agent,ssh: Make not-inserted OpenPGP.3 keys available for SSH.

* agent/agent.h (agent_ssh_key_from_file): New. * agent/command-ssh.c (get_ssh_keyinfo_on_cards): New. (ssh_send_available_keys): Loop on the GNUPG_PRIVATE_KEYS_DIR. Support keys by agent_ssh_key_from_file. (ssh_handler_request_identities): Move card key handling to ssh_send_available_keys. * agent/findkey.c (public_key_from_file): New. Adding handling for SSH. (agent_public_key_from_file): Use public_key_from_file. (agent_ssh_key_from_file): New. -- GnuPG-bug-id: 5996 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-07-03 22:56:33 +02:00 · 2022-05-26 17:10:54 +09:00 · 2022-05-26 17:10:54 +09:00 · 193fcc2f7a
commit 193fcc2f7a
parent c07c79a1d7
3 changed files with 206 additions and 85 deletions
--- a/agent/findkey.c
+++ b/agent/findkey.c
@ -1351,14 +1351,14 @@ agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip,
   at RESULT.  This function extracts the public key from the private
   key database.  On failure an error code is returned and NULL stored
   at RESULT. */
-gpg_error_t
-agent_public_key_from_file (ctrl_t ctrl,
-                            const unsigned char *grip,
-                            gcry_sexp_t *result)
+static gpg_error_t
+public_key_from_file (ctrl_t ctrl, const unsigned char *grip,
+                      gcry_sexp_t *result, int for_ssh)
 {
  gpg_error_t err;
  int i, idx;
  gcry_sexp_t s_skey;
+  nvc_t keymeta = NULL;
  const char *algoname, *elems;
  int npkey;
  gcry_mpi_t array[10];
@ -1380,10 +1380,32 @@ agent_public_key_from_file (ctrl_t ctrl,

  *result = NULL;

-  err = read_key_file (grip, &s_skey, NULL);
+  err = read_key_file (grip, &s_skey, for_ssh? &keymeta : NULL);
  if (err)
    return err;

+  if (keymeta)
+    {
+      /* Token: <SERIALNO> <IDSTR> */
+      const char *p = nvc_get_string (keymeta, "Token:");
+
+      if (!p)
+        return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
+
+      while (*p && !spacep (p))
+        p++;
+
+      if (!*p)
+        return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
+
+      p++;
+      if (strcmp (p, "OPENPGP.3"))
+        return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
+
+      nvc_release (keymeta);
+      keymeta = NULL;
+    }
+
  for (i=0; i < DIM (array); i++)
    array[i] = NULL;

@ -1472,6 +1494,22 @@ agent_public_key_from_file (ctrl_t ctrl,
  return err;
 }

+gpg_error_t
+agent_public_key_from_file (ctrl_t ctrl,
+                            const unsigned char *grip,
+                            gcry_sexp_t *result)
+{
+  return public_key_from_file (ctrl, grip, result, 0);
+}
+
+gpg_error_t
+agent_ssh_key_from_file (ctrl_t ctrl,
+                         const unsigned char *grip,
+                         gcry_sexp_t *result)
+{
+  return public_key_from_file (ctrl, grip, result, 1);
+}
+

 /* Check whether the secret key identified by GRIP is available.
   Returns 0 is the key is available.  */