summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2012-07-21 00:53:29 +0200
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2012-07-21 00:53:32 +0200
commit443d50192733f4d85ba87f5622c08b54ba5b9fd7 (patch)
treeae06b8b5215d0d93dec44d5b4a35b2a6ef8e39bb
parent60d256bcfb174f3393a890c0dde761f49c5af619 (diff)
downloadgnutls-443d50192733f4d85ba87f5622c08b54ba5b9fd7.tar.gz
Increate the entropy of TPM when generating keys.
When generating a key in TPM provide it with some randomness using Tspi_TPM_StirRandom(). Suggested by Carolin Latze.
Diffstat
-rw-r--r--lib/tpm.c27
1 files changed, 27 insertions, 0 deletions
diff --git a/lib/tpm.c b/lib/tpm.c
index c6d22d0bc5..2c00787e5d 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -1178,6 +1178,8 @@ TSS_HPOLICY key_policy;
gnutls_pubkey_t pub;
struct tpm_ctx_st s;
TSS_FLAG storage_type;
+TSS_HTPM htpm;
+uint8_t buf[32];
if (flags & GNUTLS_TPM_KEY_SIGNING)
tpm_flags |= TSS_KEY_TYPE_SIGNING;
@@ -1205,6 +1207,31 @@ TSS_FLAG storage_type;
ret = tpm_open_session(&s, srk_password);
if (ret < 0)
return gnutls_assert_val(ret);
+
+ /* put some randomness into TPM.
+ * Let's not trust it completely.
+ */
+ tssret = Tspi_Context_GetTpmObject(s.tpm_ctx, &htpm);
+ if (tssret != 0)
+ {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_cc;
+ }
+
+
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf));
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto err_cc;
+ }
+
+ tssret = Tspi_TPM_StirRandom(htpm, sizeof(buf), buf);
+ if (tssret)
+ {
+ gnutls_assert();
+ }
tssret = Tspi_Context_CreateObject(s.tpm_ctx, TSS_OBJECT_TYPE_RSAKEY, tpm_flags, &key_ctx);
if (tssret != 0)
View Lorry Controller Status