tpm_sign.3

IBM开发的TPM的驱动, 有少量的例子可以供参考

.\" Copyright 2004 IBM (Jeff Kravitz)
.\"
.\" Written Jan 29 2004, Jeff Kravitz
.\"
.TH "TPM_Sign" 3  2004-04-15 "IBM" "TPM Library"
.SH NAME
TPM_Sign
.SH SYNOPSIS
.nf
.B #include <tpmfunc.h>
.sp
.BR "uint32_t TPM_Sign" "(uint32_t keyhandle,"
                  unsigned char *keyauth,
                  unsigned char *data,int datalen,
                  unsigned char *sigblob, unsigned int *siglen)
.fi
.SH DESCRIPTION
The \fBTPM_Sign()\fP function performs a cryptographic signature operation
using a loaded key.
.SH ARGUMENTS
The arguments include...
.TP 10
.B keyhandle
The handle of the key to be used for signing.
This is usually obtained from \fBTPM_LoadKey()\fP.
.TP 10
.B keyauth
A pointer to the key authorization data
(a 20 byte value which is usually calculated as the hash of a password).
If NULL, it will be assumed that no password is required.
.TP 10
.B data
A pointer to the data to be signed (usually a hash of the actual data).
.TP 10
.B datalen
The length of the data being signed.
.TP 10
.B sigblob
A pointer to an area to receive the signature.
.TP 10
.B siglen
A pointer to an integer to receive the size of the signature.
.SH NOTES
.P
The area receiving the signature must be the size of the maximum signature,
as no buffer overflow checking is performed.  For current TPM usage, signatures
of 256 bytes are the maximum.
.P
The data being signed must be no longer than the size of the
key being used to sign it.  Normal public key signatures do not actually sign the cleartext
data, but sign a cryptographic hash of the cleartext.  The hash may be calculated
using the \fBTSS_sha1()\fP function, if the data is one contiguous area of memory.  If
the data cannot fit in memory, or must be hashed in non-contiguous pieces, then
the OpenSSL hash functions should be used.
.P
The key handle must reference a signing key, not an encryption key.
.P
If the key being used for the signing operation was created with the option that specifies
that no password is required for use, then the pointer to the authorization data
must be NULL.
.SH "RETURN VALUE"
0 if the operation is successful. non-zero otherwise.
The non zero value can be converted to an error message via the function \fBTPM_GetErrMsg()\fP.
.SH "SEE ALSO"
.BR TPM_LoadKey(3) , TSS_sha1(3) , TPM_GetErrMsg(3) .
.SH AUTHOR
Jeff Kravitz, IBM T.J. Watson Research Center