Tpm2Lib.KeyWrapper.CreatePrivateFromSensitive C# (CSharp) Method

CreatePrivateFromSensitive() public static method

Create an enveloped (encrypted and integrity protected) private area from a provided sensitive.
public static CreatePrivateFromSensitive ( SymDefObject symWrappingAlg, byte symKey, byte iv, Sensitive sens, TpmAlgId nameHash, byte publicName, TpmAlgId parentNameAlg, byte parentSeed, TssObject f = null ) : byte[]
symWrappingAlg SymDefObject
symKey byte
iv byte
sens Sensitive
nameHash TpmAlgId
publicName byte
parentNameAlg TpmAlgId
parentSeed byte
f TssObject
return byte[]
        public static byte[] CreatePrivateFromSensitive(
            SymDefObject symWrappingAlg,
            byte[] symKey,
            byte[] iv,
            Sensitive sens,
            TpmAlgId nameHash,
            byte[] publicName,
            TpmAlgId parentNameAlg,
            byte[] parentSeed,
            TssObject.Transformer f = null)
        {
            // ReSharper disable once InconsistentNaming
            byte[] tpm2bIv = Marshaller.ToTpm2B(iv);
            Transform(tpm2bIv, f);

            byte[] sensitive = sens.GetTpmRepresentation();
            Transform(sensitive, f);

            // ReSharper disable once InconsistentNaming
            byte[] tpm2bSensitive = Marshaller.ToTpm2B(sensitive);
            Transform(tpm2bSensitive, f);

            byte[] encSensitive = SymmCipher.Encrypt(symWrappingAlg, symKey, iv, tpm2bSensitive);
            Transform(encSensitive, f);
            byte[] decSensitive = SymmCipher.Decrypt(symWrappingAlg, symKey, iv, encSensitive);
            Debug.Assert(f != null || Globs.ArraysAreEqual(decSensitive, tpm2bSensitive));

            var hmacKeyBits = CryptoLib.DigestSize(parentNameAlg) * 8;
            byte[] hmacKey = KDF.KDFa(parentNameAlg, parentSeed, "INTEGRITY", new byte[0], new byte[0], hmacKeyBits);
            Transform(hmacKey, f);

            byte[] dataToHmac = Marshaller.GetTpmRepresentation(tpm2bIv,
                                                                encSensitive,
                                                                publicName);
            Transform(dataToHmac, f);

            byte[] outerHmac = CryptoLib.HmacData(parentNameAlg, hmacKey, dataToHmac);
            Transform(outerHmac, f);

            byte[] priv = Marshaller.GetTpmRepresentation(Marshaller.ToTpm2B(outerHmac),
                                                          tpm2bIv,
                                                          encSensitive);
            Transform(priv, f);
            return priv;
        }

Usage Example

Ejemplo n.º 1
0
        /// <summary>
        /// Creates a Private area for this key so that it can be loaded into a TPM by
        /// TPM2_Load() if the target TPM already has the storage key 'parent' loaded.
        /// This function lets an application to create key hierarchies in software
        /// that can be loaded into a TPM once the parent has been TPM2_Import'ed.
        /// TPM2_Import() supports plaintext import. To get this sort of import blob,
        /// set 'parent' to null.
        /// </summary>
        /// <param name="parent"></param>
        /// <returns></returns>
        public TpmPrivate GetPrivate(TssObject parent)
        {
            SymDefObject symDef = GetSymDef(parent.Public);

            // Figure out how many bits we will need from the KDF
            byte[] parentSymSeed = parent.Sensitive.seedValue;
            Transform(parentSymSeed);
            byte[] iv = (symDef.Mode == TpmAlgId.Ecb) ? new byte[0]
                                : Globs.GetRandomBytes(SymCipher.GetBlockSize(symDef));

            // The encryption key is calculated with a KDF
            byte[] symKey = KDF.KDFa(parent.Public.nameAlg,
                                     parentSymSeed,
                                     "STORAGE",
                                     GetName(),
                                     new byte[0],
                                     symDef.KeyBits);

            Transform(symKey);

            byte[] newPrivate = KeyWrapper.CreatePrivateFromSensitive(
                symDef,
                symKey,
                iv,
                Sensitive,
                Public.nameAlg,
                Public.GetName(),
                parent.Public.nameAlg,
                parent.Sensitive.seedValue,
                TransformerCallback);
            Transform(newPrivate);
            return(new TpmPrivate(newPrivate));
        }
All Usage Examples Of Tpm2Lib.KeyWrapper::CreatePrivateFromSensitive