mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
agent: fix tpm2d keytotpm handling
* agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Call agent_delete_key before agent_write_private_key. Recover from an error. -- Cherry-picked from master commit of: eda3997b439e415f1bebaa3be20c8bdb43d3a1d0 Fixes-commit: a1015bf2fc07dabb1200eab5fa41f13e7bf98202 Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This commit is contained in:
parent
19caa5c267
commit
9909f622f6
@ -26,9 +26,10 @@ divert_tpm2_pksign (ctrl_t ctrl,
|
|||||||
|
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
agent_write_tpm2_shadow_key (ctrl_t ctrl, const unsigned char *grip,
|
agent_write_tpm2_shadow_key (ctrl_t ctrl, const unsigned char *grip,
|
||||||
unsigned char *shadow_info)
|
unsigned char *shadow_info,
|
||||||
|
gcry_sexp_t s_key)
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err, err1;
|
||||||
unsigned char *shdkey;
|
unsigned char *shdkey;
|
||||||
unsigned char *pkbuf;
|
unsigned char *pkbuf;
|
||||||
size_t len;
|
size_t len;
|
||||||
@ -44,7 +45,14 @@ agent_write_tpm2_shadow_key (ctrl_t ctrl, const unsigned char *grip,
|
|||||||
xfree (pkbuf);
|
xfree (pkbuf);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("shadowing the key failed: %s\n", gpg_strerror (err));
|
log_error ("shadowing the tpm key failed: %s\n", gpg_strerror (err));
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
err = agent_delete_key (ctrl, NULL, grip, 1, 0);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
log_error ("failed to delete unshadowed key: %s\n", gpg_strerror (err));
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -53,7 +61,22 @@ agent_write_tpm2_shadow_key (ctrl_t ctrl, const unsigned char *grip,
|
|||||||
NULL, NULL, NULL, 0);
|
NULL, NULL, NULL, 0);
|
||||||
xfree (shdkey);
|
xfree (shdkey);
|
||||||
if (err)
|
if (err)
|
||||||
log_error ("error writing key: %s\n", gpg_strerror (err));
|
{
|
||||||
|
log_error ("error writing tpm key: %s\n", gpg_strerror (err));
|
||||||
|
|
||||||
|
len = gcry_sexp_sprint(s_key, GCRYSEXP_FMT_CANON, NULL, 0);
|
||||||
|
pkbuf = xtrymalloc(len);
|
||||||
|
if (!pkbuf)
|
||||||
|
return GPG_ERR_ENOMEM;
|
||||||
|
|
||||||
|
gcry_sexp_sprint(s_key, GCRYSEXP_FMT_CANON, pkbuf, len);
|
||||||
|
err1 = agent_write_private_key (grip, pkbuf, len, 1 /*force*/,
|
||||||
|
NULL, NULL, NULL, 0);
|
||||||
|
xfree(pkbuf);
|
||||||
|
if (err1)
|
||||||
|
log_error ("error trying to restore private key: %s\n",
|
||||||
|
gpg_strerror (err1));
|
||||||
|
}
|
||||||
|
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
@ -68,7 +91,7 @@ divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip,
|
|||||||
|
|
||||||
ret = agent_tpm2d_writekey(ctrl, &shadow_info, s_skey);
|
ret = agent_tpm2d_writekey(ctrl, &shadow_info, s_skey);
|
||||||
if (!ret) {
|
if (!ret) {
|
||||||
ret = agent_write_tpm2_shadow_key (ctrl, grip, shadow_info);
|
ret = agent_write_tpm2_shadow_key (ctrl, grip, shadow_info, s_skey);
|
||||||
xfree (shadow_info);
|
xfree (shadow_info);
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user