Exemple #1
0
        } // QuotePcrs()

        /// <summary>
        /// This sample demonstrates the creation and use of a storage root key that
        /// behaves like the Storage Root Key (SRK) defined in TPM1.2.
        /// To do this we need to create a new primary, and then use EvictControl
        /// to make it NV-resident.
        /// </summary>
        /// <param name="tpm">Reference to TPM object</param>
        static void StorageRootKey(Tpm2 tpm)
        {
            Console.WriteLine("\nStorageRootKey sample started.");

            //
            // This template asks the TPM to create an 2048 bit RSA storage key
            // with an associated AES key for symmetric protection of its child keys.
            // NOTE - The term SRK is not used in TPM 2.0 spec, but is widely used
            // in other documents.
            //
            var srkTemplate = new TpmPublic(TpmAlgId.Sha256,                               // Name algorithm
                                            ObjectAttr.Restricted |                        // Storage keys must be restricted
                                            ObjectAttr.Decrypt |                           // Storage keys are Decrypt keys
                                            ObjectAttr.FixedParent | ObjectAttr.FixedTPM | // Non-duplicable (like 1.2)
                                            ObjectAttr.UserWithAuth | ObjectAttr.SensitiveDataOrigin,
                                            null,                                          // No policy
                                            new RsaParms(new SymDefObject(TpmAlgId.Aes, 128, TpmAlgId.Cfb),
                                                         new NullAsymScheme(),             // No signing or decryption scheme
                                                         2048, 0),                         // 2048-bit RSA
                                            new Tpm2bPublicKeyRsa());

            AuthValue childAuthVal = AuthValue.FromRandom(8);
            TssObject swKey        = TssObject.Create(srkTemplate, childAuthVal);

            TpmPublic    srkPublic;
            CreationData srkCreationData;
            TkCreation   srkCreationTicket;

            byte[] srkCreationHash;

            //
            // Ask the TPM to create a new primary RSA/AES primary storage key
            //
            TpmHandle keyHandle = tpm.CreatePrimary(TpmRh.Owner,                     // In the owner-hierarchy
                                                    new SensitiveCreate(null, null), // Empty auth-value
                                                    srkTemplate,                     // Key template (params)
                                                    null,                            // For creation ticket
                                                    new PcrSelection[0],             // For creation ticket
                                                    out srkPublic,                   // Out pubKey and attrs
                                                    out srkCreationData,             // Not used here
                                                    out srkCreationHash,             // Ibid
                                                    out srkCreationTicket);          // Ibid

            //
            // print out text-versions of the public key just created
            //
            Console.WriteLine("New SRK public key\n" + srkPublic.ToString());

            //
            // The caller provides the handle for persistent keys
            //
            TpmHandle srkHandle = TpmHandle.Persistent(0x5000);

            //
            // Ae will make the "SRK" persistent in an NV-slot, so clean up anything
            // that is already there
            //
            tpm._AllowErrors()
            .EvictControl(TpmRh.Owner, srkHandle, srkHandle);
            if (tpm._LastCommandSucceeded())
            {
                Console.WriteLine("Removed previous persistent SRK.");
            }

            //
            // Make the SRK NV-resident
            //
            tpm.EvictControl(TpmRh.Owner, keyHandle, srkHandle);
            Console.WriteLine("SRK is persistent now.");
            Console.WriteLine("\nStorageRootKey sample finished.");
        } // StorageRootKey()
Exemple #2
0
        /// <summary>
        /// This sample demonstrates the creation and use of a storage root key that
        /// behaves like the Storage Root Key (SRK) defined in TPM1.2.
        /// To do this we need to create a new primary, and then use EvictControl
        /// to make it NV-resident.
        /// </summary>
        /// <param name="tpm">Reference to TPM object</param>
        static void StorageRootKey(Tpm2 tpm)
        {
            //
            // This template asks the TPM to create an 2048 bit RSA storage key
            // with an associated AES key for symmetric data protection.  The term
            // "SRKs" is not used in TPM2.0, but we use it here to
            // not
            //
            var srkTemplate = new TpmPublic(TpmAlgId.Sha1,                                 // Name algorithm
                                            ObjectAttr.Restricted |                        // Storage keys must be restricted
                                            ObjectAttr.Decrypt |                           // Storage keys are Decrypt keys
                                            ObjectAttr.FixedParent | ObjectAttr.FixedTPM | // Non-duplicable (like 1.2)
                                            ObjectAttr.UserWithAuth | ObjectAttr.SensitiveDataOrigin,
                                            new byte[0],                                   // No policy
                                            new RsaParms(new SymDefObject(TpmAlgId.Aes, 128, TpmAlgId.Cfb),
                                                         new NullAsymScheme(),             // No signature
                                                         2048, 0),                         // 2048-bit RSA
                                            new Tpm2bPublicKeyRsa());
            //
            // Authorization for the key we are about to create
            //
            var srkAuth = new byte[0];

            AuthValue childAuthVal = AuthValue.FromRandom(8);
            TssObject swKey        = TssObject.CreateStorageParent(srkTemplate, childAuthVal);

            TpmPublic    srkPublic;
            CreationData srkCreationData;
            TkCreation   srkCreationTicket;

            byte[] srkCreationHash;

            //
            // Ask the TPM to create a new primary RSA/AES primary storage key
            //
            TpmHandle keyHandle = tpm[_ownerAuth].CreatePrimary(
                TpmHandle.RhOwner,                          // In the owner-hierarchy
                new SensitiveCreate(srkAuth, new byte[0]),  // With this auth-value
                srkTemplate,                                // Describes key
                new byte[0],                                // For creation ticket
                new PcrSelection[0],                        // For creation ticket
                out srkPublic,                              // Out pubKey and attrs
                out srkCreationData,                        // Not used here
                out srkCreationHash,                        //      Ibid
                out srkCreationTicket);                     //      Ibid

            //
            // print out text-versions of the public key just created
            //
            Console.WriteLine("New SRK public key\n" + srkPublic.ToString());

            //
            // The caller provides the handle for persistent keys
            //
            TpmHandle srkHandle = TpmHandle.Persistent(0x5000);

            //
            // Ae will make the "SRK" persistent in an NV-slot, so clean up anything
            // that is already there
            //
            tpm[_ownerAuth]._AllowErrors().EvictControl(TpmHandle.RhOwner, srkHandle, srkHandle);
            TpmRc lastError = tpm._GetLastResponseCode();

            //
            // Make the SRK NV-resident
            //
            tpm[_ownerAuth].EvictControl(TpmHandle.RhOwner, keyHandle, srkHandle);

            Console.WriteLine("SRK is persistent now.");
        }