public void WriteAuthorizationInfo(TPMBlob target, AuthorizationInfo authInfo)
{
target.WriteUInt32(authInfo.Handle.Handle);
target.Write(authInfo.Handle.NonceOdd, 0, authInfo.Handle.NonceOdd.Length);
target.WriteBool(authInfo.ContinueAuthSession);
target.Write(authInfo.AuthData, 0, authInfo.AuthData.Length);
}
public void WriteToTpmBlob(TPMBlob blob)
{
((ITPMBlobWritable)_version).WriteToTpmBlob(blob);
blob.Write(_fixed, 0, _fixed.Length);
blob.Write(_compositeHash, 0, _compositeHash.Length);
blob.Write(_nonce, 0, _nonce.Length);
}
protected override TPMCommandResponse InternalProcess()
{
byte[] ownerAuth = _params.GetValueOf <byte[]> (PARAM_OWNERAUTH);
byte[] srkAuth = _params.GetValueOf <byte[]> (PARAM_SRKAUTH);
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_TakeOwnership);
requestBlob.WriteUInt16((ushort)TPMProtocolId.TPM_PID_OWNER);
requestBlob.WriteUInt32((uint)ownerAuth.Length);
requestBlob.Write(ownerAuth, 0, ownerAuth.Length);
requestBlob.WriteUInt32((uint)srkAuth.Length);
requestBlob.Write(srkAuth, 0, srkAuth.Length);
_tpmKey.WriteToTpmBlob(requestBlob);
_responseBlob = AuthorizeMeAndTransmit(requestBlob);
CheckResponseAuthInfo();
return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_TakeOwnership, new Parameters()));
}
public void WriteToTpmBlob(TPMBlob blob)
{
((ITPMBlobWritable)_versionStruct).WriteToTpmBlob(blob);
blob.WriteUInt32((uint)_sealInfo.Length);
blob.Write(_sealInfo, 0, _sealInfo.Length);
blob.WriteUInt32((uint)_encData.Length);
blob.Write(_encData, 0, _encData.Length);
}
protected override TPMCommandResponse InternalProcess()
{
// Unencrypted authorization values, they need to be XOR-Encrypted with
// XOR(auth, SHA-1(OSAP shared secret | session nonce))
//
// OSAP_shared_secret = HMAC(key=usage secret of key handle, nonce even osap | nonce odd osap)
AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);
_encAuth = _params.GetValueOf <byte[]> ("data_auth");
byte[] xorKey = new HashProvider().Hash(
new HashByteDataProvider(auth1OSAP.SharedSecret),
new HashByteDataProvider(auth1OSAP.NonceEven));
ByteHelper.XORBytes(_encAuth, xorKey);
//Load parent key if not loaded
_keyManager.LoadKey(_params.GetValueOf <string>("key"));
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Seal);
//key handle gets inserted later, it may be not available now
requestBlob.WriteUInt32(0);
requestBlob.Write(_encAuth, 0, 20);
TPMBlobWriteableHelper.WriteITPMBlobWritableWithUIntSize(requestBlob, _pcrInfo);
requestBlob.WriteUInt32((uint)_inData.Length);
requestBlob.Write(_inData, 0, _inData.Length);
AuthorizeMe(requestBlob);
using (_keyManager.AcquireLock())
{
requestBlob.SkipHeader();
requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("key")).Handle);
_responseBlob = TransmitMe(requestBlob);
}
CheckResponseAuthInfo();
_responseBlob.SkipHeader();
TPMStoredDataCore sealedData = TPMStoredDataCore.CreateFromTPMBlob(_responseBlob);
Parameters responseParams = new Parameters();
responseParams.AddPrimitiveType("data", ByteHelper.SerializeToBytes(sealedData));
return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Seal, responseParams));
}
public void WriteToTpmBlob(TPMBlob blob)
{
((ITPMBlobWritable)_pcrSelection).WriteToTpmBlob(blob);
byte[] digestAtRelease = DigestAtRelease;
byte[] digestAtCreation = DigestAtCreation;
if (digestAtRelease.Length != 20 || digestAtCreation.Length != 20)
{
throw new ArgumentException("Digest length of TPMPCRInfo != 20");
}
blob.Write(digestAtRelease, 0, digestAtRelease.Length);
blob.Write(digestAtCreation, 0, digestAtCreation.Length);
}
public override TPMCommandResponse Process()
{
if (_params.IsDefined <ITPMHandle>("handle") == false ||
_params.IsDefined <byte[]>("context_blob") == false)
{
return(new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_LoadContext, new Parameters()));
}
ITPMHandle handle = _params.GetValueOf <ITPMHandle>("handle");
TPMBlob blob = new TPMBlob();
blob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_LoadContext);
blob.WriteUInt32(handle.Handle);
blob.WriteBool(handle.ForceHandle);
blob.WriteUInt32((uint)handle.ContextBlob.Length);
blob.Write(handle.ContextBlob, 0, handle.ContextBlob.Length);
TPMBlob responseBlob = TransmitMe(blob);
responseBlob.SkipHeader();
handle.Handle = responseBlob.ReadUInt32();
Parameters responseParameters = new Parameters();
responseParameters.AddValue("handle", handle);
return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_LoadContext, responseParameters));
}
public override TPMCommandResponse Process()
{
byte[] nonce = NonceGenerator.GenerateByteNonce(20);
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadPubek);
requestBlob.Write(nonce, 0, nonce.Length);
requestBlob.WriteCmdSize();
TPMBlob responseBlob = TransmitMe(requestBlob);
responseBlob.SkipHeader();
long posStart = responseBlob.Position;
TPMPubkeyCore pubkey = TPMPubkeyCore.CreateFromTPMBlob(responseBlob);
long posEnd = responseBlob.Position;
Digest digest = new Digest(responseBlob, 20);
if (digest.CompareTo(
new HashStreamDataProvider(responseBlob, posStart, posEnd - posStart, false),
new HashByteDataProvider(nonce)) == false)
{
throw new TPMResponseException("Local digest does not match remote digest");
}
Parameters responseParams = new Parameters();
responseParams.AddValue(TPMPubkey.PARAM_TPM_PUBKEY, pubkey);
return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_ReadPubek, responseParams));
}
public void WriteToTpmBlob(TPMBlob blob)
{
blob.WriteUInt32(_keyLength);
blob.WriteUInt32(_numPrimes);
blob.WriteUInt32((uint)_exponent.Length);
blob.Write(_exponent, 0, _exponent.Length);
}
public void WriteToTpmBlob(TPMBlob blob)
{
((ITPMBlobWritable)_pcrSelection).WriteToTpmBlob(blob);
blob.WriteUInt32((uint)_pcrValues.Length * 20);
foreach (byte[] pcrValue in _pcrValues)
{
blob.Write(pcrValue, 0, pcrValue.Length);
}
}
protected override TPMCommandResponse InternalProcess()
{
AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);
byte[] xorKey = new HashProvider().Hash(
new HashByteDataProvider(auth1OSAP.SharedSecret),
new HashByteDataProvider(auth1OSAP.NonceEven));
ByteHelper.XORBytes(_secret, xorKey);
if (_secret.Length != 20)
{
throw new ArgumentException("secret needs to be 20 bytes long (SHA1 hash)");
}
if (_label.Length != 4)
{
throw new ArgumentException("Label needs to be 4 bytes long");
}
using (TPMBlob requestBlob = new TPMBlob())
{
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateCounter);
requestBlob.Write(_secret, 0, 20);
requestBlob.Write(_label, 0, 4);
_responseBlob = AuthorizeMeAndTransmit(requestBlob);
}
_responseBlob.SkipHeader();
_responseParameters = new Parameters();
_responseParameters.AddPrimitiveType("counter_id", _responseBlob.ReadUInt32());
_responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));
return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters));
}
/// <summary>
/// Writes target to sink with the uint size preceding
/// </summary>
/// <param name="sink"></param>
/// <param name="target"></param>
public static void WriteITPMBlobWritableWithUIntSize(TPMBlob sink, ITPMBlobWritable target)
{
if (target == null)
{
sink.WriteUInt32(0);
}
else
{
using (TPMBlob tempBlob = new TPMBlob())
{
target.WriteToTpmBlob(tempBlob);
sink.WriteUInt32((uint)tempBlob.Length);
sink.Write(tempBlob.ToArray(), 0, (int)tempBlob.Length);
}
}
}
public void WriteToTpmBlob(TPMBlob blob)
{
((ITPMBlobWritable)_version).WriteToTpmBlob(blob);
blob.WriteUInt16((ushort)_keyUsage);
blob.WriteUInt32((uint)_keyFlags);
blob.WriteByte((byte)_authDataUsage);
((ITPMBlobWritable)_algorithmParams).WriteToTpmBlob(blob);
//TODO: PCR info size
blob.WriteUInt32(0);
((ITPMBlobWritable)_pubKey).WriteToTpmBlob(blob);
blob.WriteUInt32((uint)_encData.Length);
blob.Write(_encData, 0, _encData.Length);
}
public override TPMCommandResponse Process()
{
//We don't have any meaningful labeldata we could include,
//so generate some random
byte[] labelData = new byte[16];
Random r = new Random();
r.NextBytes(labelData);
if (_params.IsDefined <ITPMHandle>("handle") == false)
{
return(new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_SaveContext, new Parameters()));
}
ITPMHandle handle = _params.GetValueOf <ITPMHandle>("handle");
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_SaveContext);
requestBlob.WriteUInt32(handle.Handle);
requestBlob.WriteUInt32((uint)handle.ResourceType);
requestBlob.Write(labelData, 0, labelData.Length);
TPMBlob responseBlob = TransmitMe(requestBlob);
responseBlob.SkipHeader();
uint blobSize = responseBlob.ReadUInt32();
byte[] contextBlob = responseBlob.ReadBytes((int)blobSize);
Parameters responseParams = new Parameters();
responseParams.AddPrimitiveType("context_blob", contextBlob);
return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_SaveContext, responseParams));
}
protected override TPMCommandResponse InternalProcess()
{
//Load parent key if not loaded
_keyManager.LoadKey(_params.GetValueOf <string>("key"));
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_UnBind);
//key handle gets inserted later, it may be not available now
requestBlob.WriteUInt32(0);
requestBlob.WriteUInt32((uint)_inData.Length);
requestBlob.Write(_inData, 0, _inData.Length);
AuthorizeMe(requestBlob);
using (_keyManager.AcquireLock())
{
requestBlob.SkipHeader();
requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("key")).Handle);
_responseBlob = TransmitMe(requestBlob);
}
CheckResponseAuthInfo();
_responseBlob.SkipHeader();
uint dataSize = _responseBlob.ReadUInt32();
byte[] responseData = new byte[dataSize];
_responseBlob.Read(responseData, 0, responseData.Length);
Parameters responseParams = new Parameters();
responseParams.AddPrimitiveType("data", responseData);
return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Unbind, responseParams));
}
public override TPMCommandResponse Process()
{
using (TPMBlob requestBlob = new TPMBlob())
{
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_Extend);
requestBlob.WriteUInt32(_params.GetValueOf <uint>("pcr"));
byte[] digest = _params.GetValueOf <byte[]>("digest");
if (digest.Length != 20)
{
throw new ArgumentException("Digest needs to be of length '20'");
}
requestBlob.Write(digest, 0, digest.Length);
_responseBlob = TransmitMe(requestBlob);
}
_responseBlob.SkipHeader();
_responseParameters = new Parameters();
_responseParameters.AddPrimitiveType("pcr_value", _responseBlob.ReadBytes(20));
return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Extend, _responseParameters));
}
public override TPMCommandResponse Process()
{
TPMEntityTypeLSB entityLSB = _params.GetValueOf <TPMEntityTypeLSB>("entity_lsb");
TPMEntityTypeMSB entityMSB = _params.GetValueOf <TPMEntityTypeMSB>("entity_msb");
string identifier = _params.GetValueOf <string>("entity_value");
if (entityLSB != TPMEntityTypeLSB.TPM_ET_KEYHANDLE &&
entityLSB != TPMEntityTypeLSB.TPM_ET_SRK &&
entityLSB != TPMEntityTypeLSB.TPM_ET_OWNER)
{
throw new ArgumentException("TPM_OSAP does currently not support entityType: " + entityLSB.ToString());
}
if (entityMSB != TPMEntityTypeMSB.TPM_ET_XOR)
{
throw new ArgumentException(string.Format("TPM_OSAP does currently not support '{0}' EncAuth encryption", entityMSB));
}
if (entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
{
//We now know that the current identifier is a key identifier (maybe srk, but then the value is ignored by TPM_OSAP).
//So we invoke the key manager to load the key with the specified identifier and establish an OSAP session
_keyManager.LoadKey(identifier);
}
//handle is not known yet
AuthHandle authHandle = new AuthHandle(AuthHandle.AuthType.OSAP, 0);
authHandle.EntityType = entityLSB;
authHandle.NewNonceOddOSAP();
using (_keyManager.AcquireLock())
{
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OSAP);
requestBlob.WriteUInt16((ushort)(((ushort)entityMSB << 8) | (ushort)entityLSB));
if (entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
{
if (identifier == KeyHandle.KEY_SRK)
{
requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_SRK;
}
else
{
KeyHandle keyHandle = _keyManager.IdentifierToHandle(identifier);
requestBlob.WriteUInt32(keyHandle.Handle);
authHandle.EntityValue = keyHandle.Handle;
}
}
else if (entityLSB == TPMEntityTypeLSB.TPM_ET_OWNER)
{
requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_OWNER);
authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_OWNER;
}
requestBlob.Write(authHandle.NonceOddOSAP, 0, authHandle.NonceOddOSAP.Length);
requestBlob.WriteCmdSize();
_commandAuthHelper.EnsureFreeSlot();
_responseBlob = TransmitMe(requestBlob);
}
_responseBlob.SkipHeader();
AuthHandleCore receivedAuthHandle = new AuthHandleCore(AuthHandle.AuthType.OSAP, _responseBlob);
authHandle.UpdateFromOtherAuthHandle(receivedAuthHandle);
_responseParameters = new Parameters();
_responseParameters.AddValue("auth_handle", authHandle);
return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OSAP, _responseParameters));
}
protected override TPMCommandResponse InternalProcess()
{
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Quote);
//key handle gets inserted later, it may be not available now
requestBlob.WriteUInt32(0);
requestBlob.Write(_nonce, 0, 20);
_pcrSelection.WriteToTpmBlob(requestBlob);
_keyManager.LoadKey(_params.GetValueOf <string>("key"));
AuthorizeMe(requestBlob);
using (_keyManager.AcquireLock())
{
requestBlob.SkipHeader();
requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("key")).Handle);
_responseBlob = TransmitMe(requestBlob);
}
CheckResponseAuthInfo();
_responseBlob.SkipHeader();
TPMPCRCompositeCore pcrComposite = TPMPCRCompositeCore.CreateFromTPMBlob(_responseBlob);
uint sigSize = _responseBlob.ReadUInt32();
byte[] signature = _responseBlob.ReadBytes((int)sigSize);
// Do signature verification
TPMQuoteInfoCore quoteInfo = TPMQuoteInfoCore.Create(new HashProvider().Hash(new HashTPMBlobWritableDataProvider(pcrComposite)), _nonce);
byte[] signingData;
using (TPMBlob blob = new TPMBlob())
{
quoteInfo.WriteToTpmBlob(blob);
signingData = blob.ToArray();
}
Parameters pubKeyParams = new Parameters();
pubKeyParams.AddPrimitiveType("key", _params.GetValueOf <string>("key"));
TPMCommandRequest pubKeyRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetPubKey, pubKeyParams);
TPMCommandResponse pubKeyResponse = _tpmWrapper.Process(pubKeyRequest,
_commandAuthHelper, _keyManager);
if (pubKeyResponse.Status == false)
{
_log.FatalFormat("TPM_Quote: Could not retrieve pubkey of key");
return(new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_Quote, new Parameters()));
}
TPMKey keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(_params.GetValueOf <string>("key")));
TPMPubkey pubkey = pubKeyResponse.Parameters.GetValueOf <TPMPubkey>("pubkey");
if (SignatureVerification.VerifySignature(keyInfo, pubkey, signingData, signature) == false)
{
throw new ArgumentException("The TPM_Quote signature could not be verified");
}
Parameters responseParams = new Parameters();
responseParams.AddValue("pcrData", pcrComposite);
responseParams.AddPrimitiveType("sig", signature);
return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Quote, responseParams));
}
public void WriteToTpmBlob(TPMBlob blob)
{
((ITPMBlobWritable)_version).WriteToTpmBlob(blob);
blob.WriteByte((byte)_payloadType);
blob.Write(_payload, 0, _payload.Length);
}
protected override TPMCommandResponse InternalProcess()
{
string key = _params.GetValueOf <string>("key");
_keyManager.LoadKey(key);
TPMKey keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(key));
if (keyInfo == null)
{
throw new ArgumentException(string.Format("TPM_Sign could not retrieve keyinfo for key '{0}'", key));
}
byte[] areaToSign = null;
if (keyInfo.AlgorithmParams.SigScheme == TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1)
{
//Client has hopefully put data in the right format ready for the tpm to process
if (_params.IsDefined <byte[]>("areaToSign"))
{
areaToSign = _params.GetValueOf <byte[]>("areaToSign");
}
//Client just sends data, tpm lib cares about the right, signature dependent, processing
else if (_params.IsDefined <byte[]>("data"))
{
byte[] data = _params.GetValueOf <byte[]>("data");
areaToSign = new HashProvider().Hash(new HashByteDataProvider(data));
}
if (areaToSign.Length != 20)
{
throw new ArgumentException(string.Format("Sig scheme '{0}' expects an area to sign with length 20!", keyInfo.AlgorithmParams.SigScheme));
}
}
else
{
throw new ArgumentException(string.Format("TPM_Sign has not implemented signature scheme '{0}' for algorithm '{1}'", keyInfo.AlgorithmParams.SigScheme, keyInfo.AlgorithmParams.AlgorithmId));
}
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Sign);
//key handle gets inserted later, it may be not available now
requestBlob.WriteUInt32(0);
requestBlob.WriteUInt32((uint)areaToSign.Length);
requestBlob.Write(areaToSign, 0, areaToSign.Length);
AuthorizeMe(requestBlob);
using (_keyManager.AcquireLock())
{
requestBlob.SkipHeader();
requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(key).Handle);
_responseBlob = TransmitMe(requestBlob);
}
CheckResponseAuthInfo();
_responseBlob.SkipHeader();
uint sigSize = _responseBlob.ReadUInt32();
byte[] signature = _responseBlob.ReadBytes((int)sigSize);
Parameters responseParams = new Parameters();
responseParams.AddPrimitiveType("sig", signature);
return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Sign, responseParams));
}
public void WriteToTpmBlob(TPMBlob blob)
{
blob.WriteUInt32((uint)_pubkey.Length);
blob.Write(_pubkey, 0, _pubkey.Length);
}
protected override TPMCommandResponse InternalProcess()
{
// Unencrypted authorization values, they need to be XOR-Encrypted with
// XOR(auth, SHA-1(OSAP shared secret | session nonce))
//
// OSAP_shared_secret = HMAC(key=usage secret of key handle, nonce even osap | nonce odd osap)
AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);
_usageAuth = _params.GetValueOf <byte[]> ("usage_auth");
_migrationAuth = _params.GetValueOf <byte[]> ("migration_auth");
byte[] xorKey = new HashProvider().Hash(
new HashByteDataProvider(auth1OSAP.SharedSecret),
new HashByteDataProvider(auth1OSAP.NonceEven));
ByteHelper.XORBytes(_usageAuth, xorKey);
ByteHelper.XORBytes(_migrationAuth, xorKey);
//Load parent key if not loaded
_keyManager.LoadKey(_params.GetValueOf <string>("parent"));
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateWrapKey);
//parent key handle gets inserted later, it may be not available now
requestBlob.WriteUInt32(0);
requestBlob.Write(_usageAuth, 0, 20);
requestBlob.Write(_migrationAuth, 0, 20);
_tpmKey.WriteToTpmBlob(requestBlob);
using (_keyManager.AcquireLock())
{
AuthorizeMe(requestBlob);
requestBlob.SkipHeader();
if (_params.GetValueOf <string>("parent") == KeyHandle.KEY_SRK)
{
requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
}
else
{
requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("parent")).Handle);
}
_responseBlob = TransmitMe(requestBlob);
}
CheckResponseAuthInfo();
_responseBlob.SkipHeader();
TPMKeyCore newKey = new TPMKeyCore(_responseBlob);
_responseParameters = new Parameters();
//Build and save the key identifier
//The key identifier is the hex-string representation of the hash of the newly created key
_responseParameters.AddPrimitiveType("key_identifier",
ByteHelper.ByteArrayToHexString(
new HashProvider().Hash(
new HashByteDataProvider(
ByteHelper.SerializeToBytes(newKey)
)
),
""));
_responseParameters.AddPrimitiveType("key_data", ByteHelper.SerializeToBytes(newKey));
return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateWrapKey, _responseParameters));
}
public void WriteToTpmBlob(TPMBlob blob)
{
blob.WriteUInt16((ushort)_pcrSelection.Data.Length);
blob.Write(_pcrSelection.Data, 0, _pcrSelection.Data.Length);
}