Topics

[PATCH] Enable TPM parameter encryption for RSA encrypt/decrypt

Fredrik Ternerot <fredrik.ternerot@...>
 

Enable TPM parameter encryption for RSA private encrypt/decrypt to
protect sensitive data sent to and received from the TPM.

Signed-off-by: Fredrik Ternerot <fredrikt@...>
---
e_tpm2-rsa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/e_tpm2-rsa.c b/e_tpm2-rsa.c
index 50c2cac..35b865b 100644
--- a/e_tpm2-rsa.c
+++ b/e_tpm2-rsa.c
@@ -203,7 +203,7 @@ static int tpm2_rsa_priv_dec(int flen,
(COMMAND_PARAMETERS *)&in,
NULL,
TPM_CC_RSA_Decrypt,
- authHandle, auth, 0,
+ authHandle, auth, TPMA_SESSION_ENCRYPT,
TPM_RH_NULL, NULL, 0);
if (rc) {
tpm2_error(rc, "TPM2_RSA_Decrypt");
@@ -282,7 +282,7 @@ static int tpm2_rsa_priv_enc(int flen,
(COMMAND_PARAMETERS *)&in,
NULL,
TPM_CC_RSA_Decrypt,
- authHandle, auth, 0,
+ authHandle, auth, TPMA_SESSION_DECRYPT,
TPM_RH_NULL, NULL, 0);

if (rc) {
--
2.11.0