
797 gcry_sexp_t list, l2;
798 const char *name, *algoname, *elems;
804 list = gcry_sexp_find_token (s_key, "shadowed-private-key", 0 );
806 list = gcry_sexp_find_token (s_key, "protected-private-key", 0 );
808 list = gcry_sexp_find_token (s_key, "private-key", 0 );
811 log_error ("invalid private key format\n");
812 return gpg_error (GPG_ERR_BAD_SECKEY);
815 l2 = gcry_sexp_cadr (list);
816 gcry_sexp_release (list);
818 name = gcry_sexp_nth_data (list, 0, &n);
819 if (n==3 && !memcmp (name, "rsa", 3))
824 else if (n==3 && !memcmp (name, "dsa", 3))
829 else if (n==3 && !memcmp (name, "ecc", 3))
834 else if (n==5 && !memcmp (name, "ecdsa", 5))
839 else if (n==4 && !memcmp (name, "ecdh", 4))
844 else if (n==3 && !memcmp (name, "elg", 3))
851 log_error ("unknown private key algorithm\n");
852 gcry_sexp_release (list);
853 return gpg_error (GPG_ERR_BAD_SECKEY);
858 if (strlen (algoname) >= algonamesize)
859 return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
860 strcpy (r_algoname, algoname);
864 if (strlen (elems) >= elemssize)
865 return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
866 strcpy (r_elems, elems);
872 gcry_sexp_release (list);
878 /* Return true if KEYPARMS holds an EdDSA key. */
880 is_eddsa (gcry_sexp_t keyparms)
888 list = gcry_sexp_find_token (keyparms, "flags", 0);
889 for (i = list ? gcry_sexp_length (list)-1 : 0; i > 0; i--)
891 s = gcry_sexp_nth_data (list, i, &n);
893 continue; /* Not a data element. */
895 if (n == 5 && !memcmp (s, "eddsa", 5))
901 gcry_sexp_release (list);
906 /* Return the public key algorithm number if S_KEY is a DSA style key.
907 If it is not a DSA style key, return 0. */
909 agent_is_dsa_key (gcry_sexp_t s_key)
918 if (key_parms_from_sexp (s_key, &list, algoname, sizeof algoname, NULL, 0))
919 return 0; /* Error - assume it is not an DSA key. */
921 if (!strcmp (algoname, "dsa"))
922 result = GCRY_PK_DSA;
923 else if (!strcmp (algoname, "ecc"))
928 result = GCRY_PK_ECDSA;
930 else if (!strcmp (algoname, "ecdsa"))
931 result = GCRY_PK_ECDSA;
935 gcry_sexp_release (list);
940 /* Return true if S_KEY is an EdDSA key as used with curve Ed25519. */
942 agent_is_eddsa_key (gcry_sexp_t s_key)
951 if (key_parms_from_sexp (s_key, &list, algoname, sizeof algoname, NULL, 0))
952 return 0; /* Error - assume it is not an EdDSA key. */
954 if (!strcmp (algoname, "ecc") && is_eddsa (list))
956 else if (!strcmp (algoname, "eddsa")) /* backward compatibility. */
961 gcry_sexp_release (list);
966 /* Return the key for the keygrip GRIP. The result is stored at
967 RESULT. This function extracts the key from the private key
968 database and returns it as an S-expression object as it is. On
969 failure an error code is returned and NULL stored at RESULT. */
971 agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip,
981 err = read_key_file (grip, &s_skey);
988 /* Return the public key for the keygrip GRIP. The result is stored
989 at RESULT. This function extracts the public key from the private
990 key database. On failure an error code is returned and NULL stored
993 agent_public_key_from_file (ctrl_t ctrl,
994 const unsigned char *grip,
1000 const char *algoname, *elems;
1002 gcry_mpi_t array[10];
1003 gcry_sexp_t curve = NULL;
1004 gcry_sexp_t flags = NULL;
1005 gcry_sexp_t uri_sexp, comment_sexp;
1006 const char *uri, *comment;
1007 size_t uri_length, comment_length;
1009 void *args[2+7+2+2+1]; /* Size is 2 + max. # of elements + 2 for uri + 2
1010 for comment + end-of-list. */
1012 gcry_sexp_t list = NULL;
1019 err = read_key_file (grip, &s_skey);
1023 for (i=0; i < DIM (array); i++)
1026 err = extract_private_key (s_skey, 0, &algoname, &npkey, NULL, &elems,
1027 array, DIM (array), &curve, &flags);
1030 gcry_sexp_release (s_skey);
1036 uri_sexp = gcry_sexp_find_token (s_skey, "uri", 0);
1038 uri = gcry_sexp_nth_data (uri_sexp, 1, &uri_length);
1042 comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0);
1044 comment = gcry_sexp_nth_data (comment_sexp, 1, &comment_length);
1046 gcry_sexp_release (s_skey);
1050 /* FIXME: The following thing is pretty ugly code; we should
1051 investigate how to make it cleaner. Probably code to handle
1052 canonical S-expressions in a memory buffer is better suited for
1053 such a task. After all that is what we do in protect.c. Neeed
1054 to find common patterns and write a straightformward API to use
1056 assert (sizeof (size_t) <= sizeof (void*));
1058 format = xtrymalloc (15+4+7*npkey+10+15+1+1);
1061 err = gpg_error_from_syserror ();
1062 for (i=0; array[i]; i++)
1063 gcry_mpi_release (array[i]);
1064 gcry_sexp_release (curve);
1065 gcry_sexp_release (flags);
1066 gcry_sexp_release (uri_sexp);
1067 gcry_sexp_release (comment_sexp);
1072 p = stpcpy (stpcpy (format, "(public-key("), algoname);
1073 p = stpcpy (p, "%S%S"); /* curve name and flags. */
1074 args[argidx++] = &curve;
1075 args[argidx++] = &flags;
1076 for (idx=0, s=elems; idx < npkey; idx++)
1080 p = stpcpy (p, " %m)");
1081 assert (argidx < DIM (args));
1082 args[argidx++] = &array[idx];
1087 p = stpcpy (p, "(uri %b)");
1088 assert (argidx+1 < DIM (args));
1089 args[argidx++] = (void *)&uri_length;
1090 args[argidx++] = (void *)&uri;
1094 p = stpcpy (p, "(comment %b)");
1095 assert (argidx+1 < DIM (args));
1096 args[argidx++] = (void *)&comment_length;
1097 args[argidx++] = (void*)&comment;
1101 assert (argidx < DIM (args));
1102 args[argidx] = NULL;
1104 err = gcry_sexp_build_array (&list, NULL, format, args);
1106 for (i=0; array[i]; i++)
1107 gcry_mpi_release (array[i]);
1108 gcry_sexp_release (curve);
1109 gcry_sexp_release (flags);
1110 gcry_sexp_release (uri_sexp);
1111 gcry_sexp_release (comment_sexp);
1120 /* Check whether the the secret key identified by GRIP is available.
1121 Returns 0 is the key is available. */
1123 agent_key_available (const unsigned char *grip)
1127 char hexgrip[40+4+1];
1129 bin2hex (grip, 20, hexgrip);
1130 strcpy (hexgrip+40, ".key");
1132 fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
1133 result = !access (fname, R_OK)? 0 : -1;
1140 /* Return the information about the secret key specified by the binary
1141 keygrip GRIP. If the key is a shadowed one the shadow information
1142 will be stored at the address R_SHADOW_INFO as an allocated
1145 agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
1146 int *r_keytype, unsigned char **r_shadow_info)
1156 *r_keytype = PRIVATE_KEY_UNKNOWN;
1158 *r_shadow_info = NULL;
1163 err = read_key_file (grip, &sexp);
1166 if (gpg_err_code (err) == GPG_ERR_ENOENT)
1167 return gpg_error (GPG_ERR_NOT_FOUND);
1171 err = make_canon_sexp (sexp, &buf, &len);
1172 gcry_sexp_release (sexp);
1177 keytype = agent_private_key_type (buf);
1180 case PRIVATE_KEY_CLEAR:
1181 case PRIVATE_KEY_OPENPGP_NONE:
1183 case PRIVATE_KEY_PROTECTED:
1184 /* If we ever require it we could retrieve the comment fields
1187 case PRIVATE_KEY_SHADOWED:
1190 const unsigned char *s;
1193 err = agent_get_shadow_info (buf, &s);
1196 n = gcry_sexp_canon_len (s, 0, NULL, NULL);
1198 *r_shadow_info = xtrymalloc (n);
1199 if (!*r_shadow_info)
1200 err = gpg_error_from_syserror ();
1202 memcpy (*r_shadow_info, s, n);
1207 err = gpg_error (GPG_ERR_BAD_SECKEY);
1211 if (!err && r_keytype)
1212 *r_keytype = keytype;
1220 /* Delete the key with GRIP from the disk after having asked for
1221 confirmation using DESC_TEXT. Common error codes are:
1224 GPG_ERR_NOT_CONFIRMED
1227 agent_delete_key (ctrl_t ctrl, const char *desc_text,
1228 const unsigned char *grip)
1231 gcry_sexp_t s_skey = NULL;
1232 unsigned char *buf = NULL;
1234 char *desc_text_final = NULL;
1235 char *comment = NULL;
1236 ssh_control_file_t cf = NULL;
1237 char hexgrip[40+4+1];
1238 char *default_desc = NULL;
1240 err = read_key_file (grip, &s_skey);
1241 if (gpg_err_code (err) == GPG_ERR_ENOENT)
1242 err = gpg_error (GPG_ERR_NO_SECKEY);
1246 err = make_canon_sexp (s_skey, &buf, &len);
1250 switch (agent_private_key_type (buf))
1252 case PRIVATE_KEY_CLEAR:
1253 case PRIVATE_KEY_OPENPGP_NONE:
1254 case PRIVATE_KEY_PROTECTED:
1256 bin2hex (grip, 20, hexgrip);
1259 default_desc = xtryasprintf
1260 ("Do you really want to delete the key identified by keygrip%%0A"
1261 " %s%%0A %%C%%0A?", hexgrip);
1262 desc_text = default_desc;
1265 /* Note, that we will take the comment as a C string for
1266 display purposes; i.e. all stuff beyond a Nul character is
1269 gcry_sexp_t comment_sexp;
1271 comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0);
1273 comment = gcry_sexp_nth_string (comment_sexp, 1);
1274 gcry_sexp_release (comment_sexp);
1278 err = modify_description (desc_text, comment? comment:"", s_skey,
1283 err = agent_get_confirmation (ctrl, desc_text_final,
1284 _("Delete key"), _("No"), 0);
1288 cf = ssh_open_control_file ();
1291 if (!ssh_search_control_file (cf, hexgrip, NULL, NULL, NULL))
1293 err = agent_get_confirmation
1295 _("Warning: This key is also listed for use with SSH!\n"
1296 "Deleting the key might remove your ability to "
1297 "access remote machines."),
1298 _("Delete key"), _("No"), 0);
1304 err = remove_key_file (grip);
1308 case PRIVATE_KEY_SHADOWED:
1309 err = gpg_error (GPG_ERR_KEY_ON_CARD);
1313 log_error ("invalid private key format\n");
1314 err = gpg_error (GPG_ERR_BAD_SECKEY);
1319 ssh_close_control_file (cf);
1320 gcry_free (comment);
1321 xfree (desc_text_final);
1322 xfree (default_desc);
1324 gcry_sexp_release (s_skey);
projects / platform / upstream / gpg2.git / blob