/// <summary>
/// Executes the GetCapabilities functionality. After parsing arguments, the
/// function connects to the selected TPM device and invokes the GetCapabilities
/// command on that connection. If the command was successful, the retrieved
/// capabilities are displayed.
/// </summary>
/// <param name="args">Arguments to this program.</param>
static void Main(string[] args)
{
//
// Parse the program arguments. If the wrong arguments are given or
// are malformed, then instructions for usage are displayed and
// the program terminates.
//
string tpmDeviceName;
if (!ParseArguments(args, out tpmDeviceName))
{
WriteUsage();
return;
}
try
{
//
// Create the device according to the selected connection.
//
Tpm2Device tpmDevice;
switch (tpmDeviceName)
{
case DeviceSimulator:
tpmDevice = new TcpTpmDevice(DefaultSimulatorName, DefaultSimulatorPort);
break;
case DeviceWinTbs:
tpmDevice = new TbsDevice();
break;
default:
throw new Exception("Unknown device selected.");
}
//
// Connect to the TPM device. This function actually establishes the
// connection.
//
tpmDevice.Connect();
//
// Pass the device object used for communication to the TPM 2.0 object
// which provides the command interface.
//
var tpm = new Tpm2(tpmDevice);
if (tpmDevice is TcpTpmDevice)
{
//
// If we are using the simulator, we have to do a few things the
// firmware would usually do. These actions have to occur after
// the connection has been established.
//
tpmDevice.PowerCycle();
tpm.Startup(Su.Clear);
}
//
// Query different capabilities
//
ICapabilitiesUnion caps;
tpm.GetCapability(Cap.Algs, 0, 1000, out caps);
var algsx = (AlgPropertyArray)caps;
Console.WriteLine("Supported algorithms:");
foreach (var alg in algsx.algProperties)
{
Console.WriteLine(" {0}", alg.alg.ToString());
}
Console.WriteLine("Supported commands:");
tpm.GetCapability(Cap.TpmProperties, (uint)Pt.TotalCommands, 1, out caps);
tpm.GetCapability(Cap.Commands, (uint)TpmCc.First + 1, TpmCc.Last - TpmCc.First + 1, out caps);
var commands = (CcaArray)caps;
List<TpmCc> implementedCc = new List<TpmCc>();
foreach (var attr in commands.commandAttributes)
{
var commandCode = (TpmCc)((uint)attr & 0x0000FFFFU);
//
// Filter placehoder(s)
//
if(commandCode == TpmCc.None)
{
continue;
}
implementedCc.Add(commandCode);
Console.WriteLine(" {0}", commandCode.ToString());
}
Console.WriteLine("Commands from spec not implemented:");
foreach (var cc in Enum.GetValues(typeof(TpmCc)))
{
if (!implementedCc.Contains((TpmCc)cc) &&
//
// Fiter placeholder(s)
//
((TpmCc)cc != TpmCc.None) &&
((TpmCc)cc != TpmCc.First) &&
((TpmCc)cc != TpmCc.Last) )
{
Console.WriteLine(" {0}", cc.ToString());
}
}
//
// As an alternative: call GetCapabilities more than once to obtain all values
//
byte more;
var firstCommandCode = (uint)TpmCc.None;
do
{
more = tpm.GetCapability(Cap.Commands, firstCommandCode, 10, out caps);
commands = (CcaArray)caps;
//
// Commands are sorted; getting the last element as it will be the largest.
//
uint lastCommandCode = (uint)commands.commandAttributes[commands.commandAttributes.Length - 1] & 0x0000FFFFU;
firstCommandCode = lastCommandCode;
} while (more == 1);
//
// Read PCR attributes. Cap.Pcrs returns the list of PCRs which are supported
// in different PCR banks. The PCR banks are identified by the hash algorithm
// used to extend values into the PCRs of this bank.
//
tpm.GetCapability(Cap.Pcrs, 0, 255, out caps);
PcrSelection[] pcrs = ((PcrSelectionArray)caps).pcrSelections;
Console.WriteLine();
Console.WriteLine("Available PCR banks:");
foreach (PcrSelection pcrBank in pcrs)
{
var sb = new StringBuilder();
sb.AppendFormat("PCR bank for algorithm {0} has registers at index:", pcrBank.hash);
sb.AppendLine();
foreach (uint selectedPcr in pcrBank.GetSelectedPcrs())
{
sb.AppendFormat("{0},", selectedPcr);
}
Console.WriteLine(sb);
}
//
// Read PCR attributes. Cap.PcrProperties checks for certain properties of each PCR register.
//
tpm.GetCapability(Cap.PcrProperties, 0, 255, out caps);
Console.WriteLine();
Console.WriteLine("PCR attributes:");
TaggedPcrSelect[] pcrProperties = ((TaggedPcrPropertyArray)caps).pcrProperty;
foreach (TaggedPcrSelect pcrProperty in pcrProperties)
{
if ((PtPcr)pcrProperty.tag == PtPcr.None)
{
continue;
}
uint pcrIndex = 0;
var sb = new StringBuilder();
sb.AppendFormat("PCR property {0} supported by these registers: ", (PtPcr)pcrProperty.tag);
sb.AppendLine();
foreach (byte pcrBitmap in pcrProperty.pcrSelect)
{
for (int i = 0; i < 8; i++)
{
if ((pcrBitmap & (1 << i)) != 0)
{
sb.AppendFormat("{0},", pcrIndex);
}
pcrIndex++;
}
}
Console.WriteLine(sb);
}
//
// Clean up.
//
tpm.Dispose();
}
catch (Exception e)
{
Console.WriteLine("Exception occurred: {0}", e.Message);
}
Console.WriteLine("Press Any Key to continue.");
Console.ReadLine();
}
/// <summary>
/// Executes the GetRandom functionality. After parsing arguments, the function
/// connects to the selected TPM device and invokes the GetRandom command on
/// that connection. If the command was successful, the random byte stream
/// is displayed.
/// </summary>
/// <param name="args">Arguments to this program.</param>
static void Main(string[] args)
{
//
// Parse the program arguments. If the wrong arguments are given or
// are malformed, then instructions for usage are displayed and
// the program terminates.
//
string tpmDeviceName;
ushort bytesRequested;
if (!ParseArguments(args, out tpmDeviceName, out bytesRequested))
{
WriteUsage();
return;
}
try
{
//
// Create the device according to the selected connection.
//
Tpm2Device tpmDevice;
switch (tpmDeviceName)
{
case DeviceSimulator:
tpmDevice = new TcpTpmDevice(DefaultSimulatorName, DefaultSimulatorPort);
break;
case DeviceWinTbs:
tpmDevice = new TbsDevice();
break;
default:
throw new Exception("Unknown device selected.");
}
//
// Connect to the TPM device. This function actually establishes the
// connection.
//
tpmDevice.Connect();
//
// Pass the device object used for communication to the TPM 2.0 object
// which provides the command interface.
//
var tpm = new Tpm2(tpmDevice);
if (tpmDevice is TcpTpmDevice)
{
//
// If we are using the simulator, we have to do a few things the
// firmware would usually do. These actions have to occur after
// the connection has been established.
//
tpmDevice.PowerCycle();
tpm.Startup(Su.Clear);
}
//
// Execute the TPM2_GetRandom command. The function takes the requested
// number of bytes as input and returns the random bytes generated by
// the TPM.
//
byte[] randomBytes = tpm.GetRandom(bytesRequested);
//
// Output the generated random byte string to the console.
//
WriteBytes(randomBytes);
//
// Clean up.
//
tpm.Dispose();
}
catch (Exception e)
{
Console.WriteLine("Exception occurred: {0}", e.Message);
}
Console.WriteLine("Press Any Key to continue.");
Console.ReadLine();
}
/// <summary>
/// Executes the hashing functionality. After parsing arguments, the
/// function connects to the selected TPM device and invokes the TPM
/// commands on that connection.
/// </summary>
/// <param name="args">Arguments to this program.</param>
static void Main(string[] args)
{
//
// Parse the program arguments. If the wrong arguments are given or
// are malformed, then instructions for usage are displayed and
// the program terminates.
//
string tpmDeviceName;
if (!ParseArguments(args, out tpmDeviceName))
{
WriteUsage();
return;
}
try
{
//
// Create the device according to the selected connection.
//
Tpm2Device tpmDevice;
switch (tpmDeviceName)
{
case DeviceSimulator:
tpmDevice = new TcpTpmDevice(DefaultSimulatorName, DefaultSimulatorPort);
break;
case DeviceWinTbs:
tpmDevice = new TbsDevice();
break;
default:
throw new Exception("Unknown device selected.");
}
//
// Connect to the TPM device. This function actually establishes the
// connection.
//
tpmDevice.Connect();
//
// Pass the device object used for communication to the TPM 2.0 object
// which provides the command interface.
//
var tpm = new Tpm2(tpmDevice);
if (tpmDevice is TcpTpmDevice)
{
//
// If we are using the simulator, we have to do a few things the
// firmware would usually do. These actions have to occur after
// the connection has been established.
//
tpmDevice.PowerCycle();
tpm.Startup(Su.Clear);
}
NVReadWrite(tpm);
NVCounter(tpm);
//
// Clean up.
//
tpm.Dispose();
}
catch (Exception e)
{
Console.WriteLine("Exception occurred: {0}", e.Message);
}
Console.WriteLine("Press Any Key to continue.");
Console.ReadLine();
}
/// <summary>
/// Executes the GetCapabilities functionality. After parsing arguments, the
/// function connects to the selected TPM device and invokes the GetCapabilities
/// command on that connection. If the command was successful, the retrieved
/// capabilities are displayed.
/// </summary>
/// <param name="args">Arguments to this program.</param>
static void Main(string[] args)
{
//
// Parse the program arguments. If the wrong arguments are given or
// are malformed, then instructions for usage are displayed and
// the program terminates.
//
string tpmDeviceName;
if (!ParseArguments(args, out tpmDeviceName))
{
WriteUsage();
return;
}
try
{
//
// Create the device according to the selected connection.
//
Tpm2Device tpmDevice;
switch (tpmDeviceName)
{
case DeviceSimulator:
tpmDevice = new TcpTpmDevice(DefaultSimulatorName, DefaultSimulatorPort);
break;
case DeviceWinTbs:
tpmDevice = new TbsDevice();
break;
default:
throw new Exception("Unknown device selected.");
}
//
// Connect to the TPM device. This function actually establishes the
// connection.
//
tpmDevice.Connect();
//
// Pass the device object used for communication to the TPM 2.0 object
// which provides the command interface.
//
var tpm = new Tpm2(tpmDevice);
if (tpmDevice is TcpTpmDevice)
{
//
// If we are using the simulator, we have to do a few things the
// firmware would usually do. These actions have to occur after
// the connection has been established.
//
tpmDevice.PowerCycle();
tpm.Startup(Su.Clear);
}
//
// Query different capabilities
//
ICapabilitiesUnion caps;
tpm.GetCapability(Cap.Algs, 0, 1000, out caps);
var algsx = (AlgPropertyArray)caps;
Console.WriteLine("Supported algorithms:");
foreach (var alg in algsx.algProperties)
{
Console.WriteLine(" {0}", alg.alg.ToString());
}
Console.WriteLine("Supported commands:");
tpm.GetCapability(Cap.TpmProperties, (uint)Pt.TotalCommands, 1, out caps);
tpm.GetCapability(Cap.Commands, (uint)TpmCc.First + 1, TpmCc.Last - TpmCc.First + 1, out caps);
var commands = (CcaArray)caps;
List <TpmCc> implementedCc = new List <TpmCc>();
foreach (var attr in commands.commandAttributes)
{
var commandCode = (TpmCc)((uint)attr & 0x0000FFFFU);
//
// Filter placehoder(s)
//
if (commandCode == TpmCc.None)
{
continue;
}
implementedCc.Add(commandCode);
Console.WriteLine(" {0}", commandCode.ToString());
}
Console.WriteLine("Commands from spec not implemented:");
foreach (var cc in Enum.GetValues(typeof(TpmCc)))
{
if (!implementedCc.Contains((TpmCc)cc) &&
//
// Fiter placeholder(s)
//
((TpmCc)cc != TpmCc.None) &&
((TpmCc)cc != TpmCc.First) &&
((TpmCc)cc != TpmCc.Last))
{
Console.WriteLine(" {0}", cc.ToString());
}
}
//
// As an alternative: call GetCapabilities more than once to obtain all values
//
byte more;
var firstCommandCode = (uint)TpmCc.None;
do
{
more = tpm.GetCapability(Cap.Commands, firstCommandCode, 10, out caps);
commands = (CcaArray)caps;
//
// Commands are sorted; getting the last element as it will be the largest.
//
uint lastCommandCode = (uint)commands.commandAttributes[commands.commandAttributes.Length - 1] & 0x0000FFFFU;
firstCommandCode = lastCommandCode;
} while (more == 1);
//
// Read PCR attributes. Cap.Pcrs returns the list of PCRs which are supported
// in different PCR banks. The PCR banks are identified by the hash algorithm
// used to extend values into the PCRs of this bank.
//
tpm.GetCapability(Cap.Pcrs, 0, 255, out caps);
PcrSelection[] pcrs = ((PcrSelectionArray)caps).pcrSelections;
Console.WriteLine();
Console.WriteLine("Available PCR banks:");
foreach (PcrSelection pcrBank in pcrs)
{
var sb = new StringBuilder();
sb.AppendFormat("PCR bank for algorithm {0} has registers at index:", pcrBank.hash);
sb.AppendLine();
foreach (uint selectedPcr in pcrBank.GetSelectedPcrs())
{
sb.AppendFormat("{0},", selectedPcr);
}
Console.WriteLine(sb);
}
//
// Read PCR attributes. Cap.PcrProperties checks for certain properties of each PCR register.
//
tpm.GetCapability(Cap.PcrProperties, 0, 255, out caps);
Console.WriteLine();
Console.WriteLine("PCR attributes:");
TaggedPcrSelect[] pcrProperties = ((TaggedPcrPropertyArray)caps).pcrProperty;
foreach (TaggedPcrSelect pcrProperty in pcrProperties)
{
if ((PtPcr)pcrProperty.tag == PtPcr.None)
{
continue;
}
uint pcrIndex = 0;
var sb = new StringBuilder();
sb.AppendFormat("PCR property {0} supported by these registers: ", (PtPcr)pcrProperty.tag);
sb.AppendLine();
foreach (byte pcrBitmap in pcrProperty.pcrSelect)
{
for (int i = 0; i < 8; i++)
{
if ((pcrBitmap & (1 << i)) != 0)
{
sb.AppendFormat("{0},", pcrIndex);
}
pcrIndex++;
}
}
Console.WriteLine(sb);
}
//
// Clean up.
//
tpm.Dispose();
}
catch (Exception e)
{
Console.WriteLine("Exception occurred: {0}", e.Message);
}
Console.WriteLine("Press Any Key to continue.");
Console.ReadLine();
}
/// <summary>
/// This sample demonstrates the creation of a signing "primary" key and use of this
/// key to sign data, and use of the TPM and Tpm2Lib to validate the signature.
/// </summary>
/// <param name="args">Arguments to this program.</param>
static void Main(string[] args)
{
string tpmDeviceName;
//
// Parse the program arguments. If the wrong arguments are given or
// are malformed, then instructions for usage are displayed and
// the program terminates.
//
if (!ParseArguments(args, out tpmDeviceName))
{
WriteUsage();
return;
}
try
{
//
// Create the device according to the selected connection.
//
Tpm2Device tpmDevice;
switch (tpmDeviceName)
{
case DeviceSimulator:
tpmDevice = new TcpTpmDevice(DefaultSimulatorName, DefaultSimulatorPort);
break;
case DeviceWinTbs:
tpmDevice = new TbsDevice();
break;
default:
throw new Exception("Unknown device selected.");
}
//
// Connect to the TPM device. This function actually establishes the connection.
//
tpmDevice.Connect();
//
// Pass the device object used for communication to the TPM 2.0 object
// which provides the command interface.
//
var tpm = new Tpm2(tpmDevice);
if (tpmDevice is TcpTpmDevice)
{
//
// If we are using the simulator, we have to do a few things the
// firmware would usually do. These actions have to occur after
// the connection has been established.
//
tpmDevice.PowerCycle();
tpm.Startup(Su.Clear);
}
//
// Run individual tests.
//
SimplePolicy(tpm);
PolicyOr(tpm);
PolicySerialization();
PolicyEvaluationWithCallback(tpm);
PolicyEvaluationWithCallback2(tpm);
//
// Clean up.
//
tpm.Dispose();
}
catch (TpmException e)
{
//
// If a command fails because an unexpected return code is in the response,
// i.e., TPM returns an error code where success is expected or success
// where an error code is expected. Or if the response is malformed, then
// the unmarshaling code will throw a TPM exception.
// The Error string will contain a description of the return code. Usually the
// return code will be a known TPM return code. However, if using the TPM through
// TBS, TBS might encode internal error codes into the response code. For instance
// a return code of 0x80280400 indicates that a command is blocked by TBS. This
// error code is also returned if the command is not implemented by the TPM.
//
// You can see the information included in the TPM exception by removing the
// checks for available TPM commands above and running the sample on a TPM
// without the required commands.
//
Console.WriteLine("TPM exception occurred: {0}", e.ErrorString);
Console.WriteLine("Call stack: {0}", e.StackTrace);
}
catch (Exception e)
{
Console.WriteLine("Exception occurred: {0}", e.Message);
}
Console.WriteLine("Press Any Key to continue.");
Console.ReadLine();
}
/// <summary>
/// Executes the hashing functionality. After parsing arguments, the
/// function connects to the selected TPM device and invokes the TPM
/// commands on that connection.
/// </summary>
/// <param name="args">Arguments to this program.</param>
static void Main(string[] args)
{
//
// Parse the program arguments. If the wrong arguments are given or
// are malformed, then instructions for usage are displayed and
// the program terminates.
//
string tpmDeviceName;
if (!ParseArguments(args, out tpmDeviceName))
{
WriteUsage();
return;
}
try
{
//
// Create the device according to the selected connection.
//
Tpm2Device tpmDevice;
switch (tpmDeviceName)
{
case DeviceSimulator:
tpmDevice = new TcpTpmDevice(DefaultSimulatorName, DefaultSimulatorPort);
break;
case DeviceWinTbs:
tpmDevice = new TbsDevice();
break;
default:
throw new Exception("Unknown device selected.");
}
//
// Connect to the TPM device. This function actually establishes the
// connection.
//
tpmDevice.Connect();
//
// Pass the device object used for communication to the TPM 2.0 object
// which provides the command interface.
//
var tpm = new Tpm2(tpmDevice);
if (tpmDevice is TcpTpmDevice)
{
//
// If we are using the simulator, we have to do a few things the
// firmware would usually do. These actions have to occur after
// the connection has been established.
//
tpmDevice.PowerCycle();
tpm.Startup(Su.Clear);
}
Pcrs(tpm);
QuotePcrs(tpm);
StorageRootKey(tpm);
//
// Need a synchronization event to avoid disposing TPM object before
// asynchronous method completed.
//
var sync = new AutoResetEvent(false);
Console.WriteLine("Calling asynchronous method.");
PrimarySigningKeyAsync(tpm, sync);
Console.WriteLine("Waiting for asynchronous method to complete.");
sync.WaitOne();
//
// Clean up.
//
tpm.Dispose();
}
catch (Exception e)
{
Console.WriteLine("Exception occurred: {0}", e.Message);
}
Console.WriteLine("Press Any Key to continue.");
Console.ReadLine();
}
/// <summary>
/// This sample demonstrates the creation of a signing "primary" key and use of this
/// key to sign data, and use of the TPM and Tpm2Lib to validate the signature.
/// </summary>
/// <param name="args">Arguments to this program.</param>
static void Main(string[] args)
{
string tpmDeviceName;
//
// Parse the program arguments. If the wrong arguments are given or
// are malformed, then instructions for usage are displayed and
// the program terminates.
//
if (!ParseArguments(args, out tpmDeviceName))
{
WriteUsage();
return;
}
try
{
//
// Create the device according to the selected connection.
//
Tpm2Device tpmDevice;
switch (tpmDeviceName)
{
case DeviceSimulator:
tpmDevice = new TcpTpmDevice(DefaultSimulatorName, DefaultSimulatorPort);
break;
case DeviceWinTbs:
tpmDevice = new TbsDevice();
break;
default:
throw new Exception("Unknown device selected.");
}
//
// Connect to the TPM device. This function actually establishes the connection.
//
tpmDevice.Connect();
//
// Pass the device object used for communication to the TPM 2.0 object
// which provides the command interface.
//
var tpm = new Tpm2(tpmDevice);
if (tpmDevice is TcpTpmDevice)
{
//
// If we are using the simulator, we have to do a few things the
// firmware would usually do. These actions have to occur after
// the connection has been established.
//
tpmDevice.PowerCycle();
tpm.Startup(Su.Clear);
}
//
// Run individual tests.
//
SimplePolicy(tpm);
PolicyOr(tpm);
PolicySerialization();
PolicyEvaluationWithCallback(tpm);
PolicyEvaluationWithCallback2(tpm);
SamplePolicySerializationAndCallbacks(tpm);
//
// Clean up.
//
tpm.Dispose();
}
catch (TpmException e)
{
//
// If a command fails because an unexpected return code is in the response,
// i.e., TPM returns an error code where success is expected or success
// where an error code is expected. Or if the response is malformed, then
// the unmarshaling code will throw a TPM exception.
// The Error string will contain a description of the return code. Usually the
// return code will be a known TPM return code. However, if using the TPM through
// TBS, TBS might encode internal error codes into the response code. For instance
// a return code of 0x80280400 indicates that a command is blocked by TBS. This
// error code is also returned if the command is not implemented by the TPM.
//
// You can see the information included in the TPM exception by removing the
// checks for available TPM commands above and running the sample on a TPM
// without the required commands.
//
Console.WriteLine("TPM exception occurred: {0}", e.ErrorString);
Console.WriteLine("Call stack: {0}", e.StackTrace);
}
catch (Exception e)
{
Console.WriteLine("Exception occurred: {0}", e.Message);
}
Console.WriteLine("Press Any Key to continue.");
Console.ReadLine();
}
/// <summary>
/// This sample demonstrates the creation of a signing "primary" key and use of this
/// key to sign data, and use of the TPM and TSS.Net to validate the signature.
/// </summary>
/// <param name="args">Arguments to this program.</param>
static void Main(string[] args)
{
//
// Parse the program arguments. If the wrong arguments are given or
// are malformed, then instructions for usage are displayed and
// the program terminates.
//
string tpmDeviceName;
if (!ParseArguments(args, out tpmDeviceName))
{
WriteUsage();
return;
}
try
{
//
// Create the device according to the selected connection.
//
Tpm2Device tpmDevice;
switch (tpmDeviceName)
{
case DeviceSimulator:
tpmDevice = new TcpTpmDevice(DefaultSimulatorName, DefaultSimulatorPort);
break;
case DeviceWinTbs:
tpmDevice = new TbsDevice();
break;
default:
throw new Exception("Unknown device selected.");
}
//
// Connect to the TPM device. This function actually establishes the
// connection.
//
tpmDevice.Connect();
//
// Pass the device object used for communication to the TPM 2.0 object
// which provides the command interface.
//
var tpm = new Tpm2(tpmDevice);
if (tpmDevice is TcpTpmDevice)
{
//
// If we are using the simulator, we have to do a few things the
// firmware would usually do. These actions have to occur after
// the connection has been established.
//
tpmDevice.PowerCycle();
tpm.Startup(Su.Clear);
}
//
// AuthValue encapsulates an authorization value: essentially a byte-array.
// OwnerAuth is the owner authorization value of the TPM-under-test. We
// assume that it (and other) auths are set to the default (null) value.
// If running on a real TPM, which has been provisioned by Windows, this
// value will be different. An administrator can retrieve the owner
// authorization value from the registry.
//
var ownerAuth = new AuthValue();
//
// The TPM needs a template that describes the parameters of the key
// or other object to be created. The template below instructs the TPM
// to create a new 2048-bit non-migratable signing key.
//
var keyTemplate = new TpmPublic(TpmAlgId.Sha1, // Name algorithm
ObjectAttr.UserWithAuth | ObjectAttr.Sign | // Signing key
ObjectAttr.FixedParent | ObjectAttr.FixedTPM | // Non-migratable
ObjectAttr.SensitiveDataOrigin,
null, // No policy
new RsaParms(new SymDefObject(),
new SchemeRsassa(TpmAlgId.Sha1), 2048, 0),
new Tpm2bPublicKeyRsa());
//
// Authorization for the key we are about to create.
//
var keyAuth = new byte[] { 1, 2, 3 };
TpmPublic keyPublic;
CreationData creationData;
TkCreation creationTicket;
byte[] creationHash;
//
// Ask the TPM to create a new primary RSA signing key.
//
TpmHandle keyHandle = tpm[ownerAuth].CreatePrimary(
TpmRh.Owner, // In the owner-hierarchy
new SensitiveCreate(keyAuth, null), // With this auth-value
keyTemplate, // Describes key
null, // Extra data for creation ticket
new PcrSelection[0], // Non-PCR-bound
out keyPublic, // PubKey and attributes
out creationData, out creationHash, out creationTicket); // Not used here
//
// Print out text-versions of the public key just created
//
Console.WriteLine("New public key\n" + keyPublic.ToString());
//
// Use the key to sign some data
//
byte[] message = Encoding.Unicode.GetBytes("ABC");
TpmHash digestToSign = TpmHash.FromData(TpmAlgId.Sha1, message);
//
// A different structure is returned for each signing scheme,
// so cast the interface to our signature type (see third argument).
//
// As an alternative, 'signature' can be of type ISignatureUnion and
// cast to SignatureRssa whenever a signature specific type is needed.
//
var signature = tpm[keyAuth].Sign(keyHandle, // Handle of signing key
digestToSign, // Data to sign
null, // Use key's scheme
TpmHashCheck.Null()) as SignatureRsassa;
//
// Print the signature.
//
Console.WriteLine("Signature: " + BitConverter.ToString(signature.sig));
//
// Use the TPM library to validate the signature
//
bool sigOk = keyPublic.VerifySignatureOverData(message, signature);
if (!sigOk)
{
throw new Exception("Signature did not validate.");
}
Console.WriteLine("Verified signature with TPM2lib (software implementation).");
//
// Load the public key into another slot in the TPM and then
// use the TPM to validate the signature
//
TpmHandle pubHandle = tpm.LoadExternal(null, keyPublic, TpmRh.Owner);
tpm.VerifySignature(pubHandle, digestToSign, signature);
Console.WriteLine("Verified signature with TPM.");
//
// The default behavior of Tpm2Lib is to create an exception if the
// signature does not validate. If an error is expected the library can
// be notified of this, or the exception can be turned into a value that
// can be later queried. The following are examples of this.
//
signature.sig[0] ^= 1;
tpm._ExpectError(TpmRc.Signature)
.VerifySignature(pubHandle, digestToSign, signature);
if (tpm._GetLastResponseCode() != TpmRc.Signature)
{
throw new Exception("TPM returned unexpected return code.");
}
Console.WriteLine("Verified that invalid signature causes TPM_RC_SIGNATURE return code.");
//
// Clean up of used handles.
//
tpm.FlushContext(keyHandle);
tpm.FlushContext(pubHandle);
//
// (Note that serialization is not supported on WinRT)
//
// Demonstrate the use of XML persistence by saving keyPublic to
// a file and making a copy by reading it back into a new object
//
// NOTE: 12-JAN-2016: May be removing support for policy
// serialization. We'd like to get feedback on whether
// this is a desirable feature and should be retained.
//
// {
// const string fileName = "sample.xml";
// string xmlVersionOfObject = keyPublic.GetXml();
// keyPublic.XmlSerializeToFile(fileName);
// var copyOfPublic = TpmStructureBase.XmlDeserializeFromFile<TpmPublic>(fileName);
//
// //
// // Demonstrate Tpm2Lib support of TPM-structure equality operators
// //
// if (copyOfPublic != keyPublic)
// {
// Console.WriteLine("Library bug persisting data.");
// }
// }
//
//
// Clean up.
//
tpm.Dispose();
}
catch (Exception e)
{
Console.WriteLine("Exception occurred: {0}", e.Message);
}
Console.WriteLine("Press Any Key to continue.");
Console.ReadLine();
}
/// <summary>
/// This sample demonstrates the creation of a signing "primary" key and use of this
/// key to sign data, and use of the TPM and Tpm2Lib to validate the signature.
/// </summary>
/// <param name="args">Arguments to this program.</param>
static void Main(string[] args)
{
//
// Parse the program arguments. If the wrong arguments are given or
// are malformed, then instructions for usage are displayed and
// the program terminates.
//
string tpmDeviceName;
if (!ParseArguments(args, out tpmDeviceName))
{
WriteUsage();
return;
}
try
{
//
// Create the device according to the selected connection.
//
Tpm2Device tpmDevice;
switch (tpmDeviceName)
{
case DeviceSimulator:
tpmDevice = new TcpTpmDevice(DefaultSimulatorName, DefaultSimulatorPort);
break;
case DeviceWinTbs:
tpmDevice = new TbsDevice();
break;
default:
throw new Exception("Unknown device selected.");
}
//
// Connect to the TPM device. This function actually establishes the
// connection.
//
tpmDevice.Connect();
//
// Pass the device object used for communication to the TPM 2.0 object
// which provides the command interface.
//
var tpm = new Tpm2(tpmDevice);
if (tpmDevice is TcpTpmDevice)
{
//
// If we are using the simulator, we have to do a few things the
// firmware would usually do. These actions have to occur after
// the connection has been established.
//
tpmDevice.PowerCycle();
tpm.Startup(Su.Clear);
}
//
// AuthValue encapsulates an authorization value: essentially a byte-array.
// OwnerAuth is the owner authorization value of the TPM-under-test. We
// assume that it (and other) auths are set to the default (null) value.
// If running on a real TPM, which has been provisioned by Windows, this
// value will be different. An administrator can retrieve the owner
// authorization value from the registry.
//
var ownerAuth = new AuthValue();
//
// The TPM needs a template that describes the parameters of the key
// or other object to be created. The template below instructs the TPM
// to create a new 2048-bit non-migratable signing key.
//
var keyTemplate = new TpmPublic(TpmAlgId.Sha1, // Name algorithm
ObjectAttr.UserWithAuth | ObjectAttr.Sign | // Signing key
ObjectAttr.FixedParent | ObjectAttr.FixedTPM | // Non-migratable
ObjectAttr.SensitiveDataOrigin,
new byte[0], // No policy
new RsaParms(new SymDefObject(),
new SchemeRsassa(TpmAlgId.Sha1), 2048, 0),
new Tpm2bPublicKeyRsa());
//
// Authorization for the key we are about to create.
//
var keyAuth = new byte[] { 1, 2, 3 };
TpmPublic keyPublic;
CreationData creationData;
TkCreation creationTicket;
byte[] creationHash;
//
// Ask the TPM to create a new primary RSA signing key.
//
TpmHandle keyHandle = tpm[ownerAuth].CreatePrimary(
TpmHandle.RhOwner, // In the owner-hierarchy
new SensitiveCreate(keyAuth, new byte[0]), // With this auth-value
keyTemplate, // Describes key
new byte[0], // For creation ticket
new PcrSelection[0], // For creation ticket
out keyPublic, // Out pubKey and attributes
out creationData, out creationHash, // Not used here
out creationTicket);
//
// Print out text-versions of the public key just created
//
Console.WriteLine("New public key\n" + keyPublic.ToString());
//
// Use the key to sign some data
//
byte[] message = Encoding.Unicode.GetBytes("ABC");
TpmHash dataToSign = TpmHash.FromData(TpmAlgId.Sha1, message);
//
// A different structure is returned for each signing scheme,
// so cast the interface to our signature type (see third argument).
//
// As an alternative, 'signature' can be of type ISignatureUnion and
// cast to SignatureRssa whenever a signature specific type is needed.
//
var signature = tpm[keyAuth].Sign(keyHandle, // Handle of signing key
dataToSign.HashData, // Data to sign
new SchemeRsassa(TpmAlgId.Sha1), // Default scheme
TpmHashCheck.NullHashCheck()) as SignatureRsassa;
//
// Print the signature.
//
Console.WriteLine("Signature: " + BitConverter.ToString(signature.sig));
//
// Use the TPM library to validate the signature
//
bool sigOk = keyPublic.VerifySignatureOverData(message, signature);
if (!sigOk)
{
throw new Exception("Signature did not validate.");
}
Console.WriteLine("Verified signature with TPM2lib (software implementation).");
//
// Load the public key into another slot in the TPM and then
// use the TPM to validate the signature
//
TpmHandle pubHandle = tpm.LoadExternal(null, keyPublic, TpmHandle.RhOwner);
tpm.VerifySignature(pubHandle, dataToSign.HashData, signature);
Console.WriteLine("Verified signature with TPM.");
//
// The default behavior of Tpm2Lib is to create an exception if the
// signature does not validate. If an error is expected the library can
// be notified of this, or the exception can be turned into a value that
// can be later queried. The following are examples of this.
//
signature.sig[0] ^= 1;
tpm._ExpectError(TpmRc.Signature).VerifySignature(pubHandle, dataToSign.HashData, signature);
tpm._AllowErrors().VerifySignature(pubHandle, dataToSign.HashData, signature);
if (tpm._GetLastResponseCode() != TpmRc.Signature)
{
throw new Exception("TPM returned unexpected return code.");
}
Console.WriteLine("Verified that invalid signature causes TPM_RC_SIGNATURE return code.");
//
// Clean up of used handles.
//
tpm.FlushContext(keyHandle);
tpm.FlushContext(pubHandle);
//
// (Note that serialization is not supported on WinRT)
//
// Demonstrate the use of XML persistence by saving keyPublic to
// a file and making a copy by reading it back into a new object
//
// NOTE: 12-JAN-2016: May be removing support for policy
// serialization. We'd like to get feedback on whether
// this is a desirable feature and should be retained.
//
// {
// const string fileName = "sample.xml";
// string xmlVersionOfObject = keyPublic.GetXml();
// keyPublic.XmlSerializeToFile(fileName);
// var copyOfPublic = TpmStructureBase.XmlDeserializeFromFile<TpmPublic>(fileName);
//
// //
// // Demonstrate Tpm2Lib support of TPM-structure equality operators
// //
// if (copyOfPublic != keyPublic)
// {
// Console.WriteLine("Library bug persisting data.");
// }
// }
//
//
// Clean up.
//
tpm.Dispose();
}
catch (Exception e)
{
Console.WriteLine("Exception occurred: {0}", e.Message);
}
Console.WriteLine("Press Any Key to continue.");
Console.ReadLine();
}