[git] GnuPG - branch, master, updated. gnupg-2.1.14-11-g270f7f7
by Justus Winter
cvs at cvs.gnupg.org
Tue Jul 19 16:52:43 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 270f7f7b8b235cc93516566702e2a1d256605cca (commit)
via d7a405de8325aa945ab791dcd3bc48272af33b86 (commit)
from 0c1fd4e9884ed7c1edd1819762b9e8a77f606ed3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 270f7f7b8b235cc93516566702e2a1d256605cca
Author: Justus Winter <justus at g10code.com>
Date: Tue Jul 19 16:48:38 2016 +0200
agent: Add known keys to sshcontrol.
* agent/command-ssh.c (ssh_identity_register): Add a key to sshcontrol
even if it is already in the private key store.
* tests/openpgp/ssh.scm: Test this.
GnuPG-bug-id: 2316
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index e3cd4b9..48f1b3d 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -3152,8 +3152,8 @@ reenter_compare_cb (struct pin_entry_info_s *pi)
/* Store the ssh KEY into our local key storage and protect it after
asking for a passphrase. Cache that passphrase. TTL is the
maximum caching time for that key. If the key already exists in
- our key storage, don't do anything. When entering a new key also
- add an entry to the sshcontrol file. */
+ our key storage, don't do anything. When entering a key also add
+ an entry to the sshcontrol file. */
static gpg_error_t
ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
gcry_sexp_t key, int ttl, int confirm)
@@ -3175,15 +3175,17 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
if (err)
goto out;
- /* Check whether the key is already in our key storage. Don't do
- anything then. */
- if ( !agent_key_available (key_grip_raw) )
- goto out; /* Yes, key is available. */
+ bin2hex (key_grip_raw, 20, key_grip);
err = ssh_get_fingerprint_string (key, &key_fpr);
if (err)
goto out;
+ /* Check whether the key is already in our key storage. Don't do
+ anything then besides (re-)adding it to sshcontrol. */
+ if ( !agent_key_available (key_grip_raw) )
+ goto key_exists; /* Yes, key is available. */
+
err = ssh_key_extract_comment (key, &comment);
if (err)
goto out;
@@ -3249,11 +3251,11 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
goto out;
/* Cache this passphrase. */
- bin2hex (key_grip_raw, 20, key_grip);
err = agent_put_cache (key_grip, CACHE_MODE_SSH, pi->pin, ttl);
if (err)
goto out;
+ key_exists:
/* And add an entry to the sshcontrol file. */
err = add_control_entry (ctrl, spec, key_grip, key_fpr, ttl, confirm);
diff --git a/tests/openpgp/ssh.scm b/tests/openpgp/ssh.scm
index cc47772..fe0b115 100755
--- a/tests/openpgp/ssh.scm
+++ b/tests/openpgp/ssh.scm
@@ -50,3 +50,15 @@
(unless (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "") hash)
(error "key not added"))))
car keys)
+
+(info "Checking for issue2316...")
+(unlink (string-append GNUPGHOME "/sshcontrol"))
+(pipe:do
+ (pipe:open (path-join (in-srcdir "samplekeys")
+ (string-append "ssh-rsa.key"))
+ (logior O_RDONLY O_BINARY))
+ (pipe:spawn `(,SSH-ADD -)))
+(unless
+ (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "")
+ "MD5:c9:85:b5:55:00:84:a9:82:5a:df:d6:62:1b:5a:28:22")
+ (error "known private key not (re-)added to sshcontrol"))
commit d7a405de8325aa945ab791dcd3bc48272af33b86
Author: Justus Winter <justus at g10code.com>
Date: Tue Jul 19 16:17:22 2016 +0200
tests: Add test for ssh support.
* tests/gpgscm/tests.scm (path-expand): New function.
* tests/openpgp/Makefile.am (TESTS): Add new test.
(sample_keys): Add new keys.
(CLEANFILES): Clean ssh socket and control file.
* tests/openpgp/fake-pinentry.c (main): Add a default passphrase.
* tests/openpgp/gpg-agent.conf.tmpl: Enable ssh support.
* tests/openpgp/samplekeys/ssh-dsa.key: New file.
* tests/openpgp/samplekeys/ssh-ecdsa.key: Likewise.
* tests/openpgp/samplekeys/ssh-ed25519.key: Likewise.
* tests/openpgp/samplekeys/ssh-rsa.key: Likewise.
* tests/openpgp/ssh.scm: Likewise.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm
index c32e2fa..58b1430 100644
--- a/tests/gpgscm/tests.scm
+++ b/tests/gpgscm/tests.scm
@@ -183,10 +183,12 @@
(define (in-srcdir what)
(canonical-path (string-append (getenv "srcdir") "/" what)))
-(define (with-path name)
- (let loop ((path (string-split (getenv "GPGSCM_PATH") #\:)))
+;; Try to find NAME in PATHS. Returns the full path name on success,
+;; or raises an error.
+(define (path-expand name paths)
+ (let loop ((path paths))
(if (null? path)
- name
+ (throw "Could not find" name "in" paths)
(let* ((qualified-name (string-append (car path) "/" name))
(file-exists (call-with-input-file qualified-name
(lambda (x) #t))))
@@ -194,6 +196,12 @@
qualified-name
(loop (cdr path)))))))
+;; Expand NAME using the gpgscm load path. Use like this:
+;; (load (with-path "library.scm"))
+(define (with-path name)
+ (catch name
+ (path-expand name (string-split (getenv "GPGSCM_PATH") *pathsep*))))
+
(define (basename path)
(let ((i (string-index path #\/)))
(if (equal? i #f)
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index e8f46da..f1dcf15 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -81,6 +81,7 @@ TESTS = setup.scm \
use-exact-key.scm \
default-key.scm \
export.scm \
+ ssh.scm \
issue2015.scm \
finish.scm
@@ -145,7 +146,11 @@ sample_keys = samplekeys/README \
samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc \
samplekeys/rsa-rsa-sample-1.asc \
samplekeys/ed25519-cv25519-sample-1.asc \
- samplekeys/silent-running.asc
+ samplekeys/silent-running.asc \
+ samplekeys/ssh-dsa.key \
+ samplekeys/ssh-ecdsa.key \
+ samplekeys/ssh-ed25519.key \
+ samplekeys/ssh-rsa.key
EXTRA_DIST = defs.inc defs.scm pinentry.sh $(TESTS) $(TEST_FILES) \
mkdemodirs signdemokey $(priv_keys) $(sample_keys) \
@@ -157,7 +162,7 @@ CLEANFILES = prepared.stamp x y yy z out err $(data_files) \
pubring.gpg pubring.gpg~ pubring.kbx pubring.kbx~ \
secring.gpg pubring.pkr secring.skr \
gnupg-test.stop random_seed gpg-agent.log tofu.db \
- passphrases
+ passphrases sshcontrol S.gpg-agent.ssh
clean-local:
-rm -rf private-keys-v1.d openpgp-revocs.d tofu.d gpgtar.d
diff --git a/tests/openpgp/fake-pinentry.c b/tests/openpgp/fake-pinentry.c
index a651726..6ef6126 100644
--- a/tests/openpgp/fake-pinentry.c
+++ b/tests/openpgp/fake-pinentry.c
@@ -219,7 +219,11 @@ main (int argc, char **argv)
*p = 0;
}
else
- passphrase = skip_options (args);
+ {
+ passphrase = skip_options (args);
+ if (*passphrase == 0)
+ passphrase = "no PINENTRY_USER_DATA -- using default passphrase";
+ }
reply ("# fake-pinentry started. Passphrase='%s'.\n", passphrase);
reply ("OK - what's up?\n");
diff --git a/tests/openpgp/gpg-agent.conf.tmpl b/tests/openpgp/gpg-agent.conf.tmpl
index 70e1633..3559150 100644
--- a/tests/openpgp/gpg-agent.conf.tmpl
+++ b/tests/openpgp/gpg-agent.conf.tmpl
@@ -1,2 +1,3 @@
allow-preset-passphrase
no-grab
+enable-ssh-support
diff --git a/tests/openpgp/samplekeys/ssh-dsa.key b/tests/openpgp/samplekeys/ssh-dsa.key
new file mode 100644
index 0000000..58707b3
--- /dev/null
+++ b/tests/openpgp/samplekeys/ssh-dsa.key
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQCx0bAMKBKzYJugVtUFRRiF8jV4eT8mowj5C0q4QRPuPAGgPdqq
+g1PKmoIpCKLynqH29+BFErp1OOenWKRdu9claTu0lmIrMYeYw8liKsyMTg5/DxoV
+sRXD1DFoKdeZPDVUxOEQWsLf/IuuLXy4c9GxzET88wUDeieV+GcYQFADoQIVAKS7
+giO+VWOnwqr0p/csUWltpo8TAoGBAJcVpe9riXRuxJtmy1sbJJzOvtPtXk5MCpGs
+T/KEXJuVZvu334zkySDd9Is1ML2g5e81ONRCgCGHpwNOzoLC4+yp+pr1E+B2xkUY
+ouEtZWhKlbaYw7UdHiRRMEVJqvu+CdyI2gwOveDSrVhoXmGyz9PQVNoiuRXP2hMF
+C21jNnBrAoGBAILRAY0/mqsaOTII3uC8KvqwbKlmPnYMJr0COmU1PbOXvaeyWLqG
+NHhwPZg6OEhqEk+WMIwb2Dcv70AIYKQU8jX0elh0lk6pE8bomn7/ZIkqa60VG1Cx
+8x2GUNag78LvnLfmUPAXOrrCPfbGuqdogCymUz1qrtEzdOSbeBvCMAAFAhQr1sV4
++UWhlUoExLMDdIyT/ohfxQ==
+-----END DSA PRIVATE KEY-----
diff --git a/tests/openpgp/samplekeys/ssh-ecdsa.key b/tests/openpgp/samplekeys/ssh-ecdsa.key
new file mode 100644
index 0000000..db7c45c
--- /dev/null
+++ b/tests/openpgp/samplekeys/ssh-ecdsa.key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIF8Mt42n5l2eJB2rk5TSnS98xAtR2VfmmI96WT5OtFrdoAoGCCqGSM49
+AwEHoUQDQgAEsphhghltvEj+1rFEcIlSNy2ze7IMHdhGsH060PwOzjKTy15M8zHI
+uaH9SOMXTzn3Bial8bxrXLsOYEhRZhYSrA==
+-----END EC PRIVATE KEY-----
diff --git a/tests/openpgp/samplekeys/ssh-ed25519.key b/tests/openpgp/samplekeys/ssh-ed25519.key
new file mode 100644
index 0000000..c3760b8
--- /dev/null
+++ b/tests/openpgp/samplekeys/ssh-ed25519.key
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACARyDcsgSrXAdihOuO5lN+qVKVPdwsXCmOZ61XYVUA1MAAAAJAOqdhVDqnY
+VQAAAAtzc2gtZWQyNTUxOQAAACARyDcsgSrXAdihOuO5lN+qVKVPdwsXCmOZ61XYVUA1MA
+AAAEATyEkvuhAExcEet+Rc2Qz2Fxg4iIi4XXJLpZFKwWsY3hHINyyBKtcB2KE647mU36pU
+pU93CxcKY5nrVdhVQDUwAAAACHRlc3Qga2V5AQIDBAU=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/tests/openpgp/samplekeys/ssh-rsa.key b/tests/openpgp/samplekeys/ssh-rsa.key
new file mode 100644
index 0000000..ef0425c
--- /dev/null
+++ b/tests/openpgp/samplekeys/ssh-rsa.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEAxp4sIUtrNBl4Vbd4075CmtHmwxTc0FhQIGw36kptbrWReLb9
+Np0RQylKyc6qUruxZlCdPVFo7iX3vs272/0GEakPv0DAsKGbe1nTsMyxxz0o3dP4
+JQOlOGEnpETa0ybfPLMX1+qNiBdm7HLjqcP5+S0Exb0Z0deFNIhEP6XckUEgHmwA
+/AdDdUUKwwvZeZOi4XyBVt0vXzwM/+84ro27O+CZm9Du3qe1jTIsX7jUrqsUBhp9
+eUwa1jXfXuJJo9b4/GeP4S9x8U7ho+BQ6/HH03dzcKaY3FftanCZkcwxfGBBUiCK
+pIA5WgKimLcgP2R75Y3jilDoBh5HyIdGXo0aFwIDAQABAoIBAQCBXLIHeXS4eUJc
+KeSjnQ8KgV4Yf3UWqf5+L533lkRSUCYQhrbDpGeC49kXOejLe/4eUrEnJ+f8/HOx
+LZSGwvT5+bAM9CLMqGV5YNc1Fw1PZHFCkfXUPdyVrQnBvyr7Th0mDsuf0OAf3IYn
+yOipQMCGX6D1HaY8e3AB+CLjhab0X1vAwvqzPb/HIdtMhRWlJxzbuqnE3kr+Ccvz
+us3vmD4VBp0CF0f+yblcibMCHdHY6j8Ir6Qeq6Mbd6lEXRPW1TgUqP15idVaJ4AF
+1kGXDW9O0ycgrbopGZfk5yY60fEHGdr4QYjx2Gtx2xQcnPcjJ+j5kGgubKWxNhJE
+Qx7DPdYxAoGBAP29S+wD1df0U+Tr0x06N6M/nSjNacGs12Oq/ehNJHhTYUO9fWUl
+M2X/MXRMMMGsnGaLNsrLao9Jnq0ZU5GFICWYeVBvaCvRrGngbqJBy8jRv+QYyaQs
+AckLcdgLGvjhcXonHDcbcxpug7/qFwakT+KY2s11FrHBEzbAIuDiSSKfAoGBAMhj
+KPkrjWJh3xxpFrFnGYj5aF86ExrPe2LAP/8F6Ez7dQN+4bA6O5F4hpJ/X0q/6s0n
+IBljo/DgARCBjbwDSaAMEWdm8HDeBhJsSCdQHW38ylaRDi8CQDKR60N3a/tV1MRJ
+4fKoHZ+7HH3wc+Bjv3oDovwVyUMG7ekCjeqbqI2JAoGBAOkhYX5Jz9KJBAPSwLeb
+4760FfuFL+PooEVMt9kV96ouQbFxiqLB2UWfgJqv3iQ0Kcb1pbQRzag1Jfs4x9Vu
+ESk5vEyw729DSDxHHp8qAMhUHxC9zZZvcHx9bW3oVjHRQOfQw1XGfK0OWTKdK+bI
+VTWG55HaQK21DahCREmG31dVAoGBALBH80KHmsAioziGBi2YKjGCXtvu5eGfBsdP
+orzBQKOATmb91qLGB6MoaRI1NOo4POGu+qD7M7xyAt23aq0sIzfFhgX1260e1C6e
+zTawVsNsL7/JqbWXAEy8az+VrguTbTIkYL2sQStEWoM75WRPu6El09p5e+0YCnEC
+C0CJINUpAoGBAPF1fpPINHlUW+Bvo4Nj3935QgZI47yTplDusptyfYgFYXw6ZYel
+y5Zgv9TWZlmW9FDTp4XVgn5zQTEN1LdL7vNXWV9aOvfrqPk5ClBkxhndgq7j6MFs
+9+9V06HJDIsSrC0D/ajIkP+iT9Hd6eEZMkJ6y6XtTbkJGYt2zOtnrpb6
+-----END RSA PRIVATE KEY-----
diff --git a/tests/openpgp/ssh.scm b/tests/openpgp/ssh.scm
new file mode 100755
index 0000000..cc47772
--- /dev/null
+++ b/tests/openpgp/ssh.scm
@@ -0,0 +1,52 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2016 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (with-path "defs.scm"))
+
+(define GNUPGHOME (getenv "GNUPGHOME"))
+(if (string=? "" GNUPGHOME)
+ (error "GNUPGHOME not set"))
+
+(setenv "SSH_AUTH_SOCK" (path-join GNUPGHOME "S.gpg-agent.ssh") #t)
+
+(define SSH-ADD #f)
+(catch (skip "ssh-add not found")
+ (set! SSH-ADD
+ (path-expand "ssh-add" (string-split (getenv "PATH") *pathsep*))))
+
+(define keys
+ '(("dsa" "MD5:9a:e1:f1:5f:46:ea:a5:06:e1:e2:f8:38:8e:06:54:58")
+ ("rsa" "MD5:c9:85:b5:55:00:84:a9:82:5a:df:d6:62:1b:5a:28:22")
+ ("ecdsa" "MD5:93:37:30:a6:4e:e7:6a:22:79:77:8e:bf:ed:14:e9:8e")
+ ("ed25519" "MD5:08:df:be:af:d2:f5:32:20:3a:1c:56:06:be:31:0f:bf")))
+
+(for-each-p'
+ "Importing ssh keys..."
+ (lambda (key)
+ (let ((file (path-join (in-srcdir "samplekeys")
+ (string-append "ssh-" (car key) ".key")))
+ (hash (cadr key)))
+ ;; We pipe the key to ssh-add so that it won't complain about
+ ;; file's permissions.
+ (pipe:do
+ (pipe:open file (logior O_RDONLY O_BINARY))
+ (pipe:spawn `(,SSH-ADD -)))
+ (unless (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "") hash)
+ (error "key not added"))))
+ car keys)
-----------------------------------------------------------------------
Summary of changes:
agent/command-ssh.c | 16 ++++----
tests/gpgscm/tests.scm | 14 +++++--
tests/openpgp/Makefile.am | 9 ++++-
tests/openpgp/fake-pinentry.c | 6 ++-
tests/openpgp/gpg-agent.conf.tmpl | 1 +
tests/openpgp/samplekeys/ssh-dsa.key | 12 ++++++
tests/openpgp/samplekeys/ssh-ecdsa.key | 5 +++
tests/openpgp/samplekeys/ssh-ed25519.key | 7 ++++
tests/openpgp/samplekeys/ssh-rsa.key | 27 ++++++++++++++
tests/openpgp/ssh.scm | 64 ++++++++++++++++++++++++++++++++
10 files changed, 148 insertions(+), 13 deletions(-)
create mode 100644 tests/openpgp/samplekeys/ssh-dsa.key
create mode 100644 tests/openpgp/samplekeys/ssh-ecdsa.key
create mode 100644 tests/openpgp/samplekeys/ssh-ed25519.key
create mode 100644 tests/openpgp/samplekeys/ssh-rsa.key
create mode 100755 tests/openpgp/ssh.scm
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list