Skip to content

Commit

Permalink
g10: Allow receiving cleartext secret keys from agent
Browse files Browse the repository at this point in the history 
* g10/export.c (match_curve_skey_pk): New function, testing whether an
OpenPGP public key and an S-expression use the same curve.
* g10/export.c (cleartext_secret_key_to_openpgp): New function,
filling in the secret key parameters of a PKT_public_key object from
a corresponding cleartext S-expression.
* g10/export.c, g10/main.h (receive_seckey_from_agent): Add cleartext
parameter, enabling retrieval of the secret key, unlocked.
* g10/export.c (do_export_stream): Send cleartext as 0, keeping current
behavior.
* g10/keygen.c (card_store_key_with_backup): Use cleartext=0 to ensure
that smartcard backups are all passphrase-locked.
--

This sets up internal functionality to be capable of exporting
cleartext secret keys, but does not change any existing behavior.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  • Loading branch information
@dkg @dd9jn
dkg authored and dd9jn committed Jun 11, 2016
1 parent 7de7432 commit a3cb72a
Show file tree
Hide file tree
Showing 3 changed files with 223 additions and 4 deletions.
224 changes: 221 additions & 3 deletions g10/export.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -390,6 +390,71 @@ exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, KBNODE node)
return result;
}

/* return an error if the key represented by the S-expression s_key
and the OpenPGP key represented by pk do not use the same curve. */
static gpg_error_t
match_curve_skey_pk (gcry_sexp_t s_key, PKT_public_key *pk)
{
gcry_sexp_t curve = NULL, flags = NULL;
char *curve_str = NULL, *flag;
const char *oidstr = NULL;
gcry_mpi_t curve_as_mpi = NULL;
gpg_error_t err;
int is_eddsa = 0, idx = 0;

if (!(pk->pubkey_algo==PUBKEY_ALGO_ECDH ||
pk->pubkey_algo==PUBKEY_ALGO_ECDSA ||
pk->pubkey_algo==PUBKEY_ALGO_EDDSA))
return gpg_error (GPG_ERR_PUBKEY_ALGO);

curve = gcry_sexp_find_token (s_key, "curve", 0);
if (!curve)
{
log_error ("no reported curve\n");
err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
}
curve_str = gcry_sexp_nth_string (curve, 1);
gcry_sexp_release (curve); curve = NULL;
if (!curve_str)
{
log_error ("no curve name\n");
return gpg_error (GPG_ERR_UNKNOWN_CURVE);
}
oidstr = openpgp_curve_to_oid (curve_str, NULL);
if (!oidstr)
{
log_error ("no OID known for curve '%s'\n", curve_str);
gcry_free (curve_str);
return gpg_error (GPG_ERR_UNKNOWN_CURVE);
}
gcry_free (curve_str);
err = openpgp_oid_from_str (oidstr, &curve_as_mpi);
if (err)
return err;
if (gcry_mpi_cmp(pk->pkey[0], curve_as_mpi))
{
log_error ("curves do not match\n");
err = gpg_error (GPG_ERR_INV_CURVE);
}
gcry_mpi_release (curve_as_mpi);
flags = gcry_sexp_find_token (s_key, "flags", 0);
if (flags)
for (idx = 1; idx < gcry_sexp_length (flags); idx++)
{
flag = gcry_sexp_nth_string (flags, idx);
if (flag && (strcmp ("eddsa", flag) == 0))
is_eddsa = 1;
gcry_free (flag);
}
if (is_eddsa !=
(pk->pubkey_algo==PUBKEY_ALGO_EDDSA))
{
log_error ("disagreement about EdDSA\n");
err = gpg_error (GPG_ERR_INV_CURVE);
}

return err;
}

/* Return a canonicalized public key algoithms. This is used to
compare different flavors of algorithms (e.g. ELG and ELG_E are
Expand All @@ -411,6 +476,150 @@ canon_pk_algo (enum gcry_pk_algos algo)
}
}

/* take a cleartext dump of a secret key in PK and change the
parameter array in PK to include the secret parameters. */
static gpg_error_t
cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk)
{
gpg_error_t err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
gcry_sexp_t top_list;
gcry_sexp_t key = NULL;
char *key_type = NULL;
enum gcry_pk_algos pk_algo;
struct seckey_info *ski;
int idx, sec_start;
gcry_mpi_t pub_params[10] = { NULL };

/* we look for a private-key, then the first element in it tells us
the type */
top_list = gcry_sexp_find_token (s_key, "private-key", 0);
if (!top_list)
goto bad_seckey;
if (gcry_sexp_length(top_list) != 2)
goto bad_seckey;
key = gcry_sexp_nth (top_list, 1);
if (!key)
goto bad_seckey;
key_type = gcry_sexp_nth_string(key, 0);
pk_algo = gcry_pk_map_name (key_type);

log_assert(pk->seckey_info == NULL);

pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
if (!ski)
{
err = gpg_error_from_syserror ();
goto leave;
}

switch (canon_pk_algo (pk_algo))
{
case GCRY_PK_RSA:
if (!is_RSA (pk->pubkey_algo))
goto bad_pubkey_algo;
err = gcry_sexp_extract_param (key, NULL, "ne",
&pub_params[0],
&pub_params[1],
NULL);
for (idx=0; idx < 2 && !err; idx++)
if (gcry_mpi_cmp(pk->pkey[idx], pub_params[idx]))
err = gpg_error (GPG_ERR_BAD_PUBKEY);
if (!err)
err = gcry_sexp_extract_param (key, NULL, "dpqu",
&pk->pkey[2],
&pk->pkey[3],
&pk->pkey[4],
&pk->pkey[5],
NULL);
if (!err)
for (idx = 2; idx < 6; idx++)
ski->csum += checksum_mpi (pk->pkey[idx]);
break;

case GCRY_PK_DSA:
if (!is_DSA (pk->pubkey_algo))
goto bad_pubkey_algo;
err = gcry_sexp_extract_param (key, NULL, "pqgy",
&pub_params[0],
&pub_params[1],
&pub_params[2],
&pub_params[3],
NULL);
for (idx=0; idx < 4 && !err; idx++)
if (gcry_mpi_cmp(pk->pkey[idx], pub_params[idx]))
err = gpg_error (GPG_ERR_BAD_PUBKEY);
if (!err)
err = gcry_sexp_extract_param (key, NULL, "x",
&pk->pkey[4],
NULL);
if (!err)
ski->csum += checksum_mpi (pk->pkey[4]);
break;

case GCRY_PK_ELG:
if (!is_ELGAMAL (pk->pubkey_algo))
goto bad_pubkey_algo;
err = gcry_sexp_extract_param (key, NULL, "pgy",
&pub_params[0],
&pub_params[1],
&pub_params[2],
NULL);
for (idx=0; idx < 3 && !err; idx++)
if (gcry_mpi_cmp(pk->pkey[idx], pub_params[idx]))
err = gpg_error (GPG_ERR_BAD_PUBKEY);
if (!err)
err = gcry_sexp_extract_param (key, NULL, "x",
&pk->pkey[3],
NULL);
if (!err)
ski->csum += checksum_mpi (pk->pkey[3]);
break;

case GCRY_PK_ECC:
err = match_curve_skey_pk (key, pk);
if (err)
goto leave;
if (!err)
err = gcry_sexp_extract_param (key, NULL, "q",
&pub_params[0],
NULL);
if (!err && (gcry_mpi_cmp(pk->pkey[1], pub_params[0])))
err = gpg_error (GPG_ERR_BAD_PUBKEY);

sec_start = 2;
if (pk->pubkey_algo == PUBKEY_ALGO_ECDH)
sec_start += 1;
if (!err)
err = gcry_sexp_extract_param (key, NULL, "d",
&pk->pkey[sec_start],
NULL);

if (!err)
ski->csum += checksum_mpi (pk->pkey[sec_start]);
break;

default:
pk->seckey_info = NULL;
free (ski);
err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
}
leave:
gcry_sexp_release (top_list);
gcry_sexp_release (key);
gcry_free (key_type);

for (idx=0; idx < DIM(pub_params); idx++)
gcry_mpi_release (pub_params[idx]);
return err;

bad_pubkey_algo:
err = gpg_error (GPG_ERR_PUBKEY_ALGO);
goto leave;

bad_seckey:
err = gpg_error (GPG_ERR_BAD_SECKEY);
goto leave;
}

/* Use the key transfer format given in S_PGP to create the secinfo
structure in PK and change the parameter array in PK to include the
Expand Down Expand Up @@ -833,10 +1042,15 @@ print_status_exported (PKT_public_key *pk)
* Then, parse the decrypted key data in transfer format, and put
* secret parameters into PK.
*
* if CLEARTEXT is 0, store the secret key material
* passphrase-protected. otherwise, store secret key material in the
* clear.
*
* CACHE_NONCE_ADDR is used to share nonce for multple key retrievals.
*/
gpg_error_t
receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
int cleartext,
char **cache_nonce_addr, const char *hexgrip,
PKT_public_key *pk)
{
Expand All @@ -852,7 +1066,7 @@ receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
log_info ("key %s: asking agent for the secret parts\n", hexgrip);

prompt = gpg_format_keydesc (pk, FORMAT_KEYDESC_EXPORT,1);
err = agent_export_key (ctrl, hexgrip, prompt, 1, cache_nonce_addr,
err = agent_export_key (ctrl, hexgrip, prompt, !cleartext, cache_nonce_addr,
&wrappedkey, &wrappedkeylen);
xfree (prompt);

Expand Down Expand Up @@ -880,7 +1094,10 @@ receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
err = gcry_sexp_sscan (&s_skey, NULL, key, realkeylen);
if (!err)
{
err = transfer_format_to_openpgp (s_skey, pk);
if (cleartext)
err = cleartext_secret_key_to_openpgp (s_skey, pk);
else
err = transfer_format_to_openpgp (s_skey, pk);
gcry_sexp_release (s_skey);
}

Expand Down Expand Up @@ -1276,7 +1493,8 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
}
else if (!err)
{
err = receive_seckey_from_agent (ctrl, cipherhd, &cache_nonce,
err = receive_seckey_from_agent (ctrl, cipherhd,
0, &cache_nonce,
hexgrip, pk);
if (err)
{
Expand Down
2 changes: 1 addition & 1 deletion g10/keygen.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4075,7 +4075,7 @@ card_store_key_with_backup (ctrl_t ctrl, PKT_public_key *sub_psk,
goto leave;
}

err = receive_seckey_from_agent (ctrl, cipherhd, &cache_nonce, hexgrip, sk);
err = receive_seckey_from_agent (ctrl, cipherhd, 0, &cache_nonce, hexgrip, sk);
if (err)
{
log_error ("error getting secret key from agent: %s\n", gpg_strerror (err));
Expand Down
1 change: 1 addition & 0 deletions g10/main.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -389,6 +389,7 @@ gpg_error_t export_pubkey_buffer (ctrl_t ctrl, const char *keyspec,
void **r_data, size_t *r_datalen);

gpg_error_t receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
int cleartext,
char **cache_nonce_addr, const char *hexgrip,
PKT_public_key *pk);

Expand Down

0 comments on commit a3cb72a

Please sign in to comment.