mirror of
git://git.gnupg.org/gnupg.git
synced 2024-10-31 20:08:43 +01:00
92b601fcee
* agent/command.c (cmd_keytotpm): New. (agent/command.c): Register new command KEYTOTPM. * g10/call-agent.c (agent_keytotpm): New. * g10/keyedit.c (cmdKEYTOTPM): New command "keytotpm". (keyedit_menu): Implement. -- The plumbing is done in two parts: the agent is modified to understand a KEYTOTPM assuan command taking the key grip as an argument. This simply obtains the key s expression and calls the existing writeky diversion to the tpm2daemon. The daemon reponds with the TPM conversion of the key and that key is then stored in the keyfile as a shadowed-private-key with "tpm2-v1" type. To effect the conversion, all the user does from gpg --edit-key is select which private key they wish to move (or move the primary if no key is selected) and type keytotpm. The conversion to TPM form is instantaneous and once converted, the actual key cannot be recovered, meaning that if you want your gpg key to move to a new laptop you must keep an unconverted backup copy in a safe location. When you do a list command, all TPM keys show up as card-no: TPM-Protected The key is stored encrypted to the TPM2 storage seed and since each TPM has a unique seed, only the single TPM contained in your laptop can now read the key. This means you cannot simply copy the shadowed key file over to a new laptop, you must copy over the backup copy and then convert it to TPM form on the new laptop. To decomission your laptop, execute a tssclear command which regenerates the storage seed and effectively shreds all keys. Note when you have done this *every* TPM2 shadowed private key becomes unreadable by any TPM and all are effectively destroyed. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Very minor cosmetic changes. Signed-off-by: Werner Koch <wk@gnupg.org>
148 lines
3.7 KiB
C
148 lines
3.7 KiB
C
#include <config.h>
|
|
#include <errno.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <ctype.h>
|
|
#include <assert.h>
|
|
#include <unistd.h>
|
|
#include <sys/stat.h>
|
|
|
|
#include "agent.h"
|
|
#include "../common/i18n.h"
|
|
#include "../common/sexp-parse.h"
|
|
|
|
int
|
|
divert_tpm2_pksign (ctrl_t ctrl, const char *desc_text,
|
|
const unsigned char *digest, size_t digestlen, int algo,
|
|
const unsigned char *shadow_info, unsigned char **r_sig,
|
|
size_t *r_siglen)
|
|
{
|
|
(void)desc_text;
|
|
(void)algo;
|
|
return agent_tpm2d_pksign(ctrl, digest, digestlen,
|
|
shadow_info, r_sig, r_siglen);
|
|
}
|
|
|
|
|
|
static gpg_error_t
|
|
agent_write_tpm2_shadow_key (ctrl_t ctrl, const unsigned char *grip,
|
|
unsigned char *shadow_info)
|
|
{
|
|
gpg_error_t err;
|
|
unsigned char *shdkey;
|
|
unsigned char *pkbuf;
|
|
size_t len;
|
|
gcry_sexp_t s_pkey;
|
|
|
|
err = agent_public_key_from_file (ctrl, grip, &s_pkey);
|
|
len = gcry_sexp_sprint(s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
|
|
pkbuf = xtrymalloc (len);
|
|
gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, pkbuf, len);
|
|
gcry_sexp_release (s_pkey);
|
|
|
|
err = agent_shadow_key_type (pkbuf, shadow_info, "tpm2-v1", &shdkey);
|
|
xfree (pkbuf);
|
|
if (err)
|
|
{
|
|
log_error ("shadowing the key failed: %s\n", gpg_strerror (err));
|
|
return err;
|
|
}
|
|
|
|
len = gcry_sexp_canon_len (shdkey, 0, NULL, NULL);
|
|
err = agent_write_private_key (grip, shdkey, len, 1 /*force*/,
|
|
NULL, NULL, 0);
|
|
xfree (shdkey);
|
|
if (err)
|
|
log_error ("error writing key: %s\n", gpg_strerror (err));
|
|
|
|
return err;
|
|
}
|
|
|
|
int
|
|
divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip,
|
|
gcry_sexp_t s_skey)
|
|
{
|
|
int ret;
|
|
/* shadow_info is always shielded so no special handling required */
|
|
unsigned char *shadow_info;
|
|
|
|
ret = agent_tpm2d_writekey(ctrl, &shadow_info, s_skey);
|
|
if (!ret) {
|
|
ret = agent_write_tpm2_shadow_key (ctrl, grip, shadow_info);
|
|
xfree (shadow_info);
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
int
|
|
divert_tpm2_pkdecrypt (ctrl_t ctrl, const char *desc_text,
|
|
const unsigned char *cipher,
|
|
const unsigned char *shadow_info,
|
|
char **r_buf, size_t *r_len, int *r_padding)
|
|
{
|
|
const unsigned char *s;
|
|
size_t n;
|
|
|
|
*r_padding = -1;
|
|
|
|
(void)desc_text;
|
|
|
|
s = cipher;
|
|
if (*s != '(')
|
|
return gpg_error (GPG_ERR_INV_SEXP);
|
|
s++;
|
|
n = snext (&s);
|
|
if (!n)
|
|
return gpg_error (GPG_ERR_INV_SEXP);
|
|
if (!smatch (&s, n, "enc-val"))
|
|
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
|
|
if (*s != '(')
|
|
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
|
|
s++;
|
|
n = snext (&s);
|
|
if (!n)
|
|
return gpg_error (GPG_ERR_INV_SEXP);
|
|
if (smatch (&s, n, "rsa"))
|
|
{
|
|
*r_padding = 0;
|
|
if (*s != '(')
|
|
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
|
|
s++;
|
|
n = snext (&s);
|
|
if (!n)
|
|
return gpg_error (GPG_ERR_INV_SEXP);
|
|
if (!smatch (&s, n, "a"))
|
|
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
|
|
n = snext (&s);
|
|
}
|
|
else if (smatch (&s, n, "ecdh"))
|
|
{
|
|
if (*s != '(')
|
|
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
|
|
s++;
|
|
n = snext (&s);
|
|
if (!n)
|
|
return gpg_error (GPG_ERR_INV_SEXP);
|
|
if (smatch (&s, n, "s"))
|
|
{
|
|
n = snext (&s);
|
|
s += n;
|
|
if (*s++ != ')')
|
|
return gpg_error (GPG_ERR_INV_SEXP);
|
|
if (*s++ != '(')
|
|
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
|
|
n = snext (&s);
|
|
if (!n)
|
|
return gpg_error (GPG_ERR_INV_SEXP);
|
|
}
|
|
if (!smatch (&s, n, "e"))
|
|
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
|
|
n = snext (&s);
|
|
}
|
|
else
|
|
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
|
|
|
|
return agent_tpm2d_pkdecrypt (ctrl, s, n, shadow_info, r_buf, r_len);
|
|
}
|