|
public static GetBlockSize ( |
||
| symDef | ||
| return | int | |
/// <summary>
/// Creates a Private area for this key that will be loadable on a TPM though TPM2_Load() if the target TPM already has the parent
/// storage key "parent" loaded. This function lets applications create key-hierarchies in software that can be loaded into
/// a TPM once the parent has been "TPM2_Import'ed."
/// TPM2_Import() supports plaintext import. To get this sort of import blob set intendedParent
/// to null
/// </summary>
/// <param name="intendedParent"></param>
/// <returns></returns>
public TpmPrivate GetPrivate(TssObject intendedParent)
{
SymDefObject symDef = GetSymDef(intendedParent.publicPart);
// Figure out how many bits we will need from the KDF
byte[] parentSymValue = intendedParent.sensitivePart.seedValue;
byte[] iv = Globs.GetRandomBytes(SymmCipher.GetBlockSize(symDef));
// The encryption key is calculated with a KDF
byte[] symKey = KDF.KDFa(intendedParent.publicPart.nameAlg,
parentSymValue,
"STORAGE",
GetName(),
new byte[0],
symDef.KeyBits);
byte[] newPrivate = KeyWrapper.CreatePrivateFromSensitive(symDef,
symKey,
iv,
sensitivePart,
publicPart.nameAlg,
publicPart.GetName(),
intendedParent.publicPart.nameAlg,
intendedParent.sensitivePart.seedValue);
return(new TpmPrivate(newPrivate));
}
internal byte[] ParmEncrypt(byte[] parm, Direction inOrOut)
{
if (Symmetric == null)
{
Globs.Throw("parameter encryption cipher not defined");
return(parm);
}
if (Symmetric.Algorithm == TpmAlgId.Null)
{
return(parm);
}
byte[] nonceNewer, nonceOlder;
if (inOrOut == Direction.Command)
{
nonceNewer = NonceCaller;
nonceOlder = NonceTpm;
}
else
{
nonceNewer = NonceTpm;
nonceOlder = NonceCaller;
}
byte[] encKey = (AuthHandle != null && AuthHandle.Auth != null)
? SessionKey.Concat(Globs.TrimTrailingZeros(AuthHandle.Auth)).ToArray()
: SessionKey;
if (Symmetric.Algorithm == TpmAlgId.Xor)
{
return(CryptoLib.KdfThenXor(AuthHash, encKey, nonceNewer, nonceOlder, parm));
}
int keySize = (Symmetric.KeyBits + 7) / 8,
blockSize = SymmCipher.GetBlockSize(Symmetric),
bytesRequired = keySize + blockSize;
byte[] keyInfo = KDF.KDFa(AuthHash, encKey, "CFB", nonceNewer, nonceOlder, bytesRequired * 8);
var key = new byte[keySize];
Array.Copy(keyInfo, 0, key, 0, keySize);
var iv = new byte[blockSize];
Array.Copy(keyInfo, keySize, iv, 0, blockSize);
// Make a new SymmCipher from the key and IV and do the encryption.
using (SymmCipher s = SymmCipher.Create(Symmetric, key, iv))
{
return(inOrOut == Direction.Command ? s.Encrypt(parm) : s.Decrypt(parm));
}
}
