/// <summary> /// Handles a HMAC generation request from the server /// </summary> /// <param name="subsystem"></param> /// <param name="requestContext"></param> private void HandleGenerateHMACRequest(TPMClientSubsystem subsystem, RequestContext <GenerateHMACRequest, GenerateHMACResponse> requestContext) { TPMSession session = MyClientContext.TPMClient.FindSession(requestContext.Request.TpmSessionIdentifier); GenerateHMACResponse response = requestContext.CreateResponse(); if (session == null) { _logger.WarnFormat("Received HMAC request for tpm session with id #{0}, but this id is not associated with an active session!", requestContext.Request.TpmSessionIdentifier); response.Succeeded = false; response.SetKnownErrorCode(GenerateHMACResponse.ErrorCodeEnum.TPMSessionNotFound); response.Execute(); return; } _logger.DebugFormat("Requesting password: {0}", requestContext.Request.KeyInfo.KeyType); ProtectedPasswordStorage pw = session.RequestSecret(requestContext.Request.KeyInfo); if (pw == null) { response.Succeeded = false; response.SetKnownErrorCode(GenerateHMACResponse.ErrorCodeEnum.HMACSecretMissing); response.Execute(); return; } HMACProvider hmacProvider = new HMACProvider(pw); response.Succeeded = true; response.TpmAuthData = hmacProvider.Hash(requestContext.Request.HMACDataProviders); response.Execute(); }
public static ProtectedPasswordStorage ReadPassword(string hintText) { Console.Write(hintText); ConsoleKeyInfo consoleKeyInfo; ProtectedPasswordStorage pws = new ProtectedPasswordStorage(); while (true) { consoleKeyInfo = Console.ReadKey(true); if (consoleKeyInfo.Key == ConsoleKey.Enter) { Console.WriteLine(); return(pws); } else if (consoleKeyInfo.Key == ConsoleKey.Escape) { Console.WriteLine(); return(null); } else { pws.AppendPasswordChar(consoleKeyInfo.KeyChar); } } }
public FrontEndConnection SetupConnection() { if (File.Exists(_certificateFile) == false) { throw new FileNotFoundException(string.Format("Certificate file '{0}' could not be found", _certificateFile)); } X509Certificate2 cert; try { cert = new X509Certificate2(_certificateFile); } catch (CryptographicException) { //maybe the certificate is password protected? ProtectedPasswordStorage pw = _settings.RequestSecret(string.Format("Enter encryption secret for certificate '{0}'", Path.GetFileName(_certificateFile))); if (pw == null) { throw new ArgumentException(string.Format("Could not get secret for certificate '{0}'", _certificateFile)); } //FIXME: Mono implementation of this ctor does not work cert = new X509Certificate2(_certificateFile, pw.ExportSecureString()); } return(new SslConnection(_host, _port, cert, _overwriteAuthenticationTargetHost)); }
/// <summary> /// Seals data to the specified pcr selection, /// create a valid pcr selection with session.CreateEmptyPCRSelection /// </summary> /// <param name="pcrSelection"></param> /// <param name="data">Data to seal</param> /// <returns></returns> public byte[] Seal(TPMPCRSelection pcrSelection, byte[] data) { Parameters paramsSeal = new Parameters(); paramsSeal.AddPrimitiveType("in_data", data); paramsSeal.AddPrimitiveType("key", _keyIdentifier); paramsSeal.AddValue("pcr_selection", pcrSelection); Parameters paramsSecret = new Parameters(); paramsSecret.AddPrimitiveType("identifier", KeyIdentifier); ProtectedPasswordStorage authSeal = _tpmSession.RequestSecret(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SealAuth, paramsSecret)); if (authSeal.Hashed == false) { authSeal.Hash(); } authSeal.DecryptHash(); paramsSeal.AddPrimitiveType("data_auth", authSeal.HashValue); try { TPMCommandResponse sealResponse = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Seal, paramsSeal); return(sealResponse.Parameters.GetValueOf <byte[]>("data")); } finally { if (authSeal != null) { authSeal.ClearHash(); } } }
/// <summary> /// Creates a new counter if possible. /// Creating a counter requires the owner password and also the secret_counter secret /// </summary> /// <param name="label">4 bytes to label the counter</param> /// <returns></returns> public CounterContext CreateCounter(byte[] label) { if (label.Length != 4) { throw new ArgumentException("label needs to be of size 4"); } ProtectedPasswordStorage counterSecret = _tpmSession.RequestSecret(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.CounterSecret, new Parameters())); if (counterSecret.Hashed == false) { counterSecret.Hash(); } counterSecret.DecryptHash(); Parameters createCounterParams = new Parameters(); createCounterParams.AddPrimitiveType("secret", counterSecret.HashValue); createCounterParams.AddPrimitiveType("label", label); return(new CounterContext(_tpmSession, _tpmSession.DoTPMCommandRequest(new TPMCommandRequest(TPMCommandNames.TPM_CMD_CreateCounter, createCounterParams)) .Parameters.GetValueOf <uint>("counter_id") )); }
public static ProtectedPasswordStorage ReadPassword(string hintText, TPMConsole console, bool retypePw) { console.Out.Write(hintText); ConsoleKeyInfo consoleKeyInfo; ProtectedPasswordStorage[] pws; if (retypePw) { pws = new ProtectedPasswordStorage[] { new ProtectedPasswordStorage(), new ProtectedPasswordStorage() } } ; else { pws = new ProtectedPasswordStorage[] { new ProtectedPasswordStorage() } }; for (int i = 0; i < pws.Length; i++) { ProtectedPasswordStorage pw = pws[i]; if (i == 1) { console.Out.Write("Retype password:"******"Error: Passwords do not match!"); return(null); } } }
public static ProtectedPasswordStorage mycallback(HMACKeyInfo keyInfo) { // We use the empty string as password ... ProtectedPasswordStorage pws = new ProtectedPasswordStorage(); pws.AppendPasswordChar('i'); pws.AppendPasswordChar('a'); pws.AppendPasswordChar('i'); pws.AppendPasswordChar('k'); return(pws); }
static ProtectedPasswordStorage RequestSecret(HMACKeyInfo keyInfo) { if (keyInfo.KeyType == HMACKeyInfo.HMACKeyType.SrkSecret) { ProtectedPasswordStorage secret = new ProtectedPasswordStorage(); secret.WellKnown(); return(secret); } return(ConsoleUtils.ReadPassword(String.Format("Please enter Passwd for key {0}: ", keyInfo.Parameters.GetValueOf <string>("identifier")))); }
static ProtectedPasswordStorage RequestSecret(HMACKeyInfo keyInfo) { if (keyInfo.KeyType == HMACKeyInfo.HMACKeyType.SrkSecret) { ProtectedPasswordStorage secret = new ProtectedPasswordStorage(); secret.WellKnown(); return(secret); } ProtectedPasswordStorage pws = new ProtectedPasswordStorage(); pws.AppendPasswordChar('I'); pws.AppendPasswordChar('A'); pws.AppendPasswordChar('I'); pws.AppendPasswordChar('K'); return(pws); }
public static void Main(string[] args) { // Establish Connections IDictionary <string, TPMSession> sessions = XMLConfiguration.EstablischConnection(base_path + "ClientConfigXml/UnixSocketDeviceLin.xml"); // Create one keystore per opened session //foreach (TPMSession tpmSes in sessions.Values) // tpmSes.Keystore = new InMemoryKeystore(); TPMSession sessionToUse = sessions["local0"]; // sessionToUse.SetRequestSecretCallback(RequestSecret); ProtectedPasswordStorage pws = new ProtectedPasswordStorage(); pws.WellKnown(); sessionToUse.AdministrationClient.TakeOwnership(ConsoleUtils.ReadPassword("Owner Password: "******"PCRS = " + sessionToUse.CapabilityClient.GetPCRCount()); }
public void TakeOwnership(ProtectedPasswordStorage ownerSecret, ProtectedPasswordStorage srkSecret) { _tpmSession.SetValue("secret_" + TPMSession.PARAM_AUTH_OWNER, ownerSecret); _tpmSession.SetValue("secret_" + TPMSession.PARAM_AUTH_SRK, srkSecret); IAsymmetricBlockCipher ekEncryptor = _tpmSession.EndorsementKeyHandling.PublicKey.CreateRSAEncrypter(); ownerSecret.DecryptHash(); byte[] encOwnerSecret = ekEncryptor.ProcessBlock(ownerSecret.HashValue, 0, ownerSecret.HashValue.Length); ownerSecret.ClearHash(); srkSecret.DecryptHash(); byte[] encSrkSecret = ekEncryptor.ProcessBlock(srkSecret.HashValue, 0, srkSecret.HashValue.Length); srkSecret.ClearHash(); Parameters parameters = new Parameters(); parameters.AddPrimitiveType(PARAM_OWNERAUTH, encOwnerSecret); parameters.AddPrimitiveType(PARAM_SRKAUTH, encSrkSecret); /*TPMCommandResponse response = */ BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_TakeOwnership, parameters); }
/// <summary> /// Constructs a new SealBlockCipher with the specified arguments and caches the specified seal auth value /// </summary> /// <param name="keyHandle"></param> /// <param name="session"></param> /// <param name="sealAuth"></param> public SealBlockCipher(ClientKeyHandle keyHandle, TPMSession session, TPMPCRSelection pcrSelection, ProtectedPasswordStorage sealAuth) : this(keyHandle, session, pcrSelection) { _session.SetValue("secret_seal_" + _keyHandle.FriendlyName + "_" + _myId.ToString(), sealAuth); }
/// <summary> /// If not cached, the desired secret is requested from the user /// </summary> /// <param name="keyInfo"></param> /// <returns></returns> public ProtectedPasswordStorage RequestSecret(HMACKeyInfo keyInfo) { string dictKey = null; if (keyInfo.KeyType == HMACKeyInfo.HMACKeyType.OwnerSecret) { dictKey = PARAM_AUTH_OWNER; } else if (keyInfo.KeyType == HMACKeyInfo.HMACKeyType.SrkSecret) { dictKey = PARAM_AUTH_SRK; } else if (keyInfo.KeyType == HMACKeyInfo.HMACKeyType.KeyUsageSecret) { string friendlyName = keyInfo.Parameters.GetValueOf <string>("identifier"); bool identifierIsFriendlyName = keyInfo.Parameters.GetValueOf <bool>("identifierIsFriendlyName", false); if (!identifierIsFriendlyName) { if (_keystore.ContainsIdentifier(friendlyName) == false) { throw new ArgumentException(string.Format("Requests for secret for key not in keystore! identifier: {0}", friendlyName)); } friendlyName = _keystore.IdentifierToFriendlyName(friendlyName); } dictKey = "usage_" + friendlyName; } else if (keyInfo.KeyType == HMACKeyInfo.HMACKeyType.SealAuth) { string friendlyName = keyInfo.Parameters.GetValueOf <string>("identifier"); bool identifierIsFriendlyName = keyInfo.Parameters.GetValueOf <bool>("identifierIsFriendlyName", false); if (!identifierIsFriendlyName) { if (_keystore.ContainsIdentifier(friendlyName) == false) { throw new ArgumentException(string.Format("Requests for secret for key not in keystore! identifier: {0}", friendlyName)); } friendlyName = _keystore.IdentifierToFriendlyName(friendlyName); } dictKey = "seal_" + friendlyName; } else if (keyInfo.KeyType == HMACKeyInfo.HMACKeyType.CounterSecret) { dictKey = "counter"; } else { throw new NotSupportedException(string.Format("The key type '{0}' is not supported", keyInfo.KeyType)); } ProtectedPasswordStorage pw = GetValue <ProtectedPasswordStorage>("secret_" + dictKey, null); if (pw == null) { _logger.DebugFormat("Secret for dictkey '{0}' was not found in cache, requesting from user", dictKey); ProtectedPasswordStorage password = RaiseRequestSecret(keyInfo); SetValue("secret_" + dictKey, password); return(password); } else { _logger.DebugFormat("Secret for dictkey '{0}' was found in cache", dictKey); return(pw); } }
/// <summary> /// Creates an IAsymmetricBlockCipher for sealing for this key. This is only valid for storage keys /// </summary> /// <param name="pcrSelection"> </param> /// <returns></returns> public IAsymmetricBlockCipher CreateSealBlockCipher(TPMPCRSelection pcrSelection, ProtectedPasswordStorage sealAuth) { return(new SealBlockCipher(this, _tpmSession, pcrSelection, sealAuth)); }
public ClientKeyHandle CreateKey(string friendlyName, uint keyLength, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags) { Parameters paramsCreateWrapKey = new Parameters(); paramsCreateWrapKey.AddPrimitiveType("parent", KeyIdentifier); paramsCreateWrapKey.AddPrimitiveType("key_usage", keyUsage); paramsCreateWrapKey.AddPrimitiveType("key_flags", keyFlags); paramsCreateWrapKey.AddPrimitiveType("key_length", keyLength); paramsCreateWrapKey.AddPrimitiveType("exponent", new byte[0]); paramsCreateWrapKey.AddPrimitiveType("num_primes", (uint)0); if (keyUsage == TPMKeyUsage.TPM_KEY_SIGNING) { paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_NONE); paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1); } else { paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_RSAESOAEP_SHA1_MGF1); paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_NONE); } Parameters parameters = new Parameters(); parameters.AddPrimitiveType("identifierIsFriendlyName", true); parameters.AddPrimitiveType("identifier", friendlyName); ProtectedPasswordStorage authUsage = _tpmSession.RequestSecret( new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters)); if (authUsage.Hashed == false) { authUsage.Hash(); } authUsage.DecryptHash(); paramsCreateWrapKey.AddPrimitiveType("usage_auth", authUsage.HashValue); ProtectedPasswordStorage authMigration = null; if ((keyFlags & TPMKeyFlags.Migratable) == TPMKeyFlags.Migratable) { authMigration = _tpmSession.RequestSecret( new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyMigrationSecret, parameters)); authMigration.DecryptHash(); paramsCreateWrapKey.AddPrimitiveType("migration_auth", authMigration.HashValue); } else { paramsCreateWrapKey.AddPrimitiveType("migration_auth", new byte[20]); } try { TPMCommandResponse responseCreateWrapKey = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_CreateWrapKey, paramsCreateWrapKey); _tpmSession.Keystore.AddKey( friendlyName, responseCreateWrapKey.Parameters.GetValueOf <string>("key_identifier"), this.FriendlyName, responseCreateWrapKey.Parameters.GetValueOf <byte[]>("key_data")); return(new ClientKeyHandle(friendlyName, responseCreateWrapKey.Parameters.GetValueOf <string>("key_identifier"), _tpmSession)); } finally { if (authMigration != null) { authMigration.ClearHash(); } if (authUsage != null) { authUsage.ClearHash(); } } }
public override void Execute(string[] commandline) { if (commandline.Length < 2) { _console.Out.WriteLine("Error: [local_session_alias] not specified"); return; } else if (commandline.Length < 3) { _console.Out.WriteLine("Error: [command] not specified"); return; } ClientContext ctx = _console.GetValue <ClientContext> ("client_context", null); if (ctx == null) { _console.Out.WriteLine("No active connection was found"); return; } string localAlias = commandline[1]; string keyCommand = commandline[2]; IDictionary <string, TPMSession> tpmSessions = _console.GetValue <IDictionary <string, TPMSession> > ("tpm_sessions", null); if (tpmSessions == null || tpmSessions.ContainsKey(localAlias) == false) { _console.Out.WriteLine("Error: Specified local alias was not found"); return; } if (keyCommand == "clear") { List <string> toRemove = new List <string>(); foreach (string key in tpmSessions[localAlias].ListValueKeys()) { if (key.StartsWith("secret_")) { toRemove.Add(key); } } foreach (string key in toRemove) { tpmSessions[localAlias].ClearValue(key); } } else if (keyCommand == "remove") { IDictionary <string, string> arguments = null; if (commandline.Length >= 4) { arguments = _console.SplitArguments(commandline[3], 0); } if (commandline.Length < 4 || arguments.ContainsKey("type") == false) { _console.Out.WriteLine("Error: No type to remove specified"); return; } tpmSessions[localAlias].ClearValue("secret_" + arguments["type"]); } else if (keyCommand == "add") { if (commandline.Length < 4) { _console.Out.WriteLine("Error: No arguments specified"); return; } IDictionary <string, string> arguments = _console.SplitArguments(commandline[3], 0); if (arguments.ContainsKey("type") == false) { _console.Out.WriteLine("Error: No type specified"); return; } string dictKey = arguments["type"]; HMACKeyInfo keyInfo; Parameters hmacKeyInfoParams = new Parameters(); if (dictKey == "owner") { dictKey = TPMSession.PARAM_AUTH_OWNER; keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.OwnerSecret, hmacKeyInfoParams); } else if (dictKey == "srk") { dictKey = TPMSession.PARAM_AUTH_SRK; keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, hmacKeyInfoParams); } else if (dictKey == "key_usage") { if (arguments.ContainsKey("name") == false) { _console.Out.WriteLine("Error: key_usage requires name of key"); return; } dictKey = "usage_" + arguments["name"]; hmacKeyInfoParams.AddPrimitiveType("identifier", arguments["name"]); keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, hmacKeyInfoParams); } else if (dictKey == "seal") { if (arguments.ContainsKey("name") == false) { _console.Out.WriteLine("Error: seal requires name of key"); return; } dictKey = "seal_" + arguments["name"]; hmacKeyInfoParams.AddPrimitiveType("identifier", arguments["name"]); keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SealAuth, hmacKeyInfoParams); } else if (dictKey == "counter") { dictKey = "counter"; keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.CounterSecret, new Parameters()); } else { _console.Out.WriteLine("Error: Unknown secret type"); return; } ProtectedPasswordStorage pw; if (arguments.ContainsKey("secret")) { pw = new ProtectedPasswordStorage(); foreach (char c in arguments["secret"]) { pw.AppendPasswordChar(c); } } else { tpmSessions[localAlias].ClearValue("secret_" + dictKey); pw = tpmSessions[localAlias].RequestSecret(keyInfo); } pw.Hash(); tpmSessions[localAlias].SetValue("secret_" + dictKey, pw); } else { _console.Out.WriteLine("Error, unknown command '{0}'", commandline[2]); } }
public override void Execute(string[] commandline) { if (commandline.Length < 2) { _console.Out.WriteLine("Error: [local_alias] not specified"); } else if (commandline.Length < 3) { _console.Out.WriteLine("Error: [admin_subcommand] not specified"); } ClientContext ctx = _console.GetValue <ClientContext> ("client_context", null); if (ctx == null) { _console.Out.WriteLine("No active connection was found"); return; } string localAlias = commandline[1]; string adminCommand = commandline[2]; IDictionary <string, TPMSession> tpmSessions = _console.GetValue <IDictionary <string, TPMSession> > ("tpm_sessions", null); if (tpmSessions == null || tpmSessions.ContainsKey(localAlias) == false) { _console.Out.WriteLine("Error: Specified local alias was not found"); return; } if (adminCommand == "take_ownership") { ProtectedPasswordStorage ownerAuth; if (commandline.Length >= 4) { ownerAuth = new ProtectedPasswordStorage(); foreach (char c in commandline[3]) { ownerAuth.AppendPasswordChar(c); } } else { ownerAuth = Utils.ReadPassword("Enter new owner password:"******"Enter new srk password:"******"Request aborted"); return; } ownerAuth.Hash(); srkAuth.Hash(); tpmSessions[localAlias].AdministrationClient.TakeOwnership(ownerAuth, srkAuth); } else if (adminCommand == "owner_clear") { tpmSessions[localAlias].AdministrationClient.ClearOwner(); } else { _console.Out.WriteLine("Error, unknown admin_subcommand '{0}'", adminCommand); } }
public override void Execute(string[] commandline) { if (commandline.Length < 2) { _console.Out.WriteLine("Error: [local_session_alias] not specified"); return; } else if (commandline.Length < 3) { _console.Out.WriteLine("Error: [command] not specified"); return; } ClientContext ctx = _console.GetValue <ClientContext> ("client_context", null); if (ctx == null) { _console.Out.WriteLine("No active connection was found"); return; } string localAlias = commandline[1]; string keyCommand = commandline[2]; IDictionary <string, TPMSession> tpmSessions = _console.GetValue <IDictionary <string, TPMSession> > ("tpm_sessions", null); if (tpmSessions == null || tpmSessions.ContainsKey(localAlias) == false) { _console.Out.WriteLine("Error: Specified local alias was not found"); return; } if (keyCommand == "keystore_open") { if (commandline.Length < 4) { _console.Out.WriteLine("Error: keystore_open requires some arguments, check help for further information"); return; } if (tpmSessions[localAlias].Keystore != null) { _console.Out.WriteLine("Error: There is already an open keystore!"); return; } string[] sArguments = commandline[3].Split(','); IDictionary <string, string> arguments = _console.SplitArguments(commandline[3], 1); TPMKeystoreProvider keystore = TPMKeystoreProviders.Create(sArguments[0], arguments); tpmSessions[localAlias].Keystore = keystore; } else if (keyCommand == "keystore_close") { TPMKeystoreProvider keystore = tpmSessions[localAlias].Keystore; if (keystore != null) { keystore.Dispose(); tpmSessions[localAlias].Keystore = keystore; } } else if (keyCommand == "keystore_list") { TPMKeystoreProvider keystore = tpmSessions[localAlias].Keystore; if (keystore == null) { _console.Out.WriteLine("Error: No keystore opened"); return; } _console.Out.WriteLine("The keystore contains #{0} keys", keystore.EnumerateFriendlyNames().Length); _console.Out.WriteLine(); foreach (string friendlyName in keystore.EnumerateFriendlyNames()) { string parent = "<SRK>"; KeyValuePair <string, string>?parentKey = keystore.FindParentKeyByFriendlyName(friendlyName); if (parentKey != null) { parent = parentKey.Value.Key; } _console.Out.WriteLine("{0} ({1}) parent: {2}", friendlyName, keystore.FriendlyNameToIdentifier(friendlyName), parent); } } else if (keyCommand == "create") { if (tpmSessions[localAlias].Keystore == null) { _console.Out.WriteLine("Error: No keystore was opened"); return; } IDictionary <string, string> arguments = _console.SplitArguments(commandline[3], 0); if (arguments.ContainsKey("name") == false) { _console.Out.WriteLine("Error: No name specified"); return; } if (arguments.ContainsKey("parent") == false) { _console.Out.WriteLine("Error: No parent key specified"); return; } ClientKeyHandle keyHandle; if (arguments["parent"] == "srk") { keyHandle = tpmSessions[localAlias].KeyClient.GetSrkKeyHandle(); } else { keyHandle = tpmSessions[localAlias].KeyClient.GetKeyHandleByFriendlyName(arguments["parent"]); } if (keyHandle == null) { _console.Out.WriteLine("Error: Key with name '{0}' not found", arguments["parent"]); return; } if (arguments.ContainsKey("key_usage") == false) { _console.Out.WriteLine("Error: key_usage not defined"); return; } TPMKeyUsage keyUsage; switch (arguments["key_usage"]) { case "sign": keyUsage = TPMKeyUsage.TPM_KEY_SIGNING; break; case "bind": keyUsage = TPMKeyUsage.TPM_KEY_BIND; break; case "storage": keyUsage = TPMKeyUsage.TPM_KEY_STORAGE; break; default: _console.Out.WriteLine("Error: Invalid key_usage '{0}'", arguments["key_usage"]); return; } if (arguments.ContainsKey("key_length") == false) { _console.Out.WriteLine("Error: key_length not defined!"); return; } uint keyLength = 0; if (uint.TryParse(arguments["key_length"], out keyLength) == false) { _console.Out.WriteLine("Error: Could not parse key_length"); return; } TPMKeyFlags keyFlags = TPMKeyFlags.None; if (arguments.ContainsKey("key_flags")) { switch (arguments["key_flags"]) { case "none": keyFlags = TPMKeyFlags.None; break; case "migratable": keyFlags = TPMKeyFlags.Migratable; break; } } //Make sure that key usage auth and if required migration auth is in the secret cache Parameters hmacParams = new Parameters(); hmacParams.AddPrimitiveType("identifierIsFriendlyName", true); hmacParams.AddPrimitiveType("identifier", arguments["name"]); ProtectedPasswordStorage usageAuth = tpmSessions[localAlias].RequestSecret( new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, hmacParams)); if (usageAuth != null) { tpmSessions[localAlias].SetValue("secret_usage_" + arguments["name"], usageAuth); } if ((keyFlags & TPMKeyFlags.Migratable) == TPMKeyFlags.Migratable) { ProtectedPasswordStorage migrationAuth = tpmSessions[localAlias].RequestSecret( new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyMigrationSecret, hmacParams)); if (migrationAuth != null) { tpmSessions[localAlias].SetValue("secret_migration_" + arguments["name"], migrationAuth); } } /*ClientKeyHandle newKey =*/ keyHandle.CreateKey(arguments["name"], keyLength, keyUsage, keyFlags); } else { _console.Out.WriteLine("Error, unknown command '{0}'", commandline[2]); } }