build: Make TPM2 support conditional tpm-work
authorJames Bottomley <James.Bottomley@HansenPartnership.com>
Tue, 6 Mar 2018 23:02:43 +0000 (15:02 -0800)
committerWerner Koch <wk@gnupg.org>
Mon, 12 Mar 2018 09:06:44 +0000 (10:06 +0100)
* configure.ac (HAVE_LIBTSS): New acdefine and am_conditional.
* agent/Makefile.am: (gpg_agent_SOURCES): Move tpm files to ...
(gpg_agent_SOURCES) [HAVE_LIBTSS]: ... here.
* agent/agent.h (divert_tpm2_pksign, divert_tpm2_pkdecrypt)
(divert_tpm2_writekey) [!HAVE_LIBTSS]: Add stub functions.

--
This adds a configure stanza to check for the necessary libtss to
support TPM functions.  If found, the library functions will be
dynamically loaded, meaning that a system built with TPM2 support will
still execute correctly (obviously minus TPM2 support) if installed
without libtss being present.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
agent/Makefile.am
agent/agent.h
configure.ac

index 4fe74f5..3abdde4 100644 (file)
@@ -51,12 +51,15 @@ gpg_agent_SOURCES = \
        protect.c \
        trustlist.c \
        divert-scd.c \
-       divert-tpm2.c \
-       tpm2.c tpm2.h \
        cvt-openpgp.c cvt-openpgp.h \
        call-scd.c \
        learncard.c
 
+if HAVE_LIBTSS
+gpg_agent_SOURCES += tpm2.c tpm2.h \
+       divert-tpm2.c
+endif
+
 common_libs = $(libcommon)
 commonpth_libs = $(libcommonpth)
 if HAVE_W32CE_SYSTEM
index 7a77eb6..67e82b7 100644 (file)
@@ -535,6 +535,7 @@ gpg_error_t agent_marktrusted (ctrl_t ctrl, const char *name,
 void agent_reload_trustlist (void);
 
 /*-- divert-tpm2.c --*/
+#ifdef HAVE_LIBTSS
 int divert_tpm2_pksign (ctrl_t ctrl, const char *desc_text,
                         const unsigned char *digest, size_t digestlen, int algo,
                         const unsigned char *shadow_info, unsigned char **r_sig,
@@ -545,6 +546,31 @@ int divert_tpm2_pkdecrypt (ctrl_t ctrl, const char *desc_text,
                            char **r_buf, size_t *r_len, int *r_padding);
 int divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip,
                           gcry_sexp_t s_skey);
+#else
+static inline int divert_tpm2_pksign (ctrl_t ctrl, const char *desc_text,
+                                     const unsigned char *digest,
+                                     size_t digestlen, int algo,
+                                     const unsigned char *shadow_info,
+                                     unsigned char **r_sig,
+                                     size_t *r_siglen)
+{
+  return -EINVAL;
+}
+static inline int divert_tpm2_pkdecrypt (ctrl_t ctrl, const char *desc_text,
+                                        const unsigned char *cipher,
+                                        const unsigned char *shadow_info,
+                                        char **r_buf, size_t *r_len,
+                                        int *r_padding)
+{
+  return -EINVAL;
+}
+static inline int divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip,
+                                       gcry_sexp_t s_skey)
+{
+  return -EINVAL;
+}
+#endif
+
 
 
 /*-- divert-scd.c --*/
index 9dd9230..fe1078a 100644 (file)
@@ -100,6 +100,7 @@ have_gnutls=no
 have_sqlite=no
 have_npth=no
 have_libusb=no
+have_libtss=no
 have_system_resolver=no
 gnupg_have_ldap="n/a"
 
@@ -1590,6 +1591,15 @@ AC_SUBST(NETLIBS)
 AC_SUBST(W32SOCKLIBS)
 
 #
+# TPM libtss library .. don't compile TPM support if we don't have it
+#
+AC_CHECK_LIB(tss, TSS_Create, [have_libtss=yes])
+if test "$have_libtss" = yes; then
+   AC_DEFINE(HAVE_LIBTSS, 1, [Defined if we have TPM2 support library])
+fi
+AM_CONDITIONAL(HAVE_LIBTSS, test "$have_libtss" = yes)
+
+#
 # Setup gcc specific options
 #
 USE_C99_CFLAGS=
@@ -2072,6 +2082,7 @@ echo "
         TLS support:         $use_tls_library
         TOFU support:        $use_tofu
         Tor support:         $show_tor_support
+        TPM support:         $have_libtss
 "
 if test x"$use_regex" != xyes ; then
 echo "