HashProvider implementation for TPM HMAC generation
Inheritance: HashProvider
        /// <summary>
        /// Authorizes the command and returns the necessary authorization info
        /// Blocks till the user has entered the credentials
        /// </summary>
        /// <param name="cmd">Command to authorize</param>
        /// <returns></returns>
        public AuthorizationInfo[] AuthorizeCommand(IAuthorizableCommand cmd)
        {
            List<AuthorizationInfo> authorizationInfos = new List<AuthorizationInfo>();

            using(AcquireLock())
            {
                _tpmContext.AuthHandleManager.ReserveAuthHandleSlots(cmd);
            }

            foreach(AuthSessionNum authSessionNum in new AuthSessionNum[]{AuthSessionNum.Auth1, AuthSessionNum.Auth2})
            {
                HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum);

                if(keyInfo == null)
                    continue;

                AuthHandle authHandle;

                using(AcquireLock())
                {
                    authHandle = _tpmContext.AuthHandleManager.GetAuthHandle(cmd, authSessionNum);
                }

                //Generates the new nonceOdd before the client generates the auth data
                authHandle.NewNonceOdd();

                if(authHandle.HandleAuthType == AuthHandle.AuthType.OIAP)
                {
                    GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest
                        (_ctx,
                         new HashByteDataProvider(cmd.Digest),
                         new HashByteDataProvider(authHandle.NonceEven),
                         new HashByteDataProvider(authHandle.NonceOdd),
                         new HashPrimitiveDataProvider(true)
                         );

                    request.TpmSessionIdentifier = _tpmSessionIdentifier;
                    request.KeyInfo = keyInfo;

                    GenerateHMACResponse response = request.TypedExecute ();
                    response.AssertResponse();

                    authorizationInfos.Add(new AuthorizationInfo(authHandle, true, response.TpmAuthData));
                }
                else if(authHandle.HandleAuthType == AuthHandle.AuthType.OSAP)
                {
                    AssureOSAPSharedSecret(cmd, authSessionNum);

                    byte[] hmac = new HMACProvider(authHandle.SharedSecret).Hash(
                        new HashByteDataProvider(cmd.Digest),
                        new HashByteDataProvider(authHandle.NonceEven),
                        new HashByteDataProvider(authHandle.NonceOdd),
                        new HashPrimitiveDataProvider(false));

            //					GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest
            //						(_ctx,
            //						 new HashByteDataProvider(cmd.Digest),
            //						 new HashByteDataProvider(authHandle.NonceEven),
            //						 new HashByteDataProvider(authHandle.NonceOdd),
            //						 new HashPrimitiveDataProvider(false)
            //						 );
            //
            //
            //					request.TpmSessionIdentifier = _tpmSessionIdentifier;
            //					request.KeyInfo = keyInfo;
            //
            //
            //					GenerateHMACResponse response = request.TypedExecute ();
            //					response.AssertResponse();
            //
                    authorizationInfos.Add(new AuthorizationInfo(authHandle, false, hmac));

                }
            }

            return authorizationInfos.ToArray();
        }
        public AuthorizationInfo[] GenerateResponseAuthData(IAuthorizableCommand cmd)
        {
            List<AuthorizationInfo> authorizationInfos = new List<AuthorizationInfo>();

            List<ResponseAuthHandleInfo> responseAuthHandleInfos = new List<ResponseAuthHandleInfo>(cmd.ResponseAuthHandleInfos);
            responseAuthHandleInfos.Reverse();

            List<AuthorizationInfo> localAuthorizationInfos = new List<AuthorizationInfo>(cmd.AuthorizationInfos);
            localAuthorizationInfos.Reverse();

            Stack<ResponseAuthHandleInfo> responseAuthHandles = new Stack<ResponseAuthHandleInfo>(responseAuthHandleInfos);
            Stack<AuthorizationInfo> authorizationInfoQueue = new Stack<AuthorizationInfo>(localAuthorizationInfos);

            foreach(AuthSessionNum authSessionNum in new AuthSessionNum[]{AuthSessionNum.Auth1, AuthSessionNum.Auth2})
            {
                HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum);

                if(keyInfo == null)
                    continue;

                ResponseAuthHandleInfo currentResponseAuthHandleInfo = responseAuthHandles.Pop();
                AuthorizationInfo currentAuthorizationInfo = authorizationInfoQueue.Pop();

                if(currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OIAP)
                {
                    GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest
                        (_ctx,
                         new HashByteDataProvider(cmd.ResponseDigest),
                         new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven),
                         new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd),
                         new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession)
                         );

                    request.TpmSessionIdentifier = _tpmSessionIdentifier;
                    request.KeyInfo = keyInfo;

                    GenerateHMACResponse response = request.TypedExecute ();
                    response.AssertResponse();

                    authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, response.TpmAuthData));
                }
                else if(currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OSAP)
                {
                    byte[] tpmAuth = new HMACProvider(currentAuthorizationInfo.Handle.SharedSecret).Hash(
                        new HashByteDataProvider(cmd.ResponseDigest),
                        new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven),
                        new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd),
                        new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession));

                    authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, tpmAuth));
                }
            }

            return authorizationInfos.ToArray();
        }
Example #3
0
File: Main.cs Project: deveck/doTSS
        private static void TestHMAC()
        {
            ILog log = LogManager.GetLogger("TestHMAC");

            HashProvider hash = new HashProvider();
            byte[] h1 = hash.Hash(
               new HashPrimitiveDataProvider((uint)0x3c),
               new HashPrimitiveDataProvider((ushort)0x00),
               new HashEnumDataProvider(testenum.test),
               new HashByteDataProvider(new byte[]{0xb3,0xd5,0xcb, 0x12,0x73,
            0x8b, 0xb6, 0xf9, 0x21, 0xa3,
            0xda, 0x42,0xe0, 0x18, 0xd1,
            0x43, 0xfa, 0x29, 0x7c, 0xa6}));

            HMACProvider hmac = new HMACProvider(
               new byte[]{0x75, 0xf0, 0x86, 0x84, 0x78,
                0x24, 0xf8, 0x79, 0x39, 0x5a,
                0x18, 0x14, 0x1d, 0x19, 0x0c,
                0x2f, 0x01, 0x29, 0x0b, 0x05});

            byte[] h2 = new byte[20];
            for(int i = 0; i<20; i++)
                h2[i] = 0xa5;

            byte[] h3 = new byte[]{
                0xb9, 0x73, 0x05, 0xfa, 0xdb,
                0xe3, 0x4d, 0xc5, 0x46, 0x65,
                0x10, 0x00, 0x0a, 0x55, 0x04,
                0x2e, 0x3f, 0xea, 0xbf, 0x27};

            byte[] result = hmac.Hash(new HashByteDataProvider(h1),
                      new HashByteDataProvider(h2),
                      new HashByteDataProvider(h3),
                      new HashPrimitiveDataProvider(true));

            byte[] expected = new byte[]{
                0x26, 0x7e, 0xca, 0x16, 0xa1,
                0x4d, 0x36, 0xe6, 0x72, 0x2e,
                0xaa, 0x7f, 0x7b, 0x53, 0x4a,
                0xb3, 0xce, 0x8b, 0x2a, 0xaa};

            for(int i = 0; i<20; i++)
            {
                if(result[i] != expected[i])
                    Console.WriteLine("FAILED");
            }

            Console.WriteLine("SUCCESS");
        }