Esempio n. 1
0
        public override TPMCommandResponse Process()
        {
            //We don't have any meaningful labeldata we could include,
            //so generate some random
            byte[] labelData = new byte[16];
            Random r = new Random();
            r.NextBytes(labelData);

            if(_params.IsDefined<ITPMHandle>("handle") == false)
                return new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_SaveContext, new Parameters());

            ITPMHandle handle = _params.GetValueOf<ITPMHandle>("handle");

            TPMBlob requestBlob = new TPMBlob();
            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_SaveContext);
            requestBlob.WriteUInt32(handle.Handle);
            requestBlob.WriteUInt32((uint)handle.ResourceType);
            requestBlob.Write(labelData, 0, labelData.Length);

            TPMBlob responseBlob = TransmitMe(requestBlob);
            responseBlob.SkipHeader();

            uint blobSize = responseBlob.ReadUInt32();
            byte[] contextBlob = responseBlob.ReadBytes((int)blobSize);

            Parameters responseParams = new Parameters();
            responseParams.AddPrimitiveType("context_blob", contextBlob);
            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_SaveContext, responseParams);
        }
Esempio n. 2
0
 public void WriteToTpmBlob(TPMBlob blob)
 {
     ((ITPMBlobWritable)_versionStruct).WriteToTpmBlob(blob);
     blob.WriteUInt32((uint)_sealInfo.Length);
     blob.Write(_sealInfo,0,_sealInfo.Length);
     blob.WriteUInt32((uint)_encData.Length);
     blob.Write(_encData, 0, _encData.Length);
 }
Esempio n. 3
0
 /// <summary>
 /// Writes target to sink with the uint size preceding
 /// </summary>
 /// <param name="sink"></param>
 /// <param name="target"></param>
 public static void WriteITPMBlobWritableWithUIntSize(TPMBlob sink, ITPMBlobWritable target)
 {
     if (target == null)
     {
         sink.WriteUInt32 (0);
     }
     else
     {
         using (TPMBlob tempBlob = new TPMBlob ())
         {
             target.WriteToTpmBlob (tempBlob);
             sink.WriteUInt32 ((uint)tempBlob.Length);
             sink.Write (tempBlob.ToArray (), 0, (int)tempBlob.Length);
         }
     }
 }
Esempio n. 4
0
        public void WriteToTpmBlob(TPMBlob blob)
        {
            ((ITPMBlobWritable)_pcrSelection).WriteToTpmBlob(blob);
            blob.WriteUInt32((uint)_pcrValues.Length * 20);

            foreach(byte[] pcrValue in _pcrValues)
                blob.Write(pcrValue,0, pcrValue.Length);
        }
Esempio n. 5
0
        public override TPMCommandResponse Process()
        {
            ITPMHandle handle = _params.GetValueOf<ITPMHandle> ("handle");

            TPMBlob requestBlob = new TPMBlob ();
            requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_FlushSpecific);
            requestBlob.WriteUInt32 (handle.Handle);
            requestBlob.WriteUInt32 ((uint)handle.ResourceType);

            requestBlob.WriteCmdSize ();

            try
            {
                TransmitMe(requestBlob);
            }
            catch(Exception)
            {
                if(!_params.GetValueOf<bool>("ignore_tpm_error", false))
                    throw;
            }

            return new TPMCommandResponse (true, TPMCommandNames.TPM_CMD_FlushSpecific, new Parameters ());
        }
Esempio n. 6
0
        public override TPMCommandResponse Process()
        {
            if(_params.IsDefined<ITPMHandle>("handle") == false ||
               _params.IsDefined<byte[]>("context_blob") == false)
                return new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_LoadContext, new Parameters());

            ITPMHandle handle = _params.GetValueOf<ITPMHandle>("handle");

            TPMBlob blob = new TPMBlob();
            blob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_LoadContext);
            blob.WriteUInt32(handle.Handle);
            blob.WriteBool(handle.ForceHandle);
            blob.WriteUInt32((uint)handle.ContextBlob.Length);
            blob.Write(handle.ContextBlob, 0, handle.ContextBlob.Length);

            TPMBlob responseBlob = TransmitMe(blob);
            responseBlob.SkipHeader();
            handle.Handle = responseBlob.ReadUInt32();

            Parameters responseParameters = new Parameters();
            responseParameters.AddValue("handle", handle);

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_LoadContext, responseParameters);
        }
Esempio n. 7
0
        public override TPMCommandResponse Process()
        {
            using(TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_GetRandom);
                requestBlob.WriteUInt32(_params.GetValueOf<uint>("bytes_requested"));
                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            uint responseByteSize = _responseBlob.ReadUInt32();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("data", _responseBlob.ReadBytes((int)responseByteSize));

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_GetRandom, _responseParameters);
        }
Esempio n. 8
0
        public override TPMCommandResponse Process()
        {
            using(TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadCounter);
                requestBlob.WriteUInt32(_params.GetValueOf<uint>("counter_id"));

                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _params.GetValueOf<uint>("counter_id"));
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_ReadCounter, _responseParameters);
        }
Esempio n. 9
0
        public override TPMCommandResponse Process()
        {
            TPMBlob requestBlob = new TPMBlob ();
            requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_PcrRead);
            requestBlob.WriteUInt32 ((uint)_register);
            requestBlob.WriteCmdSize ();

            TPMBlob responseBlob = TransmitMe (requestBlob);
            Parameters responseParam = new Parameters();

            byte[] val = responseBlob.ReadBytes(20);

            responseParam.AddPrimitiveType("pcrnum", _register);
            responseParam.AddPrimitiveType("value", val);

            TPMCommandResponse response = new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_PCRRead, responseParam);

            return response;
        }
Esempio n. 10
0
        public override TPMCommandResponse Process()
        {
            using(TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_Extend);
                requestBlob.WriteUInt32(_params.GetValueOf<uint>("pcr"));

                byte[] digest = _params.GetValueOf<byte[]>("digest");
                if(digest.Length != 20)
                    throw new ArgumentException("Digest needs to be of length '20'");

                requestBlob.Write(digest, 0, digest.Length);

                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("pcr_value", _responseBlob.ReadBytes(20));
            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Extend, _responseParameters);
        }
Esempio n. 11
0
 public void WriteAuthorizationInfo(TPMBlob target, AuthorizationInfo authInfo)
 {
     target.WriteUInt32 (authInfo.Handle.Handle);
     target.Write (authInfo.Handle.NonceOdd, 0, authInfo.Handle.NonceOdd.Length);
     target.WriteBool (authInfo.ContinueAuthSession);
     target.Write (authInfo.AuthData, 0, authInfo.AuthData.Length);
 }
Esempio n. 12
0
 public void WriteToTpmBlob(TPMBlob blob)
 {
     blob.WriteUInt32 ((uint)_pubkey.Length);
     blob.Write (_pubkey, 0, _pubkey.Length);
 }
Esempio n. 13
0
        protected override TPMCommandResponse InternalProcess()
        {
            // Unencrypted authorization values, they need to be XOR-Encrypted with
            // XOR(auth, SHA-1(OSAP shared secret | session nonce))
            //
            // OSAP_shared_secret = HMAC(key=usage secret of key handle, nonce even osap | nonce odd osap)
            AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);

            _encAuth = _params.GetValueOf<byte[]> ("data_auth");

            byte[] xorKey = new HashProvider().Hash(
                    new HashByteDataProvider(auth1OSAP.SharedSecret),
                    new HashByteDataProvider(auth1OSAP.NonceEven));

            ByteHelper.XORBytes(_encAuth, xorKey);

            //Load parent key if not loaded
            _keyManager.LoadKey(_params.GetValueOf<string>("key"));

            TPMBlob requestBlob = new TPMBlob();
            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Seal);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_encAuth, 0, 20);
            TPMBlobWriteableHelper.WriteITPMBlobWritableWithUIntSize(requestBlob, _pcrInfo);
            requestBlob.WriteUInt32((uint)_inData.Length);
            requestBlob.Write(_inData, 0, _inData.Length);

            AuthorizeMe(requestBlob);

            using(_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("key")).Handle);
                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            TPMStoredDataCore sealedData = TPMStoredDataCore.CreateFromTPMBlob(_responseBlob);

            Parameters responseParams = new Parameters();
            responseParams.AddPrimitiveType("data", ByteHelper.SerializeToBytes(sealedData));

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Seal, responseParams);
        }
Esempio n. 14
0
        public void WriteToTpmBlob(TPMBlob blob)
        {
            ((ITPMBlobWritable)_version).WriteToTpmBlob (blob);
            blob.WriteUInt16 ((ushort)_keyUsage);
            blob.WriteUInt32 ((uint)_keyFlags);
            blob.WriteByte ((byte)_authDataUsage);
            ((ITPMBlobWritable)_algorithmParams).WriteToTpmBlob (blob);

            //TODO: PCR info size
            blob.WriteUInt32 (0);

            ((ITPMBlobWritable)_pubKey).WriteToTpmBlob (blob);

            blob.WriteUInt32 ((uint)_encData.Length);
            blob.Write (_encData, 0, _encData.Length);
        }
Esempio n. 15
0
        protected override TPMCommandResponse InternalProcess()
        {
            TPMBlob requestBlob = new TPMBlob ();
            requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_GetPubKey);

            //If not loaded load now
            _keyManager.LoadKey(_params.GetValueOf<string>("key"));

            //KeyHandle To be inserted later
            requestBlob.WriteUInt32 (0);

            //Blocking authorize, blocks till the user has entered the authorization data
            AuthorizeMe(requestBlob);

            using(_keyManager.AcquireLock())
            {
                //Write key handle to the first position after the header
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("key")).Handle);

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            TPMPubkeyCore pubKey = TPMPubkeyCore.CreateFromTPMBlob(_responseBlob);

            Parameters responseParams = new Parameters();
            responseParams.AddValue("pubkey", pubKey);

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_GetPubKey, responseParams);
        }
Esempio n. 16
0
        protected override TPMCommandResponse InternalProcess()
        {
            byte[] ownerAuth = _params.GetValueOf<byte[]> (PARAM_OWNERAUTH);
            byte[] srkAuth = _params.GetValueOf<byte[]> (PARAM_SRKAUTH);

            TPMBlob requestBlob = new TPMBlob ();
            requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_TakeOwnership);

            requestBlob.WriteUInt16 ((ushort)TPMProtocolId.TPM_PID_OWNER);

            requestBlob.WriteUInt32 ((uint)ownerAuth.Length);
            requestBlob.Write (ownerAuth, 0, ownerAuth.Length);

            requestBlob.WriteUInt32 ((uint)srkAuth.Length);
            requestBlob.Write (srkAuth, 0, srkAuth.Length);

            _tpmKey.WriteToTpmBlob (requestBlob);

            _responseBlob = AuthorizeMeAndTransmit(requestBlob);

            CheckResponseAuthInfo();

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_TakeOwnership, new Parameters());
        }
Esempio n. 17
0
 public void WriteToTpmBlob(TPMBlob blob)
 {
     blob.WriteUInt32 ((uint)_algorithmId);
     blob.WriteUInt16 ((ushort)_encScheme);
     blob.WriteUInt16 ((ushort)_sigScheme);
     TPMBlobWriteableHelper.WriteITPMBlobWritableWithUIntSize (blob, (ITPMBlobWritable)_params);
 }
Esempio n. 18
0
        protected override TPMCommandResponse InternalProcess()
        {
            //Load parent key if not loaded
            _keyManager.LoadKey(_params.GetValueOf<string>("key"));

            TPMBlob requestBlob = new TPMBlob();
            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_UnBind);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.WriteUInt32((uint)_inData.Length);
            requestBlob.Write(_inData, 0, _inData.Length);

            AuthorizeMe(requestBlob);

            using(_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("key")).Handle);
                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            uint dataSize = _responseBlob.ReadUInt32();
            byte[] responseData = new byte[dataSize];
            _responseBlob.Read(responseData, 0, responseData.Length);

            Parameters responseParams = new Parameters();
            responseParams.AddPrimitiveType("data", responseData);

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Unbind, responseParams);
        }
Esempio n. 19
0
        protected override TPMCommandResponse InternalProcess()
        {
            using(TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_ReleaseCounter);
                requestBlob.WriteUInt32(_params.GetValueOf<uint>("counter_id"));

                _responseBlob = AuthorizeMeAndTransmit(requestBlob);
            }

            _responseParameters = new Parameters();

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters);
        }
Esempio n. 20
0
        public override TPMCommandResponse Process()
        {
            TPMBlob requestBlob = new TPMBlob ();
            requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_GetCapability);
            requestBlob.WriteUInt32 ((uint)_capArea);

            switch(_capArea)
            {
            case CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL:
                //Subcaps are ignored by TPM_CAP_VERSION_VAL
                requestBlob.WriteUInt32 (0);
                break;
            case CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE:
                requestBlob.WriteUInt32 (4);
                requestBlob.WriteUInt32 ((uint)_param.GetValueOf<TPMResourceType> ("handle_type"));
                break;
            case CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY:
                CapabilityData.TPMSubCapProperty subCap = _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap");

                //Size of subcap
                requestBlob.WriteUInt32 (4);
                requestBlob.WriteUInt32 ((uint)subCap);
                break;
            case CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE:

                CapabilityDataCore.TPMSelectSizeCore tpmSelectSize =
                    CapabilityDataCore.TPMSelectSizeCore.CreateVersion12(_param.GetValueOf<ushort>(CapabilityData.PARAM_PROP_SELECT_SIZE));

                TPMBlobWriteableHelper.WriteITPMBlobWritableWithUIntSize(requestBlob, tpmSelectSize);
                break;

            default:
                throw new NotSupportedException ("Defined cap or subcap are not supported");
            }

            //			if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL)
            //			{
            //				//Subcaps are ignored by TPM_CAP_VERSION_VAL
            //				requestBlob.WriteUInt32 (0);
            //			}
            //			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE)
            //			{
            //				requestBlob.WriteUInt32 (4);
            //				requestBlob.WriteUInt32 ((uint)_param.GetValueOf<TPMResourceType> ("handle_type"));
            //			}
            //			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY)
            //			{
            //				CapabilityData.TPMSubCapProperty subCap = _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap");
            //
            //				//Size of subcap
            //				requestBlob.WriteUInt32 (4);
            //				requestBlob.WriteUInt32 ((uint)subCap);
            //			}
            //			else
            //				throw new NotSupportedException ("Defined cap or subcap are not supported");

            requestBlob.WriteCmdSize ();

            TPMBlob responseBlob = TransmitMe(requestBlob);
            responseBlob.SkipHeader ();

            Parameters parameters = new Parameters ();

            switch(_capArea)
            {
            case CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL:
                CapabilityDataCore.TPMCapVersionInfoCore tpmVersionInfo = new CapabilityDataCore.TPMCapVersionInfoCore (responseBlob);
                parameters.AddValue (CapabilityData.PARAM_TPM_VERSION_INFO, tpmVersionInfo);
                break;
            case CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE:
                responseBlob.SkipHeader ();

                //Reads the response size, which is ignored
                responseBlob.ReadUInt32 ();

                HandleListCore handleList = new HandleListCore (responseBlob, _param.GetValueOf<TPMResourceType> ("handle_type"));
                parameters.AddValue ("handles", handleList);
                break;
            case CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY:
                responseBlob.SkipHeader ();
                switch(_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap"))
                {
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR:
                    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_PCR, ReadUInt32Response (responseBlob));
                    break;
                //case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_DIR:
                //    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_DIR, ReadUInt32Response (responseBlob));
                //    break;
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MANUFACTURER:
                    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MANUFACTURER, ReadUInt32Response (responseBlob));
                    break;
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_KEYS:
                    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_KEYS, ReadUInt32Response (responseBlob));
                    break;
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS:
                    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_AUTHSESS, ReadUInt32Response (responseBlob));
                    break;
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS:
                    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_TRANSESS, ReadUInt32Response (responseBlob));
                    break;
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_KEYS:
                    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_KEYS, ReadUInt32Response (responseBlob));
                    break;
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS:
                    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_SESSIONS, ReadUInt32Response (responseBlob));
                    break;
                default:
                    throw new NotSupportedException("Defined cap or subcap are not supported");
                }
                break;

            case CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE:
                parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_SELECT_SIZE, ReadBoolResponse(responseBlob));
                break;
            }

            //			if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL)
            //			{
            //				CapabilityDataCore.TPMCapVersionInfoCore tpmVersionInfo = new CapabilityDataCore.TPMCapVersionInfoCore (responseBlob);
            //				parameters.AddValue (CapabilityData.PARAM_TPM_VERSION_INFO, tpmVersionInfo);
            //			}
            //			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE)
            //			{
            //				responseBlob.SkipHeader ();
            //
            //				//Reads the response size, which is ignored
            //				responseBlob.ReadUInt32 ();
            //
            //				HandleListCore handleList = new HandleListCore (responseBlob, _param.GetValueOf<TPMResourceType> ("handle_type"));
            //				parameters.AddValue ("handles", handleList);
            //			}
            //
            //
            //			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
            //				    _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR)
            //			{
            //				responseBlob.SkipHeader ();
            //				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_PCR, ReadUInt32Response (responseBlob));
            //			}
            //
            //			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
            //				_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS)
            //			{
            //				responseBlob.SkipHeader ();
            //				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_AUTHSESS, ReadUInt32Response (responseBlob));
            //			}
            //
            //			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
            //				_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS)
            //			{
            //				responseBlob.SkipHeader ();
            //				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_TRANSESS, ReadUInt32Response (responseBlob));
            //			}
            //
            //			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
            //				_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS)
            //			{
            //				responseBlob.SkipHeader ();
            //				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_SESSIONS, ReadUInt32Response (responseBlob));
            //			}
            //			else
            //				throw new NotSupportedException("Defined cap or subcap are not supported");

            return new TPMCommandResponse (true, TPMCommandNames.TPM_CMD_GetCapability, parameters);
        }
Esempio n. 21
0
        protected override TPMCommandResponse InternalProcess()
        {
            using(TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_IncrementCounter);
                requestBlob.WriteUInt32(_params.GetValueOf<uint>("counter_id"));

                _responseBlob = AuthorizeMeAndTransmit(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _responseBlob.ReadUInt32());
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters);
        }
Esempio n. 22
0
        protected override TPMCommandResponse InternalProcess()
        {
            // Unencrypted authorization values, they need to be XOR-Encrypted with
            // XOR(auth, SHA-1(OSAP shared secret | session nonce))
            //
            // OSAP_shared_secret = HMAC(key=usage secret of key handle, nonce even osap | nonce odd osap)
            AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);

            _usageAuth = _params.GetValueOf<byte[]> ("usage_auth");
            _migrationAuth = _params.GetValueOf<byte[]> ("migration_auth");
            byte[] xorKey = new HashProvider().Hash(
                    new HashByteDataProvider(auth1OSAP.SharedSecret),
                    new HashByteDataProvider(auth1OSAP.NonceEven));

            ByteHelper.XORBytes(_usageAuth, xorKey);
            ByteHelper.XORBytes(_migrationAuth, xorKey);

            //Load parent key if not loaded
            _keyManager.LoadKey(_params.GetValueOf<string>("parent"));

            TPMBlob requestBlob = new TPMBlob();
            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateWrapKey);

            //parent key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_usageAuth, 0, 20);
            requestBlob.Write(_migrationAuth, 0, 20);
            _tpmKey.WriteToTpmBlob(requestBlob);

            using(_keyManager.AcquireLock())
            {
                AuthorizeMe(requestBlob);
                requestBlob.SkipHeader();

                if(_params.GetValueOf<string>("parent") == KeyHandle.KEY_SRK)
                    requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
                else
                    requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("parent")).Handle);

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();
            TPMKeyCore newKey = new TPMKeyCore(_responseBlob);
            _responseParameters = new Parameters();

            //Build and save the key identifier
            //The key identifier is the hex-string representation of the hash of the newly created key
            _responseParameters.AddPrimitiveType("key_identifier",
                ByteHelper.ByteArrayToHexString(
                    new HashProvider().Hash(
                            new HashByteDataProvider(
                                ByteHelper.SerializeToBytes(newKey)
                            )
                        ),
                    ""));

            _responseParameters.AddPrimitiveType("key_data", ByteHelper.SerializeToBytes(newKey));

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateWrapKey, _responseParameters);
        }
Esempio n. 23
0
        protected override TPMCommandResponse InternalProcess()
        {
            string key = _params.GetValueOf<string>("key");
            _keyManager.LoadKey(key);

            TPMKey keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(key));

            if(keyInfo == null)
                throw new ArgumentException(string.Format("TPM_Sign could not retrieve keyinfo for key '{0}'", key));

            byte[] areaToSign = null;

            if(keyInfo.AlgorithmParams.SigScheme == TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1)
            {
                //Client has hopefully put data in the right format ready for the tpm to process
                if(_params.IsDefined<byte[]>("areaToSign"))
                    areaToSign = _params.GetValueOf<byte[]>("areaToSign");
                //Client just sends data, tpm lib cares about the right, signature dependent, processing
                else if(_params.IsDefined<byte[]>("data"))
                {
                    byte[] data = _params.GetValueOf<byte[]>("data");

                    areaToSign = new HashProvider().Hash(new HashByteDataProvider(data));
                }

                if(areaToSign.Length != 20)
                {
                    throw new ArgumentException(string.Format("Sig scheme '{0}' expects an area to sign with length 20!", keyInfo.AlgorithmParams.SigScheme));
                }
            }
            else
                throw new ArgumentException(string.Format("TPM_Sign has not implemented signature scheme '{0}' for algorithm '{1}'", keyInfo.AlgorithmParams.SigScheme, keyInfo.AlgorithmParams.AlgorithmId));

            TPMBlob requestBlob = new TPMBlob();
            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Sign);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.WriteUInt32((uint)areaToSign.Length);
            requestBlob.Write(areaToSign, 0, areaToSign.Length);

            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(key).Handle);

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            uint sigSize = _responseBlob.ReadUInt32();
            byte[] signature = _responseBlob.ReadBytes((int)sigSize);

            Parameters responseParams = new Parameters();
            responseParams.AddPrimitiveType("sig", signature);
            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Sign, responseParams);
        }
Esempio n. 24
0
        protected override TPMCommandResponse InternalProcess()
        {
            TPMBlob requestBlob = new TPMBlob ();
            requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_LoadKey2);

            //If not loaded load now
            if(_params.GetValueOf<bool>("parent_key_srk") == false)
                _keyManager.LoadKey(_params.GetValueOf<string>("parent_identifier"));

            //To be inserted later
            requestBlob.WriteUInt32 (0);

            _tpmKey.WriteToTpmBlob(requestBlob);

            //Blocking authorize, blocks till the user has entered the authorization data
            AuthorizeMe(requestBlob);

            using(_keyManager.AcquireLock())
            {
                _keyManager.EnsureFreeSlot();
                uint tpmKeyHandle;

                if(_params.GetValueOf<bool>("parent_key_srk"))
                    tpmKeyHandle = (uint)TPMKeyHandles.TPM_KH_SRK;
                else
                    tpmKeyHandle = _keyManager.IdentifierToHandle(_params.GetValueOf<string>("parent_identifier")).Handle;

                //Write key handle to the first position after the header
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(tpmKeyHandle);

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();
            uint loadedTpmHandle = _responseBlob.ReadUInt32();
            KeyHandle loadedHandle = new KeyHandle(_params.GetValueOf<string>("key_identifier"), loadedTpmHandle);

            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("handle", loadedHandle);
            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_LoadKey2, _responseParameters);
        }
Esempio n. 25
0
        public override TPMCommandResponse Process()
        {
            TPMEntityTypeLSB entityLSB = _params.GetValueOf<TPMEntityTypeLSB>("entity_lsb");
            TPMEntityTypeMSB entityMSB = _params.GetValueOf<TPMEntityTypeMSB>("entity_msb");
            string identifier = _params.GetValueOf<string>("entity_value");

            if( entityLSB != TPMEntityTypeLSB.TPM_ET_KEYHANDLE &&
                entityLSB != TPMEntityTypeLSB.TPM_ET_SRK &&
                entityLSB != TPMEntityTypeLSB.TPM_ET_OWNER)
            {
                throw new ArgumentException("TPM_OSAP does currently not support entityType: " + entityLSB.ToString());
            }

            if(entityMSB != TPMEntityTypeMSB.TPM_ET_XOR)
            {
                throw new ArgumentException(string.Format("TPM_OSAP does currently not support '{0}' EncAuth encryption", entityMSB));
            }

            if(entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
               entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
            {
                //We now know that the current identifier is a key identifier (maybe srk, but then the value is ignored by TPM_OSAP).
                //So we invoke the key manager to load the key with the specified identifier and establish an OSAP session
                _keyManager.LoadKey(identifier);
            }

            //handle is not known yet
            AuthHandle authHandle = new AuthHandle(AuthHandle.AuthType.OSAP, 0);
            authHandle.EntityType = entityLSB;
            authHandle.NewNonceOddOSAP();

            using(_keyManager.AcquireLock())
            {

                TPMBlob requestBlob = new TPMBlob();
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OSAP);
                requestBlob.WriteUInt16((ushort)(((ushort)entityMSB <<  8) | (ushort)entityLSB));

                if(entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
                   entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
                {
                    if (identifier == KeyHandle.KEY_SRK)
                    {
                        requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
                        authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_SRK;
                    }
                    else
                    {
                        KeyHandle keyHandle = _keyManager.IdentifierToHandle(identifier);
                        requestBlob.WriteUInt32(keyHandle.Handle);
                        authHandle.EntityValue = keyHandle.Handle;
                    }
                }
                else if(entityLSB == TPMEntityTypeLSB.TPM_ET_OWNER)
                {
                    requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_OWNER);
                    authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_OWNER;
                }

                requestBlob.Write(authHandle.NonceOddOSAP, 0, authHandle.NonceOddOSAP.Length);
                requestBlob.WriteCmdSize();

                _commandAuthHelper.EnsureFreeSlot();
                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            AuthHandleCore receivedAuthHandle = new AuthHandleCore(AuthHandle.AuthType.OSAP, _responseBlob);
            authHandle.UpdateFromOtherAuthHandle(receivedAuthHandle);

            _responseParameters = new Parameters();
            _responseParameters.AddValue("auth_handle", authHandle);
            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OSAP, _responseParameters);
        }
Esempio n. 26
0
        protected override TPMCommandResponse InternalProcess()
        {
            TPMBlob requestBlob = new TPMBlob();
            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Quote);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_nonce, 0, 20);
            _pcrSelection.WriteToTpmBlob(requestBlob);

            _keyManager.LoadKey(_params.GetValueOf<string>("key"));

            AuthorizeMe(requestBlob);

            using(_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("key")).Handle);
                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            TPMPCRCompositeCore pcrComposite = TPMPCRCompositeCore.CreateFromTPMBlob(_responseBlob);
            uint sigSize = _responseBlob.ReadUInt32();
            byte[] signature =  _responseBlob.ReadBytes((int)sigSize);

            // Do signature verification
            TPMQuoteInfoCore quoteInfo = TPMQuoteInfoCore.Create(new HashProvider().Hash(new HashTPMBlobWritableDataProvider(pcrComposite)), _nonce);
            byte[] signingData;
            using (TPMBlob blob = new TPMBlob())
            {
                quoteInfo.WriteToTpmBlob(blob);
                signingData = blob.ToArray();
            }

            Parameters pubKeyParams = new Parameters();
            pubKeyParams.AddPrimitiveType("key", _params.GetValueOf<string>("key"));
            TPMCommandRequest pubKeyRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetPubKey, pubKeyParams);
            TPMCommandResponse pubKeyResponse = _tpmWrapper.Process(pubKeyRequest,
                _commandAuthHelper, _keyManager);

            if (pubKeyResponse.Status == false)
            {
                _log.FatalFormat("TPM_Quote: Could not retrieve pubkey of key");
                return new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_Quote, new Parameters());
            }

            TPMKey keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(_params.GetValueOf<string>("key")));
            TPMPubkey pubkey = pubKeyResponse.Parameters.GetValueOf<TPMPubkey>("pubkey");

            if (SignatureVerification.VerifySignature(keyInfo, pubkey, signingData, signature) == false)
            {
                throw new ArgumentException("The TPM_Quote signature could not be verified");
            }

            Parameters responseParams = new Parameters();
            responseParams.AddValue("pcrData", pcrComposite);
            responseParams.AddPrimitiveType("sig", signature);

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Quote, responseParams);
        }
Esempio n. 27
0
        public void WriteToTpmBlob(TPMBlob blob)
        {
            blob.WriteUInt32(_keyLength);
            blob.WriteUInt32(_numPrimes);

            blob.WriteUInt32((uint)_exponent.Length);
            blob.Write(_exponent, 0, _exponent.Length);
        }