security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

agent: expose shadow key type

Browse Source 
* agent/findkey.c (agent_key_info_from_file): Add new return arg
r_shadow_info_type.
* agent/protect.c (agent_shadow_key): Factor code out to ...
(agent_shadow_key_type): new.  Add arg 'type'.
(agent_get_shadow_info): Factor code out to ...
(agent_get_shadow_info_type): new. Add arg 'shadow_type'.
(agent_is_tpm2_key): New.
(agent_get_shadow_type): New.
* agent/command.c (do_one_keyinfo): Get and check the
shadow_info_type.
--

For TPM support it is necessary to indroduce another type of shadow
key, so allow other agent functions to extract the type so they can
make the right decisions based on it.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Added ChangeLog entries.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
James Bottomley 2018-03-05 11:13:25 -08:00 committed by Werner Koch
parent f574aabeeb
commit 30c434eaf3
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 90 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
agent/agent.h
View File

@ -420,7 +420,8 @@ int agent_is_eddsa_key (gcry_sexp_t s_key);
int agent_key_available (const unsigned char *grip); int agent_key_available (const unsigned char *grip);
gpg_error_t agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip, gpg_error_t agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
int *r_keytype, int *r_keytype,
unsigned char **r_shadow_info); unsigned char **r_shadow_info,
unsigned char **r_shadow_info_type);
gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text, gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text,
const unsigned char *grip, const unsigned char *grip,
int force, int only_stubs); int force, int only_stubs);
@ -503,8 +504,15 @@ unsigned char *make_shadow_info (const char *serialno, const char *idstring);
int agent_shadow_key (const unsigned char *pubkey, int agent_shadow_key (const unsigned char *pubkey,
const unsigned char *shadow_info, const unsigned char *shadow_info,
unsigned char **result); unsigned char **result);
int agent_shadow_key_type (const unsigned char *pubkey,
const unsigned char *shadow_info,
const unsigned char *type,
unsigned char **result);
gpg_error_t agent_get_shadow_info (const unsigned char *shadowkey, gpg_error_t agent_get_shadow_info (const unsigned char *shadowkey,
unsigned char const **shadow_info); unsigned char const **shadow_info);
gpg_error_t agent_get_shadow_info_type (const unsigned char *shadowkey,
unsigned char const **shadow_info,
unsigned char **shadow_type);
gpg_error_t parse_shadow_info (const unsigned char *shadow_info, gpg_error_t parse_shadow_info (const unsigned char *shadow_info,
char **r_hexsn, char **r_idstr, int *r_pinlen); char **r_hexsn, char **r_idstr, int *r_pinlen);
gpg_error_t s2k_hash_passphrase (const char *passphrase, int hashalgo, gpg_error_t s2k_hash_passphrase (const char *passphrase, int hashalgo,

21
agent/command.c
View File

@ -1104,7 +1104,7 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
char hexgrip[40+1]; char hexgrip[40+1];
char *fpr = NULL; char *fpr = NULL;
int keytype; int keytype;
unsigned char *shadow_info = NULL; unsigned char *shadow_info = NULL, *shadow_info_type = NULL;
char *serialno = NULL; char *serialno = NULL;
char *idstr = NULL; char *idstr = NULL;
const char *keytypestr; const char *keytypestr;
@ -1115,7 +1115,8 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
char ttlbuf[20]; char ttlbuf[20];
char flagsbuf[5]; char flagsbuf[5];
err = agent_key_info_from_file (ctrl, grip, &keytype, &shadow_info); err = agent_key_info_from_file (ctrl, grip, &keytype, &shadow_info,
&shadow_info_type);
if (err) if (err)
{ {
if (in_ssh && gpg_err_code (err) == GPG_ERR_NOT_FOUND) if (in_ssh && gpg_err_code (err) == GPG_ERR_NOT_FOUND)
@ -1185,9 +1186,18 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
if (shadow_info) if (shadow_info)
{ {
err = parse_shadow_info (shadow_info, &serialno, &idstr, NULL); if (strcmp (shadow_info_type, "t1-v1") == 0)
if (err) {
goto leave; err = parse_shadow_info (shadow_info, &serialno, &idstr, NULL);
if (err)
goto leave;
}
else
{
log_error ("Unrecognised shadow key type %s\n", shadow_info_type);
err = GPG_ERR_BAD_KEY;
goto leave;
}
} }
if (!data) if (!data)
@ -1222,6 +1232,7 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
leave: leave:
xfree (fpr); xfree (fpr);
xfree (shadow_info_type);
xfree (shadow_info); xfree (shadow_info);
xfree (serialno); xfree (serialno);
xfree (idstr); xfree (idstr);

5
agent/findkey.c
View File

@ -1359,7 +1359,8 @@ agent_key_available (const unsigned char *grip)
S-expression. */ S-expression. */
gpg_error_t gpg_error_t
agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip, agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
int *r_keytype, unsigned char **r_shadow_info) int *r_keytype, unsigned char **r_shadow_info,
unsigned char **r_shadow_info_type)
{ {
gpg_error_t err; gpg_error_t err;
unsigned char *buf; unsigned char *buf;
@ -1406,7 +1407,7 @@ agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
const unsigned char *s; const unsigned char *s;
size_t n; size_t n;
err = agent_get_shadow_info (buf, &s); err = agent_get_shadow_info_type (buf, &s, r_shadow_info_type);
if (!err) if (!err)
{ {
n = gcry_sexp_canon_len (s, 0, NULL, NULL); n = gcry_sexp_canon_len (s, 0, NULL, NULL);

72
agent/protect.c
View File

@ -1499,9 +1499,10 @@ make_shadow_info (const char *serialno, const char *idstring)
to. The input parameters are expected to be valid canonicalized to. The input parameters are expected to be valid canonicalized
S-expressions */ S-expressions */
int int
agent_shadow_key (const unsigned char *pubkey, agent_shadow_key_type (const unsigned char *pubkey,
const unsigned char *shadow_info, const unsigned char *shadow_info,
unsigned char **result) const unsigned char *type,
unsigned char **result)
{ {
const unsigned char *s; const unsigned char *s;
const unsigned char *point; const unsigned char *point;
@ -1557,7 +1558,7 @@ agent_shadow_key (const unsigned char *pubkey,
assert (depth == 1); assert (depth == 1);
/* Calculate required length by taking in account: the "shadowed-" /* Calculate required length by taking in account: the "shadowed-"
prefix, the "shadowed", "t1-v1" as well as some parenthesis */ prefix, the "shadowed", shadow type as well as some parenthesis */
n = 12 + pubkey_len + 1 + 3+8 + 2+5 + shadow_info_len + 1; n = 12 + pubkey_len + 1 + 3+8 + 2+5 + shadow_info_len + 1;
*result = xtrymalloc (n); *result = xtrymalloc (n);
p = (char*)*result; p = (char*)*result;
@ -1567,7 +1568,7 @@ agent_shadow_key (const unsigned char *pubkey,
/* (10:public-key ...)*/ /* (10:public-key ...)*/
memcpy (p, pubkey+14, point - (pubkey+14)); memcpy (p, pubkey+14, point - (pubkey+14));
p += point - (pubkey+14); p += point - (pubkey+14);
p = stpcpy (p, "(8:shadowed5:t1-v1"); p += sprintf (p, "(8:shadowed%d:%s", (int)strlen(type), type);
memcpy (p, shadow_info, shadow_info_len); memcpy (p, shadow_info, shadow_info_len);
p += shadow_info_len; p += shadow_info_len;
*p++ = ')'; *p++ = ')';
@ -1577,11 +1578,20 @@ agent_shadow_key (const unsigned char *pubkey,
return 0; return 0;
} }
int
agent_shadow_key (const unsigned char *pubkey,
const unsigned char *shadow_info,
unsigned char **result)
{
return agent_shadow_key_type (pubkey, shadow_info, "t1-v1", result);
}
/* Parse a canonical encoded shadowed key and return a pointer to the /* Parse a canonical encoded shadowed key and return a pointer to the
inner list with the shadow_info */ inner list with the shadow_info and the shadow type */
gpg_error_t gpg_error_t
agent_get_shadow_info (const unsigned char *shadowkey, agent_get_shadow_info_type (const unsigned char *shadowkey,
unsigned char const **shadow_info) unsigned char const **shadow_info,
unsigned char **shadow_type)
{ {
const unsigned char *s; const unsigned char *s;
size_t n; size_t n;
@ -1633,17 +1643,59 @@ agent_get_shadow_info (const unsigned char *shadowkey,
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return gpg_error (GPG_ERR_INV_SEXP); return gpg_error (GPG_ERR_INV_SEXP);
if (smatch (&s, n, "t1-v1")) if (shadow_type) {
char *buf = xtrymalloc(n+1);
memcpy(buf, s, n);
buf[n] = '\0';
*shadow_type = buf;
}
if (smatch (&s, n, "t1-v1") || smatch(&s, n, "tpm2-v1"))
{ {
if (*s != '(') if (*s != '(')
return gpg_error (GPG_ERR_INV_SEXP); return gpg_error (GPG_ERR_INV_SEXP);
*shadow_info = s; if (shadow_info)
*shadow_info = s;
} }
else else
return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL); return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
return 0; return 0;
} }
gpg_error_t
agent_get_shadow_info(const unsigned char *shadowkey,
unsigned char const **shadow_info)
{
return agent_get_shadow_info_type(shadowkey, shadow_info, NULL);
}
int
agent_is_tpm2_key(gcry_sexp_t s_skey)
{
unsigned char *buf;
unsigned char *type;
size_t len;
gpg_error_t err;
err = make_canon_sexp(s_skey, &buf, &len);
if (err)
return 0;
err = agent_get_shadow_info_type(buf, NULL, &type);
if (err)
return 0;
err = strcmp(type, "tpm2-v1") == 0;
xfree(type);
return err;
}
gpg_error_t
agent_get_shadow_type(const unsigned char *shadowkey,
unsigned char **shadow_type)
{
return agent_get_shadow_info_type(shadowkey, NULL, shadow_type);
}
/* Parse the canonical encoded SHADOW_INFO S-expression. On success /* Parse the canonical encoded SHADOW_INFO S-expression. On success
the hex encoded serial number is returned as a malloced strings at the hex encoded serial number is returned as a malloced strings at