public void WriteAuthorizationInfo(TPMBlob target, AuthorizationInfo authInfo)
 {
     target.WriteUInt32(authInfo.Handle.Handle);
     target.Write(authInfo.Handle.NonceOdd, 0, authInfo.Handle.NonceOdd.Length);
     target.WriteBool(authInfo.ContinueAuthSession);
     target.Write(authInfo.AuthData, 0, authInfo.AuthData.Length);
 }
Example #2
0
 public void WriteToTpmBlob(TPMBlob blob)
 {
     ((ITPMBlobWritable)_version).WriteToTpmBlob(blob);
     blob.Write(_fixed, 0, _fixed.Length);
     blob.Write(_compositeHash, 0, _compositeHash.Length);
     blob.Write(_nonce, 0, _nonce.Length);
 }
Example #3
0
        protected override TPMCommandResponse InternalProcess()
        {
            byte[] ownerAuth = _params.GetValueOf <byte[]> (PARAM_OWNERAUTH);
            byte[] srkAuth   = _params.GetValueOf <byte[]> (PARAM_SRKAUTH);


            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_TakeOwnership);

            requestBlob.WriteUInt16((ushort)TPMProtocolId.TPM_PID_OWNER);

            requestBlob.WriteUInt32((uint)ownerAuth.Length);
            requestBlob.Write(ownerAuth, 0, ownerAuth.Length);

            requestBlob.WriteUInt32((uint)srkAuth.Length);
            requestBlob.Write(srkAuth, 0, srkAuth.Length);

            _tpmKey.WriteToTpmBlob(requestBlob);

            _responseBlob = AuthorizeMeAndTransmit(requestBlob);

            CheckResponseAuthInfo();

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_TakeOwnership, new Parameters()));
        }
Example #4
0
 public void WriteToTpmBlob(TPMBlob blob)
 {
     ((ITPMBlobWritable)_versionStruct).WriteToTpmBlob(blob);
     blob.WriteUInt32((uint)_sealInfo.Length);
     blob.Write(_sealInfo, 0, _sealInfo.Length);
     blob.WriteUInt32((uint)_encData.Length);
     blob.Write(_encData, 0, _encData.Length);
 }
Example #5
0
        protected override TPMCommandResponse InternalProcess()
        {
            // Unencrypted authorization values, they need to be XOR-Encrypted with
            // XOR(auth, SHA-1(OSAP shared secret | session nonce))
            //
            // OSAP_shared_secret = HMAC(key=usage secret of key handle, nonce even osap | nonce odd osap)
            AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);

            _encAuth = _params.GetValueOf <byte[]> ("data_auth");

            byte[] xorKey = new HashProvider().Hash(
                new HashByteDataProvider(auth1OSAP.SharedSecret),
                new HashByteDataProvider(auth1OSAP.NonceEven));

            ByteHelper.XORBytes(_encAuth, xorKey);

            //Load parent key if not loaded
            _keyManager.LoadKey(_params.GetValueOf <string>("key"));

            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Seal);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_encAuth, 0, 20);
            TPMBlobWriteableHelper.WriteITPMBlobWritableWithUIntSize(requestBlob, _pcrInfo);
            requestBlob.WriteUInt32((uint)_inData.Length);
            requestBlob.Write(_inData, 0, _inData.Length);

            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("key")).Handle);
                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            TPMStoredDataCore sealedData = TPMStoredDataCore.CreateFromTPMBlob(_responseBlob);

            Parameters responseParams = new Parameters();

            responseParams.AddPrimitiveType("data", ByteHelper.SerializeToBytes(sealedData));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Seal, responseParams));
        }
Example #6
0
        public void WriteToTpmBlob(TPMBlob blob)
        {
            ((ITPMBlobWritable)_pcrSelection).WriteToTpmBlob(blob);

            byte[] digestAtRelease  = DigestAtRelease;
            byte[] digestAtCreation = DigestAtCreation;

            if (digestAtRelease.Length != 20 || digestAtCreation.Length != 20)
            {
                throw new ArgumentException("Digest length of TPMPCRInfo != 20");
            }

            blob.Write(digestAtRelease, 0, digestAtRelease.Length);
            blob.Write(digestAtCreation, 0, digestAtCreation.Length);
        }
Example #7
0
        public override TPMCommandResponse Process()
        {
            if (_params.IsDefined <ITPMHandle>("handle") == false ||
                _params.IsDefined <byte[]>("context_blob") == false)
            {
                return(new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_LoadContext, new Parameters()));
            }

            ITPMHandle handle = _params.GetValueOf <ITPMHandle>("handle");


            TPMBlob blob = new TPMBlob();

            blob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_LoadContext);
            blob.WriteUInt32(handle.Handle);
            blob.WriteBool(handle.ForceHandle);
            blob.WriteUInt32((uint)handle.ContextBlob.Length);
            blob.Write(handle.ContextBlob, 0, handle.ContextBlob.Length);

            TPMBlob responseBlob = TransmitMe(blob);

            responseBlob.SkipHeader();
            handle.Handle = responseBlob.ReadUInt32();

            Parameters responseParameters = new Parameters();

            responseParameters.AddValue("handle", handle);

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_LoadContext, responseParameters));
        }
Example #8
0
        public override TPMCommandResponse Process()
        {
            byte[] nonce = NonceGenerator.GenerateByteNonce(20);

            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadPubek);
            requestBlob.Write(nonce, 0, nonce.Length);
            requestBlob.WriteCmdSize();

            TPMBlob responseBlob = TransmitMe(requestBlob);

            responseBlob.SkipHeader();

            long          posStart = responseBlob.Position;
            TPMPubkeyCore pubkey   = TPMPubkeyCore.CreateFromTPMBlob(responseBlob);
            long          posEnd   = responseBlob.Position;

            Digest digest = new Digest(responseBlob, 20);

            if (digest.CompareTo(
                    new HashStreamDataProvider(responseBlob, posStart, posEnd - posStart, false),
                    new HashByteDataProvider(nonce)) == false)
            {
                throw new TPMResponseException("Local digest does not match remote digest");
            }

            Parameters responseParams = new Parameters();

            responseParams.AddValue(TPMPubkey.PARAM_TPM_PUBKEY, pubkey);

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_ReadPubek, responseParams));
        }
Example #9
0
        public void WriteToTpmBlob(TPMBlob blob)
        {
            blob.WriteUInt32(_keyLength);
            blob.WriteUInt32(_numPrimes);

            blob.WriteUInt32((uint)_exponent.Length);
            blob.Write(_exponent, 0, _exponent.Length);
        }
Example #10
0
        public void WriteToTpmBlob(TPMBlob blob)
        {
            ((ITPMBlobWritable)_pcrSelection).WriteToTpmBlob(blob);
            blob.WriteUInt32((uint)_pcrValues.Length * 20);

            foreach (byte[] pcrValue in _pcrValues)
            {
                blob.Write(pcrValue, 0, pcrValue.Length);
            }
        }
Example #11
0
        protected override TPMCommandResponse InternalProcess()
        {
            AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);

            byte[] xorKey = new HashProvider().Hash(
                new HashByteDataProvider(auth1OSAP.SharedSecret),
                new HashByteDataProvider(auth1OSAP.NonceEven));

            ByteHelper.XORBytes(_secret, xorKey);


            if (_secret.Length != 20)
            {
                throw new ArgumentException("secret needs to be 20 bytes long (SHA1 hash)");
            }

            if (_label.Length != 4)
            {
                throw new ArgumentException("Label needs to be 4 bytes long");
            }

            using (TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateCounter);
                requestBlob.Write(_secret, 0, 20);
                requestBlob.Write(_label, 0, 4);

                _responseBlob = AuthorizeMeAndTransmit(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _responseBlob.ReadUInt32());
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters));
        }
Example #12
0
 /// <summary>
 /// Writes target to sink with the uint size preceding
 /// </summary>
 /// <param name="sink"></param>
 /// <param name="target"></param>
 public static void WriteITPMBlobWritableWithUIntSize(TPMBlob sink, ITPMBlobWritable target)
 {
     if (target == null)
     {
         sink.WriteUInt32(0);
     }
     else
     {
         using (TPMBlob tempBlob = new TPMBlob())
         {
             target.WriteToTpmBlob(tempBlob);
             sink.WriteUInt32((uint)tempBlob.Length);
             sink.Write(tempBlob.ToArray(), 0, (int)tempBlob.Length);
         }
     }
 }
Example #13
0
        public void WriteToTpmBlob(TPMBlob blob)
        {
            ((ITPMBlobWritable)_version).WriteToTpmBlob(blob);
            blob.WriteUInt16((ushort)_keyUsage);
            blob.WriteUInt32((uint)_keyFlags);
            blob.WriteByte((byte)_authDataUsage);
            ((ITPMBlobWritable)_algorithmParams).WriteToTpmBlob(blob);

            //TODO: PCR info size
            blob.WriteUInt32(0);

            ((ITPMBlobWritable)_pubKey).WriteToTpmBlob(blob);

            blob.WriteUInt32((uint)_encData.Length);
            blob.Write(_encData, 0, _encData.Length);
        }
Example #14
0
        public override TPMCommandResponse Process()
        {
            //We don't have any meaningful labeldata we could include,
            //so generate some random
            byte[] labelData = new byte[16];
            Random r         = new Random();

            r.NextBytes(labelData);


            if (_params.IsDefined <ITPMHandle>("handle") == false)
            {
                return(new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_SaveContext, new Parameters()));
            }


            ITPMHandle handle = _params.GetValueOf <ITPMHandle>("handle");

            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_SaveContext);
            requestBlob.WriteUInt32(handle.Handle);
            requestBlob.WriteUInt32((uint)handle.ResourceType);
            requestBlob.Write(labelData, 0, labelData.Length);

            TPMBlob responseBlob = TransmitMe(requestBlob);

            responseBlob.SkipHeader();

            uint blobSize = responseBlob.ReadUInt32();

            byte[] contextBlob = responseBlob.ReadBytes((int)blobSize);

            Parameters responseParams = new Parameters();

            responseParams.AddPrimitiveType("context_blob", contextBlob);
            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_SaveContext, responseParams));
        }
Example #15
0
        protected override TPMCommandResponse InternalProcess()
        {
            //Load parent key if not loaded
            _keyManager.LoadKey(_params.GetValueOf <string>("key"));

            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_UnBind);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.WriteUInt32((uint)_inData.Length);
            requestBlob.Write(_inData, 0, _inData.Length);

            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("key")).Handle);
                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            uint dataSize = _responseBlob.ReadUInt32();

            byte[] responseData = new byte[dataSize];
            _responseBlob.Read(responseData, 0, responseData.Length);

            Parameters responseParams = new Parameters();

            responseParams.AddPrimitiveType("data", responseData);

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Unbind, responseParams));
        }
Example #16
0
        public override TPMCommandResponse Process()
        {
            using (TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_Extend);
                requestBlob.WriteUInt32(_params.GetValueOf <uint>("pcr"));

                byte[] digest = _params.GetValueOf <byte[]>("digest");
                if (digest.Length != 20)
                {
                    throw new ArgumentException("Digest needs to be of length '20'");
                }

                requestBlob.Write(digest, 0, digest.Length);

                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("pcr_value", _responseBlob.ReadBytes(20));
            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Extend, _responseParameters));
        }
Example #17
0
        public override TPMCommandResponse Process()
        {
            TPMEntityTypeLSB entityLSB  = _params.GetValueOf <TPMEntityTypeLSB>("entity_lsb");
            TPMEntityTypeMSB entityMSB  = _params.GetValueOf <TPMEntityTypeMSB>("entity_msb");
            string           identifier = _params.GetValueOf <string>("entity_value");


            if (entityLSB != TPMEntityTypeLSB.TPM_ET_KEYHANDLE &&
                entityLSB != TPMEntityTypeLSB.TPM_ET_SRK &&
                entityLSB != TPMEntityTypeLSB.TPM_ET_OWNER)
            {
                throw new ArgumentException("TPM_OSAP does currently not support entityType: " + entityLSB.ToString());
            }

            if (entityMSB != TPMEntityTypeMSB.TPM_ET_XOR)
            {
                throw new ArgumentException(string.Format("TPM_OSAP does currently not support '{0}' EncAuth encryption", entityMSB));
            }


            if (entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
                entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
            {
                //We now know that the current identifier is a key identifier (maybe srk, but then the value is ignored by TPM_OSAP).
                //So we invoke the key manager to load the key with the specified identifier and establish an OSAP session
                _keyManager.LoadKey(identifier);
            }

            //handle is not known yet
            AuthHandle authHandle = new AuthHandle(AuthHandle.AuthType.OSAP, 0);

            authHandle.EntityType = entityLSB;
            authHandle.NewNonceOddOSAP();


            using (_keyManager.AcquireLock())
            {
                TPMBlob requestBlob = new TPMBlob();
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OSAP);
                requestBlob.WriteUInt16((ushort)(((ushort)entityMSB << 8) | (ushort)entityLSB));

                if (entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
                    entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
                {
                    if (identifier == KeyHandle.KEY_SRK)
                    {
                        requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
                        authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_SRK;
                    }
                    else
                    {
                        KeyHandle keyHandle = _keyManager.IdentifierToHandle(identifier);
                        requestBlob.WriteUInt32(keyHandle.Handle);
                        authHandle.EntityValue = keyHandle.Handle;
                    }
                }
                else if (entityLSB == TPMEntityTypeLSB.TPM_ET_OWNER)
                {
                    requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_OWNER);
                    authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_OWNER;
                }

                requestBlob.Write(authHandle.NonceOddOSAP, 0, authHandle.NonceOddOSAP.Length);
                requestBlob.WriteCmdSize();

                _commandAuthHelper.EnsureFreeSlot();
                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            AuthHandleCore receivedAuthHandle = new AuthHandleCore(AuthHandle.AuthType.OSAP, _responseBlob);

            authHandle.UpdateFromOtherAuthHandle(receivedAuthHandle);


            _responseParameters = new Parameters();
            _responseParameters.AddValue("auth_handle", authHandle);
            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OSAP, _responseParameters));
        }
Example #18
0
        protected override TPMCommandResponse InternalProcess()
        {
            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Quote);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_nonce, 0, 20);
            _pcrSelection.WriteToTpmBlob(requestBlob);

            _keyManager.LoadKey(_params.GetValueOf <string>("key"));

            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("key")).Handle);
                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            TPMPCRCompositeCore pcrComposite = TPMPCRCompositeCore.CreateFromTPMBlob(_responseBlob);
            uint sigSize = _responseBlob.ReadUInt32();

            byte[] signature = _responseBlob.ReadBytes((int)sigSize);

            // Do signature verification
            TPMQuoteInfoCore quoteInfo = TPMQuoteInfoCore.Create(new HashProvider().Hash(new HashTPMBlobWritableDataProvider(pcrComposite)), _nonce);

            byte[] signingData;
            using (TPMBlob blob = new TPMBlob())
            {
                quoteInfo.WriteToTpmBlob(blob);
                signingData = blob.ToArray();
            }

            Parameters pubKeyParams = new Parameters();

            pubKeyParams.AddPrimitiveType("key", _params.GetValueOf <string>("key"));
            TPMCommandRequest  pubKeyRequest  = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetPubKey, pubKeyParams);
            TPMCommandResponse pubKeyResponse = _tpmWrapper.Process(pubKeyRequest,
                                                                    _commandAuthHelper, _keyManager);

            if (pubKeyResponse.Status == false)
            {
                _log.FatalFormat("TPM_Quote: Could not retrieve pubkey of key");
                return(new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_Quote, new Parameters()));
            }

            TPMKey    keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(_params.GetValueOf <string>("key")));
            TPMPubkey pubkey  = pubKeyResponse.Parameters.GetValueOf <TPMPubkey>("pubkey");

            if (SignatureVerification.VerifySignature(keyInfo, pubkey, signingData, signature) == false)
            {
                throw new ArgumentException("The TPM_Quote signature could not be verified");
            }

            Parameters responseParams = new Parameters();

            responseParams.AddValue("pcrData", pcrComposite);
            responseParams.AddPrimitiveType("sig", signature);

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Quote, responseParams));
        }
Example #19
0
 public void WriteToTpmBlob(TPMBlob blob)
 {
     ((ITPMBlobWritable)_version).WriteToTpmBlob(blob);
     blob.WriteByte((byte)_payloadType);
     blob.Write(_payload, 0, _payload.Length);
 }
Example #20
0
        protected override TPMCommandResponse InternalProcess()
        {
            string key = _params.GetValueOf <string>("key");

            _keyManager.LoadKey(key);

            TPMKey keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(key));

            if (keyInfo == null)
            {
                throw new ArgumentException(string.Format("TPM_Sign could not retrieve keyinfo for key '{0}'", key));
            }

            byte[] areaToSign = null;

            if (keyInfo.AlgorithmParams.SigScheme == TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1)
            {
                //Client has hopefully put data in the right format ready for the tpm to process
                if (_params.IsDefined <byte[]>("areaToSign"))
                {
                    areaToSign = _params.GetValueOf <byte[]>("areaToSign");
                }
                //Client just sends data, tpm lib cares about the right, signature dependent, processing
                else if (_params.IsDefined <byte[]>("data"))
                {
                    byte[] data = _params.GetValueOf <byte[]>("data");

                    areaToSign = new HashProvider().Hash(new HashByteDataProvider(data));
                }

                if (areaToSign.Length != 20)
                {
                    throw new ArgumentException(string.Format("Sig scheme '{0}' expects an area to sign with length 20!", keyInfo.AlgorithmParams.SigScheme));
                }
            }
            else
            {
                throw new ArgumentException(string.Format("TPM_Sign has not implemented signature scheme '{0}' for algorithm '{1}'", keyInfo.AlgorithmParams.SigScheme, keyInfo.AlgorithmParams.AlgorithmId));
            }


            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Sign);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.WriteUInt32((uint)areaToSign.Length);
            requestBlob.Write(areaToSign, 0, areaToSign.Length);

            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(key).Handle);

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            uint sigSize = _responseBlob.ReadUInt32();

            byte[] signature = _responseBlob.ReadBytes((int)sigSize);

            Parameters responseParams = new Parameters();

            responseParams.AddPrimitiveType("sig", signature);
            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Sign, responseParams));
        }
Example #21
0
 public void WriteToTpmBlob(TPMBlob blob)
 {
     blob.WriteUInt32((uint)_pubkey.Length);
     blob.Write(_pubkey, 0, _pubkey.Length);
 }
Example #22
0
        protected override TPMCommandResponse InternalProcess()
        {
            // Unencrypted authorization values, they need to be XOR-Encrypted with
            // XOR(auth, SHA-1(OSAP shared secret | session nonce))
            //
            // OSAP_shared_secret = HMAC(key=usage secret of key handle, nonce even osap | nonce odd osap)
            AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);


            _usageAuth     = _params.GetValueOf <byte[]> ("usage_auth");
            _migrationAuth = _params.GetValueOf <byte[]> ("migration_auth");
            byte[] xorKey = new HashProvider().Hash(
                new HashByteDataProvider(auth1OSAP.SharedSecret),
                new HashByteDataProvider(auth1OSAP.NonceEven));

            ByteHelper.XORBytes(_usageAuth, xorKey);
            ByteHelper.XORBytes(_migrationAuth, xorKey);

            //Load parent key if not loaded
            _keyManager.LoadKey(_params.GetValueOf <string>("parent"));

            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateWrapKey);

            //parent key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_usageAuth, 0, 20);
            requestBlob.Write(_migrationAuth, 0, 20);
            _tpmKey.WriteToTpmBlob(requestBlob);



            using (_keyManager.AcquireLock())
            {
                AuthorizeMe(requestBlob);
                requestBlob.SkipHeader();

                if (_params.GetValueOf <string>("parent") == KeyHandle.KEY_SRK)
                {
                    requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
                }
                else
                {
                    requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("parent")).Handle);
                }

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();
            TPMKeyCore newKey = new TPMKeyCore(_responseBlob);

            _responseParameters = new Parameters();

            //Build and save the key identifier
            //The key identifier is the hex-string representation of the hash of the newly created key
            _responseParameters.AddPrimitiveType("key_identifier",
                                                 ByteHelper.ByteArrayToHexString(
                                                     new HashProvider().Hash(
                                                         new HashByteDataProvider(
                                                             ByteHelper.SerializeToBytes(newKey)
                                                             )
                                                         ),
                                                     ""));

            _responseParameters.AddPrimitiveType("key_data", ByteHelper.SerializeToBytes(newKey));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateWrapKey, _responseParameters));
        }
Example #23
0
 public void WriteToTpmBlob(TPMBlob blob)
 {
     blob.WriteUInt16((ushort)_pcrSelection.Data.Length);
     blob.Write(_pcrSelection.Data, 0, _pcrSelection.Data.Length);
 }