[PATCH GnuPG 0/9] Fix TPM support tests

James Bottomley James.Bottomley at HansenPartnership.com
Fri Jun 23 23:05:37 CEST 2023


On Tue, 2023-06-20 at 09:10 -0400, James Bottomley via Gnupg-devel
wrote:
> On Tue, 2023-06-20 at 08:13 +0200, Werner Koch via Gnupg-devel wrote:
> > On Mon, 19 Jun 2023 22:32, James Bottomley said:
> > > on opensuse).  I think the hack is actually the best way because
> > > the corresponding KEYTOCARD would delete the key as well before
> > > rescanning the card.
> > 
> > I agree for the TPM.  For keytocard with smartcards it is common
> > not
> > to do a "save" and thus keep the original on-disk key.  This allows
> > to copy a key to several cards as a backup.
> 
> OK, I'll try to package this up as a patch.  I'm still a bit worried
> about the error handling: if agent_shadow_key_type() fails and the
> user does a quit with save, we'll have deleted the private key.  Is
> there some way to force an abort without saving?

OK, this is what I came up with.  The error handling tries to rewrite
the secret key if something goes wrong with the shadow write, which at
least attempts to put stuff back, but I'd still prefer some ability not
to delete it in the first place.

James

-----8>8>8><8<8<8----
From: James Bottomley <James.Bottomley at HansenPartnership.com>
Subject: [PATCH] agent: fix tpm2d key to tpm handling

commit: 2783b786a ("agent: Do not overwrite a key file by a shadow key
file.")  broke keytotpm because you can no longer overwrite a
non-shadowed secret key, now you must first delete it.  Fix KEYTOTPM
by deleting the key before writing it.

Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
---
 agent/divert-tpm2.c | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/agent/divert-tpm2.c b/agent/divert-tpm2.c
index b2f884f93..64a66f5a5 100644
--- a/agent/divert-tpm2.c
+++ b/agent/divert-tpm2.c
@@ -28,7 +28,7 @@ static gpg_error_t
 agent_write_tpm2_shadow_key (ctrl_t ctrl, const unsigned char *grip,
 			     unsigned char *shadow_info)
 {
-  gpg_error_t err;
+  gpg_error_t err, err1;
   unsigned char *shdkey;
   unsigned char *pkbuf;
   size_t len;
@@ -38,14 +38,20 @@ agent_write_tpm2_shadow_key (ctrl_t ctrl, const unsigned char *grip,
   len = gcry_sexp_sprint(s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
   pkbuf = xtrymalloc (len);
   gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, pkbuf, len);
-  gcry_sexp_release (s_pkey);
 
   err = agent_shadow_key_type (pkbuf, shadow_info, "tpm2-v1", &shdkey);
   xfree (pkbuf);
   if (err)
     {
-      log_error ("shadowing the key failed: %s\n", gpg_strerror (err));
-      return err;
+      log_error ("shadowing the tpm key failed: %s\n", gpg_strerror (err));
+      goto out_free;
+    }
+
+  err = agent_delete_key (ctrl, NULL, grip, 1, 0);
+  if (err)
+    {
+      log_error ("failed to delete unshadowed key: %s\n", gpg_strerror (err));
+      goto out_free;
     }
 
   len = gcry_sexp_canon_len (shdkey, 0, NULL, NULL);
@@ -53,9 +59,22 @@ agent_write_tpm2_shadow_key (ctrl_t ctrl, const unsigned char *grip,
                                  NULL, NULL, NULL, 0);
   xfree (shdkey);
   if (err)
-    log_error ("error writing key: %s\n", gpg_strerror (err));
+    {
+      log_error ("error writing key: %s\n", gpg_strerror (err));
+
+      err1 = agent_write_private_key (grip, shdkey, len, 1 /*force*/,
+				      NULL, NULL, NULL, 0);
+      if (err1)
+	{
+	  log_error ("error trying to restore private key: %s\n",
+		     gpg_strerror (err1));
+	}
+    }
+ out_free:
+  gcry_sexp_release (s_pkey);
 
   return err;
+
 }
 
 int
-- 
2.35.3


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20230623/8279a439/attachment.sig>


More information about the Gnupg-devel mailing list