Наследование: TpmStructureBase
Пример #1
0
        /// <summary>
        /// Create an enveloped (encrypted and integrity protected) private area from a provided sensitive.
        /// </summary>
        /// <param name="iv"></param>
        /// <param name="sens"></param>
        /// <param name="nameHash"></param>
        /// <param name="publicName"></param>
        /// <param name="symWrappingAlg"></param>
        /// <param name="symKey"></param>
        /// <param name="parentNameAlg"></param>
        /// <param name="parentSeed"></param>
        /// <param name="f"></param>
        /// <returns></returns>
        public static byte[] CreatePrivateFromSensitive(
            SymDefObject symWrappingAlg,
            byte[] symKey,
            byte[] iv,
            Sensitive sens,
            TpmAlgId nameHash,
            byte[] publicName,
            TpmAlgId parentNameAlg,
            byte[] parentSeed,
            TssObject.Transformer f = null)
        {
            // ReSharper disable once InconsistentNaming
            byte[] tpm2bIv = Marshaller.ToTpm2B(iv);
            Transform(tpm2bIv, f);

            byte[] sensitive = sens.GetTpmRepresentation();
            Transform(sensitive, f);

            // ReSharper disable once InconsistentNaming
            byte[] tpm2bSensitive = Marshaller.ToTpm2B(sensitive);
            Transform(tpm2bSensitive, f);

            byte[] encSensitive = SymmCipher.Encrypt(symWrappingAlg, symKey, iv, tpm2bSensitive);
            Transform(encSensitive, f);
            byte[] decSensitive = SymmCipher.Decrypt(symWrappingAlg, symKey, iv, encSensitive);
            Debug.Assert(f != null || Globs.ArraysAreEqual(decSensitive, tpm2bSensitive));

            uint hmacKeyBits = (uint)CryptoLib.DigestSize(parentNameAlg) * 8;
            byte[] hmacKey = KDF.KDFa(parentNameAlg, parentSeed, "INTEGRITY", new byte[0], new byte[0], hmacKeyBits);
            Transform(hmacKey, f);

            byte[] dataToHmac = Marshaller.GetTpmRepresentation(tpm2bIv,
                                                                encSensitive,
                                                                publicName);
            Transform(dataToHmac, f);

            byte[] outerHmac = CryptoLib.HmacData(parentNameAlg, hmacKey, dataToHmac);
            Transform(outerHmac, f);

            byte[] priv = Marshaller.GetTpmRepresentation(Marshaller.ToTpm2B(outerHmac),
                                                          tpm2bIv,
                                                          encSensitive);
            Transform(priv, f);
            return priv;
        }
Пример #2
0
        /// <summary>
        /// Creates a *software* root key.  The key will be random (not created from a seed).  The key can be used
        /// as the root of a software hierarchy that can be translated into a duplication blob ready for import into
        /// a TPM.  Depending on the type of key, the software root key can be a parent for other root keys that can
        /// comprise a migration group.  The caller should specify necessary key parameters in Public.
        /// </summary>
        /// <returns></returns>
        public static TssObject CreateStorageParent(TpmPublic keyParameters, AuthValue authVal)
        {
            var newKey = new TssObject();
            // Create a new asymmetric key from the supplied parameters
            IPublicIdUnion publicId;
            ISensitiveCompositeUnion sensitiveData = CreateSensitiveComposite(keyParameters, out publicId);

            // fill in the public data
            newKey.publicPart = keyParameters.Copy();
            newKey.publicPart.unique = publicId;

            // Create the associated symmetric key -
            SymDefObject symDef = GetSymDef(keyParameters);
            byte[] symmKey;
            if (symDef.Algorithm != TpmAlgId.Null)
            {
                using (var symmCipher = SymmCipher.Create(symDef))
                {
                    symmKey = symmCipher.KeyData;
                }
            }
            else
            {
                symmKey = new byte[0];
            }
            // Fill in the fields for the symmetric private-part of the asymmetric key
            var sens = new Sensitive(authVal.AuthVal, symmKey, sensitiveData);
            newKey.sensitivePart = sens;

            // And return the new key
            return newKey;
        }
Пример #3
0
 ///<param name = "the_integrityOuter"></param>
 ///<param name = "the_integrityInner">could also be a TPM2B_IV</param>
 ///<param name = "the_sensitive">the sensitive area</param>
 public Private(
 byte[] the_integrityOuter,
 byte[] the_integrityInner,
 Sensitive the_sensitive
 )
 {
     this.integrityOuter = the_integrityOuter;
     this.integrityInner = the_integrityInner;
     this.sensitive = the_sensitive;
 }
Пример #4
0
 public Private()
 {
     integrityOuter = new byte[0];
     integrityInner = new byte[0];
     sensitive = new Sensitive();
 }
Пример #5
0
 public Private(Private the_Private)
 {
     if((Object) the_Private == null ) throw new ArgumentException(Globs.GetResourceString("parmError"));
     integrityOuter = the_Private.integrityOuter;
     integrityInner = the_Private.integrityInner;
     sensitive = the_Private.sensitive;
 }
Пример #6
0
 public Tpm2bSensitive(Tpm2bSensitive the_Tpm2bSensitive)
 {
     if((Object) the_Tpm2bSensitive == null ) throw new ArgumentException(Globs.GetResourceString("parmError"));
     sensitiveArea = the_Tpm2bSensitive.sensitiveArea;
 }
Пример #7
0
 ///<param name = "the_sensitiveArea">an unencrypted sensitive area</param>
 public Tpm2bSensitive(
 Sensitive the_sensitiveArea
 )
 {
     this.sensitiveArea = the_sensitiveArea;
 }
Пример #8
0
 public Sensitive(Sensitive the_Sensitive)
 {
     if((Object) the_Sensitive == null ) throw new ArgumentException(Globs.GetResourceString("parmError"));
     authValue = the_Sensitive.authValue;
     seedValue = the_Sensitive.seedValue;
 }
Пример #9
0
 public Tpm2bSensitive()
 {
     sensitiveArea = new Sensitive();
 }
Пример #10
0
 ///<param name = "the_publicPart">Public part of key</param>
 ///<param name = "the_sensitivePart">Sensitive part of key</param>
 ///<param name = "the_privatePart">Private part is the encrypted sensitive part of key</param>
 public TssObject(
 TpmPublic the_publicPart,
 Sensitive the_sensitivePart,
 TpmPrivate the_privatePart
 )
 {
     this.publicPart = the_publicPart;
     this.sensitivePart = the_sensitivePart;
     this.privatePart = the_privatePart;
 }
Пример #11
0
 public TpmHandle LoadExternal(
     Sensitive inPrivate,
     TpmPublic inPublic,
     TpmHandle hierarchy
 )
 {
     Tpm2LoadExternalRequest inS = new Tpm2LoadExternalRequest();
     inS.inPrivate = inPrivate;
     inS.inPublic = inPublic;
     inS.hierarchy = hierarchy;
     TpmStructureBase outSBase;
     DispatchMethod(TpmCc.LoadExternal, (TpmStructureBase) inS, typeof(Tpm2LoadExternalResponse), out outSBase, 0, 1);
     Tpm2LoadExternalResponse outS = (Tpm2LoadExternalResponse) outSBase;
     return outS.objectHandle;
 }
Пример #12
0
 public TssObject()
 {
     publicPart = new TpmPublic();
     sensitivePart = new Sensitive();
     privatePart = new TpmPrivate();
 }
Пример #13
0
 ///<param name = "the_inPrivate">the sensitive portion of the object (optional)</param>
 ///<param name = "the_inPublic">the public portion of the object</param>
 ///<param name = "the_hierarchy">hierarchy with which the object area is associated</param>
 public Tpm2LoadExternalRequest(
 Sensitive the_inPrivate,
 TpmPublic the_inPublic,
 TpmHandle the_hierarchy
 )
 {
     this.inPrivate = the_inPrivate;
     this.inPublic = the_inPublic;
     this.hierarchy = the_hierarchy;
 }
Пример #14
0
 public Tpm2LoadExternalRequest()
 {
     inPrivate = new Sensitive();
     inPublic = new TpmPublic();
     hierarchy = new TpmHandle();
 }
Пример #15
0
 public Private()
 {
     integrityOuter = null;
     integrityInner = null;
     sensitive = new Sensitive();
 }
Пример #16
0
        /// <summary>
        /// Creates a *software* root key.  The key will be random (not created from a seed).  The key can be used
        /// as the root of a software hierarchy that can be translated into a duplication blob ready for import into
        /// a TPM.  Depending on the type of key, the software root key can be a parent for other root keys that can
        /// comprise a migration group.  The caller should specify necessary key parameters in Public.
        /// </summary>
        /// <returns></returns>
        public static TssObject CreateStorageParent(TpmPublic keyParameters, AuthValue authVal)
        {
            var newKey = new TssObject();
            // Create a new asymmetric key from the supplied parameters
            IPublicIdUnion publicId;
            ISensitiveCompositeUnion sensitiveData = CreateSensitiveComposite(keyParameters, out publicId);

            // fill in the public data
            newKey.publicPart = keyParameters.Copy();
            newKey.publicPart.unique = publicId;

            // Create the associated symmetric key 
            byte[] symmKey = Globs.GetRandomBytes(CryptoLib.DigestSize(keyParameters.nameAlg));
            // Fill in the fields for the symmetric private-part of the asymmetric key
            var sens = new Sensitive(authVal.AuthVal, symmKey, sensitiveData);
            newKey.sensitivePart = sens;

            // And return the new key
            return newKey;
        }