tpm2-common: move public key conversion and name algorithm to common

Preparatory to adding signed policies, we need access to the routines that convert openssl public keys to TPM ones and generate names so they can be used in the signed policy handling routines. Moving this across also necessitates moving the name algorithm (and openssl error printing) to common code. Also abstract tpm2_md() for converting between EVP hash algorithms and TPM_ALG_... names. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
author: James Bottomley <James.Bottomley@HansenPartnership.com> 2022-12-05 12:22:31 -0500
committer: James Bottomley <James.Bottomley@HansenPartnership.com> 2023-01-11 10:00:21 -0500
commit: d1baa7aefc9099815ee7487550c6462e6a7f55a0 (patch)
tree: e44c7a331920f86b94c746c6b993443c5a3bd433
parent: f0c9d175a33fea175f2e6b5bf237f82c6b75fdab (diff)
download: openssl_tpm2_engine-d1baa7aefc9099815ee7487550c6462e6a7f55a0.tar.gz
6 files changed, 253 insertions, 252 deletions
diff --git a/create_tpm2_key.c b/create_tpm2_key.c
index d73071e..fc710b6 100644
--- a/create_tpm2_key.c
+++ b/create_tpm2_key.c
@@ -56,8 +56,6 @@ static struct option long_options[] = {
 	{0, 0, 0, 0}
 };
 
-static TPM_ALG_ID name_alg = TPM_ALG_SHA256;
-
 void
 usage(char *argv0)
 {
@@ -104,50 +102,6 @@ usage(char *argv0)
 	exit(-1);
 }
 
-void
-openssl_print_errors()
-{
-	ERR_load_ERR_strings();
-	ERR_load_crypto_strings();
-	ERR_print_errors_fp(stderr);
-}
-
-TPM_RC tpm2_ObjectPublic_GetName(NAME_2B *name,
-				 TPMT_PUBLIC *tpmtPublic)
-{
-	TPM_RC rc = 0;
-	uint16_t written = 0;
-	TPMT_HA digest;
-	uint32_t sizeInBytes;
-	uint8_t buffer[MAX_RESPONSE_SIZE];
-
-	/* marshal the TPMT_PUBLIC */
-	if (rc == 0) {
-		INT32 size = MAX_RESPONSE_SIZE;
-		uint8_t *buffer1 = buffer;
-		rc = TSS_TPMT_PUBLIC_Marshal(tpmtPublic, &written, &buffer1, &size);
-	}
-	/* hash the public area */
-	if (rc == 0) {
-		sizeInBytes = TSS_GetDigestSize(tpmtPublic->nameAlg);
-		digest.hashAlg = tpmtPublic->nameAlg;	/* Name digest algorithm */
-		/* generate the TPMT_HA */
-		rc = TSS_Hash_Generate(&digest,
-				       written, buffer,
-				       0, NULL);
-	}
-	if (rc == 0) {
-		/* copy the digest */
-		memcpy(name->name + sizeof(TPMI_ALG_HASH), (uint8_t *)&digest.digest, sizeInBytes);
-		/* copy the hash algorithm */
-		TPMI_ALG_HASH nameAlgNbo = htons(tpmtPublic->nameAlg);
-		memcpy(name->name, (uint8_t *)&nameAlgNbo, sizeof(TPMI_ALG_HASH));
-		/* set the size */
-		name->size = sizeInBytes + sizeof(TPMI_ALG_HASH);
-	}
-	return rc;
-}
-
 /*
  * Cut down version of Part 4 Supporting Routines 7.6.3.10
  *
@@ -433,175 +387,6 @@ openssl_read_key(char *filename)
         return pkey;
 }
 
-EVP_PKEY *
-openssl_read_public_key(char *filename)
-{
-        BIO *b = NULL;
-	EVP_PKEY *pkey;
-
-        b = BIO_new_file(filename, "r");
-        if (b == NULL) {
-                fprintf(stderr, "Error opening file for read: %s\n", filename);
-                return NULL;
-        }
-
-        if ((pkey = PEM_read_bio_PUBKEY(b, NULL, NULL, NULL)) == NULL) {
-                fprintf(stderr, "Reading key %s from disk failed.\n", filename);
-                openssl_print_errors();
-        }
-	BIO_free(b);
-
-        return pkey;
-}
-
-void tpm2_public_template_rsa(TPMT_PUBLIC *pub)
-{
-	pub->type = TPM_ALG_RSA;
-	pub->nameAlg = name_alg;
-	/* note: all our keys are decrypt only.  This is because
-	 * we use the TPM2_RSA_Decrypt operation for both signing
-	 * and decryption (see e_tpm2.c for details) */
-	VAL(pub->objectAttributes) =
-		TPMA_OBJECT_DECRYPT |
-		TPMA_OBJECT_USERWITHAUTH;
-	VAL_2B(pub->authPolicy, size) = 0;
-	pub->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL;
-	pub->parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
-}
-
-void tpm2_public_template_ecc(TPMT_PUBLIC *pub, TPMI_ECC_CURVE curve)
-{
-	pub->type = TPM_ALG_ECC;
-	pub->nameAlg = name_alg;
-	/* note: all our keys are decrypt only.  This is because
-	 * we use the TPM2_RSA_Decrypt operation for both signing
-	 * and decryption (see e_tpm2.c for details) */
-	VAL(pub->objectAttributes) =
-		TPMA_OBJECT_SIGN |
-		TPMA_OBJECT_DECRYPT |
-		TPMA_OBJECT_USERWITHAUTH;
-	VAL_2B(pub->authPolicy, size) = 0;
-	pub->parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL;
-	pub->parameters.eccDetail.scheme.scheme = TPM_ALG_NULL;
-	pub->parameters.eccDetail.curveID = curve;
-	pub->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
-	VAL_2B(pub->unique.ecc.x, size) = 0;
-	VAL_2B(pub->unique.ecc.y, size) = 0;
-}
-
-TPM_RC openssl_to_tpm_public_ecc(TPMT_PUBLIC *pub, EVP_PKEY *pkey)
-{
-	EC_KEY *eck = EVP_PKEY_get1_EC_KEY(pkey);
-	const EC_GROUP *g = EC_KEY_get0_group(eck);
-	const EC_POINT *P;
-	TPMI_ECC_CURVE curve = tpm2_get_curve_name(g);
-	TPM_RC rc = TPM_RC_CURVE;
-	BN_CTX *ctx = NULL;
-	BIGNUM *x, *y;
-
-	if (curve == TPM_ECC_NONE) {
-		fprintf(stderr, "TPM does not support the curve in this EC key\n");
-		goto err;
-	}
-	tpm2_public_template_ecc(pub, curve);
-	P = EC_KEY_get0_public_key(eck);
-
-	if (!P) {
-		fprintf(stderr, "No public key available\n");
-		goto err;
-	}
-
-	ctx = BN_CTX_new();
-	if (!ctx) {
-		fprintf(stderr, "Unable to allocate context\n");
-		goto err;
-	}
-
-	BN_CTX_start(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	if (!x || !y) {
-		fprintf(stderr, "Unable to allocate co-ordinates\n");
-		goto err;
-	}
-	if (!EC_POINT_get_affine_coordinates_GFp(g, P, x, y, ctx)) {
-		fprintf(stderr, "Unable to get public key co-ordinates\n");
-		goto err;
-	}
-
-	VAL_2B(pub->unique.ecc.x, size) =
-		BN_bn2bin(x, VAL_2B(pub->unique.ecc.x, buffer));
-	VAL_2B(pub->unique.ecc.y, size) =
-		BN_bn2bin(y, VAL_2B(pub->unique.ecc.y, buffer));
-
-	rc = TPM_RC_SUCCESS;
-
- err:
-	if (ctx) {
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-	}
-	EC_KEY_free(eck);
-
-	return rc;
-}
-
-TPM_RC openssl_to_tpm_public_rsa(TPMT_PUBLIC *pub, EVP_PKEY *pkey)
-{
-	RSA *rsa = EVP_PKEY_get1_RSA(pkey);
-	const BIGNUM *n, *e;
-	int size = RSA_size(rsa);
-	unsigned long exp;
-	TPM_RC rc = TPM_RC_KEY_SIZE;
-
-	if (size > MAX_RSA_KEY_BYTES)
-		goto err;
-
-#if OPENSSL_VERSION_NUMBER < 0x10100000
-	n = rsa->n;
-	e = rsa->e;
-#else
-	RSA_get0_key(rsa, &n, &e, NULL);
-#endif
-	exp = BN_get_word(e);
-	/* TPM limitations means exponents must be under a word in size */
-	if (exp == 0xffffffffL)
-		goto err;
-	tpm2_public_template_rsa(pub);
-	pub->parameters.rsaDetail.keyBits = size*8;
-	/* zero means standard exponent.  Some TPM chips will
-	 * reject a non standard exponent */
-	if (exp == 0x10001)
-		pub->parameters.rsaDetail.exponent = 0;
-	else
-		pub->parameters.rsaDetail.exponent = exp;
-
-	VAL_2B(pub->unique.rsa, size) =
-		BN_bn2bin(n, VAL_2B(pub->unique.rsa, buffer));
-
-	rc = 0;
- err:
-	RSA_free(rsa);
-
-	return rc;
-}
-
-TPM_RC openssl_to_tpm_public(TPM2B_PUBLIC *pub, EVP_PKEY *pkey)
-{
-	TPMT_PUBLIC *tpub = &pub->publicArea;
-	pub->size = sizeof(*pub);
-
-	switch (EVP_PKEY_type(EVP_PKEY_id(pkey))) {
-	case EVP_PKEY_RSA:
-		return openssl_to_tpm_public_rsa(tpub, pkey);
-	case EVP_PKEY_EC:
-		return openssl_to_tpm_public_ecc(tpub, pkey);
-	default:
-		break;
-	}
-	return TPM_RC_ASYMMETRIC;
-}
-
 TPM_RC openssl_to_tpm_private_ecc(TPMT_SENSITIVE *s, EVP_PKEY *pkey)
 {
 	const BIGNUM *pk;
diff --git a/load_tpm2_key.c b/load_tpm2_key.c
index 5fe9e8f..add7fd4 100644
--- a/load_tpm2_key.c
+++ b/load_tpm2_key.c
@@ -57,14 +57,6 @@ usage(char *argv0)
 	exit(-1);
 }
 
-void
-openssl_print_errors()
-{
-	ERR_load_ERR_strings();
-	ERR_load_crypto_strings();
-	ERR_print_errors_fp(stderr);
-}
-
 int main(int argc, char **argv)
 {
 	char *filename;
diff --git a/seal_tpm2_data.c b/seal_tpm2_data.c
index 877eac0..cd74d1c 100644
--- a/seal_tpm2_data.c
+++ b/seal_tpm2_data.c
@@ -20,8 +20,6 @@
 #include "tpm2-asn.h"
 #include "tpm2-common.h"
 
-static TPM_ALG_ID name_alg = TPM_ALG_SHA256;
-
 static struct option long_options[] = {
 	{"auth", 0, 0, 'a'},
 	{"auth-parent", 1, 0, 'b'},
diff --git a/tpm2-common.c b/tpm2-common.c
index ef7008a..828ac9c 100644
--- a/tpm2-common.c
+++ b/tpm2-common.c
@@ -29,6 +29,9 @@
 #include "tpm2-asn.h"
 #include "tpm2-common.h"
 
+/* externally visible name algorithm (is only set once) */
+TPM_ALG_ID name_alg = TPM_ALG_SHA256;
+
 static struct {
 	const char *hash;
 	TPM_ALG_ID alg;
@@ -567,6 +570,42 @@ struct tpm2_ECC_Curves tpm2_supported_curves[] = {
 	{ .name = NULL, }
 };
 
+TPM_RC tpm2_ObjectPublic_GetName(NAME_2B *name,
+				 TPMT_PUBLIC *tpmtPublic)
+{
+	TPM_RC rc = 0;
+	uint16_t written = 0;
+	TPMT_HA digest;
+	uint32_t sizeInBytes;
+	uint8_t buffer[MAX_RESPONSE_SIZE];
+
+	/* marshal the TPMT_PUBLIC */
+	if (rc == 0) {
+		INT32 size = MAX_RESPONSE_SIZE;
+		uint8_t *buffer1 = buffer;
+		rc = TSS_TPMT_PUBLIC_Marshal(tpmtPublic, &written, &buffer1, &size);
+	}
+	/* hash the public area */
+	if (rc == 0) {
+		sizeInBytes = TSS_GetDigestSize(tpmtPublic->nameAlg);
+		digest.hashAlg = tpmtPublic->nameAlg;	/* Name digest algorithm */
+		/* generate the TPMT_HA */
+		rc = TSS_Hash_Generate(&digest,
+				       written, buffer,
+				       0, NULL);
+	}
+	if (rc == 0) {
+		/* copy the digest */
+		memcpy(name->name + sizeof(TPMI_ALG_HASH), (uint8_t *)&digest.digest, sizeInBytes);
+		/* copy the hash algorithm */
+		TPMI_ALG_HASH nameAlgNbo = htons(tpmtPublic->nameAlg);
+		memcpy(name->name, (uint8_t *)&nameAlgNbo, sizeof(TPMI_ALG_HASH));
+		/* set the size */
+		name->size = sizeInBytes + sizeof(TPMI_ALG_HASH);
+	}
+	return rc;
+}
+
 TPM_RC tpm2_load_srk(TSS_CONTEXT *tssContext, TPM_HANDLE *h, const char *auth,
 		     TPM2B_PUBLIC *pub, TPM_HANDLE hierarchy,
 		     enum tpm2_type type)
@@ -1329,6 +1368,32 @@ static int tpm2_engine_load_key_policy(struct app_data *app_data,
 	return 1;
 }
 
+static const EVP_MD *tpm2_md(TPM_ALG_ID alg)
+{
+	switch (alg) {
+	case TPM_ALG_SHA1:
+		return EVP_sha1();
+
+	case TPM_ALG_SHA256:
+		return EVP_sha256();
+
+	case TPM_ALG_SHA384:
+		return EVP_sha384();
+
+#ifdef TPM_ALG_SHA512
+	case TPM_ALG_SHA512:
+		return EVP_sha512();
+#endif
+#ifdef TPM_ALG_SM3_256
+	case TPM_ALG_SM3_256:
+		return EVP_sm3();
+#endif
+	default:
+		fprintf(stderr, "Unknown TPM hash algorithm 0x%x\n", alg);
+		exit(1);
+	}
+}
+
 int tpm2_load_engine_file(const char *filename, struct app_data **app_data,
 			  EVP_PKEY **ppkey, UI_METHOD *ui, void *cb_data,
 			  const char *srk_auth, int get_key_auth,
@@ -2066,31 +2131,7 @@ TPM_RC tpm2_pcr_lock_policy(TSS_CONTEXT *tssContext,
 	TPML_DIGEST pcr_digests;
 	EVP_MD_CTX *ctx = EVP_MD_CTX_create();
 
-	switch (digest->hashAlg) {
-	case TPM_ALG_SHA1:
-		EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
-		break;
-	case TPM_ALG_SHA256:
-		EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
-		break;
-	case TPM_ALG_SHA384:
-		EVP_DigestInit_ex(ctx, EVP_sha384(), NULL);
-		break;
-#ifdef TPM_ALG_SHA512
-	case TPM_ALG_SHA512:
-		EVP_DigestInit_ex(ctx, EVP_sha512(), NULL);
-		break;
-#endif
-#ifdef TPM_ALG_SM3_256
-	case TPM_ALG_SM3_256:
-		EVP_DigestInit_ex(ctx, EVP_sm3(), NULL);
-		break;
-#endif
-	default:
-		fprintf(stderr, "Unknown TPM hash algorithm 0x%x\n",
-			digest->hashAlg);
-		exit(1);
-	}
+	EVP_DigestInit_ex(ctx, tpm2_md(digest->hashAlg), NULL);
 
 	pcrread = *pcrs;
 
@@ -2146,6 +2187,183 @@ void tpm2_add_auth_policy(STACK_OF(TSSOPTPOLICY) *sk, TPMT_HA *digest)
 			  written, buf, 0, NULL);
 }
 
+EVP_PKEY *
+openssl_read_public_key(char *filename)
+{
+        BIO *b = NULL;
+	EVP_PKEY *pkey;
+
+        b = BIO_new_file(filename, "r");
+        if (b == NULL) {
+                fprintf(stderr, "Error opening file for read: %s\n", filename);
+                return NULL;
+        }
+
+        if ((pkey = PEM_read_bio_PUBKEY(b, NULL, NULL, NULL)) == NULL) {
+                fprintf(stderr, "Reading key %s from disk failed.\n", filename);
+                openssl_print_errors();
+        }
+	BIO_free(b);
+
+        return pkey;
+}
+
+void tpm2_public_template_rsa(TPMT_PUBLIC *pub)
+{
+	pub->type = TPM_ALG_RSA;
+	pub->nameAlg = name_alg;
+	/* note: all our keys are decrypt only.  This is because
+	 * we use the TPM2_RSA_Decrypt operation for both signing
+	 * and decryption (see e_tpm2.c for details) */
+	VAL(pub->objectAttributes) =
+		TPMA_OBJECT_DECRYPT |
+		TPMA_OBJECT_USERWITHAUTH;
+	VAL_2B(pub->authPolicy, size) = 0;
+	pub->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL;
+	pub->parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
+}
+
+void tpm2_public_template_ecc(TPMT_PUBLIC *pub, TPMI_ECC_CURVE curve)
+{
+	pub->type = TPM_ALG_ECC;
+	pub->nameAlg = name_alg;
+	/* note: all our keys are decrypt only.  This is because
+	 * we use the TPM2_RSA_Decrypt operation for both signing
+	 * and decryption (see e_tpm2.c for details) */
+	VAL(pub->objectAttributes) =
+		TPMA_OBJECT_SIGN |
+		TPMA_OBJECT_DECRYPT |
+		TPMA_OBJECT_USERWITHAUTH;
+	VAL_2B(pub->authPolicy, size) = 0;
+	pub->parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL;
+	pub->parameters.eccDetail.scheme.scheme = TPM_ALG_NULL;
+	pub->parameters.eccDetail.curveID = curve;
+	pub->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
+	VAL_2B(pub->unique.ecc.x, size) = 0;
+	VAL_2B(pub->unique.ecc.y, size) = 0;
+}
+
+TPM_RC openssl_to_tpm_public_ecc(TPMT_PUBLIC *pub, EVP_PKEY *pkey)
+{
+	EC_KEY *eck = EVP_PKEY_get1_EC_KEY(pkey);
+	const EC_GROUP *g = EC_KEY_get0_group(eck);
+	const EC_POINT *P;
+	TPMI_ECC_CURVE curve = tpm2_get_curve_name(g);
+	TPM_RC rc = TPM_RC_CURVE;
+	BN_CTX *ctx = NULL;
+	BIGNUM *x, *y;
+
+	if (curve == TPM_ECC_NONE) {
+		fprintf(stderr, "TPM does not support the curve in this EC key\n");
+		goto err;
+	}
+	tpm2_public_template_ecc(pub, curve);
+	P = EC_KEY_get0_public_key(eck);
+
+	if (!P) {
+		fprintf(stderr, "No public key available\n");
+		goto err;
+	}
+
+	ctx = BN_CTX_new();
+	if (!ctx) {
+		fprintf(stderr, "Unable to allocate context\n");
+		goto err;
+	}
+
+	BN_CTX_start(ctx);
+	x = BN_CTX_get(ctx);
+	y = BN_CTX_get(ctx);
+	if (!x || !y) {
+		fprintf(stderr, "Unable to allocate co-ordinates\n");
+		goto err;
+	}
+	if (!EC_POINT_get_affine_coordinates_GFp(g, P, x, y, ctx)) {
+		fprintf(stderr, "Unable to get public key co-ordinates\n");
+		goto err;
+	}
+
+	VAL_2B(pub->unique.ecc.x, size) =
+		BN_bn2bin(x, VAL_2B(pub->unique.ecc.x, buffer));
+	VAL_2B(pub->unique.ecc.y, size) =
+		BN_bn2bin(y, VAL_2B(pub->unique.ecc.y, buffer));
+
+	rc = TPM_RC_SUCCESS;
+
+ err:
+	if (ctx) {
+		BN_CTX_end(ctx);
+		BN_CTX_free(ctx);
+	}
+	EC_KEY_free(eck);
+
+	return rc;
+}
+
+TPM_RC openssl_to_tpm_public_rsa(TPMT_PUBLIC *pub, EVP_PKEY *pkey)
+{
+	RSA *rsa = EVP_PKEY_get1_RSA(pkey);
+	const BIGNUM *n, *e;
+	int size = RSA_size(rsa);
+	unsigned long exp;
+	TPM_RC rc = TPM_RC_KEY_SIZE;
+
+	if (size > MAX_RSA_KEY_BYTES)
+		goto err;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+	n = rsa->n;
+	e = rsa->e;
+#else
+	RSA_get0_key(rsa, &n, &e, NULL);
+#endif
+	exp = BN_get_word(e);
+	/* TPM limitations means exponents must be under a word in size */
+	if (exp == 0xffffffffL)
+		goto err;
+	tpm2_public_template_rsa(pub);
+	pub->parameters.rsaDetail.keyBits = size*8;
+	/* zero means standard exponent.  Some TPM chips will
+	 * reject a non standard exponent */
+	if (exp == 0x10001)
+		pub->parameters.rsaDetail.exponent = 0;
+	else
+		pub->parameters.rsaDetail.exponent = exp;
+
+	VAL_2B(pub->unique.rsa, size) =
+		BN_bn2bin(n, VAL_2B(pub->unique.rsa, buffer));
+
+	rc = 0;
+ err:
+	RSA_free(rsa);
+
+	return rc;
+}
+
+TPM_RC openssl_to_tpm_public(TPM2B_PUBLIC *pub, EVP_PKEY *pkey)
+{
+	TPMT_PUBLIC *tpub = &pub->publicArea;
+	pub->size = sizeof(*pub);
+
+	switch (EVP_PKEY_type(EVP_PKEY_id(pkey))) {
+	case EVP_PKEY_RSA:
+		return openssl_to_tpm_public_rsa(tpub, pkey);
+	case EVP_PKEY_EC:
+		return openssl_to_tpm_public_ecc(tpub, pkey);
+	default:
+		break;
+	}
+	return TPM_RC_ASYMMETRIC;
+}
+
+void
+openssl_print_errors()
+{
+	ERR_load_ERR_strings();
+	ERR_load_crypto_strings();
+	ERR_print_errors_fp(stderr);
+}
+
 IMPLEMENT_ASN1_FUNCTIONS(TSSOPTPOLICY)
 IMPLEMENT_ASN1_FUNCTIONS(TSSLOADABLE)
 IMPLEMENT_ASN1_FUNCTIONS(TSSPRIVKEY)
diff --git a/tpm2-common.h b/tpm2-common.h
index 6380901..75f7671 100644
--- a/tpm2-common.h
+++ b/tpm2-common.h
@@ -9,6 +9,8 @@
  * not a TPM error, so don't process the rc as one */
 #define NOT_TPM_ERROR (0xffffffff)
 
+extern TPM_ALG_ID name_alg;
+
 struct policy_command {
 	TPM_CC code;
 	INT32 size;
@@ -95,4 +97,12 @@ TPM_RC tpm2_pcr_lock_policy(TSS_CONTEXT *tssContext,
 			    STACK_OF(TSSOPTPOLICY) *sk,
 			    TPMT_HA *digest);
 void tpm2_add_auth_policy(STACK_OF(TSSOPTPOLICY) *sk, TPMT_HA *digest);
+EVP_PKEY *openssl_read_public_key(char *filename);
+void tpm2_public_template_rsa(TPMT_PUBLIC *pub);
+void tpm2_public_template_ecc(TPMT_PUBLIC *pub, TPMI_ECC_CURVE curve);
+TPM_RC openssl_to_tpm_public_ecc(TPMT_PUBLIC *pub, EVP_PKEY *pkey);
+TPM_RC openssl_to_tpm_public_rsa(TPMT_PUBLIC *pub, EVP_PKEY *pkey);
+TPM_RC openssl_to_tpm_public(TPM2B_PUBLIC *pub, EVP_PKEY *pkey);
+void openssl_print_errors();
+TPM_RC tpm2_ObjectPublic_GetName(NAME_2B *name,	 TPMT_PUBLIC *tpmtPublic);
 #endif
diff --git a/unseal_tpm2_data.c b/unseal_tpm2_data.c
index 38aaf9d..c8a3134 100644
--- a/unseal_tpm2_data.c
+++ b/unseal_tpm2_data.c
@@ -20,8 +20,6 @@
 #include "tpm2-asn.h"
 #include "tpm2-common.h"
 
-static TPM_ALG_ID name_alg = TPM_ALG_SHA256;
-
 static struct option long_options[] = {
 	{"auth-parent", 1, 0, 'b'},
 	{"help", 0, 0, 'h'},
author	James Bottomley <James.Bottomley@HansenPartnership.com>	2022-12-05 12:22:31 -0500
committer	James Bottomley <James.Bottomley@HansenPartnership.com>	2023-01-11 10:00:21 -0500
commit	d1baa7aefc9099815ee7487550c6462e6a7f55a0 (patch)
tree	e44c7a331920f86b94c746c6b993443c5a3bd433
parent	f0c9d175a33fea175f2e6b5bf237f82c6b75fdab (diff)
download	openssl_tpm2_engine-d1baa7aefc9099815ee7487550c6462e6a7f55a0.tar.gz