Ejemplo n.º 1
0
        protected override TPMCommandResponse InternalProcess()
        {
            byte[] ownerAuth = _params.GetValueOf <byte[]> (PARAM_OWNERAUTH);
            byte[] srkAuth   = _params.GetValueOf <byte[]> (PARAM_SRKAUTH);


            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_TakeOwnership);

            requestBlob.WriteUInt16((ushort)TPMProtocolId.TPM_PID_OWNER);

            requestBlob.WriteUInt32((uint)ownerAuth.Length);
            requestBlob.Write(ownerAuth, 0, ownerAuth.Length);

            requestBlob.WriteUInt32((uint)srkAuth.Length);
            requestBlob.Write(srkAuth, 0, srkAuth.Length);

            _tpmKey.WriteToTpmBlob(requestBlob);

            _responseBlob = AuthorizeMeAndTransmit(requestBlob);

            CheckResponseAuthInfo();

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_TakeOwnership, new Parameters()));
        }
Ejemplo n.º 2
0
        protected override TPMCommandResponse InternalProcess()
        {
            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_LoadKey2);

            //If not loaded load now
            if (_params.GetValueOf <bool>("parent_key_srk") == false)
            {
                _keyManager.LoadKey(_params.GetValueOf <string>("parent_identifier"));
            }

            //To be inserted later
            requestBlob.WriteUInt32(0);

            _tpmKey.WriteToTpmBlob(requestBlob);

            //Blocking authorize, blocks till the user has entered the authorization data
            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                _keyManager.EnsureFreeSlot();
                uint tpmKeyHandle;

                if (_params.GetValueOf <bool>("parent_key_srk"))
                {
                    tpmKeyHandle = (uint)TPMKeyHandles.TPM_KH_SRK;
                }
                else
                {
                    tpmKeyHandle = _keyManager.IdentifierToHandle(_params.GetValueOf <string>("parent_identifier")).Handle;
                }

                //Write key handle to the first position after the header
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(tpmKeyHandle);

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();
            uint      loadedTpmHandle = _responseBlob.ReadUInt32();
            KeyHandle loadedHandle    = new KeyHandle(_params.GetValueOf <string>("key_identifier"), loadedTpmHandle);

            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("handle", loadedHandle);
            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_LoadKey2, _responseParameters));
        }
Ejemplo n.º 3
0
        protected override TPMCommandResponse InternalProcess()
        {
            // Unencrypted authorization values, they need to be XOR-Encrypted with
            // XOR(auth, SHA-1(OSAP shared secret | session nonce))
            //
            // OSAP_shared_secret = HMAC(key=usage secret of key handle, nonce even osap | nonce odd osap)
            AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);


            _usageAuth     = _params.GetValueOf <byte[]> ("usage_auth");
            _migrationAuth = _params.GetValueOf <byte[]> ("migration_auth");
            byte[] xorKey = new HashProvider().Hash(
                new HashByteDataProvider(auth1OSAP.SharedSecret),
                new HashByteDataProvider(auth1OSAP.NonceEven));

            ByteHelper.XORBytes(_usageAuth, xorKey);
            ByteHelper.XORBytes(_migrationAuth, xorKey);

            //Load parent key if not loaded
            _keyManager.LoadKey(_params.GetValueOf <string>("parent"));

            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateWrapKey);

            //parent key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_usageAuth, 0, 20);
            requestBlob.Write(_migrationAuth, 0, 20);
            _tpmKey.WriteToTpmBlob(requestBlob);



            using (_keyManager.AcquireLock())
            {
                AuthorizeMe(requestBlob);
                requestBlob.SkipHeader();

                if (_params.GetValueOf <string>("parent") == KeyHandle.KEY_SRK)
                {
                    requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
                }
                else
                {
                    requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("parent")).Handle);
                }

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();
            TPMKeyCore newKey = new TPMKeyCore(_responseBlob);

            _responseParameters = new Parameters();

            //Build and save the key identifier
            //The key identifier is the hex-string representation of the hash of the newly created key
            _responseParameters.AddPrimitiveType("key_identifier",
                                                 ByteHelper.ByteArrayToHexString(
                                                     new HashProvider().Hash(
                                                         new HashByteDataProvider(
                                                             ByteHelper.SerializeToBytes(newKey)
                                                             )
                                                         ),
                                                     ""));

            _responseParameters.AddPrimitiveType("key_data", ByteHelper.SerializeToBytes(newKey));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateWrapKey, _responseParameters));
        }