summaryrefslogtreecommitdiff
path: root/gpg2ssh/ssh2gpg.c
blob: b14a54004e0d6568f1324fefc84dc14ed5c06333 (plain) 
    

  1. #include "gnutls-helpers.h"
    2. 

  2. 

  3. #include <gnutls/openpgp.h>
    4. 

  4. #include <gnutls/x509.h>
    5. 

  5. 

  6. /* for waitpid() */
    7. 

  7. #include <sys/types.h>
    8. 

  8. #include <sys/wait.h>
    9. 

  9. 

  10. /* for time() */
    11. 

  11. #include <time.h>
    12. 

  12. 

  13. /* for htons() */
    14. 

  14. #include <arpa/inet.h>
    15. 

  15. 

  16. 

  17. /* 
    18. 

  18.    Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    19. 

  19.    Date: Sun, 2008-04-20
    20. 

  20.    License: GPL v3 or later
    21. 

    22. 

  22.    monkeysphere public key translator: execute this with an ssh
    23. 

  23.    private key on stdin.  It currently only works with RSA keys.
    24. 

    25. 

  25.    it should eventually work with OpenSSH-style public keys instead of
    26. 

  26.    the full private key, but it was easier to do this way.
    27. 

    28. 

  28.    It shoud spit out a version of the public key suitable for acting
    29. 

  29.    as an OpenPGP public sub key packet.
    30. 

    31. 

  31.  */
    32. 

  32. 

  33. int main(int argc, char* argv[]) {
    34. 

  34.   gnutls_datum_t data;
    35. 

  35.   int ret;
    36. 

  36.   gnutls_x509_privkey_t x509_privkey;
    37. 

  37.   gnutls_openpgp_crt_t openpgp_crt;
    38. 

  38.   gnutls_openpgp_keyid_t keyid;
    39. 

  39.   printable_keyid p_keyid;
    40. 

  40.   unsigned int keyidx;
    41. 

  41.   unsigned int usage, bits;
    42. 

  42.   gnutls_pk_algorithm_t algo;
    43. 

  43. 

  44.   unsigned char packettag;
    45. 

  45.   unsigned char openpgpversion;
    46. 

  46.   time_t timestamp;
    47. 

  47.   uint32_t clunkytime;
    48. 

  48.   unsigned char openpgpalgo;
    49. 

  49.   unsigned int packetlen;
    50. 

  50.   uint16_t plen;
    51. 

  51. 

  52.   gnutls_datum_t m, e, d, p, q, u, g, y;
    53. 

  53.   gnutls_datum_t algolabel;
    54. 

  54. 

  55.   char output_data[10240];
    56. 

  56.   char userid[10240];
    57. 

  57.   size_t uidsz = sizeof(userid);
    58. 

  58. 

  59.   const gnutls_datum_t* all[5];
    60. 

  60.   int pipefd;
    61. 

  61.   pid_t child_pid;
    62. 

  62.   char* const args[] = {"/usr/bin/base64", "--wrap=0", NULL};
    63. 

  63.   const char* algoname;
    64. 

  64.   int mpicount;
    65. 

  65.   int pipestatus;
    66. 

  66. 

  67.   init_gnutls();
    68. 

  68.   
    69. 

  69.   init_datum(&data);
    70. 

  70. 

  71.   init_datum(&m);
    72. 

  72.   init_datum(&e);
    73. 

  73.   init_datum(&d);
    74. 

  74.   init_datum(&p);
    75. 

  75.   init_datum(&q);
    76. 

  76.   init_datum(&u);
    77. 

  77.   init_datum(&g);
    78. 

  78.   init_datum(&y);
    79. 

  79. 

  80.   init_datum(&algolabel);
    81. 

  81. 

  82.   init_keyid(keyid);
    83. 

  83. 

  84.   /* slurp in the private key from stdin */
    85. 

  85.   if (ret = set_datum_fd(&data, 0), ret) {
    86. 

  86.     err("didn't read file descriptor 0\n");
    87. 

  87.     return 1;
    88. 

  88.   }
    89. 

  89. 

  90. 

  91.   if (ret = gnutls_x509_privkey_init(&x509_privkey), ret) {
    92. 

  92.     err("Failed to initialize private key structure (error: %d)\n", ret);
    93. 

  93.     return 1;
    94. 

  94.   }
    95. 

  95. 

  96.   err("assuming PEM formatted private key\n");
    97. 

  97.   if (ret = gnutls_x509_privkey_import(x509_privkey, &data, GNUTLS_X509_FMT_PEM), ret) {
    98. 

  98.     err("failed to import the PEM-encoded private key (error: %d)\n", ret);
    99. 

  99.     return ret;
    100. 

  100.   }
    101. 

  101. 

  102.   algo = gnutls_x509_privkey_get_pk_algorithm(x509_privkey);
    103. 

  103.   if (algo < 0) {
    104. 

  104.     err("failed to get the algorithm of the PEM-encoded public key (error: %d)\n", algo);
    105. 

  105.     return algo;
    106. 

  106.   } else if (algo == GNUTLS_PK_RSA) {
    107. 

  107.     err("RSA private key\n");
    108. 

  108.     ret = gnutls_x509_privkey_export_rsa_raw(x509_privkey, &m, &e, &d, &p, &q, &u);
    109. 

  109.     if (GNUTLS_E_SUCCESS != ret) {
    110. 

  110.       err ("failed to export RSA key parameters (error: %d)\n", ret);
    111. 

  111.       return 1;
    112. 

  112.     }
    113. 

  113.     err("Modulus size %d, exponent size %d\n", m.size, e.size);
    114. 

  114.   } else if (algo == GNUTLS_PK_DSA) {
    115. 

  115.     err("DSA Key, not implemented!!\n", bits);
    116. 

  116.     return 1;
    117. 

  117.   } else {
    118. 

  118.     err("Key was not RSA or DSA -- can't deal! (actual algorithm was: %d)\n", algo);
    119. 

  119.     return 1;
    120. 

  120.   }
    121. 

  121. 

  122.   /* now we have algo, and the various MPI data are set.  Can we
    123. 

  123.      export them as a public subkey packet? */
    124. 

  124. 

  125.   /* this packet should be tagged 14, and should contain:
    126. 

    127. 

  127.      1 octet: version (4)
    128. 

  128.      4 octets: time of generation (seconds since 1970)
    129. 

  129.      1 octet: algo (http://tools.ietf.org/html/rfc4880#section-5.5.2 implies 1 for RSA)
    130. 

  130.  
    131. 

  131.      MPI: modulus
    132. 

  132.      MPI: exponent
    133. 

  133.   */
    134. 

  134. 

  135.   packetlen = 1 + 4 + 1;
    136. 

  136.   /* FIXME: this is RSA only.  for DSA, there'll be more: */
    137. 

  137.   packetlen += get_openpgp_mpi_size(&m) + get_openpgp_mpi_size(&e);
    138. 

  138. 

  139.   /* FIXME: we should generate this bound more cleanly -- i just
    140. 

  140.      happen to know that 65535 is 2^16-1: */
    141. 

  141.   if (packetlen > 65535) {
    142. 

  142.     err("packet length is too long (%d)\n", packetlen);
    143. 

  143.     return 1;
    144. 

  144.   }
    145. 

  145. 

  146.   /* we're going to emit an old-style packet, with tag 14 (public
    147. 

  147.      subkey), with a two-octet packet length */
    148. 

  148.   packettag = 0x80 | (14 << 2) | 1;
    149. 

  149.   
    150. 

  150.   write(1, &packettag, sizeof(packettag));
    151. 

  151.   plen = htons(packetlen);
    152. 

  152.   write(1, &plen, sizeof(plen));
    153. 

  153. 

  154.   openpgpversion = 4;
    155. 

  155.   write(1, &openpgpversion, 1);
    156. 

  156. 

  157.   timestamp = time(NULL);
    158. 

  158.   clunkytime = htonl(timestamp);
    159. 

  159.   write(1, &clunkytime, 4);
    160. 

  160. 

  161.   /* FIXME: handle things other than RSA */
    162. 

  162.   openpgpalgo = 1;
    163. 

  163.   write(1, &openpgpalgo, 1);
    164. 

  164.   
    165. 

  165.   write_openpgp_mpi_to_fd(1, &m);
    166. 

  166.   write_openpgp_mpi_to_fd(1, &e);
    167. 

  167. 

  168.   gnutls_x509_privkey_deinit(x509_privkey);
    169. 

  169.   gnutls_global_deinit();
    170. 

  170.   return 0;
    171. 

  171. }
    172.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-16 07:38:20 +0000