security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

agent: expose shadow key type

Browse source 
--
For TPM support it is necessary to indroduce another type of shadow
key, so allow other agent functions to extract the type so they can
make the right decisions based on it.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Minor editorial changes by wk
This commit is contained in:
James Bottomley via Gnupg-devel 2020-06-14 10:26:45 -07:00 committed by Werner Koch
parent a763bb2580
commit 0e3b2955ae
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
4 changed files with 90 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

72
agent/protect.c
View file

@ -1516,9 +1516,10 @@ make_shadow_info (const char *serialno, const char *idstring)
to. The input parameters are expected to be valid canonicalized
S-expressions */
int
agent_shadow_key (const unsigned char *pubkey,
const unsigned char *shadow_info,
unsigned char **result)
agent_shadow_key_type (const unsigned char *pubkey,
const unsigned char *shadow_info,
const unsigned char *type,
unsigned char **result)
{
const unsigned char *s;
const unsigned char *point;
@ -1574,7 +1575,7 @@ agent_shadow_key (const unsigned char *pubkey,
log_assert (depth == 1);
/* Calculate required length by taking in account: the "shadowed-"
prefix, the "shadowed", "t1-v1" as well as some parenthesis */
prefix, the "shadowed", shadow type as well as some parenthesis */
n = 12 + pubkey_len + 1 + 3+8 + 2+5 + shadow_info_len + 1;
*result = xtrymalloc (n);
p = (char*)*result;
@ -1584,7 +1585,7 @@ agent_shadow_key (const unsigned char *pubkey,
/* (10:public-key ...)*/
memcpy (p, pubkey+14, point - (pubkey+14));
p += point - (pubkey+14);
p = stpcpy (p, "(8:shadowed5:t1-v1");
p += sprintf (p, "(8:shadowed%d:%s", (int)strlen(type), type);
memcpy (p, shadow_info, shadow_info_len);
p += shadow_info_len;
*p++ = ')';
@ -1594,11 +1595,20 @@ agent_shadow_key (const unsigned char *pubkey,
return 0;
}
int
agent_shadow_key (const unsigned char *pubkey,
const unsigned char *shadow_info,
unsigned char **result)
{
return agent_shadow_key_type (pubkey, shadow_info, "t1-v1", result);
}
/* Parse a canonical encoded shadowed key and return a pointer to the
inner list with the shadow_info */
inner list with the shadow_info and the shadow type */
gpg_error_t
agent_get_shadow_info (const unsigned char *shadowkey,
unsigned char const **shadow_info)
agent_get_shadow_info_type (const unsigned char *shadowkey,
unsigned char const **shadow_info,
unsigned char **shadow_type)
{
const unsigned char *s;
size_t n;
@ -1650,17 +1660,59 @@ agent_get_shadow_info (const unsigned char *shadowkey,
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
if (smatch (&s, n, "t1-v1"))
if (shadow_type) {
char *buf = xtrymalloc(n+1);
memcpy(buf, s, n);
buf[n] = '\0';
*shadow_type = buf;
}
if (smatch (&s, n, "t1-v1") || smatch(&s, n, "tpm2-v1"))
{
if (*s != '(')
return gpg_error (GPG_ERR_INV_SEXP);
*shadow_info = s;
if (shadow_info)
*shadow_info = s;
}
else
return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
return 0;
}
gpg_error_t
agent_get_shadow_info(const unsigned char *shadowkey,
unsigned char const **shadow_info)
{
return agent_get_shadow_info_type(shadowkey, shadow_info, NULL);
}
int
agent_is_tpm2_key(gcry_sexp_t s_skey)
{
unsigned char *buf;
unsigned char *type;
size_t len;
gpg_error_t err;
err = make_canon_sexp(s_skey, &buf, &len);
if (err)
return 0;
err = agent_get_shadow_info_type(buf, NULL, &type);
if (err)
return 0;
err = strcmp(type, "tpm2-v1") == 0;
xfree(type);
return err;
}
gpg_error_t
agent_get_shadow_type(const unsigned char *shadowkey,
unsigned char **shadow_type)
{
return agent_get_shadow_info_type(shadowkey, NULL, shadow_type);
}
/* Parse the canonical encoded SHADOW_INFO S-expression. On success
the hex encoded serial number is returned as a malloced strings at