1 #include <config.h>
2 #include <errno.h>
3 #include <stdio.h>
4 #include <stdlib.h>
5 #include <string.h>
6 #include <ctype.h>
7 #include <assert.h>
8 #include <unistd.h>
9
10 #include "agent.h"
11 #include <assuan.h>
12 #include "../common/strlist.h"
13 #include "../common/sexp-parse.h"
14 #include "../common/i18n.h"
15
16 static int
start_tpm2d(ctrl_t ctrl)17 start_tpm2d (ctrl_t ctrl)
18 {
19 return daemon_start (DAEMON_TPM2D, ctrl);
20 }
21
22 static int
unlock_tpm2d(ctrl_t ctrl,gpg_error_t err)23 unlock_tpm2d (ctrl_t ctrl, gpg_error_t err)
24 {
25 return daemon_unlock (DAEMON_TPM2D, ctrl, err);
26 }
27
28 static assuan_context_t
daemon_ctx(ctrl_t ctrl)29 daemon_ctx (ctrl_t ctrl)
30 {
31 return daemon_type_ctx (DAEMON_TPM2D, ctrl);
32 }
33
34 struct inq_parm_s {
35 assuan_context_t ctx;
36 gpg_error_t (*getpin_cb)(ctrl_t, const char *, char **);
37 ctrl_t ctrl;
38 /* The next fields are used by inq_keydata. */
39 const unsigned char *keydata;
40 size_t keydatalen;
41 /* following only used by inq_extra */
42 const unsigned char *extra;
43 size_t extralen;
44 char *pin;
45 };
46
47 static gpg_error_t
inq_needpin(void * opaque,const char * line)48 inq_needpin (void *opaque, const char *line)
49 {
50 struct inq_parm_s *parm = opaque;
51 char *pin = NULL;
52 gpg_error_t rc;
53 const char *s;
54
55 if ((s = has_leading_keyword (line, "NEEDPIN")))
56 {
57 rc = parm->getpin_cb (parm->ctrl, s, &pin);
58 if (!rc)
59 rc = assuan_send_data (parm->ctx, pin, strlen(pin));
60 parm->pin = pin;
61 }
62 else
63 {
64 log_error ("unsupported inquiry '%s'\n", line);
65 rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
66 }
67
68 return rc;
69 }
70
71 static gpg_error_t
inq_keydata(void * opaque,const char * line)72 inq_keydata (void *opaque, const char *line)
73 {
74 struct inq_parm_s *parm = opaque;
75
76 if (has_leading_keyword (line, "KEYDATA"))
77 return assuan_send_data (parm->ctx, parm->keydata, parm->keydatalen);
78 else
79 return inq_needpin (opaque, line);
80 }
81
82 static gpg_error_t
inq_extra(void * opaque,const char * line)83 inq_extra (void *opaque, const char *line)
84 {
85 struct inq_parm_s *parm = opaque;
86
87 if (has_leading_keyword (line, "EXTRA"))
88 return assuan_send_data (parm->ctx, parm->extra, parm->extralen);
89 else
90 return inq_keydata (opaque, line);
91 }
92
93 int
agent_tpm2d_writekey(ctrl_t ctrl,unsigned char ** shadow_info,gcry_sexp_t s_skey)94 agent_tpm2d_writekey (ctrl_t ctrl, unsigned char **shadow_info,
95 gcry_sexp_t s_skey)
96 {
97 int rc;
98 char line[ASSUAN_LINELENGTH];
99 size_t n;
100 unsigned char *kbuf;
101 membuf_t data;
102 struct inq_parm_s inqparm;
103 size_t len;
104
105 rc = start_tpm2d (ctrl);
106 if (rc)
107 return rc;
108
109 /* note: returned data is TPM protected so no need for a sensitive context */
110 init_membuf(&data, 4096);
111
112 inqparm.ctx = daemon_ctx (ctrl);
113 inqparm.getpin_cb = agent_ask_new_passphrase;
114 inqparm.ctrl = ctrl;
115 inqparm.pin = NULL;
116
117 n = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0);
118 kbuf = xtrymalloc (n);
119 gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, kbuf, n);
120 inqparm.keydata = kbuf;
121 inqparm.keydatalen = n;
122 snprintf(line, sizeof(line), "IMPORT");
123
124 rc = assuan_transact (daemon_ctx (ctrl), line,
125 put_membuf_cb, &data,
126 inq_keydata, &inqparm,
127 NULL, NULL);
128 xfree (kbuf);
129 xfree (inqparm.pin);
130 if (rc)
131 {
132 xfree (get_membuf (&data, &len));
133 return unlock_tpm2d (ctrl, rc);
134 }
135
136 *shadow_info = get_membuf (&data, &len);
137
138 return unlock_tpm2d (ctrl, 0);
139 }
140
141 static gpg_error_t
pin_cb(ctrl_t ctrl,const char * prompt,char ** passphrase)142 pin_cb (ctrl_t ctrl, const char *prompt, char **passphrase)
143 {
144 *passphrase = agent_get_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER);
145 if (*passphrase)
146 return 0;
147 return agent_get_passphrase(ctrl, passphrase,
148 _("Please enter your passphrase, so that the "
149 "secret key can be unlocked for this session"),
150 prompt, NULL, 0,
151 ctrl->keygrip, CACHE_MODE_USER, NULL);
152 }
153
154 int
agent_tpm2d_pksign(ctrl_t ctrl,const unsigned char * digest,size_t digestlen,const unsigned char * shadow_info,unsigned char ** r_sig,size_t * r_siglen)155 agent_tpm2d_pksign (ctrl_t ctrl, const unsigned char *digest,
156 size_t digestlen, const unsigned char *shadow_info,
157 unsigned char **r_sig, size_t *r_siglen)
158 {
159 int rc;
160 char line[ASSUAN_LINELENGTH];
161 membuf_t data;
162 struct inq_parm_s inqparm;
163
164 rc = start_tpm2d (ctrl);
165 if (rc)
166 return rc;
167
168 init_membuf (&data, 1024);
169
170 inqparm.ctx = daemon_ctx (ctrl);
171 inqparm.getpin_cb = pin_cb;
172 inqparm.ctrl = ctrl;
173 inqparm.keydata = shadow_info;
174 inqparm.keydatalen = gcry_sexp_canon_len (shadow_info, 0, NULL, NULL);
175 inqparm.extra = digest;
176 inqparm.extralen = digestlen;
177 inqparm.pin = NULL;
178
179 snprintf(line, sizeof(line), "PKSIGN");
180
181 rc = assuan_transact (daemon_ctx (ctrl), line,
182 put_membuf_cb, &data,
183 inq_extra, &inqparm,
184 NULL, NULL);
185 if (!rc)
186 agent_put_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER, inqparm.pin, 0);
187
188 xfree (inqparm.pin);
189
190 if (rc)
191 {
192 size_t len;
193 xfree (get_membuf (&data, &len));
194 return unlock_tpm2d (ctrl, rc);
195 }
196
197 *r_sig = get_membuf (&data, r_siglen);
198
199 return unlock_tpm2d (ctrl, 0);
200 }
201
202 int
agent_tpm2d_pkdecrypt(ctrl_t ctrl,const unsigned char * cipher,size_t cipherlen,const unsigned char * shadow_info,char ** r_buf,size_t * r_len)203 agent_tpm2d_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher,
204 size_t cipherlen, const unsigned char *shadow_info,
205 char **r_buf, size_t *r_len)
206 {
207 int rc;
208 char line[ASSUAN_LINELENGTH];
209 membuf_t data;
210 struct inq_parm_s inqparm;
211
212 rc = start_tpm2d (ctrl);
213 if (rc)
214 return rc;
215
216 init_membuf (&data, 1024);
217
218 inqparm.ctx = daemon_ctx (ctrl);
219 inqparm.getpin_cb = pin_cb;
220 inqparm.ctrl = ctrl;
221 inqparm.keydata = shadow_info;
222 inqparm.keydatalen = gcry_sexp_canon_len (shadow_info, 0, NULL, NULL);
223 inqparm.extra = cipher;
224 inqparm.extralen = cipherlen;
225 inqparm.pin = NULL;
226
227 snprintf(line, sizeof(line), "PKDECRYPT");
228
229 rc = assuan_transact (daemon_ctx (ctrl), line,
230 put_membuf_cb, &data,
231 inq_extra, &inqparm,
232 NULL, NULL);
233 if (!rc)
234 agent_put_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER, inqparm.pin, 0);
235
236 xfree (inqparm.pin);
237
238 if (rc)
239 {
240 size_t len;
241 xfree (get_membuf (&data, &len));
242 return unlock_tpm2d (ctrl, rc);
243 }
244
245 *r_buf = get_membuf (&data, r_len);
246
247 return unlock_tpm2d (ctrl, 0);
248 }
249