From 159e801043de479d9899fccb07a79fbbcc76e751 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 29 Jan 2025 18:06:15 +0100
Subject: gpgsm: Allow unattended PKCS#12 export without passphrase.

* sm/gpgsm.c (oNoProtection): New.
(opts): Add "--no-protection".
(main): PArse it.
* sm/gpgsm.h (struct server_control_s): Add field no_protection.
* sm/server.c (option_handler): Add option "no-protection".
(reset_notify): Clear option.
* sm/export.c (export_p12): Use empty passphrase if option is set.
---
 sm/export.c | 34 ++++++++++++++++++++--------------
 sm/gpgsm.c  |  6 ++++++
 sm/gpgsm.h  |  2 ++
 sm/server.c |  6 ++++++
 4 files changed, 34 insertions(+), 14 deletions(-)

(limited to 'sm')

diff --git a/sm/export.c b/sm/export.c
index bee22e97a..890d7d1af 100644
--- a/sm/export.c
+++ b/sm/export.c
@@ -316,11 +316,12 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
 
 
 /* Export a certificate and its private key.  RAWMODE controls the
-   actual output:
-       0 - Private key and certificate in PKCS#12 format
-       1 - Only unencrypted private key in PKCS#8 format
-       2 - Only unencrypted private key in PKCS#1 format
-    */
+ * actual output:
+ *     0 - Private key and certificate in PKCS#12 format
+ *         (With --no-protection no PKSC#12 passphrase is used)
+ *     1 - Only unencrypted private key in PKCS#8 format
+ *     2 - Only unencrypted private key in PKCS#1 format
+ */
 void
 gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
 {
@@ -714,22 +715,27 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
 
   if (rawmode)
     {
-      /* Export in raw mode, that is only the pkcs#1/#8 private key. */
+      /* Export in raw mode, that is only the pkcs#1/#8 unprotected
+       * private key. */
       result = p12_raw_build (kparms, rawmode, &resultlen);
       if (!result)
         err = gpg_error (GPG_ERR_GENERAL);
     }
   else
     {
-      err = gpgsm_agent_ask_passphrase
-        (ctrl,
-         i18n_utf8 (N_("Please enter the passphrase to protect the "
-                       "new PKCS#12 object.")),
-         1, &passphrase);
-      if (err)
-        goto leave;
+      if (!ctrl->no_protection)
+        {
+          err = gpgsm_agent_ask_passphrase
+            (ctrl,
+             i18n_utf8 (N_("Please enter the passphrase to protect the "
+                           "new PKCS#12 object.")),
+             1, &passphrase);
+          if (err)
+            goto leave;
+        }
 
-      result = p12_build (kparms, certimg, certimglen, passphrase,
+      result = p12_build (kparms, certimg, certimglen,
+                          ctrl->no_protection? "" : passphrase,
                           opt.p12_charset, &resultlen);
       xfree (passphrase);
       passphrase = NULL;
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index bea0184e3..b60f0bb46 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -135,6 +135,7 @@ enum cmd_and_opt_values {
 
   oPassphraseFD,
   oPinentryMode,
+  oNoProtection,
   oRequestOrigin,
 
   oAssumeArmor,
@@ -436,6 +437,7 @@ static gpgrt_opt_t opts[] = {
   ARGPARSE_s_n (oDisableFdTranslation, "disable-fd-translation", "@"),
   ARGPARSE_s_i (oPassphraseFD,    "passphrase-fd", "@"),
   ARGPARSE_s_s (oPinentryMode,    "pinentry-mode", "@"),
+  ARGPARSE_s_n (oNoProtection,    "no-protection", "@"),
 
 
   ARGPARSE_header (NULL, N_("Other options")),
@@ -1178,6 +1180,10 @@ main ( int argc, char **argv)
             log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str);
 	  break;
 
+        case oNoProtection:
+          ctrl.no_protection = 1;
+          break;
+
         case oRequestOrigin:
           opt.request_origin = parse_request_origin (pargs.r.ret_str);
           if (opt.request_origin == -1)
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index be5e79c9a..23cba59e1 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -284,6 +284,8 @@ struct server_control_s
    * progress info and to decide on how to allocate buffers.  */
   uint64_t input_size_hint;
 
+  int no_protection;  /* No passphrase for PKCS#12 export.  */
+
   int create_base64;  /* Create base64 encoded output */
   int create_pem;     /* create PEM output */
   const char *pem_name; /* PEM name to use */
diff --git a/sm/server.c b/sm/server.c
index 345c3167b..c0542dc9a 100644
--- a/sm/server.c
+++ b/sm/server.c
@@ -318,6 +318,11 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
     {
       ctrl->input_size_hint = string_to_u64 (value);
     }
+  else if (!strcmp (key, "no-protection"))
+    {
+      int i = *value? atoi (value) : 0;
+      ctrl->no_protection = !!i;
+    }
   else
     err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
 
@@ -338,6 +343,7 @@ reset_notify (assuan_context_t ctx, char *line)
   ctrl->server_local->recplist = NULL;
   ctrl->server_local->signerlist = NULL;
   ctrl->always_trust = 0;
+  ctrl->no_protection = 0;
   close_message_fp (ctrl);
   assuan_close_input_fd (ctx);
   assuan_close_output_fd (ctx);
-- 
cgit v1.2.3