1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-05-24 16:43:28 +02:00

agent: Add support for TPM2 for ECC KEM.

* agent/agent.h (agent_tpm2d_ecc_kem): New.
* agent/divert-tpm2.c (agent_tpm2d_ecc_kem): New.
* agent/pkdecrypt.c (ecc_pgp_kem_decap): Call agent_tpm2d_ecc_kem.

--

GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2025-05-22 14:34:05 +09:00
parent b956f47e2a
commit 04782e7fd6
No known key found for this signature in database
GPG Key ID: 640114AF89DE6054
3 changed files with 51 additions and 2 deletions

View File

@ -655,6 +655,9 @@ int divert_tpm2_pkdecrypt (ctrl_t ctrl,
char **r_buf, size_t *r_len, int *r_padding);
int divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip,
gcry_sexp_t s_skey);
int agent_tpm2d_ecc_kem (ctrl_t ctrl, const unsigned char *shadow_info,
const unsigned char *ecc_ct,
size_t ecc_point_len, unsigned char *ecc_ecdh);
#else /*!HAVE_LIBTSS*/
static inline int
divert_tpm2_pksign (ctrl_t ctrl,
@ -686,6 +689,16 @@ divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip,
(void)ctrl; (void)grip; (void)s_skey;
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
static inline int
agent_tpm2d_ecc_kem (ctrl_t ctrl, const unsigned char *shadow_info,
const unsigned char *ecc_ct,
size_t ecc_point_len, unsigned char *ecc_ecdh)
{
(void)ctrl; (void)ecc_ct;
(void)ecc_point_len; (void)ecc_ecdh;
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
#endif /*!HAVE_LIBTSS*/

View File

@ -168,3 +168,34 @@ divert_tpm2_pkdecrypt (ctrl_t ctrl,
return agent_tpm2d_pkdecrypt (ctrl, s, n, shadow_info, r_buf, r_len);
}
int
agent_tpm2d_ecc_kem (ctrl_t ctrl,
const unsigned char *shadow_info,
const unsigned char *ecc_ct,
size_t ecc_point_len, unsigned char *ecc_ecdh)
{
char *ecdh = NULL;
size_t len;
int rc;
rc = agent_tpm2d_pkdecrypt (ctrl, ecc_ct, ecc_point_len, shadow_info,
&ecdh, &len);
if (rc)
return rc;
if (len == ecc_point_len)
memcpy (ecc_ecdh, ecdh, len);
else if (len == ecc_point_len + 1 && ecdh[0] == 0x40) /* The prefix */
memcpy (ecc_ecdh, ecdh + 1, len - 1);
else
{
if (opt.verbose)
log_info ("%s: ECC result length invalid (%zu != %zu)\n",
__func__, len, ecc_point_len);
return gpg_error (GPG_ERR_INV_DATA);
}
xfree (ecdh);
return rc;
}

View File

@ -503,8 +503,13 @@ ecc_pgp_kem_decap (ctrl_t ctrl, gcry_sexp_t s_skey0,
{
if (s_skey0 && agent_is_tpm2_key (s_skey0))
{
log_error ("TPM decryption failed: %s\n", gpg_strerror (err));
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
err = agent_tpm2d_ecc_kem (ctrl, shadow_info0,
ecc_ct, ecc->point_len, ecc_ecdh);
if (err)
{
log_error ("TPM decryption failed: %s\n", gpg_strerror (err));
return err;
}
}
else
{