#include "gnutls-helpers.h"
#include <gnutls/openpgp.h>
#include <gnutls/x509.h>
/* for waitpid() */
#include <sys/types.h>
#include <sys/wait.h>
/* for time() */
#include <time.h>
/* for htons() */
#include <arpa/inet.h>
/*
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 2008-04-20
License: GPL v3 or later
monkeysphere public key translator: execute this with an ssh
private key on stdin. It currently only works with RSA keys.
it should eventually work with OpenSSH-style public keys instead of
the full private key, but it was easier to do this way.
It shoud spit out a version of the public key suitable for acting
as an OpenPGP public sub key packet.
*/
int main(int argc, char* argv[]) {
gnutls_datum_t data;
int ret;
gnutls_x509_privkey_t x509_privkey;
gnutls_openpgp_crt_t openpgp_crt;
gnutls_openpgp_keyid_t keyid;
printable_keyid p_keyid;
unsigned int keyidx;
unsigned int usage, bits;
gnutls_pk_algorithm_t algo;
unsigned char packettag;
unsigned char openpgpversion;
time_t timestamp;
uint32_t clunkytime;
unsigned char openpgpalgo;
unsigned int packetlen;
uint16_t plen;
gnutls_datum_t m, e, d, p, q, u, g, y;
gnutls_datum_t algolabel;
char output_data[10240];
char userid[10240];
size_t uidsz = sizeof(userid);
const gnutls_datum_t* all[5];
int pipefd;
pid_t child_pid;
char* const args[] = {"/usr/bin/base64", "--wrap=0", NULL};
const char* algoname;
int mpicount;
int pipestatus;
init_gnutls();
init_datum(&data);
init_datum(&m);
init_datum(&e);
init_datum(&d);
init_datum(&p);
init_datum(&q);
init_datum(&u);
init_datum(&g);
init_datum(&y);
init_datum(&algolabel);
init_keyid(keyid);
/* slurp in the private key from stdin */
if (ret = set_datum_fd(&data, 0), ret) {
err("didn't read file descriptor 0\n");
return 1;
}
if (ret = gnutls_x509_privkey_init(&x509_privkey), ret) {
err("Failed to initialize private key structure (error: %d)\n", ret);
return 1;
}
err("assuming PEM formatted private key\n");
if (ret = gnutls_x509_privkey_import(x509_privkey, &data, GNUTLS_X509_FMT_PEM), ret) {
err("failed to import the PEM-encoded private key (error: %d)\n", ret);
return ret;
}
algo = gnutls_x509_privkey_get_pk_algorithm(x509_privkey);
if (algo < 0) {
err("failed to get the algorithm of the PEM-encoded public key (error: %d)\n", algo);
return algo;
} else if (algo == GNUTLS_PK_RSA) {
err("RSA private key\n");
ret = gnutls_x509_privkey_export_rsa_raw(x509_privkey, &m, &e, &d, &p, &q, &u);
if (GNUTLS_E_SUCCESS != ret) {
err ("failed to export RSA key parameters (error: %d)\n", ret);
return 1;
}
err("Modulus size %d, exponent size %d\n", m.size, e.size);
} else if (algo == GNUTLS_PK_DSA) {
err("DSA Key, not implemented!!\n", bits);
return 1;
} else {
err("Key was not RSA or DSA -- can't deal! (actual algorithm was: %d)\n", algo);
return 1;
}
/* now we have algo, and the various MPI data are set. Can we
export them as a public subkey packet? */
/* this packet should be tagged 14, and should contain:
1 octet: version (4)
4 octets: time of generation (seconds since 1970)
1 octet: algo (http://tools.ietf.org/html/rfc4880#section-5.5.2 implies 1 for RSA)
MPI: modulus
MPI: exponent
*/
packetlen = 1 + 4 + 1;
/* FIXME: this is RSA only. for DSA, there'll be more: */
packetlen += get_openpgp_mpi_size(&m) + get_openpgp_mpi_size(&e);
/* FIXME: we should generate this bound more cleanly -- i just
happen to know that 65535 is 2^16-1: */
if (packetlen > 65535) {
err("packet length is too long (%d)\n", packetlen);
return 1;
}
/* we're going to emit an old-style packet, with tag 14 (public
subkey), with a two-octet packet length */
packettag = 0x80 | (14 << 2) | 1;
write(1, &packettag, sizeof(packettag));
plen = htons(packetlen);
write(1, &plen, sizeof(plen));
openpgpversion = 4;
write(1, &openpgpversion, 1);
timestamp = time(NULL);
clunkytime = htonl(timestamp);
write(1, &clunkytime, 4);
/* FIXME: handle things other than RSA */
openpgpalgo = 1;
write(1, &openpgpalgo, 1);
write_openpgp_mpi_to_fd(1, &m);
write_openpgp_mpi_to_fd(1, &e);
gnutls_x509_privkey_deinit(x509_privkey);
gnutls_global_deinit();
return 0;
}