provisioning/security/tpm-provider-emulator/src/main/java/com/microsoft/azure/sdk/iot/provisioning/security/hsm/SecurityProviderTPMEmulator.java [249:283]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - private TPMT_PUBLIC createPersistentPrimary(Tpm tpm, TPM_HANDLE hPersistent, TPM_RH hierarchy, TPMT_PUBLIC inPub, String primaryRole) throws SecurityProviderException { ReadPublicResponse rpResp = tpm._allowErrors().ReadPublic(hPersistent); if (rpResp == null) { throw new SecurityProviderException("ReadPublicResponse cannot be null"); } TPM_RC rc = tpm._getLastResponseCode(); if (rc == TPM_RC.SUCCESS) { log.info("Successfully read {} from TPM without creating a new one", primaryRole); // TODO: Check if the public area of the existing key matches the requested one return rpResp.outPublic; } if (rc != TPM_RC.HANDLE) { throw new SecurityProviderException("Unexpected failure {" + rc.name() + "} of TPM2_ReadPublic for {" + primaryRole + "}"); } log.info("Creating {} since the TPM didn't have one already", primaryRole); TPMS_SENSITIVE_CREATE sens = new TPMS_SENSITIVE_CREATE(new byte[0], new byte[0]); CreatePrimaryResponse cpResp = tpm.CreatePrimary(TPM_HANDLE.from(hierarchy), sens, inPub, new byte[0], new TPMS_PCR_SELECTION[0]); if (cpResp == null) { throw new SecurityProviderException("CreatePrimaryResponse cannot be null"); } tpm.EvictControl(TPM_HANDLE.from(TPM_RH.OWNER), cpResp.handle, hPersistent); tpm.FlushContext(cpResp.handle); return cpResp.outPublic; } - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - provisioning/security/tpm-provider/src/main/java/com/microsoft/azure/sdk/iot/provisioning/security/hsm/SecurityProviderTPMHsm.java [119:153]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - private TPMT_PUBLIC createPersistentPrimary(Tpm tpm, TPM_HANDLE hPersistent, TPM_RH hierarchy, TPMT_PUBLIC inPub, String primaryRole) throws SecurityProviderException { ReadPublicResponse rpResp = tpm._allowErrors().ReadPublic(hPersistent); if (rpResp == null) { throw new SecurityProviderException("ReadPublicResponse cannot be null"); } TPM_RC rc = tpm._getLastResponseCode(); if (rc == TPM_RC.SUCCESS) { log.info("Successfully read {} from TPM without creating a new one", primaryRole); // TODO: Check if the public area of the existing key matches the requested one return rpResp.outPublic; } if (rc != TPM_RC.HANDLE) { throw new SecurityProviderException("Unexpected failure {" + rc.name() + "} of TPM2_ReadPublic for {" + primaryRole + "}"); } log.info("Creating {} since the TPM didn't have one already", primaryRole); TPMS_SENSITIVE_CREATE sens = new TPMS_SENSITIVE_CREATE(new byte[0], new byte[0]); CreatePrimaryResponse cpResp = tpm.CreatePrimary(TPM_HANDLE.from(hierarchy), sens, inPub, new byte[0], new TPMS_PCR_SELECTION[0]); if (cpResp == null) { throw new SecurityProviderException("CreatePrimaryResponse cannot be null"); } tpm.EvictControl(TPM_HANDLE.from(TPM_RH.OWNER), cpResp.handle, hPersistent); tpm.FlushContext(cpResp.handle); return cpResp.outPublic; } - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -