public override TPMCommandResponse Process()
{
byte[] nonce = NonceGenerator.GenerateByteNonce (20);
TPMBlob requestBlob = new TPMBlob ();
requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadPubek);
requestBlob.Write (nonce, 0, nonce.Length);
requestBlob.WriteCmdSize ();
TPMBlob responseBlob = TransmitMe(requestBlob);
responseBlob.SkipHeader ();
long posStart = responseBlob.Position;
TPMPubkeyCore pubkey = TPMPubkeyCore.CreateFromTPMBlob(responseBlob);
long posEnd = responseBlob.Position;
Digest digest = new Digest (responseBlob, 20);
if (digest.CompareTo (
new HashStreamDataProvider (responseBlob, posStart, posEnd - posStart, false),
new HashByteDataProvider (nonce)) == false)
{
throw new TPMResponseException ("Local digest does not match remote digest");
}
Parameters responseParams = new Parameters ();
responseParams.AddValue (TPMPubkey.PARAM_TPM_PUBKEY, pubkey);
return new TPMCommandResponse (true, TPMCommandNames.TPM_CMD_ReadPubek, responseParams);
}
public override TPMCommandResponse Process()
{
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OIAP);
requestBlob.WriteCmdSize();
_commandAuthHelper.EnsureFreeSlot();
TPMBlob responseBlob = TransmitMe(requestBlob);
responseBlob.SkipHeader();
AuthHandleCore authHandle = new AuthHandleCore(AuthHandle.AuthType.OIAP, responseBlob);
_responseParameters = new Parameters();
_responseParameters.AddValue("auth_handle", authHandle);
return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OIAP, _responseParameters);
}
public override TPMCommandResponse Process()
{
TPMBlob requestBlob = new TPMBlob ();
requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_PcrRead);
requestBlob.WriteUInt32 ((uint)_register);
requestBlob.WriteCmdSize ();
TPMBlob responseBlob = TransmitMe (requestBlob);
Parameters responseParam = new Parameters();
byte[] val = responseBlob.ReadBytes(20);
responseParam.AddPrimitiveType("pcrnum", _register);
responseParam.AddPrimitiveType("value", val);
TPMCommandResponse response = new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_PCRRead, responseParam);
return response;
}
public override TPMCommandResponse Process()
{
ITPMHandle handle = _params.GetValueOf<ITPMHandle> ("handle");
TPMBlob requestBlob = new TPMBlob ();
requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_FlushSpecific);
requestBlob.WriteUInt32 (handle.Handle);
requestBlob.WriteUInt32 ((uint)handle.ResourceType);
requestBlob.WriteCmdSize ();
try
{
TransmitMe(requestBlob);
}
catch(Exception)
{
if(!_params.GetValueOf<bool>("ignore_tpm_error", false))
throw;
}
return new TPMCommandResponse (true, TPMCommandNames.TPM_CMD_FlushSpecific, new Parameters ());
}
/// <summary>
/// Transmit support for TpmMemoryStreams.
/// </summary>
/// <param name="instm"></param>
/// <param name="writeSize"></param>
/// <returns></returns>
public TPMBlob Transmit(TPMBlob instm, bool writeSize)
{
if (writeSize)
instm.WriteCmdSize();
byte[] inblob = instm.GetBuffer();
if(_debug)
_logger.DebugFormat("send --> 0x{0}", ByteHelper.ByteArrayToHexString(instm.ToArray(), " "));
byte[] outblob = Transmit(inblob, (int)instm.Length);
if(_debug)
_logger.DebugFormat("received --> 0x{0}", ByteHelper.ByteArrayToHexString(outblob, " "));
return new TPMBlob(outblob);
}
public override TPMCommandResponse Process()
{
TPMEntityTypeLSB entityLSB = _params.GetValueOf<TPMEntityTypeLSB>("entity_lsb");
TPMEntityTypeMSB entityMSB = _params.GetValueOf<TPMEntityTypeMSB>("entity_msb");
string identifier = _params.GetValueOf<string>("entity_value");
if( entityLSB != TPMEntityTypeLSB.TPM_ET_KEYHANDLE &&
entityLSB != TPMEntityTypeLSB.TPM_ET_SRK &&
entityLSB != TPMEntityTypeLSB.TPM_ET_OWNER)
{
throw new ArgumentException("TPM_OSAP does currently not support entityType: " + entityLSB.ToString());
}
if(entityMSB != TPMEntityTypeMSB.TPM_ET_XOR)
{
throw new ArgumentException(string.Format("TPM_OSAP does currently not support '{0}' EncAuth encryption", entityMSB));
}
if(entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
{
//We now know that the current identifier is a key identifier (maybe srk, but then the value is ignored by TPM_OSAP).
//So we invoke the key manager to load the key with the specified identifier and establish an OSAP session
_keyManager.LoadKey(identifier);
}
//handle is not known yet
AuthHandle authHandle = new AuthHandle(AuthHandle.AuthType.OSAP, 0);
authHandle.EntityType = entityLSB;
authHandle.NewNonceOddOSAP();
using(_keyManager.AcquireLock())
{
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OSAP);
requestBlob.WriteUInt16((ushort)(((ushort)entityMSB << 8) | (ushort)entityLSB));
if(entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
{
if (identifier == KeyHandle.KEY_SRK)
{
requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_SRK;
}
else
{
KeyHandle keyHandle = _keyManager.IdentifierToHandle(identifier);
requestBlob.WriteUInt32(keyHandle.Handle);
authHandle.EntityValue = keyHandle.Handle;
}
}
else if(entityLSB == TPMEntityTypeLSB.TPM_ET_OWNER)
{
requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_OWNER);
authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_OWNER;
}
requestBlob.Write(authHandle.NonceOddOSAP, 0, authHandle.NonceOddOSAP.Length);
requestBlob.WriteCmdSize();
_commandAuthHelper.EnsureFreeSlot();
_responseBlob = TransmitMe(requestBlob);
}
_responseBlob.SkipHeader();
AuthHandleCore receivedAuthHandle = new AuthHandleCore(AuthHandle.AuthType.OSAP, _responseBlob);
authHandle.UpdateFromOtherAuthHandle(receivedAuthHandle);
_responseParameters = new Parameters();
_responseParameters.AddValue("auth_handle", authHandle);
return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OSAP, _responseParameters);
}
public override TPMCommandResponse Process()
{
TPMBlob requestBlob = new TPMBlob ();
requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_GetCapability);
requestBlob.WriteUInt32 ((uint)_capArea);
switch(_capArea)
{
case CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL:
//Subcaps are ignored by TPM_CAP_VERSION_VAL
requestBlob.WriteUInt32 (0);
break;
case CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE:
requestBlob.WriteUInt32 (4);
requestBlob.WriteUInt32 ((uint)_param.GetValueOf<TPMResourceType> ("handle_type"));
break;
case CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY:
CapabilityData.TPMSubCapProperty subCap = _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap");
//Size of subcap
requestBlob.WriteUInt32 (4);
requestBlob.WriteUInt32 ((uint)subCap);
break;
case CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE:
CapabilityDataCore.TPMSelectSizeCore tpmSelectSize =
CapabilityDataCore.TPMSelectSizeCore.CreateVersion12(_param.GetValueOf<ushort>(CapabilityData.PARAM_PROP_SELECT_SIZE));
TPMBlobWriteableHelper.WriteITPMBlobWritableWithUIntSize(requestBlob, tpmSelectSize);
break;
default:
throw new NotSupportedException ("Defined cap or subcap are not supported");
}
// if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL)
// {
// //Subcaps are ignored by TPM_CAP_VERSION_VAL
// requestBlob.WriteUInt32 (0);
// }
// else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE)
// {
// requestBlob.WriteUInt32 (4);
// requestBlob.WriteUInt32 ((uint)_param.GetValueOf<TPMResourceType> ("handle_type"));
// }
// else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY)
// {
// CapabilityData.TPMSubCapProperty subCap = _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap");
//
// //Size of subcap
// requestBlob.WriteUInt32 (4);
// requestBlob.WriteUInt32 ((uint)subCap);
// }
// else
// throw new NotSupportedException ("Defined cap or subcap are not supported");
requestBlob.WriteCmdSize ();
TPMBlob responseBlob = TransmitMe(requestBlob);
responseBlob.SkipHeader ();
Parameters parameters = new Parameters ();
switch(_capArea)
{
case CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL:
CapabilityDataCore.TPMCapVersionInfoCore tpmVersionInfo = new CapabilityDataCore.TPMCapVersionInfoCore (responseBlob);
parameters.AddValue (CapabilityData.PARAM_TPM_VERSION_INFO, tpmVersionInfo);
break;
case CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE:
responseBlob.SkipHeader ();
//Reads the response size, which is ignored
responseBlob.ReadUInt32 ();
HandleListCore handleList = new HandleListCore (responseBlob, _param.GetValueOf<TPMResourceType> ("handle_type"));
parameters.AddValue ("handles", handleList);
break;
case CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY:
responseBlob.SkipHeader ();
switch(_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap"))
{
case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR:
parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_PCR, ReadUInt32Response (responseBlob));
break;
//case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_DIR:
// parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_DIR, ReadUInt32Response (responseBlob));
// break;
case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MANUFACTURER:
parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MANUFACTURER, ReadUInt32Response (responseBlob));
break;
case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_KEYS:
parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_KEYS, ReadUInt32Response (responseBlob));
break;
case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS:
parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_AUTHSESS, ReadUInt32Response (responseBlob));
break;
case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS:
parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_TRANSESS, ReadUInt32Response (responseBlob));
break;
case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_KEYS:
parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_KEYS, ReadUInt32Response (responseBlob));
break;
case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS:
parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_SESSIONS, ReadUInt32Response (responseBlob));
break;
default:
throw new NotSupportedException("Defined cap or subcap are not supported");
}
break;
case CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE:
parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_SELECT_SIZE, ReadBoolResponse(responseBlob));
break;
}
// if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL)
// {
// CapabilityDataCore.TPMCapVersionInfoCore tpmVersionInfo = new CapabilityDataCore.TPMCapVersionInfoCore (responseBlob);
// parameters.AddValue (CapabilityData.PARAM_TPM_VERSION_INFO, tpmVersionInfo);
// }
// else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE)
// {
// responseBlob.SkipHeader ();
//
// //Reads the response size, which is ignored
// responseBlob.ReadUInt32 ();
//
// HandleListCore handleList = new HandleListCore (responseBlob, _param.GetValueOf<TPMResourceType> ("handle_type"));
// parameters.AddValue ("handles", handleList);
// }
//
//
// else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
// _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR)
// {
// responseBlob.SkipHeader ();
// parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_PCR, ReadUInt32Response (responseBlob));
// }
//
// else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
// _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS)
// {
// responseBlob.SkipHeader ();
// parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_AUTHSESS, ReadUInt32Response (responseBlob));
// }
//
// else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
// _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS)
// {
// responseBlob.SkipHeader ();
// parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_TRANSESS, ReadUInt32Response (responseBlob));
// }
//
// else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
// _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS)
// {
// responseBlob.SkipHeader ();
// parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_SESSIONS, ReadUInt32Response (responseBlob));
// }
// else
// throw new NotSupportedException("Defined cap or subcap are not supported");
return new TPMCommandResponse (true, TPMCommandNames.TPM_CMD_GetCapability, parameters);
}
