C# Class Tpm2Lib.Tpm2

Tpm2 provides methods to create TPM-compatible byte streams and unmarshal responses. It is used in conjunction with a TPM device (implementing Tpm2Device) that communicates with the actual TPM device. TPM commands map 1:1 to corresponding methods in Tpm2 (with parameter translations described elsewhere). Tpm2 also provides a few commands that are tagged with Ex (like Tpm2.StartAuthSessionEx). These commands provide a slightly higher level of abstraction when using the underlying native TPM command is tricky or verbose. Tpm2 also provides a few commands that are preceded by _ like _AllowErrors(). These commands are not sent to the TPM, but instead change the behavior of later TPM commands (often for the next command invocation only). Finally, Tpm2.Instrumentation provides access to TPM debug functionality (will not be available on release/production TPMs.)
Inheritance: IDisposable
Show file Open project: Microsoft/TSS.MSR Class Usage Examples

Public Methods

Method Description
GetFirmwareVersionEx ( ) : uint[]
GetPcrProperty ( Tpm2 tpm, PtPcr prop ) : byte[]
GetProperty ( Tpm2 tpm, Pt prop ) : uint
GetTpmInfo ( Tpm2 tpm, string &manufacturer, uint &year, uint &dayOfYear ) : void

Get the date of the specification from which the TPM was built.

StartAuthSessionEx ( TpmHandle boundEntity, TpmSe sessionType, TpmAlgId authHash, SessionAttr initialialAttrs = SessionAttr.ContinueSession, SymDef symDef = null, int nonceCallerSize ) : AuthSession

Create a simple bound but unseeded session.

StartAuthSessionEx ( TpmSe sessionType, TpmAlgId authHash, SessionAttr initialialAttrs, SymDef symDef, int nonceCallerSize ) : AuthSession

Create a simple unbound & unseeded session supporting session encryption.

StartAuthSessionEx ( TpmSe sessionType, TpmAlgId authHash, SessionAttr initialialAttrs, int nonceCallerSize ) : AuthSession

Create a simple unbound & unseeded session.

StartAuthSessionEx ( TpmSe sessionType, TpmAlgId authHash, int nonceCallerSize ) : AuthSession

Create a simple unbound & unseeded session.

Private Methods

Method Description
ActivateCredential ( TpmHandle activateHandle, TpmHandle keyHandle, byte credentialBlob, byte secret ) : byte[]
Certify ( TpmHandle objectHandle, TpmHandle signHandle, byte qualifyingData, ISigSchemeUnion inScheme, [ signature ) : byte[]
CertifyCreation ( TpmHandle signHandle, TpmHandle objectHandle, byte qualifyingData, byte creationHash, ISigSchemeUnion inScheme, TkCreation creationTicket, [ signature ) : byte[]
ChangeEPS ( TpmHandle authHandle ) : void
ChangePPS ( TpmHandle authHandle ) : void
Clear ( TpmHandle authHandle ) : void
ClearControl ( TpmHandle auth, byte disable ) : void
ClockRateAdjust ( TpmHandle auth, ClockAdjust rateAdjust ) : void
ClockSet ( TpmHandle auth, ulong newTime ) : void
Commit ( TpmHandle signHandle, EccPoint P1, byte s2, byte y2, [ L, [ E, [ counter ) : EccPoint
ContextLoad ( Context context ) : TpmHandle
ContextSave ( TpmHandle saveHandle ) : Context
Create ( TpmHandle parentHandle, SensitiveCreate inSensitive, byte inPublic, byte outsideInfo, PcrSelection creationPCR, [ outPublic, [ creationData, [ creationHash, [ creationTicket ) : TpmPrivate
CreateAsync ( TpmHandle parentHandle, SensitiveCreate inSensitive, TpmPublic inPublic, byte outsideInfo, PcrSelection creationPCR ) : Task
CreateLoaded ( TpmHandle parentHandle, SensitiveCreate inSensitive, byte inPublic, [ outPrivate, [ outPublic ) : TpmHandle
CreatePrimary ( TpmHandle primaryHandle, SensitiveCreate inSensitive, byte inPublic, byte outsideInfo, PcrSelection creationPCR, [ outPublic, [ creationData, [ creationHash, [ creationTicket ) : TpmHandle
CreatePrimaryAsync ( TpmHandle primaryHandle, SensitiveCreate inSensitive, TpmPublic inPublic, byte outsideInfo, PcrSelection creationPCR ) : Task
DictionaryAttackLockReset ( TpmHandle lockHandle ) : void
DictionaryAttackParameters ( TpmHandle lockHandle, uint newMaxTries, uint newRecoveryTime, uint lockoutRecovery ) : void
Duplicate ( TpmHandle objectHandle, TpmHandle newParentHandle, byte encryptionKeyIn, SymDefObject symmetricAlg, [ duplicate, [ outSymSeed ) : byte[]
EcEphemeral ( EccCurve curveID, [ counter ) : EccPoint
EccParameters ( EccCurve curveID ) : AlgorithmDetailEcc
EcdhKeyGen ( TpmHandle keyHandle, [ pubPoint ) : EccPoint
EcdhZGen ( TpmHandle keyHandle, EccPoint inPoint ) : EccPoint
EncryptDecrypt ( TpmHandle keyHandle, byte decrypt, TpmAlgId mode, byte ivIn, byte inData, [ ivOut ) : byte[]
EventSequenceComplete ( TpmHandle pcrHandle, TpmHandle sequenceHandle, byte buffer ) : Tpm2Lib.TpmHash[]
EvictControl ( TpmHandle auth, TpmHandle objectHandle, TpmHandle persistentHandle ) : void
FieldUpgradeData ( byte fuData, [ firstDigest ) : TpmHash
FieldUpgradeStart ( TpmHandle authorization, TpmHandle keyHandle, byte fuDigest, ISignatureUnion manifestSignature ) : void
FirmwareRead ( uint sequenceNumber ) : byte[]
FlushContext ( TpmHandle flushHandle ) : void
GetCapability ( Cap capability, uint property, uint propertyCount, [ capabilityData ) : byte
GetCommandAuditDigest ( TpmHandle privacyHandle, TpmHandle signHandle, byte qualifyingData, ISigSchemeUnion inScheme, [ signature ) : byte[]
GetRandom ( ushort bytesRequested ) : byte[]
GetSessionAuditDigest ( TpmHandle privacyAdminHandle, TpmHandle signHandle, TpmHandle sessionHandle, byte qualifyingData, ISigSchemeUnion inScheme, [ signature ) : byte[]
GetTestResult ( [ testResult ) : byte[]
GetTime ( TpmHandle privacyAdminHandle, TpmHandle signHandle, byte qualifyingData, ISigSchemeUnion inScheme, [ signature ) : byte[]
Hash ( byte data, TpmAlgId hashAlg, TpmHandle hierarchy, [ validation ) : byte[]
HashSequenceStart ( byte auth, TpmAlgId hashAlg ) : TpmHandle
HierarchyChangeAuth ( TpmHandle authHandle, byte newAuth ) : void
HierarchyControl ( TpmHandle authHandle, TpmHandle enable, byte state ) : void
Hmac ( TpmHandle handle, byte buffer, TpmAlgId hashAlg ) : byte[]
HmacStart ( TpmHandle handle, byte auth, TpmAlgId hashAlg ) : TpmHandle
Import ( TpmHandle parentHandle, byte encryptionKey, TpmPublic objectPublic, TpmPrivate duplicate, byte inSymSeed, SymDefObject symmetricAlg ) : TpmPrivate
IncrementalSelfTest ( TpmAlgId toTest ) : TpmAlgId[]
Load ( TpmHandle parentHandle, TpmPrivate inPrivate, TpmPublic inPublic ) : TpmHandle
LoadExternal ( Sensitive inPrivate, TpmPublic inPublic, TpmHandle hierarchy ) : TpmHandle
MakeCredential ( TpmHandle handle, byte credential, byte objectName, [ secret ) : byte[]
NvCertify ( TpmHandle signHandle, TpmHandle authHandle, TpmHandle nvIndex, byte qualifyingData, ISigSchemeUnion inScheme, ushort size, ushort offset, [ signature ) : byte[]
NvChangeAuth ( TpmHandle nvIndex, byte newAuth ) : void
NvDefineSpace ( TpmHandle authHandle, byte auth, NvPublic publicInfo ) : void
NvExtend ( TpmHandle authHandle, TpmHandle nvIndex, byte data ) : void
NvGlobalWriteLock ( TpmHandle authHandle ) : void
NvIncrement ( TpmHandle authHandle, TpmHandle nvIndex ) : void
NvRead ( TpmHandle authHandle, TpmHandle nvIndex, ushort size, ushort offset ) : byte[]
NvReadLock ( TpmHandle authHandle, TpmHandle nvIndex ) : void
NvReadPublic ( TpmHandle nvIndex, [ nvName ) : NvPublic
NvSetBits ( TpmHandle authHandle, TpmHandle nvIndex, ulong bits ) : void
NvUndefineSpace ( TpmHandle authHandle, TpmHandle nvIndex ) : void
NvUndefineSpaceSpecial ( TpmHandle nvIndex, TpmHandle platform ) : void
NvWrite ( TpmHandle authHandle, TpmHandle nvIndex, byte data, ushort offset ) : void
NvWriteLock ( TpmHandle authHandle, TpmHandle nvIndex ) : void
ObjectChangeAuth ( TpmHandle objectHandle, TpmHandle parentHandle, byte newAuth ) : TpmPrivate
PcrAllocate ( TpmHandle authHandle, PcrSelection pcrAllocation, [ maxPCR, [ sizeNeeded, [ sizeAvailable ) : byte
PcrEvent ( TpmHandle pcrHandle, byte eventData ) : TpmHash[]
PcrExtend ( TpmHandle pcrHandle, TpmHash digests ) : void
PcrRead ( PcrSelection pcrSelectionIn, [ pcrSelectionOut, [ pcrValues ) : uint
PcrReset ( TpmHandle pcrHandle ) : void
PcrSetAuthPolicy ( TpmHandle authHandle, byte authPolicy, TpmAlgId hashAlg, TpmHandle pcrNum ) : void
PcrSetAuthValue ( TpmHandle pcrHandle, byte auth ) : void
PolicyAuthValue ( TpmHandle policySession ) : void
PolicyAuthorize ( TpmHandle policySession, byte approvedPolicy, byte policyRef, byte keySign, TkVerified checkTicket ) : void
PolicyAuthorizeNV ( TpmHandle authHandle, TpmHandle nvIndex, TpmHandle policySession ) : void
PolicyCommandCode ( TpmHandle policySession, TpmCc code ) : void
PolicyCounterTimer ( TpmHandle policySession, byte operandB, ushort offset, Eo operation ) : void
PolicyCpHash ( TpmHandle policySession, byte cpHashA ) : void
PolicyDuplicationSelect ( TpmHandle policySession, byte objectName, byte newParentName, byte includeObject ) : void
PolicyGetDigest ( TpmHandle policySession ) : byte[]
PolicyLocality ( TpmHandle policySession, LocalityAttr locality ) : void
PolicyNV ( TpmHandle authHandle, TpmHandle nvIndex, TpmHandle policySession, byte operandB, ushort offset, Eo operation ) : void
PolicyNameHash ( TpmHandle policySession, byte nameHash ) : void
PolicyNvWritten ( TpmHandle policySession, byte writtenSet ) : void
PolicyOR ( TpmHandle policySession, Tpm2bDigest pHashList ) : void
PolicyPCR ( TpmHandle policySession, byte pcrDigest, PcrSelection pcrs ) : void
PolicyPassword ( TpmHandle policySession ) : void
PolicyPhysicalPresence ( TpmHandle policySession ) : void
PolicyRestart ( TpmHandle sessionHandle ) : void
PolicySecret ( TpmHandle authHandle, TpmHandle policySession, byte nonceTPM, byte cpHashA, byte policyRef, int expiration, [ policyTicket ) : byte[]
PolicySigned ( TpmHandle authObject, TpmHandle policySession, byte nonceTPM, byte cpHashA, byte policyRef, int expiration, ISignatureUnion auth, [ policyTicket ) : byte[]
PolicyTemplate ( TpmHandle policySession, byte templateHash ) : void
PolicyTicket ( TpmHandle policySession, byte timeout, byte cpHashA, byte policyRef, byte authName, TkAuth ticket ) : void
PpCommands ( TpmHandle auth, TpmCc setList, TpmCc clearList ) : void
Quote ( TpmHandle signHandle, byte qualifyingData, ISigSchemeUnion inScheme, PcrSelection PCRselect, [ signature ) : byte[]
ReadClock ( ) : TimeInfo
ReadPublic ( TpmHandle objectHandle, [ name, [ qualifiedName ) : TpmPublic
Rewrap ( TpmHandle oldParent, TpmHandle newParent, TpmPrivate inDuplicate, byte name, byte inSymSeed, [ outSymSeed ) : TpmPrivate
RsaDecrypt ( TpmHandle keyHandle, byte cipherText, IAsymSchemeUnion inScheme, byte label ) : byte[]
RsaEncrypt ( TpmHandle keyHandle, byte message, IAsymSchemeUnion inScheme, byte label ) : byte[]
SelfTest ( byte fullTest ) : void
SequenceComplete ( TpmHandle sequenceHandle, byte buffer, TpmHandle hierarchy, [ validation ) : byte[]
SequenceUpdate ( TpmHandle sequenceHandle, byte buffer ) : void
SetAlgorithmSet ( TpmHandle authHandle, uint algorithmSet ) : void
SetCommandCodeAuditStatus ( TpmHandle auth, TpmAlgId auditAlg, TpmCc setList, TpmCc clearList ) : void
SetPrimaryPolicy ( TpmHandle authHandle, byte authPolicy, TpmAlgId hashAlg ) : void
Shutdown ( Su shutdownType ) : void
Sign ( TpmHandle keyHandle, byte digest, ISigSchemeUnion inScheme, TkHashcheck validation ) : ISignatureUnion
SignAsync ( TpmHandle keyHandle, byte digest, ISigSchemeUnion inScheme, TkHashcheck validation ) : Task
StartAuthSession ( TpmHandle tpmKey, TpmHandle bind, byte nonceCaller, byte encryptedSalt, TpmSe sessionType, SymDef symmetric, TpmAlgId authHash, [ nonceTPM ) : TpmHandle
Startup ( Su startupType ) : void
StirRandom ( byte inData ) : void
TestParms ( IPublicParmsUnion parameters ) : void
Unseal ( TpmHandle itemHandle ) : byte[]
VendorTcgTest ( byte inputData ) : byte[]
VerifySignature ( TpmHandle keyHandle, byte digest, ISignatureUnion signature ) : TkVerified
ZGen2Phase ( TpmHandle keyA, EccPoint inQsB, EccPoint inQeB, TpmAlgId inScheme, ushort counter, [ outZ2 ) : EccPoint

Method Details

GetFirmwareVersionEx() public method

public GetFirmwareVersionEx ( ) : uint[]
return uint[]

GetPcrProperty() public static method

public static GetPcrProperty ( Tpm2 tpm, PtPcr prop ) : byte[]
tpm Tpm2
prop PtPcr
return byte[]

GetProperty() public static method

public static GetProperty ( Tpm2 tpm, Pt prop ) : uint
tpm Tpm2
prop Pt
return uint

GetTpmInfo() public static method

Get the date of the specification from which the TPM was built.
public static GetTpmInfo ( Tpm2 tpm, string &manufacturer, uint &year, uint &dayOfYear ) : void
tpm Tpm2
manufacturer string
year uint
dayOfYear uint
return void

StartAuthSessionEx() public method

Create a simple bound but unseeded session.
public StartAuthSessionEx ( TpmHandle boundEntity, TpmSe sessionType, TpmAlgId authHash, SessionAttr initialialAttrs = SessionAttr.ContinueSession, SymDef symDef = null, int nonceCallerSize ) : AuthSession
boundEntity TpmHandle
sessionType TpmSe
authHash TpmAlgId
initialialAttrs SessionAttr
symDef SymDef
nonceCallerSize int
return AuthSession

StartAuthSessionEx() public method

Create a simple unbound & unseeded session supporting session encryption.
public StartAuthSessionEx ( TpmSe sessionType, TpmAlgId authHash, SessionAttr initialialAttrs, SymDef symDef, int nonceCallerSize ) : AuthSession
sessionType TpmSe
authHash TpmAlgId
initialialAttrs SessionAttr
symDef SymDef
nonceCallerSize int
return AuthSession

StartAuthSessionEx() public method

Create a simple unbound & unseeded session.
public StartAuthSessionEx ( TpmSe sessionType, TpmAlgId authHash, SessionAttr initialialAttrs, int nonceCallerSize ) : AuthSession
sessionType TpmSe
authHash TpmAlgId
initialialAttrs SessionAttr
nonceCallerSize int
return AuthSession

StartAuthSessionEx() public method

Create a simple unbound & unseeded session.
public StartAuthSessionEx ( TpmSe sessionType, TpmAlgId authHash, int nonceCallerSize ) : AuthSession
sessionType TpmSe
authHash TpmAlgId
nonceCallerSize int
return AuthSession