Add TPM 2.0 Key File support to 'seal-secret' and 'sign'

[lcp]

With '--key-format tpm2.0', 'seal-secret' outputs a sealed key in TPM 2.0 Key File format, and 'sign' prepends the new signed policy to the authPolicy sequence.

To seal a secret with a PCR policy against PCR 0,2,4,7:

$ pcr-oracle \ --key-format=tpm2.0 \ --input secret \ --output sealed-pcr.tpm \ seal-secret 0,2,4,7

To seal a secret for an authorized policy:

$ pcr-oracle \ --key-format=tpm2.0 \ --auth authorized.policy \ --input secret \ --output sealed-auth.tpm \ seal-secret

To sign the policy against PCR 0,2,4,7 for sealed-auth.tpm:

$ pcr-oracle \ --key-format=tpm2.0 \ --private-key policy-key.pem \ --input sealed-auth.tpm \ --output sealed-auth-signed.tpm \ sign 0,2,4,7

[okirch]

Thank you! I merged your patch, and added a bit of information to the manpage. I also added tpm2key.c to Makefile.in :-)

Please review my merge (as I did it on top of some other changes I already had sitting in my queue). I'd also appreciate if you could review the manpage and improve it where needed. An update to test-authorized.sh that lets me test both the old and the new key format would be super helpful!

[lcp]

Unsealing the new key format is not implemented in pcr-oracle yet. Will send another patch to add the unseal function and update test-authorized.sh.