tpm_createwrapkey.3

来自「IBM开发的TPM的驱动, 有少量的例子可以供参考」· 3 代码 · 共 116 行

.\" Copyright 2004 IBM (Jeff Kravitz)
.\"
.\" Written Jan 29 2004, Jeff Kravitz
.\"
.TH "TPM_CreateWrapKey" 3  2004-02-11 "IBM" "TPM Library"
.SH NAME
TPM_CreateWrapKey
.SH SYNOPSIS
.nf
.B #include <tpmfunc.h>
.sp
.BR "uint32_t TPM_CreateWrapKey" "(uint32_t parhandle,"
                  unsigned char *parauth, 
                  unsigned char *keyauth,
                  unsigned char *migauth,
                  keydata *keyparms,keydata *newkey,
                  unsigned char *keyblob,
                  unsigned int *bloblen)
.fi
.SH DESCRIPTION
The \fBTPM_CreateWrapKey()\fP function generates a new key and returns
the resulting key, wrapped (encrypted) by a parent key, for external storage.
.SH ARGUMENTS
The arguments include...
.TP 10
.B parhandle
The handle of the parent key used to wrap the newly created key.
This is usually obtained
from \fBTPM_LoadKey()\fP. A handle of 0x40000000 refers to the Storage
Root Key, which is in non-volatile storage, and need not be loaded.
.TP 10
.B parauth
The parent key authorization data.
.TP 10
.B keyauth
The key authorization data.
.TP 10
.B migauth
The key migration authorization data.
.TP 10
.B keyparms
A pointer to a keydata structure containing the parameters describing
the key to be created.
.TP 10
.B newkey
A pointer to a keydata structure containing the resulting information for the newly created key.
.TP 10
.B keyblob
A pointer to an area which will receive a binary blob of the newly created key.
.TP 10
.B bloblen
A pointer to an integer which will receive the length of the new key blob.
.SH "ARGUMENT DESCRIPTIONS"
There are two arguments that contain pointers to a \fBkeydata\fP structure,
which is defined as follows...
.P
.nf
typedef struct keydata
   {
   unsigned char  version[4];
   uint16_t       keyusage;
   uint32_t       keyflags;
   unsigned char  authdatausage;
   pubkeydata     pub;
   uint32_t       privkeylen;
   unsigned char  encprivkey[1024];
   } keydata;
   
typedef struct pubkeydata
   {
   uint32_t       algorithm;
   uint16_t       encscheme;
   uint16_t       sigscheme;
   uint32_t       keybitlen;
   uint32_t       numprimes;
   uint32_t       expsize;
   unsigned char  exponent[3];
   uint32_t       keylength;
   unsigned char  modulus[256];
   uint32_t       pcrinfolen;
   unsigned char  pcrinfo[256];
   } pubkeydata;
.fi
.P
In the \fBkeyparms\fP argument, only those fields that specify
needed key parameters are required to be filled out by the calling
program.  This include the following fields...
.nh
\fBkeyusage \fP, \fBkeyflags\fP, \fBalgorithm\fP, \fBencscheme\fP, \fBkeybitlen\fP,
\fBnumprimes\fP, \fBexpsize\fP,
\fBexponent\fP, \fBkeylength\fP, \fBpcrinfolen\fP, \fBpcrinfo\fP.
.hy
For a description of the values of these fields, see the TPM specification
document.
The
.nh
\fBversion\fP, \fBprivkeylen\fP, \fBencprivkey\fP,
and 
\fBmodulus\fP
.hy
values are ignored
in the \fBkeyparms\fP argument, and are filled in by the TPM and returned
in the \fBnewkey\fP argument.
.SH NOTES
.P
All of the authorization arguments consist of
a 20 byte value which is usually calculated as the hash of a real
password.
.SH "RETURN VALUE"
0 if the operation is successful. non-zero otherwise.
The non zero value can be converted to an error message via the function \fBTPM_GetErrMsg()\fP.
.SH "SEE ALSO"
.BR TPM_LoadKey(3) , TPM_GetErrMsg(3) .
.SH AUTHOR
Jeff Kravitz, IBM T.J. Watson Research Center