Made TSS implementation configurable and thereby optional
authorTobias Brunner <tobias@strongswan.org>
Thu, 8 Nov 2012 18:31:24 +0000 (19:31 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 8 Nov 2012 18:32:41 +0000 (19:32 +0100)
configure.in
src/libpts/Makefile.am
src/libpts/pts/pts.c

index 163a7da..ce09a02 100644 (file)
@@ -44,6 +44,7 @@ ARG_WITH_SUBST([routing-table],      [220], [set routing table to use for IPsec
 ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table])
 ARG_WITH_SUBST([ipsec-script],       [ipsec], [change the name of the ipsec script])
 
+ARG_WITH_SET([tss],                  [no], [set implementation of the Trusted Computing Group's Software Stack (TSS). Currently the only supported value is "trousers"])
 ARG_WITH_SET([capabilities],         [no], [set capability dropping library. Currently supported values are "libcap" and "native"])
 ARG_WITH_SET([mpz_powm_sec],         [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available])
 ARG_WITH_SET([dev-headers],          [no], [install strongSwan development headers to directory.])
@@ -630,7 +631,7 @@ if test x$axis2c = xtrue; then
        AC_SUBST(axis2c_LIBS)
 fi
 
-if test x$imc_attestation = xtrue -o x$imv_attestation = xtrue; then
+if test x$tss = xtrousers; then
        AC_HAVE_LIBRARY([tspi],[LIBS="$LIBS"],[AC_MSG_ERROR([TrouSerS library libtspi not found])])
        AC_CHECK_HEADER([trousers/tss.h],,[AC_MSG_ERROR([TrouSerS header trousers/tss.h not found!])])
 fi
@@ -1133,6 +1134,7 @@ AM_CONDITIONAL(USE_TLS, test x$tls = xtrue)
 AM_CONDITIONAL(USE_RADIUS, test x$radius = xtrue)
 AM_CONDITIONAL(USE_IMCV, test x$imcv = xtrue)
 AM_CONDITIONAL(USE_PTS, test x$pts = xtrue)
+AM_CONDITIONAL(USE_TROUSERS, test x$tss = xtrousers)
 AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue)
 
 dnl ==============================
index 8137493..edf3f74 100644 (file)
@@ -3,7 +3,11 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libimcv
 
 ipseclib_LTLIBRARIES = libpts.la
 
-libpts_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la -ltspi
+libpts_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la
+
+if USE_TROUSERS
+  libpts_la_LIBADD += -ltspi
+endif
 
 libpts_la_SOURCES = \
        libpts.h libpts.c \
@@ -47,7 +51,7 @@ libpts_la_SOURCES = \
        tcg/tcg_pts_attr_file_meas.h tcg/tcg_pts_attr_file_meas.c \
        tcg/tcg_pts_attr_req_file_meta.h tcg/tcg_pts_attr_req_file_meta.c \
        tcg/tcg_pts_attr_unix_file_meta.h tcg/tcg_pts_attr_unix_file_meta.c
-       
+
 SUBDIRS = .
 
 if USE_IMC_ATTESTATION
index d7537b5..509fc41 100644 (file)
 #include <bio/bio_writer.h>
 #include <bio/bio_reader.h>
 
+#ifdef TSS_TROUSERS
 #include <trousers/tss.h>
 #include <trousers/trousers.h>
+#else
+#ifndef TPM_TAG_QUOTE_INFO2
+#define TPM_TAG_QUOTE_INFO2 0x0036
+#endif
+#ifndef TPM_LOC_ZERO
+#define TPM_LOC_ZERO 0x01
+#endif
+#endif
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -280,6 +289,8 @@ METHOD(pts_t, calculate_secret, bool,
        return TRUE;
 }
 
+#ifdef TSS_TROUSERS
+
 /**
  * Print TPM 1.2 Version Info
  */
@@ -307,6 +318,15 @@ static void print_tpm_version_info(private_pts_t *this)
        }
 }
 
+#else
+
+static void print_tpm_version_info(private_pts_t *this)
+{
+       DBG1(DBG_PTS, "unknown TPM version: no TSS implementation available");
+}
+
+#endif /* TSS_TROUSERS */
+
 METHOD(pts_t, get_platform_info, char*,
        private_pts_t *this)
 {
@@ -611,6 +631,9 @@ METHOD(pts_t, get_metadata, pts_file_meta_t*,
        return metadata;
 }
 
+
+#ifdef TSS_TROUSERS
+
 METHOD(pts_t, read_pcr, bool,
        private_pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value)
 {
@@ -862,21 +885,35 @@ err2:
 
 err1:
        Tspi_Context_Close(hContext);
-
        if (!success)
        {
                DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result);
        }
-
        return success;
 }
 
-METHOD(pts_t, get_pcrs, pts_pcr_t*,
-       private_pts_t *this)
+#else /* TSS_TROUSERS */
+
+METHOD(pts_t, read_pcr, bool,
+       private_pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value)
 {
-       return this->pcrs;
+       return FALSE;
+}
+
+METHOD(pts_t, extend_pcr, bool,
+       private_pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output)
+{
+       return FALSE;
 }
 
+METHOD(pts_t, quote_tpm, bool,
+       private_pts_t *this, bool use_quote2, chunk_t *pcr_comp, chunk_t *quote_sig)
+{
+       return FALSE;
+}
+
+#endif /* TSS_TROUSERS */
+
 /**
  * TPM_QUOTE_INFO structure:
  *     4 bytes of version
@@ -1037,6 +1074,12 @@ METHOD(pts_t, verify_quote_signature, bool,
        return TRUE;
 }
 
+METHOD(pts_t, get_pcrs, pts_pcr_t*,
+       private_pts_t *this)
+{
+       return this->pcrs;
+}
+
 METHOD(pts_t, destroy, void,
        private_pts_t *this)
 {
@@ -1052,6 +1095,9 @@ METHOD(pts_t, destroy, void,
        free(this);
 }
 
+
+#ifdef TSS_TROUSERS
+
 /**
  * Check for a TPM by querying for TPM Version Info
  */
@@ -1100,6 +1146,16 @@ static bool has_tpm(private_pts_t *this)
        return FALSE;
 }
 
+#else /* TSS_TROUSERS */
+
+static bool has_tpm(private_pts_t *this)
+{
+       return FALSE;
+}
+
+#endif /* TSS_TROUSERS */
+
+
 /**
  * See header
  */