Exemple #1
0
    /// <summary>
    /// Gets the identifier of the device
    /// </summary>
    /// <returns></returns>
    public string GetHardwareDeviceId()
    {
        TpmHandle srkHandle = new TpmHandle(TPM_20_SRK_HANDLE);

        try
        {
            string hardwareDeviceId;

            // Open the TPM
            Tpm2Device tpmDevice = new TbsDevice();
            tpmDevice.Connect();
            using (var tpm = new Tpm2(tpmDevice))
            {
                // Read the URI from the TPM
                TpmPublic srk = tpm.ReadPublic(srkHandle, out byte[] name, out byte[] qualifiedName);

                // Calculate the hardware device id for this logical device
                byte[] deviceId = CryptoLib.HashData(TpmAlgId.Sha256, BitConverter.GetBytes(logicalDeviceId), name);

                // Produce the output string
                hardwareDeviceId = string.Join(string.Empty, deviceId.Select(b => b.ToString("x2")));
            }

            return(hardwareDeviceId);
        }
        catch { }

        return(string.Empty);
    }
Exemple #2
0
        protected override IDictionary <string, Entry> Load(string thumbprint)
        {
            IDictionary <string, Entry> certs = base.Load(thumbprint);

            foreach (KeyValuePair <string, Entry> pair in certs)
            {
                try
                {
                    // Create a handle based on the hash of the cert thumbprint
                    ushort    slotIndex = BitConverter.ToUInt16(CryptoLib.HashData(TpmAlgId.Sha256, Encoding.UTF8.GetBytes(thumbprint)), 0);
                    TpmHandle nvHandle  = TpmHandle.NV(slotIndex);

                    // Get byte array of hash
                    byte[] original = Encoding.UTF8.GetBytes(pair.Key.ToCharArray());

                    // Load hash from NV storage
                    byte[] rawData = m_tpm[m_ownerAuth].NvRead(nvHandle, nvHandle, (ushort)original.Length, 0);

                    if (!original.IsEqual(rawData))
                    {
                        // hashes don't match, don't return it
                        certs.Remove(pair.Key);
                    }
                }
                catch (Exception e)
                {
                    Utils.Trace(e, "Could not check application certificate thumprint in TPM NV storage!");
                }
            }

            return(certs);
        }
Exemple #3
0
        public override Task Add(X509Certificate2 certificate)
        {
            if (certificate == null)
            {
                throw new ArgumentNullException("certificate");
            }

            lock (m_lock)
            {
                try
                {
                    // Create a handle based on the hash of the cert thumbprint
                    ushort    slotIndex = BitConverter.ToUInt16(CryptoLib.HashData(TpmAlgId.Sha256, Encoding.UTF8.GetBytes(certificate.Thumbprint)), 0);
                    TpmHandle nvHandle  = TpmHandle.NV(slotIndex);

                    // Clean up the slot
                    m_tpm[m_ownerAuth]._AllowErrors().NvUndefineSpace(TpmHandle.RhOwner, nvHandle);

                    // Define a slot for the thumbprint
                    m_tpm[m_ownerAuth].NvDefineSpace(TpmHandle.RhOwner, m_ownerAuth, new NvPublic(nvHandle, TpmAlgId.Sha256, NvAttr.Authread | NvAttr.Authwrite, new byte[0], (ushort)certificate.Thumbprint.ToCharArray().Length));

                    // Write the thumbprint
                    m_tpm[m_ownerAuth].NvWrite(nvHandle, nvHandle, Encoding.UTF8.GetBytes(certificate.Thumbprint.ToCharArray()), 0);
                }
                catch (Exception e)
                {
                    Utils.Trace(e, "Could not add application certificate thumprint to TPM NV storage!");
                }
            }

            return(base.Add(certificate));
        }
Exemple #4
0
        public override Task <bool> Delete(string thumbprint)
        {
            lock (m_lock)
            {
                try
                {
                    // Create a handle based on the hash of the cert thumbprint
                    ushort    slotIndex = BitConverter.ToUInt16(CryptoLib.HashData(TpmAlgId.Sha256, Encoding.UTF8.GetBytes(thumbprint)), 0);
                    TpmHandle nvHandle  = TpmHandle.NV(slotIndex);

                    // Delete hash of thumbprint from NV storage
                    m_tpm[m_ownerAuth]._AllowErrors().NvUndefineSpace(TpmHandle.RhOwner, nvHandle);
                }
                catch (Exception e)
                {
                    Utils.Trace(e, "Could not delete application certificate thumprint from TPM NV storage!");
                }
            }

            return(base.Delete(thumbprint));
        }
Exemple #5
0
        public string GetHardwareDeviceId()
        {
            TpmHandle srkHandle        = new TpmHandle(SRK_HANDLE);
            string    hardwareDeviceId = "";

            Byte[] name;
            Byte[] qualifiedName;

            try
            {
                // Open the TPM
                Tpm2Device tpmDevice = new TbsDevice();
                tpmDevice.Connect();
                var tpm = new Tpm2(tpmDevice);

                // Read the URI from the TPM
                TpmPublic srk = tpm.ReadPublic(srkHandle, out name, out qualifiedName);

                // Dispose of the TPM
                tpm.Dispose();
            }
            catch
            {
                return(hardwareDeviceId);
            }

            // Calculate the hardware device id for this logical device
            byte[] deviceId = CryptoLib.HashData(TpmAlgId.Sha256, BitConverter.GetBytes(logicalDeviceId), name);

            // Produce the output string
            foreach (byte n in deviceId)
            {
                hardwareDeviceId += n.ToString("x2");
            }
            return(hardwareDeviceId);
        }