Add openconnect_has_tss2_blob_support()

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/java/src/com/example/LibTest.java b/java/src/com/example/LibTest.java
index 034e450ebc3f802c1849738dd26908377c608815..1ef0371e1b902ea3e4558c71f1a1bf7106004bd3 100644 (file)
--- a/java/src/com/example/LibTest.java
+++ b/java/src/com/example/LibTest.java
@@ -232,6 +232,7 @@ public final class LibTest {
                System.out.println("OpenConnect version: " + lib.getVersion());
                System.out.println("  PKCS=" + lib.hasPKCS11Support() +
                                   ", TSS=" + lib.hasTSSBlobSupport() +
+                                  ", TSS2=" + lib.hasTSS2BlobSupport() +
                                   ", STOKEN=" + lib.hasStokenSupport() +
                                   ", OATH=" + lib.hasOATHSupport() +
                                   ", YUBIOATH=" + lib.hasYubiOATHSupport());

diff --git a/java/src/org/infradead/libopenconnect/LibOpenConnect.java b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
index b63675f265b5e85dd4c53695c7e4b5f29ea26116..a41e99b36a11486a1e65b124dfef6cb237f13071 100644 (file)
--- a/java/src/org/infradead/libopenconnect/LibOpenConnect.java
+++ b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
@@ -176,6 +176,7 @@ public abstract class LibOpenConnect {
        public static native String getVersion();
        public static native boolean hasPKCS11Support();
        public static native boolean hasTSSBlobSupport();
+       public static native boolean hasTSS2BlobSupport();
        public static native boolean hasStokenSupport();
        public static native boolean hasOATHSupport();
        public static native boolean hasYubiOATHSupport();

diff --git a/jni.c b/jni.c
index be170bcc1652b36be36766e48f8eb7d506db23bb..4d6685e48efb9cb999e55fe44aed5a3d734c29ba 100644 (file)
--- a/jni.c
+++ b/jni.c
@@ -925,6 +925,12 @@ JNIEXPORT jboolean JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_hasT
        return openconnect_has_tss_blob_support();
 }
 
+JNIEXPORT jboolean JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_hasTSS2BlobSupport(
+       JNIEnv *jenv, jclass jcls)
+{
+       return openconnect_has_tss2_blob_support();
+}
+
 JNIEXPORT jboolean JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_hasStokenSupport(
        JNIEnv *jenv, jclass jcls)
 {

diff --git a/libopenconnect.map.in b/libopenconnect.map.in
index 1f29726874009548a0bc246435abd80d12617b6d..9b0b86c7184c4af10267fdf41ec991fc0541b2ef 100644 (file)
--- a/libopenconnect.map.in
+++ b/libopenconnect.map.in
@@ -98,6 +98,7 @@ OPENCONNECT_5_5 {
        openconnect_get_protocol;
        openconnect_get_supported_protocols;
        openconnect_free_supported_protocols;
+       openconnect_has_tss2_blob_support;
 } OPENCONNECT_5_4;
 
 OPENCONNECT_PRIVATE {

diff --git a/library.c b/library.c
index 303278ee40a091c3ac2a35bbceee9f2db67190af..eb657dedbb50c10cc5014d9b2b3d422c8ab3229b 100644 (file)
--- a/library.c
+++ b/library.c
@@ -730,6 +730,24 @@ int openconnect_has_tss_blob_support(void)
        return 0;
 }
 
+int openconnect_has_tss2_blob_support(void)
+{
+#if defined(OPENCONNECT_OPENSSL) && defined(HAVE_ENGINE)
+       ENGINE *e;
+
+       ENGINE_load_builtin_engines();
+
+       e = ENGINE_by_id("tpm2");
+       if (e) {
+               ENGINE_free(e);
+               return 1;
+       }
+#elif defined(OPENCONNECT_GNUTLS) && defined(HAVE_TSS2)
+       return 1;
+#endif
+       return 0;
+}
+
 int openconnect_has_stoken_support(void)
 {
 #ifdef HAVE_LIBSTOKEN

diff --git a/main.c b/main.c
index d2e21c074d30a395a38ae3f46f3aef24990bc881..510f17783cdddb829aab076f2a6024ccddd135e4 100644 (file)
--- a/main.c
+++ b/main.c
@@ -592,6 +592,10 @@ static void print_build_opts(void)
                printf("%sTPM", sep);
                sep = comma;
        }
+       if (openconnect_has_tss2_blob_support()) {
+               printf("%sTPMv2", sep);
+               sep = comma;
+       }
 #if defined(OPENCONNECT_OPENSSL) && defined(HAVE_ENGINE)
        else {
                printf("%sTPM (%s)", sep, _("OpenSSL ENGINE not present"));

diff --git a/openconnect.h b/openconnect.h
index 74a5124a637d3a7cc26292341520eddf998391ce..eab45f3a72cf4cd3eb70068a8350e3de98db5a3c 100644 (file)
--- a/openconnect.h
+++ b/openconnect.h
@@ -37,6 +37,7 @@ extern "C" {
 
 /*
  * API version 5.5:
+ *  - Add openconnect_has_tss2_blob_support()
  *  - Add openconnect_get_supported_protocols()
  *  - Add openconnect_free_supported_protocols()
  *  - Add openconnect_get_protocol()
@@ -654,9 +655,9 @@ void openconnect_set_stats_handler(struct openconnect_info *vpninfo,
 int openconnect_has_pkcs11_support(void);
 
 /* The OpenSSL TPM ENGINE stores keys in a PEM file labelled with the string
-   -----BEGIN TSS KEY BLOB-----. GnuTLS may learn to support this format too,
-   in the near future. */
+   -----BEGIN TSS KEY BLOB-----. */
 int openconnect_has_tss_blob_support(void);
+int openconnect_has_tss2_blob_support(void);
 
 /* Software token capabilities. */
 int openconnect_has_stoken_support(void);