diff options
Diffstat (limited to 'agent/command.c')
| -rw-r--r-- | agent/command.c | 80 |
1 files changed, 79 insertions, 1 deletions
diff --git a/agent/command.c b/agent/command.c index 2e996d096..9351ef615 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1297,6 +1297,7 @@ cmd_keyattr (assuan_context_t ctx, char *line) static const char hlp_readkey[] = "READKEY [--no-data] [--format=ssh] <hexstring_with_keygrip>\n" " --card <keyid>\n" + " --token <hexstring_with_keygrip>\n" "\n" "Return the public key for the given keygrip or keyid.\n" "With --card, private key file with card information will be created."; @@ -1309,13 +1310,14 @@ cmd_readkey (assuan_context_t ctx, char *line) gcry_sexp_t s_pkey = NULL; unsigned char *pkbuf = NULL; size_t pkbuflen; - int opt_card, opt_no_data, opt_format_ssh; + int opt_card, opt_token, opt_no_data, opt_format_ssh; if (ctrl->restricted) return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); opt_no_data = has_option (line, "--no-data"); opt_card = has_option (line, "--card"); + opt_token = has_option (line, "--token"); opt_format_ssh = has_option (line, "--format=ssh"); line = skip_options (line); @@ -1367,6 +1369,34 @@ cmd_readkey (assuan_context_t ctx, char *line) xfree (serialno); xfree (keyidbuf); } + else if (opt_token) + { + const char *keygrip = line; + + rc = agent_tkd_readkey (ctrl, keygrip, &pkbuf, &pkbuflen); + if (rc) + goto leave; + rc = gcry_sexp_sscan (&s_pkey, NULL, (char*)pkbuf, pkbuflen); + if (rc) + goto leave; + + if (!gcry_pk_get_keygrip (s_pkey, grip)) + { + rc = gcry_pk_testkey (s_pkey); + if (rc == 0) + rc = gpg_error (GPG_ERR_INTERNAL); + + goto leave; + } + + if (agent_key_available (grip)) + { + /* (Shadow)-key is not available in our key storage. */ + rc = agent_write_shadow_key (grip, NULL, NULL, pkbuf, 0); + if (rc) + goto leave; + } + } else { rc = parse_keygrip (ctx, line, grip); @@ -2648,6 +2678,53 @@ cmd_scd (assuan_context_t ctx, char *line) } +static const char hlp_tkd[] = + "TKD <commands to pass to the tkdaemon>\n" + " \n" + "This is a general quote command to redirect everything to the\n" + "TKdaemon."; +static gpg_error_t +cmd_tkd (assuan_context_t ctx, char *line) +{ + int rc; +#ifdef BUILD_WITH_TKDAEMON + ctrl_t ctrl = assuan_get_pointer (ctx); + + if (ctrl->restricted) + { + const char *argv[5]; + int argc; + char *l; + + l = xtrystrdup (line); + if (!l) + return gpg_error_from_syserror (); + + argc = split_fields (l, argv, DIM (argv)); + + /* These commands are allowed. */ + if ((argc >= 1 && !strcmp (argv[0], "SLOTLIST")) + || (argc == 2 + && !strcmp (argv[0], "GETINFO") + && !strcmp (argv[1], "version")) + || (argc == 2 + && !strcmp (argv[0], "KEYINFO") + && !strcmp (argv[1], "--list=encr"))) + xfree (l); + else + { + xfree (l); + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + } + } + + rc = divert_tkd_cmd (ctrl, line); +#else + (void)ctx; (void)line; + rc = gpg_error (GPG_ERR_NOT_SUPPORTED); +#endif + return rc; +} static const char hlp_keywrap_key[] = "KEYWRAP_KEY [--clear] <mode>\n" @@ -4198,6 +4275,7 @@ register_commands (assuan_context_t ctx) { "INPUT", NULL }, { "OUTPUT", NULL }, { "SCD", cmd_scd, hlp_scd }, + { "TKD", cmd_tkd, hlp_tkd }, { "KEYWRAP_KEY", cmd_keywrap_key, hlp_keywrap_key }, { "IMPORT_KEY", cmd_import_key, hlp_import_key }, { "EXPORT_KEY", cmd_export_key, hlp_export_key }, |