/// <summary> /// Create a new asymmetric key based on the parameters in keyParms. The resulting key data is returned in structures /// suitable for incorporation in a TPMT_PUBLIC and TPMS_SENSITIVE /// </summary> /// <param name="keyParms"></param> /// <param name="publicParms"></param> /// <returns></returns> internal static ISensitiveCompositeUnion CreateSensitiveComposite(TpmPublic keyParms, out IPublicIdUnion publicParms) { TpmAlgId keyAlgId = keyParms.type; ISensitiveCompositeUnion newSens; // Create the asymmetric key if (keyAlgId != TpmAlgId.Rsa) { Globs.Throw <ArgumentException>("Algorithm not supported"); } var newKeyPair = new RawRsa((keyParms.parameters as RsaParms).keyBits); // Put the key bits into the required structure envelopes newSens = new Tpm2bPrivateKeyRsa(newKeyPair.Private); publicParms = new Tpm2bPublicKeyRsa(newKeyPair.Public); return(newSens); }
void Init(TpmPublic pub, Tpm2bPrivateKeyRsa priv) { var parms = pub.parameters as RsaParms; NumBits = parms.keyBits; E = new BigInteger(parms.exponent == 0 ? RsaParms.DefaultExponent : BitConverter.GetBytes(parms.exponent)); N = FromBigEndian((pub.unique as Tpm2bPublicKeyRsa).buffer); P = FromBigEndian(priv.buffer); Q = N / P; Debug.Assert(N % P == BigInteger.Zero); BigInteger PHI = N - (P + Q - BigInteger.One); D = ModInverse(E, PHI); InverseQ = ModInverse(Q, P); DP = D % (P - BigInteger.One); DQ = D % (Q - BigInteger.One); }
} // class PrivateKeyBlob // Trailing parameters are used to populate TpmPublic generated for the key from the blob. public static TpmPrivate CspToTpm(byte[] cspPrivateBlob, out TpmPublic tpmPub, TpmAlgId nameAlg = TpmAlgId.Sha1, ObjectAttr keyAttrs = ObjectAttr.Decrypt | ObjectAttr.UserWithAuth, IAsymSchemeUnion scheme = null, SymDefObject symDef = null) { if (scheme == null) { scheme = new NullAsymScheme(); } if (symDef == null) { symDef = new SymDefObject(); } var m = new Marshaller(cspPrivateBlob, DataRepresentation.LittleEndian); var cspPrivate = m.Get <Csp.PrivateKeyBlob>(); var keyAlg = cspPrivate.publicKeyStruc.aiKeyAlg; if (keyAlg != Csp.AlgId.CAlgRsaKeyX && keyAlg != Csp.AlgId.CAlgRsaSign) { Globs.Throw <NotSupportedException>("CSP blobs for keys of type " + keyAlg.ToString("X") + " are not supported"); tpmPub = new TpmPublic(); return(new TpmPrivate()); } var rsaPriv = new Tpm2bPrivateKeyRsa(Globs.ReverseByteOrder(cspPrivate.prime1)); var sens = new Sensitive(new byte[0], new byte[0], rsaPriv); tpmPub = new TpmPublic(nameAlg, keyAttrs, new byte[0], new RsaParms(symDef, scheme, (ushort)cspPrivate.rsaPubKey.bitlen, cspPrivate.rsaPubKey.pubexp), new Tpm2bPublicKeyRsa(Globs.ReverseByteOrder(cspPrivate.modulus))); return(new TpmPrivate(sens.GetTpm2BRepresentation())); }
CreateSensitiveComposite(TpmPublic pub, ref byte[] keyData, out IPublicIdUnion publicId) { ISensitiveCompositeUnion newSens = null; publicId = null; if (pub.type == TpmAlgId.Rsa) { if (keyData != null) { Globs.Throw <ArgumentException>("Cannot specify key data for an RSA key"); return(null); } var newKeyPair = new RawRsa((pub.parameters as RsaParms).keyBits); // Put the key bits into the required structure envelopes newSens = new Tpm2bPrivateKeyRsa(newKeyPair.Private); publicId = new Tpm2bPublicKeyRsa(newKeyPair.Public); } else if (pub.type == TpmAlgId.Symcipher) { var symDef = (SymDefObject)pub.parameters; if (symDef.Algorithm != TpmAlgId.Aes) { Globs.Throw <ArgumentException>("Unsupported symmetric algorithm"); return(null); } int keySize = (symDef.KeyBits + 7) / 8; if (keyData == null) { keyData = Globs.GetRandomBytes(keySize); } else if (keyData.Length != keySize) { keyData = Globs.CopyData(keyData); } else { Globs.Throw <ArgumentException>("Wrong symmetric key length"); return(null); } newSens = new Tpm2bSymKey(keyData); } else if (pub.type == TpmAlgId.Keyedhash) { var scheme = (pub.parameters as KeyedhashParms).scheme; TpmAlgId hashAlg = scheme is SchemeHash ? (scheme as SchemeHash).hashAlg : scheme is SchemeXor ? (scheme as SchemeXor).hashAlg : pub.nameAlg; var digestSize = CryptoLib.DigestSize(hashAlg); if (keyData == null) { keyData = Globs.GetRandomBytes(digestSize); } else if (keyData.Length <= CryptoLib.BlockSize(hashAlg)) { keyData = Globs.CopyData(keyData); } else { Globs.Throw <ArgumentException>("HMAC key is too big"); return(null); } newSens = new Tpm2bSensitiveData(keyData); } else { Globs.Throw <ArgumentException>("Unsupported key type"); } return(newSens); }