From 0e19c4879193ed7fa61ad5d488f237b2b5b5d1d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
Date: Mon, 3 Jan 2022 16:25:40 +0100
Subject: core: New export mode to export secret subkeys.

* src/gpgme.h.in (GPGME_EXPORT_MODE_SECRET_SUBKEY): New.
* src/export.c (check_mode): Allow new mode and check for invalid
combinations.
(export_keys_start): Return error if new mode flag is set.
* src/engine-gpg.c (export_common): Implement.
* src/gpgme-tool.c (cmd_export): New option --secret-subkey.
* tests/run-export.c (main): New option --secret-subkey.
--

This adds support for exporting secret subkeys (via gpg's
--export-secret-subkeys) to gpgme_op_export[_ext][_start].
The flag is not supported by gpgme_op_export_keys[_start] because
there is no way to specify which subkey(s) to export with these
functions.

GnuPG-bug-id: 5757
---
 src/export.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

(limited to 'src/export.c')

diff --git a/src/export.c b/src/export.c
index 637badf9..c5bcca6e 100644
--- a/src/export.c
+++ b/src/export.c
@@ -125,7 +125,8 @@ check_mode (gpgme_export_mode_t mode, gpgme_protocol_t protocol,
                 |GPGME_EXPORT_MODE_SECRET
                 |GPGME_EXPORT_MODE_SSH
                 |GPGME_EXPORT_MODE_RAW
-                |GPGME_EXPORT_MODE_PKCS12)))
+                |GPGME_EXPORT_MODE_PKCS12
+                |GPGME_EXPORT_MODE_SECRET_SUBKEY)))
     return gpg_error (GPG_ERR_INV_VALUE); /* Invalid flags in MODE.  */
 
   if ((mode & GPGME_EXPORT_MODE_SSH))
@@ -134,7 +135,8 @@ check_mode (gpgme_export_mode_t mode, gpgme_protocol_t protocol,
                     |GPGME_EXPORT_MODE_MINIMAL
                     |GPGME_EXPORT_MODE_SECRET
                     |GPGME_EXPORT_MODE_RAW
-                    |GPGME_EXPORT_MODE_PKCS12)))
+                    |GPGME_EXPORT_MODE_PKCS12
+                    |GPGME_EXPORT_MODE_SECRET_SUBKEY)))
           return gpg_error (GPG_ERR_INV_FLAG);  /* Combination not allowed. */
     }
 
@@ -151,6 +153,12 @@ check_mode (gpgme_export_mode_t mode, gpgme_protocol_t protocol,
         return gpg_error (GPG_ERR_INV_FLAG);  /* Only supported for X.509.  */
     }
 
+  if ((mode & GPGME_EXPORT_MODE_SECRET_SUBKEY))
+    {
+      if ((mode & GPGME_EXPORT_MODE_EXTERN))
+        return gpg_error (GPG_ERR_INV_FLAG);  /* Combination not allowed. */
+    }
+
   if ((mode & GPGME_EXPORT_MODE_EXTERN))
     {
       if (keydata)
@@ -369,6 +377,11 @@ export_keys_start (gpgme_ctx_t ctx, int synchronous, gpgme_key_t keys[],
   if (!keys)
     return gpg_error (GPG_ERR_INV_VALUE);
 
+  if ((mode & GPGME_EXPORT_MODE_SECRET_SUBKEY))
+    {
+      return gpg_error (GPG_ERR_INV_FLAG);
+    }
+
   /* Create a list of pattern from the keys.  */
   for (idx=nkeys=0; keys[idx]; idx++)
     if (keys[idx]->protocol == ctx->protocol)
-- 
cgit v1.2.3