1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
gnupg/agent/tpm2.h
James Bottomley 72ece35fb7
tpm2: add handling for elliptic curve keys
* agent/divert-tpm2.c: Support ECC.

--
This adds handling for the way gnupg does elliptic keys, namely ECDSA
for signatures and using ECDH with an ephemeral key to generate an
encrypted message.  The main problem is that the TPM2 usually has a
very small list of built in curves and it won't handle any others.
Thanks to TCG mandates, all TPM2 systems in the USA should come with
NIST P-256, but do not come with the Bernstien curve 25519, so the
only way to use the TPM2 to protect an elliptic curve key is first to
create it with a compatible algorithm.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2018-03-09 10:15:25 +01:00

28 lines
1.0 KiB
C

#ifndef _TPM2_H
#define _TPM2_H
#include <tss2/tss.h>
#define TSS2_LIB "libtss.so.0"
#define TPM2_PARENT 0x81000001
int tpm2_start(TSS_CONTEXT **tssc);
void tpm2_end(TSS_CONTEXT *tssc);
void tpm2_flush_handle(TSS_CONTEXT *tssc, TPM_HANDLE h);
int tpm2_load_key(TSS_CONTEXT *tssc, const unsigned char *shadow_info,
TPM_HANDLE *key, TPMI_ALG_PUBLIC *type);
int tpm2_sign(ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
TPMI_ALG_PUBLIC type,
const unsigned char *digest, size_t digestlen,
unsigned char **r_sig, size_t *r_siglen);
int tpm2_import_key(ctrl_t ctrl, TSS_CONTEXT *tssc, char *pub, int *pub_len,
char *priv, int *priv_len, gcry_sexp_t s_skey);
int tpm2_rsa_decrypt(ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
const char *ciphertext, int ciphertext_len,
char **decrypt, size_t *decrypt_len);
int tpm2_ecc_decrypt(ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
const char *ciphertext, int ciphertext_len,
char **decrypt, size_t *decrypt_len);
#endif