private static void TestKeystoreSqlite()
{
Dictionary <string, string> parameters = new Dictionary <string, string>();
parameters.Add("file", "test.db");
using (TPMKeystoreProvider keystore = TPMKeystoreProviders.Create("SQLiteKeystore", parameters))
{
if (keystore.KeyCount == 0)
{
for (int i = 0; i < 1000; i++)
{
Console.WriteLine("Inserting {0}/1000", i);
keystore.AddKey("FN" + i.ToString(), "ident" + i.ToString(), null, new byte[] { 0, 1, 2, 3, (byte)(i % 255) });
}
}
Console.WriteLine("FriendlyNames: ");
foreach (string friendlyName in keystore.EnumerateFriendlyNames())
{
Console.WriteLine("{0} - {1} - Parent: {2}, data: {3}", friendlyName, keystore.FriendlyNameToIdentifier(friendlyName),
keystore.FindParentKeyByFriendlyName(friendlyName), ByteHelper.ByteArrayToHexString(keystore.GetKeyBlob(keystore.FriendlyNameToIdentifier(friendlyName))));
}
Console.WriteLine("End of friendlynames\n");
Console.WriteLine("Identifiers: ");
//keystore.AddKey("FriendlyName1", "ident1", null, new byte[]{0,1,2,3,4});
foreach (string ident in keystore.EnumerateIdentifiers())
{
Console.WriteLine("{0} - {1}", ident, keystore.IdentifierToFriendlyName(ident));
}
Console.WriteLine("End of Identifiers\n");
}
}
public static void Main(String[] args)
{
using (EzQuoteMain main = new EzQuoteMain())
{
/*foreach (String tpm_name in main.ctx_.TPMClient.TPMDevices)
* {
* Console.WriteLine("TPM DEVICE {0}", tpm_name);
*
* }*/
TPMSession tpm0 = main.ctx_.TPMClient.SelectTPMDevice("ibm0");
IDictionary <string, string> opts = new Dictionary <string, string>();
opts.Add("file", "/tmp/mystore");
tpm0.Keystore = TPMKeystoreProviders.Create("SQLiteKeystore", opts);
tpm0.SetRequestSecretCallback(mycallback);
/*
* ProtectedPasswordStorage pws = new ProtectedPasswordStorage();
* pws.AppendPasswordChar('i');
* pws.AppendPasswordChar('a');
* pws.AppendPasswordChar('i');
* pws.AppendPasswordChar('k');
*
* tpm0.AdministrationClient.TakeOwnership(pws, pws);
*/
ClientKeyHandle kh_srk = tpm0.KeyClient.GetSrkKeyHandle();
ClientKeyHandle kh_sig1 = kh_srk.CreateKey("sigkey5" + tpm0.CreateRNG().Next(), 2048, TPMKeyUsage.TPM_KEY_SIGNING,
TPMKeyFlags.None);
TPMPCRSelection pcrs = tpm0.CreateEmptyPCRSelection();
pcrs.PcrSelection.SetBit(0, true);
pcrs.PcrSelection.SetBit(1, true);
pcrs.PcrSelection.SetBit(16, true);
foreach (int pcr in pcrs.SelectedPCRs)
{
Console.Write(" PCR {0:D2}: 0x");
foreach (byte b in tpm0.IntegrityClient.PCRValue((uint)pcr))
{
Console.Write("{0:X2}", b);
}
Console.WriteLine();
}
ISigner signer = kh_sig1.CreateQuoter(pcrs);
signer.Init(true, null);
signer.Update((byte)'i');
signer.Update((byte)'a');
signer.Update((byte)'i');
signer.Update((byte)'k');
byte[] signature = signer.GenerateSignature();
Console.Write("QUOTE: ");
foreach (byte b in signature)
{
Console.Write(" {0:X2}", b);
}
Console.WriteLine();
ISigner verifier = kh_sig1.CreateQuoter(pcrs);
verifier.Init(false, null);
verifier.Update((byte)'i');
verifier.Update((byte)'a');
verifier.Update((byte)'i');
verifier.Update((byte)'k');
if (verifier.VerifySignature(signature))
{
Console.WriteLine("JO IT WORKED");
}
else
{
Console.WriteLine("NA IT FAILED");
}
}
}
public override void Execute(string[] commandline)
{
if (commandline.Length < 2)
{
_console.Out.WriteLine("Error: [local_session_alias] not specified");
return;
}
else if (commandline.Length < 3)
{
_console.Out.WriteLine("Error: [command] not specified");
return;
}
ClientContext ctx = _console.GetValue <ClientContext> ("client_context", null);
if (ctx == null)
{
_console.Out.WriteLine("No active connection was found");
return;
}
string localAlias = commandline[1];
string keyCommand = commandline[2];
IDictionary <string, TPMSession> tpmSessions = _console.GetValue <IDictionary <string, TPMSession> > ("tpm_sessions", null);
if (tpmSessions == null || tpmSessions.ContainsKey(localAlias) == false)
{
_console.Out.WriteLine("Error: Specified local alias was not found");
return;
}
if (keyCommand == "keystore_open")
{
if (commandline.Length < 4)
{
_console.Out.WriteLine("Error: keystore_open requires some arguments, check help for further information");
return;
}
if (tpmSessions[localAlias].Keystore != null)
{
_console.Out.WriteLine("Error: There is already an open keystore!");
return;
}
string[] sArguments = commandline[3].Split(',');
IDictionary <string, string> arguments = _console.SplitArguments(commandline[3], 1);
TPMKeystoreProvider keystore = TPMKeystoreProviders.Create(sArguments[0], arguments);
tpmSessions[localAlias].Keystore = keystore;
}
else if (keyCommand == "keystore_close")
{
TPMKeystoreProvider keystore = tpmSessions[localAlias].Keystore;
if (keystore != null)
{
keystore.Dispose();
tpmSessions[localAlias].Keystore = keystore;
}
}
else if (keyCommand == "keystore_list")
{
TPMKeystoreProvider keystore = tpmSessions[localAlias].Keystore;
if (keystore == null)
{
_console.Out.WriteLine("Error: No keystore opened");
return;
}
_console.Out.WriteLine("The keystore contains #{0} keys", keystore.EnumerateFriendlyNames().Length);
_console.Out.WriteLine();
foreach (string friendlyName in keystore.EnumerateFriendlyNames())
{
string parent = "<SRK>";
KeyValuePair <string, string>?parentKey = keystore.FindParentKeyByFriendlyName(friendlyName);
if (parentKey != null)
{
parent = parentKey.Value.Key;
}
_console.Out.WriteLine("{0} ({1}) parent: {2}", friendlyName,
keystore.FriendlyNameToIdentifier(friendlyName), parent);
}
}
else if (keyCommand == "create")
{
if (tpmSessions[localAlias].Keystore == null)
{
_console.Out.WriteLine("Error: No keystore was opened");
return;
}
IDictionary <string, string> arguments = _console.SplitArguments(commandline[3], 0);
if (arguments.ContainsKey("name") == false)
{
_console.Out.WriteLine("Error: No name specified");
return;
}
if (arguments.ContainsKey("parent") == false)
{
_console.Out.WriteLine("Error: No parent key specified");
return;
}
ClientKeyHandle keyHandle;
if (arguments["parent"] == "srk")
{
keyHandle = tpmSessions[localAlias].KeyClient.GetSrkKeyHandle();
}
else
{
keyHandle = tpmSessions[localAlias].KeyClient.GetKeyHandleByFriendlyName(arguments["parent"]);
}
if (keyHandle == null)
{
_console.Out.WriteLine("Error: Key with name '{0}' not found", arguments["parent"]);
return;
}
if (arguments.ContainsKey("key_usage") == false)
{
_console.Out.WriteLine("Error: key_usage not defined");
return;
}
TPMKeyUsage keyUsage;
switch (arguments["key_usage"])
{
case "sign":
keyUsage = TPMKeyUsage.TPM_KEY_SIGNING;
break;
case "bind":
keyUsage = TPMKeyUsage.TPM_KEY_BIND;
break;
case "storage":
keyUsage = TPMKeyUsage.TPM_KEY_STORAGE;
break;
default:
_console.Out.WriteLine("Error: Invalid key_usage '{0}'", arguments["key_usage"]);
return;
}
if (arguments.ContainsKey("key_length") == false)
{
_console.Out.WriteLine("Error: key_length not defined!");
return;
}
uint keyLength = 0;
if (uint.TryParse(arguments["key_length"], out keyLength) == false)
{
_console.Out.WriteLine("Error: Could not parse key_length");
return;
}
TPMKeyFlags keyFlags = TPMKeyFlags.None;
if (arguments.ContainsKey("key_flags"))
{
switch (arguments["key_flags"])
{
case "none":
keyFlags = TPMKeyFlags.None;
break;
case "migratable":
keyFlags = TPMKeyFlags.Migratable;
break;
}
}
//Make sure that key usage auth and if required migration auth is in the secret cache
Parameters hmacParams = new Parameters();
hmacParams.AddPrimitiveType("identifierIsFriendlyName", true);
hmacParams.AddPrimitiveType("identifier", arguments["name"]);
ProtectedPasswordStorage usageAuth = tpmSessions[localAlias].RequestSecret(
new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, hmacParams));
if (usageAuth != null)
{
tpmSessions[localAlias].SetValue("secret_usage_" + arguments["name"], usageAuth);
}
if ((keyFlags & TPMKeyFlags.Migratable) == TPMKeyFlags.Migratable)
{
ProtectedPasswordStorage migrationAuth = tpmSessions[localAlias].RequestSecret(
new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyMigrationSecret, hmacParams));
if (migrationAuth != null)
{
tpmSessions[localAlias].SetValue("secret_migration_" + arguments["name"], migrationAuth);
}
}
/*ClientKeyHandle newKey =*/ keyHandle.CreateKey(arguments["name"], keyLength, keyUsage, keyFlags);
}
else
{
_console.Out.WriteLine("Error, unknown command '{0}'", commandline[2]);
}
}
