Tpm2Lib.TpmPublic.CreateActivationCredentials C# (CSharp) Method

TpmPublic Class Documentation Show file Open project: Microsoft/TSS.MSR

CreateActivationCredentials() public method

Create activation blobs that can be passed to ActivateCredential. Two blobs are returned - (a) - encryptedSecret - is the symmetric key cfb-symmetrically encrypted with an enveloping key (b) credentialBlob (the return value of this function) - is the enveloping key OEAP (RSA) encrypted by the public part of this key.

public CreateActivationCredentials ( byte secret, TpmAlgId nameAlgId, byte nameOfKeyToBeActivated, byte &encryptedSecret ) : byte[]
secret	byte
nameAlgId	TpmAlgId
nameOfKeyToBeActivated	byte
encryptedSecret	byte
return	byte[]

        public byte[] CreateActivationCredentials(
            byte[] secret,
            TpmAlgId nameAlgId,
            byte[] nameOfKeyToBeActivated,
            out byte[] encryptedSecret)
        {
            byte[] seed, encSecret;

            switch (type)
            {
                case TpmAlgId.Rsa:
                    // The seed should be the same size as the symmKey
                    seed = Globs.GetRandomBytes((CryptoLib.DigestSize(nameAlg) + 7) / 8);
                    encSecret = EncryptOaep(seed, ActivateEncodingParms);
                    break;
                case TpmAlgId.Ecc:
                    EccPoint pubEphem;
                    seed = EcdhGetKeyExchangeKey(ActivateEncodingParms, nameAlg, out pubEphem);
                    encSecret = Marshaller.GetTpmRepresentation(pubEphem);
                    break;
                default:
                    Globs.Throw<NotImplementedException>("CreateActivationCredentials: Unsupported algorithm");
                    encryptedSecret = new byte[0];
                    return new byte[0];
            }

            Transform(seed);
            Transform(encSecret);

            var cvx = new Tpm2bDigest(secret);
            byte[] cvTpm2B = Marshaller.GetTpmRepresentation(cvx);
            Transform(cvTpm2B);

            SymDefObject symDef = TssObject.GetSymDef(this);
            byte[] symKey = KDF.KDFa(nameAlg, seed, "STORAGE", nameOfKeyToBeActivated, new byte[0], symDef.KeyBits);
            Transform(symKey);

            byte[] encIdentity;
            using (SymmCipher symm2 = SymmCipher.Create(symDef, symKey))
            {
                encIdentity = symm2.Encrypt(cvTpm2B);
            }
            Transform(encIdentity);

            var hmacKeyBits = CryptoLib.DigestSize(nameAlg);
            byte[] hmacKey = KDF.KDFa(nameAlg, seed, "INTEGRITY", new byte[0], new byte[0], hmacKeyBits * 8);
            Transform(hmacKey);
            byte[] outerHmac = CryptoLib.HmacData(nameAlg,
                                                  hmacKey,
                                                  Globs.Concatenate(encIdentity, nameOfKeyToBeActivated));
            Transform(outerHmac);

            byte[] activationBlob = Globs.Concatenate(
                                                      Marshaller.ToTpm2B(outerHmac),
                                                      encIdentity);

            Transform(activationBlob);

            encryptedSecret = encSecret;

            return activationBlob;
        }

TpmPublic

Copy

CreateActivationCredentials

EcdhGetKeyExchangeKey

EncryptOaep

GetName

TpmPublic

Transform

VerifyCertify

VerifyQuote

VerifySignatureOverData

VerifySignatureOverHash

_SetTransformer