turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use check_card_algo_ecc() when uploading keys: if algo_list is available and oid is not listed, error out of upload_key().

Browse source
This commit is contained in:
Heiko Schaefer 2021-08-27 21:42:18 +02:00
parent cb2269c761
commit a55f0f6621
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
openpgp-card/src/keys.rs
View file

@ -195,6 +195,19 @@ pub(crate) fn upload_key(
// Derive Algo from the key we're importing, and see if the // Derive Algo from the key we're importing, and see if the
// card returns an error. // card returns an error.
// If we have an algo_list, refuse upload if oid is now allowed.
if let Some(algo_list) = algo_list {
let oid = ecc_key.get_oid();
if !check_card_algo_ecc(algo_list, key_type, oid) {
// If oid is not in algo_list, return error.
return Err(anyhow!(
"Oid {:?} unsupported according to algo_list",
oid
)
.into());
}
}
// (Looking up a suitable algorithm in the card's "Algorithm // (Looking up a suitable algorithm in the card's "Algorithm
// Information" seems to do more harm than good, because some // Information" seems to do more harm than good, because some
// cards report erroneous information about supported // cards report erroneous information about supported