本文整理汇总了C#中TpmAlgId类的典型用法代码示例。如果您正苦于以下问题:C# TpmAlgId类的具体用法?C# TpmAlgId怎么用?C# TpmAlgId使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
TpmAlgId类属于命名空间,在下文中一共展示了TpmAlgId类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: StartAuthSessionEx
/// <summary>
/// Create a simple bound but unseeded session.
/// </summary>
public AuthSession StartAuthSessionEx(
TpmHandle boundEntity,
TpmSe sessionType,
TpmAlgId authHash,
SessionAttr initialialAttrs = SessionAttr.ContinueSession,
SymDef symDef = null,
int nonceCallerSize = 0)
{
byte[] nonceTpm;
var EmptySalt = new byte[0];
if (nonceCallerSize == 0)
{
nonceCallerSize = CryptoLib.DigestSize(authHash);
}
AuthSession sess = StartAuthSession(TpmRh.Null, boundEntity,
GetRandomBytes(nonceCallerSize),
EmptySalt, sessionType,
symDef ?? new SymDef(),
authHash, out nonceTpm)
+ initialialAttrs;
_InitializeSession(sess);
return sess;
}示例2: HashData
public static byte[] HashData(TpmAlgId alg, byte[] data1, byte[] data2)
{
var temp = new byte[data1.Length + data2.Length];
Array.Copy(data1, temp, data1.Length);
Array.Copy(data2, 0, temp, data1.Length, data2.Length);
return HashData(alg, temp);
}示例3: VerifySignatureOverData
/// <summary>
/// The TPM always signs hash-sized data. This version of the VerifySignature performs the necessary
/// hash operation over arbitrarily-length data and verifies that the hash is properly signed
/// (i.e. the library performs the hash)
/// </summary>
/// <param name="signedData"></param>
/// <param name="signature"></param>
/// <returns></returns>
public bool VerifySignatureOverData(byte[] signedData, ISignatureUnion signature, TpmAlgId sigHashAlg = TpmAlgId.Null)
{
using (AsymCryptoSystem verifier = AsymCryptoSystem.CreateFrom(this))
{
bool sigOk = verifier.VerifySignatureOverData(signedData, signature, sigHashAlg);
return sigOk;
}
}示例4: CreatePrivateFromSensitive
/// <summary>
/// Create an enveloped (encrypted and integrity protected) private area from a provided sensitive.
/// </summary>
/// <param name="iv"></param>
/// <param name="sens"></param>
/// <param name="nameHash"></param>
/// <param name="publicName"></param>
/// <param name="symWrappingAlg"></param>
/// <param name="symKey"></param>
/// <param name="parentNameAlg"></param>
/// <param name="parentSeed"></param>
/// <param name="f"></param>
/// <returns></returns>
public static byte[] CreatePrivateFromSensitive(
SymDefObject symWrappingAlg,
byte[] symKey,
byte[] iv,
Sensitive sens,
TpmAlgId nameHash,
byte[] publicName,
TpmAlgId parentNameAlg,
byte[] parentSeed,
TssObject.Transformer f = null)
{
// ReSharper disable once InconsistentNaming
byte[] tpm2bIv = Marshaller.ToTpm2B(iv);
Transform(tpm2bIv, f);
byte[] sensitive = sens.GetTpmRepresentation();
Transform(sensitive, f);
// ReSharper disable once InconsistentNaming
byte[] tpm2bSensitive = Marshaller.ToTpm2B(sensitive);
Transform(tpm2bSensitive, f);
byte[] encSensitive = SymmCipher.Encrypt(symWrappingAlg, symKey, iv, tpm2bSensitive);
Transform(encSensitive, f);
byte[] decSensitive = SymmCipher.Decrypt(symWrappingAlg, symKey, iv, encSensitive);
Debug.Assert(f != null || Globs.ArraysAreEqual(decSensitive, tpm2bSensitive));
uint hmacKeyBits = (uint)CryptoLib.DigestSize(parentNameAlg) * 8;
byte[] hmacKey = KDF.KDFa(parentNameAlg, parentSeed, "INTEGRITY", new byte[0], new byte[0], hmacKeyBits);
Transform(hmacKey, f);
byte[] dataToHmac = Marshaller.GetTpmRepresentation(tpm2bIv,
encSensitive,
publicName);
Transform(dataToHmac, f);
byte[] outerHmac = CryptoLib.HmacData(parentNameAlg, hmacKey, dataToHmac);
Transform(outerHmac, f);
byte[] priv = Marshaller.GetTpmRepresentation(Marshaller.ToTpm2B(outerHmac),
tpm2bIv,
encSensitive);
Transform(priv, f);
return priv;
}示例5: StartAuthSessionEx
/// <summary>
/// Create a simple unbound & unseeded session supporting session encryption.
/// </summary>
public AuthSession StartAuthSessionEx(
TpmSe sessionType,
TpmAlgId authHash,
SessionAttr initialialAttrs,
SymDef symmAlg,
int nonceCallerSize = 16)
{
byte[] nonceTpm;
var EmptySalt = new byte[0];
AuthSession sess = StartAuthSession(TpmRh.Null, TpmRh.Null,
GetRandomBytes(nonceCallerSize), EmptySalt,
sessionType, symmAlg, authHash, out nonceTpm)
+ initialialAttrs;
_InitializeSession(sess);
return sess;
}示例6: GetHashName
/// <summary>
/// Get the CAPI name for a hash algorithm.
/// </summary>
/// <param name="algId"></param>
/// <returns></returns>
internal static string GetHashName(TpmAlgId algId)
{
switch (algId)
{
case TpmAlgId.Sha1:
return "sha1";
case TpmAlgId.Sha256:
return "sha256";
case TpmAlgId.Sha384:
return "sha384";
case TpmAlgId.Sha512:
return "sha512";
default:
throw new ArgumentException("Unsupported hash algorithm");
}
}示例7: IsHashAlgorithm
public static bool IsHashAlgorithm(TpmAlgId alg)
{
return DefinedHashAlgorithms.Any(id => alg == id);
}示例8: VerifyHmacSignature
public static bool VerifyHmacSignature(TpmAlgId underlyingHash, byte[] key, byte[] dataToHash, byte[] sig)
{
byte[] expectedSig = HmacData(underlyingHash, key, dataToHash);
return Globs.ArraysAreEqual(expectedSig, sig);
}示例9: CreateActivationCredentials
/// <summary>
/// Create activation blobs that can be passed to ActivateCredential. Two blobs are returned -
/// (a) - encryptedSecret - is the symmetric key cfb-symmetrically encrypted with an enveloping key
/// (b) credentialBlob (the return value of this function) - is the enveloping key OEAP (RSA) encrypted
/// by the public part of this key.
/// </summary>
/// <param name="secret"></param>
/// <param name="nameAlgId"></param>
/// <param name="nameOfKeyToBeActivated"></param>
/// <param name="encryptedSecret"></param>
/// <returns>CredentialBlob (</returns>
public byte[] CreateActivationCredentials(
byte[] secret,
TpmAlgId nameAlgId,
byte[] nameOfKeyToBeActivated,
out byte[] encryptedSecret)
{
byte[] seed, encSecret;
switch (type)
{
case TpmAlgId.Rsa:
// The seed should be the same size as the symmKey
seed = Globs.GetRandomBytes((CryptoLib.DigestSize(nameAlg) + 7) / 8);
encSecret = EncryptOaep(seed, ActivateEncodingParms);
break;
case TpmAlgId.Ecc:
EccPoint pubEphem;
seed = EcdhGetKeyExchangeKey(ActivateEncodingParms, nameAlg, out pubEphem);
encSecret = Marshaller.GetTpmRepresentation(pubEphem);
break;
default:
throw new NotImplementedException("activate crypto scheme not implemented");
}
Transform(seed);
Transform(encSecret);
var cvx = new Tpm2bDigest(secret);
byte[] cvTpm2B = Marshaller.GetTpmRepresentation(cvx);
Transform(cvTpm2B);
SymDefObject symDef = TssObject.GetSymDef(this);
byte[] symKey = KDF.KDFa(nameAlg, seed, "STORAGE", nameOfKeyToBeActivated, new byte[0], symDef.KeyBits);
Transform(symKey);
byte[] encIdentity;
using (SymmCipher symm2 = SymmCipher.Create(symDef, symKey))
{
encIdentity = symm2.CFBEncrypt(cvTpm2B);
}
Transform(encIdentity);
var hmacKeyBits = (uint)CryptoLib.DigestSize(nameAlg);
byte[] hmacKey = KDF.KDFa(nameAlg, seed, "INTEGRITY", new byte[0], new byte[0], hmacKeyBits * 8);
Transform(hmacKey);
byte[] outerHmac = CryptoLib.HmacData(nameAlg,
hmacKey,
Globs.Concatenate(encIdentity, nameOfKeyToBeActivated));
Transform(outerHmac);
byte[] activationBlob = Globs.Concatenate(
Marshaller.ToTpm2B(outerHmac),
encIdentity);
Transform(activationBlob);
encryptedSecret = encSecret;
return activationBlob;
}示例10: VerifyQuote
/// <summary>
/// Verify that a TPM quote matches an expect PCR selection, is well formed, and is properly signed
/// by the private key corresponding to this public key.
/// </summary>
/// <param name="pcrDigestAlg"></param>
/// <param name="expectedSelectedPcr"></param>
/// <param name="expectedPcrValues"></param>
/// <param name="nonce"></param>
/// <param name="quotedInfo"></param>
/// <param name="signature"></param>
/// <param name="qualifiedNameOfSigner"></param>
/// <returns></returns>
public bool VerifyQuote(
TpmAlgId pcrDigestAlg,
PcrSelection[] expectedSelectedPcr,
Tpm2bDigest[] expectedPcrValues,
byte[] nonce,
Attest quotedInfo,
ISignatureUnion signature,
byte[] qualifiedNameOfSigner = null)
{
if (!(quotedInfo.attested is QuoteInfo))
{
return false;
}
if (quotedInfo.magic != Generated.Value)
{
return false;
}
if (!quotedInfo.extraData.IsEqual(nonce))
{
return false;
}
// Check environment of signer (name) is expected
if (qualifiedNameOfSigner != null)
{
if (!quotedInfo.qualifiedSigner.IsEqual(qualifiedNameOfSigner))
{
return false;
}
}
// Now check the quote-specific fields
var quoted = (QuoteInfo)quotedInfo.attested;
// Check values pcr indices are what we expect
if (!Globs.ArraysAreEqual(quoted.pcrSelect, expectedSelectedPcr))
{
return false;
}
// Check that values in the indices above are what we expect
// ReSharper disable once UnusedVariable
var expected = new PcrValueCollection(expectedSelectedPcr, expectedPcrValues);
var m = new Marshaller();
foreach (Tpm2bDigest d in expectedPcrValues)
{
m.Put(d.buffer, "");
}
TpmHash expectedPcrHash = TpmHash.FromData(pcrDigestAlg, m.GetBytes());
if (!Globs.ArraysAreEqual(expectedPcrHash, quoted.pcrDigest))
{
return false;
}
// And finally check the signature
bool sigOk = VerifySignatureOverData(quotedInfo.GetTpmRepresentation(), signature);
return sigOk;
}示例11: PssVerify
/// <summary>
/// PSS verify. Note: we expect the caller to do the hash.
/// </summary>
/// <param name="m"></param>
/// <param name="em"></param>
/// <param name="sLen"></param>
/// <param name="emBits"></param>
/// <param name="hashAlg"></param>
/// <returns></returns>
public static bool PssVerify(byte[] m, byte[] em, int sLen, int emBits, TpmAlgId hashAlg)
{
var emLen = (int)Math.Ceiling(1.0 * emBits / 8);
int hLen = CryptoLib.DigestSize(hashAlg);
// 1 - Skip
// 2
byte[] mHash = TpmHash.FromData(hashAlg, m);
// 3
if (emLen < hLen + sLen + 2)
{
return false;
}
// 4
if (em[em.Length - 1] != 0xbc)
{
return false;
}
// 5
byte[] maskedDB = Globs.CopyData(em, 0, emLen - hLen - 1);
byte[] h = Globs.CopyData(em, emLen - hLen - 1, hLen);
// 6
int numZeroBits = 8 * emLen - emBits;
// First numZero bits is zero in mask
byte mask = GetByteMask(numZeroBits);
if ((maskedDB[0] & mask) != maskedDB[0])
{
return false;
}
// 7
byte[] dbMask = CryptoLib.MGF(h, emLen - hLen - 1, hashAlg);
// 8
byte[] db = XorEngine.Xor(maskedDB, dbMask);
// 9
int numZeroBits2 = 8 * emLen - emBits;
byte mask2 = GetByteMask(numZeroBits2);
db[0] &= mask2;
// 10
for (int j = 0; j < emLen - hLen - sLen - 2; j++)
{
if (db[j] != 0)
{
return false;
}
}
if (db[emLen - hLen - sLen - 1 - 1] != 1)
{
return false;
}
// 11
byte[] salt = Globs.CopyData(db, db.Length - sLen);
// 12
byte[] mPrime = Globs.Concatenate(new[] { Globs.ByteArray(8, 0), mHash, salt});
// 13
byte[] hPrime = TpmHash.FromData(hashAlg, mPrime);
// 14
bool match = Globs.ArraysAreEqual(h, hPrime);
if (match == false)
{
return false;
}
return true;
}示例12: HmacData
public static byte[] HmacData(TpmAlgId hashAlgId, byte[] key, byte[] dataToHash)
{
#if TSS_USE_BCRYPT
string algName = Native.BCryptHashAlgName(hashAlgId);
if (string.IsNullOrEmpty(algName))
{
Globs.Throw<ArgumentException>("HmacData(): Unsupported hash algorithm " + hashAlgId);
return null;
}
var alg = new BCryptAlgorithm(algName, Native.BCRYPT_ALG_HANDLE_HMAC);
var digest = alg.HmacData(key, dataToHash);
alg.Close();
return digest;
#else
switch (hashAlgId)
{
case TpmAlgId.Sha1:
using (var h = new HMACSHA1(key))
{
return h.ComputeHash(dataToHash);
}
case TpmAlgId.Sha256:
using (var h2 = new HMACSHA256(key))
{
return h2.ComputeHash(dataToHash);
}
case TpmAlgId.Sha384:
using (var h3 = new HMACSHA384(key))
{
return h3.ComputeHash(dataToHash);
}
case TpmAlgId.Sha512:
using (var h4 = new HMACSHA512(key))
{
return h4.ComputeHash(dataToHash);
}
default:
Globs.Throw<ArgumentException>("HmacData(): Unsupported hash algorithm " + hashAlgId);
return null;
}
#endif // !TSS_USE_BCRYPT
}示例13: OaepDecode
public static bool OaepDecode(byte[] eMx, byte[] encodingParms, TpmAlgId hashAlg, out byte[] decoded)
{
decoded = new byte[0];
var em = new byte[eMx.Length + 1];
Array.Copy(eMx, 0, em, 1, eMx.Length);
int hLen = CryptoLib.DigestSize(hashAlg);
int k = em.Length;
// a.
byte[] lHash = CryptoLib.HashData(hashAlg, encodingParms);
// b.
byte y = em[0];
byte[] maskedSeed = Globs.CopyData(em, 1, hLen);
byte[] maskedDB = Globs.CopyData(em, 1 + hLen);
// c.
byte[] seedMask = CryptoLib.MGF(maskedDB, hLen, hashAlg);
// d.
byte[] seed = XorEngine.Xor(maskedSeed, seedMask);
// e.
byte[] dbMask = CryptoLib.MGF(seed, k - hLen - 1, hashAlg);
// f.
byte[] db = XorEngine.Xor(maskedDB, dbMask);
// g.
byte[] lHashPrime = Globs.CopyData(db, 0, hLen);
// Look for the zero..
int j;
for (j = hLen; j < db.Length; j++)
{
if (db[j] == 0)
{
continue;
}
if (db[j] == 1)
{
break;
}
return false;
}
if (j == db.Length - 1)
{
return false;
}
byte[] m = Globs.CopyData(db, j + 1);
if (y != 0)
{
return false;
}
if (!Globs.ArraysAreEqual(lHash, lHashPrime))
{
return false;
}
decoded = m;
return true;
}示例14: OaepEncode
/// <summary>
/// EME-OAEP PKCS1.2, section 9.1.1.1.
/// </summary>
/// <param name="message"></param>
/// <param name="encodingParameters"></param>
/// <param name="hashAlg"></param>
/// <param name="modulusNumBytes"></param>
/// <returns></returns>
public static byte[] OaepEncode(byte[] message, byte[] encodingParameters, TpmAlgId hashAlg, int modulusNumBytes)
{
int encodedMessageLength = modulusNumBytes - 1;
int messageLength = message.Length;
int hashLength = CryptoLib.DigestSize(hashAlg);
// 1 (Step numbers from RSA labs spec.)
// Ignore the ParametersLength limitation
// 2
if (messageLength > encodedMessageLength - 2 * hashLength - 1)
if (Tpm2._TssBehavior.Passthrough)
return new byte[0];
else
throw new ArgumentException("input message too long");
int psLen = encodedMessageLength - messageLength - 2 * hashLength - 1;
var ps = new byte[psLen];
// 3 (Not needed.)
for (int j = 0; j < psLen; j++)
ps[j] = 0;
// 4
byte[] pHash = CryptoLib.HashData(hashAlg, encodingParameters);
// 5
var db = new byte[hashLength + psLen + 1 + messageLength];
var one = new byte[1];
one[0] = 1;
pHash.CopyTo(db, 0);
ps.CopyTo(db, pHash.Length);
one.CopyTo(db, pHash.Length + ps.Length);
message.CopyTo(db, pHash.Length + ps.Length + 1);
// 6
byte[] seed = Globs.GetRandomBytes(hashLength);
// 7
byte[] dbMask = CryptoLib.MGF(seed, encodedMessageLength - hashLength, hashAlg);
// 8
byte[] maskedDb = XorEngine.Xor(db, dbMask);
// 9
byte[] seedMask = CryptoLib.MGF(maskedDb, hashLength, hashAlg);
// 10
byte[] maskedSeed = XorEngine.Xor(seed, seedMask);
//11
var encodedMessage = new byte[maskedSeed.Length + maskedDb.Length];
maskedSeed.CopyTo(encodedMessage, 0);
maskedDb.CopyTo(encodedMessage, maskedSeed.Length);
// 12
return encodedMessage;
}示例15: KdfThenXor
public static byte[] KdfThenXor(TpmAlgId hashAlg, byte[] key, byte[] contextU, byte[] contextV, byte[] data)
{
var mask = KDF.KDFa(hashAlg, key, "XOR", contextU, contextV, (uint)(data.Length * 8));
return XorEngine.Xor(data, mask);
}