TPM2.0的相关资料较少,且多为英文版。晦涩难懂!分享一个通过CNG调用windows TPM的示例~
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include <windows.h>
#include <bcrypt.h>
#include <ncrypt.h>
int main(int argc, char argv[])
{
/CNG生成ECC密钥对并导出公钥/
SECURITY_STATUS status = ERROR_SUCCESS;
// 初始化 CNG 提供程序–打开存储提供设备TPM
NCRYPT_PROV_HANDLE providerHandle;
//MS_PLATFORM_CRYPTO_PROVIDER 标识 Microsoft 提供的 TPM 密钥存储提供程序
status=NCryptOpenStorageProvider(&providerHandle, MS_PLATFORM_CRYPTO_PROVIDER, 0);
if(status != ERROR_SUCCESS){
printf(“NCryptOpenStorageProvider err [%d]\n”,LINE);
return -1;
}
NCRYPT_KEY_HANDLE keyHandle;
// 创建持久化密钥对象 BCRYPT_ECDH_P256_ALGORITHM
status=NCryptCreatePersistedKey(providerHandle, &keyHandle, BCRYPT_ECDSA_P256_ALGORITHM,
L"MyECCKeyPair", 0, NCRYPT_OVERWRITE_KEY_FLAG);
if(status != ERROR_SUCCESS){
printf(“NCryptCreatePersistedKey err [%d]\n”,LINE);
NCryptFreeObject(keyHandle);
NCryptFreeObject(providerHandle);
return -1;
}
// 设置密钥参数 为 CNG 密钥存储对象的命名属性设置值
// 设置 允许私钥导出
/
DWORD exportPolicy = NCRYPT_ALLOW_EXPORT_FLAG;
status=NCryptSetProperty(keyHandle, NCRYPT_EXPORT_POLICY_PROPERTY, (PBYTE)&exportPolicy,sizeof(DWORD), NCRYPT_PERSIST_FLAG);
if(status != ERROR_SUCCESS){
printf(“NCryptSetProperty1 err\n”);
NCryptFreeObject(keyHandle);
NCryptFreeObject(providerHandle);
return -1;
}
*/
//设置密钥长度
DWORD keySize = 256;
status=NCryptSetProperty(keyHandle, NCRYPT_LENGTH_PROPERTY, (PBYTE)&keySize,
sizeof(DWORD), NCRYPT_PERSIST_FLAG);
if(status != ERROR_SUCCESS){
printf(“NCryptSetProperty2 err [%d]\n”,LINE);
NCryptFreeObject(keyHandle);
NCryptFreeObject(providerHandle);
return -1;
}
if(NCryptFinalizeKey(keyHandle, 0) !=ERROR_SUCCESS){
printf(“NCryptFinalizeKey err [%d]\n”,LINE);
NCryptFreeObject(keyHandle);
NCryptFreeObject(providerHandle);
return -1;
}
// 清理资源
NCryptFreeObject(keyHandle);
NCryptFreeObject(providerHandle);
return 0;
}