public void WriteToTpmBlob(TPMBlob blob)
{
blob.WriteUInt32 ((uint)_algorithmId);
blob.WriteUInt16 ((ushort)_encScheme);
blob.WriteUInt16 ((ushort)_sigScheme);
TPMBlobWriteableHelper.WriteITPMBlobWritableWithUIntSize (blob, (ITPMBlobWritable)_params);
}
public void WriteToTpmBlob(TPMBlob blob)
{
((ITPMBlobWritable)_version).WriteToTpmBlob (blob);
blob.WriteUInt16 ((ushort)_keyUsage);
blob.WriteUInt32 ((uint)_keyFlags);
blob.WriteByte ((byte)_authDataUsage);
((ITPMBlobWritable)_algorithmParams).WriteToTpmBlob (blob);
//TODO: PCR info size
blob.WriteUInt32 (0);
((ITPMBlobWritable)_pubKey).WriteToTpmBlob (blob);
blob.WriteUInt32 ((uint)_encData.Length);
blob.Write (_encData, 0, _encData.Length);
}
public void WriteToTpmBlob(TPMBlob blob)
{
blob.WriteUInt16((ushort)_pcrSelection.Data.Length);
blob.Write(_pcrSelection.Data, 0, _pcrSelection.Data.Length);
}
public override TPMCommandResponse Process()
{
TPMEntityTypeLSB entityLSB = _params.GetValueOf<TPMEntityTypeLSB>("entity_lsb");
TPMEntityTypeMSB entityMSB = _params.GetValueOf<TPMEntityTypeMSB>("entity_msb");
string identifier = _params.GetValueOf<string>("entity_value");
if( entityLSB != TPMEntityTypeLSB.TPM_ET_KEYHANDLE &&
entityLSB != TPMEntityTypeLSB.TPM_ET_SRK &&
entityLSB != TPMEntityTypeLSB.TPM_ET_OWNER)
{
throw new ArgumentException("TPM_OSAP does currently not support entityType: " + entityLSB.ToString());
}
if(entityMSB != TPMEntityTypeMSB.TPM_ET_XOR)
{
throw new ArgumentException(string.Format("TPM_OSAP does currently not support '{0}' EncAuth encryption", entityMSB));
}
if(entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
{
//We now know that the current identifier is a key identifier (maybe srk, but then the value is ignored by TPM_OSAP).
//So we invoke the key manager to load the key with the specified identifier and establish an OSAP session
_keyManager.LoadKey(identifier);
}
//handle is not known yet
AuthHandle authHandle = new AuthHandle(AuthHandle.AuthType.OSAP, 0);
authHandle.EntityType = entityLSB;
authHandle.NewNonceOddOSAP();
using(_keyManager.AcquireLock())
{
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OSAP);
requestBlob.WriteUInt16((ushort)(((ushort)entityMSB << 8) | (ushort)entityLSB));
if(entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
{
if (identifier == KeyHandle.KEY_SRK)
{
requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_SRK;
}
else
{
KeyHandle keyHandle = _keyManager.IdentifierToHandle(identifier);
requestBlob.WriteUInt32(keyHandle.Handle);
authHandle.EntityValue = keyHandle.Handle;
}
}
else if(entityLSB == TPMEntityTypeLSB.TPM_ET_OWNER)
{
requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_OWNER);
authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_OWNER;
}
requestBlob.Write(authHandle.NonceOddOSAP, 0, authHandle.NonceOddOSAP.Length);
requestBlob.WriteCmdSize();
_commandAuthHelper.EnsureFreeSlot();
_responseBlob = TransmitMe(requestBlob);
}
_responseBlob.SkipHeader();
AuthHandleCore receivedAuthHandle = new AuthHandleCore(AuthHandle.AuthType.OSAP, _responseBlob);
authHandle.UpdateFromOtherAuthHandle(receivedAuthHandle);
_responseParameters = new Parameters();
_responseParameters.AddValue("auth_handle", authHandle);
return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OSAP, _responseParameters);
}
public void WriteToTpmBlob(TPMBlob blob)
{
blob.WriteByte(_major);
blob.WriteByte(_minor);
blob.WriteUInt16(_reqSize);
}
protected override TPMCommandResponse InternalProcess()
{
byte[] ownerAuth = _params.GetValueOf<byte[]> (PARAM_OWNERAUTH);
byte[] srkAuth = _params.GetValueOf<byte[]> (PARAM_SRKAUTH);
TPMBlob requestBlob = new TPMBlob ();
requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_TakeOwnership);
requestBlob.WriteUInt16 ((ushort)TPMProtocolId.TPM_PID_OWNER);
requestBlob.WriteUInt32 ((uint)ownerAuth.Length);
requestBlob.Write (ownerAuth, 0, ownerAuth.Length);
requestBlob.WriteUInt32 ((uint)srkAuth.Length);
requestBlob.Write (srkAuth, 0, srkAuth.Length);
_tpmKey.WriteToTpmBlob (requestBlob);
_responseBlob = AuthorizeMeAndTransmit(requestBlob);
CheckResponseAuthInfo();
return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_TakeOwnership, new Parameters());
}
