1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

agent: fix tpm2d keytotpm handling

* agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Call
agent_delete_key before agent_write_private_key.  Recover
from an error.

--

Cherry-picked from master commit of:
	eda3997b439e415f1bebaa3be20c8bdb43d3a1d0

Fixes-commit: a1015bf2fc07dabb1200eab5fa41f13e7bf98202
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This commit is contained in:
NIIBE Yutaka 2023-09-28 11:59:14 +09:00
parent 19caa5c267
commit 9909f622f6
No known key found for this signature in database
GPG Key ID: 640114AF89DE6054

View File

@ -26,9 +26,10 @@ divert_tpm2_pksign (ctrl_t ctrl,
static gpg_error_t static gpg_error_t
agent_write_tpm2_shadow_key (ctrl_t ctrl, const unsigned char *grip, agent_write_tpm2_shadow_key (ctrl_t ctrl, const unsigned char *grip,
unsigned char *shadow_info) unsigned char *shadow_info,
gcry_sexp_t s_key)
{ {
gpg_error_t err; gpg_error_t err, err1;
unsigned char *shdkey; unsigned char *shdkey;
unsigned char *pkbuf; unsigned char *pkbuf;
size_t len; size_t len;
@ -44,7 +45,14 @@ agent_write_tpm2_shadow_key (ctrl_t ctrl, const unsigned char *grip,
xfree (pkbuf); xfree (pkbuf);
if (err) if (err)
{ {
log_error ("shadowing the key failed: %s\n", gpg_strerror (err)); log_error ("shadowing the tpm key failed: %s\n", gpg_strerror (err));
return err;
}
err = agent_delete_key (ctrl, NULL, grip, 1, 0);
if (err)
{
log_error ("failed to delete unshadowed key: %s\n", gpg_strerror (err));
return err; return err;
} }
@ -53,7 +61,22 @@ agent_write_tpm2_shadow_key (ctrl_t ctrl, const unsigned char *grip,
NULL, NULL, NULL, 0); NULL, NULL, NULL, 0);
xfree (shdkey); xfree (shdkey);
if (err) if (err)
log_error ("error writing key: %s\n", gpg_strerror (err)); {
log_error ("error writing tpm key: %s\n", gpg_strerror (err));
len = gcry_sexp_sprint(s_key, GCRYSEXP_FMT_CANON, NULL, 0);
pkbuf = xtrymalloc(len);
if (!pkbuf)
return GPG_ERR_ENOMEM;
gcry_sexp_sprint(s_key, GCRYSEXP_FMT_CANON, pkbuf, len);
err1 = agent_write_private_key (grip, pkbuf, len, 1 /*force*/,
NULL, NULL, NULL, 0);
xfree(pkbuf);
if (err1)
log_error ("error trying to restore private key: %s\n",
gpg_strerror (err1));
}
return err; return err;
} }
@ -68,7 +91,7 @@ divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip,
ret = agent_tpm2d_writekey(ctrl, &shadow_info, s_skey); ret = agent_tpm2d_writekey(ctrl, &shadow_info, s_skey);
if (!ret) { if (!ret) {
ret = agent_write_tpm2_shadow_key (ctrl, grip, shadow_info); ret = agent_write_tpm2_shadow_key (ctrl, grip, shadow_info, s_skey);
xfree (shadow_info); xfree (shadow_info);
} }
return ret; return ret;