/// <summary>
/// Selects the specified tpm device (if the authenticated user has the permission)
/// </summary>
/// <param name="subsystem"></param>
/// <param name="requestContext"></param>
private void HandleSelectTPMRequest(TPMSubsystem subsystem, RequestContext <SelectTPMRequest, SelectTPMResponse> requestContext)
{
if (!AssertUserAuthentication("select_" + requestContext.Request.TPMIdentifier, requestContext.CreateResponse()))
{
return;
}
SelectTPMResponse response = requestContext.CreateResponse();
if (ServerContext.TPMContexts.ContainsKey(requestContext.Request.TPMIdentifier) == false)
{
response.Succeeded = false;
response.SetKnownErrorCode(TPMSubsystemResponseBase.ErrorCodeEnum.TPMDeviceNotFound);
response.Execute();
return;
}
lock (_selectedTPMs)
{
int myId = (++_maxTPMIdentifier);
_selectedTPMs.Add(myId, ServerContext.TPMContexts[requestContext.Request.TPMIdentifier]);
response.TPMSessionIdentifier = myId;
}
response.Execute();
}
/// <summary>
/// Retrieves informations about keys
/// </summary>
/// <param name="subsystem"></param>
/// <param name="requestContext"></param>
private void HandleKeyInfoRequest(TPMSubsystem subsystem, RequestContext <KeyInfoRequest, KeyInfoResponse> requestContext)
{
TPMContext tpmContext;
KeyInfoResponse response;
lock (_selectedTPMs)
{
if (_selectedTPMs.ContainsKey(requestContext.Request.TPMIdentifier) == false)
{
response = requestContext.CreateResponse();
response.Succeeded = false;
response.SetKnownErrorCode(TPMSubsystemResponseBase.ErrorCodeEnum.TPMIdentifierNotValid);
response.Execute();
return;
}
tpmContext = _selectedTPMs[requestContext.Request.TPMIdentifier];
}
if (!AssertUserAuthentication("key_info_" + _selectedTPMs[requestContext.Request.TPMIdentifier].DeviceName, requestContext.CreateResponse()))
{
return;
}
KeyManagerHelper keyManagerHelper = new KeyManagerHelper(ServerContext, tpmContext, requestContext.Request.TPMIdentifier,
new CommandAuthorizationHelper(ServerContext, requestContext.Request.TPMIdentifier, tpmContext));
if (keyManagerHelper.ContainsIdentifier(requestContext.Request.KeyIdentifier) == false)
{
response = requestContext.CreateResponse();
response.Succeeded = false;
response.SetKnownErrorCode(TPMSubsystemResponseBase.ErrorCodeEnum.NotAValidKeyIdentifier);
response.Execute();
return;
}
byte[] keyBlob = keyManagerHelper.GetKeyBlob(requestContext.Request.KeyIdentifier);
response = requestContext.CreateResponse();
response.Succeeded = true;
response.TPMKey = TPMKeyCore.CreateFromBytes(keyBlob);
response.Execute();
}
/// <summary>
/// Lists all available TPM devices, that can be accessed by the authenticated user
/// </summary>
/// <param name="subsystem"></param>
/// <param name="requestContext"></param>
private void HandleListTPMsRequest(TPMSubsystem subsystem, RequestContext <ListTPMsRequest, ListTPMsResponse> requestContext)
{
if (!AssertUserAuthentication(null, requestContext.CreateResponse()))
{
return;
}
List <string> tpmDevices = new List <string> ();
foreach (KeyValuePair <string, TPMContext> ctx in ServerContext.TPMContexts)
{
if (IsAllowedToUseTPMDevice(ctx.Key))
{
tpmDevices.Add(ctx.Key);
}
}
ListTPMsResponse response = requestContext.CreateResponse();
response.TPMDevices = tpmDevices.ToArray();
response.Execute();
}
private void HandleTPMRequest(TPMSubsystem subsystem, RequestContext <TPMRequest, TPMResponse> requestContext)
{
if (!AssertUserAuthentication(null, requestContext.CreateResponse()))
{
return;
}
TPMContext tpmContext;
TPMResponse response;
lock (_selectedTPMs)
{
if (_selectedTPMs.ContainsKey(requestContext.Request.TPMIdentifier) == false)
{
response = requestContext.CreateResponse();
response.Succeeded = false;
response.SetKnownErrorCode(TPMSubsystemResponseBase.ErrorCodeEnum.TPMIdentifierNotValid);
response.Execute();
return;
}
tpmContext = _selectedTPMs[requestContext.Request.TPMIdentifier];
}
string commandIdentifier = requestContext.Request.CommandRequest.CommandIdentifier;
if (IsAllowedToRunCommand(commandIdentifier, tpmContext) == false)
{
response = requestContext.CreateResponse();
response.Succeeded = false;
response.SetKnownCommonError(SubsystemResponse.CommonErrorCodes.NotPermitted);
response.Execute();
return;
}
_logger.DebugFormat("Executing {0}", requestContext.Request.CommandRequest.CommandIdentifier);
response = requestContext.CreateResponse();
try
{
TPMCommandResponse commandResponse;
//Locking here is not a good idea, because the Process method
//block until the final command is executed. This could take a long time,
//because the user might be asked to authenticate several commands
//lock (tpmContext)
//{
ICommandAuthorizationHelper commandAuthHelper = new CommandAuthorizationHelper(ServerContext, requestContext.Request.TPMIdentifier, tpmContext);
commandResponse = tpmContext.TPM.Process(requestContext.Request.CommandRequest,
commandAuthHelper,
new KeyManagerHelper(ServerContext, tpmContext, requestContext.Request.TPMIdentifier, commandAuthHelper));
//}
response.CommandResponse = commandResponse;
response.Execute();
}
catch (Exception ex)
{
_logger.FatalFormat("Error processing TPMRequest: {0}", ex);
response.Succeeded = false;
response.CustomErrorMessage = ex.Message;
response.Execute();
}
}
