public static GetBlockSize ( |
||
symDef | ||
return | int |
/// <summary> /// Creates a Private area for this key that will be loadable on a TPM though TPM2_Load() if the target TPM already has the parent /// storage key "parent" loaded. This function lets applications create key-hierarchies in software that can be loaded into /// a TPM once the parent has been "TPM2_Import'ed." /// TPM2_Import() supports plaintext import. To get this sort of import blob set intendedParent /// to null /// </summary> /// <param name="intendedParent"></param> /// <returns></returns> public TpmPrivate GetPrivate(TssObject intendedParent) { SymDefObject symDef = GetSymDef(intendedParent.publicPart); // Figure out how many bits we will need from the KDF byte[] parentSymValue = intendedParent.sensitivePart.seedValue; byte[] iv = Globs.GetRandomBytes(SymmCipher.GetBlockSize(symDef)); // The encryption key is calculated with a KDF byte[] symKey = KDF.KDFa(intendedParent.publicPart.nameAlg, parentSymValue, "STORAGE", GetName(), new byte[0], symDef.KeyBits); byte[] newPrivate = KeyWrapper.CreatePrivateFromSensitive(symDef, symKey, iv, sensitivePart, publicPart.nameAlg, publicPart.GetName(), intendedParent.publicPart.nameAlg, intendedParent.sensitivePart.seedValue); return(new TpmPrivate(newPrivate)); }
internal byte[] ParmEncrypt(byte[] parm, Direction inOrOut) { if (Symmetric == null) { Globs.Throw("parameter encryption cipher not defined"); return(parm); } if (Symmetric.Algorithm == TpmAlgId.Null) { return(parm); } byte[] nonceNewer, nonceOlder; if (inOrOut == Direction.Command) { nonceNewer = NonceCaller; nonceOlder = NonceTpm; } else { nonceNewer = NonceTpm; nonceOlder = NonceCaller; } byte[] encKey = (AuthHandle != null && AuthHandle.Auth != null) ? SessionKey.Concat(Globs.TrimTrailingZeros(AuthHandle.Auth)).ToArray() : SessionKey; if (Symmetric.Algorithm == TpmAlgId.Xor) { return(CryptoLib.KdfThenXor(AuthHash, encKey, nonceNewer, nonceOlder, parm)); } int keySize = (Symmetric.KeyBits + 7) / 8, blockSize = SymmCipher.GetBlockSize(Symmetric), bytesRequired = keySize + blockSize; byte[] keyInfo = KDF.KDFa(AuthHash, encKey, "CFB", nonceNewer, nonceOlder, bytesRequired * 8); var key = new byte[keySize]; Array.Copy(keyInfo, 0, key, 0, keySize); var iv = new byte[blockSize]; Array.Copy(keyInfo, keySize, iv, 0, blockSize); // Make a new SymmCipher from the key and IV and do the encryption. using (SymmCipher s = SymmCipher.Create(Symmetric, key, iv)) { return(inOrOut == Direction.Command ? s.Encrypt(parm) : s.Decrypt(parm)); } }