public static CreatePrivateFromSensitive ( |
||
symWrappingAlg | ||
symKey | byte | |
iv | byte | |
sens | ||
nameHash | TpmAlgId | |
publicName | byte | |
parentNameAlg | TpmAlgId | |
parentSeed | byte | |
f | ||
return | byte[] |
public static byte[] CreatePrivateFromSensitive(
SymDefObject symWrappingAlg,
byte[] symKey,
byte[] iv,
Sensitive sens,
TpmAlgId nameHash,
byte[] publicName,
TpmAlgId parentNameAlg,
byte[] parentSeed,
TssObject.Transformer f = null)
{
// ReSharper disable once InconsistentNaming
byte[] tpm2bIv = Marshaller.ToTpm2B(iv);
Transform(tpm2bIv, f);
byte[] sensitive = sens.GetTpmRepresentation();
Transform(sensitive, f);
// ReSharper disable once InconsistentNaming
byte[] tpm2bSensitive = Marshaller.ToTpm2B(sensitive);
Transform(tpm2bSensitive, f);
byte[] encSensitive = SymmCipher.Encrypt(symWrappingAlg, symKey, iv, tpm2bSensitive);
Transform(encSensitive, f);
byte[] decSensitive = SymmCipher.Decrypt(symWrappingAlg, symKey, iv, encSensitive);
Debug.Assert(f != null || Globs.ArraysAreEqual(decSensitive, tpm2bSensitive));
var hmacKeyBits = CryptoLib.DigestSize(parentNameAlg) * 8;
byte[] hmacKey = KDF.KDFa(parentNameAlg, parentSeed, "INTEGRITY", new byte[0], new byte[0], hmacKeyBits);
Transform(hmacKey, f);
byte[] dataToHmac = Marshaller.GetTpmRepresentation(tpm2bIv,
encSensitive,
publicName);
Transform(dataToHmac, f);
byte[] outerHmac = CryptoLib.HmacData(parentNameAlg, hmacKey, dataToHmac);
Transform(outerHmac, f);
byte[] priv = Marshaller.GetTpmRepresentation(Marshaller.ToTpm2B(outerHmac),
tpm2bIv,
encSensitive);
Transform(priv, f);
return priv;
}
/// <summary> /// Creates a Private area for this key so that it can be loaded into a TPM by /// TPM2_Load() if the target TPM already has the storage key 'parent' loaded. /// This function lets an application to create key hierarchies in software /// that can be loaded into a TPM once the parent has been TPM2_Import'ed. /// TPM2_Import() supports plaintext import. To get this sort of import blob, /// set 'parent' to null. /// </summary> /// <param name="parent"></param> /// <returns></returns> public TpmPrivate GetPrivate(TssObject parent) { SymDefObject symDef = GetSymDef(parent.Public); // Figure out how many bits we will need from the KDF byte[] parentSymSeed = parent.Sensitive.seedValue; Transform(parentSymSeed); byte[] iv = (symDef.Mode == TpmAlgId.Ecb) ? new byte[0] : Globs.GetRandomBytes(SymCipher.GetBlockSize(symDef)); // The encryption key is calculated with a KDF byte[] symKey = KDF.KDFa(parent.Public.nameAlg, parentSymSeed, "STORAGE", GetName(), new byte[0], symDef.KeyBits); Transform(symKey); byte[] newPrivate = KeyWrapper.CreatePrivateFromSensitive( symDef, symKey, iv, Sensitive, Public.nameAlg, Public.GetName(), parent.Public.nameAlg, parent.Sensitive.seedValue, TransformerCallback); Transform(newPrivate); return(new TpmPrivate(newPrivate)); }