internal void CalcSessionKey()
{
Debug.Assert(SessionKey == null, "Attempt to repeatedly calculate session key");
if (Salt == SaltNeeded)
{
Globs.Throw(string.Format("Unencrypted salt value must be provided for the session {0:x}", Handle.handle));
}
// Compute Handle.Auth in accordance with Part 1, 19.6.8.
if (Salt == null && BindObject == TpmRh.Null)
{
SessionKey = new byte[0];
return;
}
byte[] auth = Globs.TrimTrailingZeros(BindObject.Auth);
byte[] hmacKey = Globs.Concatenate(auth, Salt);
SessionKey = KDF.KDFa(AuthHash, hmacKey, "ATH", NonceTpm, NonceCaller,
TpmHash.DigestSize(AuthHash) * 8);
}
/// <summary>
/// Copies parameters associated with the session handle encapsulated in the
/// sess argument into the sess object. These parameters are the ones passed
/// to the StartAuthSession command. They are remembered by this Tpm2 object,
/// until this method is called.
///
/// Note that _InitializeSession() can be used only once for the given session
/// handle, as the associated parameters are erased from Tpm2 Object after
/// they were copied into AuthSession object for the first time.
/// </summary>
/// <param name="sess"></param>
internal bool _InitializeSession(AuthSession sess)
{
if (!sess.Initialized())
{
if (!SessionParams.ContainsKey(sess))
{
// There are no session parameters associated with the session
// handle (e.g., when the session was created by other Tpm2 object).
return false;
}
sess.Init(SessionParams[sess]);
sess.CalcSessionKey();
SessionParams.Remove(sess);
}
return true;
}
