From 06c0d7f28fa1842f9c52885b142a0d31ba60c8ae Mon Sep 17 00:00:00 2001 From: James Bottomley Date: Tue, 6 Mar 2018 15:02:43 -0800 Subject: [PATCH] build: Make TPM2 support conditional * configure.ac (HAVE_LIBTSS): New acdefine and am_conditional. * agent/Makefile.am: (gpg_agent_SOURCES): Move tpm files to ... (gpg_agent_SOURCES) [HAVE_LIBTSS]: ... here. * agent/agent.h (divert_tpm2_pksign, divert_tpm2_pkdecrypt) (divert_tpm2_writekey) [!HAVE_LIBTSS]: Add stub functions. -- This adds a configure stanza to check for the necessary libtss to support TPM functions. If found, the library functions will be dynamically loaded, meaning that a system built with TPM2 support will still execute correctly (obviously minus TPM2 support) if installed without libtss being present. Signed-off-by: James Bottomley --- agent/Makefile.am | 7 +++++-- agent/agent.h | 26 ++++++++++++++++++++++++++ configure.ac | 11 +++++++++++ 3 files changed, 42 insertions(+), 2 deletions(-) diff --git a/agent/Makefile.am b/agent/Makefile.am index 4fe74f539..3abdde4fc 100644 --- a/agent/Makefile.am +++ b/agent/Makefile.am @@ -51,12 +51,15 @@ gpg_agent_SOURCES = \ protect.c \ trustlist.c \ divert-scd.c \ - divert-tpm2.c \ - tpm2.c tpm2.h \ cvt-openpgp.c cvt-openpgp.h \ call-scd.c \ learncard.c +if HAVE_LIBTSS +gpg_agent_SOURCES += tpm2.c tpm2.h \ + divert-tpm2.c +endif + common_libs = $(libcommon) commonpth_libs = $(libcommonpth) if HAVE_W32CE_SYSTEM diff --git a/agent/agent.h b/agent/agent.h index 7a77eb629..67e82b763 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -535,6 +535,7 @@ gpg_error_t agent_marktrusted (ctrl_t ctrl, const char *name, void agent_reload_trustlist (void); /*-- divert-tpm2.c --*/ +#ifdef HAVE_LIBTSS int divert_tpm2_pksign (ctrl_t ctrl, const char *desc_text, const unsigned char *digest, size_t digestlen, int algo, const unsigned char *shadow_info, unsigned char **r_sig, @@ -545,6 +546,31 @@ int divert_tpm2_pkdecrypt (ctrl_t ctrl, const char *desc_text, char **r_buf, size_t *r_len, int *r_padding); int divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip, gcry_sexp_t s_skey); +#else +static inline int divert_tpm2_pksign (ctrl_t ctrl, const char *desc_text, + const unsigned char *digest, + size_t digestlen, int algo, + const unsigned char *shadow_info, + unsigned char **r_sig, + size_t *r_siglen) +{ + return -EINVAL; +} +static inline int divert_tpm2_pkdecrypt (ctrl_t ctrl, const char *desc_text, + const unsigned char *cipher, + const unsigned char *shadow_info, + char **r_buf, size_t *r_len, + int *r_padding) +{ + return -EINVAL; +} +static inline int divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip, + gcry_sexp_t s_skey) +{ + return -EINVAL; +} +#endif + /*-- divert-scd.c --*/ diff --git a/configure.ac b/configure.ac index 9dd9230c0..fe1078a00 100644 --- a/configure.ac +++ b/configure.ac @@ -100,6 +100,7 @@ have_gnutls=no have_sqlite=no have_npth=no have_libusb=no +have_libtss=no have_system_resolver=no gnupg_have_ldap="n/a" @@ -1589,6 +1590,15 @@ fi AC_SUBST(NETLIBS) AC_SUBST(W32SOCKLIBS) +# +# TPM libtss library .. don't compile TPM support if we don't have it +# +AC_CHECK_LIB(tss, TSS_Create, [have_libtss=yes]) +if test "$have_libtss" = yes; then + AC_DEFINE(HAVE_LIBTSS, 1, [Defined if we have TPM2 support library]) +fi +AM_CONDITIONAL(HAVE_LIBTSS, test "$have_libtss" = yes) + # # Setup gcc specific options # @@ -2072,6 +2082,7 @@ echo " TLS support: $use_tls_library TOFU support: $use_tofu Tor support: $show_tor_support + TPM support: $have_libtss " if test x"$use_regex" != xyes ; then echo "