public static TPMKeyCore Create(CapabilityDataCore.TPMVersionCore version, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags,
TPMAuthDataUsage authDataUsage, TPMKeyParamsCore algorithmParams, TPMStorePubkeyCore pubkey, byte[] encdata)
{
TPMKeyCore key = new TPMKeyCore ();
key._keyUsage = keyUsage;
key._keyFlags = keyFlags;
key._authDataUsage = authDataUsage;
key._algorithmParams = algorithmParams;
if (version == null)
key._version = CapabilityDataCore.TPMVersionCore.CreateVersion12 ();
else
key._version = version;
if (pubkey == null)
key._pubKey = TPMStorePubkeyCore.CreateEmptyPubkey ();
else
key._pubKey = pubkey;
if (encdata == null)
key._encData = new byte[0];
else
key._encData = encdata;
return key;
}
public ClientKeyHandle CreateKey(string friendlyName, uint keyLength, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags)
{
Parameters paramsCreateWrapKey = new Parameters();
paramsCreateWrapKey.AddPrimitiveType("parent", KeyIdentifier);
paramsCreateWrapKey.AddPrimitiveType("key_usage", keyUsage);
paramsCreateWrapKey.AddPrimitiveType("key_flags", keyFlags);
paramsCreateWrapKey.AddPrimitiveType("key_length", keyLength);
paramsCreateWrapKey.AddPrimitiveType("exponent", new byte[0]);
paramsCreateWrapKey.AddPrimitiveType("num_primes", (uint)0);
if (keyUsage == TPMKeyUsage.TPM_KEY_SIGNING)
{
paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_NONE);
paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1);
}
else
{
paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_RSAESOAEP_SHA1_MGF1);
paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_NONE);
}
Parameters parameters = new Parameters();
parameters.AddPrimitiveType("identifierIsFriendlyName", true);
parameters.AddPrimitiveType("identifier", friendlyName);
ProtectedPasswordStorage authUsage = _tpmSession.RequestSecret(
new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters));
if (authUsage.Hashed == false)
{
authUsage.Hash();
}
authUsage.DecryptHash();
paramsCreateWrapKey.AddPrimitiveType("usage_auth", authUsage.HashValue);
ProtectedPasswordStorage authMigration = null;
if ((keyFlags & TPMKeyFlags.Migratable) == TPMKeyFlags.Migratable)
{
authMigration = _tpmSession.RequestSecret(
new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyMigrationSecret, parameters));
authMigration.DecryptHash();
paramsCreateWrapKey.AddPrimitiveType("migration_auth", authMigration.HashValue);
}
else
{
paramsCreateWrapKey.AddPrimitiveType("migration_auth", new byte[20]);
}
try
{
TPMCommandResponse responseCreateWrapKey =
BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_CreateWrapKey, paramsCreateWrapKey);
_tpmSession.Keystore.AddKey(
friendlyName,
responseCreateWrapKey.Parameters.GetValueOf <string>("key_identifier"),
this.FriendlyName,
responseCreateWrapKey.Parameters.GetValueOf <byte[]>("key_data"));
return(new ClientKeyHandle(friendlyName, responseCreateWrapKey.Parameters.GetValueOf <string>("key_identifier"), _tpmSession));
}
finally
{
if (authMigration != null)
{
authMigration.ClearHash();
}
if (authUsage != null)
{
authUsage.ClearHash();
}
}
}
public ClientKeyHandle CreateKey(string friendlyName, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags)
{
return(CreateKey(friendlyName, 2048, keyUsage, keyFlags));
}
public static TPMKeyCore Create(CapabilityDataCore.TPMVersionCore version, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags,
TPMAuthDataUsage authDataUsage, TPMKeyParamsCore algorithmParams, TPMStorePubkeyCore pubkey, byte[] encdata)
{
TPMKeyCore key = new TPMKeyCore();
key._keyUsage = keyUsage;
key._keyFlags = keyFlags;
key._authDataUsage = authDataUsage;
key._algorithmParams = algorithmParams;
if (version == null)
{
key._version = CapabilityDataCore.TPMVersionCore.CreateVersion12();
}
else
{
key._version = version;
}
if (pubkey == null)
{
key._pubKey = TPMStorePubkeyCore.CreateEmptyPubkey();
}
else
{
key._pubKey = pubkey;
}
if (encdata == null)
{
key._encData = new byte[0];
}
else
{
key._encData = encdata;
}
return(key);
}
public ClientKeyHandle CreateKey(string friendlyName, uint keyLength, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags)
{
Parameters paramsCreateWrapKey = new Parameters();
paramsCreateWrapKey.AddPrimitiveType("parent", KeyIdentifier);
paramsCreateWrapKey.AddPrimitiveType("key_usage", keyUsage);
paramsCreateWrapKey.AddPrimitiveType("key_flags", keyFlags);
paramsCreateWrapKey.AddPrimitiveType("key_length", keyLength);
paramsCreateWrapKey.AddPrimitiveType("exponent", new byte[0]);
paramsCreateWrapKey.AddPrimitiveType("num_primes", (uint)0);
if (keyUsage == TPMKeyUsage.TPM_KEY_SIGNING)
{
paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_NONE);
paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1);
}
else
{
paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_RSAESOAEP_SHA1_MGF1);
paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_NONE);
}
Parameters parameters = new Parameters();
parameters.AddPrimitiveType("identifierIsFriendlyName", true);
parameters.AddPrimitiveType("identifier", friendlyName);
ProtectedPasswordStorage authUsage = _tpmSession.RequestSecret(
new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters));
if(authUsage.Hashed == false)
authUsage.Hash();
authUsage.DecryptHash();
paramsCreateWrapKey.AddPrimitiveType("usage_auth", authUsage.HashValue);
ProtectedPasswordStorage authMigration = null;
if((keyFlags & TPMKeyFlags.Migratable) == TPMKeyFlags.Migratable)
{
authMigration = _tpmSession.RequestSecret(
new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyMigrationSecret, parameters));
authMigration.DecryptHash();
paramsCreateWrapKey.AddPrimitiveType("migration_auth", authMigration.HashValue);
}
else
paramsCreateWrapKey.AddPrimitiveType("migration_auth", new byte[20]);
try
{
TPMCommandResponse responseCreateWrapKey =
BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_CreateWrapKey, paramsCreateWrapKey);
_tpmSession.Keystore.AddKey(
friendlyName,
responseCreateWrapKey.Parameters.GetValueOf<string>("key_identifier"),
this.FriendlyName,
responseCreateWrapKey.Parameters.GetValueOf<byte[]>("key_data"));
return new ClientKeyHandle(friendlyName, responseCreateWrapKey.Parameters.GetValueOf<string>("key_identifier"), _tpmSession);
}
finally
{
if(authMigration != null)
authMigration.ClearHash();
if(authUsage != null)
authUsage.ClearHash();
}
}
public ClientKeyHandle CreateKey(string friendlyName, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags)
{
return CreateKey(friendlyName, 2048, keyUsage, keyFlags);
}
public override void Execute(string[] commandline)
{
if (commandline.Length < 2)
{
_console.Out.WriteLine("Error: [local_session_alias] not specified");
return;
}
else if (commandline.Length < 3)
{
_console.Out.WriteLine("Error: [command] not specified");
return;
}
ClientContext ctx = _console.GetValue <ClientContext> ("client_context", null);
if (ctx == null)
{
_console.Out.WriteLine("No active connection was found");
return;
}
string localAlias = commandline[1];
string keyCommand = commandline[2];
IDictionary <string, TPMSession> tpmSessions = _console.GetValue <IDictionary <string, TPMSession> > ("tpm_sessions", null);
if (tpmSessions == null || tpmSessions.ContainsKey(localAlias) == false)
{
_console.Out.WriteLine("Error: Specified local alias was not found");
return;
}
if (keyCommand == "keystore_open")
{
if (commandline.Length < 4)
{
_console.Out.WriteLine("Error: keystore_open requires some arguments, check help for further information");
return;
}
if (tpmSessions[localAlias].Keystore != null)
{
_console.Out.WriteLine("Error: There is already an open keystore!");
return;
}
string[] sArguments = commandline[3].Split(',');
IDictionary <string, string> arguments = _console.SplitArguments(commandline[3], 1);
TPMKeystoreProvider keystore = TPMKeystoreProviders.Create(sArguments[0], arguments);
tpmSessions[localAlias].Keystore = keystore;
}
else if (keyCommand == "keystore_close")
{
TPMKeystoreProvider keystore = tpmSessions[localAlias].Keystore;
if (keystore != null)
{
keystore.Dispose();
tpmSessions[localAlias].Keystore = keystore;
}
}
else if (keyCommand == "keystore_list")
{
TPMKeystoreProvider keystore = tpmSessions[localAlias].Keystore;
if (keystore == null)
{
_console.Out.WriteLine("Error: No keystore opened");
return;
}
_console.Out.WriteLine("The keystore contains #{0} keys", keystore.EnumerateFriendlyNames().Length);
_console.Out.WriteLine();
foreach (string friendlyName in keystore.EnumerateFriendlyNames())
{
string parent = "<SRK>";
KeyValuePair <string, string>?parentKey = keystore.FindParentKeyByFriendlyName(friendlyName);
if (parentKey != null)
{
parent = parentKey.Value.Key;
}
_console.Out.WriteLine("{0} ({1}) parent: {2}", friendlyName,
keystore.FriendlyNameToIdentifier(friendlyName), parent);
}
}
else if (keyCommand == "create")
{
if (tpmSessions[localAlias].Keystore == null)
{
_console.Out.WriteLine("Error: No keystore was opened");
return;
}
IDictionary <string, string> arguments = _console.SplitArguments(commandline[3], 0);
if (arguments.ContainsKey("name") == false)
{
_console.Out.WriteLine("Error: No name specified");
return;
}
if (arguments.ContainsKey("parent") == false)
{
_console.Out.WriteLine("Error: No parent key specified");
return;
}
ClientKeyHandle keyHandle;
if (arguments["parent"] == "srk")
{
keyHandle = tpmSessions[localAlias].KeyClient.GetSrkKeyHandle();
}
else
{
keyHandle = tpmSessions[localAlias].KeyClient.GetKeyHandleByFriendlyName(arguments["parent"]);
}
if (keyHandle == null)
{
_console.Out.WriteLine("Error: Key with name '{0}' not found", arguments["parent"]);
return;
}
if (arguments.ContainsKey("key_usage") == false)
{
_console.Out.WriteLine("Error: key_usage not defined");
return;
}
TPMKeyUsage keyUsage;
switch (arguments["key_usage"])
{
case "sign":
keyUsage = TPMKeyUsage.TPM_KEY_SIGNING;
break;
case "bind":
keyUsage = TPMKeyUsage.TPM_KEY_BIND;
break;
case "storage":
keyUsage = TPMKeyUsage.TPM_KEY_STORAGE;
break;
default:
_console.Out.WriteLine("Error: Invalid key_usage '{0}'", arguments["key_usage"]);
return;
}
if (arguments.ContainsKey("key_length") == false)
{
_console.Out.WriteLine("Error: key_length not defined!");
return;
}
uint keyLength = 0;
if (uint.TryParse(arguments["key_length"], out keyLength) == false)
{
_console.Out.WriteLine("Error: Could not parse key_length");
return;
}
TPMKeyFlags keyFlags = TPMKeyFlags.None;
if (arguments.ContainsKey("key_flags"))
{
switch (arguments["key_flags"])
{
case "none":
keyFlags = TPMKeyFlags.None;
break;
case "migratable":
keyFlags = TPMKeyFlags.Migratable;
break;
}
}
//Make sure that key usage auth and if required migration auth is in the secret cache
Parameters hmacParams = new Parameters();
hmacParams.AddPrimitiveType("identifierIsFriendlyName", true);
hmacParams.AddPrimitiveType("identifier", arguments["name"]);
ProtectedPasswordStorage usageAuth = tpmSessions[localAlias].RequestSecret(
new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, hmacParams));
if (usageAuth != null)
{
tpmSessions[localAlias].SetValue("secret_usage_" + arguments["name"], usageAuth);
}
if ((keyFlags & TPMKeyFlags.Migratable) == TPMKeyFlags.Migratable)
{
ProtectedPasswordStorage migrationAuth = tpmSessions[localAlias].RequestSecret(
new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyMigrationSecret, hmacParams));
if (migrationAuth != null)
{
tpmSessions[localAlias].SetValue("secret_migration_" + arguments["name"], migrationAuth);
}
}
/*ClientKeyHandle newKey =*/ keyHandle.CreateKey(arguments["name"], keyLength, keyUsage, keyFlags);
}
else
{
_console.Out.WriteLine("Error, unknown command '{0}'", commandline[2]);
}
}
