/// <summary>
/// Checks if the specified key is loaded, if not
/// the key hierachy is reconstructed and loaded.
/// </summary>
/// <param name="identifier"></param>
/// <param name="keyContext">Specifies the context in which an already loaded key can be used.
/// If a key has already been loaded in another context it is not allowed to use this key</param>
public void LoadKey(string identifier, object keyContext, IKeyManagerHelper keymanagerHelper, ICommandAuthorizationHelper commandAuthHelper)
{
KeyHandleItem keyHandleItem;
using (AcquireLock())
{
keyHandleItem = _keyHandles.FindKeyHandleItem(identifier, keyContext);
}
if (keyHandleItem == null)
{
InternalLoadKey(identifier, keyContext, keymanagerHelper, commandAuthHelper);
}
else
{
//If the key was loaded and is currently Swapped out it would get
//loaded by an outside call of IdentifierToHandle, but if the keyHandle
//was not used for a long time or of many key handles where loaded in the meantime,
//it is neccessary to re-authorize the key handle (call Load Key again)
//This would block the entire Keymanager for a long time because the secrets are requested
//from the client so it is done here where the keymanager is (normally) not locked
IdentifierToHandle(identifier, keyContext, keymanagerHelper);
}
}
public TPMCommandResponse Process(TPMCommandRequest request, ICommandAuthorizationHelper commandAuthorizationHelper,
IKeyManagerHelper keyManager)
{
TPMCommand command = TPMCommandFactory.Create(request.CommandIdentifier);
command.SetCommandLockProvider(_commandLockProvider);
command.SetKeyManager(keyManager);
command.SetCommandAuthorizationHelper(commandAuthorizationHelper);
command.Init(request.Parameters, _backend, this);
return(command.Process());
}
/// <summary>
/// Returns the tpm handle of the given key identifier,
/// The key must be loaded before. If the key is swapped out it gets swapped in.
/// AcquireLock should be called outside, otherwise it is possible that the key handle gets swapped out by another
/// thread
/// </summary>
/// <param name="identifier"></param>
/// <param name="keyContext">Specifies the context in which an already loaded key can be used.
/// If a key has already been loaded in another context it is not allowed to use this key</param>
/// <returns></returns>
public KeyHandle IdentifierToHandle(string identifier, object keyContext, IKeyManagerHelper keymanagerHelper)
{
using (AcquireLock())
{
KeyHandleItem keyHandleItem = _keyHandles.FindKeyHandleItem(identifier, keyContext);
if (keyHandleItem == null)
{
throw new KeyNotFoundException(string.Format("Keymanager could not find loaded key with identifier '{0}'", identifier));
}
if (keyHandleItem.Status == KeyHandleItem.KeyHandleStatus.SwappedOut)
{
SwapIn(keyHandleItem);
}
_replacementAlgorithm.RegisterUsed(ItemToId(keyHandleItem).Value);
_replacementAlgorithm.Update();
return(keyHandleItem.KeyHandle);
}
}
/// <summary>
/// Recursivly loads the specified key hierachy and returns the identifier of the parent key
/// </summary>
/// <param name="identifier">identifier of the key whos parent should be loaded</param>
/// <param name="keyContext"></param>
/// <param name="keystore"></param>
/// <returns></returns>
private string InternalLoadKey(string identifier, object keyContext, IKeyManagerHelper keymanagerHelper, ICommandAuthorizationHelper commandAuthHelper)
{
if (identifier == KeyHandle.KEY_SRK)
{
return(null);
}
//SRK
if (identifier == null)
{
return(null);
}
if (keymanagerHelper.ContainsIdentifier(identifier) == false)
{
throw new ArgumentException(string.Format("Keystore does not contain key with identifier: '{0}'", identifier));
}
bool reloadKey = true;
KeyHandleItem keyHandleItem = null;
while (reloadKey)
{
using (AcquireLock())
{
keyHandleItem = _keyHandles.FindKeyHandleItem(identifier, keyContext);
if (keyHandleItem == null)
{
//If no key handle with such an identifier exists, add a NotLoaded entry,
//so other threads can wait for that handle to become ready
_keyHandles.AddKeyHandle(new KeyHandleItem(new KeyHandle(identifier, 0),
KeyHandleItem.KeyHandleStatus.NotLoaded, keyContext));
}
}
reloadKey = false;
//The key is currently being loaded, wait till the loading process has finished/or failed
if (keyHandleItem != null && keyHandleItem.Status == KeyHandleItem.KeyHandleStatus.NotLoaded)
{
keyHandleItem.LoadedEvt.WaitOne();
reloadKey = true;
}
}
//Key is already loaded/swaped out
if (keyHandleItem != null)
{
IdentifierToHandle(identifier, keyContext, keymanagerHelper);
return(identifier);
}
string parentKey = keymanagerHelper.FindParentKey(identifier);
InternalLoadKey(parentKey, keyContext, keymanagerHelper, commandAuthHelper);
Parameters paramLoadKey = new Parameters();
// Load the key
//SRK
if (parentKey == null || parentKey == KeyHandle.KEY_SRK)
{
paramLoadKey.AddPrimitiveType("parent_key_srk", true);
}
else
{
paramLoadKey.AddPrimitiveType("parent_key_srk", false);
//paramLoadKey.AddPrimitiveType("parent_handle", IdentifierToHandle(parentKey, keyContext, keymanagerHelper));
paramLoadKey.AddPrimitiveType("parent_identifier", parentKey);
}
paramLoadKey.AddPrimitiveType("key_identifier", identifier);
paramLoadKey.AddPrimitiveType("key_blob", keymanagerHelper.GetKeyBlob(identifier));
TPMCommandRequest requestLoadKey = new TPMCommandRequest(TPMCommandNames.TPM_CMD_LoadKey2, paramLoadKey);
TPMCommandResponse responseLoadKey = _tpmContext.TPM.Process(requestLoadKey, commandAuthHelper, keymanagerHelper);
if (responseLoadKey.Status == false)
{
KeyHandleItem keyHandleToRemove = _keyHandles.FindKeyHandleItem(identifier, keyContext);
if (keyHandleToRemove != null)
{
keyHandleItem.LoadedEvt.Set();
_keyHandles.RemoveKeyHandle(keyHandleToRemove);
}
throw new TPMRequestException("Unknown error on running TPM_LoadKey2");
}
using (AcquireLock())
{
//Make sure that a dummy (not loaded) keyhandleitem get removed
KeyHandleItem keyHandleToRemove = _keyHandles.FindKeyHandleItem(identifier, keyContext);
if (keyHandleToRemove != null)
{
keyHandleToRemove.LoadedEvt.Set();
_keyHandles.RemoveKeyHandle(keyHandleToRemove);
}
KeyHandleItem item = new KeyHandleItem(responseLoadKey.Parameters.GetValueOf <KeyHandle>("handle"),
KeyHandleItem.KeyHandleStatus.SwappedIn, keyContext);
_keyHandles.AddKeyHandle(item);
AddNewItem(item);
}
return(parentKey);
}
public void SetKeyManager(IKeyManagerHelper keyManager)
{
_keyManager = keyManager;
}
public TPMCommandResponse Process(TPMCommandRequest request, ICommandAuthorizationHelper commandAuthorizationHelper,
IKeyManagerHelper keyManager)
{
TPMCommand command = TPMCommandFactory.Create (request.CommandIdentifier);
command.SetCommandLockProvider(_commandLockProvider);
command.SetKeyManager(keyManager);
command.SetCommandAuthorizationHelper(commandAuthorizationHelper);
command.Init (request.Parameters, _backend, this);
return command.Process ();
}
public void SetKeyManager(IKeyManagerHelper keyManager)
{
_keyManager = keyManager;
}
