| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/asshelp.c (log_libassuan_system_error): New.
* agent/gpg-agent.c (create_server_socket): Use new log function.
(handle_connections): Log system error code for a failed accept.
* dirmngr/dirmngr.c (handle_connections): Ditto.
* kbx/keyboxd.c (handle_connections): Ditto.
* scd/scdaemon.c (handle_connections): Ditto.
* tpm2d/tpm2daemon.c (handle_connections): Ditto.
* dirmngr/dirmngr.c (main): Log system error code for a failed bin.
* kbx/keyboxd.c (create_server_socket): Ditto.
* scd/scdaemon.c (create_server_socket): Ditto.
* tpm2d/tpm2daemon.c (create_server_socket): Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (handle_connections): It's for POSIX.
* kbx/keyboxd.c (handle_connections): Ditto.
* scd/app.c (handle_connections): Ditto.
* scd/scdaemon.c (handle_connections): Ditto.
tpm2d/tpm2daemon.c (handle_connections): Ditto.
* tests/gpgscm/ffi.c (do_pipe): Use GNUPG_PIPE_BOTH.
(do_inbound_pipe): Use GNUPG_PIPE_INBOUND.
(do_outbound_pipe): Use GNUPG_PIPE_OUTBOUND.
* common/call-gpg.c (_gpg_encrypt): Specify outbound and inbound.
(_gpg_decrypt): Likewise.
* common/exechelp-posix.c (gnupg_create_pipe): Add an argument.
* common/exechelp-w32.c (create_pipe_and_estream): Care about
how PIPE handles are inherited to child process.
(gnupg_create_pipe): Add an argument.
* common/exechelp.h: Add enum values.
--
Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* tpm2d/tpm2.c (tpm2_import_key): Set the lengths from right
variables.
--
Fixes-commit: d631c8198c254107c0a4e704511fa0f33d3dda5f
GnuPG-bug-id: 7186
Signed-off-by: Jakub Jelen <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
--
These are non-substantive corrections for minor spelling mistakes
within the GnuPG codebase.
With something like this applied to the codebase, and a judiciously
tuned spellchecker integrated as part of a standard test suite, it
should be possible to keep a uniform orthography within the project.
GnuPG-bug-id: 7116
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tpm2d/command.c (cmd_pkdecrypt): Handle unknown algo. Also slightly
rework error handling.
* tpm2d/tpm2.c (sexp_to_tpm2_public_ecc): Check length before checking
for 0x04. Rework error handling.
(tpm2_ObjectPublic_GetName): Check the return value of
TSS_GetDigestSize before use. Erro handling rework.
(tpm2_SensitiveToDuplicate): Ditto.
(tpm2_import_key): Ditto.
* tpm2d/intel-tss.h (TSS_Hash_Generate): Check passed length for
negative values. Check return value of TSS_GetDigestSize. Use
dedicated 16 bit length variable.
--
These are reworked and improved fixes as reported in
GnuPG-bug-id: 7129
|
| |
|
|
|
| |
* tpm2d/intel-tss.h (TSS_Create): Replace fprintf logging by
log_error.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tpm2d/tpm2.c (tpm2_SensitiveToDuplicate): Don't use the cast
of (TPM2B *).
--
While it works (since the actual access is done by the macros),
compiler may complain the alignment property of type BYTE * and TPM2B
object is different.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* tpm2d/tpm2daemon.c (main): Use ASSUAN_CONTROL_REINIT_SYSCALL_CLAMP.
--
Fixes-commit: 9e4d52223945d677c1ffcb0e20dae48299e9aae1
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* tpm2d/intel-tss.h (TSS_Create): Check SWTPM.
--
Signed-off-by: James Bottomley <[email protected]>
|
| |
|
|
|
|
|
|
| |
* tpm2d/tpm2daemon.c (main): Use ASSUAN_CONTROL_REINIT_SYSCALL_CLAMP.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (thread_init_once): Call assuan_control.
* g10/gpg.c (main): Likewise.
* g13/g13.c (main): Likewise.
* kbx/keyboxd.c (thread_init_once): Likewise.
* scd/scdaemon.c (main): Likewise.
* sm/gpgsm.c (main): Likewise.
* tpm2d/tpm2daemon.c (main): Likewise.
--
GnuPG-bug-id: 6606
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(initialize_modules): Don't call assuan_set_system_hooks.
(main): Don't call assuan_sock_set_system_hooks.
* dirmngr/dirmngr.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(thread_init): Don't call assuan_set_system_hooks.
* g10/gpg.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
* g13/g13.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Set the syscall clamp with gpgrt_set_syscall_clamp.
Don't call assuan_set_system_hooks.
* kbx/keyboxd.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(initialize_modules): Don't call assuan_set_system_hooks.
(main): Don't call assuan_sock_set_system_hooks.
* scd/scdaemon.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
* sm/gpgsm.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
* tpm2d/tpm2daemon.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
--
GnuPG-bug-id: 6606
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (handle_connections): Use assuan_sock_accept.
* dirmngr/dirmngr.c (handle_connections): Ditto.
* kbx/keyboxd.c (handle_connections): Ditto.
* scd/scdaemon.c (handle_connections): Ditto.
* tpm2d/tpm2daemon.c (handle_connections): Ditto.
--
GnuPG-bug-id: 6599
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/sysutils.h (FD2NUM): New.
* agent/call-pinentry.c (watch_sock): Use FD2NUM.
* agent/gpg-agent.c (handle_connections): Likewise.
* dirmngr/dirmngr.c (handle_connections): Likewise.
* dirmngr/http.c (connect_with_timeout): Likewise.
* kbx/keyboxd.c (handle_connections): Likewise.
* scd/scdaemon.c (handle_connections): Likewise.
* tpm2d/tpm2daemon.c (handle_connections): Likewise.
--
GnuPG-bug-id: 6598
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/sysutils.h (FD_DBG): New.
* agent/gpg-agent.c (check_nonce): Use FD_DBG.
(do_start_connection_thread, start_connection_thread_ssh): Likewise.
* common/iobuf.c (fd_cache_close, file_filter, do_open): Likewise.
(do_iobuf_fdopen): Likewise.
* dirmngr/dirmngr.c (check_nonce, start_connection_thread)
(handle_connections): Likewise.
* dirmngr/http.c (_my_socket_new, _my_socket_ref): Likewise.
(_my_socket_unref): Likewise.
* g10/decrypt.c (decrypt_message_fd): Likewise.
* g10/encrypt.c (encrypt_crypt): Likewise.
* g10/openfile.c (open_outfile): Likewise.
* g10/plaintext.c (get_output_file, hash_datafile_by_fd): Likewise.
* g10/verify.c (gpg_verify): Likewise.
* kbx/keyboxd.c (check_nonce, do_start_connection_thread): Likewise.
* scd/scdaemon.c (start_connection_thread): Likewise.
(handle_connections): Likewise.
* sm/gpgsm.c (open_es_fread, open_es_fwrite): Likewise.
* tpm2d/tpm2daemon.c (start_connection_thread): Likewise.
(handle_connections): Likewise.
--
GnuPG-bug-id: 6597
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
--
Fixes-commit: 18eff31496a34156d58d757a2a110bcfde6c9908
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/command.c (scd_command_handler): Use gnupg_fd_t for the argument
but no INT2FD to listen. Use GNUPG_INVALID_FD.
* tpm2d/command.c (tpm2d_command_handler): Likewise.
* scd/scdaemon.c (start_connection_thread): Follow the change.
* tpm2d/tpm2daemon.c (start_connection_thread): Likewise.
* scd/scdaemon.h (scd_command_handler): Use gnupg_fd_t.
* tpm2d/tpm2daemon.h (tpm2d_command_handler): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tpm2d/tpm2daemon.c (main): Use gnupg_fd_t for socket, and use
assuan_sock_close for the socket allocated by assuan_sock_new.
(handle_connections): Use gnupg_fd_t for listen_fd.
Use assuan_sock_close for the socket by npth_accept.
--
Apply the same change of scdaemon to tpm2daemon.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/findkey.c (unprotect): Use gnupg_sleep.
* agent/gpg-agent.c (handle_connections): Likewise.
* dirmngr/crlfetch.c (handle_connections): Likewise.
* kbx/keyboxd.c (handle_connections): Likewise.
* tpm2d/tpm3daemon.c (handle_connections): Likewise.
* scd/scdaemon.c (handle_connections): Likewise.
* scd/command.c (cmd_lock): Likewise.
* dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise.
(ldap_wrapper_wait_connections): Use gnupg_usleep.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Check for Intel TSS.
* tpm2d/intel-tss.h: New.
* tpm2d/tpm2.h (HAVE_INTEL_TSS): Use the Intel code.
--
The Intel TSS is somewhat of a moving target, so this wraps support
for this TSS into tpm2daemon. Unfortunately this wrapper uses some
APIs that are only present in a relatively recent Intel TSS, so it
looks like it will only work with version 2.4.0 or higher.
Signed-off-by: James Bottomley <[email protected]>
- Add header blurb; see previous patch.
- Add new file to the Makefile
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
--
Confirmed by James Bottomley; see
https://lists.gnupg.org/pipermail/gnupg-devel/2021-March/034755.html
Signed-off-by: Werner Koch <[email protected]>
|
|
|
* tpm2d: New directory.
* Makefile.am (SUBDIRS): Add directory.
* configure.ac: Detect libtss and decide whether to build tpm2d.
* am/cmacros.am: Add a define.
* util.h (GNUPG_MODULE_NAME_TPM2DAEMON): New.
* common/homedir.c (gnupg_module_name): Add tpm2d.
* common/mapstrings.c (macros): Add "TPM2DAEMON".
* tools/gpgconf.h (GC_COMPONENT_TPM2DAEMON): New.
* tools/gpgconf-comp.c (known_options_tpm2daemon): New.
(gc_component): Add TPM2.
(tpm2daemon_runtime_change): New.
* tpm2d/Makefile.am: New.
* tpm2d/command.c: New.
* tpm2d/ibm-tss.h: New.
* tpm2d/tpm2.c: New.
* tpm2d/tpm2.h: New.
* tpm2d/tpm2daemon.c: New.
* tpm2d/tpm2daemon.h: New.
---
This commit adds and plumbs in a tpm2daemon to the build to mirror the
operation of scdaemon. The architecture of the code is that
tpm2daemon.c itself is pretty much a clone of scd/scdaemon.c just with
updated function prefixes (this argues there could be some further
consolidation of the daemon handling code). Note that although this
commit causes the daemon to be built and installed, nothing actually
starts it or uses it yet.
Command handling
----------------
command.c is copied from the command handler in scd.c except that the
command implementation is now done in terms of tpm2 commands and the
wire protocol is far simpler. The tpm2daemon only responds to 4
commands
IMPORT: import a standard s-expression private key and export it to
TPM2 format. This conversion cannot be undone and the
private key now can *only* be used by the TPM2. To anyone
who gets hold of the private key now, it's just an
encrypted binary blob.
PKSIGN: create a signature from the tpm2 key. The TPM2 form private
key is retrieved by KEYDATA and the hash to be signed by
EXTRA. Note there is no hash specifier because the tpm2
tss deduces the hash type from the length of the EXTRA
data. This is actually a limitation of the tpm2 command
API and it will be interesting to see how this fares if the
tpm2 ever supports say sha3-256 hashes.
PKDECRYPT: decrypt (RSA case) or derive (ECC case) a symmetric key.
The tpm2 for private key is retrieved by KEYDATA and the
information used to create the symmetric key by EXTRA.
KILLTPM2D: stop the daemon
All the tpm2 primitives used by command.c are in tpm2.h and all the
tpm2 specific gunk is confined to tpm2.c, which is the only piece of
this that actually does calls into the tss library.
Signed-off-by: James Bottomley <[email protected]>
Changes from James' patch:
- gpgconf: The displayed name is "TPM" and not "TPM2". That
string is used by GUIs and should be something the user
understands. For example we also use "network" instead
of "Dirmngr".
- Removed some commented includes.
- Use 16 as emulation of GPG_ERR_SOURCE_TPM2.
- Silenced a C90 compiler warning and flags unused parameters.
- Removed "if HAVE_LIBS" from tpm2/Makefile.am and add missing
files so that make distcheck works.
Signed-off-by: Werner Koch <[email protected]>
|
