mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-06 00:00:47 -04:00
libtpmtss: Initialize library from all users
Previously, only the tpm plugin initialized the library, so in order to use a TPM 2.0 (a required TCTI library is loaded via init), it was necessary to load it even if none of its actual features were used.
This commit is contained in:
Tobias Brunner
parent
6c1210dcf6
commit
5126e7c0fc
@ -137,7 +137,6 @@ static void exit_aikgen(err_t message, ...)
|
|||||||
fprintf(stderr, "aikgen error: %s\n", m);
|
fprintf(stderr, "aikgen error: %s\n", m);
|
||||||
status = -1;
|
status = -1;
|
||||||
}
|
}
|
||||||
library_deinit();
|
|
||||||
exit(status);
|
exit(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -194,17 +193,23 @@ int main(int argc, char *argv[])
|
|||||||
chunk_t aik_blob;
|
chunk_t aik_blob;
|
||||||
hasher_t *hasher;
|
hasher_t *hasher;
|
||||||
|
|
||||||
atexit(library_deinit);
|
|
||||||
if (!library_init(NULL, "aikgen"))
|
if (!library_init(NULL, "aikgen"))
|
||||||
{
|
{
|
||||||
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
|
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
|
||||||
}
|
}
|
||||||
|
atexit(library_deinit);
|
||||||
if (lib->integrity &&
|
if (lib->integrity &&
|
||||||
!lib->integrity->check_file(lib->integrity, "aikgen", argv[0]))
|
!lib->integrity->check_file(lib->integrity, "aikgen", argv[0]))
|
||||||
{
|
{
|
||||||
fprintf(stderr, "integrity check of aikgen failed\n");
|
fprintf(stderr, "integrity check of aikgen failed\n");
|
||||||
exit(SS_RC_DAEMON_INTEGRITY);
|
exit(SS_RC_DAEMON_INTEGRITY);
|
||||||
}
|
}
|
||||||
|
if (!libtpmtss_init())
|
||||||
|
{
|
||||||
|
fprintf(stderr, "libtpmtss initialization failed\n");
|
||||||
|
exit(SS_RC_INITIALIZATION_FAILED);
|
||||||
|
}
|
||||||
|
atexit(libtpmtss_deinit);
|
||||||
|
|
||||||
/* initialize global variables */
|
/* initialize global variables */
|
||||||
options = options_create();
|
options = options_create();
|
||||||
|
|||||||
@ -132,7 +132,7 @@ bool libimcv_init(bool is_imv)
|
|||||||
if (lib)
|
if (lib)
|
||||||
{
|
{
|
||||||
/* did main program initialize libstrongswan? */
|
/* did main program initialize libstrongswan? */
|
||||||
if (libstrongswan_ref == 0)
|
if (!ref_cur(&libstrongswan_ref))
|
||||||
{
|
{
|
||||||
ref_get(&libstrongswan_ref);
|
ref_get(&libstrongswan_ref);
|
||||||
}
|
}
|
||||||
@ -171,10 +171,12 @@ bool libimcv_init(bool is_imv)
|
|||||||
lib->settings->add_fallback(lib->settings, "%s.plugins", "libimcv.plugins",
|
lib->settings->add_fallback(lib->settings, "%s.plugins", "libimcv.plugins",
|
||||||
lib->ns);
|
lib->ns);
|
||||||
|
|
||||||
if (libimcv_ref == 0)
|
if (!ref_cur(&libimcv_ref))
|
||||||
{
|
{
|
||||||
char *uri, *script;
|
char *uri, *script;
|
||||||
|
|
||||||
|
libtpmtss_init();
|
||||||
|
|
||||||
/* initialize the PA-TNC attribute manager */
|
/* initialize the PA-TNC attribute manager */
|
||||||
imcv_pa_tnc_attributes = pa_tnc_attr_manager_create();
|
imcv_pa_tnc_attributes = pa_tnc_attr_manager_create();
|
||||||
imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_IETF,
|
imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_IETF,
|
||||||
@ -246,6 +248,8 @@ void libimcv_deinit(void)
|
|||||||
DESTROY_IF(imcv_db);
|
DESTROY_IF(imcv_db);
|
||||||
DESTROY_IF(imcv_sessions);
|
DESTROY_IF(imcv_sessions);
|
||||||
DBG1(DBG_LIB, "libimcv terminated");
|
DBG1(DBG_LIB, "libimcv terminated");
|
||||||
|
|
||||||
|
libtpmtss_deinit();
|
||||||
}
|
}
|
||||||
if (ref_put(&libstrongswan_ref))
|
if (ref_put(&libstrongswan_ref))
|
||||||
{
|
{
|
||||||
|
|||||||
@ -24,12 +24,22 @@
|
|||||||
#include "plugin_constructors.c"
|
#include "plugin_constructors.c"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reference counter for library initialization
|
||||||
|
*/
|
||||||
|
static refcount_t libtpmtss_ref = 0;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Described in header.
|
* Described in header.
|
||||||
*/
|
*/
|
||||||
bool libtpmtss_init(void)
|
bool libtpmtss_init(void)
|
||||||
{
|
{
|
||||||
return tpm_tss_tss2_init();
|
if (ref_cur(&libtpmtss_ref) || tpm_tss_tss2_init())
|
||||||
|
{
|
||||||
|
ref_get(&libtpmtss_ref);
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -37,7 +47,10 @@ bool libtpmtss_init(void)
|
|||||||
*/
|
*/
|
||||||
void libtpmtss_deinit(void)
|
void libtpmtss_deinit(void)
|
||||||
{
|
{
|
||||||
tpm_tss_tss2_deinit();
|
if (ref_cur(&libtpmtss_ref) && ref_put(&libtpmtss_ref))
|
||||||
|
{
|
||||||
|
tpm_tss_tss2_deinit();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
typedef tpm_tss_t*(*tpm_tss_create)(void);
|
typedef tpm_tss_t*(*tpm_tss_create)(void);
|
||||||
|
|||||||
@ -192,22 +192,22 @@ struct tpm_tss_t {
|
|||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a tpm_tss instance.
|
* Initialize libtpmtss
|
||||||
*
|
|
||||||
* @param version TPM version that must be supported by TSS
|
|
||||||
*/
|
|
||||||
tpm_tss_t *tpm_tss_probe(tpm_version_t version);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* libtpmtss initialization function
|
|
||||||
*
|
*
|
||||||
* @return TRUE if initialization was successful
|
* @return TRUE if initialization was successful
|
||||||
*/
|
*/
|
||||||
bool libtpmtss_init(void);
|
bool libtpmtss_init(void);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* libtpmtss de-initialization function
|
* Deinitialize libtpmtss
|
||||||
*/
|
*/
|
||||||
void libtpmtss_deinit(void);
|
void libtpmtss_deinit(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create a tpm_tss instance.
|
||||||
|
*
|
||||||
|
* @param version TPM version that must be supported by TSS
|
||||||
|
*/
|
||||||
|
tpm_tss_t *tpm_tss_probe(tpm_version_t version);
|
||||||
|
|
||||||
#endif /** TPM_TSS_H_ @}*/
|
#endif /** TPM_TSS_H_ @}*/
|
||||||
|
|||||||
@ -117,7 +117,6 @@ static void exit_tpm_extendpcr(err_t message, ...)
|
|||||||
fprintf(stderr, "tpm_extendpcr error: %s\n", m);
|
fprintf(stderr, "tpm_extendpcr error: %s\n", m);
|
||||||
status = -1;
|
status = -1;
|
||||||
}
|
}
|
||||||
library_deinit();
|
|
||||||
exit(status);
|
exit(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -166,17 +165,23 @@ int main(int argc, char *argv[])
|
|||||||
uint32_t pcr = 16;
|
uint32_t pcr = 16;
|
||||||
bool hash = FALSE;
|
bool hash = FALSE;
|
||||||
|
|
||||||
atexit(library_deinit);
|
|
||||||
if (!library_init(NULL, "tpm_extendpcr"))
|
if (!library_init(NULL, "tpm_extendpcr"))
|
||||||
{
|
{
|
||||||
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
|
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
|
||||||
}
|
}
|
||||||
|
atexit(library_deinit);
|
||||||
if (lib->integrity &&
|
if (lib->integrity &&
|
||||||
!lib->integrity->check_file(lib->integrity, "tpm_extendpcr", argv[0]))
|
!lib->integrity->check_file(lib->integrity, "tpm_extendpcr", argv[0]))
|
||||||
{
|
{
|
||||||
fprintf(stderr, "integrity check of tpm_extendpcr failed\n");
|
fprintf(stderr, "integrity check of tpm_extendpcr failed\n");
|
||||||
exit(SS_RC_DAEMON_INTEGRITY);
|
exit(SS_RC_DAEMON_INTEGRITY);
|
||||||
}
|
}
|
||||||
|
if (!libtpmtss_init())
|
||||||
|
{
|
||||||
|
fprintf(stderr, "libtpmtss initialization failed\n");
|
||||||
|
exit(SS_RC_INITIALIZATION_FAILED);
|
||||||
|
}
|
||||||
|
atexit(libtpmtss_deinit);
|
||||||
|
|
||||||
for (;;)
|
for (;;)
|
||||||
{
|
{
|
||||||
@ -250,7 +255,7 @@ int main(int argc, char *argv[])
|
|||||||
|
|
||||||
if (!lib->plugins->load(lib->plugins,
|
if (!lib->plugins->load(lib->plugins,
|
||||||
lib->settings->get_str(lib->settings, "tpm_extendpcr.load",
|
lib->settings->get_str(lib->settings, "tpm_extendpcr.load",
|
||||||
"tpm sha1 sha2")))
|
"sha1 sha2")))
|
||||||
{
|
{
|
||||||
exit_tpm_extendpcr("plugin loading failed");
|
exit_tpm_extendpcr("plugin loading failed");
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user