public static TPMKeyCore CreateFromStream(Stream sink)
{
TPMKeyCore tpmKey = new TPMKeyCore();
tpmKey.Read(sink);
return(tpmKey);
}
public static TPMKeyCore CreateFromBytes(byte[] data)
{
using (MemoryStream src = new MemoryStream(data))
{
return(TPMKeyCore.CreateFromStream(src));
}
}
public static TPMKeyCore Create(CapabilityDataCore.TPMVersionCore version, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags,
TPMAuthDataUsage authDataUsage, TPMKeyParamsCore algorithmParams, TPMStorePubkeyCore pubkey, byte[] encdata)
{
TPMKeyCore key = new TPMKeyCore ();
key._keyUsage = keyUsage;
key._keyFlags = keyFlags;
key._authDataUsage = authDataUsage;
key._algorithmParams = algorithmParams;
if (version == null)
key._version = CapabilityDataCore.TPMVersionCore.CreateVersion12 ();
else
key._version = version;
if (pubkey == null)
key._pubKey = TPMStorePubkeyCore.CreateEmptyPubkey ();
else
key._pubKey = pubkey;
if (encdata == null)
key._encData = new byte[0];
else
key._encData = encdata;
return key;
}
public static TPMKeyCore Create(CapabilityDataCore.TPMVersionCore version, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags,
TPMAuthDataUsage authDataUsage, TPMKeyParamsCore algorithmParams, TPMStorePubkeyCore pubkey, byte[] encdata)
{
TPMKeyCore key = new TPMKeyCore();
key._keyUsage = keyUsage;
key._keyFlags = keyFlags;
key._authDataUsage = authDataUsage;
key._algorithmParams = algorithmParams;
if (version == null)
{
key._version = CapabilityDataCore.TPMVersionCore.CreateVersion12();
}
else
{
key._version = version;
}
if (pubkey == null)
{
key._pubKey = TPMStorePubkeyCore.CreateEmptyPubkey();
}
else
{
key._pubKey = pubkey;
}
if (encdata == null)
{
key._encData = new byte[0];
}
else
{
key._encData = encdata;
}
return(key);
}
protected override TPMCommandResponse InternalProcess()
{
// Unencrypted authorization values, they need to be XOR-Encrypted with
// XOR(auth, SHA-1(OSAP shared secret | session nonce))
//
// OSAP_shared_secret = HMAC(key=usage secret of key handle, nonce even osap | nonce odd osap)
AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);
_usageAuth = _params.GetValueOf<byte[]> ("usage_auth");
_migrationAuth = _params.GetValueOf<byte[]> ("migration_auth");
byte[] xorKey = new HashProvider().Hash(
new HashByteDataProvider(auth1OSAP.SharedSecret),
new HashByteDataProvider(auth1OSAP.NonceEven));
ByteHelper.XORBytes(_usageAuth, xorKey);
ByteHelper.XORBytes(_migrationAuth, xorKey);
//Load parent key if not loaded
_keyManager.LoadKey(_params.GetValueOf<string>("parent"));
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateWrapKey);
//parent key handle gets inserted later, it may be not available now
requestBlob.WriteUInt32(0);
requestBlob.Write(_usageAuth, 0, 20);
requestBlob.Write(_migrationAuth, 0, 20);
_tpmKey.WriteToTpmBlob(requestBlob);
using(_keyManager.AcquireLock())
{
AuthorizeMe(requestBlob);
requestBlob.SkipHeader();
if(_params.GetValueOf<string>("parent") == KeyHandle.KEY_SRK)
requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
else
requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("parent")).Handle);
_responseBlob = TransmitMe(requestBlob);
}
CheckResponseAuthInfo();
_responseBlob.SkipHeader();
TPMKeyCore newKey = new TPMKeyCore(_responseBlob);
_responseParameters = new Parameters();
//Build and save the key identifier
//The key identifier is the hex-string representation of the hash of the newly created key
_responseParameters.AddPrimitiveType("key_identifier",
ByteHelper.ByteArrayToHexString(
new HashProvider().Hash(
new HashByteDataProvider(
ByteHelper.SerializeToBytes(newKey)
)
),
""));
_responseParameters.AddPrimitiveType("key_data", ByteHelper.SerializeToBytes(newKey));
return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateWrapKey, _responseParameters);
}
public override void Init(Parameters param, TPMProvider tpmProvider, TPMWrapper tpmWrapper)
{
base.Init (param, tpmProvider, tpmWrapper);
_digest = null;
_tpmKey = TPMKeyCore.Create (
CapabilityDataCore.TPMVersionCore.CreateVersion11(),
_params.GetValueOf<TPMKeyUsage>("key_usage"),
_params.GetValueOf<TPMKeyFlags>("key_flags"),
TPMAuthDataUsage.TPM_AUTH_ALWAYS,
TPMKeyParamsCore.Create (
TPMAlgorithmId.TPM_ALG_RSA,
_params.GetValueOf<TPMEncScheme>("enc_scheme"),
_params.GetValueOf<TPMSigScheme>("sig_scheme"),
TPMRSAKeyParamsCore.Create (
_params.GetValueOf<uint>("key_length"),
_params.GetValueOf<uint>("num_primes"),
_params.GetValueOf<byte[]>("exponent"))
),
null, //Pubkey, use default (empty) pubkey
null //no encoded data
);
}
public static TPMKeyCore CreateFromStream(Stream sink)
{
TPMKeyCore tpmKey = new TPMKeyCore();
tpmKey.Read(sink);
return tpmKey;
}
public override void Init(Parameters param, TPMProvider tpmProvider, TPMWrapper tpmWrapper)
{
base.Init (param, tpmProvider, tpmWrapper);
_digest = null;
_tpmKey = TPMKeyCore.CreateFromBytes(param.GetValueOf<byte[]>("key_blob"));
}
public override void Init(Parameters param, TPMProvider tpmProvider, TPMWrapper tpmWrapper)
{
base.Init (param, tpmProvider, tpmWrapper);
_digest = null;
_tpmKey = TPMKeyCore.Create (
CapabilityDataCore.TPMVersionCore.CreateVersion11(),
TPMKeyUsage.TPM_KEY_STORAGE,
TPMKeyFlags.None,
TPMAuthDataUsage.TPM_AUTH_ALWAYS,
TPMKeyParamsCore.Create (
TPMAlgorithmId.TPM_ALG_RSA,
TPMEncScheme.TPM_ES_RSAESOAEP_SHA1_MGF1,
TPMSigScheme.TPM_SS_NONE,
TPMRSAKeyParamsCore.Create (TPMRSAKeyParamsCore.DEFAULT_KEYLENGTH, TPMRSAKeyParamsCore.DEFAULT_NUMPRIMES, null)
),
null, //Pubkey, use default (empty) pubkey
null //no encoded data
);
}
public override void Clear()
{
base.Clear ();
_tpmKey = null;
_digest = null;
}