| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (HAVE_LIBTSS): New acdefine and am_conditional.
* agent/Makefile.am: (gpg_agent_SOURCES): Move tpm files to ...
(gpg_agent_SOURCES) [HAVE_LIBTSS]: ... here.
* agent/agent.h (divert_tpm2_pksign, divert_tpm2_pkdecrypt)
(divert_tpm2_writekey) [!HAVE_LIBTSS]: Add stub functions.
--
This adds a configure stanza to check for the necessary libtss to
support TPM functions. If found, the library functions will be
dynamically loaded, meaning that a system built with TPM2 support will
still execute correctly (obviously minus TPM2 support) if installed
without libtss being present.
Signed-off-by: James Bottomley <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* configure.ac (AC_CHECK_HEADERS): Add tss2/tss.h.
* agent/divert-tpm2.c: Print an error if that file is not available.
* agent/Makefile.am (gpg_agent_SOURCES): Add tpm.h
* agent/command.c (do_one_keyinfo): Replace xstrdup by xtrystrdup.
* agent/protect.c (agent_get_shadow_info_type): Check error of
xtrystrdup.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/divert-tpm2.c: Support ECC.
--
This adds handling for the way gnupg does elliptic keys, namely ECDSA
for signatures and using ECDH with an ephemeral key to generate an
encrypted message. The main problem is that the TPM2 usually has a
very small list of built in curves and it won't handle any others.
Thanks to TCG mandates, all TPM2 systems in the USA should come with
NIST P-256, but do not come with the Bernstien curve 25519, so the
only way to use the TPM2 to protect an elliptic curve key is first to
create it with a compatible algorithm.
Signed-off-by: James Bottomley <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (cmdKEYTOTPM): New enum value.
(cmds): New command "keytotpm".
(keyedit_menu): Implement cmdKEYTOTPM.
--
Exactly like the gpg --edit-key command keytosc, keytotpm has been
added which immedately converts the private key file to TPM shadowed
form. Once this is done, the key cannot be recovered and may only be
used via the TPM of the computer system on which the conversion was
done. If that system is ever lost, or its TPM cleared, the shadowed
key becomes unusable.
Signed-off-by: James Bottomley <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/divert-tpm2.c: New.
* Makefile.am (gpg_agent_SOURCES): Add it.
* agent/command.c (do_one_keyinfo): Fake serialno for TPM.
(cmd_keytotpm): New.
(register_commands): Register KEYTOTPM command.
* agent/pkdecrypt.c (agent_pkdecrypt): Divert to TPM.
* agent/pksign.c (agent_pksign_do): Divert to TPM.
--
This code installs diversions for pksign and pkdecrypt to do the
operations via the TPM if a TPM shadowed key is present. It also adds
an extra assuan command KEYTOTPM which moves an existing private key
to a TPM shadowed key.
The way TPM shadowing works is that the public and private key parts
are fed in to the TPM command TPM2_Import. The output of this command
is a TPM specific public and private key data where the private key
data is symmetrically encrypted using a TPM internal key. If this
physical TPM is ever lost or cleared, that TPM internal key will
likewise be lost and nothing will ever be able to read the private
key. Once the import is done, the shadow information for the key is
updated to be a three part list consisting of the parent key (hard
coded to 81000001 which is the Microsoft preferred RSA incarnation of
the storage seed) and the public and private TPM data blobs.
Now when a TPM shadowed key is used, the data blobs must be loaded
into the TPM with TPM2_Load before any operation can be performed.
Signed-off-by: James Bottomley <[email protected]>
- Added ChangeLog entries
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/tpm2.c: New.
* agent/Makefile.am (gpg_agent_SOURCES): Add new file.
(gpg_agent_LDFLAGS): Add DL_LIBS.
* agent/tpm2.h: New.
--
This commit adds code to handle the three specific functions needed to
make the agent TPM aware, namely the ability to load a key from shadow
information, the ability to sign a digest with that key, the ability
to decrypt with the key and the ability to import a key to the TPM.
The TPM2 is a bit of an esoteric beast, so all TPM specific callouts
are confined inside this code. Additionaly, it requires the tss2
library to function, so the code is designed such that if the library
isn't present then all TPM functions simply fail. This allows the
code to be compiled with TPM support, but not require that the support
library be present on the system.
Signed-off-by: James Bottomley <[email protected]>
- Added ChangeLog entries.
- Added DL_LIBS.
- Removed one -Wdeclaration-after-statement case.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/findkey.c (agent_key_info_from_file): Add new return arg
r_shadow_info_type.
* agent/protect.c (agent_shadow_key): Factor code out to ...
(agent_shadow_key_type): new. Add arg 'type'.
(agent_get_shadow_info): Factor code out to ...
(agent_get_shadow_info_type): new. Add arg 'shadow_type'.
(agent_is_tpm2_key): New.
(agent_get_shadow_type): New.
* agent/command.c (do_one_keyinfo): Get and check the
shadow_info_type.
--
For TPM support it is necessary to indroduce another type of shadow
key, so allow other agent functions to extract the type so they can
make the right decisions based on it.
Signed-off-by: James Bottomley <[email protected]>
Added ChangeLog entries.
Signed-off-by: Werner Koch <[email protected]>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* agent/cache.c (agent_cache_housekeeping): New func.
* agent/gpg-agent.c (handle_tick): Call it.
--
This change mitigates the risk of having cached items in a post mortem
dump.
GnuPG-bug-id: 3829
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
--
Sorry, I accidentally pushed the last commit without having amended it
with this fix.
Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and
grp3.
* g10/call-agent.c (unhexify_fpr): Allow for space as delimiter.
(learn_status_cb): Parse KEYPARIINFO int the grpX fields.
* g10/card-util.c (print_keygrip): New.
(current_card_status): Print "grp:" records or with --with-keygrip a
human readable keygrip.
--
Suggested-by: Peter Lebbing <[email protected]>
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tools/gpgconf-comp.c (get_config_filename): Allow UNC paths.
--
The homedir of GnuPG on Windows can be on a network share
e.g. if %APPDATA% is redirected to a network share. The
file API calls work and GnuPG itself works nicely
with such paths so gpgconf should work with them, too.
GnuPG-Bug-Id: T3818
Signed-off-by: Andre Heinecke <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle two more
error codes.
--
Handle the two possible connect failures related to missing IPv6 support
gracefully by marking the host dead and retrying with another one.
If IPv6 is disabled via procfs, connect() will return EADDRNOTAVAIL.
If IPv6 is not compiled into the kernel, it will return EAFNOSUPPORT.
This makes it possible to use dual-stack hkp servers on hosts not having
IPv6 without random connection failures.
GnuPG-bug-id: 3331
--
The above description seems to be for Linux, so it is possible that
other systems might behave different. However, it is worth to try
this patch.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| | |
--
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad.
(write_final_chunk): Do not increase chunkindex.
(do_flush): Call set_nonce_and_ad immediately before the first
encryption of a chunk. Bump up the chunkindex after writing the tag.
(do_free): Do not insert a zero length last chunk.
* g10/decrypt-data.c (aead_underflow): Fix the corresponding bug.
--
This fixes a bug in writing a zero length last chunk right before the
final chunk (which has by design a zero length). We also need to
adjust the decryption part because that assumed this zero length last
chunk.
Note that we use the term "last chunk" for the chunk which directly
precedes the "final chunk" which ends the entire encryption.
GnuPG-bug-id: 3774
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ...
(set_nonce_and_ad): new function.
(write_auth_tag): Print error message here.
(do_flush): Rename var newchunk to finalize.
--
There is no need to have separate functions here. We should also
print a error message for writing the final tag.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/decrypt-data.c (aead_set_nonce, aead_set_ad): Merge into ...
(aead_set_nonce_and_ad): new single function. Change callers.
(decrypt_data): Do not set the nonce and ad here.
(aead_underflow): Get rid of the LAST_CHUNK_DONE hack.
--
The main change here is that we now re-init the context only right
before we decrypt and not after a checktag.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/decrypt-data.c (aead_underflow): Factor reading and checking
code code out to ...
(fill_buffer, aead_checktag): new functions.
--
Here is a simple test script to check against a set of encrypted files
with naming convention like "symenc-aead-eax-c6-56.asc"
# ------------------------ >8 ------------------------
set -e
GPG=../g10/gpg
for file in "$@"; do
echo "${file##*/}" | ( IFS=- read dummy1 dummy2 mode cbyte len rest
len="${len%.*}"
cbyte="${cbyte#c}"
[ "$dummy1" != "symenc" -o "$dummy2" != "aead" ] && continue
echo "checking mode=$mode chunkbyte=$cbyte length=$len"
if ! $GPG --no-options --rfc4880bis --batch --passphrase "abc" \
-d < $file >tmp.plain 2>/dev/null; then
echo "Decryption failed for $file" >&2
exit 2
fi
plainlen=$(wc -c <tmp.plain)
if [ $plainlen -ne $len ]; then
echo "Plaintext length mismatch for $file (want=$len have=$plainlen)" >&2
exit 2
fi
)
done
echo "all files are okay" >&2
# ------------------------ 8< ------------------------
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* g10/cipher.c: Rename to ...
* g10/cipher-cfb.c: this.
--
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/cipher-aead.c (write_final_chunk): Do not bump up the chunk
index if the previous chunk was empty.
* g10/decrypt-data.c (aead_underflow): Likewise. Also handle a other
corner cases. Add more debug output.
--
GnuPG-bug-id: 3774
This fixes the reported case when the encrypted data is a multiple of
the chunk size. Then the chunk index for the final chunk was wrongly
incremented by 2. The actual fix makes use of the fact that the
current dfx->CHUNKLEN is 0 in this case. There is also some other
reorganizing to help with debugging. The thing seems to work now but
the code is not very clean - should be reworked. Creating test files
can be done with this script:
--8<---------------cut here---------------start------------->8---
csize=6
for len in 0 55 56 57; do
awk </dev/null -v i=$len 'BEGIN{while(i){i--;printf"~"}}' \
| gpg --no-options -v --rfc4880bis --batch --passphrase "abc" \
--s2k-count 1025 --s2k-digest-algo sha256 -z0 \
--force-aead --aead-algo eax --cipher aes -a \
--chunk-size $csize -c >symenc-aead-eax-c$csize-$len.asc
done
--8<---------------cut here---------------end--------------->8---
A LEN of 56 triggered the bug which can be seen by looking at the
"authdata:" line in the --debug=crypt,filter output.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algo.
--
GnuPG-bug-id: 3795
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
|
| |\| |
|
| | |
| |
| |
| | |
--
|
| | |
| |
| |
| | |
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/keydb.c (parse_keyblock_image): Use log_info instead of
log_error for skipped packets.
* g10/keyring.c (keyring_get_keyblock): Ditto.
--
log_info should be sufficient and makes this more robust. Some
tools (e.g. Enigmail) are too picky on return codes from gpg.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm
by agent_probe_secret_key.
(get_pubkey_fromfile, lookup): Supply WANT_SECRET argument.
--
GnuPG-bug-id: 1967
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit 0a76611294998ae34b9d9ebde484ef8ad3a9a3a6)
|
| | |
| |
| |
| |
| |
| |
| | |
--
GnuPG-bug-id: 3788
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
--
Now installs a git patch prefix.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| | |
--
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tools/gpg-wks-client.c (get_key_status_parm_s)
(get_key_status_cb, get_key): Move to ...
* tools/wks-util.c: ...here.
(get_key): Rename to wks_get_key.
* tools/gpg-wks-server.c: Include userids.h.
(command_install_key): Allow use of a fingerprint.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tools/wks-util.c (wks_filter_uid): Add arg 'binary'.
* tools/gpg-wks-server.c (main): Expect 2 args for --install-key.
(write_to_file): New.
(check_and_publish): Factor some code out to ...
(compute_hu_fname): ... new.
(command_install_key): Implement.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tools/gpg-wks.h (policy_flags_s): Add field 'submission_address'.
* tools/wks-util.c (wks_parse_policy): Parse that field.
(wks_free_policy): New.
* tools/gpg-wks-client.c (command_send): Also try to take the
submission-address from the policy file. Free POLICY.
* tools/gpg-wks-server.c (process_new_key): Free POLICYBUF.
(command_list_domains): Free POLICY.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| | |
--
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
--
This can be used to build GnuPG with static versions of the core
gnupg libraries. For example:
make -f build-aux/speedo.mk STATIC=1 SELFCHECK=0 \
INSTALL_PREFIX=/somewhere/gnupg22 native
The SELFCHECK=0 is only needed to build from a non-released version.
You don't need it with a released tarball.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN
checking.
(blob_cmp_fpr_part): Ditto.
(blob_cmp_name): Ditto.
(blob_cmp_mail): Ditto.
(blob_x509_has_grip): Ditto.
(keybox_get_keyblock): Check OFF and LEN using a 64 bit var.
(keybox_get_cert): Ditto.
--
On most 32 bit systems size_t is 32 bit and thus the check
size_t cert_off = get32 (buffer+8);
size_t cert_len = get32 (buffer+12);
if (cert_off+cert_len > length)
return gpg_error (GPG_ERR_TOO_SHORT);
does not work as intended for all supplied values. The simplest
solution here is to cast them to 64 bit.
In general it will be better to avoid size_t at all and work with
uint64_t. We did not do this in the past because uint64_t was not
universally available.
GnuPG-bug-id: 3770
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/keyedit.c (keyedit_menu): Fix messages.
--
GnuPG-bug-id: 3787
Fixes-commit: a74aeb5dae1f673fcd98b39a6a0496f3c622709a
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| | |
* agent/command.c (cmd_readkey): Set pkbuflen to the length of the output
without an extra '\0' byte.
|
| | |
| |
| |
| |
| |
| | |
* sm/export.c (gpgsm_p12_export): Free KEYGRIP.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* sm/export.c (sexp_to_kparms): Fix the computation of array[6],
which must be 'd mod (q-1)' but was 'p mod (q-1)'.
--
This bug is not serious but makes some consistency checks fail.
For example, 'openssl rsa -check' reports the following error:
$ gpgsm --out my.key --export-secret-key-raw 0xXXXXXXXX
$ openssl rsa -check -noout -inform DER -in my.key
RSA key error: dmq1 not congruent to d
--
Let me(wk) add this:
This bug was introduced with
Fixes-commit: 91056b1976bfb7b755e53b1302f4ede2b5cbc05d
right at the start of GnuPG 2.1 in July 2010. Before that (in 2.0) we
used gpg-protect-tool which got it right. We probably never noticed
this because gpgsm, and maybe other tools too, fix things up during
import.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--
This fixes a potential overflow if LFs are passed to the status
string functions. This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing. In any case the functions need to be more robust and
comply to the promised interface. Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.
For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.
Reported-by: private_pers
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO.
--
Length check added by gniibe.
Signed-off-by: Arnaud Fontaine <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
with no data.
--
When GET_DATA returns no data with success (90 00), this routine
firstly returned buffer with length zero, and secondly (with cache)
returned NULL, which is inconsistent. Now, it returns NULL for both
cases.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| | |
* doc/examples/vsnfd.prf: Set complaince mode for gpgsm.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* configure.ac (HAVE_PSELECT_NO_EINTR): New.
* scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
(handle_connections): Use pipe.
--
On NetBSD, signal to the same process cannot unblock pselect,
with unknown reason. Use pipe instead, for such systems.
GnuPG-bug-id: 3778
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| | |
--
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tests/asschk.c: Don't define __func__ if available.
--
NetBSD 7.0 has __func__ defined.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* dirmngr/server.c: Add error comment in case --resolve fails in
ensure_keyserver.
--
GnuPG-bug-id: 3756
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| | |
--
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| | |
--
Also sorted the list.
|
