0

我一直在寻找一种将值安全地存储到受信任的执行环境中的方法,我从 Microsoft 找到了这个名为 Tpm2Lib 的库。我正在使用下面的代码,它实际上是有效的,但我对安全性有些担忧。众所周知,数据安全地存储在 TPM 中,但是查看代码,AuthValue byte[] 初始化在这里,很容易被反汇编。如果攻击者反汇编我的代码,他可以轻松编写具有相同 AuthValue 的软件从 TPM 中获取秘密.. 我是对的吗?

    public static AuthValue _authValue = new AuthValue(new byte[] { 22, 123, 22, 1, 33 });

            public static void SaveValueIntoTpm(int address, byte[] data, int length, AuthValue authValue)
    {
        Tpm2Device tpmDevice;
        if (System.Runtime.InteropServices.RuntimeInformation.IsOSPlatform(System.Runtime.InteropServices.OSPlatform.Windows))
        {
            tpmDevice = new TbsDevice();
        }
        else
        {
            tpmDevice = new LinuxTpmDevice();
        }
        tpmDevice.Connect();

        var tpm = new Tpm2(tpmDevice);

        var ownerAuth = new AuthValue();
        TpmHandle nvHandle = TpmHandle.NV(address);

        tpm[ownerAuth]._AllowErrors().NvUndefineSpace(TpmHandle.RhOwner, nvHandle);

        AuthValue nvAuth = authValue;
        var nvPublic = new NvPublic(nvHandle, TpmAlgId.Sha1, NvAttr.Authwrite | NvAttr.Authread, new byte[0], (ushort)length);
        tpm[ownerAuth].NvDefineSpace(TpmHandle.RhOwner, nvAuth,nvPublic);

        tpm[nvAuth].NvWrite(nvHandle, nvHandle, data, 0);
        tpm.Dispose();
    }

    public static byte[] ReadValueFromTpm(int address, int length, AuthValue authValue)
    {
        Tpm2Device tpmDevice;
        if (System.Runtime.InteropServices.RuntimeInformation.IsOSPlatform(System.Runtime.InteropServices.OSPlatform.Windows))
        {
            tpmDevice = new TbsDevice();
        }
        else
        {
            tpmDevice = new LinuxTpmDevice();
        }
        tpmDevice.Connect();
        var tpm = new Tpm2(tpmDevice);
        TpmHandle nvHandle = TpmHandle.NV(address);
        AuthValue nvAuth = authValue;
        byte[] newData = tpm[nvAuth].NvRead(nvHandle, nvHandle, (ushort)length, 0);
        tpm.Dispose();
        return newData;
    }
4

0 回答 0