mirror of
git://git.gnupg.org/gnupg.git
synced 2025-05-24 16:43:28 +02:00
agent: Add support for TPM2 for ECC KEM.
* agent/agent.h (agent_tpm2d_ecc_kem): New. * agent/divert-tpm2.c (agent_tpm2d_ecc_kem): New. * agent/pkdecrypt.c (ecc_pgp_kem_decap): Call agent_tpm2d_ecc_kem. -- GnuPG-bug-id: 7649 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
parent
b956f47e2a
commit
04782e7fd6
@ -655,6 +655,9 @@ int divert_tpm2_pkdecrypt (ctrl_t ctrl,
|
||||
char **r_buf, size_t *r_len, int *r_padding);
|
||||
int divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip,
|
||||
gcry_sexp_t s_skey);
|
||||
int agent_tpm2d_ecc_kem (ctrl_t ctrl, const unsigned char *shadow_info,
|
||||
const unsigned char *ecc_ct,
|
||||
size_t ecc_point_len, unsigned char *ecc_ecdh);
|
||||
#else /*!HAVE_LIBTSS*/
|
||||
static inline int
|
||||
divert_tpm2_pksign (ctrl_t ctrl,
|
||||
@ -686,6 +689,16 @@ divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip,
|
||||
(void)ctrl; (void)grip; (void)s_skey;
|
||||
return gpg_error (GPG_ERR_NOT_SUPPORTED);
|
||||
}
|
||||
|
||||
static inline int
|
||||
agent_tpm2d_ecc_kem (ctrl_t ctrl, const unsigned char *shadow_info,
|
||||
const unsigned char *ecc_ct,
|
||||
size_t ecc_point_len, unsigned char *ecc_ecdh)
|
||||
{
|
||||
(void)ctrl; (void)ecc_ct;
|
||||
(void)ecc_point_len; (void)ecc_ecdh;
|
||||
return gpg_error (GPG_ERR_NOT_SUPPORTED);
|
||||
}
|
||||
#endif /*!HAVE_LIBTSS*/
|
||||
|
||||
|
||||
|
@ -168,3 +168,34 @@ divert_tpm2_pkdecrypt (ctrl_t ctrl,
|
||||
|
||||
return agent_tpm2d_pkdecrypt (ctrl, s, n, shadow_info, r_buf, r_len);
|
||||
}
|
||||
|
||||
int
|
||||
agent_tpm2d_ecc_kem (ctrl_t ctrl,
|
||||
const unsigned char *shadow_info,
|
||||
const unsigned char *ecc_ct,
|
||||
size_t ecc_point_len, unsigned char *ecc_ecdh)
|
||||
{
|
||||
char *ecdh = NULL;
|
||||
size_t len;
|
||||
int rc;
|
||||
|
||||
rc = agent_tpm2d_pkdecrypt (ctrl, ecc_ct, ecc_point_len, shadow_info,
|
||||
&ecdh, &len);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
if (len == ecc_point_len)
|
||||
memcpy (ecc_ecdh, ecdh, len);
|
||||
else if (len == ecc_point_len + 1 && ecdh[0] == 0x40) /* The prefix */
|
||||
memcpy (ecc_ecdh, ecdh + 1, len - 1);
|
||||
else
|
||||
{
|
||||
if (opt.verbose)
|
||||
log_info ("%s: ECC result length invalid (%zu != %zu)\n",
|
||||
__func__, len, ecc_point_len);
|
||||
return gpg_error (GPG_ERR_INV_DATA);
|
||||
}
|
||||
|
||||
xfree (ecdh);
|
||||
return rc;
|
||||
}
|
||||
|
@ -503,8 +503,13 @@ ecc_pgp_kem_decap (ctrl_t ctrl, gcry_sexp_t s_skey0,
|
||||
{
|
||||
if (s_skey0 && agent_is_tpm2_key (s_skey0))
|
||||
{
|
||||
log_error ("TPM decryption failed: %s\n", gpg_strerror (err));
|
||||
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
|
||||
err = agent_tpm2d_ecc_kem (ctrl, shadow_info0,
|
||||
ecc_ct, ecc->point_len, ecc_ecdh);
|
||||
if (err)
|
||||
{
|
||||
log_error ("TPM decryption failed: %s\n", gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
Loading…
x
Reference in New Issue
Block a user