public override TPMCommandResponse Process() { if (_params.IsDefined <ITPMHandle>("handle") == false || _params.IsDefined <byte[]>("context_blob") == false) { return(new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_LoadContext, new Parameters())); } ITPMHandle handle = _params.GetValueOf <ITPMHandle>("handle"); TPMBlob blob = new TPMBlob(); blob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_LoadContext); blob.WriteUInt32(handle.Handle); blob.WriteBool(handle.ForceHandle); blob.WriteUInt32((uint)handle.ContextBlob.Length); blob.Write(handle.ContextBlob, 0, handle.ContextBlob.Length); TPMBlob responseBlob = TransmitMe(blob); responseBlob.SkipHeader(); handle.Handle = responseBlob.ReadUInt32(); Parameters responseParameters = new Parameters(); responseParameters.AddValue("handle", handle); return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_LoadContext, responseParameters)); }
public override TPMCommandResponse Process() { byte[] nonce = NonceGenerator.GenerateByteNonce(20); TPMBlob requestBlob = new TPMBlob(); requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadPubek); requestBlob.Write(nonce, 0, nonce.Length); requestBlob.WriteCmdSize(); TPMBlob responseBlob = TransmitMe(requestBlob); responseBlob.SkipHeader(); long posStart = responseBlob.Position; TPMPubkeyCore pubkey = TPMPubkeyCore.CreateFromTPMBlob(responseBlob); long posEnd = responseBlob.Position; Digest digest = new Digest(responseBlob, 20); if (digest.CompareTo( new HashStreamDataProvider(responseBlob, posStart, posEnd - posStart, false), new HashByteDataProvider(nonce)) == false) { throw new TPMResponseException("Local digest does not match remote digest"); } Parameters responseParams = new Parameters(); responseParams.AddValue(TPMPubkey.PARAM_TPM_PUBKEY, pubkey); return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_ReadPubek, responseParams)); }
/// <summary> /// Performs the actual swap-in operation /// </summary> /// <param name="item"></param> protected override void SwappedIn(KeyHandleItem item) { if (item.Status != KeyHandleItem.KeyHandleStatus.SwappedOut) { throw new ArgumentException("Invalid key handle state for swap in operation"); } if (AvailableKeySlots <= LoadedKeys) { SwapOut(); } Parameters swapInParameters = new Parameters(); swapInParameters.AddValue("handle", item.KeyHandle); swapInParameters.AddPrimitiveType("context_blob", item.KeyHandle.ContextBlob); TPMCommandRequest swapInRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_LoadContext, swapInParameters); TPMCommandResponse swapInResponse = _tpmContext.TPM.Process(swapInRequest); if (swapInResponse.Status == false) { throw new TPMRequestException("Keymanager: Unknown error while swap in operation"); } item.KeyHandle.Handle = swapInResponse.Parameters.GetValueOf <ITPMHandle>("handle").Handle; }
/// <summary> /// Seals data to the specified pcr selection, /// create a valid pcr selection with session.CreateEmptyPCRSelection /// </summary> /// <param name="pcrSelection"></param> /// <param name="data">Data to seal</param> /// <returns></returns> public byte[] Seal(TPMPCRSelection pcrSelection, byte[] data) { Parameters paramsSeal = new Parameters(); paramsSeal.AddPrimitiveType("in_data", data); paramsSeal.AddPrimitiveType("key", _keyIdentifier); paramsSeal.AddValue("pcr_selection", pcrSelection); Parameters paramsSecret = new Parameters(); paramsSecret.AddPrimitiveType("identifier", KeyIdentifier); ProtectedPasswordStorage authSeal = _tpmSession.RequestSecret(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SealAuth, paramsSecret)); if (authSeal.Hashed == false) { authSeal.Hash(); } authSeal.DecryptHash(); paramsSeal.AddPrimitiveType("data_auth", authSeal.HashValue); try { TPMCommandResponse sealResponse = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Seal, paramsSeal); return(sealResponse.Parameters.GetValueOf <byte[]>("data")); } finally { if (authSeal != null) { authSeal.ClearHash(); } } }
/// <summary> /// Performs the actual swap-in operation /// </summary> /// <param name="item"></param> protected override void SwappedIn(AuthHandleItem item) { //uint oldHandle = item.AuthHandle.Handle; if (item.Status != AuthHandleItem.AuthHandleStatus.SwappedOut) { throw new ArgumentException("Invalid auth handle state for swap in operation"); } using (new LockContext(_authHandles, "AuthHandleManager::SwappedIn")) { if (AvailableSessionSlots <= LoadedSessions) { SwapOut(); } Parameters swapInParameters = new Parameters(); swapInParameters.AddValue("handle", item.AuthHandle); swapInParameters.AddPrimitiveType("context_blob", item.AuthHandle.ContextBlob); TPMCommandRequest swapInRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_LoadContext, swapInParameters); TPMCommandResponse swapInResponse = _tpmContext.TPM.Process(swapInRequest); if (swapInResponse.Status == false) { throw new TPMRequestException("Unknown error while swap in operation"); } item.AuthHandle.Handle = swapInResponse.Parameters.GetValueOf <ITPMHandle>("handle").Handle; item.Status = AuthHandleItem.AuthHandleStatus.SwappedIn; } }
/// <summary> /// Performs the actual swap-out operation /// </summary> /// <param name="item"></param> protected override void SwappedOut(AuthHandleItem item) { if (item.Status != AuthHandleItem.AuthHandleStatus.SwappedIn) { throw new ArgumentException("Invalid auth handle state for swap out operation"); } using (new LockContext(_authHandles, "AuthHandleManager::SwappedOut")) { Parameters swapOutParameters = new Parameters(); swapOutParameters.AddValue("handle", item.AuthHandle); TPMCommandRequest swapOutRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_SaveContext, swapOutParameters); TPMCommandResponse swapOutResponse = _tpmContext.TPM.Process(swapOutRequest); if (swapOutResponse.Status == false) { throw new TPMRequestException("Unknown error while swap out operation"); } item.Status = AuthHandleItem.AuthHandleStatus.SwappedOut; item.AuthHandle.ContextBlob = swapOutResponse.Parameters.GetValueOf <byte[]>("context_blob"); } }
/// <summary> /// Performs the actual swap-out operation /// </summary> /// <param name="item"></param> protected override void SwappedOut(KeyHandleItem item) { if (item.Status != KeyHandleItem.KeyHandleStatus.SwappedIn) { throw new ArgumentException("Invalid auth handle state for swap out operation"); } Parameters swapOutParameters = new Parameters(); swapOutParameters.AddValue("handle", item.KeyHandle); TPMCommandRequest swapOutRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_SaveContext, swapOutParameters); TPMCommandResponse swapOutResponse = _tpmContext.TPM.Process(swapOutRequest); if (swapOutResponse.Status == false) { throw new TPMRequestException("Unknown error while swap out operation"); } //For key handles the tpm does not release the memory after save context TPMCommandRequest flushRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_FlushSpecific, swapOutParameters); TPMCommandResponse flushResponse = _tpmContext.TPM.Process(flushRequest); if (flushResponse.Status == false) { throw new TPMRequestException("Unknown error while swap out (flush) operation"); } item.Status = KeyHandleItem.KeyHandleStatus.SwappedOut; item.KeyHandle.ContextBlob = swapOutResponse.Parameters.GetValueOf <byte[]>("context_blob"); }
public override TPMCommandResponse Process() { byte[] nonce = NonceGenerator.GenerateByteNonce (20); TPMBlob requestBlob = new TPMBlob (); requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadPubek); requestBlob.Write (nonce, 0, nonce.Length); requestBlob.WriteCmdSize (); TPMBlob responseBlob = TransmitMe(requestBlob); responseBlob.SkipHeader (); long posStart = responseBlob.Position; TPMPubkeyCore pubkey = TPMPubkeyCore.CreateFromTPMBlob(responseBlob); long posEnd = responseBlob.Position; Digest digest = new Digest (responseBlob, 20); if (digest.CompareTo ( new HashStreamDataProvider (responseBlob, posStart, posEnd - posStart, false), new HashByteDataProvider (nonce)) == false) { throw new TPMResponseException ("Local digest does not match remote digest"); } Parameters responseParams = new Parameters (); responseParams.AddValue (TPMPubkey.PARAM_TPM_PUBKEY, pubkey); return new TPMCommandResponse (true, TPMCommandNames.TPM_CMD_ReadPubek, responseParams); }
/// <summary> /// Reads the configured tpm devices from the configuration and /// sets up the corresponding tpm contexts /// </summary> private void SetupTPMContexts() { IConnectionsConfiguration connectionConfig = (IConnectionsConfiguration)ConfigurationManager.GetSection("connections"); foreach (Iaik.Tc.TPM.Configuration.DotNetConfiguration.TPMDevice device in connectionConfig.TpmDevices) { try { _logger.InfoFormat("Setting up tpm context '{0}'", device.TPMName); TPMWrapper tpmDevice = new TPMWrapper(); tpmDevice.Init(device.TPMType, device.Parameters); TPMContext tpmContext = new TPMContext(device.TPMName, tpmDevice); _tpmContexts.Add(device.TPMName, tpmContext); _logger.InfoFormat("Flushing device '{0}'", device.TPMName); foreach (TPMResourceType resourceType in new TPMResourceType[] { TPMResourceType.TPM_RT_AUTH, TPMResourceType.TPM_RT_KEY }) { Parameters listLoadedHandlesParameters = new Parameters(); listLoadedHandlesParameters.AddPrimitiveType("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE); listLoadedHandlesParameters.AddPrimitiveType("handle_type", resourceType); TPMCommandRequest listLoadedHandlesRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetCapability, listLoadedHandlesParameters); TPMCommandResponse response = tpmDevice.Process(listLoadedHandlesRequest); if (response.Status == false) { throw new Exception("An unknown tpm exception while flushing occured"); } foreach (uint handle in response.Parameters.GetValueOf <HandleList> ("handles")) { Parameters flushParameters = new Parameters(); flushParameters.AddValue("handle", HandleFactory.Create(resourceType, handle)); TPMCommandRequest flushRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_FlushSpecific, flushParameters); TPMCommandResponse flushResponse = tpmDevice.Process(flushRequest); if (flushResponse.Status == false) { throw new Exception("Something went wrong while flushing"); } } } _logger.InfoFormat("Successfully setup tpm context '{0}' with type '{1}'", device.TPMName, device.TPMType); } catch (Exception ex) { _logger.FatalFormat("Error setting up tpm device '{0}', the device will not be available ({1})", device.TPMName, ex); } ///Set the Assembly search order for incoming Parameters so that core classes are always at first Parameters.AssemblySearchOrder = new Assembly[] { typeof(TPMWrapper).Assembly, //lib core typeof(ITypedParameter).Assembly }; //lib common } }
public override TPMCommandResponse Process() { TPMBlob requestBlob = new TPMBlob(); requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OIAP); requestBlob.WriteCmdSize(); _commandAuthHelper.EnsureFreeSlot(); TPMBlob responseBlob = TransmitMe(requestBlob); responseBlob.SkipHeader(); AuthHandleCore authHandle = new AuthHandleCore(AuthHandle.AuthType.OIAP, responseBlob); _responseParameters = new Parameters(); _responseParameters.AddValue("auth_handle", authHandle); return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OIAP, _responseParameters); }
public override TPMCommandResponse Process() { using(TPMBlob requestBlob = new TPMBlob()) { requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadCounter); requestBlob.WriteUInt32(_params.GetValueOf<uint>("counter_id")); _responseBlob = TransmitMe(requestBlob); } _responseBlob.SkipHeader(); _responseParameters = new Parameters(); _responseParameters.AddPrimitiveType("counter_id", _params.GetValueOf<uint>("counter_id")); _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob)); return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_ReadCounter, _responseParameters); }
public override TPMCommandResponse Process() { TPMBlob requestBlob = new TPMBlob(); requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OIAP); requestBlob.WriteCmdSize(); _commandAuthHelper.EnsureFreeSlot(); TPMBlob responseBlob = TransmitMe(requestBlob); responseBlob.SkipHeader(); AuthHandleCore authHandle = new AuthHandleCore(AuthHandle.AuthType.OIAP, responseBlob); _responseParameters = new Parameters(); _responseParameters.AddValue("auth_handle", authHandle); return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OIAP, _responseParameters)); }
public override TPMCommandResponse Process() { using (TPMBlob requestBlob = new TPMBlob()) { requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadCounter); requestBlob.WriteUInt32(_params.GetValueOf <uint>("counter_id")); _responseBlob = TransmitMe(requestBlob); } _responseBlob.SkipHeader(); _responseParameters = new Parameters(); _responseParameters.AddPrimitiveType("counter_id", _params.GetValueOf <uint>("counter_id")); _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob)); return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_ReadCounter, _responseParameters)); }
protected override TPMCommandResponse InternalProcess() { using (TPMBlob requestBlob = new TPMBlob()) { requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_IncrementCounter); requestBlob.WriteUInt32(_params.GetValueOf <uint>("counter_id")); _responseBlob = AuthorizeMeAndTransmit(requestBlob); } _responseBlob.SkipHeader(); _responseParameters = new Parameters(); _responseParameters.AddPrimitiveType("counter_id", _responseBlob.ReadUInt32()); _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob)); return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters)); }
/// <summary> /// Cryptographically reports the selected PCR values and returns /// the TPMPCRComposite and the generated signature. If no /// external data is supplied a random nonce is generated on the server. /// The length of externalData is defined by the hashing algorithm used by the TPM /// </summary> /// <param name="pcrs"></param> /// <param name="externalData">Nonce used for the quoting operation, /// use CreateCompatibleHashAlgorithm or CreateCompatibleHashProvider to generate a hash value /// with the correct length</param> /// <returns></returns> public QuoteResponse Quote(TPMPCRSelection pcrs, byte[] externalData) { Parameters quoteParameters = new Parameters(); quoteParameters.AddPrimitiveType("key", _keyIdentifier); quoteParameters.AddValue("targetPCR", pcrs); if (externalData != null) { quoteParameters.AddPrimitiveType("externalData", externalData); } TPMCommandResponse response = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Quote, quoteParameters); return(new QuoteResponse(response.Parameters.GetValueOf <TPMPCRComposite>("pcrData"), response.Parameters.GetValueOf <byte[]>("sig"))); }
/// <summary> /// Really destroys the auth handle on the tpm AND in the local cache /// </summary> /// <param name="item"> /// A <see cref="AuthHandleItem"/> /// </param> private void InternalDestroyHandle(AuthHandleItem item) { Parameters parameters = new Parameters(); parameters.AddValue("handle", item.AuthHandle); parameters.AddPrimitiveType("ignore_tpm_error", true); TPMCommandRequest destroyHandleRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_FlushSpecific, parameters); TPMCommandResponse destroyHandleResponse = _tpmContext.TPM.Process(destroyHandleRequest); if (!destroyHandleResponse.Status) { throw new TPMRequestException("Error on flushing auth handle context, aborting"); } _logger.DebugFormat("Authhandles before remove: {0}", _authHandles); InternalRemoveAuthHandle(item); _logger.DebugFormat("Authhandles after remove: {0}", _authHandles); }
protected override TPMCommandResponse InternalProcess() { AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1); byte[] xorKey = new HashProvider().Hash( new HashByteDataProvider(auth1OSAP.SharedSecret), new HashByteDataProvider(auth1OSAP.NonceEven)); ByteHelper.XORBytes(_secret, xorKey); if (_secret.Length != 20) { throw new ArgumentException("secret needs to be 20 bytes long (SHA1 hash)"); } if (_label.Length != 4) { throw new ArgumentException("Label needs to be 4 bytes long"); } using (TPMBlob requestBlob = new TPMBlob()) { requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateCounter); requestBlob.Write(_secret, 0, 20); requestBlob.Write(_label, 0, 4); _responseBlob = AuthorizeMeAndTransmit(requestBlob); } _responseBlob.SkipHeader(); _responseParameters = new Parameters(); _responseParameters.AddPrimitiveType("counter_id", _responseBlob.ReadUInt32()); _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob)); return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters)); }
/// <summary> /// Flushes all keys that belong to the specified context /// </summary> /// <param name="keyContext">context to check</param> public void UnloadKeysOfContext(object keyContext) { using (AcquireLock()) { List <KeyHandleItem> keysToRemove = new List <KeyHandleItem>(); foreach (KeyHandleItem item in _keyHandles) { if (item.KeyContext.Equals(keyContext)) { keysToRemove.Add(item); } } foreach (KeyHandleItem item in keysToRemove) { _keyHandles.RemoveKeyHandle(item); //Flush the key if (item.Status == KeyHandleItem.KeyHandleStatus.SwappedIn) { Parameters flushParams = new Parameters(); flushParams.AddValue("handle", item.KeyHandle); TPMCommandRequest flushRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_FlushSpecific, flushParams); _tpmContext.TPM.Process(flushRequest); } //Flush the context else if (item.Status == KeyHandleItem.KeyHandleStatus.SwappedOut) { Parameters flushParams = new Parameters(); flushParams.AddValue("handle", new ContextHandle(item.KeyHandle.ContextBlob)); TPMCommandRequest flushRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_FlushSpecific, flushParams); _tpmContext.TPM.Process(flushRequest); } } } }
public override TPMCommandResponse Process() { if(_params.IsDefined<ITPMHandle>("handle") == false || _params.IsDefined<byte[]>("context_blob") == false) return new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_LoadContext, new Parameters()); ITPMHandle handle = _params.GetValueOf<ITPMHandle>("handle"); TPMBlob blob = new TPMBlob(); blob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_LoadContext); blob.WriteUInt32(handle.Handle); blob.WriteBool(handle.ForceHandle); blob.WriteUInt32((uint)handle.ContextBlob.Length); blob.Write(handle.ContextBlob, 0, handle.ContextBlob.Length); TPMBlob responseBlob = TransmitMe(blob); responseBlob.SkipHeader(); handle.Handle = responseBlob.ReadUInt32(); Parameters responseParameters = new Parameters(); responseParameters.AddValue("handle", handle); return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_LoadContext, responseParameters); }
protected override TPMCommandResponse InternalProcess() { TPMBlob requestBlob = new TPMBlob(); requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_GetPubKey); //If not loaded load now _keyManager.LoadKey(_params.GetValueOf <string>("key")); //KeyHandle To be inserted later requestBlob.WriteUInt32(0); //Blocking authorize, blocks till the user has entered the authorization data AuthorizeMe(requestBlob); using (_keyManager.AcquireLock()) { //Write key handle to the first position after the header requestBlob.SkipHeader(); requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("key")).Handle); _responseBlob = TransmitMe(requestBlob); } CheckResponseAuthInfo(); _responseBlob.SkipHeader(); TPMPubkeyCore pubKey = TPMPubkeyCore.CreateFromTPMBlob(_responseBlob); Parameters responseParams = new Parameters(); responseParams.AddValue("pubkey", pubKey); return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_GetPubKey, responseParams)); }
protected override TPMCommandResponse InternalProcess() { TPMBlob requestBlob = new TPMBlob(); requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Quote); //key handle gets inserted later, it may be not available now requestBlob.WriteUInt32(0); requestBlob.Write(_nonce, 0, 20); _pcrSelection.WriteToTpmBlob(requestBlob); _keyManager.LoadKey(_params.GetValueOf<string>("key")); AuthorizeMe(requestBlob); using(_keyManager.AcquireLock()) { requestBlob.SkipHeader(); requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("key")).Handle); _responseBlob = TransmitMe(requestBlob); } CheckResponseAuthInfo(); _responseBlob.SkipHeader(); TPMPCRCompositeCore pcrComposite = TPMPCRCompositeCore.CreateFromTPMBlob(_responseBlob); uint sigSize = _responseBlob.ReadUInt32(); byte[] signature = _responseBlob.ReadBytes((int)sigSize); // Do signature verification TPMQuoteInfoCore quoteInfo = TPMQuoteInfoCore.Create(new HashProvider().Hash(new HashTPMBlobWritableDataProvider(pcrComposite)), _nonce); byte[] signingData; using (TPMBlob blob = new TPMBlob()) { quoteInfo.WriteToTpmBlob(blob); signingData = blob.ToArray(); } Parameters pubKeyParams = new Parameters(); pubKeyParams.AddPrimitiveType("key", _params.GetValueOf<string>("key")); TPMCommandRequest pubKeyRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetPubKey, pubKeyParams); TPMCommandResponse pubKeyResponse = _tpmWrapper.Process(pubKeyRequest, _commandAuthHelper, _keyManager); if (pubKeyResponse.Status == false) { _log.FatalFormat("TPM_Quote: Could not retrieve pubkey of key"); return new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_Quote, new Parameters()); } TPMKey keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(_params.GetValueOf<string>("key"))); TPMPubkey pubkey = pubKeyResponse.Parameters.GetValueOf<TPMPubkey>("pubkey"); if (SignatureVerification.VerifySignature(keyInfo, pubkey, signingData, signature) == false) { throw new ArgumentException("The TPM_Quote signature could not be verified"); } Parameters responseParams = new Parameters(); responseParams.AddValue("pcrData", pcrComposite); responseParams.AddPrimitiveType("sig", signature); return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Quote, responseParams); }
protected override TPMCommandResponse InternalProcess() { TPMBlob requestBlob = new TPMBlob (); requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_GetPubKey); //If not loaded load now _keyManager.LoadKey(_params.GetValueOf<string>("key")); //KeyHandle To be inserted later requestBlob.WriteUInt32 (0); //Blocking authorize, blocks till the user has entered the authorization data AuthorizeMe(requestBlob); using(_keyManager.AcquireLock()) { //Write key handle to the first position after the header requestBlob.SkipHeader(); requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("key")).Handle); _responseBlob = TransmitMe(requestBlob); } CheckResponseAuthInfo(); _responseBlob.SkipHeader(); TPMPubkeyCore pubKey = TPMPubkeyCore.CreateFromTPMBlob(_responseBlob); Parameters responseParams = new Parameters(); responseParams.AddValue("pubkey", pubKey); return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_GetPubKey, responseParams); }
public override TPMCommandResponse Process() { TPMBlob requestBlob = new TPMBlob(); requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_GetCapability); requestBlob.WriteUInt32((uint)_capArea); switch (_capArea) { case CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL: //Subcaps are ignored by TPM_CAP_VERSION_VAL requestBlob.WriteUInt32(0); break; case CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE: requestBlob.WriteUInt32(4); requestBlob.WriteUInt32((uint)_param.GetValueOf <TPMResourceType> ("handle_type")); break; case CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY: CapabilityData.TPMSubCapProperty subCap = _param.GetValueOf <CapabilityData.TPMSubCapProperty> ("subCap"); //Size of subcap requestBlob.WriteUInt32(4); requestBlob.WriteUInt32((uint)subCap); break; case CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE: CapabilityDataCore.TPMSelectSizeCore tpmSelectSize = CapabilityDataCore.TPMSelectSizeCore.CreateVersion12(_param.GetValueOf <ushort>(CapabilityData.PARAM_PROP_SELECT_SIZE)); TPMBlobWriteableHelper.WriteITPMBlobWritableWithUIntSize(requestBlob, tpmSelectSize); break; default: throw new NotSupportedException("Defined cap or subcap are not supported"); } // if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL) // { // //Subcaps are ignored by TPM_CAP_VERSION_VAL // requestBlob.WriteUInt32 (0); // } // else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE) // { // requestBlob.WriteUInt32 (4); // requestBlob.WriteUInt32 ((uint)_param.GetValueOf<TPMResourceType> ("handle_type")); // } // else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY) // { // CapabilityData.TPMSubCapProperty subCap = _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap"); // // //Size of subcap // requestBlob.WriteUInt32 (4); // requestBlob.WriteUInt32 ((uint)subCap); // } // else // throw new NotSupportedException ("Defined cap or subcap are not supported"); requestBlob.WriteCmdSize(); TPMBlob responseBlob = TransmitMe(requestBlob); responseBlob.SkipHeader(); Parameters parameters = new Parameters(); switch (_capArea) { case CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL: CapabilityDataCore.TPMCapVersionInfoCore tpmVersionInfo = new CapabilityDataCore.TPMCapVersionInfoCore(responseBlob); parameters.AddValue(CapabilityData.PARAM_TPM_VERSION_INFO, tpmVersionInfo); break; case CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE: responseBlob.SkipHeader(); //Reads the response size, which is ignored responseBlob.ReadUInt32(); HandleListCore handleList = new HandleListCore(responseBlob, _param.GetValueOf <TPMResourceType> ("handle_type")); parameters.AddValue("handles", handleList); break; case CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY: responseBlob.SkipHeader(); switch (_param.GetValueOf <CapabilityData.TPMSubCapProperty> ("subCap")) { case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR: parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_PCR, ReadUInt32Response(responseBlob)); break; //case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_DIR: // parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_DIR, ReadUInt32Response (responseBlob)); // break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MANUFACTURER: parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_MANUFACTURER, ReadUInt32Response(responseBlob)); break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_KEYS: parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_KEYS, ReadUInt32Response(responseBlob)); break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS: parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_MAX_AUTHSESS, ReadUInt32Response(responseBlob)); break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS: parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_MAX_TRANSESS, ReadUInt32Response(responseBlob)); break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_KEYS: parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_MAX_KEYS, ReadUInt32Response(responseBlob)); break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS: parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_MAX_SESSIONS, ReadUInt32Response(responseBlob)); break; default: throw new NotSupportedException("Defined cap or subcap are not supported"); } break; case CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE: parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_SELECT_SIZE, ReadBoolResponse(responseBlob)); break; } // if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL) // { // CapabilityDataCore.TPMCapVersionInfoCore tpmVersionInfo = new CapabilityDataCore.TPMCapVersionInfoCore (responseBlob); // parameters.AddValue (CapabilityData.PARAM_TPM_VERSION_INFO, tpmVersionInfo); // } // else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE) // { // responseBlob.SkipHeader (); // // //Reads the response size, which is ignored // responseBlob.ReadUInt32 (); // // HandleListCore handleList = new HandleListCore (responseBlob, _param.GetValueOf<TPMResourceType> ("handle_type")); // parameters.AddValue ("handles", handleList); // } // // // else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY && // _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR) // { // responseBlob.SkipHeader (); // parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_PCR, ReadUInt32Response (responseBlob)); // } // // else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY && // _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS) // { // responseBlob.SkipHeader (); // parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_AUTHSESS, ReadUInt32Response (responseBlob)); // } // // else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY && // _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS) // { // responseBlob.SkipHeader (); // parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_TRANSESS, ReadUInt32Response (responseBlob)); // } // // else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY && // _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS) // { // responseBlob.SkipHeader (); // parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_SESSIONS, ReadUInt32Response (responseBlob)); // } // else // throw new NotSupportedException("Defined cap or subcap are not supported"); return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_GetCapability, parameters)); }
protected override TPMCommandResponse InternalProcess() { using(TPMBlob requestBlob = new TPMBlob()) { requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_IncrementCounter); requestBlob.WriteUInt32(_params.GetValueOf<uint>("counter_id")); _responseBlob = AuthorizeMeAndTransmit(requestBlob); } _responseBlob.SkipHeader(); _responseParameters = new Parameters(); _responseParameters.AddPrimitiveType("counter_id", _responseBlob.ReadUInt32()); _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob)); return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters); }
protected override TPMCommandResponse InternalProcess() { AuthHandle auth1OSAP =_commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1); byte[] xorKey = new HashProvider().Hash( new HashByteDataProvider(auth1OSAP.SharedSecret), new HashByteDataProvider(auth1OSAP.NonceEven)); ByteHelper.XORBytes(_secret, xorKey); if(_secret.Length != 20) throw new ArgumentException("secret needs to be 20 bytes long (SHA1 hash)"); if(_label.Length != 4) throw new ArgumentException("Label needs to be 4 bytes long"); using(TPMBlob requestBlob = new TPMBlob()) { requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateCounter); requestBlob.Write(_secret, 0, 20); requestBlob.Write(_label, 0, 4); _responseBlob = AuthorizeMeAndTransmit(requestBlob); } _responseBlob.SkipHeader(); _responseParameters = new Parameters(); _responseParameters.AddPrimitiveType("counter_id", _responseBlob.ReadUInt32()); _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob)); return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters); }
/// <summary> /// Seals data to the specified pcr selection, /// create a valid pcr selection with session.CreateEmptyPCRSelection /// </summary> /// <param name="pcrSelection"></param> /// <param name="data">Data to seal</param> /// <returns></returns> public byte[] Seal(TPMPCRSelection pcrSelection, byte[] data) { Parameters paramsSeal = new Parameters(); paramsSeal.AddPrimitiveType("in_data", data); paramsSeal.AddPrimitiveType("key", _keyIdentifier); paramsSeal.AddValue("pcr_selection", pcrSelection); Parameters paramsSecret = new Parameters(); paramsSecret.AddPrimitiveType("identifier", KeyIdentifier); ProtectedPasswordStorage authSeal = _tpmSession.RequestSecret(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SealAuth, paramsSecret)); if(authSeal.Hashed == false) authSeal.Hash(); authSeal.DecryptHash(); paramsSeal.AddPrimitiveType("data_auth", authSeal.HashValue); try { TPMCommandResponse sealResponse = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Seal, paramsSeal); return sealResponse.Parameters.GetValueOf<byte[]>("data"); } finally { if(authSeal != null) authSeal.ClearHash(); } }
/// <summary> /// Cryptographically reports the selected PCR values and returns /// the TPMPCRComposite and the generated signature. If no /// external data is supplied a random nonce is generated on the server. /// The length of externalData is defined by the hashing algorithm used by the TPM /// </summary> /// <param name="pcrs"></param> /// <param name="externalData">Nonce used for the quoting operation, /// use CreateCompatibleHashAlgorithm or CreateCompatibleHashProvider to generate a hash value /// with the correct length</param> /// <returns></returns> public QuoteResponse Quote(TPMPCRSelection pcrs, byte[] externalData) { Parameters quoteParameters = new Parameters(); quoteParameters.AddPrimitiveType("key", _keyIdentifier); quoteParameters.AddValue("targetPCR", pcrs); if(externalData != null) quoteParameters.AddPrimitiveType("externalData", externalData); TPMCommandResponse response = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Quote, quoteParameters); return new QuoteResponse(response.Parameters.GetValueOf<TPMPCRComposite>("pcrData"), response.Parameters.GetValueOf<byte[]>("sig")); }
public override TPMCommandResponse Process() { TPMBlob requestBlob = new TPMBlob (); requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_GetCapability); requestBlob.WriteUInt32 ((uint)_capArea); switch(_capArea) { case CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL: //Subcaps are ignored by TPM_CAP_VERSION_VAL requestBlob.WriteUInt32 (0); break; case CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE: requestBlob.WriteUInt32 (4); requestBlob.WriteUInt32 ((uint)_param.GetValueOf<TPMResourceType> ("handle_type")); break; case CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY: CapabilityData.TPMSubCapProperty subCap = _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap"); //Size of subcap requestBlob.WriteUInt32 (4); requestBlob.WriteUInt32 ((uint)subCap); break; case CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE: CapabilityDataCore.TPMSelectSizeCore tpmSelectSize = CapabilityDataCore.TPMSelectSizeCore.CreateVersion12(_param.GetValueOf<ushort>(CapabilityData.PARAM_PROP_SELECT_SIZE)); TPMBlobWriteableHelper.WriteITPMBlobWritableWithUIntSize(requestBlob, tpmSelectSize); break; default: throw new NotSupportedException ("Defined cap or subcap are not supported"); } // if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL) // { // //Subcaps are ignored by TPM_CAP_VERSION_VAL // requestBlob.WriteUInt32 (0); // } // else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE) // { // requestBlob.WriteUInt32 (4); // requestBlob.WriteUInt32 ((uint)_param.GetValueOf<TPMResourceType> ("handle_type")); // } // else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY) // { // CapabilityData.TPMSubCapProperty subCap = _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap"); // // //Size of subcap // requestBlob.WriteUInt32 (4); // requestBlob.WriteUInt32 ((uint)subCap); // } // else // throw new NotSupportedException ("Defined cap or subcap are not supported"); requestBlob.WriteCmdSize (); TPMBlob responseBlob = TransmitMe(requestBlob); responseBlob.SkipHeader (); Parameters parameters = new Parameters (); switch(_capArea) { case CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL: CapabilityDataCore.TPMCapVersionInfoCore tpmVersionInfo = new CapabilityDataCore.TPMCapVersionInfoCore (responseBlob); parameters.AddValue (CapabilityData.PARAM_TPM_VERSION_INFO, tpmVersionInfo); break; case CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE: responseBlob.SkipHeader (); //Reads the response size, which is ignored responseBlob.ReadUInt32 (); HandleListCore handleList = new HandleListCore (responseBlob, _param.GetValueOf<TPMResourceType> ("handle_type")); parameters.AddValue ("handles", handleList); break; case CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY: responseBlob.SkipHeader (); switch(_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap")) { case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR: parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_PCR, ReadUInt32Response (responseBlob)); break; //case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_DIR: // parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_DIR, ReadUInt32Response (responseBlob)); // break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MANUFACTURER: parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MANUFACTURER, ReadUInt32Response (responseBlob)); break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_KEYS: parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_KEYS, ReadUInt32Response (responseBlob)); break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS: parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_AUTHSESS, ReadUInt32Response (responseBlob)); break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS: parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_TRANSESS, ReadUInt32Response (responseBlob)); break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_KEYS: parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_KEYS, ReadUInt32Response (responseBlob)); break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS: parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_SESSIONS, ReadUInt32Response (responseBlob)); break; default: throw new NotSupportedException("Defined cap or subcap are not supported"); } break; case CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE: parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_SELECT_SIZE, ReadBoolResponse(responseBlob)); break; } // if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL) // { // CapabilityDataCore.TPMCapVersionInfoCore tpmVersionInfo = new CapabilityDataCore.TPMCapVersionInfoCore (responseBlob); // parameters.AddValue (CapabilityData.PARAM_TPM_VERSION_INFO, tpmVersionInfo); // } // else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE) // { // responseBlob.SkipHeader (); // // //Reads the response size, which is ignored // responseBlob.ReadUInt32 (); // // HandleListCore handleList = new HandleListCore (responseBlob, _param.GetValueOf<TPMResourceType> ("handle_type")); // parameters.AddValue ("handles", handleList); // } // // // else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY && // _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR) // { // responseBlob.SkipHeader (); // parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_PCR, ReadUInt32Response (responseBlob)); // } // // else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY && // _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS) // { // responseBlob.SkipHeader (); // parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_AUTHSESS, ReadUInt32Response (responseBlob)); // } // // else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY && // _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS) // { // responseBlob.SkipHeader (); // parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_TRANSESS, ReadUInt32Response (responseBlob)); // } // // else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY && // _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS) // { // responseBlob.SkipHeader (); // parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_SESSIONS, ReadUInt32Response (responseBlob)); // } // else // throw new NotSupportedException("Defined cap or subcap are not supported"); return new TPMCommandResponse (true, TPMCommandNames.TPM_CMD_GetCapability, parameters); }
public override TPMCommandResponse Process() { TPMEntityTypeLSB entityLSB = _params.GetValueOf <TPMEntityTypeLSB>("entity_lsb"); TPMEntityTypeMSB entityMSB = _params.GetValueOf <TPMEntityTypeMSB>("entity_msb"); string identifier = _params.GetValueOf <string>("entity_value"); if (entityLSB != TPMEntityTypeLSB.TPM_ET_KEYHANDLE && entityLSB != TPMEntityTypeLSB.TPM_ET_SRK && entityLSB != TPMEntityTypeLSB.TPM_ET_OWNER) { throw new ArgumentException("TPM_OSAP does currently not support entityType: " + entityLSB.ToString()); } if (entityMSB != TPMEntityTypeMSB.TPM_ET_XOR) { throw new ArgumentException(string.Format("TPM_OSAP does currently not support '{0}' EncAuth encryption", entityMSB)); } if (entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE || entityLSB == TPMEntityTypeLSB.TPM_ET_SRK) { //We now know that the current identifier is a key identifier (maybe srk, but then the value is ignored by TPM_OSAP). //So we invoke the key manager to load the key with the specified identifier and establish an OSAP session _keyManager.LoadKey(identifier); } //handle is not known yet AuthHandle authHandle = new AuthHandle(AuthHandle.AuthType.OSAP, 0); authHandle.EntityType = entityLSB; authHandle.NewNonceOddOSAP(); using (_keyManager.AcquireLock()) { TPMBlob requestBlob = new TPMBlob(); requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OSAP); requestBlob.WriteUInt16((ushort)(((ushort)entityMSB << 8) | (ushort)entityLSB)); if (entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE || entityLSB == TPMEntityTypeLSB.TPM_ET_SRK) { if (identifier == KeyHandle.KEY_SRK) { requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK); authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_SRK; } else { KeyHandle keyHandle = _keyManager.IdentifierToHandle(identifier); requestBlob.WriteUInt32(keyHandle.Handle); authHandle.EntityValue = keyHandle.Handle; } } else if (entityLSB == TPMEntityTypeLSB.TPM_ET_OWNER) { requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_OWNER); authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_OWNER; } requestBlob.Write(authHandle.NonceOddOSAP, 0, authHandle.NonceOddOSAP.Length); requestBlob.WriteCmdSize(); _commandAuthHelper.EnsureFreeSlot(); _responseBlob = TransmitMe(requestBlob); } _responseBlob.SkipHeader(); AuthHandleCore receivedAuthHandle = new AuthHandleCore(AuthHandle.AuthType.OSAP, _responseBlob); authHandle.UpdateFromOtherAuthHandle(receivedAuthHandle); _responseParameters = new Parameters(); _responseParameters.AddValue("auth_handle", authHandle); return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OSAP, _responseParameters)); }
/// <summary> /// Reads the configured tpm devices from the configuration and /// sets up the corresponding tpm contexts /// </summary> private void SetupTPMContexts() { IConnectionsConfiguration connectionConfig = (IConnectionsConfiguration)ConfigurationManager.GetSection ("connections"); foreach (Iaik.Tc.TPM.Configuration.DotNetConfiguration.TPMDevice device in connectionConfig.TpmDevices) { try { _logger.InfoFormat ("Setting up tpm context '{0}'", device.TPMName); TPMWrapper tpmDevice = new TPMWrapper (); tpmDevice.Init (device.TPMType, device.Parameters); TPMContext tpmContext = new TPMContext (device.TPMName, tpmDevice); _tpmContexts.Add (device.TPMName, tpmContext); _logger.InfoFormat ("Flushing device '{0}'", device.TPMName); foreach (TPMResourceType resourceType in new TPMResourceType[] { TPMResourceType.TPM_RT_AUTH, TPMResourceType.TPM_RT_KEY}) { Parameters listLoadedHandlesParameters = new Parameters (); listLoadedHandlesParameters.AddPrimitiveType ("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE); listLoadedHandlesParameters.AddPrimitiveType ("handle_type", resourceType); TPMCommandRequest listLoadedHandlesRequest = new TPMCommandRequest (TPMCommandNames.TPM_CMD_GetCapability, listLoadedHandlesParameters); TPMCommandResponse response = tpmDevice.Process (listLoadedHandlesRequest); if (response.Status == false) throw new Exception ("An unknown tpm exception while flushing occured"); foreach (uint handle in response.Parameters.GetValueOf<HandleList> ("handles")) { Parameters flushParameters = new Parameters (); flushParameters.AddValue ("handle", HandleFactory.Create (resourceType, handle)); TPMCommandRequest flushRequest = new TPMCommandRequest (TPMCommandNames.TPM_CMD_FlushSpecific, flushParameters); TPMCommandResponse flushResponse = tpmDevice.Process (flushRequest); if (flushResponse.Status == false) throw new Exception ("Something went wrong while flushing"); } } _logger.InfoFormat ("Successfully setup tpm context '{0}' with type '{1}'", device.TPMName, device.TPMType); } catch (Exception ex) { _logger.FatalFormat ("Error setting up tpm device '{0}', the device will not be available ({1})", device.TPMName, ex); } ///Set the Assembly search order for incoming Parameters so that core classes are always at first Parameters.AssemblySearchOrder = new Assembly[]{ typeof(TPMWrapper).Assembly, //lib core typeof(ITypedParameter).Assembly}; //lib common } }
protected override TPMCommandResponse InternalProcess() { TPMBlob requestBlob = new TPMBlob(); requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Quote); //key handle gets inserted later, it may be not available now requestBlob.WriteUInt32(0); requestBlob.Write(_nonce, 0, 20); _pcrSelection.WriteToTpmBlob(requestBlob); _keyManager.LoadKey(_params.GetValueOf <string>("key")); AuthorizeMe(requestBlob); using (_keyManager.AcquireLock()) { requestBlob.SkipHeader(); requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("key")).Handle); _responseBlob = TransmitMe(requestBlob); } CheckResponseAuthInfo(); _responseBlob.SkipHeader(); TPMPCRCompositeCore pcrComposite = TPMPCRCompositeCore.CreateFromTPMBlob(_responseBlob); uint sigSize = _responseBlob.ReadUInt32(); byte[] signature = _responseBlob.ReadBytes((int)sigSize); // Do signature verification TPMQuoteInfoCore quoteInfo = TPMQuoteInfoCore.Create(new HashProvider().Hash(new HashTPMBlobWritableDataProvider(pcrComposite)), _nonce); byte[] signingData; using (TPMBlob blob = new TPMBlob()) { quoteInfo.WriteToTpmBlob(blob); signingData = blob.ToArray(); } Parameters pubKeyParams = new Parameters(); pubKeyParams.AddPrimitiveType("key", _params.GetValueOf <string>("key")); TPMCommandRequest pubKeyRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetPubKey, pubKeyParams); TPMCommandResponse pubKeyResponse = _tpmWrapper.Process(pubKeyRequest, _commandAuthHelper, _keyManager); if (pubKeyResponse.Status == false) { _log.FatalFormat("TPM_Quote: Could not retrieve pubkey of key"); return(new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_Quote, new Parameters())); } TPMKey keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(_params.GetValueOf <string>("key"))); TPMPubkey pubkey = pubKeyResponse.Parameters.GetValueOf <TPMPubkey>("pubkey"); if (SignatureVerification.VerifySignature(keyInfo, pubkey, signingData, signature) == false) { throw new ArgumentException("The TPM_Quote signature could not be verified"); } Parameters responseParams = new Parameters(); responseParams.AddValue("pcrData", pcrComposite); responseParams.AddPrimitiveType("sig", signature); return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Quote, responseParams)); }
public override TPMCommandResponse Process() { TPMEntityTypeLSB entityLSB = _params.GetValueOf<TPMEntityTypeLSB>("entity_lsb"); TPMEntityTypeMSB entityMSB = _params.GetValueOf<TPMEntityTypeMSB>("entity_msb"); string identifier = _params.GetValueOf<string>("entity_value"); if( entityLSB != TPMEntityTypeLSB.TPM_ET_KEYHANDLE && entityLSB != TPMEntityTypeLSB.TPM_ET_SRK && entityLSB != TPMEntityTypeLSB.TPM_ET_OWNER) { throw new ArgumentException("TPM_OSAP does currently not support entityType: " + entityLSB.ToString()); } if(entityMSB != TPMEntityTypeMSB.TPM_ET_XOR) { throw new ArgumentException(string.Format("TPM_OSAP does currently not support '{0}' EncAuth encryption", entityMSB)); } if(entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE || entityLSB == TPMEntityTypeLSB.TPM_ET_SRK) { //We now know that the current identifier is a key identifier (maybe srk, but then the value is ignored by TPM_OSAP). //So we invoke the key manager to load the key with the specified identifier and establish an OSAP session _keyManager.LoadKey(identifier); } //handle is not known yet AuthHandle authHandle = new AuthHandle(AuthHandle.AuthType.OSAP, 0); authHandle.EntityType = entityLSB; authHandle.NewNonceOddOSAP(); using(_keyManager.AcquireLock()) { TPMBlob requestBlob = new TPMBlob(); requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OSAP); requestBlob.WriteUInt16((ushort)(((ushort)entityMSB << 8) | (ushort)entityLSB)); if(entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE || entityLSB == TPMEntityTypeLSB.TPM_ET_SRK) { if (identifier == KeyHandle.KEY_SRK) { requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK); authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_SRK; } else { KeyHandle keyHandle = _keyManager.IdentifierToHandle(identifier); requestBlob.WriteUInt32(keyHandle.Handle); authHandle.EntityValue = keyHandle.Handle; } } else if(entityLSB == TPMEntityTypeLSB.TPM_ET_OWNER) { requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_OWNER); authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_OWNER; } requestBlob.Write(authHandle.NonceOddOSAP, 0, authHandle.NonceOddOSAP.Length); requestBlob.WriteCmdSize(); _commandAuthHelper.EnsureFreeSlot(); _responseBlob = TransmitMe(requestBlob); } _responseBlob.SkipHeader(); AuthHandleCore receivedAuthHandle = new AuthHandleCore(AuthHandle.AuthType.OSAP, _responseBlob); authHandle.UpdateFromOtherAuthHandle(receivedAuthHandle); _responseParameters = new Parameters(); _responseParameters.AddValue("auth_handle", authHandle); return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OSAP, _responseParameters); }