1 /* export.c - Export certificates and private keys.
2 * Copyright (C) 2002, 2003, 2004, 2007, 2009,
3 * 2010 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
39 /* A table to store a fingerprint as used in a duplicates table. We
40 don't need to hash here because a fingerprint is already a perfect
41 hash value. This we use the most significant bits to index the
42 table and then use a linked list for the overflow. Possible
43 enhancement for very large number of certificates: Add a second
44 level table and then resort to a linked list. */
47 struct duptable_s *next;
49 /* Note that we only need to store 19 bytes because the first byte
50 is implictly given by the table index (we require at least 8
52 unsigned char fpr[19];
54 typedef struct duptable_s *duptable_t;
55 #define DUPTABLE_BITS 12
56 #define DUPTABLE_SIZE (1 << DUPTABLE_BITS)
59 static void print_short_info (ksba_cert_t cert, estream_t stream);
60 static gpg_error_t export_p12 (ctrl_t ctrl,
61 const unsigned char *certimg, size_t certimglen,
62 const char *prompt, const char *keygrip,
64 void **r_result, size_t *r_resultlen);
67 /* Create a table used to indetify duplicated certificates. */
69 create_duptable (void)
71 return xtrycalloc (DUPTABLE_SIZE, sizeof (duptable_t));
75 destroy_duptable (duptable_t *table)
82 for (idx=0; idx < DUPTABLE_SIZE; idx++)
83 for (t = table[idx]; t; t = t2)
92 /* Insert the 20 byte fingerprint FPR into TABLE. Sets EXITS to true
93 if the fingerprint already exists in the table. */
95 insert_duptable (duptable_t *table, unsigned char *fpr, int *exists)
102 #if DUPTABLE_BITS > 16 || DUPTABLE_BITS < 8
103 #error cannot handle a table larger than 16 bits or smaller than 8 bits
104 #elif DUPTABLE_BITS > 8
105 idx <<= (DUPTABLE_BITS - 8);
106 idx |= (fpr[1] & ~(~0U << 4));
109 for (t = table[idx]; t; t = t->next)
110 if (!memcmp (t->fpr, fpr+1, 19))
117 /* Insert that fingerprint. */
118 t = xtrymalloc (sizeof *t);
120 return gpg_error_from_syserror ();
121 memcpy (t->fpr, fpr+1, 19);
122 t->next = table[idx];
128 /* Export all certificates or just those given in NAMES. The output
129 is written to STREAM. */
131 gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
133 KEYDB_HANDLE hd = NULL;
134 KEYDB_SEARCH_DESC *desc = NULL;
136 Base64Context b64writer = NULL;
137 ksba_writer_t writer;
139 ksba_cert_t cert = NULL;
146 dtable = create_duptable ();
149 log_error ("creating duplicates table failed: %s\n", strerror (errno));
156 log_error ("keydb_new failed\n");
164 for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++)
168 desc = xtrycalloc (ndesc, sizeof *desc);
171 log_error ("allocating memory for export failed: %s\n",
172 gpg_strerror (out_of_core ()));
177 desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
180 for (ndesc=0, sl=names; sl; sl = sl->next)
182 rc = classify_user_id (sl->d, desc+ndesc, 0);
185 log_error ("key '%s' not found: %s\n",
186 sl->d, gpg_strerror (rc));
194 /* If all specifications are done by fingerprint or keygrip, we
195 switch to ephemeral mode so that _all_ currently available and
196 matching certificates are exported. */
200 && (desc[i].mode == KEYDB_SEARCH_MODE_FPR
201 || desc[i].mode == KEYDB_SEARCH_MODE_FPR20
202 || desc[i].mode == KEYDB_SEARCH_MODE_FPR16
203 || desc[i].mode == KEYDB_SEARCH_MODE_KEYGRIP)); i++)
206 keydb_set_ephemeral (hd, 1);
209 while (!(rc = keydb_search (ctrl, hd, desc, ndesc)))
211 unsigned char fpr[20];
215 desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
217 rc = keydb_get_cert (hd, &cert);
220 log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc));
224 gpgsm_get_fingerprint (cert, 0, fpr, NULL);
225 rc = insert_duptable (dtable, fpr, &exists);
228 log_error ("inserting into duplicates table failed: %s\n",
233 if (!exists && count && !ctrl->create_pem)
235 log_info ("exporting more than one certificate "
236 "is not possible in binary mode\n");
237 log_info ("ignoring other certificates\n");
243 const unsigned char *image;
246 image = ksba_cert_get_image (cert, &imagelen);
249 log_error ("ksba_cert_get_image failed\n");
254 if (ctrl->create_pem)
257 es_putc ('\n', stream);
258 print_short_info (cert, stream);
259 es_putc ('\n', stream);
265 ctrl->pem_name = "CERTIFICATE";
266 rc = gpgsm_create_writer (&b64writer, ctrl, stream, &writer);
269 log_error ("can't create writer: %s\n", gpg_strerror (rc));
274 rc = ksba_writer_write (writer, image, imagelen);
277 log_error ("write error: %s\n", gpg_strerror (rc));
281 if (ctrl->create_pem)
283 /* We want one certificate per PEM block */
284 rc = gpgsm_finish_writer (b64writer);
287 log_error ("write failed: %s\n", gpg_strerror (rc));
290 gpgsm_destroy_writer (b64writer);
295 ksba_cert_release (cert);
299 log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
302 rc = gpgsm_finish_writer (b64writer);
305 log_error ("write failed: %s\n", gpg_strerror (rc));
311 gpgsm_destroy_writer (b64writer);
312 ksba_cert_release (cert);
315 destroy_duptable (dtable);
319 /* Export a certificate and its private key. RAWMODE controls the
321 0 - Private key and certifciate in PKCS#12 format
322 1 - Only unencrypted private key in PKCS#8 format
323 2 - Only unencrypted private key in PKCS#1 format
326 gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
330 KEYDB_SEARCH_DESC *desc = NULL;
331 Base64Context b64writer = NULL;
332 ksba_writer_t writer;
333 ksba_cert_t cert = NULL;
334 const unsigned char *image;
336 char *keygrip = NULL;
344 log_error ("keydb_new failed\n");
348 desc = xtrycalloc (1, sizeof *desc);
351 log_error ("allocating memory for export failed: %s\n",
352 gpg_strerror (out_of_core ()));
356 err = classify_user_id (name, desc, 0);
359 log_error ("key '%s' not found: %s\n",
360 name, gpg_strerror (err));
364 /* Lookup the certificate and make sure that it is unique. */
365 err = keydb_search (ctrl, hd, desc, 1);
368 err = keydb_get_cert (hd, &cert);
371 log_error ("keydb_get_cert failed: %s\n", gpg_strerror (err));
376 err = keydb_search (ctrl, hd, desc, 1);
379 ksba_cert_t cert2 = NULL;
381 if (!keydb_get_cert (hd, &cert2))
383 if (gpgsm_certs_identical_p (cert, cert2))
385 ksba_cert_release (cert2);
388 ksba_cert_release (cert2);
390 err = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
392 else if (err == -1 || gpg_err_code (err) == GPG_ERR_EOF)
396 log_error ("key '%s' not found: %s\n",
397 name, gpg_strerror (err));
402 keygrip = gpgsm_get_keygrip_hexstring (cert);
403 if (!keygrip || gpgsm_agent_havekey (ctrl, keygrip))
405 /* Note, that the !keygrip case indicates a bad certificate. */
406 err = gpg_error (GPG_ERR_NO_SECKEY);
407 log_error ("can't export key '%s': %s\n", name, gpg_strerror (err));
411 image = ksba_cert_get_image (cert, &imagelen);
414 log_error ("ksba_cert_get_image failed\n");
418 if (ctrl->create_pem)
420 print_short_info (cert, stream);
421 es_putc ('\n', stream);
424 if (opt.p12_charset && ctrl->create_pem && !rawmode)
426 es_fprintf (stream, "The passphrase is %s encoded.\n\n",
431 ctrl->pem_name = "PKCS12";
432 else if (rawmode == 1)
433 ctrl->pem_name = "PRIVATE KEY";
435 ctrl->pem_name = "RSA PRIVATE KEY";
436 err = gpgsm_create_writer (&b64writer, ctrl, stream, &writer);
439 log_error ("can't create writer: %s\n", gpg_strerror (err));
443 prompt = gpgsm_format_keydesc (cert);
444 err = export_p12 (ctrl, image, imagelen, prompt, keygrip, rawmode,
449 err = ksba_writer_write (writer, data, datalen);
453 log_error ("write failed: %s\n", gpg_strerror (err));
457 if (ctrl->create_pem)
459 /* We want one certificate per PEM block */
460 err = gpgsm_finish_writer (b64writer);
463 log_error ("write failed: %s\n", gpg_strerror (err));
466 gpgsm_destroy_writer (b64writer);
470 ksba_cert_release (cert);
474 gpgsm_destroy_writer (b64writer);
475 ksba_cert_release (cert);
481 /* Print some info about the certifciate CERT to FP or STREAM */
483 print_short_info (ksba_cert_t cert, estream_t stream)
489 for (idx=0; (p = ksba_cert_get_issuer (cert, idx)); idx++)
493 : "\n aka ...: "), stream);
494 gpgsm_es_print_name (stream, p);
497 es_putc ('\n', stream);
499 es_fputs ("Serial ...: ", stream);
500 sexp = ksba_cert_get_serial (cert);
504 const unsigned char *s = sexp;
509 for (len=0; *s && *s != ':' && digitp (s); s++)
510 len = len*10 + atoi_1 (s);
512 es_write_hexstring (stream, s+1, len, 0, NULL);
516 es_putc ('\n', stream);
518 for (idx=0; (p = ksba_cert_get_subject (cert, idx)); idx++)
522 : "\n aka ..: "), stream);
523 gpgsm_es_print_name (stream, p);
526 es_putc ('\n', stream);
528 p = gpgsm_get_keygrip_hexstring (cert);
531 es_fprintf (stream, "Keygrip ..: %s\n", p);
538 /* Parse a private key S-expression and return a malloced array with
539 the RSA parameters in pkcs#12 order. The caller needs to
540 deep-release this array. */
542 sexp_to_kparms (gcry_sexp_t sexp)
544 gcry_sexp_t list, l2;
552 list = gcry_sexp_find_token (sexp, "private-key", 0 );
555 l2 = gcry_sexp_cadr (list);
556 gcry_sexp_release (list);
558 name = gcry_sexp_nth_data (list, 0, &n);
559 if(!name || n != 3 || memcmp (name, "rsa", 3))
561 gcry_sexp_release (list);
565 /* Parameter names used with RSA in the pkcs#12 order. */
567 array = xtrycalloc (strlen(elems) + 1, sizeof *array);
570 gcry_sexp_release (list);
573 for (idx=0, s=elems; *s; s++, idx++ )
576 continue; /* Computed below */
577 l2 = gcry_sexp_find_token (list, s, 1);
580 array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
581 gcry_sexp_release (l2);
583 if (!array[idx]) /* Required parameter not found or invalid. */
585 for (idx=0; array[idx]; idx++)
586 gcry_mpi_release (array[idx]);
588 gcry_sexp_release (list);
592 gcry_sexp_release (list);
594 array[5] = gcry_mpi_snew (0); /* compute d mod (q-1) */
595 gcry_mpi_sub_ui (array[5], array[3], 1);
596 gcry_mpi_mod (array[5], array[2], array[5]);
598 array[6] = gcry_mpi_snew (0); /* compute d mod (p-1) */
599 gcry_mpi_sub_ui (array[6], array[4], 1);
600 gcry_mpi_mod (array[6], array[3], array[6]);
607 export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
608 const char *prompt, const char *keygrip, int rawmode,
609 void **r_result, size_t *r_resultlen)
614 unsigned char *wrappedkey = NULL;
615 size_t wrappedkeylen;
616 gcry_cipher_hd_t cipherhd = NULL;
617 gcry_sexp_t s_skey = NULL;
618 gcry_mpi_t *kparms = NULL;
619 unsigned char *key = NULL;
621 char *passphrase = NULL;
622 unsigned char *result = NULL;
628 /* Get the current KEK. */
629 err = gpgsm_agent_keywrap_key (ctrl, 1, &kek, &keklen);
632 log_error ("error getting the KEK: %s\n", gpg_strerror (err));
636 /* Receive the wrapped key from the agent. */
637 err = gpgsm_agent_export_key (ctrl, keygrip, prompt,
638 &wrappedkey, &wrappedkeylen);
643 /* Unwrap the key. */
644 err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128,
645 GCRY_CIPHER_MODE_AESWRAP, 0);
648 err = gcry_cipher_setkey (cipherhd, kek, keklen);
654 if (wrappedkeylen < 24)
656 err = gpg_error (GPG_ERR_INV_LENGTH);
659 keylen = wrappedkeylen - 8;
660 key = xtrymalloc_secure (keylen);
663 err = gpg_error_from_syserror ();
666 err = gcry_cipher_decrypt (cipherhd, key, keylen, wrappedkey, wrappedkeylen);
671 gcry_cipher_close (cipherhd);
675 /* Convert to a gcrypt S-expression. */
676 err = gcry_sexp_create (&s_skey, key, keylen, 0, xfree_fnc);
679 key = NULL; /* Key is now owned by S_KEY. */
681 /* Get the parameters from the S-expression. */
682 kparms = sexp_to_kparms (s_skey);
683 gcry_sexp_release (s_skey);
687 log_error ("error converting key parameters\n");
688 err = GPG_ERR_BAD_SECKEY;
694 /* Export in raw mode, that is only the pkcs#1/#8 private key. */
695 result = p12_raw_build (kparms, rawmode, &resultlen);
697 err = gpg_error (GPG_ERR_GENERAL);
701 err = gpgsm_agent_ask_passphrase
703 i18n_utf8 ("Please enter the passphrase to protect the "
704 "new PKCS#12 object."),
709 result = p12_build (kparms, certimg, certimglen, passphrase,
710 opt.p12_charset, &resultlen);
714 err = gpg_error (GPG_ERR_GENERAL);
719 gcry_sexp_release (s_skey);
722 for (i=0; kparms[i]; i++)
723 gcry_mpi_release (kparms[i]);
726 gcry_cipher_close (cipherhd);
730 if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE)
732 /* During export this is the passphrase used to unprotect the
733 key and not the pkcs#12 thing as in export. Therefore we can
734 issue the regular passphrase status. FIXME: replace the all
735 zero keyid by a regular one. */
736 gpgsm_status (ctrl, STATUS_BAD_PASSPHRASE, "0000000000000000");
746 *r_resultlen = resultlen;