mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
1f995b9ba4
* agent/call-tpm2d.c: New. * divert-tpm2.c: New. * agent/Makefile.am: Add new files. * agent/agent.h (DAEMON_TPM2D): New. Add stub fucntions. * agent/call-daemon.c (GNUPG_MODULE_NAME_TPM2DAEMON): New. * agent/command.c (do_one_keyinfo): Handle tpmv2. * agent/gpg-agent.c (oTpm2daemonProgram): New. (opts): New option --tpm2daemon-program. (parse_rereadable_options): Handle option. * agent/pkdecrypt.c (agent_pkdecrypt): Divert to tpm2d. (agent_pksign_do): Ditto. --- A new shadow key type: "tpm2-v1" is introduced signalling that the shadowed key is handled by the tpm2daemon. A function to identify this type is introduced and diversions to the tpm2daemon functions are conditioned on this function for pkign and pkdecrypt where the same diversions to scd are currently done. The (info) field of the shadowed key stores the actual TPM key. The TPM key is encrypted so only the physical TPM it was created on can read it (so no special protection is required for the info filed), but if the (info) field becomes corrupt or damaged, the key will be lost (unlike the token case, where the key is actually moved inside the token). Note, this commit adds handling for existing TPM format shadow keys, but there is still no way to create them. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Additional changes: * Add ChangeLog entries. * Some minor indentation fixes. * agent/Makefile.am (gpg_agent_SOURCES): Change to make distcheck work. * agent/agent.h [!HAVE_LIBTSS]: Do not return -EINVAL but an gpg_error_t. Mark args as unused. * agent/protect.c (agent_is_tpm2_key): Free BUF. Signed-off-by: Werner Koch <wk@gnupg.org>
124 lines
3.1 KiB
Makefile
124 lines
3.1 KiB
Makefile
# Copyright (C) 2001, 2003, 2004, 2005 Free Software Foundation, Inc.
|
|
#
|
|
# This file is part of GnuPG.
|
|
#
|
|
# GnuPG is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# GnuPG is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, see <https://www.gnu.org/licenses/>.
|
|
|
|
## Process this file with automake to produce Makefile.in
|
|
|
|
bin_PROGRAMS = gpg-agent
|
|
libexec_PROGRAMS = gpg-protect-tool
|
|
if !HAVE_W32CE_SYSTEM
|
|
# fixme: Do no use simple-pwquery for preset-passphrase.
|
|
libexec_PROGRAMS += gpg-preset-passphrase
|
|
endif
|
|
noinst_PROGRAMS = $(TESTS)
|
|
|
|
EXTRA_DIST = ChangeLog-2011 gpg-agent-w32info.rc all-tests.scm
|
|
|
|
|
|
AM_CPPFLAGS =
|
|
|
|
include $(top_srcdir)/am/cmacros.am
|
|
|
|
if HAVE_W32_SYSTEM
|
|
resource_objs += gpg-agent-w32info.o
|
|
endif
|
|
|
|
AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
|
|
|
|
if HAVE_LIBTSS
|
|
tpm2_sources = divert-tpm2.c call-tpm2d.c
|
|
else
|
|
tpm2_sources =
|
|
endif
|
|
|
|
gpg_agent_SOURCES = \
|
|
gpg-agent.c agent.h \
|
|
command.c command-ssh.c \
|
|
call-pinentry.c \
|
|
cache.c \
|
|
trans.c \
|
|
findkey.c \
|
|
sexp-secret.c \
|
|
pksign.c \
|
|
pkdecrypt.c \
|
|
genkey.c \
|
|
protect.c \
|
|
trustlist.c \
|
|
divert-scd.c \
|
|
cvt-openpgp.c cvt-openpgp.h \
|
|
call-scd.c \
|
|
call-daemon.c \
|
|
$(tpm2_sources) \
|
|
learncard.c
|
|
|
|
common_libs = $(libcommon)
|
|
commonpth_libs = $(libcommonpth)
|
|
if HAVE_W32CE_SYSTEM
|
|
pwquery_libs =
|
|
else
|
|
pwquery_libs = ../common/libsimple-pwquery.a
|
|
endif
|
|
|
|
|
|
gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) \
|
|
$(INCICONV)
|
|
gpg_agent_LDADD = $(commonpth_libs) \
|
|
$(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \
|
|
$(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV) \
|
|
$(resource_objs)
|
|
gpg_agent_LDFLAGS = $(extra_bin_ldflags)
|
|
gpg_agent_DEPENDENCIES = $(resource_objs)
|
|
|
|
gpg_protect_tool_SOURCES = \
|
|
protect-tool.c \
|
|
sexp-secret.c \
|
|
protect.c cvt-openpgp.c
|
|
|
|
gpg_protect_tool_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) \
|
|
$(INCICONV)
|
|
gpg_protect_tool_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) \
|
|
$(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV)
|
|
|
|
gpg_preset_passphrase_SOURCES = \
|
|
preset-passphrase.c
|
|
|
|
# Needs $(NETLIBS) for libsimple-pwquery.la.
|
|
gpg_preset_passphrase_LDADD = \
|
|
$(pwquery_libs) $(common_libs) $(LIBASSUAN_LIBS) \
|
|
$(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV)
|
|
|
|
|
|
# Make sure that all libs are build before we use them. This is
|
|
# important for things like make -j2.
|
|
$(PROGRAMS): $(common_libs) $(commonpth_libs) $(pwquery_libs)
|
|
|
|
|
|
|
|
#
|
|
# Module tests
|
|
#
|
|
if DISABLE_TESTS
|
|
TESTS =
|
|
else
|
|
TESTS = t-protect
|
|
endif
|
|
|
|
t_common_ldadd = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
|
|
$(LIBINTL) $(LIBICONV) $(NETLIBS)
|
|
|
|
t_protect_SOURCES = t-protect.c protect.c
|
|
t_protect_LDADD = $(t_common_ldadd)
|