Use check_card_algo_ecc() when uploading keys: if algo_list is available and oid is not listed, error out of upload_key().

2021-08-27 21:42:18 +02:00 · 2021-08-27 21:42:18 +02:00 · a55f0f6621
commit a55f0f6621
parent cb2269c761
1 changed files with 13 additions and 0 deletions
--- a/openpgp-card/src/keys.rs
+++ b/openpgp-card/src/keys.rs
@ -195,6 +195,19 @@ pub(crate) fn upload_key(
            // Derive Algo from the key we're importing, and see if the
            // card returns an error.

+            // If we have an algo_list, refuse upload if oid is now allowed.
+            if let Some(algo_list) = algo_list {
+                let oid = ecc_key.get_oid();
+                if !check_card_algo_ecc(algo_list, key_type, oid) {
+                    // If oid is not in algo_list, return error.
+                    return Err(anyhow!(
+                        "Oid {:?} unsupported according to algo_list",
+                        oid
+                    )
+                    .into());
+                }
+            }
+
            // (Looking up a suitable algorithm in the card's "Algorithm
            // Information" seems to do more harm than good, because some
            // cards report erroneous information about supported