private AuthHandleItem FindReservedHandle(IAuthorizableCommand cmd, AuthSessionNum authSession) { foreach (AuthHandleItem handle in _authHandles.FindAuthHandles(AuthHandleItem.AuthHandleStatus.SwappedIn)) { if (handle.AssociatedCommand == null) { continue; } if (handle.AssociatedCommand.Value.Key == authSession && handle.AssociatedCommand.Value.Value == cmd) { return(handle); } } foreach (AuthHandleItem handle in _authHandles.FindAuthHandles(AuthHandleItem.AuthHandleStatus.SwappedOut)) { if (handle.AssociatedCommand == null) { continue; } if (handle.AssociatedCommand.Value.Key == authSession && handle.AssociatedCommand.Value.Value == cmd) { return(handle); } } return(null); }
public void LoadAuthHandle(AuthHandle authHandle) { using (new LockContext(_authHandles, "AuthHandleManager::LoadAuthHandle")) { List <AuthHandleItem> myAuthHandles = _authHandles.FindAuthHandles(AuthHandleItem.AuthHandleStatus.SwappedOut); _logger.DebugFormat("LoadAuthHandle: #{0}", myAuthHandles.Count); foreach (AuthHandleItem handleItem in myAuthHandles) { _logger.DebugFormat("LoadAuthHandles: Found auth handle {0} with status {1}", handleItem.AuthHandle, handleItem.Status); if (handleItem.AuthHandle == authHandle && handleItem.Status != AuthHandleItem.AuthHandleStatus.SwappedIn) { //If we have an OSAP auth handle, make sure that the corresponding resource is loaded AuthSessionNum authSession = handleItem.AssociatedCommand.Value.Key; IAuthorizableCommand cmd = handleItem.AssociatedCommand.Value.Value; KeyHandle newKeyHandle; if (cmd.GetEntityType(authSession) == TPMEntityTypeLSB.TPM_ET_KEYHANDLE && cmd.GetHandle(authSession) != KeyHandle.KEY_SRK) { cmd.KeyManager.LoadKey(cmd.GetHandle(authSession)); newKeyHandle = cmd.KeyManager.IdentifierToHandle(cmd.GetHandle(authSession)); if (handleItem.AuthHandle.EntityValue != newKeyHandle.Handle) { throw new ArgumentException(string.Format("OSAP with entity type={0}, entity value={1} could not be restored", handleItem.AuthHandle.EntityType, handleItem.AuthHandle.EntityValue)); } } SwapIn(handleItem); _logger.DebugFormat("LoadAuthHandles: Swapped in {0}", handleItem.AuthHandle); } } } }
public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum) { if (authSessionNum == AuthSessionNum.Auth1) { string keyIdentifier = _params.GetValueOf <string>("key"); Parameters parameters = new Parameters(); parameters.AddPrimitiveType("identifier", keyIdentifier); return(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters)); } else if (authSessionNum == AuthSessionNum.Auth2) { string identifier = _params.GetValueOf <string>("key"); Parameters parameters = new Parameters(); parameters.AddPrimitiveType("identifier", identifier); return(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SealAuth, parameters)); } else { return(null); } }
/// <summary> /// Assures that the shared secret for the specified authorization handle has been /// calculated, if not it gets calculated. If no OSAP session exists, create it /// </summary> /// <param name="cmd"></param> /// <param name="sessionNum"></param> /// <returns></returns> public AuthHandle AssureOSAPSharedSecret(IAuthorizableCommand cmd, AuthSessionNum authSessionNum) { // using(AcquireLock()) // { // //Must not be called for OSAP at the moment because OSAP session are not cached // _tpmContext.AuthHandleManager.ReserveAuthHandleSlots(cmd); // } // HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum); if(keyInfo == null) return null; AuthHandle authHandle; using(AcquireLock()) { authHandle = _tpmContext.AuthHandleManager.GetAuthHandle(cmd, authSessionNum); } // If shared secret has not yet been generated, do it if(authHandle.SharedSecret == null) { GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest( _ctx, new HashByteDataProvider(authHandle.NonceEvenOSAP), new HashByteDataProvider(authHandle.NonceOddOSAP) ); request.TpmSessionIdentifier = _tpmSessionIdentifier; Parameters paramsSharedSecret = new Parameters(); if(cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_KEYHANDLE || cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_SRK) { if(cmd.GetHandle(authSessionNum) == KeyHandle.KEY_SRK) request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, new Parameters()); else { paramsSharedSecret.AddPrimitiveType("identifier", cmd.GetHandle(authSessionNum)); request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, paramsSharedSecret); } } else if(cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_OWNER) request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.OwnerSecret, new Parameters()); else throw new NotSupportedException(string.Format("CommandAuthorizationHelper does not support entity type '{0}'", cmd.GetEntityType(authSessionNum))); GenerateHMACResponse response = request.TypedExecute (); response.AssertResponse(); authHandle.SharedSecret = response.TpmAuthData; } return authHandle; }
public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum) { if (authSessionNum == AuthSessionNum.Auth1) { return(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.CounterSecret, new Parameters())); } return(null); }
public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum) { if (authSessionNum != AuthSessionNum.Auth1) { return(null); } return(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.OwnerSecret, null)); }
public override string GetHandle(AuthSessionNum authSessionNum) { if (authSessionNum == AuthSessionNum.Auth1) { return(_params.GetValueOf <string>("key")); } return(null); }
public override string GetHandle(AuthSessionNum authSessionNum) { if (authSessionNum == AuthSessionNum.Auth1) { return(TPMKeyHandles.TPM_KH_OWNER.ToString()); } return(null); }
public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum) { if (authSessionNum != AuthSessionNum.Auth1) { return(null); } Parameters hmacKeyInfoParams = new Parameters(); hmacKeyInfoParams.AddPrimitiveType("identifier", _params.GetValueOf <string>("key")); return(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, hmacKeyInfoParams)); }
public AuthHandle GetAuthHandle(IAuthorizableCommand cmd, AuthSessionNum authSession) { AuthHandleItem reservedHandle = null; using (new LockContext(_authHandles, string.Format("AuthHandleManager::GetAuthHandle {0}", cmd))) { reservedHandle = FindReservedHandle(cmd, authSession); // No reserved auth handle was found, create a new one if (reservedHandle == null) { reservedHandle = CreateAuthHandle(cmd, authSession); } } return(reservedHandle.AuthHandle); }
public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum) { if (authSessionNum != AuthSessionNum.Auth1) { return(null); } if (_params.GetValueOf <bool>("parent_key_srk")) { return(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, new Parameters())); } else { Parameters hmacKeyInfoParams = new Parameters(); hmacKeyInfoParams.AddPrimitiveType("identifier", _params.GetValueOf <string>("parent_identifier")); return(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, hmacKeyInfoParams)); } }
public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum) { if (authSessionNum != AuthSessionNum.Auth1) { return(null); } string parentIdentifier = _params.GetValueOf <string>("parent"); if (parentIdentifier == KeyHandle.KEY_SRK) { return(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, new Parameters())); } else { Parameters parameters = new Parameters(); parameters.AddPrimitiveType("identifier", parentIdentifier); return(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters)); } }
public virtual TPMEntityTypeLSB GetEntityType(AuthSessionNum austhSessionNum) { return(TPMEntityTypeLSB.TPM_ET_KEYHANDLE); }
public override string GetHandle(AuthSessionNum authSessionNum) { return null; }
public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum) { if(authSessionNum != AuthSessionNum.Auth1) return null; string parentIdentifier = _params.GetValueOf<string>("parent"); if(parentIdentifier == KeyHandle.KEY_SRK) return new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, new Parameters()); else { Parameters parameters = new Parameters(); parameters.AddPrimitiveType("identifier", parentIdentifier); return new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters); } }
public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum) { if(authSessionNum == AuthSessionNum.Auth1) return new HMACKeyInfo(HMACKeyInfo.HMACKeyType.CounterSecret, new Parameters()); return null; }
public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum) { if(authSessionNum != AuthSessionNum.Auth1) return null; string keyIdentifier = _params.GetValueOf<string>("key"); Parameters parameters = new Parameters(); parameters.AddPrimitiveType("identifier", keyIdentifier); return new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters); }
public override string GetHandle(AuthSessionNum authSessionNum) { return(null); }
public override TPMEntityTypeLSB GetEntityType(AuthSessionNum austhSessionNum) { return(TPMEntityTypeLSB.TPM_ET_OWNER); }
public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum) { if (authSessionNum != AuthSessionNum.Auth1) return null; return new HMACKeyInfo (HMACKeyInfo.HMACKeyType.OwnerSecret, null); }
public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum) { if(authSessionNum != AuthSessionNum.Auth1) return null; if(_params.GetValueOf<bool>("parent_key_srk")) return new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, new Parameters()); else { Parameters hmacKeyInfoParams = new Parameters(); hmacKeyInfoParams.AddPrimitiveType("identifier", _params.GetValueOf<string>("parent_identifier")); return new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, hmacKeyInfoParams); } }
public override string GetHandle(AuthSessionNum authSessionNum) { if(authSessionNum == AuthSessionNum.Auth1) return TPMKeyHandles.TPM_KH_OWNER.ToString(); return null; }
public override TPMEntityTypeLSB GetEntityType(AuthSessionNum austhSessionNum) { return TPMEntityTypeLSB.TPM_ET_OWNER; }
public abstract HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum);
public virtual string GetHandle(AuthSessionNum authSessionNum) { return null; }
public override string GetHandle(AuthSessionNum authSessionNum) { if(authSessionNum == AuthSessionNum.Auth1) return _params.GetValueOf<string>("key"); return null; }
/// <summary> /// Assures that the shared secret for the specified authorization handle has been /// calculated, if not it gets calculated. If no OSAP session exists, create it /// </summary> /// <param name="cmd"></param> /// <param name="sessionNum"></param> /// <returns></returns> public AuthHandle AssureOSAPSharedSecret(IAuthorizableCommand cmd, AuthSessionNum authSessionNum) { // using(AcquireLock()) // { // //Must not be called for OSAP at the moment because OSAP session are not cached // _tpmContext.AuthHandleManager.ReserveAuthHandleSlots(cmd); // } // HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum); if (keyInfo == null) { return(null); } AuthHandle authHandle; using (AcquireLock()) { authHandle = _tpmContext.AuthHandleManager.GetAuthHandle(cmd, authSessionNum); } // If shared secret has not yet been generated, do it if (authHandle.SharedSecret == null) { GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest( _ctx, new HashByteDataProvider(authHandle.NonceEvenOSAP), new HashByteDataProvider(authHandle.NonceOddOSAP) ); request.TpmSessionIdentifier = _tpmSessionIdentifier; Parameters paramsSharedSecret = new Parameters(); if (cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_KEYHANDLE || cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_SRK) { if (cmd.GetHandle(authSessionNum) == KeyHandle.KEY_SRK) { request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, new Parameters()); } else { paramsSharedSecret.AddPrimitiveType("identifier", cmd.GetHandle(authSessionNum)); request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, paramsSharedSecret); } } else if (cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_OWNER) { request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.OwnerSecret, new Parameters()); } else { throw new NotSupportedException(string.Format("CommandAuthorizationHelper does not support entity type '{0}'", cmd.GetEntityType(authSessionNum))); } GenerateHMACResponse response = request.TypedExecute(); response.AssertResponse(); authHandle.SharedSecret = response.TpmAuthData; } return(authHandle); }
private AuthHandleItem CreateAuthHandle(IAuthorizableCommand cmd, AuthSessionNum authSession) { if (cmd.SupportsAuthType(AuthHandle.AuthType.OIAP)) { TPMCommandRequest oiapRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_OIAP, new Parameters()); TPMCommandResponse oiapResponse = _tpmContext.TPM.Process(oiapRequest, cmd.CommandAuthHelper, cmd.KeyManager); if (oiapResponse.Status == false) { throw new TPMRequestException("Unknown error while creating oiap auth handle"); } AuthHandle newAuthHandle = oiapResponse.Parameters.GetValueOf <AuthHandle>("auth_handle"); AuthHandleItem authHandleItem = new AuthHandleItem(newAuthHandle, AuthHandleItem.AuthHandleStatus.SwappedIn); authHandleItem.AssociatedCommand = new KeyValuePair <AuthSessionNum, IAuthorizableCommand>(authSession, cmd); using (new LockContext(_authHandles, "CreateAuthHandle OIAP")) { _authHandles.AddAuthHandle(authHandleItem); AddNewItem(authHandleItem); } return(authHandleItem); } else if (cmd.SupportsAuthType(AuthHandle.AuthType.OSAP)) { Parameters parameters = new Parameters(); parameters.AddPrimitiveType("entity_msb", TPMEntityTypeMSB.TPM_ET_XOR); parameters.AddPrimitiveType("entity_lsb", cmd.GetEntityType(authSession)); string identifier = cmd.GetHandle(authSession); if (identifier == null) { throw new TPMRequestException("Missing entity value for OSAP session"); } parameters.AddPrimitiveType("entity_value", identifier); TPMCommandRequest osapRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_OSAP, parameters); TPMCommandResponse osapResponse = _tpmContext.TPM.Process(osapRequest, cmd.CommandAuthHelper, cmd.KeyManager); if (osapResponse.Status == false) { throw new TPMRequestException("Unknown error while creating osap auth handle"); } AuthHandle newAuthHandle = osapResponse.Parameters.GetValueOf <AuthHandle>("auth_handle"); AuthHandleItem authHandleItem = new AuthHandleItem(newAuthHandle, AuthHandleItem.AuthHandleStatus.SwappedIn); authHandleItem.AssociatedCommand = new KeyValuePair <AuthSessionNum, IAuthorizableCommand>(authSession, cmd); using (new LockContext(_authHandles, "CreateAuthHandle OSAP")) { _authHandles.AddAuthHandle(authHandleItem); AddNewItem(authHandleItem); } return(authHandleItem); } else { throw new NotSupportedException("Command does not support a suitable AuthType"); } }
public virtual TPMEntityTypeLSB GetEntityType(AuthSessionNum austhSessionNum) { return TPMEntityTypeLSB.TPM_ET_KEYHANDLE; }
public virtual string GetHandle(AuthSessionNum authSessionNum) { return(null); }