/// <summary>
/// Create a simple bound but unseeded session.
/// </summary>
public AuthSession StartAuthSessionEx(
TpmHandle boundEntity,
TpmSe sessionType,
TpmAlgId authHash,
SessionAttr initialialAttrs = SessionAttr.ContinueSession,
SymDef symDef = null,
int nonceCallerSize = 0)
{
byte[] nonceTpm;
var EmptySalt = new byte[0];
if (nonceCallerSize == 0)
{
nonceCallerSize = CryptoLib.DigestSize(authHash);
}
AuthSession sess = StartAuthSession(TpmRh.Null, boundEntity,
GetRandomBytes(nonceCallerSize),
EmptySalt, sessionType,
symDef ?? new SymDef(),
authHash, out nonceTpm)
+ initialialAttrs;
_InitializeSession(sess);
return sess;
}
/// <summary>
/// Create a simple bound but unseeded session.
/// </summary>
public AuthSession StartAuthSessionEx(
TpmHandle boundEntity,
TpmSe sessionType,
TpmAlgId authHash,
SessionAttr initialialAttrs = SessionAttr.ContinueSession,
SymDef symDef = null,
int nonceCallerSize = 0)
{
byte[] nonceTpm;
var EmptySalt = new byte[0];
if (nonceCallerSize == 0)
{
nonceCallerSize = CryptoLib.DigestSize(authHash);
}
AuthSession sess = StartAuthSession(TpmRh.Null, boundEntity,
GetRandomBytes(nonceCallerSize),
EmptySalt, sessionType,
symDef ?? new SymDef(),
authHash, out nonceTpm)
+ initialialAttrs;
_InitializeSession(sess);
return(sess);
}
/// <summary>
/// Create a simple unbound & unseeded session.
/// </summary>
public AuthSession StartAuthSessionEx(
TpmSe sessionType,
TpmAlgId authHash,
int nonceCallerSize = 16)
{
return(StartAuthSessionEx(sessionType, authHash,
SessionAttr.ContinueSession, nonceCallerSize));
}
/// <summary>
/// Create a simple unbound & unseeded session.
/// </summary>
public AuthSession StartAuthSessionEx(
TpmSe sessionType,
TpmAlgId authHash,
int nonceCallerSize = 0)
{
return StartAuthSessionEx(sessionType, authHash,
SessionAttr.ContinueSession, nonceCallerSize);
}
/// <summary>
/// Create a simple unbound & unseeded session.
/// </summary>
public AuthSession StartAuthSessionEx(
TpmSe sessionType,
TpmAlgId authHash,
SessionAttr initialialAttrs,
int nonceCallerSize = 0)
{
return StartAuthSessionEx(sessionType, authHash,
initialialAttrs, new SymDef(), nonceCallerSize);
}
/// <summary>
/// Create a simple unbound & unseeded session.
/// </summary>
public AuthSession StartAuthSessionEx(
TpmSe sessionType,
TpmAlgId authHash,
SessionAttr initialialAttrs,
int nonceCallerSize = 16)
{
return(StartAuthSessionEx(sessionType, authHash,
initialialAttrs, new SymDef(), nonceCallerSize));
}
/// <summary>
/// Create a simple unbound & unseeded session supporting session encryption.
/// </summary>
public AuthSession StartAuthSessionEx(
TpmSe sessionType,
TpmAlgId authHash,
SessionAttr initialialAttrs,
SymDef symDef,
int nonceCallerSize = 0)
{
return(StartAuthSessionEx(TpmRh.Null, sessionType, authHash,
initialialAttrs, symDef, nonceCallerSize));
}
/// <summary>
/// Create a simple unbound & unseeded session supporting session encryption.
/// </summary>
public AuthSession StartAuthSessionEx(
TpmSe sessionType,
TpmAlgId authHash,
SessionAttr initialialAttrs,
SymDef symDef,
int nonceCallerSize = 0)
{
return StartAuthSessionEx(TpmRh.Null, sessionType, authHash,
initialialAttrs, symDef, nonceCallerSize);
}
/// <summary>
/// Constructs a temporary object to hold parameters of a session.
/// Intended only for internal use by the Tpm2 class.
/// </summary>
internal AuthSession(TpmSe sessionType, TpmHandle tpmKey, TpmHandle bindObject,
byte[] nonceCaller, byte[] nonceTpm, SymDef symmetric, TpmAlgId authHash)
{
SessionType = sessionType;
Salt = tpmKey == TpmRh.Null ? null : SaltNeeded;
BindObject = bindObject;
NonceCaller = nonceCaller;
NonceTpm = nonceTpm;
Symmetric = symmetric;
AuthHash = authHash;
}
/// <summary>
/// Sets parameters associated with the session.
/// </summary>
internal void Init(AuthSession Params)
{
SessionType = Params.SessionType;
BindObject = Params.BindObject;
NonceCaller = Params.NonceCaller;
NonceTpm = Params.NonceTpm;
Symmetric = Params.Symmetric;
AuthHash = Params.AuthHash;
AuthHandle = Params.AuthHandle;
// When salt is required, the session will have it set directly by the user
if (Params.Salt != SaltNeeded)
{
Salt = null;
}
}
/// <summary>
/// Create a simple unbound & unseeded session supporting session encryption.
/// </summary>
public AuthSession StartAuthSessionEx(
TpmSe sessionType,
TpmAlgId authHash,
SessionAttr initialialAttrs,
SymDef symmAlg,
int nonceCallerSize = 16)
{
byte[] nonceTpm;
var EmptySalt = new byte[0];
AuthSession sess = StartAuthSession(TpmRh.Null, TpmRh.Null,
GetRandomBytes(nonceCallerSize), EmptySalt,
sessionType, symmAlg, authHash, out nonceTpm)
+ initialialAttrs;
_InitializeSession(sess);
return sess;
}
/// <summary>
/// Create a simple unbound & unseeded session supporting session encryption.
/// </summary>
public AuthSession StartAuthSessionEx(
TpmSe sessionType,
TpmAlgId authHash,
SessionAttr initialialAttrs,
SymDef symmAlg,
int nonceCallerSize = 16)
{
byte[] nonceTpm;
var EmptySalt = new byte[0];
AuthSession sess = StartAuthSession(TpmRh.Null, TpmRh.Null,
GetRandomBytes(nonceCallerSize), EmptySalt,
sessionType, symmAlg, authHash, out nonceTpm)
+ initialialAttrs;
_InitializeSession(sess);
return(sess);
}
/// <summary>
/// Create a simple unbound & unseeded session supporting session encryption.
/// </summary>
public AuthSession CancelSafeStartAuthSession(
TpmSe sessionType,
TpmAlgId authHash,
int nonceCallerSize = 16)
{
byte[] nonceTpm;
var EmptySalt = new byte[0];
TpmHandle hSess;
var ctx = new CancelationCtx(this, "FlushContext");
do {
_AllowErrors();
hSess = StartAuthSession(TpmRh.Null, TpmRh.Null,
GetRandomBytes(nonceCallerSize), EmptySalt,
sessionType, new SymDef(), authHash, out nonceTpm);
} while (ctx.NeedRetry());
ctx.Done();
AuthSession sess = hSess + SessionAttr.ContinueSession;
_InitializeSession(sess);
return sess;
}
/// <summary>
/// Sets parameters associated with the session.
/// </summary>
internal void Init (AuthSession Params)
{
SessionType = Params.SessionType;
BindObject = Params.BindObject;
NonceCaller = Params.NonceCaller;
NonceTpm = Params.NonceTpm;
Symmetric = Params.Symmetric;
AuthHash = Params.AuthHash;
AuthHandle = Params.AuthHandle;
// When salt is required, destination session will have it set directly by the user
if (Params.Salt != SaltNeeded)
Salt = null;
}
public Tpm2StartAuthSessionRequest()
{
tpmKey = new TpmHandle();
bind = new TpmHandle();
nonceCaller = new byte[0];
encryptedSalt = new byte[0];
sessionType = new TpmSe();
symmetric = new SymDef();
authHash = TpmAlgId.Null;
}
///<param name = "the_tpmKey">handle of a loaded decrypt key used to encrypt salt may be TPM_RH_NULL Auth Index: None</param>
///<param name = "the_bind">entity providing the authValue may be TPM_RH_NULL Auth Index: None</param>
///<param name = "the_nonceCaller">initial nonceCaller, sets nonce size for the session shall be at least 16 octets</param>
///<param name = "the_encryptedSalt">value encrypted according to the type of tpmKey If tpmKey is TPM_RH_NULL, this shall be the Empty Buffer.</param>
///<param name = "the_sessionType">indicates the type of the session; simple HMAC or policy (including a trial policy)</param>
///<param name = "the_symmetric">the algorithm and key size for parameter encryption may select TPM_ALG_NULL</param>
///<param name = "the_authHash">hash algorithm to use for the session Shall be a hash algorithm supported by the TPM and not TPM_ALG_NULL</param>
public Tpm2StartAuthSessionRequest(
TpmHandle the_tpmKey,
TpmHandle the_bind,
byte[] the_nonceCaller,
byte[] the_encryptedSalt,
TpmSe the_sessionType,
SymDef the_symmetric,
TpmAlgId the_authHash
)
{
this.tpmKey = the_tpmKey;
this.bind = the_bind;
this.nonceCaller = the_nonceCaller;
this.encryptedSalt = the_encryptedSalt;
this.sessionType = the_sessionType;
this.symmetric = the_symmetric;
this.authHash = the_authHash;
}
public TpmHandle StartAuthSession(
TpmHandle tpmKey,
TpmHandle bind,
byte[] nonceCaller,
byte[] encryptedSalt,
TpmSe sessionType,
SymDef symmetric,
TpmAlgId authHash,
[SuppressMessage("Microsoft.Design", "CA1021")]
out byte[] nonceTPM
)
{
Tpm2StartAuthSessionRequest inS = new Tpm2StartAuthSessionRequest();
inS.tpmKey = tpmKey;
inS.bind = bind;
inS.nonceCaller = nonceCaller;
inS.encryptedSalt = encryptedSalt;
inS.sessionType = sessionType;
inS.symmetric = symmetric;
inS.authHash = authHash;
TpmStructureBase outSBase;
DispatchMethod(TpmCc.StartAuthSession, (TpmStructureBase) inS, typeof(Tpm2StartAuthSessionResponse), out outSBase, 2, 1);
Tpm2StartAuthSessionResponse outS = (Tpm2StartAuthSessionResponse) outSBase;
nonceTPM = outS.nonceTPM;
return outS.sessionHandle;
}
/// <summary>
/// Constructs a temporary object to hold parameters of a session.
/// Intended only for internal use by the Tpm2 class.
/// </summary>
internal AuthSession(TpmSe sessionType, TpmHandle tpmKey, TpmHandle bindObject,
byte[] nonceCaller, byte[] nonceTpm, SymDef symmetric, TpmAlgId authHash)
{
SessionType = sessionType;
Salt = tpmKey == TpmRh.Null ? null : SaltNeeded;
BindObject = bindObject;
NonceCaller = nonceCaller;
NonceTpm = nonceTpm;
Symmetric = symmetric;
AuthHash = authHash;
}
