public Tpm2CreateResponse()
{
outPrivate = new TpmPrivate();
outPublic = new TpmPublic();
creationData = new CreationData();
creationHash = new byte[0];
creationTicket = new TkCreation();
}
public TpmPrivate Import(
TpmHandle parentHandle,
byte[] encryptionKey,
TpmPublic objectPublic,
TpmPrivate duplicate,
byte[] inSymSeed,
SymDefObject symmetricAlg
)
{
Tpm2ImportRequest inS = new Tpm2ImportRequest();
inS.parentHandle = parentHandle;
inS.encryptionKey = encryptionKey;
inS.objectPublic = objectPublic;
inS.duplicate = duplicate;
inS.inSymSeed = inSymSeed;
inS.symmetricAlg = symmetricAlg;
TpmStructureBase outSBase;
DispatchMethod(TpmCc.Import, (TpmStructureBase) inS, typeof(Tpm2ImportResponse), out outSBase, 1, 0);
Tpm2ImportResponse outS = (Tpm2ImportResponse) outSBase;
return outS.outPrivate;
}
/// <summary>
/// De-envelope inner-wrapped duplication blob.
/// TODO: Move this to TpmPublic and make it fully general
/// </summary>
/// <param name="exportedPrivate"></param>
/// <param name="encAlg"></param>
/// <param name="encKey"></param>
/// <param name="nameAlg"></param>
/// <param name="name"></param>
/// <returns></returns>
public static Sensitive SensitiveFromDuplicateBlob(TpmPrivate exportedPrivate, SymDefObject encAlg, byte[] encKey, TpmAlgId nameAlg, byte[] name)
{
byte[] dupBlob = exportedPrivate.buffer;
byte[] sensNoLen;
using (SymmCipher c = Create(encAlg, encKey))
{
byte[] innerObject = c.Decrypt(dupBlob);
byte[] innerIntegrity, sensitive;
KDF.Split(innerObject,
16 + CryptoLib.DigestSize(nameAlg) * 8,
out innerIntegrity,
8 * (innerObject.Length - CryptoLib.DigestSize(nameAlg) - 2),
out sensitive);
byte[] expectedInnerIntegrity = Marshaller.ToTpm2B(CryptoLib.HashData(nameAlg, sensitive, name));
if (!Globs.ArraysAreEqual(expectedInnerIntegrity, innerIntegrity))
{
Globs.Throw("SensitiveFromDuplicateBlob: Bad inner integrity");
}
sensNoLen = Marshaller.Tpm2BToBuffer(sensitive);
}
var sens = Marshaller.FromTpmRepresentation<Sensitive>(sensNoLen);
return sens;
}
public TssObject(TssObject the_TssObject)
{
if((Object) the_TssObject == null ) throw new ArgumentException(Globs.GetResourceString("parmError"));
publicPart = the_TssObject.publicPart;
sensitivePart = the_TssObject.sensitivePart;
privatePart = the_TssObject.privatePart;
}
public TpmHandle Load(
TpmHandle parentHandle,
TpmPrivate inPrivate,
TpmPublic inPublic
)
{
Tpm2LoadRequest inS = new Tpm2LoadRequest();
inS.parentHandle = parentHandle;
inS.inPrivate = inPrivate;
inS.inPublic = inPublic;
TpmStructureBase outSBase;
DispatchMethod(TpmCc.Load, (TpmStructureBase) inS, typeof(Tpm2LoadResponse), out outSBase, 1, 1);
Tpm2LoadResponse outS = (Tpm2LoadResponse) outSBase;
return outS.objectHandle;
}
public Tpm2ImportResponse()
{
outPrivate = new TpmPrivate();
}
///<param name = "the_outPrivate">the sensitive area encrypted with the symmetric key of parentHandle</param>
public Tpm2ImportResponse(
TpmPrivate the_outPrivate
)
{
this.outPrivate = the_outPrivate;
}
public Tpm2DuplicateResponse()
{
encryptionKeyOut = new byte[0];
duplicate = new TpmPrivate();
outSymSeed = new byte[0];
}
public Tpm2DuplicateResponse(Tpm2DuplicateResponse the_Tpm2DuplicateResponse)
{
if((Object) the_Tpm2DuplicateResponse == null ) throw new ArgumentException(Globs.GetResourceString("parmError"));
encryptionKeyOut = the_Tpm2DuplicateResponse.encryptionKeyOut;
duplicate = the_Tpm2DuplicateResponse.duplicate;
outSymSeed = the_Tpm2DuplicateResponse.outSymSeed;
}
public Tpm2ObjectChangeAuthResponse()
{
outPrivate = new TpmPrivate();
}
///<param name = "the_outPrivate">private area containing the new authorization value</param>
public Tpm2ObjectChangeAuthResponse(
TpmPrivate the_outPrivate
)
{
this.outPrivate = the_outPrivate;
}
///<param name = "the_parentHandle">TPM handle of parent key; shall not be a reserved handle Auth Index: 1 Auth Role: USER</param>
///<param name = "the_inPrivate">the private portion of the object</param>
///<param name = "the_inPublic">the public portion of the object</param>
public Tpm2LoadRequest(
TpmHandle the_parentHandle,
TpmPrivate the_inPrivate,
TpmPublic the_inPublic
)
{
this.parentHandle = the_parentHandle;
this.inPrivate = the_inPrivate;
this.inPublic = the_inPublic;
}
public Tpm2LoadRequest()
{
parentHandle = new TpmHandle();
inPrivate = new TpmPrivate();
inPublic = new TpmPublic();
}
///<param name = "the_outPrivate">the private portion of the object</param>
///<param name = "the_outPublic">the public portion of the created object</param>
///<param name = "the_creationData">contains a TPMS_CREATION_DATA</param>
///<param name = "the_creationHash">digest of creationData using nameAlg of outPublic</param>
///<param name = "the_creationTicket">ticket used by TPM2_CertifyCreation() to validate that the creation data was produced by the TPM</param>
public Tpm2CreateResponse(
TpmPrivate the_outPrivate,
TpmPublic the_outPublic,
CreationData the_creationData,
byte[] the_creationHash,
TkCreation the_creationTicket
)
{
this.outPrivate = the_outPrivate;
this.outPublic = the_outPublic;
this.creationData = the_creationData;
this.creationHash = the_creationHash;
this.creationTicket = the_creationTicket;
}
public Tpm2ImportRequest()
{
parentHandle = new TpmHandle();
encryptionKey = new byte[0];
objectPublic = new TpmPublic();
duplicate = new TpmPrivate();
inSymSeed = new byte[0];
symmetricAlg = new SymDefObject();
}
///<param name = "the_encryptionKeyOut">If the caller provided an encryption key or if symmetricAlg was TPM_ALG_NULL, then this will be the Empty Buffer; otherwise, it shall contain the TPM-generated, symmetric encryption key for the inner wrapper.</param>
///<param name = "the_duplicate">private area that may be encrypted by encryptionKeyIn; and may be doubly encrypted</param>
///<param name = "the_outSymSeed">seed protected by the asymmetric algorithms of new parent (NP)</param>
public Tpm2DuplicateResponse(
byte[] the_encryptionKeyOut,
TpmPrivate the_duplicate,
byte[] the_outSymSeed
)
{
this.encryptionKeyOut = the_encryptionKeyOut;
this.duplicate = the_duplicate;
this.outSymSeed = the_outSymSeed;
}
///<param name = "the_parentHandle">the handle of the new parent for the object Auth Index: 1 Auth Role: USER</param>
///<param name = "the_encryptionKey">the optional symmetric encryption key used as the inner wrapper for duplicate If symmetricAlg is TPM_ALG_NULL, then this parameter shall be the Empty Buffer.</param>
///<param name = "the_objectPublic">the public area of the object to be imported This is provided so that the integrity value for duplicate and the object attributes can be checked. NOTE Even if the integrity value of the object is not checked on input, the object Name is required to create the integrity value for the imported object.</param>
///<param name = "the_duplicate">the symmetrically encrypted duplicate object that may contain an inner symmetric wrapper</param>
///<param name = "the_inSymSeed">symmetric key used to encrypt duplicate inSymSeed is encrypted/encoded using the algorithms of newParent.</param>
///<param name = "the_symmetricAlg">definition for the symmetric algorithm to use for the inner wrapper If this algorithm is TPM_ALG_NULL, no inner wrapper is present and encryptionKey shall be the Empty Buffer.</param>
public Tpm2ImportRequest(
TpmHandle the_parentHandle,
byte[] the_encryptionKey,
TpmPublic the_objectPublic,
TpmPrivate the_duplicate,
byte[] the_inSymSeed,
SymDefObject the_symmetricAlg
)
{
this.parentHandle = the_parentHandle;
this.encryptionKey = the_encryptionKey;
this.objectPublic = the_objectPublic;
this.duplicate = the_duplicate;
this.inSymSeed = the_inSymSeed;
this.symmetricAlg = the_symmetricAlg;
}
public Tpm2RewrapRequest()
{
oldParent = new TpmHandle();
newParent = new TpmHandle();
inDuplicate = new TpmPrivate();
name = new byte[0];
inSymSeed = new byte[0];
}
public Tpm2ImportResponse(Tpm2ImportResponse the_Tpm2ImportResponse)
{
if((Object) the_Tpm2ImportResponse == null ) throw new ArgumentException(Globs.GetResourceString("parmError"));
outPrivate = the_Tpm2ImportResponse.outPrivate;
}
public Tpm2RewrapRequest(Tpm2RewrapRequest the_Tpm2RewrapRequest)
{
if((Object) the_Tpm2RewrapRequest == null ) throw new ArgumentException(Globs.GetResourceString("parmError"));
oldParent = the_Tpm2RewrapRequest.oldParent;
newParent = the_Tpm2RewrapRequest.newParent;
inDuplicate = the_Tpm2RewrapRequest.inDuplicate;
name = the_Tpm2RewrapRequest.name;
inSymSeed = the_Tpm2RewrapRequest.inSymSeed;
}
public TssObject()
{
publicPart = new TpmPublic();
sensitivePart = new Sensitive();
privatePart = new TpmPrivate();
}
///<param name = "the_oldParent">parent of object Auth Index: 1 Auth Role: User</param>
///<param name = "the_newParent">new parent of the object Auth Index: None</param>
///<param name = "the_inDuplicate">an object encrypted using symmetric key derived from inSymSeed</param>
///<param name = "the_name">the Name of the object being rewrapped</param>
///<param name = "the_inSymSeed">seed for symmetric key needs oldParent private key to recover the seed and generate the symmetric key</param>
public Tpm2RewrapRequest(
TpmHandle the_oldParent,
TpmHandle the_newParent,
TpmPrivate the_inDuplicate,
byte[] the_name,
byte[] the_inSymSeed
)
{
this.oldParent = the_oldParent;
this.newParent = the_newParent;
this.inDuplicate = the_inDuplicate;
this.name = the_name;
this.inSymSeed = the_inSymSeed;
}
///<param name = "the_publicPart">Public part of key</param>
///<param name = "the_sensitivePart">Sensitive part of key</param>
///<param name = "the_privatePart">Private part is the encrypted sensitive part of key</param>
public TssObject(
TpmPublic the_publicPart,
Sensitive the_sensitivePart,
TpmPrivate the_privatePart
)
{
this.publicPart = the_publicPart;
this.sensitivePart = the_sensitivePart;
this.privatePart = the_privatePart;
}
public Tpm2RewrapResponse()
{
outDuplicate = new TpmPrivate();
outSymSeed = new byte[0];
}
public TpmPrivate Rewrap(
TpmHandle oldParent,
TpmHandle newParent,
TpmPrivate inDuplicate,
byte[] name,
byte[] inSymSeed,
[SuppressMessage("Microsoft.Design", "CA1021")]
out byte[] outSymSeed
)
{
Tpm2RewrapRequest inS = new Tpm2RewrapRequest();
inS.oldParent = oldParent;
inS.newParent = newParent;
inS.inDuplicate = inDuplicate;
inS.name = name;
inS.inSymSeed = inSymSeed;
TpmStructureBase outSBase;
DispatchMethod(TpmCc.Rewrap, (TpmStructureBase) inS, typeof(Tpm2RewrapResponse), out outSBase, 2, 0);
Tpm2RewrapResponse outS = (Tpm2RewrapResponse) outSBase;
outSymSeed = outS.outSymSeed;
return outS.outDuplicate;
}
public Tpm2RewrapResponse(Tpm2RewrapResponse the_Tpm2RewrapResponse)
{
if((Object) the_Tpm2RewrapResponse == null ) throw new ArgumentException(Globs.GetResourceString("parmError"));
outDuplicate = the_Tpm2RewrapResponse.outDuplicate;
outSymSeed = the_Tpm2RewrapResponse.outSymSeed;
}
public TpmPrivate(TpmPrivate the_TpmPrivate)
{
if((Object) the_TpmPrivate == null ) throw new ArgumentException(Globs.GetResourceString("parmError"));
buffer = the_TpmPrivate.buffer;
}
///<param name = "the_outDuplicate">an object encrypted using symmetric key derived from outSymSeed</param>
///<param name = "the_outSymSeed">seed for a symmetric key protected by newParent asymmetric key</param>
public Tpm2RewrapResponse(
TpmPrivate the_outDuplicate,
byte[] the_outSymSeed
)
{
this.outDuplicate = the_outDuplicate;
this.outSymSeed = the_outSymSeed;
}
public TssObject(TpmPublic thePublicPart, TpmPrivate thePrivatePart)
{
publicPart = thePublicPart;
privatePart = thePrivatePart;
}
///<param name = "the_objectHandle">handle of type TPM_HT_TRANSIENT for created object</param>
///<param name = "the_outPrivate">the sensitive area of the object (optional)</param>
///<param name = "the_outPublic">the public portion of the created object</param>
///<param name = "the_name">the name of the created object</param>
public Tpm2CreateLoadedResponse(
TpmHandle the_objectHandle,
TpmPrivate the_outPrivate,
TpmPublic the_outPublic,
byte[] the_name
)
{
this.objectHandle = the_objectHandle;
this.outPrivate = the_outPrivate;
this.outPublic = the_outPublic;
this.name = the_name;
}
