diff --git a/java/src/com/example/LibTest.java b/java/src/com/example/LibTest.java index 034e450e..1ef0371e 100644 --- a/java/src/com/example/LibTest.java +++ b/java/src/com/example/LibTest.java @@ -232,6 +232,7 @@ public static void main(String argv[]) { System.out.println("OpenConnect version: " + lib.getVersion()); System.out.println(" PKCS=" + lib.hasPKCS11Support() + ", TSS=" + lib.hasTSSBlobSupport() + + ", TSS2=" + lib.hasTSS2BlobSupport() + ", STOKEN=" + lib.hasStokenSupport() + ", OATH=" + lib.hasOATHSupport() + ", YUBIOATH=" + lib.hasYubiOATHSupport()); diff --git a/java/src/org/infradead/libopenconnect/LibOpenConnect.java b/java/src/org/infradead/libopenconnect/LibOpenConnect.java index b63675f2..a41e99b3 100644 --- a/java/src/org/infradead/libopenconnect/LibOpenConnect.java +++ b/java/src/org/infradead/libopenconnect/LibOpenConnect.java @@ -176,6 +176,7 @@ public synchronized native void setMobileInfo(String mobilePlatformVersion, public static native String getVersion(); public static native boolean hasPKCS11Support(); public static native boolean hasTSSBlobSupport(); + public static native boolean hasTSS2BlobSupport(); public static native boolean hasStokenSupport(); public static native boolean hasOATHSupport(); public static native boolean hasYubiOATHSupport(); diff --git a/jni.c b/jni.c index be170bcc..4d6685e4 100644 --- a/jni.c +++ b/jni.c @@ -925,6 +925,12 @@ JNIEXPORT jboolean JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_hasT return openconnect_has_tss_blob_support(); } +JNIEXPORT jboolean JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_hasTSS2BlobSupport( + JNIEnv *jenv, jclass jcls) +{ + return openconnect_has_tss2_blob_support(); +} + JNIEXPORT jboolean JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_hasStokenSupport( JNIEnv *jenv, jclass jcls) { diff --git a/libopenconnect.map.in b/libopenconnect.map.in index 1f297268..9b0b86c7 100644 --- a/libopenconnect.map.in +++ b/libopenconnect.map.in @@ -98,6 +98,7 @@ OPENCONNECT_5_5 { openconnect_get_protocol; openconnect_get_supported_protocols; openconnect_free_supported_protocols; + openconnect_has_tss2_blob_support; } OPENCONNECT_5_4; OPENCONNECT_PRIVATE { diff --git a/library.c b/library.c index 303278ee..eb657ded 100644 --- a/library.c +++ b/library.c @@ -730,6 +730,24 @@ int openconnect_has_tss_blob_support(void) return 0; } +int openconnect_has_tss2_blob_support(void) +{ +#if defined(OPENCONNECT_OPENSSL) && defined(HAVE_ENGINE) + ENGINE *e; + + ENGINE_load_builtin_engines(); + + e = ENGINE_by_id("tpm2"); + if (e) { + ENGINE_free(e); + return 1; + } +#elif defined(OPENCONNECT_GNUTLS) && defined(HAVE_TSS2) + return 1; +#endif + return 0; +} + int openconnect_has_stoken_support(void) { #ifdef HAVE_LIBSTOKEN diff --git a/main.c b/main.c index d2e21c07..510f1778 100644 --- a/main.c +++ b/main.c @@ -592,6 +592,10 @@ static void print_build_opts(void) printf("%sTPM", sep); sep = comma; } + if (openconnect_has_tss2_blob_support()) { + printf("%sTPMv2", sep); + sep = comma; + } #if defined(OPENCONNECT_OPENSSL) && defined(HAVE_ENGINE) else { printf("%sTPM (%s)", sep, _("OpenSSL ENGINE not present")); diff --git a/openconnect.h b/openconnect.h index 74a5124a..eab45f3a 100644 --- a/openconnect.h +++ b/openconnect.h @@ -37,6 +37,7 @@ extern "C" { /* * API version 5.5: + * - Add openconnect_has_tss2_blob_support() * - Add openconnect_get_supported_protocols() * - Add openconnect_free_supported_protocols() * - Add openconnect_get_protocol() @@ -654,9 +655,9 @@ void openconnect_set_stats_handler(struct openconnect_info *vpninfo, int openconnect_has_pkcs11_support(void); /* The OpenSSL TPM ENGINE stores keys in a PEM file labelled with the string - -----BEGIN TSS KEY BLOB-----. GnuTLS may learn to support this format too, - in the near future. */ + -----BEGIN TSS KEY BLOB-----. */ int openconnect_has_tss_blob_support(void); +int openconnect_has_tss2_blob_support(void); /* Software token capabilities. */ int openconnect_has_stoken_support(void);