Hello,
Thank you for your report with detailed explanation.
Kim Hee-Suk wrote:
> GnuPG 2.5.17's tpm2daemon fails to decrypt RSA 4096 pubkey-encrypted
> packets when the encrypted data is exactly 4096 bits. Decryption
> succeeds when the data happens to be 4095 bits. GnuPG 2.4.9 handles
> both cases correctly.
Indeed, this is the regression.
This is due to the fix:
https://dev.gnupg.org/T8045
Possible fix is the following:
==========================
diff --git a/agent/divert-tpm2.c b/agent/divert-tpm2.c
index 5500c07f1..950e1f0fb 100644
--- a/agent/divert-tpm2.c
+++ b/agent/divert-tpm2.c
@@ -138,6 +138,15 @@ divert_tpm2_pkdecrypt (ctrl_t ctrl,
if (!smatch (&s, n, "a"))
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
n = snext (&s);
+ /* NOTE: gpg-agent protocol uses signed integer for RSA (%m in
+ * MPI), where 0x00 is added when the MSB is 1. TPM2 uses
+ * unsigned integer. We need to remove this 0x00, or else
+ * buffer overflow may occur. */
+ if (!*s && (n&1))
+ {
+ s++;
+ n--;
+ }
}
else if (smatch (&s, n, "ecdh"))
{
--
_______________________________________________
Gnupg-devel mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-devel
