public async Task <ISignatureUnion> SignAsync(
TpmHandle keyHandle,
byte[] digest,
ISigSchemeUnion inScheme,
TkHashcheck validation)
{
var inS = new Tpm2SignRequest(keyHandle, digest, inScheme, validation);
var resp = new Tpm2SignResponse();
await Task.Run(() => DispatchMethod(TpmCc.Sign, inS, resp, 1, 0));
return(resp.signature);
}
TkVerified SignApproval(Tpm2 tpm, byte[] approvedPolicy, byte[] policyRef,
TpmHandle hSigKey, ISigSchemeUnion scheme = null)
{
byte[] name, qname;
TpmPublic pub = tpm.ReadPublic(hSigKey, out name, out qname);
byte[] dataToSign = Globs.Concatenate(approvedPolicy, policyRef);
byte[] aHash = CryptoLib.HashData(pub.nameAlg, dataToSign);
// Create an authorization certificate for the "approvedPolicy"
var sig = tpm.Sign(hSigKey, aHash, scheme, new TkHashcheck());
return(tpm.VerifySignature(hSigKey, aHash, sig));
}
public async Task <ISignatureUnion> SignAsync(
TpmHandle keyHandle,
byte[] digest,
ISigSchemeUnion inScheme,
TkHashcheck validation)
{
var inS = new Tpm2SignRequest(keyHandle, digest, inScheme, validation);
TpmStructureBase outSBase = null;
await Task.Run(() => DispatchMethod(TpmCc.Sign, inS,
typeof(Tpm2SignResponse),
out outSBase, 1, 0));
var outS = (Tpm2SignResponse)outSBase;
return(outS.signature);
}
public static SchemeEcdaa PrepareEcdaaScheme(Tpm2 tpm, TpmHandle signKey,
ISigSchemeUnion scheme)
{
var schemeEcdaa = scheme as SchemeEcdaa;
if (schemeEcdaa != null)
{
byte[] name, qualName;
var keyPub = tpm.ReadPublic(signKey, out name, out qualName);
ushort counter = 0;
EccPoint l, E;
EccPoint PP = keyPub.unique as EccPoint;
tpm.Commit(signKey, PP, null, null, out l, out E, out counter);
schemeEcdaa.count = counter;
}
return(schemeEcdaa);
}
public Attest GetTime(
TpmHandle privacyAdminHandle,
TpmHandle signHandle,
byte[] qualifyingData,
ISigSchemeUnion inScheme,
[SuppressMessage("Microsoft.Design", "CA1021")]
out ISignatureUnion signature
)
{
Tpm2GetTimeRequest inS = new Tpm2GetTimeRequest();
inS.privacyAdminHandle = privacyAdminHandle;
inS.signHandle = signHandle;
inS.qualifyingData = qualifyingData;
inS.inScheme = inScheme;
TpmStructureBase outSBase;
DispatchMethod(TpmCc.GetTime, (TpmStructureBase) inS, typeof(Tpm2GetTimeResponse), out outSBase, 2, 0);
Tpm2GetTimeResponse outS = (Tpm2GetTimeResponse) outSBase;
signature = outS.signature;
return outS.timeInfo;
}
public Attest Quote(
TpmHandle signHandle,
byte[] qualifyingData,
ISigSchemeUnion inScheme,
PcrSelection[] PCRselect,
[SuppressMessage("Microsoft.Design", "CA1021")]
out ISignatureUnion signature
)
{
Tpm2QuoteRequest inS = new Tpm2QuoteRequest();
inS.signHandle = signHandle;
inS.qualifyingData = qualifyingData;
inS.inScheme = inScheme;
inS.PCRselect = PCRselect;
TpmStructureBase outSBase;
DispatchMethod(TpmCc.Quote, (TpmStructureBase) inS, typeof(Tpm2QuoteResponse), out outSBase, 1, 0);
Tpm2QuoteResponse outS = (Tpm2QuoteResponse) outSBase;
signature = outS.signature;
return outS.quoted;
}
public Attest CertifyCreation(
TpmHandle signHandle,
TpmHandle objectHandle,
byte[] qualifyingData,
byte[] creationHash,
ISigSchemeUnion inScheme,
TkCreation creationTicket,
[SuppressMessage("Microsoft.Design", "CA1021")]
out ISignatureUnion signature
)
{
Tpm2CertifyCreationRequest inS = new Tpm2CertifyCreationRequest();
inS.signHandle = signHandle;
inS.objectHandle = objectHandle;
inS.qualifyingData = qualifyingData;
inS.creationHash = creationHash;
inS.inScheme = inScheme;
inS.creationTicket = creationTicket;
TpmStructureBase outSBase;
DispatchMethod(TpmCc.CertifyCreation, (TpmStructureBase) inS, typeof(Tpm2CertifyCreationResponse), out outSBase, 2, 0);
Tpm2CertifyCreationResponse outS = (Tpm2CertifyCreationResponse) outSBase;
signature = outS.signature;
return outS.certifyInfo;
}
///<param name = "the_signHandle">handle of the key used to sign the attestation structure Auth Index: 1 Auth Role: USER</param>
///<param name = "the_authHandle">handle indicating the source of the authorization value for the NV Index Auth Index: 2 Auth Role: USER</param>
///<param name = "the_nvIndex">Index for the area to be certified Auth Index: None</param>
///<param name = "the_qualifyingData">user-provided qualifying data</param>
///<param name = "the_inScheme">signing scheme to use if the scheme for signHandle is TPM_ALG_NULL(One of SigSchemeRsassa, SigSchemeRsapss, SigSchemeEcdsa, SigSchemeEcdaa, SigSchemeSm2, SigSchemeEcschnorr, SchemeHmac, SchemeHash, NullSigScheme)</param>
///<param name = "the_size">number of octets to certify</param>
///<param name = "the_offset">octet offset into the area This value shall be less than or equal to the size of the nvIndex data.</param>
public Tpm2NvCertifyRequest(
TpmHandle the_signHandle,
TpmHandle the_authHandle,
TpmHandle the_nvIndex,
byte[] the_qualifyingData,
ISigSchemeUnion the_inScheme,
ushort the_size,
ushort the_offset
)
{
this.signHandle = the_signHandle;
this.authHandle = the_authHandle;
this.nvIndex = the_nvIndex;
this.qualifyingData = the_qualifyingData;
this.inScheme = the_inScheme;
this.size = the_size;
this.offset = the_offset;
}
///<param name = "the_keyHandle">Handle of key that will perform signing Auth Index: 1 Auth Role: USER</param>
///<param name = "the_digest">digest to be signed</param>
///<param name = "the_inScheme">signing scheme to use if the scheme for keyHandle is TPM_ALG_NULL(One of SigSchemeRsassa, SigSchemeRsapss, SigSchemeEcdsa, SigSchemeEcdaa, SigSchemeSm2, SigSchemeEcschnorr, SchemeHmac, SchemeHash, NullSigScheme)</param>
///<param name = "the_validation">proof that digest was created by the TPM If keyHandle is not a restricted signing key, then this may be a NULL Ticket with tag = TPM_ST_CHECKHASH.</param>
public Tpm2SignRequest(
TpmHandle the_keyHandle,
byte[] the_digest,
ISigSchemeUnion the_inScheme,
TkHashcheck the_validation
)
{
this.keyHandle = the_keyHandle;
this.digest = the_digest;
this.inScheme = the_inScheme;
this.validation = the_validation;
}
///<param name = "the_details">scheme parameters(One of SigSchemeRsassa, SigSchemeRsapss, SigSchemeEcdsa, SigSchemeEcdaa, SigSchemeSm2, SigSchemeEcschnorr, SchemeHmac, SchemeHash, NullSigScheme)</param>
public SigScheme(
ISigSchemeUnion the_details
)
{
this.details = the_details;
}
///<param name = "the_signHandle">handle of key that will perform signature Auth Index: 1 Auth Role: USER</param>
///<param name = "the_qualifyingData">data supplied by the caller</param>
///<param name = "the_inScheme">signing scheme to use if the scheme for signHandle is TPM_ALG_NULL(One of SigSchemeRsassa, SigSchemeRsapss, SigSchemeEcdsa, SigSchemeEcdaa, SigSchemeSm2, SigSchemeEcschnorr, SchemeHmac, SchemeHash, NullSigScheme)</param>
///<param name = "the_PCRselect">PCR set to quote</param>
public Tpm2QuoteRequest(
TpmHandle the_signHandle,
byte[] the_qualifyingData,
ISigSchemeUnion the_inScheme,
PcrSelection[] the_PCRselect
)
{
this.signHandle = the_signHandle;
this.qualifyingData = the_qualifyingData;
this.inScheme = the_inScheme;
this.PCRselect = the_PCRselect;
}
///<param name = "the_signHandle">handle of the key that will sign the attestation block Auth Index: 1 Auth Role: USER</param>
///<param name = "the_objectHandle">the object associated with the creation data Auth Index: None</param>
///<param name = "the_qualifyingData">user-provided qualifying data</param>
///<param name = "the_creationHash">hash of the creation data produced by TPM2_Create() or TPM2_CreatePrimary()</param>
///<param name = "the_inScheme">signing scheme to use if the scheme for signHandle is TPM_ALG_NULL(One of SigSchemeRsassa, SigSchemeRsapss, SigSchemeEcdsa, SigSchemeEcdaa, SigSchemeSm2, SigSchemeEcschnorr, SchemeHmac, SchemeHash, NullSigScheme)</param>
///<param name = "the_creationTicket">ticket produced by TPM2_Create() or TPM2_CreatePrimary()</param>
public Tpm2CertifyCreationRequest(
TpmHandle the_signHandle,
TpmHandle the_objectHandle,
byte[] the_qualifyingData,
byte[] the_creationHash,
ISigSchemeUnion the_inScheme,
TkCreation the_creationTicket
)
{
this.signHandle = the_signHandle;
this.objectHandle = the_objectHandle;
this.qualifyingData = the_qualifyingData;
this.creationHash = the_creationHash;
this.inScheme = the_inScheme;
this.creationTicket = the_creationTicket;
}
///<param name = "the_objectHandle">handle of the object to be certified Auth Index: 1 Auth Role: ADMIN</param>
///<param name = "the_signHandle">handle of the key used to sign the attestation structure Auth Index: 2 Auth Role: USER</param>
///<param name = "the_qualifyingData">user provided qualifying data</param>
///<param name = "the_inScheme">signing scheme to use if the scheme for signHandle is TPM_ALG_NULL(One of SigSchemeRsassa, SigSchemeRsapss, SigSchemeEcdsa, SigSchemeEcdaa, SigSchemeSm2, SigSchemeEcschnorr, SchemeHmac, SchemeHash, NullSigScheme)</param>
public Tpm2CertifyRequest(
TpmHandle the_objectHandle,
TpmHandle the_signHandle,
byte[] the_qualifyingData,
ISigSchemeUnion the_inScheme
)
{
this.objectHandle = the_objectHandle;
this.signHandle = the_signHandle;
this.qualifyingData = the_qualifyingData;
this.inScheme = the_inScheme;
}
public static TpmAlgId GetSchemeHash(ISigSchemeUnion scheme)
{
return(GetSchemeHash(scheme as IAsymSchemeUnion));
}
public ISignatureUnion Sign(
TpmHandle keyHandle,
byte[] digest,
ISigSchemeUnion inScheme,
TkHashcheck validation
)
{
Tpm2SignRequest inS = new Tpm2SignRequest();
inS.keyHandle = keyHandle;
inS.digest = digest;
inS.inScheme = inScheme;
inS.validation = validation;
TpmStructureBase outSBase;
DispatchMethod(TpmCc.Sign, (TpmStructureBase) inS, typeof(Tpm2SignResponse), out outSBase, 1, 0);
Tpm2SignResponse outS = (Tpm2SignResponse) outSBase;
return outS.signature;
}
public Attest NvCertify(
TpmHandle signHandle,
TpmHandle authHandle,
TpmHandle nvIndex,
byte[] qualifyingData,
ISigSchemeUnion inScheme,
ushort size,
ushort offset,
[SuppressMessage("Microsoft.Design", "CA1021")]
out ISignatureUnion signature
)
{
Tpm2NvCertifyRequest inS = new Tpm2NvCertifyRequest();
inS.signHandle = signHandle;
inS.authHandle = authHandle;
inS.nvIndex = nvIndex;
inS.qualifyingData = qualifyingData;
inS.inScheme = inScheme;
inS.size = size;
inS.offset = offset;
TpmStructureBase outSBase;
DispatchMethod(TpmCc.NvCertify, (TpmStructureBase) inS, typeof(Tpm2NvCertifyResponse), out outSBase, 3, 0);
Tpm2NvCertifyResponse outS = (Tpm2NvCertifyResponse) outSBase;
signature = outS.signature;
return outS.certifyInfo;
}
///<param name = "the_privacyHandle">handle of the privacy administrator (TPM_RH_ENDORSEMENT) Auth Index: 1 Auth Role: USER</param>
///<param name = "the_signHandle">the handle of the signing key Auth Index: 2 Auth Role: USER</param>
///<param name = "the_qualifyingData">other data to associate with this audit digest</param>
///<param name = "the_inScheme">signing scheme to use if the scheme for signHandle is TPM_ALG_NULL(One of SigSchemeRsassa, SigSchemeRsapss, SigSchemeEcdsa, SigSchemeEcdaa, SigSchemeSm2, SigSchemeEcschnorr, SchemeHmac, SchemeHash, NullSigScheme)</param>
public Tpm2GetCommandAuditDigestRequest(
TpmHandle the_privacyHandle,
TpmHandle the_signHandle,
byte[] the_qualifyingData,
ISigSchemeUnion the_inScheme
)
{
this.privacyHandle = the_privacyHandle;
this.signHandle = the_signHandle;
this.qualifyingData = the_qualifyingData;
this.inScheme = the_inScheme;
}
public async Task<ISignatureUnion> SignAsync(
TpmHandle keyHandle,
byte[] digest,
ISigSchemeUnion inScheme,
TkHashcheck validation)
{
var inS = new Tpm2SignRequest {
keyHandle = keyHandle,
digest = digest,
inScheme = inScheme,
validation = validation
};
TpmStructureBase outSBase = null;
await Task.Run(() => DispatchMethod(TpmCc.Sign, inS, typeof (Tpm2SignResponse), out outSBase, 1, 0));
var outS = (Tpm2SignResponse)outSBase;
return outS.signature;
}
///<param name = "the_privacyAdminHandle">handle of the privacy administrator (TPM_RH_ENDORSEMENT) Auth Index: 1 Auth Role: USER</param>
///<param name = "the_signHandle">the keyHandle identifier of a loaded key that can perform digital signatures Auth Index: 2 Auth Role: USER</param>
///<param name = "the_qualifyingData">data to tick stamp</param>
///<param name = "the_inScheme">signing scheme to use if the scheme for signHandle is TPM_ALG_NULL(One of SigSchemeRsassa, SigSchemeRsapss, SigSchemeEcdsa, SigSchemeEcdaa, SigSchemeSm2, SigSchemeEcschnorr, SchemeHmac, SchemeHash, NullSigScheme)</param>
public Tpm2GetTimeRequest(
TpmHandle the_privacyAdminHandle,
TpmHandle the_signHandle,
byte[] the_qualifyingData,
ISigSchemeUnion the_inScheme
)
{
this.privacyAdminHandle = the_privacyAdminHandle;
this.signHandle = the_signHandle;
this.qualifyingData = the_qualifyingData;
this.inScheme = the_inScheme;
}
