* configure.ac: New option --with-tss to force the use of a
specific TSS library.
--
While most systems will probably have only one of the two TPM
libraries that we support (the IBM TSS or the Intel TSS), it
would still be helpful to allow which one to use in the event
that both are detected, instead of always using the IBM one.
This patch does that by adding a --with-tss=TSS configure-time
option, where TSS can be "ibm", "intel", or "autodetect". The
default value is "autodetect", which triggers the original
behavior (i.e. try to detect both libraries, and prefer the IBM
one if both are found).
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* configure.ac (min_automake_version): Bump to 1.16.3
--
This version has the now needed support for
- new variable AM_DISTCHECK_DVI_TARGET, to allow overriding the
"make dvi" that is done as part of distcheck.
* configure.ac (TEST_LIBTSS): Make that conditional depend on the
detection of tssstartup.
--
While the tpm2d daemon can use either the Intel TSS or the IBM TSS,
the test code (specifically, the start_sw_tpm.sh script) requires
some tools from the IBM TSS (tssstartup and tsspowerup).
If a software TPM is detected at configure time but the IBM TSS
tools are absent (e.g. because only the Intel TSS is available on
the system), `make check` will attempt to run the tpm2d tests and
those will fail when the start_sw_tpm.sh script is launched.
This patch makes running the tpm2d tests dependent not only on
the detection of a software TPM, but also on the detection of
tssstartup (it is probably safe to assume that if tssstartup is
present, then tsspowerup is available as well).
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* configure.ac: Check for Intel TSS.
* tpm2d/intel-tss.h: New.
* tpm2d/tpm2.h (HAVE_INTEL_TSS): Use the Intel code.
--
The Intel TSS is somewhat of a moving target, so this wraps support
for this TSS into tpm2daemon. Unfortunately this wrapper uses some
APIs that are only present in a relatively recent Intel TSS, so it
looks like it will only work with version 2.4.0 or higher.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
- Add header blurb; see previous patch.
- Add new file to the Makefile
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Detect TPM emulator and enable tests.
* tests/tpm2dtests/: New test suite.
* tests/Makefile.am: Run tests.
--
Add a set of tests that exercise tpm2daemon handling of keys and
verify compatibility with non-tpm based keys.
Running this test infrastructure requires a tpm emulator, which is
tested for during configuration. If an emulator is not found, the
tests won't be run since they require the presence of a TPM (although
the TPM handling code will still be built).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
- Fixed tests/Makefile.am for make distcheck.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tpm2d: New directory.
* Makefile.am (SUBDIRS): Add directory.
* configure.ac: Detect libtss and decide whether to build tpm2d.
* am/cmacros.am: Add a define.
* util.h (GNUPG_MODULE_NAME_TPM2DAEMON): New.
* common/homedir.c (gnupg_module_name): Add tpm2d.
* common/mapstrings.c (macros): Add "TPM2DAEMON".
* tools/gpgconf.h (GC_COMPONENT_TPM2DAEMON): New.
* tools/gpgconf-comp.c (known_options_tpm2daemon): New.
(gc_component): Add TPM2.
(tpm2daemon_runtime_change): New.
* tpm2d/Makefile.am: New.
* tpm2d/command.c: New.
* tpm2d/ibm-tss.h: New.
* tpm2d/tpm2.c: New.
* tpm2d/tpm2.h: New.
* tpm2d/tpm2daemon.c: New.
* tpm2d/tpm2daemon.h: New.
---
This commit adds and plumbs in a tpm2daemon to the build to mirror the
operation of scdaemon. The architecture of the code is that
tpm2daemon.c itself is pretty much a clone of scd/scdaemon.c just with
updated function prefixes (this argues there could be some further
consolidation of the daemon handling code). Note that although this
commit causes the daemon to be built and installed, nothing actually
starts it or uses it yet.
Command handling
----------------
command.c is copied from the command handler in scd.c except that the
command implementation is now done in terms of tpm2 commands and the
wire protocol is far simpler. The tpm2daemon only responds to 4
commands
IMPORT: import a standard s-expression private key and export it to
TPM2 format. This conversion cannot be undone and the
private key now can *only* be used by the TPM2. To anyone
who gets hold of the private key now, it's just an
encrypted binary blob.
PKSIGN: create a signature from the tpm2 key. The TPM2 form private
key is retrieved by KEYDATA and the hash to be signed by
EXTRA. Note there is no hash specifier because the tpm2
tss deduces the hash type from the length of the EXTRA
data. This is actually a limitation of the tpm2 command
API and it will be interesting to see how this fares if the
tpm2 ever supports say sha3-256 hashes.
PKDECRYPT: decrypt (RSA case) or derive (ECC case) a symmetric key.
The tpm2 for private key is retrieved by KEYDATA and the
information used to create the symmetric key by EXTRA.
KILLTPM2D: stop the daemon
All the tpm2 primitives used by command.c are in tpm2.h and all the
tpm2 specific gunk is confined to tpm2.c, which is the only piece of
this that actually does calls into the tss library.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Changes from James' patch:
- gpgconf: The displayed name is "TPM" and not "TPM2". That
string is used by GUIs and should be something the user
understands. For example we also use "network" instead
of "Dirmngr".
- Removed some commented includes.
- Use 16 as emulation of GPG_ERR_SOURCE_TPM2.
- Silenced a C90 compiler warning and flags unused parameters.
- Removed "if HAVE_LIBS" from tpm2/Makefile.am and add missing
files so that make distcheck works.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
Requiring 3.28 had the problem that for example Debin distributes a
3.27 with backported fixes. There is no 3.28. So we relax this
again.
Fixes-commit: d763548f2e00726a40ec886c8179c07bf4e6e664
* configure.ac (HAVE_NEWER_LIBGCRYPT): Remove conditional.
* tools/Makefile.am (gpg_pair_tool_SOURCES): We build it always.
--
This is because we require libgcrypt 1.9 anyway.
* build-aux/speedo.mk: Update from 2.2. Add target w32-msi-release.
* build-aux/speedo/w32/inst.nsi: Fix location of doc files.
* build-aux/speedo/w32/wixlib.wxs: Add gpg-card and fix a wrong name.
* Makefile.am (release): Support a WITH_MSI variable.
(wixlibfile): Improve copying to archive.
(release): Use AMTAR instead of TAR.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (NEED_GPG_ERROR_VERSION): Rename to NEED_GPGRT_VERSION
and set to 1.41.
* common/sysutils.c (gnupg_access): Remove code for older gpgrt
versions.
* kbx/backend-sqlite.c: Ditto.
* sm/gpgsm.c (main): Ditto.
--
We already have a requirement for a newer Libgcrypt and thus we can
also require a more recent libgpgrt (aka libgpg-error) which was
released before Libgcrypt.
* tools/symcryptrun.c: Remove.
* tools/Makefile.am: Ditto.
* doc/tools.texi: Remove man page.
* configure.ac: Remove build option and tests used only by this tool.
* Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Do not build
symcryptrun.
--
symcryptrun is too ancient to be of any use and has not been tested in
many years. Thus we should not distribute it anymore.
* configure.ac: Require at least Libgcrypt 1.9.0. Remove all
GCRYPT_VERSION_NUMBER dependent code.
--
Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in
RFC4880bis.
Signed-off-by: Werner Koch <wk@gnupg.org>
* acinclude.m4 (GNUPG_CHECK_ENDIAN): Use AC_COMPILE_IFELSE instead of
AC_TRY_COMPILE. Use AC_RUN_IFELSE instead of AC_TRY_RUN.
(GNUPG_BUILD_PROGRAM): Use AS_HELP_STRING instead of AC_HELP_STRING.
* configure.ac: Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE.
Use AS_HELP_STRING instead of AC_HELP_STRING.
(AC_ISC_POSIX): Replace by AC_SEARCH_LIBS.
(AC_TYPE_SIGNAL): Remove.
* m4/isc-posix.m4: Remove.
* m4/codeset.m4: Update from gnulib.
* m4/gettext.m4: Update from gnulib.
* m4/lcmessage.m4: Update from gnulib.
* m4/socklen.m4: Update from gnulib.
* m4/ldap.m4: Use AS_HELP_STRING instead of AC_HELP_STRING.
Use AC_LINK_IFELSE instead of AC_TRY_LINK.
Use AC_RUN_IFELSE instead of AC_TRY_RUN.
* m4/gpg-error.m4: Update from libgpg-error.
* m4/readline.m4: Update from libgpg-error.
* m4/npth.m4: Update from npth.
* m4/libassuan.m4: Update from libassuan.
* m4/libgcrypt.m4: Update from libgcrypt.
* m4/ksba.m4: Update from libksba.
* m4/ntbtls.m4: Update from ntbtls.
* common/signal.c [!HAVE_DOSISH_SYSTEM] (init_one_signal): Replace
RETSIGTYPE to void.
[!HAVE_DOSISH_SYSTEM] (got_fatal_signal, got_usr_signal): Likewise.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/gpg.c (main): Re-add permission checking of the user config
file. Re-add code to check against the SE-Linux secured file list.
(get_default_configname): Remove unused func.
* configure.ac (SAFE_VERSION, SAFE_VERSION_DOT)
(SAFE_VERSION_DASH): Remove.
--
Die to the switch to the new option parser, the permissions were not
anymore checked. This patch fixes this. Note that there there is no
checking for the global config file because that file is not expected
to be user modifiable.
This patch also adds checking against the list of SE-linux secured
files. However, like in the old code the checking does not work in
practise because the to be checked files are added to the the list
only after option parsing. Tested using temporary debug code.
The SAFE_VERSION macros were used for RISC OS, which is not anymore
supported, and only in the now removed get_default_configname. There
purpose was that a RISC OS could use a modified config.h here.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h: Remove argparse.h.
* common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
argparse.h. Do this also for all main modules which use our option
parser except for gpg. Replace calls to strusage by calls to
gpgrt_strusage everywhere.
* g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and
oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
(main): Change type of pargs to gpgrt_argparse_t. Rework the option
parser to make use of the new gpgrt_argparser.
--
This is not yet finished but a make check works. gpg has the most
complex and oldest option handling and thus this is the first
migration target. SE-Linux checks and version-ed config files are
missing and will be added later.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Add option --dsiable-keyboxd
* kbx/Makefile.am: Do not build keyboxd in that case.
--
This is useful to build a minimal version of gpgv.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Do not build dirmngr if no TLS is available.
* dirmngr/http.c: Remove all uses of the USE_TLS macro.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (USE_LDAPWRAPPER): Remove ac_define and conditional.
* dirmngr/Makefile.am: Remove USE_LDAPWRAPPER and considere true.
* dirmngr/ldap-wrapper-ce.c: Remove.
* dirmngr/ldap-wrapper.c: Remove USE_LDAPWRAPPER stuff. Minor chnages
to debug output.
* dirmngr/dirmngr_ldap.c: Remove USE_LDAPWRAPPER stuff. Remove
my_ldap macros.
(fetch_ldap) [W32]: Use ldap_sslinit.
--
Note that the ldap_sslinit stuff for Windows has not been tested.
This patch removes the whole wrapper-but-linked business because we do
not need it anymore. WindowsCE for which we used it is pretty dead.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
Resolved Conflicts:
* common/asshelp.c: Keep the new code in master for spawing under
Windows.
* g10/Makefile.am: Keep all new file.
* g10/photoid.c: Pass CTRL to pct_expando.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: New option --keyboxd-pgm.
(KEYBOXD_NAME, KEYBOXD_DISP_NAME): New ac_defines.
* common/util.h: Add substitutes for new error codes.
(GNUPG_MODULE_NAME_KEYBOXD): New.
* common/homedir.c (gnupg_module_name): Support
GNUPG_MODULE_NAME_KEYBOXD.
* common/asshelp.c (SECS_TO_WAIT_FOR_KEYBOXD): New.
(wait_for_sock): Support keyboxd.
(start_new_service): Ditto.
(start_new_keyboxd): New.
* tools/gpg-connect-agent.c: New options --keyboxd and
--keyboxd-program.
(start_agent): Implement new option.
--
This change allows us to test the new keyboxd using our standard
helper. It also provides the necessary code to start keyboxd on the
fly.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (AC_CHECK_SIZEOF): Test size_t.
* g10/sig-check.c (check_signature_end_simple): Support v5 signatures
as per current rfc4880bis. For correctness also allow for N > 2^32.
* g10/sign.c (pt_extra_hash_data_t): New.
(hash_sigversion_to_magic): New arg EXTRAHASH.
(write_plaintext_packet): New arg R_EXTRAHASH.
(write_signature_packets): Pass EXTRAHASH.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
--
Take care: The code path for v5 sigs has not yet been tested.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/mischelp.h (wipememory): Replace macro with function
prototype.
(wipememory2): Remove.
* common/mischelp.c (wipememory): New.
* configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero'.
--
In new wipememory function, memory is cleared through platform
provided secure memory zeroing function, SecureZeroMemory
or explicit_bzero.
If none of these is available, memset is called through
volatile function pointer to so that compiler won't optimize
away the call.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* tools/gpg-zip.in: Remove.
* m4/tar-ustar.m4: Remove.
--
Note that the script was even not anymore installed. See also
GnuPG-bug-id: 4252
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (GNUPG_CACHE_DIR): New const.
* tools/Makefile.am (libexec_PROGRAMS): Add gpg-pair-tool.
(gpg_pair_tool_SOURCES, gpg_pair_tool_CFLAGS)
(gpg_pair_tool_LDADD): New.
* tools/gpg-pair-tool.c: New.
--
This is a first try on a protocol to pair two devices so that they can
agree on a shared secret to exchange secret keys. The idea is that if
you want to sync your secret keys to another machine (e.g. from
desktop to mobile) you have physical access to both devices and thus a
pairing protocol allows to authenitcate the connection using a short
string. See the source for a protocol description.
How to test:
$ gpg-pair-tool -va --homedir . --initiate >msg.commit
$ gpg-pair-tool -va --homedir 2ndhome --respond \
<msg.commit >msg.dhpart1
$ gpg-pair-tool -va --homedir . --respond \
<msg.dhpart1 >msg.dhpart2
$ gpg-pair-tool -va --homedir 2ndhome --respond \
<msg.dhpart2 >msg.confirm
Now set the SAS as printed by the responder into SAS and run
$ gpg-pair-tool -va --homedir . --respond --sas $SAS <msg.confirm
Storing the secret on disk is obviously not the right thing to do.
With the new PUT_SECRET and GET_SECRET commands of gpg-agent we can
change this to store it all in gpg-agent instead. This will make it
also easier for gpg to access the secret and we won't need an option
to return it from gpg-pair-tool. Thus gpg-pair-tool can be dedicated
to run the protocol and maybe to popup info dialogs.
Adding a second expiration time for running the protocol in addition
to the expiration of the secret is probably a better idea than just
that simple catch-all TTL.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (AC_CHECK_FUNCS): Fold most calls into one.
--
A few functions were tested two times which slightly increases the size
of the configure script. Also put the functions in sorted order into
the macro.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (NAME_OF_SENDMAIL): New ac_define.
* tools/send-mail.c (run_sendmail): Use it.
--
We used to ac_subst the SENDMAIL in the old keyserver via mail script.
We cab reuse this to avoid a fixed name for sendmail in the
send-mail.c helper.
Signed-off-by: Werner Koch <wk@gnupg.org>