tpm2d: Add tpm2daemon code

* tpm2d: New directory.
* Makefile.am (SUBDIRS): Add directory.
* configure.ac: Detect libtss and decide whether to build tpm2d.
* am/cmacros.am: Add a define.
* util.h (GNUPG_MODULE_NAME_TPM2DAEMON): New.
* common/homedir.c (gnupg_module_name): Add tpm2d.
* common/mapstrings.c (macros): Add "TPM2DAEMON".
* tools/gpgconf.h (GC_COMPONENT_TPM2DAEMON): New.
* tools/gpgconf-comp.c (known_options_tpm2daemon): New.
(gc_component): Add TPM2.
(tpm2daemon_runtime_change): New.
* tpm2d/Makefile.am: New.
* tpm2d/command.c: New.
* tpm2d/ibm-tss.h: New.
* tpm2d/tpm2.c: New.
* tpm2d/tpm2.h: New.
* tpm2d/tpm2daemon.c: New.
* tpm2d/tpm2daemon.h: New.

---
This commit adds and plumbs in a tpm2daemon to the build to mirror the
operation of scdaemon.  The architecture of the code is that
tpm2daemon.c itself is pretty much a clone of scd/scdaemon.c just with
updated function prefixes (this argues there could be some further
consolidation of the daemon handling code).  Note that although this
commit causes the daemon to be built and installed, nothing actually
starts it or uses it yet.

Command handling
----------------

command.c is copied from the command handler in scd.c except that the
command implementation is now done in terms of tpm2 commands and the
wire protocol is far simpler.  The tpm2daemon only responds to 4
commands

IMPORT:    import a standard s-expression private key and export it to
           TPM2 format.  This conversion cannot be undone and the
           private key now can *only* be used by the TPM2.  To anyone
           who gets hold of the private key now, it's just an
           encrypted binary blob.

PKSIGN:    create a signature from the tpm2 key.  The TPM2 form private
           key is retrieved by KEYDATA and the hash to be signed by
           EXTRA.  Note there is no hash specifier because the tpm2
           tss deduces the hash type from the length of the EXTRA
           data.  This is actually a limitation of the tpm2 command
           API and it will be interesting to see how this fares if the
           tpm2 ever supports say sha3-256 hashes.

PKDECRYPT: decrypt (RSA case) or derive (ECC case) a symmetric key.
	   The tpm2 for private key is retrieved by KEYDATA and the
	   information used to create the symmetric key by EXTRA.

KILLTPM2D: stop the daemon

All the tpm2 primitives used by command.c are in tpm2.h and all the
tpm2 specific gunk is confined to tpm2.c, which is the only piece of
this that actually does calls into the tss library.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Changes from James' patch:

- gpgconf: The displayed name is "TPM" and not "TPM2".  That
  string is used by GUIs and should be something the user
  understands.  For example we also use "network" instead
  of "Dirmngr".
- Removed some commented includes.
- Use 16 as emulation of GPG_ERR_SOURCE_TPM2.
- Silenced a C90 compiler warning and flags unused parameters.
- Removed "if HAVE_LIBS" from tpm2/Makefile.am and add missing
  files so that make distcheck works.

Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 46 insertions, 0 deletions

diff --git a/configure.ac b/configure.ac
index 9be4d472e..c67aaf87d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -101,6 +101,7 @@ have_gnutls=no
 have_sqlite=no
 have_npth=no
 have_libusb=no
+have_libtss=no
 have_system_resolver=no
 gnupg_have_ldap="n/a"
 
@@ -184,6 +185,15 @@ show_gnupg_scdaemon_pgm="(default)"
 test -n "$GNUPG_SCDAEMON_PGM" && show_gnupg_scdaemon_pgm="$GNUPG_SCDAEMON_PGM"
 
 
+AC_ARG_WITH(tpm2daemon-pgm,
+    [  --with-tpm2daemon-pgm=PATH  Use PATH as the default for the tpm2daemon)],
+          GNUPG_TPM2DAEMON_PGM="$withval", GNUPG_TPM2DAEMON_PGM="" )
+AC_SUBST(GNUPG_TPM2DAEMON_PGM)
+AM_CONDITIONAL(GNUPG_TPM2DAEMON_PGM, test -n "$GNUPG_TPM2DAEMON_PGM")
+show_gnupg_tpm2daemon_pgm="(default)"
+test -n "$GNUPG_TPM2DAEMON_PGM" && show_gnupg_tpm2daemon_pgm="$GNUPG_TPM2DAEMON_PGM"
+
+
 AC_ARG_WITH(dirmngr-pgm,
     [  --with-dirmngr-pgm=PATH  Use PATH as the default for the dirmngr)],
           GNUPG_DIRMNGR_PGM="$withval", GNUPG_DIRMNGR_PGM="" )
@@ -1581,6 +1591,33 @@ AC_SUBST(NETLIBS)
 AC_SUBST(W32SOCKLIBS)
 
 #
+# TPM libtss library .. don't compile TPM support if we don't have it
+#
+_save_libs="$LIBS"
+_save_cflags="$CFLAGS"
+LIBS=""
+AC_SEARCH_LIBS([TSS_Create], [tss ibmtss],have_libtss=yes,)
+if test "$have_libtss" = yes; then
+    LIBTSS_CFLAGS="-DTPM_POSIX"
+    CFLAGS="$CFLAGS ${LIBTSS_CFLAGS}"
+    AC_CHECK_HEADER([tss2/tss.h],[AC_DEFINE(TSS_INCLUDE,tss2, [tss2 include location])], [
+	AC_CHECK_HEADER([ibmtss/tss.h],[AC_DEFINE(TSS_INCLUDE,ibmtss, [ibmtss include location])], [
+            AC_MSG_WARN([No TSS2 include directory found, disabling TPM support])
+	    have_libtss=no
+	])
+    ])
+    LIBTSS_LIBS=$LIBS
+    AC_DEFINE(HAVE_LIBTSS, 1, [Defined if we have TPM2 support library])
+    AC_SUBST(TSS_INCLUDE)
+fi
+LIBS="$_save_libs"
+CFLAGS="$_save_cflags"
+AC_SUBST(LIBTSS_LIBS)
+AC_SUBST(LIBTSS_CFLAGS)
+AM_CONDITIONAL(HAVE_LIBTSS, test "$have_libtss" = yes)
+AC_SUBST(HAVE_LIBTSS)
+
+#
 # Setup gcc specific options
 #
 USE_C99_CFLAGS=
@@ -1845,6 +1882,10 @@ AC_DEFINE_UNQUOTED(GPG_AGENT_NAME, "gpg-agent", [The name of the agent])
 AC_DEFINE_UNQUOTED(GPG_AGENT_DISP_NAME, "GPG Agent",
                                         [The displayed name of gpg-agent])
 
+AC_DEFINE_UNQUOTED(TPM2DAEMON_NAME, "tpm2daemon", [The name of the TPM2 daemon])
+AC_DEFINE_UNQUOTED(TPM2DAEMON_DISP_NAME, "TPM2 Daemon",
+                                       [The displayed name of TPM2 daemon])
+
 AC_DEFINE_UNQUOTED(SCDAEMON_NAME, "scdaemon", [The name of the scdaemon])
 AC_DEFINE_UNQUOTED(SCDAEMON_DISP_NAME, "SCDaemon",
                                        [The displayed name of scdaemon])
@@ -1880,6 +1921,8 @@ AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon",
                    [The name of the SCdaemon socket])
 AC_DEFINE_UNQUOTED(KEYBOXD_SOCK_NAME, "S.keyboxd",
                    [The name of the keyboxd socket])
+AC_DEFINE_UNQUOTED(TPM2DAEMON_SOCK_NAME, "S.tpm2daemon",
+                   [The name of the TPM2 daemon socket])
 AC_DEFINE_UNQUOTED(DIRMNGR_SOCK_NAME, "S.dirmngr",
                    [The name of the dirmngr socket])
 AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER,
@@ -2040,6 +2083,7 @@ g10/Makefile
 sm/Makefile
 agent/Makefile
 scd/Makefile
+tpm2d/Makefile
 g13/Makefile
 dirmngr/Makefile
 tools/Makefile
@@ -2086,6 +2130,7 @@ echo "
         Default pinentry:  $show_gnupg_pinentry_pgm
         Default scdaemon:  $show_gnupg_scdaemon_pgm
         Default keyboxd:   $show_gnupg_keyboxd_pgm
+        Default tpm2daemon: $show_gnupg_tpm2daemon_pgm
         Default dirmngr:   $show_gnupg_dirmngr_pgm
 
         Dirmngr auto start:  $dirmngr_auto_start
@@ -2094,6 +2139,7 @@ echo "
         TLS support:         $use_tls_library
         TOFU support:        $use_tofu
         Tor support:         $show_tor_support
+        TPM support:         $have_libtss
 "
 if test "x${gpg_config_script_warn}" != x; then
 cat <<G10EOF