public static TPMKeyCore Create(CapabilityDataCore.TPMVersionCore version, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags, TPMAuthDataUsage authDataUsage, TPMKeyParamsCore algorithmParams, TPMStorePubkeyCore pubkey, byte[] encdata) { TPMKeyCore key = new TPMKeyCore (); key._keyUsage = keyUsage; key._keyFlags = keyFlags; key._authDataUsage = authDataUsage; key._algorithmParams = algorithmParams; if (version == null) key._version = CapabilityDataCore.TPMVersionCore.CreateVersion12 (); else key._version = version; if (pubkey == null) key._pubKey = TPMStorePubkeyCore.CreateEmptyPubkey (); else key._pubKey = pubkey; if (encdata == null) key._encData = new byte[0]; else key._encData = encdata; return key; }
public ClientKeyHandle CreateKey(string friendlyName, uint keyLength, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags) { Parameters paramsCreateWrapKey = new Parameters(); paramsCreateWrapKey.AddPrimitiveType("parent", KeyIdentifier); paramsCreateWrapKey.AddPrimitiveType("key_usage", keyUsage); paramsCreateWrapKey.AddPrimitiveType("key_flags", keyFlags); paramsCreateWrapKey.AddPrimitiveType("key_length", keyLength); paramsCreateWrapKey.AddPrimitiveType("exponent", new byte[0]); paramsCreateWrapKey.AddPrimitiveType("num_primes", (uint)0); if (keyUsage == TPMKeyUsage.TPM_KEY_SIGNING) { paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_NONE); paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1); } else { paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_RSAESOAEP_SHA1_MGF1); paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_NONE); } Parameters parameters = new Parameters(); parameters.AddPrimitiveType("identifierIsFriendlyName", true); parameters.AddPrimitiveType("identifier", friendlyName); ProtectedPasswordStorage authUsage = _tpmSession.RequestSecret( new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters)); if (authUsage.Hashed == false) { authUsage.Hash(); } authUsage.DecryptHash(); paramsCreateWrapKey.AddPrimitiveType("usage_auth", authUsage.HashValue); ProtectedPasswordStorage authMigration = null; if ((keyFlags & TPMKeyFlags.Migratable) == TPMKeyFlags.Migratable) { authMigration = _tpmSession.RequestSecret( new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyMigrationSecret, parameters)); authMigration.DecryptHash(); paramsCreateWrapKey.AddPrimitiveType("migration_auth", authMigration.HashValue); } else { paramsCreateWrapKey.AddPrimitiveType("migration_auth", new byte[20]); } try { TPMCommandResponse responseCreateWrapKey = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_CreateWrapKey, paramsCreateWrapKey); _tpmSession.Keystore.AddKey( friendlyName, responseCreateWrapKey.Parameters.GetValueOf <string>("key_identifier"), this.FriendlyName, responseCreateWrapKey.Parameters.GetValueOf <byte[]>("key_data")); return(new ClientKeyHandle(friendlyName, responseCreateWrapKey.Parameters.GetValueOf <string>("key_identifier"), _tpmSession)); } finally { if (authMigration != null) { authMigration.ClearHash(); } if (authUsage != null) { authUsage.ClearHash(); } } }
public ClientKeyHandle CreateKey(string friendlyName, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags) { return(CreateKey(friendlyName, 2048, keyUsage, keyFlags)); }
public static TPMKeyCore Create(CapabilityDataCore.TPMVersionCore version, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags, TPMAuthDataUsage authDataUsage, TPMKeyParamsCore algorithmParams, TPMStorePubkeyCore pubkey, byte[] encdata) { TPMKeyCore key = new TPMKeyCore(); key._keyUsage = keyUsage; key._keyFlags = keyFlags; key._authDataUsage = authDataUsage; key._algorithmParams = algorithmParams; if (version == null) { key._version = CapabilityDataCore.TPMVersionCore.CreateVersion12(); } else { key._version = version; } if (pubkey == null) { key._pubKey = TPMStorePubkeyCore.CreateEmptyPubkey(); } else { key._pubKey = pubkey; } if (encdata == null) { key._encData = new byte[0]; } else { key._encData = encdata; } return(key); }
public ClientKeyHandle CreateKey(string friendlyName, uint keyLength, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags) { Parameters paramsCreateWrapKey = new Parameters(); paramsCreateWrapKey.AddPrimitiveType("parent", KeyIdentifier); paramsCreateWrapKey.AddPrimitiveType("key_usage", keyUsage); paramsCreateWrapKey.AddPrimitiveType("key_flags", keyFlags); paramsCreateWrapKey.AddPrimitiveType("key_length", keyLength); paramsCreateWrapKey.AddPrimitiveType("exponent", new byte[0]); paramsCreateWrapKey.AddPrimitiveType("num_primes", (uint)0); if (keyUsage == TPMKeyUsage.TPM_KEY_SIGNING) { paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_NONE); paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1); } else { paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_RSAESOAEP_SHA1_MGF1); paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_NONE); } Parameters parameters = new Parameters(); parameters.AddPrimitiveType("identifierIsFriendlyName", true); parameters.AddPrimitiveType("identifier", friendlyName); ProtectedPasswordStorage authUsage = _tpmSession.RequestSecret( new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters)); if(authUsage.Hashed == false) authUsage.Hash(); authUsage.DecryptHash(); paramsCreateWrapKey.AddPrimitiveType("usage_auth", authUsage.HashValue); ProtectedPasswordStorage authMigration = null; if((keyFlags & TPMKeyFlags.Migratable) == TPMKeyFlags.Migratable) { authMigration = _tpmSession.RequestSecret( new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyMigrationSecret, parameters)); authMigration.DecryptHash(); paramsCreateWrapKey.AddPrimitiveType("migration_auth", authMigration.HashValue); } else paramsCreateWrapKey.AddPrimitiveType("migration_auth", new byte[20]); try { TPMCommandResponse responseCreateWrapKey = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_CreateWrapKey, paramsCreateWrapKey); _tpmSession.Keystore.AddKey( friendlyName, responseCreateWrapKey.Parameters.GetValueOf<string>("key_identifier"), this.FriendlyName, responseCreateWrapKey.Parameters.GetValueOf<byte[]>("key_data")); return new ClientKeyHandle(friendlyName, responseCreateWrapKey.Parameters.GetValueOf<string>("key_identifier"), _tpmSession); } finally { if(authMigration != null) authMigration.ClearHash(); if(authUsage != null) authUsage.ClearHash(); } }
public ClientKeyHandle CreateKey(string friendlyName, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags) { return CreateKey(friendlyName, 2048, keyUsage, keyFlags); }
public override void Execute(string[] commandline) { if (commandline.Length < 2) { _console.Out.WriteLine("Error: [local_session_alias] not specified"); return; } else if (commandline.Length < 3) { _console.Out.WriteLine("Error: [command] not specified"); return; } ClientContext ctx = _console.GetValue <ClientContext> ("client_context", null); if (ctx == null) { _console.Out.WriteLine("No active connection was found"); return; } string localAlias = commandline[1]; string keyCommand = commandline[2]; IDictionary <string, TPMSession> tpmSessions = _console.GetValue <IDictionary <string, TPMSession> > ("tpm_sessions", null); if (tpmSessions == null || tpmSessions.ContainsKey(localAlias) == false) { _console.Out.WriteLine("Error: Specified local alias was not found"); return; } if (keyCommand == "keystore_open") { if (commandline.Length < 4) { _console.Out.WriteLine("Error: keystore_open requires some arguments, check help for further information"); return; } if (tpmSessions[localAlias].Keystore != null) { _console.Out.WriteLine("Error: There is already an open keystore!"); return; } string[] sArguments = commandline[3].Split(','); IDictionary <string, string> arguments = _console.SplitArguments(commandline[3], 1); TPMKeystoreProvider keystore = TPMKeystoreProviders.Create(sArguments[0], arguments); tpmSessions[localAlias].Keystore = keystore; } else if (keyCommand == "keystore_close") { TPMKeystoreProvider keystore = tpmSessions[localAlias].Keystore; if (keystore != null) { keystore.Dispose(); tpmSessions[localAlias].Keystore = keystore; } } else if (keyCommand == "keystore_list") { TPMKeystoreProvider keystore = tpmSessions[localAlias].Keystore; if (keystore == null) { _console.Out.WriteLine("Error: No keystore opened"); return; } _console.Out.WriteLine("The keystore contains #{0} keys", keystore.EnumerateFriendlyNames().Length); _console.Out.WriteLine(); foreach (string friendlyName in keystore.EnumerateFriendlyNames()) { string parent = "<SRK>"; KeyValuePair <string, string>?parentKey = keystore.FindParentKeyByFriendlyName(friendlyName); if (parentKey != null) { parent = parentKey.Value.Key; } _console.Out.WriteLine("{0} ({1}) parent: {2}", friendlyName, keystore.FriendlyNameToIdentifier(friendlyName), parent); } } else if (keyCommand == "create") { if (tpmSessions[localAlias].Keystore == null) { _console.Out.WriteLine("Error: No keystore was opened"); return; } IDictionary <string, string> arguments = _console.SplitArguments(commandline[3], 0); if (arguments.ContainsKey("name") == false) { _console.Out.WriteLine("Error: No name specified"); return; } if (arguments.ContainsKey("parent") == false) { _console.Out.WriteLine("Error: No parent key specified"); return; } ClientKeyHandle keyHandle; if (arguments["parent"] == "srk") { keyHandle = tpmSessions[localAlias].KeyClient.GetSrkKeyHandle(); } else { keyHandle = tpmSessions[localAlias].KeyClient.GetKeyHandleByFriendlyName(arguments["parent"]); } if (keyHandle == null) { _console.Out.WriteLine("Error: Key with name '{0}' not found", arguments["parent"]); return; } if (arguments.ContainsKey("key_usage") == false) { _console.Out.WriteLine("Error: key_usage not defined"); return; } TPMKeyUsage keyUsage; switch (arguments["key_usage"]) { case "sign": keyUsage = TPMKeyUsage.TPM_KEY_SIGNING; break; case "bind": keyUsage = TPMKeyUsage.TPM_KEY_BIND; break; case "storage": keyUsage = TPMKeyUsage.TPM_KEY_STORAGE; break; default: _console.Out.WriteLine("Error: Invalid key_usage '{0}'", arguments["key_usage"]); return; } if (arguments.ContainsKey("key_length") == false) { _console.Out.WriteLine("Error: key_length not defined!"); return; } uint keyLength = 0; if (uint.TryParse(arguments["key_length"], out keyLength) == false) { _console.Out.WriteLine("Error: Could not parse key_length"); return; } TPMKeyFlags keyFlags = TPMKeyFlags.None; if (arguments.ContainsKey("key_flags")) { switch (arguments["key_flags"]) { case "none": keyFlags = TPMKeyFlags.None; break; case "migratable": keyFlags = TPMKeyFlags.Migratable; break; } } //Make sure that key usage auth and if required migration auth is in the secret cache Parameters hmacParams = new Parameters(); hmacParams.AddPrimitiveType("identifierIsFriendlyName", true); hmacParams.AddPrimitiveType("identifier", arguments["name"]); ProtectedPasswordStorage usageAuth = tpmSessions[localAlias].RequestSecret( new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, hmacParams)); if (usageAuth != null) { tpmSessions[localAlias].SetValue("secret_usage_" + arguments["name"], usageAuth); } if ((keyFlags & TPMKeyFlags.Migratable) == TPMKeyFlags.Migratable) { ProtectedPasswordStorage migrationAuth = tpmSessions[localAlias].RequestSecret( new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyMigrationSecret, hmacParams)); if (migrationAuth != null) { tpmSessions[localAlias].SetValue("secret_migration_" + arguments["name"], migrationAuth); } } /*ClientKeyHandle newKey =*/ keyHandle.CreateKey(arguments["name"], keyLength, keyUsage, keyFlags); } else { _console.Out.WriteLine("Error, unknown command '{0}'", commandline[2]); } }