tpm_seal.3

IBM开发的TPM的驱动, 有少量的例子可以供参考

.\" Copyright 2004 IBM (Jeff Kravitz)
.\"
.\" Written Feb 11 2004, Jeff Kravitz
.\"
.TH "TPM_Seal" 3  2004-04-15 "IBM" "TPM Library"
.SH NAME
TPM_Seal
.SH SYNOPSIS
.nf
.B #include <tpmfunc.h>
.sp
.BR "uint32_t TPM_Seal" "(uint32_t keyhandle,"
                       unsigned char *pcrinfo, uint32_t pcrinfosize,
                       unsigned char *keyauth,
                       unsigned char *dataauth,
                       unsigned char *data, unsigned int datalen,
                       unsigned char *blob, unsigned int *bloblen)
.fi
.SH DESCRIPTION
The \fBTPM_Seal()\fP functions perform a cryptographic encryption operation,
and also allow the software to explicitly state the future "trusted" configuration
that the platform must be in for the secret to be revealed. In addition, the
data is bound to the specific TPM and cannot be unsealed by another TPM.
.SH ARGUMENTS
The arguments include...
.TP 10
.B keyhandle
The handle of the key used to seal the data. This is usually obtained
from \fBTPM_LoadKey()\fP. This key must be a storage (encryption) key. The key
cannot be migrate-able.
.TP 10
.B pcrinfo
A pointer to a \fBpcrinfo\fP structure, which specifies the PCR registers
and their contents to be used when sealing.  The \fBpcrinfo\fP structure
is described in the man page for the \fBTSS_GenPCRInfo()(\fP function.
.TP 10
.B pcrinfosize
An integer containing the length of the \fBpcrinfo\fP structure.
.TP 10
.B keyauth
A pointer to the authorization data for the key.
(a 20 byte value which is usually calculated as the hash of a password).
If NULL, it will be assumed that no password is required.
.TP 10
.B dataauth
A pointer to the authorization for the data.
(a 20 byte value which is usually calculated as the hash of a password).
If NULL, it will be assumed that no password is required.
.TP 10
.B data
A pointer to the data to be sealed.
.B datalen
The length of the data to be sealed.
.TP 10
.B blob
A pointer to an area to receive the sealed data.
.B bloblen
A pointer to an integer to receive the length of the sealed data.
.TP 10
.SH NOTES
.P
The area receiving the sealed data must be the size of the maximum sealed data,
as no buffer overflow checking is performed. A buffer of 4096 bytes is recommended.
.P
The data being sealed must be no longer than the size of the
key being used to sign it, minus some overhead.  Usually only small
objects, such as symmetric keys are sealed.
.SH "RETURN VALUE"
0 if the operation is successful. non-zero otherwise.
The non zero value can be converted to an error message via the function \fBTPM_GetErrMsg()\fP.
.SH "SEE ALSO"
.BR TPM_LoadKey(3) , TPM_Unseal(3) , TSS_GenPCRInfo(3) , TPM_GetErrMsg(3) .
.SH AUTHOR
Jeff Kravitz, IBM T.J. Watson Research Center