This class contains algorithms for wrapping and unwrapping TPM objects
Example #1
0
        /// <summary>
        /// Creates a Private area for this key so that it can be loaded into a TPM by
        /// TPM2_Load() if the target TPM already has the storage key 'parent' loaded.
        /// This function lets an application to create key hierarchies in software
        /// that can be loaded into a TPM once the parent has been TPM2_Import'ed.
        /// TPM2_Import() supports plaintext import. To get this sort of import blob,
        /// set 'parent' to null.
        /// </summary>
        /// <param name="parent"></param>
        /// <returns></returns>
        public TpmPrivate GetPrivate(TssObject parent)
        {
            SymDefObject symDef = GetSymDef(parent.Public);

            // Figure out how many bits we will need from the KDF
            byte[] parentSymSeed = parent.Sensitive.seedValue;
            Transform(parentSymSeed);
            byte[] iv = (symDef.Mode == TpmAlgId.Ecb) ? new byte[0]
                                : Globs.GetRandomBytes(SymCipher.GetBlockSize(symDef));

            // The encryption key is calculated with a KDF
            byte[] symKey = KDF.KDFa(parent.Public.nameAlg,
                                     parentSymSeed,
                                     "STORAGE",
                                     GetName(),
                                     new byte[0],
                                     symDef.KeyBits);

            Transform(symKey);

            byte[] newPrivate = KeyWrapper.CreatePrivateFromSensitive(
                symDef,
                symKey,
                iv,
                Sensitive,
                Public.nameAlg,
                Public.GetName(),
                parent.Public.nameAlg,
                parent.Sensitive.seedValue,
                TransformerCallback);
            Transform(newPrivate);
            return(new TpmPrivate(newPrivate));
        }
Example #2
0
        /// <summary>
        /// Creates a Private area for this key that will be loadable on a TPM though TPM2_Load() if the target TPM already has the parent
        /// storage key "parent" loaded.  This function lets applications create key-hierarchies in software that can be loaded into
        /// a TPM once the parent has been "TPM2_Import'ed."
        /// TPM2_Import() supports plaintext import.  To get this sort of import blob set intendedParent
        /// to null
        /// </summary>
        /// <param name="intendedParent"></param>
        /// <returns></returns>
        public TpmPrivate GetPrivate(TssObject intendedParent)
        {
            SymDefObject symDef = GetSymDef(intendedParent.publicPart);

            // Figure out how many bits we will need from the KDF
            byte[] parentSymValue = intendedParent.sensitivePart.seedValue;
            byte[] iv             = Globs.GetRandomBytes(SymmCipher.GetBlockSize(symDef));

            // The encryption key is calculated with a KDF
            byte[] symKey = KDF.KDFa(intendedParent.publicPart.nameAlg,
                                     parentSymValue,
                                     "STORAGE",
                                     GetName(),
                                     new byte[0],
                                     symDef.KeyBits);

            byte[] newPrivate = KeyWrapper.CreatePrivateFromSensitive(symDef,
                                                                      symKey,
                                                                      iv,
                                                                      sensitivePart,
                                                                      publicPart.nameAlg,
                                                                      publicPart.GetName(),
                                                                      intendedParent.publicPart.nameAlg,
                                                                      intendedParent.sensitivePart.seedValue);

            return(new TpmPrivate(newPrivate));
        }