|
private Create ( |
||
| parentHandle | ||
| inSensitive | ||
| inPublic | byte | |
| outsideInfo | byte | |
| creationPCR | ||
| outPublic | [ | |
| creationData | [ | |
| creationHash | [ | |
| creationTicket | [ | |
| 리턴 | ||
public TpmPrivate Create(
TpmHandle parentHandle,
SensitiveCreate inSensitive,
byte[] inPublic,
byte[] outsideInfo,
PcrSelection[] creationPCR,
[SuppressMessage("Microsoft.Design", "CA1021")]
out TpmPublic outPublic,
[SuppressMessage("Microsoft.Design", "CA1021")]
out CreationData creationData,
[SuppressMessage("Microsoft.Design", "CA1021")]
out byte[] creationHash,
[SuppressMessage("Microsoft.Design", "CA1021")]
out TkCreation creationTicket
)
{
Tpm2CreateRequest inS = new Tpm2CreateRequest();
inS.parentHandle = parentHandle;
inS.inSensitive = inSensitive;
inS.inPublic = inPublic;
inS.outsideInfo = outsideInfo;
inS.creationPCR = creationPCR;
TpmStructureBase outSBase;
DispatchMethod(TpmCc.Create, (TpmStructureBase) inS, typeof(Tpm2CreateResponse), out outSBase, 1, 0);
Tpm2CreateResponse outS = (Tpm2CreateResponse) outSBase;
outPublic = outS.outPublic;
creationData = outS.creationData;
creationHash = outS.creationHash;
creationTicket = outS.creationTicket;
return outS.outPrivate;
}
/// <summary> /// <summary>
/// Creates a child of the given storage key, which can be used both for signing and decryption.
/// Illustrates strict mode effect on automatic authorization handling.
/// </summary>
/// <returns>Handle of the created key.</returns>
static TpmHandle CreateSigningDecryptionKey(Tpm2 tpm, TpmHandle primHandle, out TpmPublic keyPublic)
{
TpmPublic keyInPublic = new TpmPublic(
TpmAlgId.Sha1,
ObjectAttr.Decrypt | ObjectAttr.Sign | ObjectAttr.FixedParent | ObjectAttr.FixedTPM
| ObjectAttr.UserWithAuth | ObjectAttr.SensitiveDataOrigin,
new byte[0],
new RsaParms(
new SymDefObject(),
new NullAsymScheme(),
2048, 0),
new Tpm2bPublicKeyRsa());
SensitiveCreate sensCreate = new SensitiveCreate(new byte[] {1, 2, 3}, new byte[0]);
CreationData keyCreationData;
TkCreation creationTicket;
byte[] creationHash;
Console.WriteLine("Automatic authorization of a primary storage key.");
//
// An auth session is added automatically to authorize access to primHandle.
//
TpmPrivate keyPrivate = tpm.Create(primHandle,
sensCreate,
keyInPublic,
new byte[0],
new PcrSelection[0],
out keyPublic,
out keyCreationData,
out creationHash,
out creationTicket);
TpmHandle keyHandle = null;
Console.WriteLine("Strict mode.");
//
// Switch TPM object to the strict mode. (Note that this is a TSS.Net
// specific piece of functionality, not a part of TPM 2.0 specification).
//
tpm._Behavior.Strict = true;
//
// No auth session is added automatically when TPM object is in strict mode.
//
tpm._ExpectError(TpmRc.AuthMissing)
.Load(primHandle, keyPrivate, keyPublic);
//
// Now explicitly request an auth session of a desired type.
// The actual auth value will be supplied by TSS.Net implicitly.
//
keyHandle = tpm[Auth.Default].Load(primHandle, keyPrivate, keyPublic);
//
// Switch TPM object back to the normal mode.
//
tpm._Behavior.Strict = false;
Console.WriteLine("Signing decryption key created.");
return keyHandle;
}