security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

agent,ssh: Support "Use-for-ssh" flag in private key. 

* agent/findkey.c (public_key_from_file): Support "Use-for-ssh"
when it's in extended format.

--

GnuPG-bug-id: 5985
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2022-05-26 17:34:16 +09:00
parent 193fcc2f7a
commit d86b6c28fc
1 changed files with 22 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
agent/findkey.c
View File

@ -1384,26 +1384,38 @@ public_key_from_file (ctrl_t ctrl, const unsigned char *grip,
if (err) if (err)
return err; return err;
if (keymeta) if (for_ssh)
{ {
/* Use-for-ssh: yes */
/* Token: <SERIALNO> <IDSTR> */ /* Token: <SERIALNO> <IDSTR> */
const char *p = nvc_get_string (keymeta, "Token:"); const char *p;
int is_ssh = 0;
if (!p) if (keymeta == NULL)
return gpg_error (GPG_ERR_WRONG_KEY_USAGE); return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
while (*p && !spacep (p)) if ((p = nvc_get_string (keymeta, "Use-for-ssh:"))
p++; && !strcmp (p, "yes"))
is_ssh = 1;
if (!*p) if ((p = nvc_get_string (keymeta, "Token:")))
return gpg_error (GPG_ERR_WRONG_KEY_USAGE); {
while (*p && !spacep (p))
p++;
p++; if (*p)
if (strcmp (p, "OPENPGP.3")) {
return gpg_error (GPG_ERR_WRONG_KEY_USAGE); p++;
if (!strcmp (p, "OPENPGP.3"))
is_ssh = 1;
}
}
nvc_release (keymeta); nvc_release (keymeta);
keymeta = NULL; keymeta = NULL;
if (!is_ssh)
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
} }
for (i=0; i < DIM (array); i++) for (i=0; i < DIM (array); i++)