diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-07-21 00:53:29 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-07-21 00:53:32 +0200 |
commit | 443d50192733f4d85ba87f5622c08b54ba5b9fd7 (patch) | |
tree | ae06b8b5215d0d93dec44d5b4a35b2a6ef8e39bb | |
parent | 60d256bcfb174f3393a890c0dde761f49c5af619 (diff) | |
download | gnutls-443d50192733f4d85ba87f5622c08b54ba5b9fd7.tar.gz |
Increate the entropy of TPM when generating keys.
When generating a key in TPM provide it with some randomness
using Tspi_TPM_StirRandom(). Suggested by Carolin Latze.
-rw-r--r-- | lib/tpm.c | 27 |
1 files changed, 27 insertions, 0 deletions
@@ -1178,6 +1178,8 @@ TSS_HPOLICY key_policy; gnutls_pubkey_t pub; struct tpm_ctx_st s; TSS_FLAG storage_type; +TSS_HTPM htpm; +uint8_t buf[32]; if (flags & GNUTLS_TPM_KEY_SIGNING) tpm_flags |= TSS_KEY_TYPE_SIGNING; @@ -1205,6 +1207,31 @@ TSS_FLAG storage_type; ret = tpm_open_session(&s, srk_password); if (ret < 0) return gnutls_assert_val(ret); + + /* put some randomness into TPM. + * Let's not trust it completely. + */ + tssret = Tspi_Context_GetTpmObject(s.tpm_ctx, &htpm); + if (tssret != 0) + { + gnutls_assert(); + ret = tss_err(tssret); + goto err_cc; + } + + + ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf)); + if (ret < 0) + { + gnutls_assert(); + goto err_cc; + } + + tssret = Tspi_TPM_StirRandom(htpm, sizeof(buf), buf); + if (tssret) + { + gnutls_assert(); + } tssret = Tspi_Context_CreateObject(s.tpm_ctx, TSS_OBJECT_TYPE_RSAKEY, tpm_flags, &key_ctx); if (tssret != 0) |