public static TPMKeyCore Create(CapabilityDataCore.TPMVersionCore version, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags,
TPMAuthDataUsage authDataUsage, TPMKeyParamsCore algorithmParams, TPMStorePubkeyCore pubkey, byte[] encdata)
{
TPMKeyCore key = new TPMKeyCore ();
key._keyUsage = keyUsage;
key._keyFlags = keyFlags;
key._authDataUsage = authDataUsage;
key._algorithmParams = algorithmParams;
if (version == null)
key._version = CapabilityDataCore.TPMVersionCore.CreateVersion12 ();
else
key._version = version;
if (pubkey == null)
key._pubKey = TPMStorePubkeyCore.CreateEmptyPubkey ();
else
key._pubKey = pubkey;
if (encdata == null)
key._encData = new byte[0];
else
key._encData = encdata;
return key;
}
public static TPMKeyCore Create(CapabilityDataCore.TPMVersionCore version, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags,
TPMAuthDataUsage authDataUsage, TPMKeyParamsCore algorithmParams, TPMStorePubkeyCore pubkey, byte[] encdata)
{
TPMKeyCore key = new TPMKeyCore();
key._keyUsage = keyUsage;
key._keyFlags = keyFlags;
key._authDataUsage = authDataUsage;
key._algorithmParams = algorithmParams;
if (version == null)
{
key._version = CapabilityDataCore.TPMVersionCore.CreateVersion12();
}
else
{
key._version = version;
}
if (pubkey == null)
{
key._pubKey = TPMStorePubkeyCore.CreateEmptyPubkey();
}
else
{
key._pubKey = pubkey;
}
if (encdata == null)
{
key._encData = new byte[0];
}
else
{
key._encData = encdata;
}
return(key);
}
public ClientKeyHandle CreateKey(string friendlyName, uint keyLength, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags)
{
Parameters paramsCreateWrapKey = new Parameters();
paramsCreateWrapKey.AddPrimitiveType("parent", KeyIdentifier);
paramsCreateWrapKey.AddPrimitiveType("key_usage", keyUsage);
paramsCreateWrapKey.AddPrimitiveType("key_flags", keyFlags);
paramsCreateWrapKey.AddPrimitiveType("key_length", keyLength);
paramsCreateWrapKey.AddPrimitiveType("exponent", new byte[0]);
paramsCreateWrapKey.AddPrimitiveType("num_primes", (uint)0);
if (keyUsage == TPMKeyUsage.TPM_KEY_SIGNING)
{
paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_NONE);
paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1);
}
else
{
paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_RSAESOAEP_SHA1_MGF1);
paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_NONE);
}
Parameters parameters = new Parameters();
parameters.AddPrimitiveType("identifierIsFriendlyName", true);
parameters.AddPrimitiveType("identifier", friendlyName);
ProtectedPasswordStorage authUsage = _tpmSession.RequestSecret(
new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters));
if (authUsage.Hashed == false)
{
authUsage.Hash();
}
authUsage.DecryptHash();
paramsCreateWrapKey.AddPrimitiveType("usage_auth", authUsage.HashValue);
ProtectedPasswordStorage authMigration = null;
if ((keyFlags & TPMKeyFlags.Migratable) == TPMKeyFlags.Migratable)
{
authMigration = _tpmSession.RequestSecret(
new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyMigrationSecret, parameters));
authMigration.DecryptHash();
paramsCreateWrapKey.AddPrimitiveType("migration_auth", authMigration.HashValue);
}
else
{
paramsCreateWrapKey.AddPrimitiveType("migration_auth", new byte[20]);
}
try
{
TPMCommandResponse responseCreateWrapKey =
BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_CreateWrapKey, paramsCreateWrapKey);
_tpmSession.Keystore.AddKey(
friendlyName,
responseCreateWrapKey.Parameters.GetValueOf <string>("key_identifier"),
this.FriendlyName,
responseCreateWrapKey.Parameters.GetValueOf <byte[]>("key_data"));
return(new ClientKeyHandle(friendlyName, responseCreateWrapKey.Parameters.GetValueOf <string>("key_identifier"), _tpmSession));
}
finally
{
if (authMigration != null)
{
authMigration.ClearHash();
}
if (authUsage != null)
{
authUsage.ClearHash();
}
}
}
public ClientKeyHandle CreateKey(string friendlyName, uint keyLength, TPMKeyUsage keyUsage)
{
return(CreateKey(friendlyName, keyLength, keyUsage, TPMKeyFlags.None));
}
public ClientKeyHandle CreateKey(string friendlyName, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags)
{
return(CreateKey(friendlyName, 2048, keyUsage, keyFlags));
}
public ClientKeyHandle CreateKey(string friendlyName, uint keyLength, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags)
{
Parameters paramsCreateWrapKey = new Parameters();
paramsCreateWrapKey.AddPrimitiveType("parent", KeyIdentifier);
paramsCreateWrapKey.AddPrimitiveType("key_usage", keyUsage);
paramsCreateWrapKey.AddPrimitiveType("key_flags", keyFlags);
paramsCreateWrapKey.AddPrimitiveType("key_length", keyLength);
paramsCreateWrapKey.AddPrimitiveType("exponent", new byte[0]);
paramsCreateWrapKey.AddPrimitiveType("num_primes", (uint)0);
if (keyUsage == TPMKeyUsage.TPM_KEY_SIGNING)
{
paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_NONE);
paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1);
}
else
{
paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_RSAESOAEP_SHA1_MGF1);
paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_NONE);
}
Parameters parameters = new Parameters();
parameters.AddPrimitiveType("identifierIsFriendlyName", true);
parameters.AddPrimitiveType("identifier", friendlyName);
ProtectedPasswordStorage authUsage = _tpmSession.RequestSecret(
new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters));
if(authUsage.Hashed == false)
authUsage.Hash();
authUsage.DecryptHash();
paramsCreateWrapKey.AddPrimitiveType("usage_auth", authUsage.HashValue);
ProtectedPasswordStorage authMigration = null;
if((keyFlags & TPMKeyFlags.Migratable) == TPMKeyFlags.Migratable)
{
authMigration = _tpmSession.RequestSecret(
new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyMigrationSecret, parameters));
authMigration.DecryptHash();
paramsCreateWrapKey.AddPrimitiveType("migration_auth", authMigration.HashValue);
}
else
paramsCreateWrapKey.AddPrimitiveType("migration_auth", new byte[20]);
try
{
TPMCommandResponse responseCreateWrapKey =
BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_CreateWrapKey, paramsCreateWrapKey);
_tpmSession.Keystore.AddKey(
friendlyName,
responseCreateWrapKey.Parameters.GetValueOf<string>("key_identifier"),
this.FriendlyName,
responseCreateWrapKey.Parameters.GetValueOf<byte[]>("key_data"));
return new ClientKeyHandle(friendlyName, responseCreateWrapKey.Parameters.GetValueOf<string>("key_identifier"), _tpmSession);
}
finally
{
if(authMigration != null)
authMigration.ClearHash();
if(authUsage != null)
authUsage.ClearHash();
}
}
public ClientKeyHandle CreateKey(string friendlyName, uint keyLength, TPMKeyUsage keyUsage)
{
return CreateKey(friendlyName, keyLength, keyUsage, TPMKeyFlags.None);
}
public ClientKeyHandle CreateKey(string friendlyName, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags)
{
return CreateKey(friendlyName, 2048, keyUsage, keyFlags);
}
