Made TSS implementation configurable and thereby optional
This commit is contained in:
Tobias Brunner
parent
d425f30e80
commit
44566c2238
|
|
@ -44,6 +44,7 @@ ARG_WITH_SUBST([routing-table], [220], [set routing table to use for IPsec
|
|||
ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table])
|
||||
ARG_WITH_SUBST([ipsec-script], [ipsec], [change the name of the ipsec script])
|
||||
|
||||
ARG_WITH_SET([tss], [no], [set implementation of the Trusted Computing Group's Software Stack (TSS). Currently the only supported value is "trousers"])
|
||||
ARG_WITH_SET([capabilities], [no], [set capability dropping library. Currently supported values are "libcap" and "native"])
|
||||
ARG_WITH_SET([mpz_powm_sec], [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available])
|
||||
ARG_WITH_SET([dev-headers], [no], [install strongSwan development headers to directory.])
|
||||
|
|
@ -630,7 +631,7 @@ if test x$axis2c = xtrue; then
|
|||
AC_SUBST(axis2c_LIBS)
|
||||
fi
|
||||
|
||||
if test x$imc_attestation = xtrue -o x$imv_attestation = xtrue; then
|
||||
if test x$tss = xtrousers; then
|
||||
AC_HAVE_LIBRARY([tspi],[LIBS="$LIBS"],[AC_MSG_ERROR([TrouSerS library libtspi not found])])
|
||||
AC_CHECK_HEADER([trousers/tss.h],,[AC_MSG_ERROR([TrouSerS header trousers/tss.h not found!])])
|
||||
fi
|
||||
|
|
@ -1133,6 +1134,7 @@ AM_CONDITIONAL(USE_TLS, test x$tls = xtrue)
|
|||
AM_CONDITIONAL(USE_RADIUS, test x$radius = xtrue)
|
||||
AM_CONDITIONAL(USE_IMCV, test x$imcv = xtrue)
|
||||
AM_CONDITIONAL(USE_PTS, test x$pts = xtrue)
|
||||
AM_CONDITIONAL(USE_TROUSERS, test x$tss = xtrousers)
|
||||
AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue)
|
||||
|
||||
dnl ==============================
|
||||
|
|
|
|||
|
|
@ -3,7 +3,11 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libimcv
|
|||
|
||||
ipseclib_LTLIBRARIES = libpts.la
|
||||
|
||||
libpts_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la -ltspi
|
||||
libpts_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la
|
||||
|
||||
if USE_TROUSERS
|
||||
libpts_la_LIBADD += -ltspi
|
||||
endif
|
||||
|
||||
libpts_la_SOURCES = \
|
||||
libpts.h libpts.c \
|
||||
|
|
@ -47,7 +51,7 @@ libpts_la_SOURCES = \
|
|||
tcg/tcg_pts_attr_file_meas.h tcg/tcg_pts_attr_file_meas.c \
|
||||
tcg/tcg_pts_attr_req_file_meta.h tcg/tcg_pts_attr_req_file_meta.c \
|
||||
tcg/tcg_pts_attr_unix_file_meta.h tcg/tcg_pts_attr_unix_file_meta.c
|
||||
|
||||
|
||||
SUBDIRS = .
|
||||
|
||||
if USE_IMC_ATTESTATION
|
||||
|
|
|
|||
|
|
@ -20,8 +20,17 @@
|
|||
#include <bio/bio_writer.h>
|
||||
#include <bio/bio_reader.h>
|
||||
|
||||
#ifdef TSS_TROUSERS
|
||||
#include <trousers/tss.h>
|
||||
#include <trousers/trousers.h>
|
||||
#else
|
||||
#ifndef TPM_TAG_QUOTE_INFO2
|
||||
#define TPM_TAG_QUOTE_INFO2 0x0036
|
||||
#endif
|
||||
#ifndef TPM_LOC_ZERO
|
||||
#define TPM_LOC_ZERO 0x01
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
|
|
@ -280,6 +289,8 @@ METHOD(pts_t, calculate_secret, bool,
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
#ifdef TSS_TROUSERS
|
||||
|
||||
/**
|
||||
* Print TPM 1.2 Version Info
|
||||
*/
|
||||
|
|
@ -307,6 +318,15 @@ static void print_tpm_version_info(private_pts_t *this)
|
|||
}
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
static void print_tpm_version_info(private_pts_t *this)
|
||||
{
|
||||
DBG1(DBG_PTS, "unknown TPM version: no TSS implementation available");
|
||||
}
|
||||
|
||||
#endif /* TSS_TROUSERS */
|
||||
|
||||
METHOD(pts_t, get_platform_info, char*,
|
||||
private_pts_t *this)
|
||||
{
|
||||
|
|
@ -611,6 +631,9 @@ METHOD(pts_t, get_metadata, pts_file_meta_t*,
|
|||
return metadata;
|
||||
}
|
||||
|
||||
|
||||
#ifdef TSS_TROUSERS
|
||||
|
||||
METHOD(pts_t, read_pcr, bool,
|
||||
private_pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value)
|
||||
{
|
||||
|
|
@ -862,21 +885,35 @@ err2:
|
|||
|
||||
err1:
|
||||
Tspi_Context_Close(hContext);
|
||||
|
||||
if (!success)
|
||||
{
|
||||
DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result);
|
||||
}
|
||||
|
||||
return success;
|
||||
}
|
||||
|
||||
METHOD(pts_t, get_pcrs, pts_pcr_t*,
|
||||
private_pts_t *this)
|
||||
#else /* TSS_TROUSERS */
|
||||
|
||||
METHOD(pts_t, read_pcr, bool,
|
||||
private_pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value)
|
||||
{
|
||||
return this->pcrs;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
METHOD(pts_t, extend_pcr, bool,
|
||||
private_pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
METHOD(pts_t, quote_tpm, bool,
|
||||
private_pts_t *this, bool use_quote2, chunk_t *pcr_comp, chunk_t *quote_sig)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
#endif /* TSS_TROUSERS */
|
||||
|
||||
/**
|
||||
* TPM_QUOTE_INFO structure:
|
||||
* 4 bytes of version
|
||||
|
|
@ -1037,6 +1074,12 @@ METHOD(pts_t, verify_quote_signature, bool,
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(pts_t, get_pcrs, pts_pcr_t*,
|
||||
private_pts_t *this)
|
||||
{
|
||||
return this->pcrs;
|
||||
}
|
||||
|
||||
METHOD(pts_t, destroy, void,
|
||||
private_pts_t *this)
|
||||
{
|
||||
|
|
@ -1052,6 +1095,9 @@ METHOD(pts_t, destroy, void,
|
|||
free(this);
|
||||
}
|
||||
|
||||
|
||||
#ifdef TSS_TROUSERS
|
||||
|
||||
/**
|
||||
* Check for a TPM by querying for TPM Version Info
|
||||
*/
|
||||
|
|
@ -1100,6 +1146,16 @@ static bool has_tpm(private_pts_t *this)
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
#else /* TSS_TROUSERS */
|
||||
|
||||
static bool has_tpm(private_pts_t *this)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
#endif /* TSS_TROUSERS */
|
||||
|
||||
|
||||
/**
|
||||
* See header
|
||||
*/
|
||||
|
|
|
|||
Loading…
Reference in New Issue