tpm_unseal.3

来自「IBM开发的TPM的驱动, 有少量的例子可以供参考」· 3 代码 · 共 71 行

.\" Copyright 2004 IBM (Jeff Kravitz)
.\"
.\" Written Feb 11 2004, Jeff Kravitz
.\"
.TH "TPM_Unseal" 3  2004-04-15 "IBM" "TPM Library"
.SH NAME
TPM_Unseal
.SH SYNOPSIS
.nf
.B #include <tpmfunc.h>
.sp
.BR "uint32_t TPM_Unseal(uint32_t keyhandle,"
                  unsigned char *keyauth,
                  unsigned char *dataauth,
                  unsigned char *blob, unsigned int bloblen,
                  unsigned char *rawdata, unsigned int *datalen)
.fi
.SH DESCRIPTION
The \fBTPM_Unseal()\fP function performs a public key decryption operation
using a TPM loaded key, on data previously sealed using the \fBTPM_Seal()\fP or
\fBTPM_SealCurrPCR()\fP functions.
.SH ARGUMENTS
The arguments include...
.TP 10
.B keyhandle
The handle of the key used to decrypt the data. This is usually obtained
from \fBTPM_LoadKey()\fP. This key must be a storage (encryption) key.
.TP 10
.B keyauth
A pointer to the authorization data for the key
(a 20 byte value which is usually calculated as the hash of a password).
If NULL, it will be assumed that no password is required.
.TP 10
.B dataauth
A pointer to the authorization data for the data itself
(a 20 byte value which is usually calculated as the hash of a password).
If NULL, it will be assumed that no password is required.
.TP 10
.B blob
A pointer to the sealed data to be decrypted.
.TP 10
.B bloblen
An integer containing the length of the sealed data to be decrypted.
.TP 10
.B rawdata
A pointer to an area to receive the decrypted data.
.TP 10
.B datalen
A pointer to an integer which will receive the length of the decrypted data.
.SH NOTES
The \fBTPM_Unseal\fP function
does not perform blocking of data.
Blocking and unblocking
must be performed by the calling program.
.P
The area receiving the decrypted data must be the size of the maximum key modulus,
as no buffer overflow checking is performed.  For current TPM usage, a length
of 256 bytes is the maximum.
.P
The unseal operation will only succeed if the PCR registers specified at the time
the data was sealed contain the same values specified at that time.  If the PCR values
have changed, or the unseal operation is attempted on a different TPM than the one
performing the seal, the unseal operation will fail.
.SH "RETURN VALUE"
0 if the operation is successful. non-zero otherwise.
The non zero value can be converted to an error message via the function \fBTPM_GetErrMsg()\fP.
.SH "SEE ALSO"
.BR TPM_Seal(3) , TPM_SealCurrPCR(3) , TPM_LoadKey(3) , TPM_GetErrMsg(3) .
.SH AUTHOR
Jeff Kravitz, IBM T.J. Watson Research Center