X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=gpg2ssh.c;h=a1e94df7998a55a56c88a97e9342abfe14153def;hb=60b8c51d6772a1bd8ba9b2416968a74c09000f3b;hp=f5bd55f54287f45efcb5785c99e40d4bb15b8d5e;hpb=76c17804015ffb6c18232cd9ba80cf2a641fd59e;p=monkeysphere.git

diff --git a/gpg2ssh.c b/gpg2ssh.c
index f5bd55f..a1e94df 100644
--- a/gpg2ssh.c
+++ b/gpg2ssh.c
@@ -42,6 +42,14 @@ int main(int argc, char* argv[]) {
   char userid[10240];
   size_t uidsz = sizeof(userid);
 
+  const gnutls_datum_t* all[5];
+  int pipefd;
+  pid_t child_pid;
+  char* const args[] = {"/usr/bin/base64", "--wrap=0", NULL};
+  const char* algoname;
+  int mpicount;
+  int pipestatus;
+
   init_gnutls();
   
   init_datum(&data);
@@ -73,6 +81,9 @@ int main(int argc, char* argv[]) {
      GNUTLS_OPENPGP_FMT_BASE64; if MONKEYSPHERE_RAW is set, use RAW,
      otherwise, use BASE64: */
 
+  /* FIXME: we should be auto-detecting the input format, and
+     translating it as needed. */
+
   if (getenv("MONKEYSPHERE_RAW")) {
     err("assuming RAW formatted certificate\n");
     if (ret = gnutls_openpgp_crt_import(openpgp_crt, &data, GNUTLS_OPENPGP_FMT_RAW), ret) {
@@ -92,6 +103,15 @@ int main(int argc, char* argv[]) {
     return 1;
   }
 
+  /* FIXME: We're currently looking at the primary key or maybe the
+     first authentication-capable subkey.  
+
+     Instead, we should be iterating through the primary key and all
+     subkeys: for each one with the authentication usage flag set of a
+     algorithm we can handle, we should output matching UserIDs and
+     the SSH version of the key. */
+     
+
   if (ret = gnutls_openpgp_crt_get_key_usage(openpgp_crt, &usage), ret) {
     err("failed to get the usage flags for the primary key (error: %d)\n", ret);
     return ret;
@@ -126,7 +146,7 @@ int main(int argc, char* argv[]) {
   } else {
     err("primary key is only good for: 0x%08x.  Trying subkeys...\n", usage);
     
-    if (ret = gnutls_openpgp_crt_get_auth_subkey(openpgp_crt, keyid), ret) {
+    if (ret = gnutls_openpgp_crt_get_auth_subkey(openpgp_crt, keyid, 0), ret) {
       err("failed to find a subkey capable of authentication (error: %d)\n", ret);
       return ret;
     }
@@ -187,8 +207,9 @@ int main(int argc, char* argv[]) {
   uidsz--;
 
   /* FIXME: we're just choosing the first UserID from the certificate:
-     instead, we should be choosing the one that's adequately signed,
-     and matches the monkeysphere specification. */
+     instead, we should be selecting every User ID that is adequately
+     signed and matches the spec, and aggregating them with commas for
+     known_hosts output */
 
   if (ret = gnutls_openpgp_crt_get_name(openpgp_crt, 0, userid, &uidsz), ret) {
     err("Failed to fetch the first UserID (error: %d)\n", ret);
@@ -211,49 +232,58 @@ int main(int argc, char* argv[]) {
      externally through coreutils' /usr/bin/base64 */
 
   if (algo == GNUTLS_PK_RSA) {
-    const gnutls_datum_t* all[3];
-    int pipefd;
-    pid_t child_pid;
-    char* const args[] = {"/usr/bin/base64", "--wrap=0", NULL};
-    const char* algoname = "ssh-rsa";
-
-    snprintf(output_data, sizeof(output_data), "%s %s ", userid, algoname);
+    algoname = "ssh-rsa";
+    mpicount = 3;
 
-    write(1, output_data, strlen(output_data));
-
-    pipefd = create_writing_pipe(&child_pid, args[0], args);
-    if (pipefd < 0) {
-      err("failed to create a writing pipe (returned %d)\n", pipefd);
-      return pipefd;
-    }
-    
-    if (ret = datum_from_string(&algolabel, algoname), ret) {
-      err("couldn't label string (error: %d)\n", ret);
-      return ret;
-    }
     all[0] = &algolabel;
     all[1] = &e;
     all[2] = &m;
+  } else if (algo == GNUTLS_PK_DSA) {
+    algoname = "ssh-dss";
+    mpicount = 5;
 
-    if (0 != write_data_fd_with_length(pipefd, all, 3)) {
-      err("was not able to write out RSA key data\n");
-      return 1;
-    }
-    close(pipefd);
-    if (child_pid != waitpid(child_pid, NULL, 0)) {
-      err("could not wait for child process to return for some reason.\n");
-      return 1;
-    }
+    all[0] = &algolabel;
+    all[1] = &p;
+    all[2] = &q;
+    all[3] = &g;
+    all[4] = &y;
+  } else {
+    err("no idea what this algorithm is: %d\n", algo);
+    return 1;
+  }
 
-    write(1, "\n", 1);
+  if (ret = datum_from_string(&algolabel, algoname), ret) {
+    err("couldn't label string (error: %d)\n", ret);
+    return ret;
+  }
 
-  } else if (algo == GNUTLS_PK_DSA) {
-    err("Don't know how to export DSA ssh pubkeys yet.\n");
+  snprintf(output_data, sizeof(output_data), "%s %s ", userid, algoname);
+
+  pipefd = create_writing_pipe(&child_pid, args[0], args);
+  if (pipefd < 0) {
+    err("failed to create a writing pipe (returned %d)\n", pipefd);
+    return pipefd;
+  }
+    
+  write(1, output_data, strlen(output_data));
+
+  if (0 != write_data_fd_with_length(pipefd, all, mpicount)) {
+    err("was not able to write out RSA key data\n");
     return 1;
-  } else {
-    err("no idea what this algorithm is: %d\n", algo);
+  }
+  close(pipefd);
+  if (child_pid != waitpid(child_pid, &pipestatus, 0)) {
+    err("could not wait for child process to return for some reason.\n");
     return 1;
   }
+  if (pipestatus != 0) {
+    err("base64 pipe died with return code %d\n", pipestatus);
+    return pipestatus;
+  }
+
+  write(1, "\n", 1);
+
+
 
   gnutls_openpgp_crt_deinit(openpgp_crt);
   gnutls_global_deinit();