gnutls_pk_algorithm_t pgp_algo;
unsigned int pgp_bits;
int ret;
-
-/* FIXME: actually respect keyid argument. At the moment, we just
- emit the primary key. */
+ gnutls_openpgp_keyid_t curkeyid;
+ int subkeyidx;
+ int subkeycount;
+ int found = 0;
init_datum(&m);
init_datum(&e);
init_datum(&y);
init_datum(&x);
- pgp_algo = gnutls_openpgp_privkey_get_pk_algorithm(*pgp_privkey, &pgp_bits);
- if (pgp_algo < 0) {
- err("failed to get OpenPGP key algorithm (error: %d)\n", pgp_algo);
+ subkeycount = gnutls_openpgp_privkey_get_subkey_count(*pgp_privkey);
+ if (subkeycount < 0) {
+ err(0,"Could not determine subkey count (got value %d)\n", subkeycount);
return 1;
}
- if (pgp_algo == GNUTLS_PK_RSA) {
- err("OpenPGP RSA Key, with %d bits\n", pgp_bits);
- ret = gnutls_openpgp_privkey_export_rsa_raw(*pgp_privkey, &m, &e, &d, &p, &q, &u);
- if (GNUTLS_E_SUCCESS != ret) {
- err ("failed to export RSA key parameters (error: %d)\n", ret);
+
+ if ((keyid == NULL) &&
+ (subkeycount > 0)) {
+ err(0,"No keyid passed in, but there were %d keys to choose from\n", subkeycount + 1);
+ return 1;
+ }
+
+ if (keyid != NULL) {
+ ret = gnutls_openpgp_privkey_get_key_id(*pgp_privkey, curkeyid);
+ if (ret) {
+ err(0,"Could not get keyid (error: %d)\n", ret);
return 1;
}
+ }
+ if ((keyid == NULL) || (memcmp(*keyid, curkeyid, sizeof(gnutls_openpgp_keyid_t)) == 0)) {
+ /* we want to export the primary key: */
+ err(0,"exporting primary key\n");
- ret = gnutls_x509_privkey_import_rsa_raw (*output, &m, &e, &d, &p, &q, &u);
- if (GNUTLS_E_SUCCESS != ret) {
- err ("failed to import RSA key parameters (error: %d)\n", ret);
+ /* FIXME: this is almost identical to the block below for subkeys.
+ This clumsiness seems inherent in the gnutls OpenPGP API,
+ though. ugh. */
+ pgp_algo = gnutls_openpgp_privkey_get_pk_algorithm(*pgp_privkey, &pgp_bits);
+ if (pgp_algo < 0) {
+ err(0, "failed to get OpenPGP key algorithm (error: %d)\n", pgp_algo);
return 1;
}
- } else if (pgp_algo == GNUTLS_PK_DSA) {
- err("OpenPGP DSA Key, with %d bits\n", pgp_bits);
- ret = gnutls_openpgp_privkey_export_dsa_raw(*pgp_privkey, &p, &q, &g, &y, &x);
+ if (pgp_algo == GNUTLS_PK_RSA) {
+ err(0,"OpenPGP RSA Key, with %d bits\n", pgp_bits);
+ ret = gnutls_openpgp_privkey_export_rsa_raw(*pgp_privkey, &m, &e, &d, &p, &q, &u);
+ if (GNUTLS_E_SUCCESS != ret) {
+ err(0, "failed to export RSA key parameters (error: %d)\n", ret);
+ return 1;
+ }
+
+ } else if (pgp_algo == GNUTLS_PK_DSA) {
+ err(0,"OpenPGP DSA Key, with %d bits\n", pgp_bits);
+ ret = gnutls_openpgp_privkey_export_dsa_raw(*pgp_privkey, &p, &q, &g, &y, &x);
+ if (GNUTLS_E_SUCCESS != ret) {
+ err(0,"failed to export DSA key parameters (error: %d)\n", ret);
+ return 1;
+ }
+ }
+ found = 1;
+ } else {
+ /* lets trawl through the subkeys until we find the one we want: */
+ for (subkeyidx = 0; (subkeyidx < subkeycount) && !found; subkeyidx++) {
+ ret = gnutls_openpgp_privkey_get_subkey_id(*pgp_privkey, subkeyidx, curkeyid);
+ if (ret) {
+ err(0,"Could not get keyid of subkey with index %d (error: %d)\n", subkeyidx, ret);
+ return 1;
+ }
+ if (memcmp(*keyid, curkeyid, sizeof(gnutls_openpgp_keyid_t)) == 0) {
+ err(0,"exporting subkey index %d\n", subkeyidx);
+
+ /* FIXME: this is almost identical to the block above for the
+ primary key. */
+ pgp_algo = gnutls_openpgp_privkey_get_subkey_pk_algorithm(*pgp_privkey, subkeyidx, &pgp_bits);
+ if (pgp_algo < 0) {
+ err(0,"failed to get the algorithm of the OpenPGP public key (error: %d)\n", pgp_algo);
+ return pgp_algo;
+ } else if (pgp_algo == GNUTLS_PK_RSA) {
+ err(0,"OpenPGP RSA key, with %d bits\n", pgp_bits);
+ ret = gnutls_openpgp_privkey_export_subkey_rsa_raw(*pgp_privkey, subkeyidx, &m, &e, &d, &p, &q, &u);
+ if (GNUTLS_E_SUCCESS != ret) {
+ err(0,"failed to export RSA key parameters (error: %d)\n", ret);
+ return 1;
+ }
+ } else if (pgp_algo == GNUTLS_PK_DSA) {
+ err(0,"OpenPGP DSA Key, with %d bits\n", pgp_bits);
+ ret = gnutls_openpgp_privkey_export_subkey_dsa_raw(*pgp_privkey, subkeyidx, &p, &q, &g, &y, &x);
+ if (GNUTLS_E_SUCCESS != ret) {
+ err(0,"failed to export DSA key parameters (error: %d)\n", ret);
+ return 1;
+ }
+ }
+ found = 1;
+ }
+ }
+ }
+
+ if (!found) {
+ err(0,"Could not find key in input\n");
+ return 1;
+ }
+
+ if (pgp_algo == GNUTLS_PK_RSA) {
+ ret = gnutls_x509_privkey_import_rsa_raw (*output, &m, &e, &d, &p, &q, &u);
if (GNUTLS_E_SUCCESS != ret) {
- err ("failed to export DSA key parameters (error: %d)\n", ret);
+ err(0, "failed to import RSA key parameters (error: %d)\n", ret);
return 1;
}
-
+ } else if (pgp_algo == GNUTLS_PK_DSA) {
ret = gnutls_x509_privkey_import_dsa_raw (*output, &p, &q, &g, &y, &x);
if (GNUTLS_E_SUCCESS != ret) {
- err ("failed to import DSA key parameters (error: %d)\n", ret);
+ err(0,"failed to import DSA key parameters (error: %d)\n", ret);
return 1;
}
} else {
- err("OpenPGP Key was not RSA or DSA -- can't deal! (actual algorithm was: %d)\n", pgp_algo);
+ err(0,"OpenPGP Key was not RSA or DSA -- can't deal! (actual algorithm was: %d)\n", pgp_algo);
return 1;
}
ret = gnutls_x509_privkey_fix(*output);
if (ret != 0) {
- err("failed to fix up the private key in X.509 format (error: %d)\n", ret);
+ err(0,"failed to fix up the private key in X.509 format (error: %d)\n", ret);
return 1;
}
/* figure out if we've got the right thing: */
subkeycount = gnutls_openpgp_crt_get_subkey_count(*pgp_crt);
if (subkeycount < 0) {
- err("Could not determine subkey count (got value %d)\n", subkeycount);
+ err(0,"Could not determine subkey count (got value %d)\n", subkeycount);
return 1;
}
if ((keyid == NULL) &&
(subkeycount > 0)) {
- err("No keyid passed in, but there were %d keys to choose from\n", subkeycount + 1);
+ err(0,"No keyid passed in, but there were %d keys to choose from\n", subkeycount + 1);
return 1;
}
if (keyid != NULL) {
ret = gnutls_openpgp_crt_get_key_id(*pgp_crt, curkeyid);
if (ret) {
- err("Could not get keyid (error: %d)\n", ret);
+ err(0,"Could not get keyid (error: %d)\n", ret);
return 1;
}
}
if ((keyid == NULL) || (memcmp(*keyid, curkeyid, sizeof(gnutls_openpgp_keyid_t)) == 0)) {
/* we want to export the primary key: */
- err("exporting primary key\n");
+ err(0,"exporting primary key\n");
/* FIXME: this is almost identical to the block below for subkeys.
This clumsiness seems inherent in the gnutls OpenPGP API,
though. ugh. */
algo = gnutls_openpgp_crt_get_pk_algorithm(*pgp_crt, &bits);
if (algo < 0) {
- err("failed to get the algorithm of the OpenPGP public key (error: %d)\n", algo);
+ err(0,"failed to get the algorithm of the OpenPGP public key (error: %d)\n", algo);
return algo;
} else if (algo == GNUTLS_PK_RSA) {
- err("OpenPGP RSA certificate, with %d bits\n", bits);
+ err(0,"OpenPGP RSA certificate, with %d bits\n", bits);
ret = gnutls_openpgp_crt_get_pk_rsa_raw(*pgp_crt, &m, &e);
if (GNUTLS_E_SUCCESS != ret) {
- err ("failed to export RSA key parameters (error: %d)\n", ret);
+ err(0,"failed to export RSA certificate parameters (error: %d)\n", ret);
return 1;
}
} else if (algo == GNUTLS_PK_DSA) {
- err("OpenPGP DSA Key, with %d bits\n", bits);
+ err(0,"OpenPGP DSA certificate, with %d bits\n", bits);
ret = gnutls_openpgp_crt_get_pk_dsa_raw(*pgp_crt, &p, &q, &g, &y);
if (GNUTLS_E_SUCCESS != ret) {
- err ("failed to export DSA key parameters (error: %d)\n", ret);
+ err(0,"failed to export DSA certificate parameters (error: %d)\n", ret);
return 1;
}
}
for (subkeyidx = 0; (subkeyidx < subkeycount) && !found; subkeyidx++) {
ret = gnutls_openpgp_crt_get_subkey_id(*pgp_crt, subkeyidx, curkeyid);
if (ret) {
- err("Could not get keyid of subkey with index %d (error: %d)\n", subkeyidx, ret);
+ err(0,"Could not get keyid of subkey with index %d (error: %d)\n", subkeyidx, ret);
return 1;
}
if (memcmp(*keyid, curkeyid, sizeof(gnutls_openpgp_keyid_t)) == 0) {
- err("exporting subkey index %d\n", subkeyidx);
+ err(0,"exporting subkey index %d\n", subkeyidx);
/* FIXME: this is almost identical to the block above for the
primary key. */
algo = gnutls_openpgp_crt_get_subkey_pk_algorithm(*pgp_crt, subkeyidx, &bits);
if (algo < 0) {
- err("failed to get the algorithm of the OpenPGP public key (error: %d)\n", algo);
+ err(0,"failed to get the algorithm of the OpenPGP public key (error: %d)\n", algo);
return algo;
} else if (algo == GNUTLS_PK_RSA) {
- err("OpenPGP RSA certificate, with %d bits\n", bits);
+ err(0,"OpenPGP RSA certificate, with %d bits\n", bits);
ret = gnutls_openpgp_crt_get_subkey_pk_rsa_raw(*pgp_crt, subkeyidx, &m, &e);
if (GNUTLS_E_SUCCESS != ret) {
- err ("failed to export RSA key parameters (error: %d)\n", ret);
+ err(0,"failed to export RSA certificate parameters (error: %d)\n", ret);
return 1;
}
} else if (algo == GNUTLS_PK_DSA) {
- err("OpenPGP DSA Key, with %d bits\n", bits);
+ err(0,"OpenPGP DSA certificate, with %d bits\n", bits);
ret = gnutls_openpgp_crt_get_subkey_pk_dsa_raw(*pgp_crt, subkeyidx, &p, &q, &g, &y);
if (GNUTLS_E_SUCCESS != ret) {
- err ("failed to export DSA key parameters (error: %d)\n", ret);
+ err(0,"failed to export DSA certificate parameters (error: %d)\n", ret);
return 1;
}
}
}
if (!found) {
- err("Could not find key in input\n");
+ err(0,"Could not find key in input\n");
return 1;
}
all[3] = &g;
all[4] = &y;
} else {
- err("Key algorithm was neither DSA nor RSA (it was %d). Can't deal. Sorry!\n", algo);
+ err(0,"Key algorithm was neither DSA nor RSA (it was %d). Can't deal. Sorry!\n", algo);
return 1;
}
if (ret = datum_from_string(&algolabel, algoname), ret) {
- err("couldn't label string (error: %d)\n", ret);
+ err(0,"couldn't label string (error: %d)\n", ret);
return ret;
}
pipefd = create_writing_pipe(&child_pid, b64args[0], b64args);
if (pipefd < 0) {
- err("failed to create a writing pipe (returned %d)\n", pipefd);
+ err(0,"failed to create a writing pipe (returned %d)\n", pipefd);
return pipefd;
}
write(1, output_data, strlen(output_data));
if (0 != write_data_fd_with_length(pipefd, all, mpicount)) {
- err("was not able to write out RSA key data\n");
+ err(0,"was not able to write out RSA key data\n");
return 1;
}
close(pipefd);
if (child_pid != waitpid(child_pid, &pipestatus, 0)) {
- err("could not wait for child process to return for some reason.\n");
+ err(0,"could not wait for child process to return for some reason.\n");
return 1;
}
if (pipestatus != 0) {
- err("base64 pipe died with return code %d\n", pipestatus);
+ err(0,"base64 pipe died with return code %d\n", pipestatus);
return pipestatus;
}
write(1, "\n", 1);
-
-
- return 0;
-}
-
-
-
-int convert_x509_to_pgp(gnutls_openpgp_privkey_t* output, gnutls_datum_t* input) {
- gnutls_x509_privkey_t x509_privkey;
- gnutls_datum_t m, e, d, p, q, u, g, y, x;
- gnutls_pk_algorithm_t x509_algo;
- int ret;
-
- init_datum(&m);
- init_datum(&e);
- init_datum(&d);
- init_datum(&p);
- init_datum(&q);
- init_datum(&u);
- init_datum(&g);
- init_datum(&y);
- init_datum(&x);
-
- if (ret = gnutls_x509_privkey_init(&x509_privkey), ret) {
- err("Failed to initialized X.509 private key (error: %d)\n", ret);
- return 1;
- }
-
-
- /* format could be either: GNUTLS_X509_FMT_DER,
- GNUTLS_X509_FMT_PEM; if MONKEYSPHERE_DER is set, use DER,
- otherwise, use PEM: */
-
- if (getenv("MONKEYSPHERE_DER")) {
- err("assuming DER formatted private keys\n");
- if (ret = gnutls_x509_privkey_import(x509_privkey, input, GNUTLS_X509_FMT_DER), ret)
- err("failed to import the X.509 private key in DER format (error: %d)\n", ret);
- } else {
- err("assuming PEM formatted private keys\n");
- if (ret = gnutls_x509_privkey_import (x509_privkey, input, GNUTLS_X509_FMT_PEM), ret)
- err("failed to import the X.509 private key in PEM format (error: %d)\n", ret);
- }
-
- x509_algo = gnutls_x509_privkey_get_pk_algorithm(x509_privkey);
- if (x509_algo < 0) {
- err("failed to get X.509 key algorithm (error: %d)\n", x509_algo);
- return 1;
- }
- if (x509_algo == GNUTLS_PK_RSA) {
- err("X.509 RSA Key\n");
- ret = gnutls_x509_privkey_export_rsa_raw(x509_privkey, &m, &e, &d, &p, &q, &u);
- if (GNUTLS_E_SUCCESS != ret) {
- err ("failed to export RSA key parameters (error: %d)\n", ret);
- return 1;
- }
-
- /* ret = gnutls_openpgp_privkey_import_rsa_raw (*output, &m, &e, &d, &p, &q, &u); */
- ret = GNUTLS_E_UNIMPLEMENTED_FEATURE;
- if (GNUTLS_E_SUCCESS != ret) {
- err ("failed to import RSA key parameters (error: %d)\n", ret);
- return 1;
- }
- } else if (x509_algo == GNUTLS_PK_DSA) {
- err("X.509 DSA Key\n");
- ret = gnutls_x509_privkey_export_dsa_raw(x509_privkey, &p, &q, &g, &y, &x);
- if (GNUTLS_E_SUCCESS != ret) {
- err ("failed to export DSA key parameters (error: %d)\n", ret);
- return 1;
- }
-
- /* ret = gnutls_openpgp_privkey_import_dsa_raw (*output, &p, &q, &g, &y, &x); */
- ret = GNUTLS_E_UNIMPLEMENTED_FEATURE;
- if (GNUTLS_E_SUCCESS != ret) {
- err ("failed to import DSA key parameters (error: %d)\n", ret);
- return 1;
- }
- } else {
- err("OpenPGP Key was not RSA or DSA -- can't deal! (actual algorithm was: %d)\n", x509_algo);
- return 1;
- }
- gnutls_x509_privkey_deinit(x509_privkey);
return 0;
}
-
int main(int argc, char* argv[]) {
gnutls_datum_t data;
int ret;
/* slurp in the key from stdin */
if (ret = set_datum_fd(&data, 0), ret) {
- err("didn't read file descriptor 0\n");
+ err(0,"didn't read file descriptor 0\n");
return 1;
}
if (ret = gnutls_openpgp_privkey_init(&pgp_privkey), ret) {
- err("Failed to initialized OpenPGP private key (error: %d)\n", ret);
+ err(0,"Failed to initialized OpenPGP private key (error: %d)\n", ret);
return 1;
}
/* check whether it's a private key or a public key, by trying them: */
if ((gnutls_openpgp_privkey_import(pgp_privkey, &data, GNUTLS_OPENPGP_FMT_RAW, NULL, 0) == 0) ||
(gnutls_openpgp_privkey_import(pgp_privkey, &data, GNUTLS_OPENPGP_FMT_BASE64, NULL, 0) == 0)) {
/* we're dealing with a private key */
- err("Translating private key\n");
+ err(0,"Translating private key\n");
if (ret = gnutls_x509_privkey_init(&x509_privkey), ret) {
- err("Failed to initialize X.509 private key for output (error: %d)\n", ret);
+ err(0,"Failed to initialize X.509 private key for output (error: %d)\n", ret);
return 1;
}
} else {
if (ret = gnutls_openpgp_crt_init(&pgp_crt), ret) {
- err("Failed to initialized OpenPGP certificate (error: %d)\n", ret);
+ err(0,"Failed to initialized OpenPGP certificate (error: %d)\n", ret);
return 1;
}
if ((gnutls_openpgp_crt_import(pgp_crt, &data, GNUTLS_OPENPGP_FMT_RAW) == 0) ||
(gnutls_openpgp_crt_import(pgp_crt, &data, GNUTLS_OPENPGP_FMT_BASE64) == 0)) {
/* we're dealing with a public key */
- err("Translating public key\n");
+ err(0,"Translating public key\n");
ret = emit_public_openssh_from_pgp(&pgp_crt, use_keyid);
} else {
/* we have no idea what kind of key this is at all anyway! */
- err("Input does contain any form of OpenPGP key I recognize.");
+ err(0,"Input does not contain any form of OpenPGP key I recognize.\n");
return 1;
}
}
-
-
-
gnutls_global_deinit();
return 0;
}
projects / monkeysphere.git / blobdiff