provisioning/security/tpm-provider-emulator/src/main/java/com/microsoft/azure/sdk/iot/provisioning/security/hsm/SecurityProviderTPMEmulator.java [475:547]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - if (edResp == null) { //SRS_SecurityProviderTPMEmulator_25_0027: [ This method shall throw if Encrypt Decrypt the symmetric Key fails. ] throw new SecurityProviderException("EncryptDecryptResponse cannot be null"); } //SRS_SecurityProviderTPMEmulator_25_028: [ This method shall flush the context for the symmetric Key. ] tpm.FlushContext(hSymKey); return null; } /** * This method signs the TPM with the provided device ID * @param deviceIdData A non {@code null} or empty value for the device ID * @return The signature after signing data. * @throws SecurityProviderException If signing was not successful */ @Override public byte[] signWithIdentity(byte[] deviceIdData) throws SecurityProviderException { if (deviceIdData == null || deviceIdData.length == 0) { //SRS_SecurityProviderTPMEmulator_25_029: [ This method shall throw IllegalArgumentException if `deviceIdData` is null or empty. ] throw new IllegalArgumentException("deviceIdData cannot be null or empty"); } if (idKeyPub == null) { //SRS_SecurityProviderTPMEmulator_25_030: [ This method shall throw SecurityProviderException if ID KEY public was not instantiated. ] throw new SecurityProviderException("activateIdentityKey first before signing"); } // // Generate token data, and sign it using the new Device ID key // //SRS_SecurityProviderTPMEmulator_25_031: [ This method shall sign the device ID data. ] return signData(tpm, idKeyPub.publicArea, deviceIdData); } /** * Getter for extracting EndorsementKey from TPM * @return The Endorsement Key from TPM */ @Override public byte[] getEndorsementKey() { //SRS_SecurityProviderTPMEmulator_25_032: [ This method shall return the TPM2B_PUBLIC form of EK. ] return (new TPM2B_PUBLIC(ekPublic)).toTpm(); } /** * Getter for extracting StorageRootKey from TPM * @return The StorageRootKey from TPM */ @Override public byte[] getStorageRootKey() { //SRS_SecurityProviderTPMEmulator_25_033: [ This method shall return the TPM2B_PUBLIC form of SRK. ] return (new TPM2B_PUBLIC(srkPublic)).toTpm(); } /** * Random number generator * @param numBytes Size of the array to generate * @return An array of random bytes */ private byte[] getRandom(int numBytes) { if (rand==null) rand = new Random(); byte[] res = new byte[numBytes]; rand.nextBytes(res); return res; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - provisioning/security/tpm-provider/src/main/java/com/microsoft/azure/sdk/iot/provisioning/security/hsm/SecurityProviderTPMHsm.java [345:417]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - if (edResp == null) { //SRS_SecurityProviderTPMHsm_25_0027: [ This method shall throw if Encrypt Decrypt the symmetric Key fails. ] throw new SecurityProviderException("EncryptDecryptResponse cannot be null"); } //SRS_SecurityProviderTPMHsm_25_028: [ This method shall flush the context for the symmetric Key. ] tpm.FlushContext(hSymKey); return null; } /** * This method signs the TPM with the provided device ID * @param deviceIdData A non {@code null} or empty value for the device ID * @return The signature after signing data. * @throws SecurityProviderException If signing was not successful */ @Override public byte[] signWithIdentity(byte[] deviceIdData) throws SecurityProviderException { if (deviceIdData == null || deviceIdData.length == 0) { //SRS_SecurityProviderTPMHsm_25_029: [ This method shall throw IllegalArgumentException if `deviceIdData` is null or empty. ] throw new IllegalArgumentException("deviceIdData cannot be null or empty"); } if (idKeyPub == null) { //SRS_SecurityProviderTPMHsm_25_030: [ This method shall throw SecurityProviderException if ID KEY public was not instantiated. ] throw new SecurityProviderException("activateIdentityKey first before signing"); } // // Generate token data, and sign it using the new Device ID key // //SRS_SecurityProviderTPMHsm_25_031: [ This method shall sign the device ID data. ] return signData(tpm, idKeyPub.publicArea, deviceIdData); } /** * Getter for extracting EndorsementKey from TPM * @return The Endorsement Key from TPM */ @Override public byte[] getEndorsementKey() { //SRS_SecurityProviderTPMHsm_25_032: [ This method shall return the TPM2B_PUBLIC form of EK. ] return (new TPM2B_PUBLIC(ekPublic)).toTpm(); } /** * Getter for extracting StorageRootKey from TPM * @return The StorageRootKey from TPM */ @Override public byte[] getStorageRootKey() { //SRS_SecurityProviderTPMHsm_25_033: [ This method shall return the TPM2B_PUBLIC form of SRK. ] return (new TPM2B_PUBLIC(srkPublic)).toTpm(); } /** * Random number generator * @param numBytes Size of the array to generate * @return An array of random bytes */ private byte[] getRandom(int numBytes) { if (rand==null) rand = new Random(); byte[] res = new byte[numBytes]; rand.nextBytes(res); return res; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -