From 06af3583f46e2c327fdd44d8a95b8b4e8dfd8db5 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Tue, 3 Sep 2019 08:29:15 +0000
Subject: upstream: authfd: add function to check if key is in agent

This commit adds a helper function which allows the caller to
check if a given public key is present in ssh-agent.

work by Sebastian Kinne; ok markus@

OpenBSD-Commit-ID: d43c5826353e1fdc1af71eb42961b30782c7bd13
---
 authfd.c | 28 +++++++++++++++++++++++++++-
 authfd.h |  3 ++-
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/authfd.c b/authfd.c
index 315c6813..a5162790 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.116 2019/09/03 08:28:30 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.117 2019/09/03 08:29:15 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -317,6 +317,32 @@ ssh_free_identitylist(struct ssh_identitylist *idl)
 	free(idl);
 }
 
+/*
+ * Check if the ssh agent has a given key.
+ * Returns 0 if found, or a negative SSH_ERR_* error code on failure.
+ */
+int
+ssh_agent_has_key(int sock, struct sshkey *key)
+{
+	int r, ret = SSH_ERR_KEY_NOT_FOUND;
+	size_t i;
+	struct ssh_identitylist *idlist = NULL;
+
+	if ((r = ssh_fetch_identitylist(sock, &idlist)) < 0) {
+		return r;
+	}
+
+	for (i = 0; i < idlist->nkeys; i++) {
+		if (sshkey_equal_public(idlist->keys[i], key)) {
+			ret = 0;
+			break;
+		}
+	}
+
+	ssh_free_identitylist(idlist);
+	return ret;
+}
+
 /*
  * Sends a challenge (typically from a server via ssh(1)) to the agent,
  * and waits for a response from the agent.
diff --git a/authfd.h b/authfd.h
index 060bed63..57907650 100644
--- a/authfd.h
+++ b/authfd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.h,v 1.45 2019/06/21 04:21:04 djm Exp $ */
+/* $OpenBSD: authfd.h,v 1.46 2019/09/03 08:29:15 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -31,6 +31,7 @@ int	ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp);
 void	ssh_free_identitylist(struct ssh_identitylist *idl);
 int	ssh_add_identity_constrained(int sock, struct sshkey *key,
 	    const char *comment, u_int life, u_int confirm, u_int maxsign);
+int	ssh_agent_has_key(int sock, struct sshkey *key);
 int	ssh_remove_identity(int sock, struct sshkey *key);
 int	ssh_update_card(int sock, int add, const char *reader_id,
 	    const char *pin, u_int life, u_int confirm);
-- 
cgit v1.2.3