1 /* findkey.c - Locate the secret key
2 * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007,
3 * 2010, 2011 Free Software Foundation, Inc.
4 * Copyright (C) 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
33 #include <npth.h> /* (we use pth_sleep) */
37 #include "../common/ssh-utils.h"
43 /* Helper to pass data to the check callback of the unprotect function. */
44 struct try_unprotect_arg_s
47 const unsigned char *protected_key;
48 unsigned char *unprotected_key;
49 int change_required; /* Set by the callback to indicate that the
50 user should chnage the passphrase. */
54 /* Write an S-expression formatted key to our key storage. With FORCE
55 passed as true an existing key with the given GRIP will get
58 agent_write_private_key (const unsigned char *grip,
59 const void *buffer, size_t length, int force)
65 bin2hex (grip, 20, hexgrip);
66 strcpy (hexgrip+40, ".key");
68 fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
70 /* FIXME: Write to a temp file first so that write failures during
71 key updates won't lead to a key loss. */
73 if (!force && !access (fname, F_OK))
75 log_error ("secret key file '%s' already exists\n", fname);
77 return gpg_error (GPG_ERR_EEXIST);
80 fp = es_fopen (fname, force? "wb,mode=-rw" : "wbx,mode=-rw");
83 gpg_error_t tmperr = gpg_error_from_syserror ();
84 log_error ("can't create '%s': %s\n", fname, gpg_strerror (tmperr));
89 if (es_fwrite (buffer, length, 1, fp) != 1)
91 gpg_error_t tmperr = gpg_error_from_syserror ();
92 log_error ("error writing '%s': %s\n", fname, gpg_strerror (tmperr));
100 gpg_error_t tmperr = gpg_error_from_syserror ();
101 log_error ("error closing '%s': %s\n", fname, gpg_strerror (tmperr));
102 gnupg_remove (fname);
106 bump_key_eventcounter ();
112 /* Callback function to try the unprotection from the passphrase query
115 try_unprotect_cb (struct pin_entry_info_s *pi)
117 struct try_unprotect_arg_s *arg = pi->check_cb_arg;
120 gnupg_isotime_t now, protected_at, tmptime;
123 assert (!arg->unprotected_key);
125 arg->change_required = 0;
126 err = agent_unprotect (arg->ctrl, arg->protected_key, pi->pin, protected_at,
127 &arg->unprotected_key, &dummy);
130 if (!opt.max_passphrase_days || arg->ctrl->in_passwd)
131 return 0; /* No regular passphrase change required. */
135 /* No protection date known - must force passphrase change. */
136 desc = xtrystrdup (_("Note: This passphrase has never been changed.%0A"
137 "Please change it now."));
139 return gpg_error_from_syserror ();
143 gnupg_get_isotime (now);
144 gnupg_copy_time (tmptime, protected_at);
145 err = add_days_to_isotime (tmptime, opt.max_passphrase_days);
148 if (strcmp (now, tmptime) > 0 )
150 /* Passphrase "expired". */
152 (_("This passphrase has not been changed%%0A"
153 "since %.4s-%.2s-%.2s. Please change it now."),
154 protected_at, protected_at+4, protected_at+6);
156 return gpg_error_from_syserror ();
162 /* Change required. */
163 if (opt.enforce_passphrase_constraints)
165 err = agent_get_confirmation (arg->ctrl, desc,
166 _("Change passphrase"), NULL, 0);
168 arg->change_required = 1;
172 err = agent_get_confirmation (arg->ctrl, desc,
173 _("Change passphrase"),
174 _("I'll change it later"), 0);
176 arg->change_required = 1;
177 else if (gpg_err_code (err) == GPG_ERR_CANCELED
178 || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
188 /* Modify a Key description, replacing certain special format
189 characters. List of currently supported replacements:
191 %% - Replaced by a single %
192 %c - Replaced by the content of COMMENT.
193 %C - Same as %c but put into parentheses.
194 %F - Replaced by an ssh style fingerprint computed from KEY.
196 The functions returns 0 on success or an error code. On success a
197 newly allocated string is stored at the address of RESULT.
200 modify_description (const char *in, const char *comment, const gcry_sexp_t key,
203 size_t comment_length;
209 char *ssh_fpr = NULL;
211 comment_length = strlen (comment);
212 in_len = strlen (in);
214 /* First pass calculates the length, second pass does the actual
218 for (pass=0; pass < 2; pass++)
221 for (i = 0; i < in_len; i++)
235 case 'c': /* Comment. */
238 memcpy (out, comment, comment_length);
239 out += comment_length;
242 out_len += comment_length;
245 case 'C': /* Comment. */
251 memcpy (out, comment, comment_length);
252 out += comment_length;
256 out_len += comment_length + 2;
259 case 'F': /* SSH style fingerprint. */
261 ssh_get_fingerprint_string (key, &ssh_fpr);
265 out = stpcpy (out, ssh_fpr);
267 out_len += strlen (ssh_fpr);
271 default: /* Invalid special sequences are kept as they are. */
282 else if (in[i] == '%')
295 *result = out = xtrymalloc (out_len + 1);
299 return gpg_error_from_syserror ();
305 assert (*result + out_len == out);
312 /* Unprotect the canconical encoded S-expression key in KEYBUF. GRIP
313 should be the hex encoded keygrip of that key to be used with the
314 caching mechanism. DESC_TEXT may be set to override the default
315 description used for the pinentry. If LOOKUP_TTL is given this
316 function is used to lookup the default ttl. If R_PASSPHRASE is not
317 NULL, the function succeeded and the key was protected the used
318 passphrase (entered or from the cache) is stored there; if not NULL
319 will be stored. The caller needs to free the returned
322 unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
323 unsigned char **keybuf, const unsigned char *grip,
324 cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
327 struct pin_entry_info_s *pi;
328 struct try_unprotect_arg_s arg;
330 unsigned char *result;
335 *r_passphrase = NULL;
337 bin2hex (grip, 20, hexgrip);
339 /* Initially try to get it using a cache nonce. */
344 pw = agent_get_cache (cache_nonce, CACHE_MODE_NONCE);
347 rc = agent_unprotect (ctrl, *keybuf, pw, NULL, &result, &resultlen);
362 /* First try to get it from the cache - if there is none or we can't
363 unprotect it, we fall back to ask the user */
364 if (cache_mode != CACHE_MODE_IGNORE)
369 pw = agent_get_cache (hexgrip, cache_mode);
372 rc = agent_unprotect (ctrl, *keybuf, pw, NULL, &result, &resultlen);
375 if (cache_mode == CACHE_MODE_NORMAL)
376 agent_store_cache_hit (hexgrip);
388 else if (cache_mode == CACHE_MODE_NORMAL)
390 /* The standard use of GPG keys is to have a signing and an
391 encryption subkey. Commonly both use the same
392 passphrase. We try to help the user to enter the
393 passphrase only once by silently trying the last
394 correctly entered passphrase. Checking one additional
395 passphrase should be acceptable; despite the S2K
396 introduced delays. The assumed workflow is:
398 1. Read encrypted message in a MUA and thus enter a
399 passphrase for the encryption subkey.
401 2. Reply to that mail with an encrypted and signed
402 mail, thus entering the passphrase for the signing
405 We can often avoid the passphrase entry in the second
406 step. We do this only in normal mode, so not to
407 interfere with unrelated cache entries. */
408 pw = agent_get_cache (NULL, cache_mode);
411 rc = agent_unprotect (ctrl, *keybuf, pw, NULL,
412 &result, &resultlen);
428 /* If the pinentry is currently in use, we wait up to 60 seconds
429 for it to close and check the cache again. This solves a common
430 situation where several requests for unprotecting a key have
431 been made but the user is still entering the passphrase for
432 the first request. Because all requests to agent_askpin are
433 serialized they would then pop up one after the other to
434 request the passphrase - despite that the user has already
435 entered it and is then available in the cache. This
436 implementation is not race free but in the worst case the
437 user has to enter the passphrase only once more. */
438 if (pinentry_active_p (ctrl, 0))
441 if (!pinentry_active_p (ctrl, 60))
443 /* We need to give the other thread a chance to actually put
444 it into the cache. */
448 /* Timeout - better call pinentry now the plain way. */
452 pi = gcry_calloc_secure (1, sizeof (*pi) + 100);
454 return gpg_error_from_syserror ();
455 pi->max_length = 100;
456 pi->min_digits = 0; /* we want a real passphrase */
459 pi->check_cb = try_unprotect_cb;
461 arg.protected_key = *keybuf;
462 arg.unprotected_key = NULL;
463 arg.change_required = 0;
464 pi->check_cb_arg = &arg;
466 rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi);
469 assert (arg.unprotected_key);
470 if (arg.change_required)
472 size_t canlen, erroff;
475 assert (arg.unprotected_key);
476 canlen = gcry_sexp_canon_len (arg.unprotected_key, 0, NULL, NULL);
477 rc = gcry_sexp_sscan (&s_skey, &erroff,
478 (char*)arg.unprotected_key, canlen);
481 log_error ("failed to build S-Exp (off=%u): %s\n",
482 (unsigned int)erroff, gpg_strerror (rc));
483 wipememory (arg.unprotected_key, canlen);
484 xfree (arg.unprotected_key);
488 rc = agent_protect_and_store (ctrl, s_skey, NULL);
489 gcry_sexp_release (s_skey);
492 log_error ("changing the passphrase failed: %s\n",
494 wipememory (arg.unprotected_key, canlen);
495 xfree (arg.unprotected_key);
502 agent_put_cache (hexgrip, cache_mode, pi->pin,
503 lookup_ttl? lookup_ttl (hexgrip) : 0);
504 agent_store_cache_hit (hexgrip);
505 if (r_passphrase && *pi->pin)
506 *r_passphrase = xtrystrdup (pi->pin);
509 *keybuf = arg.unprotected_key;
516 /* Read the key identified by GRIP from the private key directory and
517 return it as an gcrypt S-expression object in RESULT. On failure
518 returns an error code and stores NULL at RESULT. */
520 read_key_file (const unsigned char *grip, gcry_sexp_t *result)
527 size_t buflen, erroff;
529 char hexgrip[40+4+1];
533 bin2hex (grip, 20, hexgrip);
534 strcpy (hexgrip+40, ".key");
536 fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
537 fp = es_fopen (fname, "rb");
540 rc = gpg_error_from_syserror ();
541 if (gpg_err_code (rc) != GPG_ERR_ENOENT)
542 log_error ("can't open '%s': %s\n", fname, strerror (errno));
547 if (fstat (es_fileno (fp), &st))
549 rc = gpg_error_from_syserror ();
550 log_error ("can't stat '%s': %s\n", fname, strerror (errno));
557 buf = xtrymalloc (buflen+1);
560 rc = gpg_error_from_syserror ();
561 log_error ("error allocating %zu bytes for '%s': %s\n",
562 buflen, fname, strerror (errno));
570 if (es_fread (buf, buflen, 1, fp) != 1)
572 rc = gpg_error_from_syserror ();
573 log_error ("error reading %zu bytes from '%s': %s\n",
574 buflen, fname, strerror (errno));
581 /* Convert the file into a gcrypt S-expression object. */
582 rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
588 log_error ("failed to build S-Exp (off=%u): %s\n",
589 (unsigned int)erroff, gpg_strerror (rc));
597 /* Remove the key identified by GRIP from the private key directory. */
599 remove_key_file (const unsigned char *grip)
603 char hexgrip[40+4+1];
605 bin2hex (grip, 20, hexgrip);
606 strcpy (hexgrip+40, ".key");
607 fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
608 if (gnupg_remove (fname))
609 err = gpg_error_from_syserror ();
615 /* Return the secret key as an S-Exp in RESULT after locating it using
616 the GRIP. If the operation shall be diverted to a token, an
617 allocated S-expression with the shadow_info part from the file is
618 stored at SHADOW_INFO; if not NULL will be stored at SHADOW_INFO.
619 CACHE_MODE defines now the cache shall be used. DESC_TEXT may be
620 set to present a custom description for the pinentry. LOOKUP_TTL
621 is an optional function to convey a TTL to the cache manager; we do
622 not simply pass the TTL value because the value is only needed if
623 an unprotect action was needed and looking up the TTL may have some
624 overhead (e.g. scanning the sshcontrol file). If a CACHE_NONCE is
625 given that cache item is first tried to get a passphrase. If
626 R_PASSPHRASE is not NULL, the function succeeded and the key was
627 protected the used passphrase (entered or from the cache) is stored
628 there; if not NULL will be stored. The caller needs to free the
629 returned passphrase. */
631 agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
632 const char *desc_text,
633 const unsigned char *grip, unsigned char **shadow_info,
634 cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
635 gcry_sexp_t *result, char **r_passphrase)
639 size_t len, buflen, erroff;
646 *r_passphrase = NULL;
648 rc = read_key_file (grip, &s_skey);
651 if (gpg_err_code (rc) == GPG_ERR_ENOENT)
652 rc = gpg_error (GPG_ERR_NO_SECKEY);
656 /* For use with the protection functions we also need the key as an
657 canonical encoded S-expression in a buffer. Create this buffer
659 rc = make_canon_sexp (s_skey, &buf, &len);
663 switch (agent_private_key_type (buf))
665 case PRIVATE_KEY_CLEAR:
666 break; /* no unprotection needed */
667 case PRIVATE_KEY_OPENPGP_NONE:
669 unsigned char *buf_new;
672 rc = agent_unprotect (ctrl, buf, "", NULL, &buf_new, &buf_newlen);
674 log_error ("failed to convert unprotected openpgp key: %s\n",
683 case PRIVATE_KEY_PROTECTED:
685 char *desc_text_final;
686 char *comment = NULL;
688 /* Note, that we will take the comment as a C string for
689 display purposes; i.e. all stuff beyond a Nul character is
692 gcry_sexp_t comment_sexp;
694 comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0);
696 comment = gcry_sexp_nth_string (comment_sexp, 1);
697 gcry_sexp_release (comment_sexp);
700 desc_text_final = NULL;
702 rc = modify_description (desc_text, comment? comment:"", s_skey,
708 rc = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip,
709 cache_mode, lookup_ttl, r_passphrase);
711 log_error ("failed to unprotect the secret key: %s\n",
715 xfree (desc_text_final);
718 case PRIVATE_KEY_SHADOWED:
721 const unsigned char *s;
724 rc = agent_get_shadow_info (buf, &s);
727 n = gcry_sexp_canon_len (s, 0, NULL,NULL);
729 *shadow_info = xtrymalloc (n);
734 memcpy (*shadow_info, s, n);
739 log_error ("get_shadow_info failed: %s\n", gpg_strerror (rc));
742 rc = gpg_error (GPG_ERR_UNUSABLE_SECKEY);
745 log_error ("invalid private key format\n");
746 rc = gpg_error (GPG_ERR_BAD_SECKEY);
749 gcry_sexp_release (s_skey);
756 xfree (*r_passphrase);
757 *r_passphrase = NULL;
762 buflen = gcry_sexp_canon_len (buf, 0, NULL, NULL);
763 rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
764 wipememory (buf, buflen);
768 log_error ("failed to build S-Exp (off=%u): %s\n",
769 (unsigned int)erroff, gpg_strerror (rc));
772 xfree (*r_passphrase);
773 *r_passphrase = NULL;
783 /* Return the string name from the S-expression S_KEY as well as a
784 string describing the names of the parameters. ALGONAMESIZE and
785 ELEMSSIZE give the allocated size of the provided buffers. The
786 buffers may be NULL if not required. If R_LIST is not NULL the top
787 level list will be stored there; the caller needs to release it in
790 key_parms_from_sexp (gcry_sexp_t s_key, gcry_sexp_t *r_list,
791 char *r_algoname, size_t algonamesize,
792 char *r_elems, size_t elemssize)
794 gcry_sexp_t list, l2;
795 const char *name, *algoname, *elems;
801 list = gcry_sexp_find_token (s_key, "shadowed-private-key", 0 );
803 list = gcry_sexp_find_token (s_key, "protected-private-key", 0 );
805 list = gcry_sexp_find_token (s_key, "private-key", 0 );
808 log_error ("invalid private key format\n");
809 return gpg_error (GPG_ERR_BAD_SECKEY);
812 l2 = gcry_sexp_cadr (list);
813 gcry_sexp_release (list);
815 name = gcry_sexp_nth_data (list, 0, &n);
816 if (n==3 && !memcmp (name, "rsa", 3))
821 else if (n==3 && !memcmp (name, "dsa", 3))
826 else if (n==3 && !memcmp (name, "ecc", 3))
831 else if (n==5 && !memcmp (name, "ecdsa", 5))
836 else if (n==4 && !memcmp (name, "ecdh", 4))
841 else if (n==3 && !memcmp (name, "elg", 3))
848 log_error ("unknown private key algorithm\n");
849 gcry_sexp_release (list);
850 return gpg_error (GPG_ERR_BAD_SECKEY);
855 if (strlen (algoname) >= algonamesize)
856 return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
857 strcpy (r_algoname, algoname);
861 if (strlen (elems) >= elemssize)
862 return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
863 strcpy (r_elems, elems);
869 gcry_sexp_release (list);
875 /* Return true if KEYPARMS holds an EdDSA key. */
877 is_eddsa (gcry_sexp_t keyparms)
885 list = gcry_sexp_find_token (keyparms, "flags", 0);
886 for (i = list ? gcry_sexp_length (list)-1 : 0; i > 0; i--)
888 s = gcry_sexp_nth_data (list, i, &n);
890 continue; /* Not a data element. */
892 if (n == 5 && !memcmp (s, "eddsa", 5))
898 gcry_sexp_release (list);
903 /* Return the public key algorithm number if S_KEY is a DSA style key.
904 If it is not a DSA style key, return 0. */
906 agent_is_dsa_key (gcry_sexp_t s_key)
915 if (key_parms_from_sexp (s_key, &list, algoname, sizeof algoname, NULL, 0))
916 return 0; /* Error - assume it is not an DSA key. */
918 if (!strcmp (algoname, "dsa"))
919 result = GCRY_PK_DSA;
920 else if (!strcmp (algoname, "ecc"))
925 result = GCRY_PK_ECDSA;
927 else if (!strcmp (algoname, "ecdsa"))
928 result = GCRY_PK_ECDSA;
932 gcry_sexp_release (list);
937 /* Return true if S_KEY is an EdDSA key as used with curve Ed25519. */
939 agent_is_eddsa_key (gcry_sexp_t s_key)
948 if (key_parms_from_sexp (s_key, &list, algoname, sizeof algoname, NULL, 0))
949 return 0; /* Error - assume it is not an EdDSA key. */
951 if (!strcmp (algoname, "ecc") && is_eddsa (list))
953 else if (!strcmp (algoname, "eddsa")) /* backward compatibility. */
958 gcry_sexp_release (list);
963 /* Return the key for the keygrip GRIP. The result is stored at
964 RESULT. This function extracts the key from the private key
965 database and returns it as an S-expression object as it is. On
966 failure an error code is returned and NULL stored at RESULT. */
968 agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip,
978 err = read_key_file (grip, &s_skey);
985 /* Return the public key for the keygrip GRIP. The result is stored
986 at RESULT. This function extracts the public key from the private
987 key database. On failure an error code is returned and NULL stored
990 agent_public_key_from_file (ctrl_t ctrl,
991 const unsigned char *grip,
997 const char *algoname, *elems;
999 gcry_mpi_t array[10];
1000 gcry_sexp_t curve = NULL;
1001 gcry_sexp_t flags = NULL;
1002 gcry_sexp_t uri_sexp, comment_sexp;
1003 const char *uri, *comment;
1004 size_t uri_length, comment_length;
1006 void *args[2+7+2+2+1]; /* Size is 2 + max. # of elements + 2 for uri + 2
1007 for comment + end-of-list. */
1009 gcry_sexp_t list = NULL;
1016 err = read_key_file (grip, &s_skey);
1020 for (i=0; i < DIM (array); i++)
1023 err = extract_private_key (s_skey, 0, &algoname, &npkey, NULL, &elems,
1024 array, DIM (array), &curve, &flags);
1027 gcry_sexp_release (s_skey);
1033 uri_sexp = gcry_sexp_find_token (s_skey, "uri", 0);
1035 uri = gcry_sexp_nth_data (uri_sexp, 1, &uri_length);
1039 comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0);
1041 comment = gcry_sexp_nth_data (comment_sexp, 1, &comment_length);
1043 gcry_sexp_release (s_skey);
1047 /* FIXME: The following thing is pretty ugly code; we should
1048 investigate how to make it cleaner. Probably code to handle
1049 canonical S-expressions in a memory buffer is better suited for
1050 such a task. After all that is what we do in protect.c. Neeed
1051 to find common patterns and write a straightformward API to use
1053 assert (sizeof (size_t) <= sizeof (void*));
1055 format = xtrymalloc (15+4+7*npkey+10+15+1+1);
1058 err = gpg_error_from_syserror ();
1059 for (i=0; array[i]; i++)
1060 gcry_mpi_release (array[i]);
1061 gcry_sexp_release (curve);
1062 gcry_sexp_release (flags);
1063 gcry_sexp_release (uri_sexp);
1064 gcry_sexp_release (comment_sexp);
1069 p = stpcpy (stpcpy (format, "(public-key("), algoname);
1070 p = stpcpy (p, "%S%S"); /* curve name and flags. */
1071 args[argidx++] = &curve;
1072 args[argidx++] = &flags;
1073 for (idx=0, s=elems; idx < npkey; idx++)
1077 p = stpcpy (p, " %m)");
1078 assert (argidx < DIM (args));
1079 args[argidx++] = &array[idx];
1084 p = stpcpy (p, "(uri %b)");
1085 assert (argidx+1 < DIM (args));
1086 args[argidx++] = (void *)&uri_length;
1087 args[argidx++] = (void *)&uri;
1091 p = stpcpy (p, "(comment %b)");
1092 assert (argidx+1 < DIM (args));
1093 args[argidx++] = (void *)&comment_length;
1094 args[argidx++] = (void*)&comment;
1098 assert (argidx < DIM (args));
1099 args[argidx] = NULL;
1101 err = gcry_sexp_build_array (&list, NULL, format, args);
1103 for (i=0; array[i]; i++)
1104 gcry_mpi_release (array[i]);
1105 gcry_sexp_release (curve);
1106 gcry_sexp_release (flags);
1107 gcry_sexp_release (uri_sexp);
1108 gcry_sexp_release (comment_sexp);
1117 /* Check whether the the secret key identified by GRIP is available.
1118 Returns 0 is the key is available. */
1120 agent_key_available (const unsigned char *grip)
1124 char hexgrip[40+4+1];
1126 bin2hex (grip, 20, hexgrip);
1127 strcpy (hexgrip+40, ".key");
1129 fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
1130 result = !access (fname, R_OK)? 0 : -1;
1137 /* Return the information about the secret key specified by the binary
1138 keygrip GRIP. If the key is a shadowed one the shadow information
1139 will be stored at the address R_SHADOW_INFO as an allocated
1142 agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
1143 int *r_keytype, unsigned char **r_shadow_info)
1153 *r_keytype = PRIVATE_KEY_UNKNOWN;
1155 *r_shadow_info = NULL;
1160 err = read_key_file (grip, &sexp);
1163 if (gpg_err_code (err) == GPG_ERR_ENOENT)
1164 return gpg_error (GPG_ERR_NOT_FOUND);
1168 err = make_canon_sexp (sexp, &buf, &len);
1169 gcry_sexp_release (sexp);
1174 keytype = agent_private_key_type (buf);
1177 case PRIVATE_KEY_CLEAR:
1178 case PRIVATE_KEY_OPENPGP_NONE:
1180 case PRIVATE_KEY_PROTECTED:
1181 /* If we ever require it we could retrieve the comment fields
1184 case PRIVATE_KEY_SHADOWED:
1187 const unsigned char *s;
1190 err = agent_get_shadow_info (buf, &s);
1193 n = gcry_sexp_canon_len (s, 0, NULL, NULL);
1195 *r_shadow_info = xtrymalloc (n);
1196 if (!*r_shadow_info)
1197 err = gpg_error_from_syserror ();
1199 memcpy (*r_shadow_info, s, n);
1204 err = gpg_error (GPG_ERR_BAD_SECKEY);
1208 if (!err && r_keytype)
1209 *r_keytype = keytype;
1217 /* Delete the key with GRIP from the disk after having asked for
1218 confirmation using DESC_TEXT. Common error codes are:
1221 GPG_ERR_NOT_CONFIRMED
1224 agent_delete_key (ctrl_t ctrl, const char *desc_text,
1225 const unsigned char *grip)
1228 gcry_sexp_t s_skey = NULL;
1229 unsigned char *buf = NULL;
1231 char *desc_text_final = NULL;
1232 char *comment = NULL;
1233 ssh_control_file_t cf = NULL;
1234 char hexgrip[40+4+1];
1235 char *default_desc = NULL;
1237 err = read_key_file (grip, &s_skey);
1238 if (gpg_err_code (err) == GPG_ERR_ENOENT)
1239 err = gpg_error (GPG_ERR_NO_SECKEY);
1243 err = make_canon_sexp (s_skey, &buf, &len);
1247 switch (agent_private_key_type (buf))
1249 case PRIVATE_KEY_CLEAR:
1250 case PRIVATE_KEY_OPENPGP_NONE:
1251 case PRIVATE_KEY_PROTECTED:
1253 bin2hex (grip, 20, hexgrip);
1256 default_desc = xtryasprintf
1257 ("Do you really want to delete the key identified by keygrip%%0A"
1258 " %s%%0A %%C%%0A?", hexgrip);
1259 desc_text = default_desc;
1262 /* Note, that we will take the comment as a C string for
1263 display purposes; i.e. all stuff beyond a Nul character is
1266 gcry_sexp_t comment_sexp;
1268 comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0);
1270 comment = gcry_sexp_nth_string (comment_sexp, 1);
1271 gcry_sexp_release (comment_sexp);
1275 err = modify_description (desc_text, comment? comment:"", s_skey,
1280 err = agent_get_confirmation (ctrl, desc_text_final,
1281 _("Delete key"), _("No"), 0);
1285 cf = ssh_open_control_file ();
1288 if (!ssh_search_control_file (cf, hexgrip, NULL, NULL, NULL))
1290 err = agent_get_confirmation
1292 _("Warning: This key is also listed for use with SSH!\n"
1293 "Deleting the key might remove your ability to "
1294 "access remote machines."),
1295 _("Delete key"), _("No"), 0);
1301 err = remove_key_file (grip);
1305 case PRIVATE_KEY_SHADOWED:
1306 err = gpg_error (GPG_ERR_KEY_ON_CARD);
1310 log_error ("invalid private key format\n");
1311 err = gpg_error (GPG_ERR_BAD_SECKEY);
1316 ssh_close_control_file (cf);
1317 gcry_free (comment);
1318 xfree (desc_text_final);
1319 xfree (default_desc);
1321 gcry_sexp_release (s_skey);