/// <summary>
/// Creates a new TPMPCRSelection structure with the given number of pcrslots
/// </summary>
/// <param name="pcrCount"></param>
/// <returns></returns>
public static TPMPCRSelection CreatePCRSelection(uint pcrCount)
{
TPMPCRSelection selection = new TPMPCRSelection();
selection._pcrSelection = new BitMap((int)pcrCount);
return(selection);
}
public QuoteSigner(TPMSession tpmSession, ClientKeyHandle keyHandle,
TPMPCRSelection pcrSelection)
{
_tpmSession = tpmSession;
_keyHandle = keyHandle;
_pcrSelection = pcrSelection;
}
/// <summary>
/// Cosntructs a new SealBlockCipher with the specified arguments, the seal auth is requested from the user
/// on first use
/// </summary>
/// <param name="keyHandle"></param>
/// <param name="session"></param>
public SealBlockCipher(ClientKeyHandle keyHandle, TPMSession session, TPMPCRSelection pcrSelection)
{
_keyHandle = keyHandle;
_session = session;
_myId = session.GetFreeId();
_pcrSelection = pcrSelection;
_keyInfo = _keyHandle.KeyInfo;
}
/// <summary>
/// Constructs a new SealBlockCipher with the specified arguments and caches the specified seal auth value
/// </summary>
/// <param name="keyHandle"></param>
/// <param name="session"></param>
/// <param name="sealAuth"></param>
public SealBlockCipher(ClientKeyHandle keyHandle, TPMSession session, TPMPCRSelection pcrSelection, ProtectedPasswordStorage sealAuth)
: this(keyHandle, session, pcrSelection)
{
_session.SetValue("secret_seal_" + _keyHandle.FriendlyName + "_" + _myId.ToString(), sealAuth);
}
public TPMPCRInfoCore(TPMPCRSelection pcrSelection)
{
_pcrSelection = pcrSelection;
}
/// <summary>
/// Performs a simple quote operation where only the TPMPCRSelection is returned
/// </summary>
/// <param name="pcrs"></param>
/// <returns></returns>
public TPMPCRComposite SimpleQuote(TPMPCRSelection pcrs)
{
return Quote(pcrs, null).PCRSelection;
}
/// <summary>
/// Seals data to the specified pcr selection,
/// create a valid pcr selection with session.CreateEmptyPCRSelection
/// </summary>
/// <param name="pcrSelection"></param>
/// <param name="data">Data to seal</param>
/// <returns></returns>
public byte[] Seal(TPMPCRSelection pcrSelection, byte[] data)
{
Parameters paramsSeal = new Parameters();
paramsSeal.AddPrimitiveType("in_data", data);
paramsSeal.AddPrimitiveType("key", _keyIdentifier);
paramsSeal.AddValue("pcr_selection", pcrSelection);
Parameters paramsSecret = new Parameters();
paramsSecret.AddPrimitiveType("identifier", KeyIdentifier);
ProtectedPasswordStorage authSeal = _tpmSession.RequestSecret(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SealAuth, paramsSecret));
if(authSeal.Hashed == false)
authSeal.Hash();
authSeal.DecryptHash();
paramsSeal.AddPrimitiveType("data_auth", authSeal.HashValue);
try
{
TPMCommandResponse sealResponse = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Seal, paramsSeal);
return sealResponse.Parameters.GetValueOf<byte[]>("data");
}
finally
{
if(authSeal != null)
authSeal.ClearHash();
}
}
/// <summary>
/// Cryptographically reports the selected PCR values and returns
/// the TPMPCRComposite and the generated signature. If no
/// external data is supplied a random nonce is generated on the server.
/// The length of externalData is defined by the hashing algorithm used by the TPM
/// </summary>
/// <param name="pcrs"></param>
/// <param name="externalData">Nonce used for the quoting operation,
/// use CreateCompatibleHashAlgorithm or CreateCompatibleHashProvider to generate a hash value
/// with the correct length</param>
/// <returns></returns>
public QuoteResponse Quote(TPMPCRSelection pcrs, byte[] externalData)
{
Parameters quoteParameters = new Parameters();
quoteParameters.AddPrimitiveType("key", _keyIdentifier);
quoteParameters.AddValue("targetPCR", pcrs);
if(externalData != null)
quoteParameters.AddPrimitiveType("externalData", externalData);
TPMCommandResponse response = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Quote, quoteParameters);
return new QuoteResponse(response.Parameters.GetValueOf<TPMPCRComposite>("pcrData"),
response.Parameters.GetValueOf<byte[]>("sig"));
}
/// <summary>
/// Creates an IAsymmetricBlockCipher for sealing for this key. This is only valid for storage keys
/// </summary>
/// <param name="pcrSelection"> </param>
/// <returns></returns>
public IAsymmetricBlockCipher CreateSealBlockCipher(TPMPCRSelection pcrSelection, ProtectedPasswordStorage sealAuth)
{
return new SealBlockCipher(this, _tpmSession, pcrSelection, sealAuth);
}
/// <summary>
/// Creates an IAsymmetricBlockCipher for sealing for this key. This is only valid for storage keys
/// </summary>
/// <param name="pcrSelection"> </param>
/// <returns></returns>
public IAsymmetricBlockCipher CreateSealBlockCipher(TPMPCRSelection pcrSelection)
{
return new SealBlockCipher(this, _tpmSession, pcrSelection);
}
/// <summary>
/// Creates an ISigner for quoting using this key
/// </summary>
/// <param name="pcrSelection"></param>
/// <returns></returns>
public ISigner CreateQuoter(TPMPCRSelection pcrSelection)
{
TPMKey keyInfo = KeyInfo;
if(keyInfo.AlgorithmParams.AlgorithmId == TPMAlgorithmId.TPM_ALG_RSA &&
keyInfo.AlgorithmParams.SigScheme == TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1)
{
return new QuoteSigner(_tpmSession, this, pcrSelection);
}
else
throw new NotSupportedException(string.Format("Quoter not supported for '{0}-{1}'", keyInfo.AlgorithmParams.AlgorithmId,
keyInfo.AlgorithmParams.SigScheme));
}
public TPMPCRSelectionCore(TPMPCRSelection pcrSelection)
{
_pcrSelection = pcrSelection.PcrSelection;
}
/// <summary>
/// Creates a new TPMPCRSelection structure with the given number of pcrslots
/// </summary>
/// <param name="pcrCount"></param>
/// <returns></returns>
public static TPMPCRSelection CreatePCRSelection(uint pcrCount)
{
TPMPCRSelection selection = new TPMPCRSelection();
selection._pcrSelection = new BitMap((int)pcrCount);
return selection;
}
