/// <summary>
/// Verifies a signature generated on the tpm
/// </summary>
/// <param name="keyInfo">The key blob loaded into the tpm</param>
/// <param name="pubkey">the public key</param>
/// <param name="data">data to verify for integrity</param>
/// <param name="signature">signature to verify</param>
/// <returns></returns>
public static bool VerifySignature(TPMKey keyInfo, TPMPubkey pubkey, byte[] data, byte[] signature)
{
if (keyInfo.AlgorithmParams.SigScheme == TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1)
{
byte[] localDataDigest = new HashProvider().Hash(new HashByteDataProvider(data));
ISigner signatureVerificator = pubkey.CreateSignatureVerificator();
signatureVerificator.BlockUpdate(data, 0, data.Length);
return signatureVerificator.VerifySignature(signature);
}
else
throw new NotSupportedException(string.Format("The signature scheme '{0}' is not supported", keyInfo.AlgorithmParams.SigScheme));
}
/// <summary>
/// Cosntructs a new SealBlockCipher with the specified arguments, the seal auth is requested from the user
/// on first use
/// </summary>
/// <param name="keyHandle"></param>
/// <param name="session"></param>
public SealBlockCipher(ClientKeyHandle keyHandle, TPMSession session, TPMPCRSelection pcrSelection)
{
_keyHandle = keyHandle;
_session = session;
_myId = session.GetFreeId();
_pcrSelection = pcrSelection;
_keyInfo = _keyHandle.KeyInfo;
}
/// <summary>
/// Cosntructs a new BindBlockCipher with the specified arguments, the seal auth is requested from the user
/// on first use
/// </summary>
/// <param name="keyHandle"></param>
/// <param name="session"></param>
public BindBlockCipher(ClientKeyHandle keyHandle, TPMSession session)
{
_keyHandle = keyHandle;
_session = session;
_keyInfo = _keyHandle.KeyInfo;
if(_keyInfo.KeyUsage != TPMKeyUsage.TPM_KEY_BIND)
throw new ArgumentException(string.Format("The key '{0}' is not a binding key!", keyHandle.FriendlyName));
}