You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branch:
master
ECC-INTEGRATION-2-1
GNUPG-1-9-BRANCH
GNUPG-1-9-BRANCH-MO
GNUPG-TRUNK-MO-HACKS
STABLE-BRANCH-1-0
STABLE-BRANCH-1-2
STABLE-BRANCH-1-4
STABLE-BRANCH-2-0
STABLE-BRANCH-2-2
T3880
T3880-fix
bjk/passphrase-inquire
cb/T5215
cb/test
ccid_driver_improvement
debian-unstable-patch-queue
disallow-v3-keys
dkg-fix-T4566
dkg-fix-T4593
dkg-fix-T4628
dkg-fix-T4652
dkg-fix-T4682
dkg/T1371
dkg/T1967
dkg/fix-4855
dkg/fix-T3995
dkg/fix-T4490
dkg/fix-T4501
dkg/fix-T4507
dkg/fix-T4522
dkg/gpgv-doc-improvement
dkg/no-skel-files
dkg/passphrase-env
ePit-1-0
fix-1950
fix-4393
fix-T3995
fix-T4017
fix-T4018
fix-T4019
gniibe/T4620
gniibe/decryption-key
gniibe/fix-3465
gniibe/pcsc-get-status
gniibe/regexp
gniibe/scd-direct-keygrip
gniibe/scd-kdf-support
gniibe/scd-watch
gniibe/sos
gniibe/x25519
ikloecker/pinentry-formatted-passphrase
ikloecker/t5598-appimage
justus/fix-1788
justus/issue1955
justus/issue2012
justus/issue2700
justus/issue2826-0
justus/libdns-0
justus/scm-9
key-storage-work
master
mo-scd
neal/dirmngr-ldap
neal/encrypted-mailing-lists
neal/issue2236
neal/kdb
neal/next
neal/pending
neal/strsplit
npth
npth-2
npth-3
npth-4
scd-backport-2-0
scd-pin-prompt
scd-work
seckey-sync-work
switch-to-gpgk
tpm-work
wk/g13work
wk/signcode
wk/stable-2.2-global-options
wk/test-master
ABANDONED-V-1-2-0
Beta-2.3.0-beta1598
Beta-2.3.0-beta1655
NEWPG-0-0-0
NEWPG-0-3-0
NEWPG-0-3-1
NEWPG-0-3-10
NEWPG-0-3-2
NEWPG-0-3-3
NEWPG-0-3-4
NEWPG-0-3-5
NEWPG-0-3-6
NEWPG-0-3-7
NEWPG-0-3-8
NEWPG-0-3-9
NEWPG-0-9-0
NEWPG-0-9-1
NEWPG-0-9-2
RC-1-2-1rc1
RC-1-2-2rc1
RC-1-2-2rc2
RC-1-2-3rc1
RC-1-2-3rc2
RC-1-2-4rc1
RC-1-2-5rc1
RC-1-2-5rc2
RC-1-2-6rc1
RC-1-4-1rc1
RC-1-4-1rc2
RC-1-4-2rc1
RC-1-4-2rc2
SNAP-1-0-6a
SNAP-1-0-6b
SNAP-1-0-6c
SNAP-1-0-6d
SNAP-1-0-6e
V-0-2-8
V0-0-0
V0-1-0
V0-2-0
V0-2-10
V0-2-15
V0-2-17
V0-2-18
V0-2-19
V0-2-6
V0-3-0
V0-3-1
V0-3-2
V0-3-3
V0-3-4
V0-3-5
V0-4-0
V0-4-1
V0-4-2
V0-4-3
V0-4-4
V0-4-5
V0-9-0
V0-9-1
V0-9-10
V0-9-11
V0-9-2
V0-9-3
V0-9-4
V0-9-5
V0-9-6
V0-9-7
V0-9-8
V0-9-9
V1-0-0
V1-0-1
V1-0-1-ePit-1
V1-0-2
V1-0-3
V1-0-4
V1-0-5
V1-0-6
V1-0-7
V1-1-0
V1-1-2
V1-1-90
V1-1-91
V1-1-92
V1-2-0
V1-2-1
V1-2-2
V1-2-3
V1-2-4
V1-2-5
V1-2-6
V1-2-7
V1-3-0
V1-3-1
V1-3-2
V1-3-3
V1-3-4
V1-3-5
V1-3-6
V1-3-90
V1-3-91
V1-3-92
V1-3-93
V1-4-0
V1-4-1
V1-4-2
V1-9-0
V1-9-1
V1-9-10
V1-9-11
V1-9-12
V1-9-13
V1-9-14
V1-9-15
V1-9-16
V1-9-17
V1-9-18
V1-9-19
V1-9-2
V1-9-3
V1-9-4
V1-9-5
V1-9-6
V1-9-7
V1-9-8
V1-9-9
ecc-integration-done
gnupg-1.2.8
gnupg-1.4.10
gnupg-1.4.10rc1
gnupg-1.4.11
gnupg-1.4.12
gnupg-1.4.13
gnupg-1.4.14
gnupg-1.4.15
gnupg-1.4.16
gnupg-1.4.17
gnupg-1.4.18
gnupg-1.4.19
gnupg-1.4.2.2
gnupg-1.4.20
gnupg-1.4.21
gnupg-1.4.22
gnupg-1.4.23
gnupg-1.4.3
gnupg-1.4.3rc1
gnupg-1.4.3rc2
gnupg-1.4.4
gnupg-1.4.5
gnupg-1.4.5rc1
gnupg-1.4.6
gnupg-1.4.7
gnupg-1.4.8
gnupg-1.4.8rc1
gnupg-1.4.8rc2
gnupg-1.4.9
gnupg-1.9.20
gnupg-1.9.21
gnupg-1.9.22
gnupg-1.9.23
gnupg-1.9.90
gnupg-1.9.91
gnupg-1.9.92
gnupg-1.9.93
gnupg-1.9.94
gnupg-1.9.95
gnupg-2.0.0
gnupg-2.0.1
gnupg-2.0.10
gnupg-2.0.10rc1
gnupg-2.0.11
gnupg-2.0.12
gnupg-2.0.13
gnupg-2.0.14
gnupg-2.0.15
gnupg-2.0.15rc1
gnupg-2.0.16
gnupg-2.0.17
gnupg-2.0.18
gnupg-2.0.19
gnupg-2.0.1rc1
gnupg-2.0.2
gnupg-2.0.20
gnupg-2.0.21
gnupg-2.0.22
gnupg-2.0.23
gnupg-2.0.24
gnupg-2.0.25
gnupg-2.0.26
gnupg-2.0.27
gnupg-2.0.28
gnupg-2.0.29
gnupg-2.0.3
gnupg-2.0.30
gnupg-2.0.31
gnupg-2.0.4
gnupg-2.0.5
gnupg-2.0.6
gnupg-2.0.7
gnupg-2.0.8
gnupg-2.0.8rc1
gnupg-2.0.9
gnupg-2.1-base
gnupg-2.1.0
gnupg-2.1.0-beta442
gnupg-2.1.0-beta751
gnupg-2.1.0-beta783
gnupg-2.1.0-beta834
gnupg-2.1.0-beta864
gnupg-2.1.0-beta895
gnupg-2.1.0beta1
gnupg-2.1.0beta2
gnupg-2.1.0beta3
gnupg-2.1.1
gnupg-2.1.10
gnupg-2.1.11
gnupg-2.1.12
gnupg-2.1.13
gnupg-2.1.14
gnupg-2.1.15
gnupg-2.1.16
gnupg-2.1.17
gnupg-2.1.18
gnupg-2.1.19
gnupg-2.1.2
gnupg-2.1.20
gnupg-2.1.21
gnupg-2.1.22
gnupg-2.1.23
gnupg-2.1.3
gnupg-2.1.4
gnupg-2.1.5
gnupg-2.1.6
gnupg-2.1.7
gnupg-2.1.8
gnupg-2.1.9
gnupg-2.2-base
gnupg-2.2.0
gnupg-2.2.1
gnupg-2.2.10
gnupg-2.2.11
gnupg-2.2.12
gnupg-2.2.13
gnupg-2.2.14
gnupg-2.2.15
gnupg-2.2.16
gnupg-2.2.17
gnupg-2.2.18
gnupg-2.2.19
gnupg-2.2.2
gnupg-2.2.20
gnupg-2.2.21
gnupg-2.2.22
gnupg-2.2.23
gnupg-2.2.24
gnupg-2.2.25
gnupg-2.2.26
gnupg-2.2.27
gnupg-2.2.28
gnupg-2.2.29
gnupg-2.2.3
gnupg-2.2.30
gnupg-2.2.31
gnupg-2.2.4
gnupg-2.2.5
gnupg-2.2.6
gnupg-2.2.7
gnupg-2.2.8
gnupg-2.2.9
gnupg-2.3-base
gnupg-2.3.0
gnupg-2.3.1
gnupg-2.3.2
post-nuke-of-trailing-ws
${ noResults }
gnupg/am
James Bottomley
62a7854816
* tpm2d: New directory.
* Makefile.am (SUBDIRS): Add directory.
* configure.ac: Detect libtss and decide whether to build tpm2d.
* am/cmacros.am: Add a define.
* util.h (GNUPG_MODULE_NAME_TPM2DAEMON): New.
* common/homedir.c (gnupg_module_name): Add tpm2d.
* common/mapstrings.c (macros): Add "TPM2DAEMON".
* tools/gpgconf.h (GC_COMPONENT_TPM2DAEMON): New.
* tools/gpgconf-comp.c (known_options_tpm2daemon): New.
(gc_component): Add TPM2.
(tpm2daemon_runtime_change): New.
* tpm2d/Makefile.am: New.
* tpm2d/command.c: New.
* tpm2d/ibm-tss.h: New.
* tpm2d/tpm2.c: New.
* tpm2d/tpm2.h: New.
* tpm2d/tpm2daemon.c: New.
* tpm2d/tpm2daemon.h: New.
---
This commit adds and plumbs in a tpm2daemon to the build to mirror the
operation of scdaemon. The architecture of the code is that
tpm2daemon.c itself is pretty much a clone of scd/scdaemon.c just with
updated function prefixes (this argues there could be some further
consolidation of the daemon handling code). Note that although this
commit causes the daemon to be built and installed, nothing actually
starts it or uses it yet.
Command handling
----------------
command.c is copied from the command handler in scd.c except that the
command implementation is now done in terms of tpm2 commands and the
wire protocol is far simpler. The tpm2daemon only responds to 4
commands
IMPORT: import a standard s-expression private key and export it to
TPM2 format. This conversion cannot be undone and the
private key now can *only* be used by the TPM2. To anyone
who gets hold of the private key now, it's just an
encrypted binary blob.
PKSIGN: create a signature from the tpm2 key. The TPM2 form private
key is retrieved by KEYDATA and the hash to be signed by
EXTRA. Note there is no hash specifier because the tpm2
tss deduces the hash type from the length of the EXTRA
data. This is actually a limitation of the tpm2 command
API and it will be interesting to see how this fares if the
tpm2 ever supports say sha3-256 hashes.
PKDECRYPT: decrypt (RSA case) or derive (ECC case) a symmetric key.
The tpm2 for private key is retrieved by KEYDATA and the
information used to create the symmetric key by EXTRA.
KILLTPM2D: stop the daemon
All the tpm2 primitives used by command.c are in tpm2.h and all the
tpm2 specific gunk is confined to tpm2.c, which is the only piece of
this that actually does calls into the tss library.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Changes from James' patch:
- gpgconf: The displayed name is "TPM" and not "TPM2". That
string is used by GUIs and should be something the user
understands. For example we also use "network" instead
of "Dirmngr".
- Removed some commented includes.
- Use 16 as emulation of GPG_ERR_SOURCE_TPM2.
- Silenced a C90 compiler warning and flags unused parameters.
- Removed "if HAVE_LIBS" from tpm2/Makefile.am and add missing
files so that make distcheck works.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
7 months ago | |
|---|---|---|
| .. | ||
| cmacros.am | tpm2d: Add tpm2daemon code | 7 months ago |