[PATCH v3 0/5] Add TPM2 support to gnupg 2.3
James Bottomley
James.Bottomley at HansenPartnership.com
Tue Mar 9 22:50:27 CET 2021
This is a set of patches adding TPM support to gnupg-2.3
The architecture of the patches is that they build if the TSS
libraries are present, but all of the TPM specific code and libraries
is sequestered in tpm2daemon. If this daemon isn't present, gpg will
just run normally except it won't understand TPM keys and the
'keytotpm' command won't work. The reason for this design is so that
distributions can package tpm2daemon separately for gnupg with TPM
support.
These patches also add a testing infrastructure which uses a software
TPM to run the tpm2daemon through its usual operations.
Changes from v2 are
* add a check for a leading 0 in the rsa signature
* refactor the tpm2 support to make for easy TSS porting. Initial code
is for the IBM TSS
* add tests
* add experimental support for the Intel TSS. This is the last patch and
can be dropped without affecting any functionality.
For those who want to try it out, I've created a git tree with these
patches in at
https://git.kernel.org/pub/scm/linux/kernel/git/jejb/gnupg.git
The master-tpm-daemon branch is current 2.3 with the TPM patches
James
---
James Bottomley (5):
tpm2d: Add tpm2daemon code
agent: Add new shadow key type and functions to call tpm2daemon
g10: add new command keytotpm to convert a private key to TPM format
tpm2d: add tests for the tpm2daemon
Add Support for the Intel TSS
Makefile.am | 7 +-
agent/Makefile.am | 5 +
agent/agent.h | 50 ++
agent/call-daemon.c | 3 +-
agent/call-tpm2d.c | 248 ++++++
agent/command.c | 57 ++
agent/divert-tpm2.c | 144 +++
agent/gpg-agent.c | 4 +
agent/keyformat.txt | 12 +-
agent/pkdecrypt.c | 8 +-
agent/pksign.c | 16 +-
am/cmacros.am | 3 +
common/homedir.c | 7 +
common/mapstrings.c | 1 +
common/util.h | 1 +
configure.ac | 76 ++
g10/call-agent.c | 22 +
g10/call-agent.h | 3 +
g10/keyedit.c | 45 +-
tests/Makefile.am | 3 +
tests/tpm2dtests/Makefile.am | 79 ++
tests/tpm2dtests/all-tests.scm | 81 ++
tests/tpm2dtests/defs.scm | 473 ++++++++++
tests/tpm2dtests/ecc.scm | 23 +
tests/tpm2dtests/longpassphrase.scm | 36 +
tests/tpm2dtests/rsa.scm | 13 +
tests/tpm2dtests/run-tests.scm | 43 +
tests/tpm2dtests/setup.scm | 48 +
tests/tpm2dtests/shell.scm | 51 ++
tests/tpm2dtests/unimportable.scm | 28 +
tools/gpgconf-comp.c | 62 +-
tools/gpgconf.h | 3 +
tpm2d/Makefile.am | 18 +
tpm2d/command.c | 508 +++++++++++
tpm2d/ibm-tss.h | 378 ++++++++
tpm2d/intel-tss.h | 667 ++++++++++++++
tpm2d/tpm2.c | 985 ++++++++++++++++++++
tpm2d/tpm2.h | 38 +
tpm2d/tpm2daemon.c | 1289 +++++++++++++++++++++++++++
tpm2d/tpm2daemon.h | 104 +++
40 files changed, 5629 insertions(+), 13 deletions(-)
create mode 100644 agent/call-tpm2d.c
create mode 100644 agent/divert-tpm2.c
create mode 100644 tests/tpm2dtests/Makefile.am
create mode 100644 tests/tpm2dtests/all-tests.scm
create mode 100644 tests/tpm2dtests/defs.scm
create mode 100644 tests/tpm2dtests/ecc.scm
create mode 100644 tests/tpm2dtests/longpassphrase.scm
create mode 100644 tests/tpm2dtests/rsa.scm
create mode 100644 tests/tpm2dtests/run-tests.scm
create mode 100644 tests/tpm2dtests/setup.scm
create mode 100644 tests/tpm2dtests/shell.scm
create mode 100644 tests/tpm2dtests/unimportable.scm
create mode 100644 tpm2d/Makefile.am
create mode 100644 tpm2d/command.c
create mode 100644 tpm2d/ibm-tss.h
create mode 100644 tpm2d/intel-tss.h
create mode 100644 tpm2d/tpm2.c
create mode 100644 tpm2d/tpm2.h
create mode 100644 tpm2d/tpm2daemon.c
create mode 100644 tpm2d/tpm2daemon.h
--
2.26.2
More information about the Gnupg-devel
mailing list