protected void CheckResponseAuthInfo()
{
ResponseAuthHandleInfo[] responseAuthHandles = ResponseAuthHandleInfoCore.ReadAuthHandleInfos(this, _responseBlob);
if (responseAuthHandles.Length != _currentAuthorizationInfos.Length)
{
throw new TPMResponseException(
string.Format("Expected #{0} auth handles in response, but received #{1}",
_currentAuthorizationInfos.Length, responseAuthHandles.Length));
}
AuthorizationInfo[] responseAuthInfos = _commandAuthHelper.GenerateResponseAuthData(this);
for (int i = 0; i < responseAuthHandles.Length; i++)
{
if (ByteHelper.CompareByteArrays(responseAuthHandles[i].TpmAuthData,
responseAuthInfos[i].AuthData) == false)
{
throw new TPMResponseException("Received tpm authdata is not valid," +
"maybe the response got modified!");
}
}
for (int i = 0; i < _currentAuthorizationInfos.Length; i++)
{
ResponseAuthHandleInfo current = responseAuthHandles[i];
if (current.ContinueAuthSession == false)
{
_commandAuthHelper.DestroyAuthorizationHandle(this, _currentAuthorizationInfos[i].Handle);
}
else
{
_currentAuthorizationInfos[i].Handle.UpdateNonceEven(current.NonceEven);
}
}
}
public AuthorizationInfo[] GenerateResponseAuthData(IAuthorizableCommand cmd)
{
List <AuthorizationInfo> authorizationInfos = new List <AuthorizationInfo>();
List <ResponseAuthHandleInfo> responseAuthHandleInfos = new List <ResponseAuthHandleInfo>(cmd.ResponseAuthHandleInfos);
responseAuthHandleInfos.Reverse();
List <AuthorizationInfo> localAuthorizationInfos = new List <AuthorizationInfo>(cmd.AuthorizationInfos);
localAuthorizationInfos.Reverse();
Stack <ResponseAuthHandleInfo> responseAuthHandles = new Stack <ResponseAuthHandleInfo>(responseAuthHandleInfos);
Stack <AuthorizationInfo> authorizationInfoQueue = new Stack <AuthorizationInfo>(localAuthorizationInfos);
foreach (AuthSessionNum authSessionNum in new AuthSessionNum[] { AuthSessionNum.Auth1, AuthSessionNum.Auth2 })
{
HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum);
if (keyInfo == null)
{
continue;
}
ResponseAuthHandleInfo currentResponseAuthHandleInfo = responseAuthHandles.Pop();
AuthorizationInfo currentAuthorizationInfo = authorizationInfoQueue.Pop();
if (currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OIAP)
{
GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest
(_ctx,
new HashByteDataProvider(cmd.ResponseDigest),
new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven),
new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd),
new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession)
);
request.TpmSessionIdentifier = _tpmSessionIdentifier;
request.KeyInfo = keyInfo;
GenerateHMACResponse response = request.TypedExecute();
response.AssertResponse();
authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, response.TpmAuthData));
}
else if (currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OSAP)
{
byte[] tpmAuth = new HMACProvider(currentAuthorizationInfo.Handle.SharedSecret).Hash(
new HashByteDataProvider(cmd.ResponseDigest),
new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven),
new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd),
new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession));
authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, tpmAuth));
}
}
return(authorizationInfos.ToArray());
}
