1 files changed, 21 insertions, 1 deletions

diff --git a/lib/privkey.c b/lib/privkey.c
index 7b983b145d..0b774430c1 100644
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -35,6 +35,7 @@
 #include <fips.h>
 #include <system-keys.h>
 #include "urls.h"
+#include "tpm2.h"
 #include "pkcs11_int.h"
 #include <abstract_int.h>
 
@@ -265,6 +266,14 @@ _gnutls_privkey_get_mpis(gnutls_privkey_t key, gnutls_pk_params_st * params)
 		}
 #endif
 	default:
+		if (key->key.ext.pk_params_func) {
+			ret = key->key.ext.pk_params_func(key,
+							  key->key.ext.userdata,
+							  params);
+			if (ret < 0)
+				return gnutls_assert_val(ret);
+			return ret;
+		}
 		gnutls_assert();
 		return GNUTLS_E_INVALID_REQUEST;
 	}
@@ -1658,7 +1667,7 @@ gnutls_privkey_decrypt_data2(gnutls_privkey_t key,
  * #gnutls_privkey_t type. 
  *
  * The supported formats are basic unencrypted key, PKCS8, PKCS12, 
- * and the openssl format.
+ * TSS2, and the openssl format.
  *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
@@ -1673,6 +1682,17 @@ int gnutls_privkey_import_x509_raw(gnutls_privkey_t pkey,
 	gnutls_x509_privkey_t xpriv;
 	int ret;
 
+#ifdef HAVE_TSS2
+	if (format == GNUTLS_X509_FMT_PEM &&
+	    memmem(data->data, data->size, "--BEGIN TSS2", 12) != NULL) {
+		ret = _gnutls_load_tpm2_key(pkey, data);
+		if (ret < 0)
+			return gnutls_assert_val(ret);
+
+		return 0;
+	}
+#endif
+
 	ret = gnutls_x509_privkey_init(&xpriv);
 	if (ret < 0)
 		return gnutls_assert_val(ret);