Functions
TSS2_RC	Fapi_Sign (FAPI_CONTEXT context, char const keyPath, char const padding, uint8_t const digest, size_t digestSize, uint8_t *signature, size_t signatureSize, char publicKey, char certificate)

TSS2_RC	Fapi_Sign_Async (FAPI_CONTEXT context, char const keyPath, char const padding, uint8_t const digest, size_t digestSize)

TSS2_RC	Fapi_Sign_Finish (FAPI_CONTEXT context, uint8_t signature, size_t signatureSize, char publicKey, char certificate)

Detailed Description

FAPI functions to invoke Sign either as one-call or in an asynchronous manner.

Function Documentation

One-Call function for Fapi_Sign

Uses a key, identified by its path, to sign a digest and puts the result in a TPM2B bytestream.

Parameters

[in,out]	context	The FAPI_CONTEXT
[in]	keyPath	The path of the signature key
[in]	padding	A padding algorithm. Must be either "RSA_SSA" or "RSA_PSS" or NULL
[in]	digest	The digest to sign. Must be already hashed
[in]	digestSize	The size of the digest in bytes
[out]	signature	The signature
[out]	signatureSize	The size of signature in bytes. May be NULL
[out]	publicKey	The public key that can be used to verify signature in PEM format. May be NULL
[out]	certificate	The certificate associated with the signing key in PEM format. May be NULL

Return values

TSS2_RC_SUCCESS	if the function call was a success.
TSS2_FAPI_RC_BAD_REFERENCE	if context, keyPath, digest or signature is NULL.
TSS2_FAPI_RC_BAD_CONTEXT	if context corruption is detected.
TSS2_FAPI_RC_KEY_NOT_FOUND	if keyPath does not map to a FAPI key.
TSS2_FAPI_RC_BAD_KEY	if the object at keyPath is not a key, or is a key that is unsuitable for the requested operation.
TSS2_FAPI_RC_BAD_VALUE	if the digestSize is zero.
TSS2_FAPI_RC_BAD_SEQUENCE	if the context has an asynchronous operation already pending.
TSS2_FAPI_RC_IO_ERROR	if the data cannot be saved.
TSS2_FAPI_RC_MEMORY	if the FAPI cannot allocate enough memory for internal operations or return parameters.
TSS2_FAPI_RC_NO_TPM	if FAPI was initialized in no-TPM-mode via its config file.
TSS2_FAPI_RC_TRY_AGAIN	if an I/O operation is not finished yet and this function needs to be called again.
TSS2_FAPI_RC_PATH_NOT_FOUND	if a FAPI object path was not found during authorization.
TSS2_FAPI_RC_GENERAL_FAILURE	if an internal error occurred.
TSS2_FAPI_RC_AUTHORIZATION_UNKNOWN	if a required authorization callback is not set.
TSS2_FAPI_RC_AUTHORIZATION_FAILED	if the authorization attempt fails.
TSS2_FAPI_RC_POLICY_UNKNOWN	if policy search for a certain policy digest was not successful.
TSS2_ESYS_RC_*	possible error codes of ESAPI.
TSS2_FAPI_RC_NOT_PROVISIONED	FAPI was not provisioned.
TSS2_FAPI_RC_BAD_PATH	if the path is used in inappropriate context or contains illegal characters.

Asynchronous function for Fapi_Sign

Uses a key, identified by its path, to sign a digest and puts the result in a TPM2B bytestream.

Call Fapi_Sign_Finish to finish the execution of this command.

Parameters

[in,out]	context	The FAPI_CONTEXT
[in]	keyPath	The path of the signature key
[in]	padding	A padding algorithm. Must be either "RSA_SSA" or "RSA_PSS" or NULL
[in]	digest	The digest to sign. Must be already hashed
[in]	digestSize	The size of the digest in bytes

Return values

TSS2_RC_SUCCESS	if the function call was a success.
TSS2_FAPI_RC_BAD_REFERENCE	if context, keyPath or digest is NULL.
TSS2_FAPI_RC_BAD_CONTEXT	if context corruption is detected.
TSS2_FAPI_RC_KEY_NOT_FOUND	if keyPath does not map to a FAPI key.
TSS2_FAPI_RC_BAD_KEY	if the object at keyPath is not a key, or is a key that is unsuitable for the requested operation.
TSS2_FAPI_RC_BAD_VALUE	if the digestSize is zero.
TSS2_FAPI_RC_BAD_SEQUENCE	if the context has an asynchronous operation already pending.
TSS2_FAPI_RC_IO_ERROR	if the data cannot be saved.
TSS2_FAPI_RC_MEMORY	if the FAPI cannot allocate enough memory for internal operations or return parameters.
TSS2_FAPI_RC_NO_TPM	if FAPI was initialized in no-TPM-mode via its config file.

Asynchronous finish function for Fapi_Sign

This function should be called after a previous Fapi_Sign_Async.

Parameters

[in,out]	context	The FAPI_CONTEXT
[out]	signature	The signature
[out]	signatureSize	The size of signature in bytes. May be NULL
[out]	publicKey	The public key that can be used to verify signature in PEM format. May be NULL
[out]	certificate	The certificate associated with the signing key in PEM format. May be NULL

Return values

TSS2_RC_SUCCESS	if the function call was a success.
TSS2_FAPI_RC_BAD_REFERENCE	if context or signature is NULL.
TSS2_FAPI_RC_BAD_CONTEXT	if context corruption is detected.
TSS2_FAPI_RC_BAD_SEQUENCE	if the context has an asynchronous operation already pending.
TSS2_FAPI_RC_IO_ERROR	if the data cannot be saved.
TSS2_FAPI_RC_MEMORY	if the FAPI cannot allocate enough memory for internal operations or return parameters.
TSS2_FAPI_RC_TRY_AGAIN	if the asynchronous operation is not yet complete. Call this function again later.
TSS2_FAPI_RC_PATH_NOT_FOUND	if a FAPI object path was not found during authorization.
TSS2_FAPI_RC_KEY_NOT_FOUND	if a key was not found.
TSS2_FAPI_RC_BAD_VALUE	if an invalid value was passed into the function.
TSS2_FAPI_RC_GENERAL_FAILURE	if an internal error occurred.
TSS2_FAPI_RC_AUTHORIZATION_UNKNOWN	if a required authorization callback is not set.
TSS2_FAPI_RC_AUTHORIZATION_FAILED	if the authorization attempt fails.
TSS2_FAPI_RC_POLICY_UNKNOWN	if policy search for a certain policy digest was not successful.
TSS2_ESYS_RC_*	possible error codes of ESAPI.
TSS2_FAPI_RC_NOT_PROVISIONED	FAPI was not provisioned.
TSS2_FAPI_RC_BAD_PATH	if the path is used in inappropriate context or contains illegal characters.