/// <summary>
/// Create activation blobs that can be passed to ActivateCredential. Two blobs are returned -
/// (a) - encryptedSecret - is the symmetric key cfb-symmetrically encrypted with an enveloping key
/// (b) credentialBlob (the return value of this function) - is the enveloping key OEAP (RSA) encrypted
/// by the public part of this key.
/// </summary>
/// <param name="secret"></param>
/// <param name="nameAlgId"></param>
/// <param name="nameOfKeyToBeActivated"></param>
/// <param name="encryptedSecret"></param>
/// <returns>CredentialBlob (</returns>
public byte[] CreateActivationCredentials(
byte[] secret,
TpmAlgId nameAlgId,
byte[] nameOfKeyToBeActivated,
out byte[] encryptedSecret)
{
byte[] seed, encSecret;
switch (type)
{
case TpmAlgId.Rsa:
// The seed should be the same size as the symmKey
seed = Globs.GetRandomBytes((CryptoLib.DigestSize(nameAlg) + 7) / 8);
encSecret = EncryptOaep(seed, ActivateEncodingParms);
break;
case TpmAlgId.Ecc:
EccPoint pubEphem;
seed = EcdhGetKeyExchangeKey(ActivateEncodingParms, nameAlg, out pubEphem);
encSecret = Marshaller.GetTpmRepresentation(pubEphem);
break;
default:
Globs.Throw <NotImplementedException>("CreateActivationCredentials: Unsupported algorithm");
encryptedSecret = new byte[0];
return(new byte[0]);
}
var cvx = new Tpm2bDigest(secret);
byte[] cvTpm2B = Marshaller.GetTpmRepresentation(cvx);
SymDefObject symDef = TssObject.GetSymDef(this);
byte[] symKey = KDF.KDFa(nameAlg, seed, "STORAGE", nameOfKeyToBeActivated, new byte[0], symDef.KeyBits);
byte[] encIdentity;
using (SymmCipher symm2 = SymmCipher.Create(symDef, symKey))
{
encIdentity = symm2.Encrypt(cvTpm2B);
}
var hmacKeyBits = CryptoLib.DigestSize(nameAlg);
byte[] hmacKey = KDF.KDFa(nameAlg, seed, "INTEGRITY", new byte[0], new byte[0], hmacKeyBits * 8);
byte[] outerHmac = CryptoLib.HmacData(nameAlg,
hmacKey,
Globs.Concatenate(encIdentity, nameOfKeyToBeActivated));
byte[] activationBlob = Globs.Concatenate(
Marshaller.ToTpm2B(outerHmac),
encIdentity);
encryptedSecret = encSecret;
return(activationBlob);
}
/// <summary>
/// Calculates and returns the policy-hashes of the attached branches.
/// </summary>
/// <param name="hashAlg"></param>
/// <returns></returns>
public Tpm2bDigest[] GetPolicyHashArray(TpmAlgId hashAlg)
{
int numBranches = PolicyBranches.Count;
if (numBranches < 2 || numBranches > 8)
{
Globs.Throw("GetPolicyHashArray: Must have between 2 and 8 branches in a PolicyOr");
}
int i = 0;
var childHashes = new Tpm2bDigest[numBranches];
foreach (PolicyAce branch in PolicyBranches)
{
childHashes[i++] = branch.GetPolicyDigest(hashAlg);
}
return(childHashes);
}
public static Tpm2bDigest[] SafePcrRead(Tpm2 tpm, PcrSelection sel)
{
PcrSelection[] selOut;
var selIn = new PcrSelection[] { sel.Copy() };
var pcrValues = new Tpm2bDigest[0];
do
{
Tpm2bDigest[] vals;
tpm.PcrRead(selIn, out selOut, out vals);
pcrValues = pcrValues.Concat(vals).ToArray();
Debug.Assert(selOut.Length == 1);
// The first part of the while condition is used to by pass not
// implemented PCRs
} while (!Globs.IsZeroBuffer(selOut[0].pcrSelect) &&
selIn[0].Clear(selOut[0]));
Debug.Assert(selIn[0].GetSelectedPcrs().Length == 0);
Debug.Assert(sel.GetSelectedPcrs().Length == pcrValues.Length);
return(pcrValues);
}
/// <summary>
/// Create activation blobs that can be passed to ActivateCredential. Two
/// blobs are returned:
/// 1) encryptedSecret - symmetric key cfb-symmetrically encrypted with the
/// enveloping key;
/// 2) credentialBlob - the enveloping key OEAP (RSA) encrypted by the public
/// part of this key. This is the return value of this
/// function
/// </summary>
/// <param name="secret"></param>
/// <param name="nameOfKeyToBeActivated"></param>
/// <param name="encryptedSecret"></param>
/// <returns>CredentialBlob (</returns>
public IdObject CreateActivationCredentials(byte[] secret,
byte[] nameOfKeyToBeActivated,
out byte[] encryptedSecret)
{
byte[] seed, encSecret;
switch (type)
{
case TpmAlgId.Rsa:
// The seed should be the same size as the name algorithmdigest
seed = Globs.GetRandomBytes(CryptoLib.DigestSize(nameAlg));
encSecret = EncryptOaep(seed, ActivateEncodingParms);
break;
case TpmAlgId.Ecc:
EccPoint ephemPubPt;
seed = EcdhGetKeyExchangeKey(ActivateEncodingParms, out ephemPubPt);
encSecret = Marshaller.GetTpmRepresentation(ephemPubPt);
break;
default:
Globs.Throw <NotImplementedException>(
"CreateActivationCredentials: Unsupported algorithm");
encryptedSecret = new byte[0];
return(null);
}
Transform(seed);
Transform(encSecret);
var cvx = new Tpm2bDigest(secret);
byte[] cvTpm2B = Marshaller.GetTpmRepresentation(cvx);
Transform(cvTpm2B);
SymDefObject symDef = TssObject.GetSymDef(this);
byte[] symKey = KDF.KDFa(nameAlg, seed, "STORAGE",
nameOfKeyToBeActivated, new byte[0], symDef.KeyBits);
Transform(symKey);
byte[] encIdentity;
// TPM only uses CFB mode in its command implementations
var sd = symDef.Copy();
sd.Mode = TpmAlgId.Cfb;
using (var sym = SymCipher.Create(sd, symKey))
{
// Not all keys specs are supported by SW crypto
if (sym == null)
{
encryptedSecret = null;
return(null);
}
encIdentity = sym.Encrypt(cvTpm2B);
}
Transform(encIdentity);
var hmacKeyBits = CryptoLib.DigestSize(nameAlg);
byte[] hmacKey = KDF.KDFa(nameAlg, seed, "INTEGRITY",
new byte[0], new byte[0], hmacKeyBits * 8);
Transform(hmacKey);
byte[] outerHmac = CryptoLib.Hmac(nameAlg, hmacKey,
Globs.Concatenate(encIdentity, nameOfKeyToBeActivated));
Transform(outerHmac);
encryptedSecret = encSecret;
return(new IdObject(outerHmac, encIdentity));
}
