Inheritance: TpmStructureBase, IPublicIdUnion
Ejemplo n.º 1
0
        /// <summary>
        /// Verify that a TPM quote matches an expect PCR selection, is well formed, and is properly signed
        /// by the private key corresponding to this public key.
        /// </summary>
        /// <param name="pcrDigestAlg"></param>
        /// <param name="expectedSelectedPcr"></param>
        /// <param name="expectedPcrValues"></param>
        /// <param name="nonce"></param>
        /// <param name="quotedInfo"></param>
        /// <param name="signature"></param>
        /// <param name="qualifiedNameOfSigner"></param>
        /// <returns></returns>
        public bool VerifyQuote(
            TpmAlgId pcrDigestAlg,
            PcrSelection[] expectedSelectedPcr,
            Tpm2bDigest[] expectedPcrValues,
            byte[] nonce,
            Attest quotedInfo,
            ISignatureUnion signature,
            byte[] qualifiedNameOfSigner = null)
        {
            if (!(quotedInfo.attested is QuoteInfo))
            {
                return false;
            }

            if (quotedInfo.magic != Generated.Value)
            {
                return false;
            }

            if (!quotedInfo.extraData.IsEqual(nonce))
            {
                return false;
            }

            // Check environment of signer (name) is expected
            if (qualifiedNameOfSigner != null)
            {
                if (!quotedInfo.qualifiedSigner.IsEqual(qualifiedNameOfSigner))
                {
                    return false;
                }
            }

            // Now check the quote-specific fields
            var quoted = (QuoteInfo)quotedInfo.attested;

            // Check values pcr indices are what we expect
            if (!Globs.ArraysAreEqual(quoted.pcrSelect, expectedSelectedPcr))
            {
                return false;
            }

            // Check that values in the indices above are what we expect
            // ReSharper disable once UnusedVariable
            var expected = new PcrValueCollection(expectedSelectedPcr, expectedPcrValues);
            var m = new Marshaller();

            foreach (Tpm2bDigest d in expectedPcrValues)
            {
                m.Put(d.buffer, "");
            }

            TpmHash expectedPcrHash = TpmHash.FromData(pcrDigestAlg, m.GetBytes());
            if (!Globs.ArraysAreEqual(expectedPcrHash, quoted.pcrDigest))
            {
                return false;
            }

            // And finally check the signature
            bool sigOk = VerifySignatureOverData(quotedInfo.GetTpmRepresentation(), signature);
            return sigOk;
        }
Ejemplo n.º 2
0
        /// <summary>
        /// Create activation blobs that can be passed to ActivateCredential.  Two blobs are returned -
        /// (a) - encryptedSecret - is the symmetric key cfb-symmetrically encrypted with an enveloping key
        /// (b) credentialBlob (the return value of this function) - is the enveloping key OEAP (RSA) encrypted
        ///         by the public part of this key.
        /// </summary>
        /// <param name="secret"></param>
        /// <param name="nameAlgId"></param>
        /// <param name="nameOfKeyToBeActivated"></param>
        /// <param name="encryptedSecret"></param>
        /// <returns>CredentialBlob (</returns>
        public byte[] CreateActivationCredentials(
            byte[] secret,
            TpmAlgId nameAlgId,
            byte[] nameOfKeyToBeActivated,
            out byte[] encryptedSecret)
        {
            byte[] seed, encSecret;

            switch (type)
            {
                case TpmAlgId.Rsa:
                    // The seed should be the same size as the symmKey
                    seed = Globs.GetRandomBytes((CryptoLib.DigestSize(nameAlg) + 7) / 8);
                    encSecret = EncryptOaep(seed, ActivateEncodingParms);
                    break;
                case TpmAlgId.Ecc:
                    EccPoint pubEphem;
                    seed = EcdhGetKeyExchangeKey(ActivateEncodingParms, nameAlg, out pubEphem);
                    encSecret = Marshaller.GetTpmRepresentation(pubEphem);
                    break;
                default:
                    throw new NotImplementedException("activate crypto scheme not implemented");
            }

            Transform(seed);
            Transform(encSecret);

            var cvx = new Tpm2bDigest(secret);
            byte[] cvTpm2B = Marshaller.GetTpmRepresentation(cvx);
            Transform(cvTpm2B);

            SymDefObject symDef = TssObject.GetSymDef(this);
            byte[] symKey = KDF.KDFa(nameAlg, seed, "STORAGE", nameOfKeyToBeActivated, new byte[0], symDef.KeyBits);
            Transform(symKey);

            byte[] encIdentity;
            using (SymmCipher symm2 = SymmCipher.Create(symDef, symKey))
            {
                encIdentity = symm2.CFBEncrypt(cvTpm2B);
            }
            Transform(encIdentity);

            var hmacKeyBits = (uint)CryptoLib.DigestSize(nameAlg);
            byte[] hmacKey = KDF.KDFa(nameAlg, seed, "INTEGRITY", new byte[0], new byte[0], hmacKeyBits * 8);
            Transform(hmacKey);
            byte[] outerHmac = CryptoLib.HmacData(nameAlg,
                                                  hmacKey,
                                                  Globs.Concatenate(encIdentity, nameOfKeyToBeActivated));
            Transform(outerHmac);

            byte[] activationBlob = Globs.Concatenate(
                                                      Marshaller.ToTpm2B(outerHmac),
                                                      encIdentity);

            Transform(activationBlob);

            encryptedSecret = encSecret;

            return activationBlob;
        }
Ejemplo n.º 3
0
 public Tpm2bDigest(Tpm2bDigest the_Tpm2bDigest)
 {
     if((Object) the_Tpm2bDigest == null ) throw new ArgumentException(Globs.GetResourceString("parmError"));
     buffer = the_Tpm2bDigest.buffer;
 }
Ejemplo n.º 4
0
 ///<param name = "the_digests">a list of digests For TPM2_PolicyOR(), all digests will have been computed using the digest of the policy session. For TPM2_PCR_Read(), each digest will be the size of the digest for the bank containing the PCR.</param>
 public DigestArray(
 Tpm2bDigest[] the_digests
 )
 {
     this.digests = the_digests;
 }
Ejemplo n.º 5
0
 public void PolicyOR(
     TpmHandle policySession,
     Tpm2bDigest[] pHashList
 )
 {
     Tpm2PolicyORRequest inS = new Tpm2PolicyORRequest();
     inS.policySession = policySession;
     inS.pHashList = pHashList;
     TpmStructureBase outSBase;
     DispatchMethod(TpmCc.PolicyOR, (TpmStructureBase) inS, typeof(Tpm2PolicyORResponse), out outSBase, 1, 0);
 }
Ejemplo n.º 6
0
 ///<param name = "the_policySession">handle for the policy session being extended Auth Index: None</param>
 ///<param name = "the_pHashList">the list of hashes to check for a match</param>
 public Tpm2PolicyORRequest(
 TpmHandle the_policySession,
 Tpm2bDigest[] the_pHashList
 )
 {
     this.policySession = the_policySession;
     this.pHashList = the_pHashList;
 }
Ejemplo n.º 7
0
 ///<param name = "the_pcrUpdateCounter">the current value of the PCR update counter</param>
 ///<param name = "the_pcrSelectionOut">the PCR in the returned list</param>
 ///<param name = "the_pcrValues">the contents of the PCR indicated in pcrSelect as tagged digests</param>
 public Tpm2PcrReadResponse(
 uint the_pcrUpdateCounter,
 PcrSelection[] the_pcrSelectionOut,
 Tpm2bDigest[] the_pcrValues
 )
 {
     this.pcrUpdateCounter = the_pcrUpdateCounter;
     this.pcrSelectionOut = the_pcrSelectionOut;
     this.pcrValues = the_pcrValues;
 }
Ejemplo n.º 8
0
        /// <summary>
        /// Calculates and returns the policy-hashes of the attached branches.
        /// </summary>
        /// <param name="hashAlg"></param>
        /// <returns></returns>
        public Tpm2bDigest[] GetPolicyHashArray(TpmAlgId hashAlg)
        {
            int numBranches = PolicyBranches.Count;
            if (numBranches < 2 || numBranches > 8)
            {
                Globs.Throw("GetPolicyHashArray: Must have between 2 and 8 branches in a PolicyOr");
            }

            int i = 0;
            var childHashes = new Tpm2bDigest[numBranches];
            foreach (PolicyAce branch in PolicyBranches)
            {
                TpmHash branchPolicyHash = branch.GetPolicyDigest(hashAlg);
                childHashes[i++] = branchPolicyHash;
            }

            return childHashes;
        }
Ejemplo n.º 9
0
 public PcrValueCollection(PcrSelection[] pcrSelection, Tpm2bDigest[] values)
 {
     // Calculate how many indivudal PCRs we have
     int count = pcrSelection.Sum(sel => sel.GetSelectedPcrs().Length);
     Values = new PcrValue[count];
     // Now set the PcrValue[] based on the selection and values
     count = 0;
     foreach (PcrSelection sel in pcrSelection)
     {
         foreach (uint pcrNum in sel.GetSelectedPcrs())
         {
             Values[count] = new PcrValue(pcrNum, new TpmHash(sel.hash, values[count].buffer));
             count++;
         }
     }
 }