gnupg

security-and-privacy/gnupg

Fork 0

mirror of git://git.gnupg.org/gnupg.git synced 2025-01-08 12:44:23 +01:00

Commit Graph

Author	SHA1	Message	Date
Werner Koch	fb0470a9f5	agent: Minor cleanup of the TPM patches. * configure.ac (AC_CHECK_HEADERS): Add tss2/tss.h. * agent/divert-tpm2.c: Print an error if that file is not available. * agent/Makefile.am (gpg_agent_SOURCES): Add tpm.h * agent/command.c (do_one_keyinfo): Replace xstrdup by xtrystrdup. * agent/protect.c (agent_get_shadow_info_type): Check error of xtrystrdup. Signed-off-by: Werner Koch <wk@gnupg.org>	2018-03-09 10:36:14 +01:00
James Bottomley	72ece35fb7	tpm2: add handling for elliptic curve keys * agent/divert-tpm2.c: Support ECC. -- This adds handling for the way gnupg does elliptic keys, namely ECDSA for signatures and using ECDH with an ephemeral key to generate an encrypted message. The main problem is that the TPM2 usually has a very small list of built in curves and it won't handle any others. Thanks to TCG mandates, all TPM2 systems in the USA should come with NIST P-256, but do not come with the Bernstien curve 25519, so the only way to use the TPM2 to protect an elliptic curve key is first to create it with a compatible algorithm. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>	2018-03-09 10:15:25 +01:00
James Bottomley	1a4a4a8f5f	agent: plumb in TPM handling * agent/divert-tpm2.c: New. * Makefile.am (gpg_agent_SOURCES): Add it. * agent/command.c (do_one_keyinfo): Fake serialno for TPM. (cmd_keytotpm): New. (register_commands): Register KEYTOTPM command. * agent/pkdecrypt.c (agent_pkdecrypt): Divert to TPM. * agent/pksign.c (agent_pksign_do): Divert to TPM. -- This code installs diversions for pksign and pkdecrypt to do the operations via the TPM if a TPM shadowed key is present. It also adds an extra assuan command KEYTOTPM which moves an existing private key to a TPM shadowed key. The way TPM shadowing works is that the public and private key parts are fed in to the TPM command TPM2_Import. The output of this command is a TPM specific public and private key data where the private key data is symmetrically encrypted using a TPM internal key. If this physical TPM is ever lost or cleared, that TPM internal key will likewise be lost and nothing will ever be able to read the private key. Once the import is done, the shadow information for the key is updated to be a three part list consisting of the parent key (hard coded to 81000001 which is the Microsoft preferred RSA incarnation of the storage seed) and the public and private TPM data blobs. Now when a TPM shadowed key is used, the data blobs must be loaded into the TPM with TPM2_Load before any operation can be performed. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> - Added ChangeLog entries Signed-off-by: Werner Koch <wk@gnupg.org>	2018-03-09 10:01:59 +01:00

Author

SHA1

Message

Date

Werner Koch

fb0470a9f5

agent: Minor cleanup of the TPM patches.

* configure.ac (AC_CHECK_HEADERS): Add tss2/tss.h.
* agent/divert-tpm2.c: Print an error if that file is not available.
* agent/Makefile.am (gpg_agent_SOURCES): Add tpm.h
* agent/command.c (do_one_keyinfo): Replace xstrdup by xtrystrdup.
* agent/protect.c (agent_get_shadow_info_type): Check error of
xtrystrdup.

Signed-off-by: Werner Koch <wk@gnupg.org>

2018-03-09 10:36:14 +01:00

James Bottomley

72ece35fb7

tpm2: add handling for elliptic curve keys

* agent/divert-tpm2.c: Support ECC.

--
This adds handling for the way gnupg does elliptic keys, namely ECDSA
for signatures and using ECDH with an ephemeral key to generate an
encrypted message.  The main problem is that the TPM2 usually has a
very small list of built in curves and it won't handle any others.
Thanks to TCG mandates, all TPM2 systems in the USA should come with
NIST P-256, but do not come with the Bernstien curve 25519, so the
only way to use the TPM2 to protect an elliptic curve key is first to
create it with a compatible algorithm.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

2018-03-09 10:15:25 +01:00

James Bottomley

1a4a4a8f5f

agent: plumb in TPM handling

* agent/divert-tpm2.c: New.
* Makefile.am (gpg_agent_SOURCES): Add it.
* agent/command.c (do_one_keyinfo): Fake serialno for TPM.
(cmd_keytotpm): New.
(register_commands): Register KEYTOTPM command.
* agent/pkdecrypt.c (agent_pkdecrypt): Divert to TPM.
* agent/pksign.c (agent_pksign_do): Divert to TPM.

--
This code installs diversions for pksign and pkdecrypt to do the
operations via the TPM if a TPM shadowed key is present.  It also adds
an extra assuan command KEYTOTPM which moves an existing private key
to a TPM shadowed key.

The way TPM shadowing works is that the public and private key parts
are fed in to the TPM command TPM2_Import.  The output of this command
is a TPM specific public and private key data where the private key
data is symmetrically encrypted using a TPM internal key.  If this
physical TPM is ever lost or cleared, that TPM internal key will
likewise be lost and nothing will ever be able to read the private
key.  Once the import is done, the shadow information for the key is
updated to be a three part list consisting of the parent key (hard
coded to 81000001 which is the Microsoft preferred RSA incarnation of
the storage seed) and the public and private TPM data blobs.

Now when a TPM shadowed key is used, the data blobs must be loaded
into the TPM with TPM2_Load before any operation can be performed.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

- Added ChangeLog entries

Signed-off-by: Werner Koch <wk@gnupg.org>

2018-03-09 10:01:59 +01:00

3 Commits