mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
72ece35fb7
* agent/divert-tpm2.c: Support ECC. -- This adds handling for the way gnupg does elliptic keys, namely ECDSA for signatures and using ECDH with an ephemeral key to generate an encrypted message. The main problem is that the TPM2 usually has a very small list of built in curves and it won't handle any others. Thanks to TCG mandates, all TPM2 systems in the USA should come with NIST P-256, but do not come with the Bernstien curve 25519, so the only way to use the TPM2 to protect an elliptic curve key is first to create it with a compatible algorithm. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
28 lines
1.0 KiB
C
28 lines
1.0 KiB
C
#ifndef _TPM2_H
|
|
#define _TPM2_H
|
|
|
|
#include <tss2/tss.h>
|
|
|
|
#define TSS2_LIB "libtss.so.0"
|
|
#define TPM2_PARENT 0x81000001
|
|
|
|
int tpm2_start(TSS_CONTEXT **tssc);
|
|
void tpm2_end(TSS_CONTEXT *tssc);
|
|
void tpm2_flush_handle(TSS_CONTEXT *tssc, TPM_HANDLE h);
|
|
int tpm2_load_key(TSS_CONTEXT *tssc, const unsigned char *shadow_info,
|
|
TPM_HANDLE *key, TPMI_ALG_PUBLIC *type);
|
|
int tpm2_sign(ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
|
|
TPMI_ALG_PUBLIC type,
|
|
const unsigned char *digest, size_t digestlen,
|
|
unsigned char **r_sig, size_t *r_siglen);
|
|
int tpm2_import_key(ctrl_t ctrl, TSS_CONTEXT *tssc, char *pub, int *pub_len,
|
|
char *priv, int *priv_len, gcry_sexp_t s_skey);
|
|
int tpm2_rsa_decrypt(ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
|
|
const char *ciphertext, int ciphertext_len,
|
|
char **decrypt, size_t *decrypt_len);
|
|
int tpm2_ecc_decrypt(ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
|
|
const char *ciphertext, int ciphertext_len,
|
|
char **decrypt, size_t *decrypt_len);
|
|
|
|
#endif
|