Esempio n. 1
0
        /// <summary>
        /// Create a new asymmetric key based on the parameters in keyParms. The resulting key data is returned in structures
        /// suitable for incorporation in a TPMT_PUBLIC and TPMS_SENSITIVE
        /// </summary>
        /// <param name="keyParms"></param>
        /// <param name="publicParms"></param>
        /// <returns></returns>
        internal static ISensitiveCompositeUnion CreateSensitiveComposite(TpmPublic keyParms, out IPublicIdUnion publicParms)
        {
            TpmAlgId keyAlgId = keyParms.type;
            ISensitiveCompositeUnion newSens;

            // Create the asymmetric key
            if (keyAlgId != TpmAlgId.Rsa)
            {
                Globs.Throw <ArgumentException>("Algorithm not supported");
            }

            var newKeyPair = new RawRsa((keyParms.parameters as RsaParms).keyBits);

            // Put the key bits into the required structure envelopes
            newSens     = new Tpm2bPrivateKeyRsa(newKeyPair.Private);
            publicParms = new Tpm2bPublicKeyRsa(newKeyPair.Public);
            return(newSens);
        }
        /// <summary>
        /// Create a new random software key (public and private) matching the parameters in keyParams.
        /// </summary>
        /// <param name="keyParams"></param>
        /// <returns></returns>
        public AsymCryptoSystem(TpmPublic keyParams)
        {
            TpmAlgId keyAlgId = keyParams.type;

            PublicParms = keyParams.Copy();

            switch (keyAlgId)
            {
            case TpmAlgId.Rsa:
            {
                var rsaParams = keyParams.parameters as RsaParms;
                AsymmetricKeyAlgorithmProvider RsaProvider = AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithmNames.RsaOaepSha256);
                Key = RsaProvider.CreateKeyPair(rsaParams.keyBits);
                IBuffer keyBlobBuffer = Key.ExportPublicKey(CryptographicPublicKeyBlobType.BCryptPublicKey);
                byte[]  blob;
                CryptographicBuffer.CopyToByteArray(keyBlobBuffer, out blob);
                var m       = new Marshaller(blob, DataRepresentation.LittleEndian);
                var header  = m.Get <BCryptRsaKeyBlob>();
                var modulus = m.GetArray <byte>((int)header.cbModulus);
                var pubId   = new Tpm2bPublicKeyRsa(modulus);
                PublicParms.unique = pubId;
                break;
            }

            case TpmAlgId.Ecc:
            {
                var eccParms = keyParams.parameters as EccParms;
                var alg      = RawEccKey.GetEccAlg(keyParams);
                if (alg == null)
                {
                    Globs.Throw <ArgumentException>("Unknown ECC curve");
                    return;
                }
                AsymmetricKeyAlgorithmProvider EccProvider = AsymmetricKeyAlgorithmProvider.OpenAlgorithm(alg);
                Key = EccProvider.CreateKeyPair((uint)RawEccKey.GetKeyLength(eccParms.curveID));
                break;
            }

            default:
                Globs.Throw <ArgumentException>("Algorithm not supported");
                break;
            }
        }
Esempio n. 3
0
        CreateSensitiveComposite(TpmPublic pub,
                                 ref byte[] keyData,
                                 out IPublicIdUnion publicId)
        {
            ISensitiveCompositeUnion newSens = null;

            publicId = null;

            if (pub.type == TpmAlgId.Rsa)
            {
                if (keyData != null)
                {
                    Globs.Throw <ArgumentException>("Cannot specify key data for an RSA key");
                    return(null);
                }

                var newKeyPair = new RawRsa((pub.parameters as RsaParms).keyBits);

                // Put the key bits into the required structure envelopes
                newSens  = new Tpm2bPrivateKeyRsa(newKeyPair.Private);
                publicId = new Tpm2bPublicKeyRsa(newKeyPair.Public);
            }
            else if (pub.type == TpmAlgId.Symcipher)
            {
                var symDef = (SymDefObject)pub.parameters;
                if (symDef.Algorithm != TpmAlgId.Aes)
                {
                    Globs.Throw <ArgumentException>("Unsupported symmetric algorithm");
                    return(null);
                }

                int keySize = (symDef.KeyBits + 7) / 8;
                if (keyData == null)
                {
                    keyData = Globs.GetRandomBytes(keySize);
                }
                else if (keyData.Length != keySize)
                {
                    keyData = Globs.CopyData(keyData);
                }
                else
                {
                    Globs.Throw <ArgumentException>("Wrong symmetric key length");
                    return(null);
                }
                newSens = new Tpm2bSymKey(keyData);
            }
            else if (pub.type == TpmAlgId.Keyedhash)
            {
                var      scheme  = (pub.parameters as KeyedhashParms).scheme;
                TpmAlgId hashAlg = scheme is SchemeHash ? (scheme as SchemeHash).hashAlg
                                 : scheme is SchemeXor  ? (scheme as SchemeXor).hashAlg
                                                        : pub.nameAlg;
                var digestSize = CryptoLib.DigestSize(hashAlg);

                if (keyData == null)
                {
                    keyData = Globs.GetRandomBytes(digestSize);
                }
                else if (keyData.Length <= CryptoLib.BlockSize(hashAlg))
                {
                    keyData = Globs.CopyData(keyData);
                }
                else
                {
                    Globs.Throw <ArgumentException>("HMAC key is too big");
                    return(null);
                }
                newSens = new Tpm2bSensitiveData(keyData);
            }
            else
            {
                Globs.Throw <ArgumentException>("Unsupported key type");
            }

            return(newSens);
        }
Esempio n. 4
0
        /// <summary>
        /// Create a new random software key (public and private) matching the parameters in keyParams.
        /// </summary>
        /// <param name="keyParams"></param>
        /// <returns></returns>
        public AsymCryptoSystem(TpmPublic keyParams)
        {
            TpmAlgId keyAlgId = keyParams.type;

            PublicParms = keyParams.Copy();

            switch (keyAlgId)
            {
            case TpmAlgId.Rsa:
            {
                var rsaParams = keyParams.parameters as RsaParms;
#if TSS_USE_BCRYPT
                Key = Generate(Native.BCRYPT_RSA_ALGORITHM, rsaParams.keyBits);
                if (Key == UIntPtr.Zero)
                {
                    Globs.Throw("Failed to generate RSA key");
                    return;
                }
                byte[] blob   = Export(Native.BCRYPT_RSAPUBLIC_BLOB);
                var    m      = new Marshaller(blob, DataRepresentation.LittleEndian);
                var    header = m.Get <BCryptRsaKeyBlob>();
                /*var exponent = */ m.GetArray <byte>((int)header.cbPublicExp);
                var modulus = m.GetArray <byte>((int)header.cbModulus);
#else
                RsaProvider = new RSACryptoServiceProvider(rsaParams.keyBits);
                var modulus = RsaProvider.ExportParameters(true).Modulus;
#endif
                var pubId = new Tpm2bPublicKeyRsa(modulus);
                PublicParms.unique = pubId;
                break;
            }

#if !__MonoCS__
            case TpmAlgId.Ecc:
            {
                var eccParms = keyParams.parameters as EccParms;
                var alg      = RawEccKey.GetEccAlg(keyParams);
                if (alg == null)
                {
                    Globs.Throw <ArgumentException>("Unknown ECC curve");
                    return;
                }
#if TSS_USE_BCRYPT
                Key = Generate(alg, (uint)RawEccKey.GetKeyLength(eccParms.curveID));
#else
                var keyParmsX = new CngKeyCreationParameters {
                    ExportPolicy = CngExportPolicies.AllowPlaintextExport
                };
                using (CngKey key = CngKey.Create(alg, null, keyParmsX))
                {
                    byte[] keyIs = key.Export(CngKeyBlobFormat.EccPublicBlob);
                    CngKey.Import(keyIs, CngKeyBlobFormat.EccPublicBlob);

                    if (keyParams.objectAttributes.HasFlag(ObjectAttr.Sign))
                    {
                        EcdsaProvider = new ECDsaCng(key);
                    }
                    else
                    {
                        EcDhProvider = new ECDiffieHellmanCng(key);
                    }
                }
#endif // !TSS_USE_BCRYPT && !__MonoCS__
                break;
            }
#endif // !__MonoCS__
            default:
                Globs.Throw <ArgumentException>("Algorithm not supported");
                break;
            }
        }