|
public static Decrypt ( |
||
| symDef | ||
| key | byte | |
| iv | byte | |
| dataToDecrypt | byte | |
| 리턴 | byte[] | |
/// <summary>
/// De-envelope inner-wrapped duplication blob.
/// TODO: Move this to TpmPublic and make it fully general
/// </summary>
/// <param name="exportedPrivate"></param>
/// <param name="encAlg"></param>
/// <param name="encKey"></param>
/// <param name="nameAlg"></param>
/// <param name="name"></param>
/// <returns></returns>
public static Sensitive SensitiveFromDuplicateBlob(TpmPrivate exportedPrivate, SymDefObject encAlg, byte[] encKey, TpmAlgId nameAlg, byte[] name)
{
byte[] dupBlob = exportedPrivate.buffer;
byte[] sensNoLen;
using (SymmCipher c = Create(encAlg, encKey))
{
byte[] innerObject = c.Decrypt(dupBlob);
byte[] innerIntegrity, sensitive;
KDF.Split(innerObject,
16 + CryptoLib.DigestSize(nameAlg) * 8,
out innerIntegrity,
8 * (innerObject.Length - CryptoLib.DigestSize(nameAlg) - 2),
out sensitive);
byte[] expectedInnerIntegrity = Marshaller.ToTpm2B(CryptoLib.HashData(nameAlg, sensitive, name));
if (!Globs.ArraysAreEqual(expectedInnerIntegrity, innerIntegrity))
{
Globs.Throw("SensitiveFromDuplicateBlob: Bad inner integrity");
}
sensNoLen = Marshaller.Tpm2BToBuffer(sensitive);
}
var sens = Marshaller.FromTpmRepresentation <Sensitive>(sensNoLen);
return(sens);
}
public static byte[] Decrypt(SymDefObject symDef, byte[] key, byte[] iv, byte[] dataToDecrypt)
{
using (SymmCipher cipher = Create(symDef, key, iv))
{
return(cipher.Decrypt(dataToDecrypt));
}
}
internal byte[] ParmEncrypt(byte[] parm, Direction inOrOut)
{
if (Symmetric == null)
{
Globs.Throw("parameter encryption cipher not defined");
return(parm);
}
if (Symmetric.Algorithm == TpmAlgId.Null)
{
return(parm);
}
byte[] nonceNewer, nonceOlder;
if (inOrOut == Direction.Command)
{
nonceNewer = NonceCaller;
nonceOlder = NonceTpm;
}
else
{
nonceNewer = NonceTpm;
nonceOlder = NonceCaller;
}
byte[] encKey = (AuthHandle != null && AuthHandle.Auth != null)
? SessionKey.Concat(Globs.TrimTrailingZeros(AuthHandle.Auth)).ToArray()
: SessionKey;
if (Symmetric.Algorithm == TpmAlgId.Xor)
{
return(CryptoLib.KdfThenXor(AuthHash, encKey, nonceNewer, nonceOlder, parm));
}
int keySize = (Symmetric.KeyBits + 7) / 8,
blockSize = SymmCipher.GetBlockSize(Symmetric),
bytesRequired = keySize + blockSize;
byte[] keyInfo = KDF.KDFa(AuthHash, encKey, "CFB", nonceNewer, nonceOlder, bytesRequired * 8);
var key = new byte[keySize];
Array.Copy(keyInfo, 0, key, 0, keySize);
var iv = new byte[blockSize];
Array.Copy(keyInfo, keySize, iv, 0, blockSize);
// Make a new SymmCipher from the key and IV and do the encryption.
using (SymmCipher s = SymmCipher.Create(Symmetric, key, iv))
{
return(inOrOut == Direction.Command ? s.Encrypt(parm) : s.Decrypt(parm));
}
}
/// <summary>
/// Create an enveloped (encrypted and integrity protected) private area from a provided sensitive.
/// </summary>
/// <param name="iv"></param>
/// <param name="sens"></param>
/// <param name="nameHash"></param>
/// <param name="publicName"></param>
/// <param name="symWrappingAlg"></param>
/// <param name="symKey"></param>
/// <param name="parentNameAlg"></param>
/// <param name="parentSeed"></param>
/// <param name="f"></param>
/// <returns></returns>
public static byte[] CreatePrivateFromSensitive(
SymDefObject symWrappingAlg,
byte[] symKey,
byte[] iv,
Sensitive sens,
TpmAlgId nameHash,
byte[] publicName,
TpmAlgId parentNameAlg,
byte[] parentSeed,
TssObject.Transformer f = null)
{
// ReSharper disable once InconsistentNaming
byte[] tpm2bIv = Marshaller.ToTpm2B(iv);
Transform(tpm2bIv, f);
byte[] sensitive = sens.GetTpmRepresentation();
Transform(sensitive, f);
// ReSharper disable once InconsistentNaming
byte[] tpm2bSensitive = Marshaller.ToTpm2B(sensitive);
Transform(tpm2bSensitive, f);
byte[] encSensitive = SymmCipher.Encrypt(symWrappingAlg, symKey, iv, tpm2bSensitive);
Transform(encSensitive, f);
byte[] decSensitive = SymmCipher.Decrypt(symWrappingAlg, symKey, iv, encSensitive);
Debug.Assert(f != null || Globs.ArraysAreEqual(decSensitive, tpm2bSensitive));
var hmacKeyBits = CryptoLib.DigestSize(parentNameAlg) * 8;
byte[] hmacKey = KDF.KDFa(parentNameAlg, parentSeed, "INTEGRITY", new byte[0], new byte[0], hmacKeyBits);
Transform(hmacKey, f);
byte[] dataToHmac = Marshaller.GetTpmRepresentation(tpm2bIv,
encSensitive,
publicName);
Transform(dataToHmac, f);
byte[] outerHmac = CryptoLib.HmacData(parentNameAlg, hmacKey, dataToHmac);
Transform(outerHmac, f);
byte[] priv = Marshaller.GetTpmRepresentation(Marshaller.ToTpm2B(outerHmac),
tpm2bIv,
encSensitive);
Transform(priv, f);
return(priv);
}
