mirror of git://git.gnupg.org/gnupg.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branch:
master
ECC-INTEGRATION-2-1
GNUPG-1-9-BRANCH
GNUPG-1-9-BRANCH-MO
GNUPG-TRUNK-MO-HACKS
STABLE-BRANCH-1-0
STABLE-BRANCH-1-2
STABLE-BRANCH-1-4
STABLE-BRANCH-2-0
STABLE-BRANCH-2-2
T3880
T3880-fix
bjk/passphrase-inquire
cb/T5215
cb/test
ccid_driver_improvement
debian-unstable-patch-queue
disallow-v3-keys
dkg-fix-T4566
dkg-fix-T4593
dkg-fix-T4628
dkg-fix-T4652
dkg-fix-T4682
dkg/T1371
dkg/T1967
dkg/fix-4855
dkg/fix-T3995
dkg/fix-T4490
dkg/fix-T4501
dkg/fix-T4507
dkg/fix-T4522
dkg/gpgv-doc-improvement
dkg/no-skel-files
dkg/passphrase-env
ePit-1-0
fix-1950
fix-4393
fix-T3995
fix-T4017
fix-T4018
fix-T4019
gniibe/T4620
gniibe/crypto-refresh
gniibe/decryption-key
gniibe/fix-3465
gniibe/pcsc-get-status
gniibe/regexp
gniibe/scd-direct-keygrip
gniibe/scd-kdf-support
gniibe/scd-watch
gniibe/sos
gniibe/v5/448
gniibe/x25519
ikloecker/pinentry-formatted-passphrase
ikloecker/t5462
ikloecker/t5598-appimage
justus/fix-1788
justus/issue1955
justus/issue2012
justus/issue2700
justus/issue2826-0
justus/libdns-0
justus/scm-9
key-storage-work
master
mo-scd
neal/dirmngr-ldap
neal/encrypted-mailing-lists
neal/issue2236
neal/kdb
neal/next
neal/pending
neal/strsplit
npth
npth-2
npth-3
npth-4
scd-backport-2-0
scd-pin-prompt
scd-work
seckey-sync-work
switch-to-gpgk
t5964
tpm-work
wk/g13work
wk/signcode
wk/stable-2.2-global-options
wk/test-master
ABANDONED-V-1-2-0
Beta-2.3.0-beta1598
Beta-2.3.0-beta1655
NEWPG-0-0-0
NEWPG-0-3-0
NEWPG-0-3-1
NEWPG-0-3-10
NEWPG-0-3-2
NEWPG-0-3-3
NEWPG-0-3-4
NEWPG-0-3-5
NEWPG-0-3-6
NEWPG-0-3-7
NEWPG-0-3-8
NEWPG-0-3-9
NEWPG-0-9-0
NEWPG-0-9-1
NEWPG-0-9-2
RC-1-2-1rc1
RC-1-2-2rc1
RC-1-2-2rc2
RC-1-2-3rc1
RC-1-2-3rc2
RC-1-2-4rc1
RC-1-2-5rc1
RC-1-2-5rc2
RC-1-2-6rc1
RC-1-4-1rc1
RC-1-4-1rc2
RC-1-4-2rc1
RC-1-4-2rc2
SNAP-1-0-6a
SNAP-1-0-6b
SNAP-1-0-6c
SNAP-1-0-6d
SNAP-1-0-6e
V-0-2-8
V0-0-0
V0-1-0
V0-2-0
V0-2-10
V0-2-15
V0-2-17
V0-2-18
V0-2-19
V0-2-6
V0-3-0
V0-3-1
V0-3-2
V0-3-3
V0-3-4
V0-3-5
V0-4-0
V0-4-1
V0-4-2
V0-4-3
V0-4-4
V0-4-5
V0-9-0
V0-9-1
V0-9-10
V0-9-11
V0-9-2
V0-9-3
V0-9-4
V0-9-5
V0-9-6
V0-9-7
V0-9-8
V0-9-9
V1-0-0
V1-0-1
V1-0-1-ePit-1
V1-0-2
V1-0-3
V1-0-4
V1-0-5
V1-0-6
V1-0-7
V1-1-0
V1-1-2
V1-1-90
V1-1-91
V1-1-92
V1-2-0
V1-2-1
V1-2-2
V1-2-3
V1-2-4
V1-2-5
V1-2-6
V1-2-7
V1-3-0
V1-3-1
V1-3-2
V1-3-3
V1-3-4
V1-3-5
V1-3-6
V1-3-90
V1-3-91
V1-3-92
V1-3-93
V1-4-0
V1-4-1
V1-4-2
V1-9-0
V1-9-1
V1-9-10
V1-9-11
V1-9-12
V1-9-13
V1-9-14
V1-9-15
V1-9-16
V1-9-17
V1-9-18
V1-9-19
V1-9-2
V1-9-3
V1-9-4
V1-9-5
V1-9-6
V1-9-7
V1-9-8
V1-9-9
ecc-integration-done
gnupg-1.2.8
gnupg-1.4.10
gnupg-1.4.10rc1
gnupg-1.4.11
gnupg-1.4.12
gnupg-1.4.13
gnupg-1.4.14
gnupg-1.4.15
gnupg-1.4.16
gnupg-1.4.17
gnupg-1.4.18
gnupg-1.4.19
gnupg-1.4.2.2
gnupg-1.4.20
gnupg-1.4.21
gnupg-1.4.22
gnupg-1.4.23
gnupg-1.4.3
gnupg-1.4.3rc1
gnupg-1.4.3rc2
gnupg-1.4.4
gnupg-1.4.5
gnupg-1.4.5rc1
gnupg-1.4.6
gnupg-1.4.7
gnupg-1.4.8
gnupg-1.4.8rc1
gnupg-1.4.8rc2
gnupg-1.4.9
gnupg-1.9.20
gnupg-1.9.21
gnupg-1.9.22
gnupg-1.9.23
gnupg-1.9.90
gnupg-1.9.91
gnupg-1.9.92
gnupg-1.9.93
gnupg-1.9.94
gnupg-1.9.95
gnupg-2.0.0
gnupg-2.0.1
gnupg-2.0.10
gnupg-2.0.10rc1
gnupg-2.0.11
gnupg-2.0.12
gnupg-2.0.13
gnupg-2.0.14
gnupg-2.0.15
gnupg-2.0.15rc1
gnupg-2.0.16
gnupg-2.0.17
gnupg-2.0.18
gnupg-2.0.19
gnupg-2.0.1rc1
gnupg-2.0.2
gnupg-2.0.20
gnupg-2.0.21
gnupg-2.0.22
gnupg-2.0.23
gnupg-2.0.24
gnupg-2.0.25
gnupg-2.0.26
gnupg-2.0.27
gnupg-2.0.28
gnupg-2.0.29
gnupg-2.0.3
gnupg-2.0.30
gnupg-2.0.31
gnupg-2.0.4
gnupg-2.0.5
gnupg-2.0.6
gnupg-2.0.7
gnupg-2.0.8
gnupg-2.0.8rc1
gnupg-2.0.9
gnupg-2.1-base
gnupg-2.1.0
gnupg-2.1.0-beta442
gnupg-2.1.0-beta751
gnupg-2.1.0-beta783
gnupg-2.1.0-beta834
gnupg-2.1.0-beta864
gnupg-2.1.0-beta895
gnupg-2.1.0beta1
gnupg-2.1.0beta2
gnupg-2.1.0beta3
gnupg-2.1.1
gnupg-2.1.10
gnupg-2.1.11
gnupg-2.1.12
gnupg-2.1.13
gnupg-2.1.14
gnupg-2.1.15
gnupg-2.1.16
gnupg-2.1.17
gnupg-2.1.18
gnupg-2.1.19
gnupg-2.1.2
gnupg-2.1.20
gnupg-2.1.21
gnupg-2.1.22
gnupg-2.1.23
gnupg-2.1.3
gnupg-2.1.4
gnupg-2.1.5
gnupg-2.1.6
gnupg-2.1.7
gnupg-2.1.8
gnupg-2.1.9
gnupg-2.2-base
gnupg-2.2.0
gnupg-2.2.1
gnupg-2.2.10
gnupg-2.2.11
gnupg-2.2.12
gnupg-2.2.13
gnupg-2.2.14
gnupg-2.2.15
gnupg-2.2.16
gnupg-2.2.17
gnupg-2.2.18
gnupg-2.2.19
gnupg-2.2.2
gnupg-2.2.20
gnupg-2.2.21
gnupg-2.2.22
gnupg-2.2.23
gnupg-2.2.24
gnupg-2.2.25
gnupg-2.2.26
gnupg-2.2.27
gnupg-2.2.28
gnupg-2.2.29
gnupg-2.2.3
gnupg-2.2.30
gnupg-2.2.31
gnupg-2.2.32
gnupg-2.2.33
gnupg-2.2.34
gnupg-2.2.35
gnupg-2.2.4
gnupg-2.2.5
gnupg-2.2.6
gnupg-2.2.7
gnupg-2.2.8
gnupg-2.2.9
gnupg-2.3-base
gnupg-2.3.0
gnupg-2.3.1
gnupg-2.3.2
gnupg-2.3.3
gnupg-2.3.4
gnupg-2.3.5
gnupg-2.3.6
post-nuke-of-trailing-ws
${ noResults }
gnupg/am
![]() * tpm2d: New directory. * Makefile.am (SUBDIRS): Add directory. * configure.ac: Detect libtss and decide whether to build tpm2d. * am/cmacros.am: Add a define. * util.h (GNUPG_MODULE_NAME_TPM2DAEMON): New. * common/homedir.c (gnupg_module_name): Add tpm2d. * common/mapstrings.c (macros): Add "TPM2DAEMON". * tools/gpgconf.h (GC_COMPONENT_TPM2DAEMON): New. * tools/gpgconf-comp.c (known_options_tpm2daemon): New. (gc_component): Add TPM2. (tpm2daemon_runtime_change): New. * tpm2d/Makefile.am: New. * tpm2d/command.c: New. * tpm2d/ibm-tss.h: New. * tpm2d/tpm2.c: New. * tpm2d/tpm2.h: New. * tpm2d/tpm2daemon.c: New. * tpm2d/tpm2daemon.h: New. --- This commit adds and plumbs in a tpm2daemon to the build to mirror the operation of scdaemon. The architecture of the code is that tpm2daemon.c itself is pretty much a clone of scd/scdaemon.c just with updated function prefixes (this argues there could be some further consolidation of the daemon handling code). Note that although this commit causes the daemon to be built and installed, nothing actually starts it or uses it yet. Command handling ---------------- command.c is copied from the command handler in scd.c except that the command implementation is now done in terms of tpm2 commands and the wire protocol is far simpler. The tpm2daemon only responds to 4 commands IMPORT: import a standard s-expression private key and export it to TPM2 format. This conversion cannot be undone and the private key now can *only* be used by the TPM2. To anyone who gets hold of the private key now, it's just an encrypted binary blob. PKSIGN: create a signature from the tpm2 key. The TPM2 form private key is retrieved by KEYDATA and the hash to be signed by EXTRA. Note there is no hash specifier because the tpm2 tss deduces the hash type from the length of the EXTRA data. This is actually a limitation of the tpm2 command API and it will be interesting to see how this fares if the tpm2 ever supports say sha3-256 hashes. PKDECRYPT: decrypt (RSA case) or derive (ECC case) a symmetric key. The tpm2 for private key is retrieved by KEYDATA and the information used to create the symmetric key by EXTRA. KILLTPM2D: stop the daemon All the tpm2 primitives used by command.c are in tpm2.h and all the tpm2 specific gunk is confined to tpm2.c, which is the only piece of this that actually does calls into the tss library. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Changes from James' patch: - gpgconf: The displayed name is "TPM" and not "TPM2". That string is used by GUIs and should be something the user understands. For example we also use "network" instead of "Dirmngr". - Removed some commented includes. - Use 16 as emulation of GPG_ERR_SOURCE_TPM2. - Silenced a C90 compiler warning and flags unused parameters. - Removed "if HAVE_LIBS" from tpm2/Makefile.am and add missing files so that make distcheck works. Signed-off-by: Werner Koch <wk@gnupg.org> |
1 year ago | |
---|---|---|
.. | ||
cmacros.am | tpm2d: Add tpm2daemon code | 1 year ago |