.TH "iesys_crypto" 3 "Fri Oct 7 2022" "Version 3.2.0" "tpm2-tss" \" -*- nroff -*- .ad l .nh .SH NAME iesys_crypto .SH SYNOPSIS .br .PP .SS "Functions" .in +1c .ti -1c .RI "TSS2_RC \fBiesys_crypto_hash_get_digest_size\fP (TPM2_ALG_ID hashAlg, size_t *size)" .br .ti -1c .RI "TSS2_RC \fBiesys_cryptossl_hash_start\fP (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP **context, TPM2_ALG_ID hashAlg)" .br .ti -1c .RI "TSS2_RC \fBiesys_cryptossl_hash_update\fP (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP *context, const uint8_t *buffer, size_t size)" .br .ti -1c .RI "TSS2_RC \fBiesys_cryptossl_hash_update2b\fP (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP *context, TPM2B *b)" .br .ti -1c .RI "TSS2_RC \fBiesys_cryptossl_hash_finish\fP (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP **context, uint8_t *buffer, size_t *size)" .br .ti -1c .RI "TSS2_RC \fBiesys_cryptossl_hash_finish2b\fP (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP **context, TPM2B *b)" .br .ti -1c .RI "TSS2_RC \fBiesys_cryptossl_hmac_start\fP (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP **context, TPM2_ALG_ID hashAlg, const uint8_t *key, size_t size)" .br .ti -1c .RI "TSS2_RC \fBiesys_cryptossl_hmac_start2b\fP (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP **context, TPM2_ALG_ID hmacAlg, TPM2B *b)" .br .ti -1c .RI "TSS2_RC \fBiesys_cryptossl_hmac_update\fP (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP *context, const uint8_t *buffer, size_t size)" .br .ti -1c .RI "TSS2_RC \fBiesys_cryptossl_hmac_update2b\fP (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP *context, TPM2B *b)" .br .ti -1c .RI "TSS2_RC \fBiesys_cryptossl_hmac_finish\fP (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP **context, uint8_t *buffer, size_t *size)" .br .ti -1c .RI "TSS2_RC \fBiesys_cryptossl_hmac_finish2b\fP (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP **context, TPM2B *hmac)" .br .ti -1c .RI "void \fBiesys_cryptossl_hmac_abort\fP (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP **context)" .br .ti -1c .RI "TSS2_RC \fBiesys_crypto_pHash\fP (TPM2_ALG_ID alg, const uint8_t rcBuffer[4], const uint8_t ccBuffer[4], const TPM2B_NAME *name1, const TPM2B_NAME *name2, const TPM2B_NAME *name3, const uint8_t *pBuffer, size_t pBuffer_size, uint8_t *pHash, size_t *pHash_size)" .br .ti -1c .RI "TSS2_RC \fBiesys_crypto_authHmac\fP (TPM2_ALG_ID alg, uint8_t *hmacKey, size_t hmacKeySize, const uint8_t *pHash, size_t pHash_size, const TPM2B_NONCE *nonceNewer, const TPM2B_NONCE *nonceOlder, const TPM2B_NONCE *nonceDecrypt, const TPM2B_NONCE *nonceEncrypt, TPMA_SESSION sessionAttributes, TPM2B_AUTH *hmac)" .br .ti -1c .RI "TSS2_RC \fBiesys_cryptossl_random2b\fP (TPM2B_NONCE *nonce, size_t num_bytes)" .br .ti -1c .RI "TSS2_RC \fBiesys_cryptossl_pk_encrypt\fP (TPM2B_PUBLIC *pub_tpm_key, size_t in_size, BYTE *in_buffer, size_t max_out_size, BYTE *out_buffer, size_t *out_size, const char *label)" .br .ti -1c .RI "TSS2_RC \fBiesys_crypto_KDFaHmac\fP (TPM2_ALG_ID alg, uint8_t *hmacKey, size_t hmacKeySize, uint32_t counter, const char *label, TPM2B_NONCE *contextU, TPM2B_NONCE *contextV, uint32_t bitlength, uint8_t *hmac, size_t *hmacSize)" .br .ti -1c .RI "TSS2_RC \fBiesys_crypto_KDFa\fP (TPM2_ALG_ID hashAlg, uint8_t *hmacKey, size_t hmacKeySize, const char *label, TPM2B_NONCE *contextU, TPM2B_NONCE *contextV, uint32_t bitLength, uint32_t *counterInOut, BYTE *outKey, BOOL use_digest_size)" .br .ti -1c .RI "TSS2_RC \fBiesys_crypto_KDFe\fP (TPM2_ALG_ID hashAlg, TPM2B_ECC_PARAMETER *Z, const char *label, TPM2B_ECC_PARAMETER *partyUInfo, TPM2B_ECC_PARAMETER *partyVInfo, UINT32 bit_size, BYTE *key)" .br .ti -1c .RI "TSS2_RC \fBiesys_xor_parameter_obfuscation\fP (TPM2_ALG_ID hash_alg, uint8_t *key, size_t key_size, TPM2B_NONCE *contextU, TPM2B_NONCE *contextV, BYTE *data, size_t data_size)" .br .ti -1c .RI "TSS2_RC \fBiesys_cryptossl_get_ecdh_point\fP (TPM2B_PUBLIC *key, size_t max_out_size, TPM2B_ECC_PARAMETER *Z, TPMS_ECC_POINT *Q, BYTE *out_buffer, size_t *out_size)" .br .in -1c .SH "Detailed Description" .PP The types and functions used internally by ESAPI for cryptographic operations\&. Multiple implementations of these functions may exist for different cryptographic backends\&. .SH "Function Documentation" .PP .SS "TSS2_RC iesys_crypto_authHmac (TPM2_ALG_ID alg, uint8_t * hmacKey, size_t hmacKeySize, const uint8_t * pHash, size_t pHash_size, const TPM2B_NONCE * nonceNewer, const TPM2B_NONCE * nonceOlder, const TPM2B_NONCE * nonceDecrypt, const TPM2B_NONCE * nonceEncrypt, TPMA_SESSION sessionAttributes, TPM2B_AUTH * hmac)" Compute the HMAC for authorization\&. .PP Based on the session nonces, caller nonce, TPM nonce, if used encryption and decryption nonce, the command parameter hash, and the session attributes the HMAC used for authorization is computed\&. .PP \fBParameters:\fP .RS 4 \fIalg\fP The hash algorithm used for HMAC computation\&. .br \fIhmacKey\fP The HMAC key byte buffer\&. .br \fIhmacKeySize\fP The size of the HMAC key byte buffer\&. .br \fIpHash\fP The command parameter hash byte buffer\&. .br \fIpHash_size\fP The size of the command parameter hash byte buffer\&. .br \fInonceNewer\fP The TPM nonce\&. .br \fInonceOlder\fP The caller nonce\&. .br \fInonceDecrypt\fP The decrypt nonce (NULL if not used)\&. .br \fInonceEncrypt\fP The encrypt nonce (NULL if not used)\&. .br \fIsessionAttributes\fP The attributes used for the current authentication\&. .br \fIhmac\fP The computed HMAC\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP If a pointer is invalid\&. .RE .PP .SS "TSS2_RC iesys_crypto_hash_get_digest_size (TPM2_ALG_ID hashAlg, size_t * size)" Provide the digest size for a given hash algorithm\&. .PP This function provides the size of the digest for a given hash algorithm\&. .PP \fBParameters:\fP .RS 4 \fIhashAlg\fP The hash algorithm to get the size for\&. .br \fIsize\fP The side of a digest of the hash algorithm\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success\&. .br \fITSS2_ESYS_RC_BAD_VALUE\fP if hashAlg is unknown or unsupported\&. .RE .PP .SS "TSS2_RC iesys_crypto_KDFa (TPM2_ALG_ID hashAlg, uint8_t * hmacKey, size_t hmacKeySize, const char * label, TPM2B_NONCE * contextU, TPM2B_NONCE * contextV, uint32_t bitLength, uint32_t * counterInOut, BYTE * outKey, BOOL use_digest_size)" KDFa Key derivation\&. .PP Except of ECDH this function is used for key derivation\&. .PP \fBParameters:\fP .RS 4 \fIhashAlg\fP The hash algorithm to use\&. .br \fIhmacKey\fP The hmacKey used in KDFa\&. .br \fIhmacKeySize\fP The size of the HMAC key\&. .br \fIlabel\fP Indicates the use of the produced key\&. .br \fIcontextU,contextV\fP are used for construction of a binary string containing information related to the derived key\&. .br \fIbitLength\fP The size of generated key in bits\&. .br \fIcounterInOut\fP Counter for the KDFa iterations\&. If set, the value will be used for the firt iteration step\&. The final counter value will be written to counterInOut\&. .br \fIoutKey\fP Byte buffer for the derived key (caller-allocated)\&. .br \fIuse_digest_size\fP Indicate whether the digest size of hashAlg is used as size of the generated key or the bitLength parameter is used\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success\&. .br \fITSS2_ESYS_RC_BAD_VALUE\fP if hashAlg is unknown or unsupported\&. .RE .PP .SS "TSS2_RC iesys_crypto_KDFaHmac (TPM2_ALG_ID alg, uint8_t * hmacKey, size_t hmacKeySize, uint32_t counter, const char * label, TPM2B_NONCE * contextU, TPM2B_NONCE * contextV, uint32_t bitlength, uint8_t * hmac, size_t * hmacSize)" HMAC computation for inner loop of KDFa key derivation\&. .PP Except of ECDH this function is used for key derivation\&. .PP \fBParameters:\fP .RS 4 \fIalg\fP The algorithm used for the HMAC\&. .br \fIhmacKey\fP The hmacKey used in KDFa\&. .br \fIhmacKeySize\fP The size of the HMAC key\&. .br \fIcounter\fP The curren iteration step\&. .br \fIlabel\fP Indicates the use of the produced key\&. .br \fIcontextU,contextV\fP are used for construction of a binary string containing information related to the derived key\&. .br \fIbitlength\fP The size of the generated key in bits\&. .br \fIhmac\fP Byte buffer for the generated HMAC key (caller-allocated)\&. .br \fIhmacSize\fP Size of the generated HMAC key\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success\&. .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP for invalid parameters\&. .RE .PP .SS "TSS2_RC iesys_crypto_KDFe (TPM2_ALG_ID hashAlg, TPM2B_ECC_PARAMETER * Z, const char * label, TPM2B_ECC_PARAMETER * partyUInfo, TPM2B_ECC_PARAMETER * partyVInfo, UINT32 bit_size, BYTE * key)" Compute KDFe as described in TPM spec part 1 C 6\&.1 .PP \fBParameters:\fP .RS 4 \fIhashAlg\fP [in] The nameAlg of the recipient key\&. .br \fIZ\fP [in] the x coordinate (xP) of the product (P) of a public point and a private key\&. .br \fIlabel\fP [in] KDF label\&. .br \fIpartyUInfo\fP [in] The x-coordinate of the secret exchange value (Qe,U)\&. .br \fIpartyVInfo\fP [in] The x-coordinate of a public key (Qs,V)\&. .br \fIbit_size\fP [in] Bit size of generated key\&. .br \fIkey\fP [out] Key buffer\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP for invalid parameters .br \fITSS2_ESYS_RC_MEMORY\fP Memory cannot be allocated\&. .RE .PP .SS "TSS2_RC iesys_crypto_pHash (TPM2_ALG_ID alg, const uint8_t rcBuffer[4], const uint8_t ccBuffer[4], const TPM2B_NAME * name1, const TPM2B_NAME * name2, const TPM2B_NAME * name3, const uint8_t * pBuffer, size_t pBuffer_size, uint8_t * pHash, size_t * pHash_size)" Compute the command or response parameter hash\&. .PP These hashes are needed for the computation of the HMAC used for the authorization of commands, or for the HMAC used for checking the responses\&. The name parameters are only used for the command parameter hash (cp) and must be NULL for the computation of the response parameter rp hash (rp)\&. .PP \fBParameters:\fP .RS 4 \fIalg\fP The hash algorithm\&. .br \fIrcBuffer\fP The response code in marshaled form\&. .br \fIccBuffer\fP The command code in marshaled form\&. .br \fIname1,name2,name3\fP The names associated with the corresponding handle\&. Must be NULL if no handle is passed\&. .br \fIpBuffer\fP The byte buffer or the command or the response\&. .br \fIpBuffer_size\fP The size of the command or response\&. .br \fIpHash\fP The result digest\&. .br \fIpHash_size\fP The size of the result digest\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success\&. .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP for invalid parameters\&. .RE .PP .SS "TSS2_RC iesys_cryptossl_get_ecdh_point (TPM2B_PUBLIC * key, size_t max_out_size, TPM2B_ECC_PARAMETER * Z, TPMS_ECC_POINT * Q, BYTE * out_buffer, size_t * out_size)" Computation of ephemeral ECC key and shared secret Z\&. .PP According to the description in TPM spec part 1 C 6\&.1 a shared secret between application and TPM is computed (ECDH)\&. An ephemeral ECC key and a TPM keyare used for the ECDH key exchange\&. .PP \fBParameters:\fP .RS 4 \fIkey\fP The key to be used for ECDH key exchange\&. .br \fImax_out_size\fP the max size for the output of the public key of the computed ephemeral key\&. .br \fIZ\fP The computed shared secret\&. .br \fIQ\fP The public part of the ephemeral key in TPM format\&. .br \fIout_buffer\fP The public part of the ephemeral key will be marshaled to this buffer\&. .br \fIout_size\fP The size of the marshaled output\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success .br \fITSS2_ESYS_RC_BAD_VALUE\fP The algorithm of key is not implemented\&. .br \fITSS2_ESYS_RC_GENERAL_FAILURE\fP The internal crypto engine failed\&. .RE .PP .SS "TSS2_RC iesys_cryptossl_hash_finish (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP ** context, uint8_t * buffer, size_t * size)" Get the digest value of a digest object and close the context\&. .PP The digest value will written to a passed buffer and the resources of the digest object are released\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP The context of the digest object to be released .br \fIbuffer\fP The buffer for the digest value (caller-allocated)\&. .br \fIsize\fP The size of the digest\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success\&. .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP for invalid parameters\&. .br \fITSS2_ESYS_RC_GENERAL_FAILURE\fP for errors of the crypto library\&. .RE .PP .SS "TSS2_RC iesys_cryptossl_hash_finish2b (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP ** context, TPM2B * b)" void iesys_cryptossl_hash_abort(IESYS_CRYPTO_CONTEXT_BLOB **context) .SS "TSS2_RC iesys_cryptossl_hash_start (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP ** context, TPM2_ALG_ID hashAlg)" Provide the context for the computation of a hash digest\&. .PP The context will be created and initialized according to the hash function\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP The created context (callee-allocated)\&. .br \fIhashAlg\fP The hash algorithm for the creation of the context\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success\&. .br \fITSS2_ESYS_RC_BAD_VALUE\fP or TSS2_ESYS_RC_BAD_REFERENCE for invalid parameters\&. .br \fITSS2_ESYS_RC_MEMORY\fP Memory cannot be allocated\&. .br \fITSS2_ESYS_RC_GENERAL_FAILURE\fP for errors of the crypto library\&. .RE .PP .SS "TSS2_RC iesys_cryptossl_hash_update (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP * context, const uint8_t * buffer, size_t size)" Update the digest value of a digest object from a byte buffer\&. .PP The context of a digest object will be updated according to the hash algorithm of the context\&. < .PP \fBParameters:\fP .RS 4 \fIcontext\fP The context of the digest object which will be updated\&. .br \fIbuffer\fP The data for the update\&. .br \fIsize\fP The size of the data buffer\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success\&. .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP for invalid parameters\&. .RE .PP .SS "TSS2_RC iesys_cryptossl_hash_update2b (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP * context, TPM2B * b)" Update the digest value of a digest object from a TPM2B object\&. .PP The context of a digest object will be updated according to the hash algorithm of the context\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP The context of the digest object which will be updated\&. .br \fIb\fP The TPM2B object for the update\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success\&. .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP for invalid parameters\&. .RE .PP .SS "void iesys_cryptossl_hmac_abort (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP ** context)" Release the resources of an HAMC object\&. .PP The assigned resources will be released and the context will be set to NULL\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP The context of the HMAC object\&. .RE .PP .SS "TSS2_RC iesys_cryptossl_hmac_finish (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP ** context, uint8_t * buffer, size_t * size)" Write the HMAC digest value to a byte buffer and close the context\&. .PP The digest value will written to a passed buffer and the resources of the HMAC object are released\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP The context of the HMAC object\&. .br \fIbuffer\fP The buffer for the digest value (caller-allocated)\&. .br \fIsize\fP The size of the digest\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success\&. .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP for invalid parameters\&. .br \fITSS2_ESYS_RC_BAD_SIZE\fP If the size passed is lower than the HMAC length\&. .br \fITSS2_ESYS_RC_GENERAL_FAILURE\fP for errors of the crypto library\&. .RE .PP .SS "TSS2_RC iesys_cryptossl_hmac_finish2b (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP ** context, TPM2B * hmac)" Write the HMAC digest value to a TPM2B object and close the context\&. .PP The digest value will written to a passed TPM2B object and the resources of the HMAC object are released\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP The context of the HMAC object\&. .br \fIhmac\fP The buffer for the digest value (caller-allocated)\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success\&. .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP for invalid parameters\&. .br \fITSS2_ESYS_RC_BAD_SIZE\fP if the size passed is lower than the HMAC length\&. .br \fITSS2_ESYS_RC_GENERAL_FAILURE\fP for errors of the crypto library\&. .RE .PP .SS "TSS2_RC iesys_cryptossl_hmac_start (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP ** context, TPM2_ALG_ID hashAlg, const uint8_t * key, size_t size)" Provide the context an HMAC digest object from a byte buffer key\&. .PP The context will be created and initialized according to the hash function and the used HMAC key\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP The created context (callee-allocated)\&. .br \fIhashAlg\fP The hash algorithm for the HMAC computation\&. .br \fIkey\fP The byte buffer of the HMAC key\&. .br \fIsize\fP The size of the HMAC key\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success\&. .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP for invalid parameters\&. .br \fITSS2_ESYS_RC_MEMORY\fP Memory cannot be allocated\&. .br \fITSS2_ESYS_RC_GENERAL_FAILURE\fP for errors of the crypto library\&. .RE .PP .SS "TSS2_RC iesys_cryptossl_hmac_update (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP * context, const uint8_t * buffer, size_t size)" Update and HMAC digest value from a byte buffer\&. .PP The context of a digest object will be updated according to the hash algorithm and the key of the context\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP The context of the digest object which will be updated\&. .br \fIbuffer\fP The data for the update\&. .br \fIsize\fP The size of the data buffer\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success\&. .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP for invalid parameters\&. .RE .PP .SS "TSS2_RC iesys_cryptossl_hmac_update2b (\fBIESYS_CRYPTO_CONTEXT_BLOB\fP * context, TPM2B * b)" Update and HMAC digest value from a TPM2B object\&. .PP The context of a digest object will be updated according to the hash algorithm and the key of the context\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP The context of the digest object which will be updated\&. .br \fIb\fP The TPM2B object for the update\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success\&. .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP for invalid parameters\&. .RE .PP .SS "TSS2_RC iesys_cryptossl_pk_encrypt (TPM2B_PUBLIC * pub_tpm_key, size_t in_size, BYTE * in_buffer, size_t max_out_size, BYTE * out_buffer, size_t * out_size, const char * label)" Encryption of a buffer using a public (RSA) key\&. .PP Encrypting a buffer using a public key is used for example during Esys_StartAuthSession in order to encrypt the salt value\&. .PP \fBParameters:\fP .RS 4 \fIpub_tpm_key\fP The key to be used for encryption\&. .br \fIin_size\fP The size of the buffer to be encrypted\&. .br \fIin_buffer\fP The data buffer to be encrypted\&. .br \fImax_out_size\fP The maximum size for the output encrypted buffer\&. .br \fIout_buffer\fP The encrypted buffer\&. .br \fIout_size\fP The size of the encrypted output\&. .br \fIlabel\fP The label used in the encryption scheme\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success .br \fITSS2_ESYS_RC_BAD_VALUE\fP The algorithm of key is not implemented\&. .br \fITSS2_ESYS_RC_GENERAL_FAILURE\fP The internal crypto engine failed\&. .RE .PP .SS "TSS2_RC iesys_cryptossl_random2b (TPM2B_NONCE * nonce, size_t num_bytes)" Compute random TPM2B data\&. .PP The random data will be generated and written to a passed TPM2B structure\&. .PP \fBParameters:\fP .RS 4 \fInonce\fP The TPM2B structure for the random data (caller-allocated)\&. .br \fInum_bytes\fP The number of bytes to be generated\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success\&. .RE .PP NOTE: the TPM should not be used to obtain the random data .SS "TSS2_RC iesys_xor_parameter_obfuscation (TPM2_ALG_ID hash_alg, uint8_t * key, size_t key_size, TPM2B_NONCE * contextU, TPM2B_NONCE * contextV, BYTE * data, size_t data_size)" Encryption/Decryption using XOR obfuscation\&. .PP The application of this function to data encrypted with this function will produce the origin data\&. The key for XOR obfuscation will be derived with KDFa form the passed key the session nonces, and the hash algorithm\&. .PP \fBParameters:\fP .RS 4 \fIhash_alg\fP The algorithm used for key derivation\&. .br \fIkey\fP key used for obfuscation .br \fIkey_size\fP Key size in bits\&. .br \fIcontextU,contextV\fP are used for construction of a binary string containing information related to the derived key\&. .br \fIdata\fP Data to be encrypted/decrypted the result will be will be stored in this buffer\&. .br \fIdata_size\fP size of data to be encrypted/decrypted\&. .RE .PP \fBReturn values:\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success, or TSS2_ESYS_RC_BAD_VALUE and .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP for invalid parameters\&. .RE .PP .SH "Author" .PP Generated automatically by Doxygen for tpm2-tss from the source code\&.