/// <summary> /// Verify that quotedInfo is properly signed by an associated private key holder, and that the /// quotedInfo.type, .extraData and .magic are correct. Also check that the certified name is what /// the caller expects. The caller must check other fields (for instance the qualified name) /// </summary> /// <param name="name"></param> /// <param name="nonce"></param> /// <param name="quotedInfo"></param> /// <param name="expectedName"></param> /// <param name="signature"></param> /// <returns></returns> public bool VerifyCertify(TpmHash name, byte[] nonce, Attest quotedInfo, byte[] expectedName, ISignatureUnion signature) { // Check generic signature stuff if (quotedInfo.type != TpmSt.AttestCertify) { return false; } if (!Globs.ArraysAreEqual(quotedInfo.extraData, nonce)) { return false; } if (quotedInfo.magic != Generated.Value) { return false; } // Check specific certify-signature stuff var certInfo = (CertifyInfo)quotedInfo.attested; if (!Globs.ArraysAreEqual(expectedName, certInfo.name)) { return false; } // Check the actual signature TpmHash sigHash = TpmHash.FromData(TpmAlgId.Sha1, quotedInfo.GetTpmRepresentation()); bool certifyOk = VerifySignatureOverHash(sigHash, signature); return certifyOk; }
///<param name = "the_attestationData">the signed structure</param> public Tpm2bAttest( Attest the_attestationData ) { this.attestationData = the_attestationData; }
/// <summary> /// Verify that a TPM quote matches an expect PCR selection, is well formed, and is properly signed /// by the private key corresponding to this public key. /// </summary> /// <param name="pcrDigestAlg"></param> /// <param name="expectedSelectedPcr"></param> /// <param name="expectedPcrValues"></param> /// <param name="nonce"></param> /// <param name="quotedInfo"></param> /// <param name="signature"></param> /// <param name="qualifiedNameOfSigner"></param> /// <returns></returns> public bool VerifyQuote( TpmAlgId pcrDigestAlg, PcrSelection[] expectedSelectedPcr, Tpm2bDigest[] expectedPcrValues, byte[] nonce, Attest quotedInfo, ISignatureUnion signature, byte[] qualifiedNameOfSigner = null) { if (!(quotedInfo.attested is QuoteInfo)) { return false; } if (quotedInfo.magic != Generated.Value) { return false; } if (!quotedInfo.extraData.IsEqual(nonce)) { return false; } // Check environment of signer (name) is expected if (qualifiedNameOfSigner != null) { if (!quotedInfo.qualifiedSigner.IsEqual(qualifiedNameOfSigner)) { return false; } } // Now check the quote-specific fields var quoted = (QuoteInfo)quotedInfo.attested; // Check values pcr indices are what we expect if (!Globs.ArraysAreEqual(quoted.pcrSelect, expectedSelectedPcr)) { return false; } // Check that values in the indices above are what we expect // ReSharper disable once UnusedVariable var expected = new PcrValueCollection(expectedSelectedPcr, expectedPcrValues); var m = new Marshaller(); foreach (Tpm2bDigest d in expectedPcrValues) { m.Put(d.buffer, ""); } TpmHash expectedPcrHash = TpmHash.FromData(pcrDigestAlg, m.GetBytes()); if (!Globs.ArraysAreEqual(expectedPcrHash, quoted.pcrDigest)) { return false; } // And finally check the signature bool sigOk = VerifySignatureOverData(quotedInfo.GetTpmRepresentation(), signature); return sigOk; }
public Tpm2bAttest() { attestationData = new Attest(); }
public Tpm2bAttest(Tpm2bAttest the_Tpm2bAttest) { if((Object) the_Tpm2bAttest == null ) throw new ArgumentException(Globs.GetResourceString("parmError")); attestationData = the_Tpm2bAttest.attestationData; }
///<param name = "the_certifyInfo">the structure that was signed</param> ///<param name = "the_signature">the asymmetric signature over certifyInfo using the key referenced by signHandle(One of SignatureRsassa, SignatureRsapss, SignatureEcdsa, SignatureEcdaa, SignatureSm2, SignatureEcschnorr, TpmHash, SchemeHash, NullSignature)</param> public Tpm2NvCertifyResponse( Attest the_certifyInfo, ISignatureUnion the_signature ) { this.certifyInfo = the_certifyInfo; this.signature = the_signature; }
public Attest(Attest the_Attest) { if((Object) the_Attest == null ) throw new ArgumentException(Globs.GetResourceString("parmError")); magic = the_Attest.magic; qualifiedSigner = the_Attest.qualifiedSigner; extraData = the_Attest.extraData; clockInfo = the_Attest.clockInfo; firmwareVersion = the_Attest.firmwareVersion; }
///<param name = "the_timeInfo">standard TPM-generated attestation block</param> ///<param name = "the_signature">the signature over timeInfo(One of SignatureRsassa, SignatureRsapss, SignatureEcdsa, SignatureEcdaa, SignatureSm2, SignatureEcschnorr, TpmHash, SchemeHash, NullSignature)</param> public Tpm2GetTimeResponse( Attest the_timeInfo, ISignatureUnion the_signature ) { this.timeInfo = the_timeInfo; this.signature = the_signature; }
public Tpm2NvCertifyResponse() { certifyInfo = new Attest(); }
///<param name = "the_auditInfo">the auditInfo that was signed</param> ///<param name = "the_signature">the signature over auditInfo(One of SignatureRsassa, SignatureRsapss, SignatureEcdsa, SignatureEcdaa, SignatureSm2, SignatureEcschnorr, TpmHash, SchemeHash, NullSignature)</param> public Tpm2GetCommandAuditDigestResponse( Attest the_auditInfo, ISignatureUnion the_signature ) { this.auditInfo = the_auditInfo; this.signature = the_signature; }
public Tpm2GetTimeResponse() { timeInfo = new Attest(); }
public Tpm2GetCommandAuditDigestResponse() { auditInfo = new Attest(); }
public Tpm2GetSessionAuditDigestResponse() { auditInfo = new Attest(); }
///<param name = "the_quoted">the quoted information</param> ///<param name = "the_signature">the signature over quoted(One of SignatureRsassa, SignatureRsapss, SignatureEcdsa, SignatureEcdaa, SignatureSm2, SignatureEcschnorr, TpmHash, SchemeHash, NullSignature)</param> public Tpm2QuoteResponse( Attest the_quoted, ISignatureUnion the_signature ) { this.quoted = the_quoted; this.signature = the_signature; }
public Tpm2QuoteResponse() { quoted = new Attest(); }
public Tpm2CertifyCreationResponse() { certifyInfo = new Attest(); }