New option --ssh-fpr for the agent:KEYINFO command

Also added the option --data.  Hwoever we don't list the other itehms
2.1. does; instead we print dashes.

.gitignore

@@ -31,6 +31,7 @@ agent/gpg-agent
 agent/gpg-preset-passphrase
 agent/gpg-protect-tool
 agent/t-protect
+agent/t-ssh-utils
 common/libcommon.a
 common/libcommonpth.a
 common/libgpgrl.a

NEWS

@@ -5,7 +5,8 @@ Noteworthy changes in version 2.0.18 (unreleased)
 
  * Bug fix for newer versions of Libgcrypt.
 
- * Support the SSH confirm flag.
+ * Support the SSH confirm flag and show SSH fingerprint in ssh
+   related pinentries.
 
  * Improved dirmngr/gpgsm interaction for OCSP.
 

agent/ChangeLog

@@ -1,5 +1,8 @@
 2011-08-04  Werner Koch  <wk@g10code.com>
 
+	* command.c (cmd_keyinfo, do_one_keyinfo): Support options --data
+	and --ssh-fpr.
+
 	* command-ssh.c (ssh_identity_register): Display the ssh
 	fingerprint in the prompt.
 	(add_control_entry): Add arg FMTFPR and use it as comment in

agent/command.c

@@ -37,6 +37,7 @@
 #include "agent.h"
 #include <assuan.h>
 #include "i18n.h"
+#include "../common/ssh-utils.h"
 
 /* maximum allowed size of the inquired ciphertext */
 #define MAXLEN_CIPHERTEXT 4096
@@ -832,15 +833,15 @@ cmd_readkey (assuan_context_t ctx, char *line)
 
 
 static const char hlp_keyinfo[] =
-  "KEYINFO [--list] <keygrip>\n"
+  "KEYINFO [--list] [--data] [--ssh-fpr] <keygrip>\n"
   "\n"
   "Return information about the key specified by the KEYGRIP.  If the\n"
   "key is not available GPG_ERR_NOT_FOUND is returned.  If the option\n"
   "--list is given the keygrip is ignored and information about all\n"
   "available keys are returned.  The information is returned as a\n"
-  "status line with this format:\n"
+  "status line unless --data was specified, with this format:\n"
   "\n"
-  "  KEYINFO <keygrip> <type> <serialno> <idstr>\n"
+  "  KEYINFO <keygrip> <type> <serialno> <idstr> - - <fpr>\n"
   "\n"
   "KEYGRIP is the keygrip.\n"
   "\n"
@@ -856,12 +857,18 @@ static const char hlp_keyinfo[] =
   "IDSTR is the IDSTR used to distinguish keys on a smartcard.  If it\n"
   "      is not known a dash is used instead.\n"
   "\n"
+  "FPR returns the formatted ssh-style fingerprint of the key.  It is only\n"
+  "    print if the option --ssh-fpr has been used. '-' is printed if the\n"
+  "    fingerprint is not available.\n"
+  "\n"
   "More information may be added in the future.";
 static gpg_error_t
-do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip)
+do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
+                int data, int with_ssh_fpr)
 {
   gpg_error_t err;
   char hexgrip[40+1];
+  char *fpr = NULL;
   int keytype;
   unsigned char *shadow_info = NULL;
   char *serialno = NULL;
@@ -883,6 +890,18 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip)
   else
     keytypestr = "-";
 
+  /* Compute the ssh fingerprint if requested.  */
+  if (with_ssh_fpr)
+    {
+      gcry_sexp_t key;
+
+      if (!agent_raw_key_from_file (ctrl, grip, &key))
+        {
+          ssh_get_fingerprint_string (key, &fpr);
+          gcry_sexp_release (key);
+        }
+    }
+
   if (shadow_info)
     {
       err = parse_shadow_info (shadow_info, &serialno, &idstr);
@@ -890,13 +909,37 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip)
         goto leave;
     }
 
-  err = agent_write_status (ctrl, "KEYINFO",
+  /* Note that we don't support the CACHED and PROTECTION values as
-                            hexgrip,
+     gnupg 2.1 does.  We print '-' instead.  However we support the
-                            keytypestr,
+     ssh fingerprint.  */
-                            serialno? serialno : "-",
+  if (!data)
-                            idstr? idstr : "-",
+    err = agent_write_status (ctrl, "KEYINFO",
-                            NULL);
+                              hexgrip,
+                              keytypestr,
+                              serialno? serialno : "-",
+                              idstr? idstr : "-",
+                              "-",
+			      "-",
+                              fpr? fpr : "-",
+                              NULL);
+  else
+    {
+      char *string;
+
+      string = xtryasprintf ("%s %s %s %s - - %s\n",
+                             hexgrip, keytypestr,
+                             serialno? serialno : "-",
+                             idstr? idstr : "-",
+                             fpr? fpr : "-");
+      if (!string)
+        err = gpg_error_from_syserror ();
+      else
+        err = assuan_send_data (ctx, string, strlen(string));
+      xfree (string);
+    }
+
  leave:
+  xfree (fpr);
   xfree (shadow_info);
   xfree (serialno);
   xfree (idstr);
@@ -912,8 +955,11 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
   unsigned char grip[20];
   DIR *dir = NULL;
   int list_mode;
+  int opt_data, opt_ssh_fpr;
 
   list_mode = has_option (line, "--list");
+  opt_data = has_option (line, "--data");
+  opt_ssh_fpr = has_option (line, "--ssh-fpr");
   line = skip_options (line);
 
   if (list_mode)
@@ -948,7 +994,7 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
           if ( hex2bin (hexgrip, grip, 20) < 0 )
             continue; /* Bad hex string.  */
 
-          err = do_one_keyinfo (ctrl, grip);
+          err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr);
           if (err)
             goto leave;
         }
@@ -959,7 +1005,7 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
       err = parse_keygrip (ctx, line, grip);
       if (err)
         goto leave;
-      err = do_one_keyinfo (ctrl, grip);
+      err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr);
     }
 
  leave: