From a55f0f66219393ab9d782fe50f0dac6100a8f39d Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Fri, 27 Aug 2021 21:42:18 +0200 Subject: [PATCH] Use check_card_algo_ecc() when uploading keys: if algo_list is available and oid is not listed, error out of upload_key(). --- openpgp-card/src/keys.rs | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/openpgp-card/src/keys.rs b/openpgp-card/src/keys.rs index c1ca89e..4bdee13 100644 --- a/openpgp-card/src/keys.rs +++ b/openpgp-card/src/keys.rs @@ -195,6 +195,19 @@ pub(crate) fn upload_key( // Derive Algo from the key we're importing, and see if the // card returns an error. + // If we have an algo_list, refuse upload if oid is now allowed. + if let Some(algo_list) = algo_list { + let oid = ecc_key.get_oid(); + if !check_card_algo_ecc(algo_list, key_type, oid) { + // If oid is not in algo_list, return error. + return Err(anyhow!( + "Oid {:?} unsupported according to algo_list", + oid + ) + .into()); + } + } + // (Looking up a suitable algorithm in the card's "Algorithm // Information" seems to do more harm than good, because some // cards report erroneous information about supported