/// <summary>
/// Create a new asymmetric key based on the parameters in keyParms. The resulting key data is returned in structures
/// suitable for incorporation in a TPMT_PUBLIC and TPMS_SENSITIVE
/// </summary>
/// <param name="keyParms"></param>
/// <param name="publicParms"></param>
/// <returns></returns>
internal static ISensitiveCompositeUnion CreateSensitiveComposite(TpmPublic keyParms, out IPublicIdUnion publicParms)
{
TpmAlgId keyAlgId = keyParms.type;
ISensitiveCompositeUnion newSens;
// Create the asymmetric key
if (keyAlgId != TpmAlgId.Rsa)
{
Globs.Throw <ArgumentException>("Algorithm not supported");
}
var newKeyPair = new RawRsa((keyParms.parameters as RsaParms).keyBits);
// Put the key bits into the required structure envelopes
newSens = new Tpm2bPrivateKeyRsa(newKeyPair.Private);
publicParms = new Tpm2bPublicKeyRsa(newKeyPair.Public);
return(newSens);
}
void Init(TpmPublic pub, Tpm2bPrivateKeyRsa priv)
{
var parms = pub.parameters as RsaParms;
NumBits = parms.keyBits;
E = new BigInteger(parms.exponent == 0 ? RsaParms.DefaultExponent
: BitConverter.GetBytes(parms.exponent));
N = FromBigEndian((pub.unique as Tpm2bPublicKeyRsa).buffer);
P = FromBigEndian(priv.buffer);
Q = N / P;
Debug.Assert(N % P == BigInteger.Zero);
BigInteger PHI = N - (P + Q - BigInteger.One);
D = ModInverse(E, PHI);
InverseQ = ModInverse(Q, P);
DP = D % (P - BigInteger.One);
DQ = D % (Q - BigInteger.One);
}
} // class PrivateKeyBlob
// Trailing parameters are used to populate TpmPublic generated for the key from the blob.
public static TpmPrivate CspToTpm(byte[] cspPrivateBlob, out TpmPublic tpmPub,
TpmAlgId nameAlg = TpmAlgId.Sha1,
ObjectAttr keyAttrs = ObjectAttr.Decrypt | ObjectAttr.UserWithAuth,
IAsymSchemeUnion scheme = null,
SymDefObject symDef = null)
{
if (scheme == null)
{
scheme = new NullAsymScheme();
}
if (symDef == null)
{
symDef = new SymDefObject();
}
var m = new Marshaller(cspPrivateBlob, DataRepresentation.LittleEndian);
var cspPrivate = m.Get <Csp.PrivateKeyBlob>();
var keyAlg = cspPrivate.publicKeyStruc.aiKeyAlg;
if (keyAlg != Csp.AlgId.CAlgRsaKeyX && keyAlg != Csp.AlgId.CAlgRsaSign)
{
Globs.Throw <NotSupportedException>("CSP blobs for keys of type " + keyAlg.ToString("X") + " are not supported");
tpmPub = new TpmPublic();
return(new TpmPrivate());
}
var rsaPriv = new Tpm2bPrivateKeyRsa(Globs.ReverseByteOrder(cspPrivate.prime1));
var sens = new Sensitive(new byte[0], new byte[0], rsaPriv);
tpmPub = new TpmPublic(nameAlg, keyAttrs, new byte[0],
new RsaParms(symDef,
scheme,
(ushort)cspPrivate.rsaPubKey.bitlen,
cspPrivate.rsaPubKey.pubexp),
new Tpm2bPublicKeyRsa(Globs.ReverseByteOrder(cspPrivate.modulus)));
return(new TpmPrivate(sens.GetTpm2BRepresentation()));
}
CreateSensitiveComposite(TpmPublic pub,
ref byte[] keyData,
out IPublicIdUnion publicId)
{
ISensitiveCompositeUnion newSens = null;
publicId = null;
if (pub.type == TpmAlgId.Rsa)
{
if (keyData != null)
{
Globs.Throw <ArgumentException>("Cannot specify key data for an RSA key");
return(null);
}
var newKeyPair = new RawRsa((pub.parameters as RsaParms).keyBits);
// Put the key bits into the required structure envelopes
newSens = new Tpm2bPrivateKeyRsa(newKeyPair.Private);
publicId = new Tpm2bPublicKeyRsa(newKeyPair.Public);
}
else if (pub.type == TpmAlgId.Symcipher)
{
var symDef = (SymDefObject)pub.parameters;
if (symDef.Algorithm != TpmAlgId.Aes)
{
Globs.Throw <ArgumentException>("Unsupported symmetric algorithm");
return(null);
}
int keySize = (symDef.KeyBits + 7) / 8;
if (keyData == null)
{
keyData = Globs.GetRandomBytes(keySize);
}
else if (keyData.Length != keySize)
{
keyData = Globs.CopyData(keyData);
}
else
{
Globs.Throw <ArgumentException>("Wrong symmetric key length");
return(null);
}
newSens = new Tpm2bSymKey(keyData);
}
else if (pub.type == TpmAlgId.Keyedhash)
{
var scheme = (pub.parameters as KeyedhashParms).scheme;
TpmAlgId hashAlg = scheme is SchemeHash ? (scheme as SchemeHash).hashAlg
: scheme is SchemeXor ? (scheme as SchemeXor).hashAlg
: pub.nameAlg;
var digestSize = CryptoLib.DigestSize(hashAlg);
if (keyData == null)
{
keyData = Globs.GetRandomBytes(digestSize);
}
else if (keyData.Length <= CryptoLib.BlockSize(hashAlg))
{
keyData = Globs.CopyData(keyData);
}
else
{
Globs.Throw <ArgumentException>("HMAC key is too big");
return(null);
}
newSens = new Tpm2bSensitiveData(keyData);
}
else
{
Globs.Throw <ArgumentException>("Unsupported key type");
}
return(newSens);
}
