public override TPMCommandResponse Process()
{
byte[] nonce = NonceGenerator.GenerateByteNonce (20);
TPMBlob requestBlob = new TPMBlob ();
requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadPubek);
requestBlob.Write (nonce, 0, nonce.Length);
requestBlob.WriteCmdSize ();
TPMBlob responseBlob = TransmitMe(requestBlob);
responseBlob.SkipHeader ();
long posStart = responseBlob.Position;
TPMPubkeyCore pubkey = TPMPubkeyCore.CreateFromTPMBlob(responseBlob);
long posEnd = responseBlob.Position;
Digest digest = new Digest (responseBlob, 20);
if (digest.CompareTo (
new HashStreamDataProvider (responseBlob, posStart, posEnd - posStart, false),
new HashByteDataProvider (nonce)) == false)
{
throw new TPMResponseException ("Local digest does not match remote digest");
}
Parameters responseParams = new Parameters ();
responseParams.AddValue (TPMPubkey.PARAM_TPM_PUBKEY, pubkey);
return new TPMCommandResponse (true, TPMCommandNames.TPM_CMD_ReadPubek, responseParams);
}
public void WriteToTpmBlob(TPMBlob blob)
{
((ITPMBlobWritable)_version).WriteToTpmBlob(blob);
blob.Write(_fixed, 0, _fixed.Length);
blob.Write(_compositeHash, 0, _compositeHash.Length);
blob.Write(_nonce, 0, _nonce.Length);
}
public void ReadFromTpmBlob(TPMBlob blob)
{
UInt16 handleCount = blob.ReadUInt16 ();
for (int i = 0; i < handleCount; i++)
_handles.Add (blob.ReadUInt32());
}
public override TPMCommandResponse Process()
{
//We don't have any meaningful labeldata we could include,
//so generate some random
byte[] labelData = new byte[16];
Random r = new Random();
r.NextBytes(labelData);
if(_params.IsDefined<ITPMHandle>("handle") == false)
return new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_SaveContext, new Parameters());
ITPMHandle handle = _params.GetValueOf<ITPMHandle>("handle");
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_SaveContext);
requestBlob.WriteUInt32(handle.Handle);
requestBlob.WriteUInt32((uint)handle.ResourceType);
requestBlob.Write(labelData, 0, labelData.Length);
TPMBlob responseBlob = TransmitMe(requestBlob);
responseBlob.SkipHeader();
uint blobSize = responseBlob.ReadUInt32();
byte[] contextBlob = responseBlob.ReadBytes((int)blobSize);
Parameters responseParams = new Parameters();
responseParams.AddPrimitiveType("context_blob", contextBlob);
return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_SaveContext, responseParams);
}
public HashTPMBlobWritableDataProvider(ITPMBlobWritable blobWritable)
{
TPMBlob tempBlob = new TPMBlob ();
blobWritable.WriteToTpmBlob (tempBlob);
_subDataProvider = new HashStreamDataProvider (tempBlob, null, null, true);
}
public void ReadFromTpmBlob(TPMBlob blob)
{
uint size = blob.ReadUInt16();
byte[] selectionBits = new byte[size];
blob.Read(selectionBits, 0, (int)size);
_pcrSelection = new BitMap(selectionBits);
}
public ResponseAuthHandleInfoCore(TPMBlob blob, long startIndex)
{
blob.Seek(startIndex, SeekOrigin.Begin);
_nonceEven = blob.ReadBytes(20);
_continueAuthSession = blob.ReadBool();
_tpmAuthData = blob.ReadBytes(20);
}
public void WriteToTpmBlob(TPMBlob blob)
{
((ITPMBlobWritable)_versionStruct).WriteToTpmBlob(blob);
blob.WriteUInt32((uint)_sealInfo.Length);
blob.Write(_sealInfo,0,_sealInfo.Length);
blob.WriteUInt32((uint)_encData.Length);
blob.Write(_encData, 0, _encData.Length);
}
public void WriteToTpmBlob(TPMBlob blob)
{
((ITPMBlobWritable)_pcrSelection).WriteToTpmBlob(blob);
blob.WriteUInt32((uint)_pcrValues.Length * 20);
foreach(byte[] pcrValue in _pcrValues)
blob.Write(pcrValue,0, pcrValue.Length);
}
public void ReadFromTpmBlob(TPMBlob blob)
{
_keyLength = blob.ReadUInt32 ();
_numPrimes = blob.ReadUInt32 ();
uint expoSize = blob.ReadUInt32 ();
_exponent = new byte[expoSize];
blob.Read (_exponent, 0, (int)expoSize);
}
public static TPMContextBlobCore CreateFromBytes(byte[] rawContextBLob)
{
using(TPMBlob blob = new TPMBlob(rawContextBLob))
{
TPMContextBlobCore contextBlob = new TPMContextBlobCore();
contextBlob.ReadFromTpmBlob(blob);
return contextBlob;
}
}
public void ReadFromTpmBlob(TPMBlob blob)
{
_pcrSelection = TPMPCRSelectionCore.CreateFromTPMBlob(blob);
uint valueSize = blob.ReadUInt32();
_pcrValues = new byte[valueSize/20][];
for(int i = 0; i<valueSize/20; i++)
_pcrValues[i] = blob.ReadBytes(20);
}
public void ReadFromTpmBlob(TPMBlob blob)
{
_versionStruct = CapabilityDataCore.TPMVersionCore.CreateFromTPMBlob(blob);
_sealInfo = new byte[blob.ReadUInt32()];
blob.Read(_sealInfo, 0, _sealInfo.Length);
_encData = new byte[blob.ReadUInt32()];
blob.Read(_encData, 0, _encData.Length);
}
public void ReadFromTpmBlob(TPMBlob blob)
{
_authHandle = blob.ReadUInt32();
_nonceEven = new byte[20];
blob.Read(_nonceEven, 0, _nonceEven.Length);
if(_authType == AuthHandle.AuthType.OSAP)
{
_nonceEvenOSAP = new byte[20];
blob.Read(_nonceEvenOSAP, 0, _nonceEvenOSAP.Length);
}
}
public void ReadFromTpmBlob(TPMBlob blob)
{
/*uint responseSize = */blob.ReadUInt32 ();
this._tag = blob.ReadUInt16 ();
this._version = new TPMVersionCore (blob);
this._specLevel = blob.ReadUInt16 ();
this._errataRev = blob.ReadByte ();
this._tpmVendorId = new byte[4];
blob.Read (_tpmVendorId, 0, _tpmVendorId.Length);
ushort vendorSize = blob.ReadUInt16 ();
_vendorSpecific = blob.ReadBytes (vendorSize);
}
public void ReadFromTpmBlob(TPMBlob blob)
{
_tag = (TPMStructureTag)blob.ReadUInt16();
_resourceType = (TPMResourceType)blob.ReadUInt32();
_handle = blob.ReadUInt32();
_label = blob.ReadBytes(16);
_contextCount = blob.ReadUInt32();
_integrityDigest = blob.ReadBytes(20);
uint additionalSize = blob.ReadUInt32();
_additionalData = blob.ReadBytes((int)additionalSize);
uint sensitiveSize = blob.ReadUInt32();
_sensitiveData = blob.ReadBytes((int)sensitiveSize);
}
public override TPMCommandResponse Process()
{
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OIAP);
requestBlob.WriteCmdSize();
_commandAuthHelper.EnsureFreeSlot();
TPMBlob responseBlob = TransmitMe(requestBlob);
responseBlob.SkipHeader();
AuthHandleCore authHandle = new AuthHandleCore(AuthHandle.AuthType.OIAP, responseBlob);
_responseParameters = new Parameters();
_responseParameters.AddValue("auth_handle", authHandle);
return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OIAP, _responseParameters);
}
/// <summary>
/// Writes target to sink with the uint size preceding
/// </summary>
/// <param name="sink"></param>
/// <param name="target"></param>
public static void WriteITPMBlobWritableWithUIntSize(TPMBlob sink, ITPMBlobWritable target)
{
if (target == null)
{
sink.WriteUInt32 (0);
}
else
{
using (TPMBlob tempBlob = new TPMBlob ())
{
target.WriteToTpmBlob (tempBlob);
sink.WriteUInt32 ((uint)tempBlob.Length);
sink.Write (tempBlob.ToArray (), 0, (int)tempBlob.Length);
}
}
}
public override TPMCommandResponse Process()
{
using(TPMBlob requestBlob = new TPMBlob())
{
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_GetRandom);
requestBlob.WriteUInt32(_params.GetValueOf<uint>("bytes_requested"));
_responseBlob = TransmitMe(requestBlob);
}
_responseBlob.SkipHeader();
uint responseByteSize = _responseBlob.ReadUInt32();
_responseParameters = new Parameters();
_responseParameters.AddPrimitiveType("data", _responseBlob.ReadBytes((int)responseByteSize));
return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_GetRandom, _responseParameters);
}
public override TPMCommandResponse Process()
{
using(TPMBlob requestBlob = new TPMBlob())
{
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadCounter);
requestBlob.WriteUInt32(_params.GetValueOf<uint>("counter_id"));
_responseBlob = TransmitMe(requestBlob);
}
_responseBlob.SkipHeader();
_responseParameters = new Parameters();
_responseParameters.AddPrimitiveType("counter_id", _params.GetValueOf<uint>("counter_id"));
_responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));
return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_ReadCounter, _responseParameters);
}
public override TPMCommandResponse Process()
{
if(_params.GetValueOf<string>("type", "") == "request_prefix")
{
TPMBoundDataCore boundData = TPMBoundDataCore.Encapsulate(new byte[0]);
_responseParameters = new Parameters();
using(TPMBlob blob = new TPMBlob())
{
boundData.WriteToTpmBlob(blob);
_responseParameters.AddPrimitiveType("prefix", blob.ToArray());
}
return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Bind, _responseParameters);
}
else
throw new ArgumentException("TPM_Bind: did not find valid type");
}
public override TPMCommandResponse Process()
{
TPMBlob requestBlob = new TPMBlob ();
requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_PcrRead);
requestBlob.WriteUInt32 ((uint)_register);
requestBlob.WriteCmdSize ();
TPMBlob responseBlob = TransmitMe (requestBlob);
Parameters responseParam = new Parameters();
byte[] val = responseBlob.ReadBytes(20);
responseParam.AddPrimitiveType("pcrnum", _register);
responseParam.AddPrimitiveType("value", val);
TPMCommandResponse response = new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_PCRRead, responseParam);
return response;
}
public static ResponseAuthHandleInfo[] ReadAuthHandleInfos(IAuthorizableCommand cmd, TPMBlob blob)
{
long currentIndex = blob.Length;
List<ResponseAuthHandleInfo> responseAuthHandles = new List<ResponseAuthHandleInfo>();
foreach(AuthSessionNum authSession in new AuthSessionNum[]{AuthSessionNum.Auth2, AuthSessionNum.Auth1})
{
HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSession);
if(keyInfo != null)
{
currentIndex -= SINGLE_AUTH_HANDLE_SIZE;
responseAuthHandles.Add(new ResponseAuthHandleInfoCore(blob, currentIndex));
}
}
responseAuthHandles.Reverse();
return responseAuthHandles.ToArray();
}
public override TPMCommandResponse Process()
{
using(TPMBlob requestBlob = new TPMBlob())
{
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_Extend);
requestBlob.WriteUInt32(_params.GetValueOf<uint>("pcr"));
byte[] digest = _params.GetValueOf<byte[]>("digest");
if(digest.Length != 20)
throw new ArgumentException("Digest needs to be of length '20'");
requestBlob.Write(digest, 0, digest.Length);
_responseBlob = TransmitMe(requestBlob);
}
_responseBlob.SkipHeader();
_responseParameters = new Parameters();
_responseParameters.AddPrimitiveType("pcr_value", _responseBlob.ReadBytes(20));
return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Extend, _responseParameters);
}
public void ReadFromTpmBlob(TPMBlob blob)
{
_algorithmId = (TPMAlgorithmId)blob.ReadUInt32 ();
_encScheme = (TPMEncScheme)blob.ReadUInt16 ();
_sigScheme = (TPMSigScheme)blob.ReadUInt16 ();
UInt32 paramsSize = blob.ReadUInt32 ();
byte[] paramsData = new byte[paramsSize];
blob.Read (paramsData, 0, paramsData.Length);
using (TPMBlob paramSrc = new TPMBlob (paramsData))
{
if (_algorithmId == TPMAlgorithmId.TPM_ALG_RSA)
_params = TPMRSAKeyParamsCore.CreateFromTPMBlob(paramSrc);
else if (_algorithmId == TPMAlgorithmId.TPM_ALG_AES128 ||
_algorithmId == TPMAlgorithmId.TPM_ALG_AES192 ||
_algorithmId == TPMAlgorithmId.TPM_ALG_AES256)
//TODO
throw new NotImplementedException ("Symmetric key params not implemented");
}
}
public override TPMCommandResponse Process()
{
ITPMHandle handle = _params.GetValueOf<ITPMHandle> ("handle");
TPMBlob requestBlob = new TPMBlob ();
requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_FlushSpecific);
requestBlob.WriteUInt32 (handle.Handle);
requestBlob.WriteUInt32 ((uint)handle.ResourceType);
requestBlob.WriteCmdSize ();
try
{
TransmitMe(requestBlob);
}
catch(Exception)
{
if(!_params.GetValueOf<bool>("ignore_tpm_error", false))
throw;
}
return new TPMCommandResponse (true, TPMCommandNames.TPM_CMD_FlushSpecific, new Parameters ());
}
public override TPMCommandResponse Process()
{
if(_params.IsDefined<ITPMHandle>("handle") == false ||
_params.IsDefined<byte[]>("context_blob") == false)
return new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_LoadContext, new Parameters());
ITPMHandle handle = _params.GetValueOf<ITPMHandle>("handle");
TPMBlob blob = new TPMBlob();
blob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_LoadContext);
blob.WriteUInt32(handle.Handle);
blob.WriteBool(handle.ForceHandle);
blob.WriteUInt32((uint)handle.ContextBlob.Length);
blob.Write(handle.ContextBlob, 0, handle.ContextBlob.Length);
TPMBlob responseBlob = TransmitMe(blob);
responseBlob.SkipHeader();
handle.Handle = responseBlob.ReadUInt32();
Parameters responseParameters = new Parameters();
responseParameters.AddValue("handle", handle);
return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_LoadContext, responseParameters);
}
protected override TPMCommandResponse InternalProcess()
{
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Quote);
//key handle gets inserted later, it may be not available now
requestBlob.WriteUInt32(0);
requestBlob.Write(_nonce, 0, 20);
_pcrSelection.WriteToTpmBlob(requestBlob);
_keyManager.LoadKey(_params.GetValueOf<string>("key"));
AuthorizeMe(requestBlob);
using(_keyManager.AcquireLock())
{
requestBlob.SkipHeader();
requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("key")).Handle);
_responseBlob = TransmitMe(requestBlob);
}
CheckResponseAuthInfo();
_responseBlob.SkipHeader();
TPMPCRCompositeCore pcrComposite = TPMPCRCompositeCore.CreateFromTPMBlob(_responseBlob);
uint sigSize = _responseBlob.ReadUInt32();
byte[] signature = _responseBlob.ReadBytes((int)sigSize);
// Do signature verification
TPMQuoteInfoCore quoteInfo = TPMQuoteInfoCore.Create(new HashProvider().Hash(new HashTPMBlobWritableDataProvider(pcrComposite)), _nonce);
byte[] signingData;
using (TPMBlob blob = new TPMBlob())
{
quoteInfo.WriteToTpmBlob(blob);
signingData = blob.ToArray();
}
Parameters pubKeyParams = new Parameters();
pubKeyParams.AddPrimitiveType("key", _params.GetValueOf<string>("key"));
TPMCommandRequest pubKeyRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetPubKey, pubKeyParams);
TPMCommandResponse pubKeyResponse = _tpmWrapper.Process(pubKeyRequest,
_commandAuthHelper, _keyManager);
if (pubKeyResponse.Status == false)
{
_log.FatalFormat("TPM_Quote: Could not retrieve pubkey of key");
return new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_Quote, new Parameters());
}
TPMKey keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(_params.GetValueOf<string>("key")));
TPMPubkey pubkey = pubKeyResponse.Parameters.GetValueOf<TPMPubkey>("pubkey");
if (SignatureVerification.VerifySignature(keyInfo, pubkey, signingData, signature) == false)
{
throw new ArgumentException("The TPM_Quote signature could not be verified");
}
Parameters responseParams = new Parameters();
responseParams.AddValue("pcrData", pcrComposite);
responseParams.AddPrimitiveType("sig", signature);
return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Quote, responseParams);
}
public void ReadFromTpmBlob(TPMBlob blob)
{
blob.Read (_digest, 0, _digest.Length);
}
/// <summary>
///
/// </summary>
/// <param name="blob"></param>
/// <param name="digestSize">Digest size in bytes</param>
public Digest(TPMBlob blob, int digestSize)
{
_digest = new byte[digestSize];
ReadFromTpmBlob (blob);
}