/// <summary>
/// Creates a new counter if possible.
/// Creating a counter requires the owner password and also the secret_counter secret
/// </summary>
/// <param name="label">4 bytes to label the counter</param>
/// <returns></returns>
public CounterContext CreateCounter(byte[] label)
{
if (label.Length != 4)
{
throw new ArgumentException("label needs to be of size 4");
}
ProtectedPasswordStorage counterSecret = _tpmSession.RequestSecret(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.CounterSecret, new Parameters()));
if (counterSecret.Hashed == false)
{
counterSecret.Hash();
}
counterSecret.DecryptHash();
Parameters createCounterParams = new Parameters();
createCounterParams.AddPrimitiveType("secret", counterSecret.HashValue);
createCounterParams.AddPrimitiveType("label", label);
return(new CounterContext(_tpmSession,
_tpmSession.DoTPMCommandRequest(new TPMCommandRequest(TPMCommandNames.TPM_CMD_CreateCounter, createCounterParams))
.Parameters.GetValueOf <uint>("counter_id")
));
}
public ClientKeyHandle CreateKey(string friendlyName, uint keyLength, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags)
{
Parameters paramsCreateWrapKey = new Parameters();
paramsCreateWrapKey.AddPrimitiveType("parent", KeyIdentifier);
paramsCreateWrapKey.AddPrimitiveType("key_usage", keyUsage);
paramsCreateWrapKey.AddPrimitiveType("key_flags", keyFlags);
paramsCreateWrapKey.AddPrimitiveType("key_length", keyLength);
paramsCreateWrapKey.AddPrimitiveType("exponent", new byte[0]);
paramsCreateWrapKey.AddPrimitiveType("num_primes", (uint)0);
if (keyUsage == TPMKeyUsage.TPM_KEY_SIGNING)
{
paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_NONE);
paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1);
}
else
{
paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_RSAESOAEP_SHA1_MGF1);
paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_NONE);
}
Parameters parameters = new Parameters();
parameters.AddPrimitiveType("identifierIsFriendlyName", true);
parameters.AddPrimitiveType("identifier", friendlyName);
ProtectedPasswordStorage authUsage = _tpmSession.RequestSecret(
new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters));
if (authUsage.Hashed == false)
{
authUsage.Hash();
}
authUsage.DecryptHash();
paramsCreateWrapKey.AddPrimitiveType("usage_auth", authUsage.HashValue);
ProtectedPasswordStorage authMigration = null;
if ((keyFlags & TPMKeyFlags.Migratable) == TPMKeyFlags.Migratable)
{
authMigration = _tpmSession.RequestSecret(
new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyMigrationSecret, parameters));
authMigration.DecryptHash();
paramsCreateWrapKey.AddPrimitiveType("migration_auth", authMigration.HashValue);
}
else
{
paramsCreateWrapKey.AddPrimitiveType("migration_auth", new byte[20]);
}
try
{
TPMCommandResponse responseCreateWrapKey =
BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_CreateWrapKey, paramsCreateWrapKey);
_tpmSession.Keystore.AddKey(
friendlyName,
responseCreateWrapKey.Parameters.GetValueOf <string>("key_identifier"),
this.FriendlyName,
responseCreateWrapKey.Parameters.GetValueOf <byte[]>("key_data"));
return(new ClientKeyHandle(friendlyName, responseCreateWrapKey.Parameters.GetValueOf <string>("key_identifier"), _tpmSession));
}
finally
{
if (authMigration != null)
{
authMigration.ClearHash();
}
if (authUsage != null)
{
authUsage.ClearHash();
}
}
}
