security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

agent: Put ssh key type as comment into sshcontrol.

Browse Source 
* agent/command-ssh.c (ssh_key_type_spec): Add field name.
(ssh_key_types): Add human readable names.
(add_control_entry): Add arg SPEC and print key type as comment.
(ssh_identity_register): Add arg SPEC.
(ssh_handler_add_identity): Add var SPEC and pass ssh_receive_key.
This commit is contained in:
Werner Koch 2014-03-22 21:28:35 +01:00
parent 072432883e
commit fc3e70c113
1 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
agent/command-ssh.c
View File

@ -148,6 +148,9 @@ struct ssh_key_type_spec
/* Algorithm identifier as used by OpenSSH. */ /* Algorithm identifier as used by OpenSSH. */
const char *ssh_identifier; const char *ssh_identifier;
/* Human readable name of the algorithm. */
const char *name;
/* Algorithm identifier as used by GnuPG. */ /* Algorithm identifier as used by GnuPG. */
const char *identifier; const char *identifier;
@ -271,32 +274,32 @@ static ssh_request_spec_t request_specs[] =
static ssh_key_type_spec_t ssh_key_types[] = static ssh_key_type_spec_t ssh_key_types[] =
{ {
{ {
"ssh-ed25519", "ecc", "qd", "q", "rs", "qd", "ssh-ed25519", "Ed25519", "ecc", "qd", "q", "rs", "qd",
NULL, ssh_signature_encoder_eddsa, NULL, ssh_signature_encoder_eddsa,
"Ed25519", 0, SPEC_FLAG_IS_EdDSA "Ed25519", 0, SPEC_FLAG_IS_EdDSA
}, },
{ {
"ssh-rsa", "rsa", "nedupq", "en", "s", "nedpqu", "ssh-rsa", "RSA", "rsa", "nedupq", "en", "s", "nedpqu",
ssh_key_modifier_rsa, ssh_signature_encoder_rsa, ssh_key_modifier_rsa, ssh_signature_encoder_rsa,
NULL, 0, SPEC_FLAG_USE_PKCS1V2 NULL, 0, SPEC_FLAG_USE_PKCS1V2
}, },
{ {
"ssh-dss", "dsa", "pqgyx", "pqgy", "rs", "pqgyx", "ssh-dss", "DSA", "dsa", "pqgyx", "pqgy", "rs", "pqgyx",
NULL, ssh_signature_encoder_dsa, NULL, ssh_signature_encoder_dsa,
NULL, 0, 0 NULL, 0, 0
}, },
{ {
"ecdsa-sha2-nistp256", "ecdsa", "qd", "q", "rs", "qd", "ecdsa-sha2-nistp256", "ECDSA", "ecdsa", "qd", "q", "rs", "qd",
NULL, ssh_signature_encoder_ecdsa, NULL, ssh_signature_encoder_ecdsa,
"nistp256", GCRY_MD_SHA256, SPEC_FLAG_IS_ECDSA "nistp256", GCRY_MD_SHA256, SPEC_FLAG_IS_ECDSA
}, },
{ {
"ecdsa-sha2-nistp384", "ecdsa", "qd", "q", "rs", "qd", "ecdsa-sha2-nistp384", "ECDSA", "ecdsa", "qd", "q", "rs", "qd",
NULL, ssh_signature_encoder_ecdsa, NULL, ssh_signature_encoder_ecdsa,
"nistp384", GCRY_MD_SHA384, SPEC_FLAG_IS_ECDSA "nistp384", GCRY_MD_SHA384, SPEC_FLAG_IS_ECDSA
}, },
{ {
"ecdsa-sha2-nistp521", "ecdsa", "qd", "q", "rs", "qd", "ecdsa-sha2-nistp521", "ECDSA", "ecdsa", "qd", "q", "rs", "qd",
NULL, ssh_signature_encoder_ecdsa, NULL, ssh_signature_encoder_ecdsa,
"nistp521", GCRY_MD_SHA512, SPEC_FLAG_IS_ECDSA "nistp521", GCRY_MD_SHA512, SPEC_FLAG_IS_ECDSA
} }
@ -1061,7 +1064,8 @@ search_control_file (ssh_control_file_t cf, const char *hexgrip,
general used to add a key received through the ssh-add function. general used to add a key received through the ssh-add function.
We can assume that the user wants to allow ssh using this key. */ We can assume that the user wants to allow ssh using this key. */
static gpg_error_t static gpg_error_t
add_control_entry (ctrl_t ctrl, const char *hexgrip, const char *fmtfpr, add_control_entry (ctrl_t ctrl, ssh_key_type_spec_t *spec,
const char *hexgrip, const char *fmtfpr,
int ttl, int confirm) int ttl, int confirm)
{ {
gpg_error_t err; gpg_error_t err;
@ -1084,9 +1088,10 @@ add_control_entry (ctrl_t ctrl, const char *hexgrip, const char *fmtfpr,
opened in append mode, we simply need to write to it. */ opened in append mode, we simply need to write to it. */
tp = localtime (&atime); tp = localtime (&atime);
fprintf (cf->fp, fprintf (cf->fp,
("# Key added on: %04d-%02d-%02d %02d:%02d:%02d\n" ("# %s key added on: %04d-%02d-%02d %02d:%02d:%02d\n"
"# Fingerprint: %s\n" "# MD5 Fingerprint: %s\n"
"%s %d%s\n"), "%s %d%s\n"),
spec->name,
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
tp->tm_hour, tp->tm_min, tp->tm_sec, tp->tm_hour, tp->tm_min, tp->tm_sec,
fmtfpr, hexgrip, ttl, confirm? " confirm":""); fmtfpr, hexgrip, ttl, confirm? " confirm":"");
@ -3064,7 +3069,8 @@ reenter_compare_cb (struct pin_entry_info_s *pi)
our key storage, don't do anything. When entering a new key also our key storage, don't do anything. When entering a new key also
add an entry to the sshcontrol file. */ add an entry to the sshcontrol file. */
static gpg_error_t static gpg_error_t
ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl, int confirm) ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
gcry_sexp_t key, int ttl, int confirm)
{ {
gpg_error_t err; gpg_error_t err;
unsigned char key_grip_raw[20]; unsigned char key_grip_raw[20];
@ -3158,7 +3164,7 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl, int confirm)
goto out; goto out;
/* And add an entry to the sshcontrol file. */ /* And add an entry to the sshcontrol file. */
err = add_control_entry (ctrl, key_grip, key_fpr, ttl, confirm); err = add_control_entry (ctrl, spec, key_grip, key_fpr, ttl, confirm);
out: out:
@ -3202,6 +3208,7 @@ static gpg_error_t
ssh_handler_add_identity (ctrl_t ctrl, estream_t request, estream_t response) ssh_handler_add_identity (ctrl_t ctrl, estream_t request, estream_t response)
{ {
gpg_error_t ret_err; gpg_error_t ret_err;
ssh_key_type_spec_t spec;
gpg_error_t err; gpg_error_t err;
gcry_sexp_t key; gcry_sexp_t key;
unsigned char b; unsigned char b;
@ -3213,7 +3220,7 @@ ssh_handler_add_identity (ctrl_t ctrl, estream_t request, estream_t response)
ttl = 0; ttl = 0;
/* FIXME? */ /* FIXME? */
err = ssh_receive_key (request, &key, 1, 1, NULL); err = ssh_receive_key (request, &key, 1, 1, &spec);
if (err) if (err)
goto out; goto out;
@ -3252,7 +3259,7 @@ ssh_handler_add_identity (ctrl_t ctrl, estream_t request, estream_t response)
if (err) if (err)
goto out; goto out;
err = ssh_identity_register (ctrl, key, ttl, confirm); err = ssh_identity_register (ctrl, &spec, key, ttl, confirm);
out: out: