/// <summary>
/// Creates a duplication blob for the current key that can be Imported as a child
/// of newParent. Three forms are possible. GetPlaintextDuplicationBlob() allows
/// plaintext-import. This function enables duplication with and without an
/// inner wrapper (depending on whether innerWrapper is null)
/// </summary>
/// <param name="newParent"></param>
/// <param name="innerWrapper"></param>
/// <param name="encSecret"></param>
/// <returns></returns>
public TpmPrivate GetDuplicationBlob(
TpmPublic pubNewParent,
SymCipher innerWrapper,
out byte[] encSecret)
{
byte[] encSensitive;
if (innerWrapper == null)
{
// No inner wrapper
encSensitive = Marshaller.ToTpm2B(Sensitive.GetTpmRepresentation());
Transform(encSensitive);
}
else
{
byte[] sens = Marshaller.ToTpm2B(Sensitive.GetTpmRepresentation());
byte[] toHash = Globs.Concatenate(sens, GetName());
Transform(toHash);
byte[] innerIntegrity = Marshaller.ToTpm2B(CryptoLib.HashData(
Public.nameAlg, toHash));
byte[] innerData = Globs.Concatenate(innerIntegrity, sens);
Transform(innerData);
encSensitive = innerWrapper.Encrypt(innerData);
Transform(encSensitive);
}
byte[] seed;
SymDefObject symDef = GetSymDef(pubNewParent).Copy();
// TPM duplication procedures always use CFB mode
symDef.Mode = TpmAlgId.Cfb;
using (var swNewParent = AsymCryptoSystem.CreateFrom(pubNewParent))
{
switch (pubNewParent.type)
{
case TpmAlgId.Rsa:
// The seed should be the same size as the scheme hash
LastSeed =
seed = Globs.GetRandomBytes(
CryptoLib.DigestSize(swNewParent.OaepHash));
encSecret = swNewParent.EncryptOaep(seed, DuplicateEncodingParms);
break;
case TpmAlgId.Ecc:
EccPoint pubEphem;
if (swNewParent == null)
{
encSecret = null;
return(null);
}
seed = swNewParent.EcdhGetKeyExchangeKey(DuplicateEncodingParms,
pubNewParent.nameAlg,
out pubEphem);
encSecret = Marshaller.GetTpmRepresentation(pubEphem);
break;
default:
Globs.Throw <NotImplementedException>(
"GetDuplicationBlob: Unsupported algorithm");
encSecret = new byte[0];
return(new TpmPrivate());
}
}
Transform(seed);
Transform(encSecret);
byte[] symKey = KDF.KDFa(pubNewParent.nameAlg, seed, "STORAGE",
Public.GetName(), new byte[0], symDef.KeyBits);
Transform(symKey);
byte[] dupSensitive;
using (SymCipher enc2 = SymCipher.Create(symDef, symKey))
{
if (enc2 == null)
{
return(null);
}
dupSensitive = enc2.Encrypt(encSensitive);
}
Transform(dupSensitive);
var npNameNumBits = CryptoLib.DigestSize(pubNewParent.nameAlg) * 8;
byte[] hmacKey = KDF.KDFa(pubNewParent.nameAlg, seed, "INTEGRITY",
new byte[0], new byte[0], npNameNumBits);
byte[] outerDataToHmac = Globs.Concatenate(dupSensitive, Public.GetName());
Transform(outerDataToHmac);
byte[] outerHmac = Marshaller.ToTpm2B(CryptoLib.Hmac(pubNewParent.nameAlg,
hmacKey, outerDataToHmac));
Transform(outerHmac);
byte[] dupBlob = Globs.Concatenate(outerHmac, dupSensitive);
Transform(dupBlob);
return(new TpmPrivate(dupBlob));
}
/// <summary>
// Verify that a TPM quote matches an expect PCR selection, is well formed,
// and is properly signed. In acse of failure this overload additionally
// returns information about the specific check that failed.
/// </summary>
/// <param name="pcrDigestAlg"></param>
/// <param name="expectedSelectedPcr"></param>
/// <param name="expectedPcrValues"></param>
/// <param name="nonce"></param>
/// <param name="quotedInfo"></param>
/// <param name="signature"></param>
/// <param name="pointOfFailure"></param>
/// <param name="qualifiedNameOfSigner"></param>
/// <returns></returns>
public bool VerifyQuote(TpmAlgId pcrDigestAlg,
PcrSelection[] expectedSelectedPcr,
Tpm2bDigest[] expectedPcrValues,
byte[] nonce,
Attest quotedInfo,
ISignatureUnion signature,
out QuoteElt pointOfFailure,
byte[] qualifiedNameOfSigner = null)
{
pointOfFailure = QuoteElt.None;
if (!(quotedInfo.attested is QuoteInfo))
{
pointOfFailure = QuoteElt.Type;
return(false);
}
if (quotedInfo.magic != Generated.Value)
{
pointOfFailure = QuoteElt.Magic;
return(false);
}
if (!quotedInfo.extraData.IsEqual(nonce))
{
pointOfFailure = QuoteElt.ExtraData;
return(false);
}
// Check environment of signer (name) is expected
if (qualifiedNameOfSigner != null &&
!quotedInfo.qualifiedSigner.IsEqual(qualifiedNameOfSigner))
{
pointOfFailure = QuoteElt.QualifiedSigner;
return(false);
}
// Now check the quote-specific fields
var quoted = (QuoteInfo)quotedInfo.attested;
// Check values pcr indices are what we expect
if (!Globs.ArraysAreEqual(quoted.pcrSelect, expectedSelectedPcr))
{
pointOfFailure = QuoteElt.PcrSelect;
return(false);
}
// Check that values in the indices above are what we expect
// ReSharper disable once UnusedVariable
var expected = new PcrValueCollection(expectedSelectedPcr, expectedPcrValues);
var m = new Marshaller();
foreach (Tpm2bDigest d in expectedPcrValues)
{
m.Put(d.buffer, "");
}
TpmHash expectedPcrHash = TpmHash.FromData(pcrDigestAlg, m.GetBytes());
if (!Globs.ArraysAreEqual(expectedPcrHash, quoted.pcrDigest))
{
pointOfFailure = QuoteElt.PcrDigest;
return(false);
}
// And finally check the signature
if (!VerifySignatureOverData(quotedInfo.GetTpmRepresentation(), signature))
{
pointOfFailure = QuoteElt.Signature;
return(false);
}
return(true);
}
/// <summary>
/// Create activation blobs that can be passed to ActivateCredential. Two
/// blobs are returned:
/// 1) encryptedSecret - symmetric key cfb-symmetrically encrypted with the
/// enveloping key;
/// 2) credentialBlob - the enveloping key OEAP (RSA) encrypted by the public
/// part of this key. This is the return value of this
/// function
/// </summary>
/// <param name="secret"></param>
/// <param name="nameOfKeyToBeActivated"></param>
/// <param name="encryptedSecret"></param>
/// <returns>CredentialBlob (</returns>
public IdObject CreateActivationCredentials(byte[] secret,
byte[] nameOfKeyToBeActivated,
out byte[] encryptedSecret)
{
byte[] seed, encSecret;
switch (type)
{
case TpmAlgId.Rsa:
// The seed should be the same size as the name algorithmdigest
seed = Globs.GetRandomBytes(CryptoLib.DigestSize(nameAlg));
encSecret = EncryptOaep(seed, ActivateEncodingParms);
break;
case TpmAlgId.Ecc:
EccPoint ephemPubPt;
seed = EcdhGetKeyExchangeKey(ActivateEncodingParms, out ephemPubPt);
if (seed == null)
{
encryptedSecret = null;
return(null);
}
encSecret = Marshaller.GetTpmRepresentation(ephemPubPt);
break;
default:
Globs.Throw <NotImplementedException>(
"CreateActivationCredentials: Unsupported algorithm");
encryptedSecret = new byte[0];
return(null);
}
Transform(seed);
Transform(encSecret);
var cvx = new Tpm2bDigest(secret);
byte[] cvTpm2B = Marshaller.GetTpmRepresentation(cvx);
Transform(cvTpm2B);
SymDefObject symDef = TssObject.GetSymDef(this);
byte[] symKey = KDF.KDFa(nameAlg, seed, "STORAGE",
nameOfKeyToBeActivated, new byte[0], symDef.KeyBits);
Transform(symKey);
byte[] encIdentity;
// TPM only uses CFB mode in its command implementations
var sd = symDef.Copy();
sd.Mode = TpmAlgId.Cfb;
using (var sym = SymCipher.Create(sd, symKey))
{
// Not all keys specs are supported by SW crypto
if (sym == null)
{
encryptedSecret = null;
return(null);
}
encIdentity = sym.Encrypt(cvTpm2B);
}
Transform(encIdentity);
var hmacKeyBits = CryptoLib.DigestSize(nameAlg);
byte[] hmacKey = KDF.KDFa(nameAlg, seed, "INTEGRITY",
new byte[0], new byte[0], hmacKeyBits * 8);
Transform(hmacKey);
byte[] outerHmac = CryptoLib.Hmac(nameAlg, hmacKey,
Globs.Concatenate(encIdentity, nameOfKeyToBeActivated));
Transform(outerHmac);
encryptedSecret = encSecret;
return(new IdObject(outerHmac, encIdentity));
}
/// <summary>
/// Dispatch a command to the underlying TPM. This method implements all significant functionality.
/// DispatchCommand examines the command stream and performs (approximately) the following functions
/// 1) If the command references a handle (session or transient object) then TBS makes sure that the entity
/// is loaded. If it is, then the handle is "translated" to the underlying TPM handle. If it is not, then
/// TBS checks to see if it has a saved context for the entity, and if so loads it.
/// 2) If the command will fill a slot, then TBS ensures that a slot is available. It does this by ContextSaving
/// the LRU entity of the proper type (that is not used in this command).
/// </summary>
/// <param name="caller"></param>
/// <param name="active"></param>
/// <param name="inBuf"></param>
/// <param name="outBuf"></param>
/// <exception cref="Exception"></exception>
internal void DispatchCommand(TbsContext caller, CommandModifier active, byte[] inBuf, out byte[] outBuf)
{
lock (this)
{
CommandNumber++;
// ReSharper disable once CompareOfFloatsByEqualityOperator
if (StateSaveProbability != 0.0)
{
// S3 debug support
DebugStateSave();
LastStateSaveCommandNumber = CommandNumber;
}
CommandHeader commandHeader;
TpmHandle[] inHandles;
SessionIn[] inSessions;
byte[] commandParmsNoHandles;
bool legalCommand = CommandProcessor.CrackCommand(inBuf, out commandHeader, out inHandles, out inSessions, out commandParmsNoHandles);
if (!legalCommand)
{
// Is a diagnostics command. Pass through to TPM (a real RM would refuse).
TpmDevice.DispatchCommand(active, inBuf, out outBuf);
return;
}
TpmCc commandCode = commandHeader.CommandCode;
// Lookup command
CommandInfo command = Tpm2.CommandInfoFromCommandCode(commandCode);
if (command == null)
{
throw new Exception("Unrecognized command");
}
if (commandCode == TpmCc.ContextLoad || commandCode == TpmCc.ContextSave)
{
//throw new Exception("ContextLoad and ContextSave not supported in this build");
#if !NETFX_CORE
Console.Error.WriteLine("ContextLoad and ContextSave not supported in this build");
#endif
outBuf = Marshaller.GetTpmRepresentation(new Object[] {
TpmSt.NoSessions,
(uint)10,
TpmRc.NotUsed
});
}
// Look up referenced objects and sessions
ObjectContext[] neededObjects = GetReferencedObjects(caller, inHandles);
ObjectContext[] neededSessions = GetSessions(caller, inSessions);
ObjectContext[] neededEntities =
neededObjects != null
? neededSessions != null
? neededObjects.Concat(neededSessions).ToArray()
: neededObjects
: neededSessions;
if (neededObjects == null || neededSessions == null)
{
// This means that one or more of the handles was not registered for the context
byte[] ret = FormatError(TpmRc.Handle);
outBuf = ret;
return;
}
// Load referenced objects and sessions (free slots if needed)
// It's important to load all object and session handles in a single call
// to LoadEntities(), as for some commands (e.g. GetSessionAuditDigest)
// the objects array may contain session handles. In this case the session
// handles loaded by the invocation of LoadEntities for neededObjects
// may be evicted again during the subsequent call for neededSessions.
bool loadOk = LoadEntities(neededEntities);
if (!loadOk)
{
throw new Exception("Failed to make space for objects or sessions at to execute command");
}
// At this point everything referenced should be loaded, and there will be a free slot if needed
// so we can translate the input handles to the underlying handles
ReplaceHandlesIn(inHandles, inSessions, neededObjects, neededSessions);
// create the translated command from the various components we have been manipulating
byte[] commandBuf = CommandProcessor.CreateCommand(commandHeader.CommandCode, inHandles, inSessions, commandParmsNoHandles);
Debug.Assert(commandBuf.Length == inBuf.Length);
byte[] responseBuf;
// Todo: Virtualize GetCapability for handle enumeration.
//
// Execute command on underlying TPM device.
// If we get an ObjectMemory or SessionMemory error we try to make more space and try again
// Note: If the TPM device throws an error above we let it propagate out. There should be no side
// effects on TPM state that the TBS cares about.
//
do
{
TpmDevice.DispatchCommand(active, commandBuf, out responseBuf);
TpmRc res = GetResultCode(responseBuf);
if (res == TpmRc.Success)
{
break;
}
var slotType = SlotType.NoSlot;
if (res == TpmRc.ObjectHandles || res == TpmRc.ObjectMemory)
{
slotType = SlotType.ObjectSlot;
}
else if (res == TpmRc.SessionHandles || res == TpmRc.SessionMemory)
{
slotType = SlotType.SessionSlot;
}
else
{
// Command failure not related to resources
break;
}
bool slotMade = MakeSpace(slotType, neededEntities);
if (!slotMade)
{
throw new Exception("Failed to make an object slot in the TPM");
}
} while (true);
// Parse the response from the TPM
// TODO: Make this use the new methods in Tpm2
// ReSharper disable once UnusedVariable
var mOut = new Marshaller(responseBuf);
TpmSt responseTag;
uint responseParamSize;
TpmRc resultCode;
TpmHandle[] responseHandles;
SessionOut[] responseSessions;
byte[] responseParmsNoHandles, responseParmsWithHandles;
CommandProcessor.SplitResponse(responseBuf,
command.HandleCountOut,
out responseTag,
out responseParamSize,
out resultCode,
out responseHandles,
out responseSessions,
out responseParmsNoHandles,
out responseParmsWithHandles);
// If we have an error there is no impact on the loaded sessions, but we update
// the LRU values because the user will likely try again.
if (resultCode != TpmRc.Success)
{
outBuf = responseBuf;
UpdateLastUseCount(new[] { neededObjects, neededSessions });
return;
}
// Update TBS database with any newly created TPM objects
ProcessUpdatedTpmState(caller, command, responseHandles, neededObjects);
// And if there were any newly created objects use the new DB entries to translate the handles
ReplaceHandlesOut(responseHandles);
byte[] translatedResponse = CommandProcessor.CreateResponse(resultCode, responseHandles, responseSessions, responseParmsNoHandles);
outBuf = translatedResponse;
Debug.Assert(outBuf.Length == responseBuf.Length);
} // lock(this)
}
internal override TpmHash GetPolicyDigest(TpmAlgId hashAlg)
{
return(GetNextAcePolicyDigest(hashAlg).Extend(Marshaller.GetTpmRepresentation(TpmCc.PolicyPhysicalPresence)));
}
/// <summary>
/// Dispatch a command to the underlying TPM. This method implements all
/// significant functionality. It examines the command stream and performs
/// (approximately) the following actions:
/// 1) If the command references a handle (session or transient object), then
/// TBS makes sure that the entity is loaded. If it is, then the handle is
/// "translated" to the underlying TPM handle. If it is not, then TBS checks
/// to see if it has a saved context for the entity, and if so, loads it.
/// 2) If the command will fill a slot, then TBS ensures that a slot is available.
/// It does this by ContextSaving the LRU entity of the proper type (that is
/// not used in this command).
/// </summary>
/// <param name="caller"></param>
/// <param name="active"></param>
/// <param name="inBuf"></param>
/// <param name="outBuf"></param>
/// <exception cref="Exception"></exception>
internal void DispatchCommand(TbsContext caller, CommandModifier active, byte[] inBuf, out byte[] outBuf)
{
lock (this)
{
CommandNumber++;
// ReSharper disable once CompareOfFloatsByEqualityOperator
if (StateSaveProbability != 0.0)
{
// S3 debug support
DebugStateSave();
LastStateSaveCommandNumber = CommandNumber;
}
CommandHeader commandHeader;
TpmHandle[] inHandles;
SessionIn[] inSessions;
byte[] commandParmsNoHandles;
bool legalCommand = CommandProcessor.CrackCommand(inBuf,
out commandHeader, out inHandles, out inSessions, out commandParmsNoHandles);
if (!legalCommand)
{
// Is a diagnostics command. Pass through to TPM (a real RM would refuse).
TpmDevice.DispatchCommand(active, inBuf, out outBuf);
return;
}
TpmCc cc = commandHeader.CommandCode;
// Lookup command
CommandInfo command = Tpm2.CommandInfoFromCommandCode(cc);
if (command == null)
{
throw new Exception("Unrecognized command");
}
if (cc == TpmCc.ContextLoad || cc == TpmCc.ContextSave)
{
#if WINDOWS_UWP
Debug.WriteLine("ContextLoad and ContextSave are not supported in this build");
#else
Console.Error.WriteLine("ContextLoad and ContextSave are not supported in this build");
#endif
outBuf = Marshaller.GetTpmRepresentation(new Object[] {
TpmSt.NoSessions,
(uint)10,
TpmRc.NotUsed
});
}
// Look up referenced objects and sessions
ObjectContext[] neededObjects = GetReferencedObjects(caller, inHandles);
ObjectContext[] neededSessions = GetSessions(caller, inSessions);
ObjectContext[] neededEntities =
neededObjects != null
? neededSessions != null
? neededObjects.Concat(neededSessions).ToArray()
: neededObjects
: neededSessions;
#if false
// LibTester may intentionally use invalid handles, therefore it always
// work in the passthru mode (all correctness checks by TSS infra suppressed)
if (!Tpm2._TssBehavior.Passthrough &&
(neededObjects == null || neededSessions == null))
#endif
if (neededObjects == null || neededSessions == null)
{
// One or more of the handles was not registered for the context
byte[] ret = FormatError(TpmRc.Handle);
outBuf = ret;
return;
}
// Load referenced objects and sessions (free slots if needed)
// It's important to load all object and session handles in a single call
// to LoadEntities(), as for some commands (e.g. GetSessionAuditDigest)
// the objects array may contain session handles. In this case the session
// handles loaded by the invocation of LoadEntities for neededObjects
// may be evicted again during the subsequent call for neededSessions.
var expectedResponses = Tpm._ExpectedResponses();
if (!LoadEntities(neededEntities))
{
throw new Exception("Failed to make space for objects or sessions");
}
else
{
// At this point everything referenced should be loaded, and
// there will be a free slot if needed so we can translate
// the input handles to the underlying handles
ReplaceHandlesIn(inHandles, inSessions, neededObjects, neededSessions);
}
// Re-create the command using translated object and session handles
byte[] commandBuf = CommandProcessor.CreateCommand(commandHeader.CommandCode,
inHandles, inSessions, commandParmsNoHandles);
if (!Tpm2._TssBehavior.Passthrough)
{
Debug.Assert(commandBuf.Length == inBuf.Length);
}
byte[] responseBuf;
// TODO: Virtualize TPM2_GetCapability() for handle enumeration.
//
// Execute command on underlying TPM device.
// If we get an ObjectMemory or SessionMemory error we try to make more space and try again
// Note: If the TPM device throws an error above we let it propagate out. There should be no side
// effects on TPM state that the TBS cares about.
//
ulong firstCtxSeqNum = 0;
while (true)
{
Tpm._ExpectResponses(expectedResponses);
TpmDevice.DispatchCommand(active, commandBuf, out responseBuf);
TpmRc res = GetResultCode(responseBuf);
if (res == TpmRc.Success ||
expectedResponses != null && expectedResponses.Contains(res))
{
break;
}
if (res == TpmRc.ContextGap)
{
ulong seqNum = ShortenSessionContextGap(firstCtxSeqNum);
if (seqNum == 0)
{
break; // Failed to handle CONTEXT_GAP error
}
if (firstCtxSeqNum == 0)
{
firstCtxSeqNum = seqNum;
}
//if (firstCtxSeqNum != 0)
// Console.WriteLine("DispatchCommand: CONTEXT_GAP handled");
continue;
}
var slotType = SlotType.NoSlot;
if (res == TpmRc.ObjectHandles || res == TpmRc.ObjectMemory)
{
slotType = SlotType.ObjectSlot;
}
else if (res == TpmRc.SessionHandles || res == TpmRc.SessionMemory)
{
slotType = SlotType.SessionSlot;
}
else
{
// Command failure not related to resources
break;
}
if (!MakeSpace(slotType, neededEntities))
{
// Failed to make an object slot in the TPM
responseBuf = TpmErrorHelpers.BuildErrorResponseBuffer(TpmRc.Memory);
break;
}
}
// Parse the response from the TPM
TpmSt responseTag;
uint responseParamSize;
TpmRc resultCode;
TpmHandle[] responseHandles;
SessionOut[] responseSessions;
byte[] responseParmsNoHandles, responseParmsWithHandles;
CommandProcessor.SplitResponse(responseBuf,
command.HandleCountOut,
out responseTag,
out responseParamSize,
out resultCode,
out responseHandles,
out responseSessions,
out responseParmsNoHandles,
out responseParmsWithHandles);
// In case of an error there is no impact on the loaded sessions, but
// we update the LRU values because the user will likely try again.
if (resultCode != TpmRc.Success)
{
outBuf = responseBuf;
UpdateLastUseCount(new[] { neededObjects, neededSessions });
return;
}
// Update TBS database with any newly created TPM objects
ProcessUpdatedTpmState(caller, command, responseHandles, neededObjects);
// And if there were any newly created objects use the new DB entries
// to translate the handles
ReplaceHandlesOut(responseHandles);
outBuf = CommandProcessor.CreateResponse(resultCode, responseHandles,
responseSessions, responseParmsNoHandles);
Debug.Assert(outBuf.Length == responseBuf.Length);
} // lock(this)
}
/// <summary>
/// Create a new random software key (public and private) matching the parameters in keyParams.
/// </summary>
/// <param name="keyParams"></param>
/// <returns></returns>
public AsymCryptoSystem(TpmPublic keyParams)
{
TpmAlgId keyAlgId = keyParams.type;
PublicParms = keyParams.Copy();
switch (keyAlgId)
{
case TpmAlgId.Rsa:
{
var rsaParams = keyParams.parameters as RsaParms;
#if TSS_USE_BCRYPT
Key = Generate(Native.BCRYPT_RSA_ALGORITHM, rsaParams.keyBits);
if (Key == UIntPtr.Zero)
{
Globs.Throw("Failed to generate RSA key");
return;
}
byte[] blob = Export(Native.BCRYPT_RSAPUBLIC_BLOB);
var m = new Marshaller(blob, DataRepresentation.LittleEndian);
var header = m.Get <BCryptRsaKeyBlob>();
/*var exponent = */ m.GetArray <byte>((int)header.cbPublicExp);
var modulus = m.GetArray <byte>((int)header.cbModulus);
#else
RsaProvider = new RSACryptoServiceProvider(rsaParams.keyBits);
var modulus = RsaProvider.ExportParameters(true).Modulus;
#endif
var pubId = new Tpm2bPublicKeyRsa(modulus);
PublicParms.unique = pubId;
break;
}
case TpmAlgId.Ecc:
{
var eccParms = keyParams.parameters as EccParms;
var alg = RawEccKey.GetEccAlg(keyParams);
if (alg == null)
{
Globs.Throw <ArgumentException>("Unknown ECC curve");
return;
}
#if TSS_USE_BCRYPT
Key = Generate(alg, (uint)RawEccKey.GetKeyLength(eccParms.curveID));
#elif !__MonoCS__
var keyParmsX = new CngKeyCreationParameters {
ExportPolicy = CngExportPolicies.AllowPlaintextExport
};
using (CngKey key = CngKey.Create(alg, null, keyParmsX))
{
byte[] keyIs = key.Export(CngKeyBlobFormat.EccPublicBlob);
CngKey.Import(keyIs, CngKeyBlobFormat.EccPublicBlob);
if (keyParams.objectAttributes.HasFlag(ObjectAttr.Sign))
{
EcdsaProvider = new ECDsaCng(key);
}
else
{
EcDhProvider = new ECDiffieHellmanCng(key);
}
}
#endif // !TSS_USE_BCRYPT && !__MonoCS__
break;
}
default:
Globs.Throw <ArgumentException>("Algorithm not supported");
break;
}
}
} // VerifySignature()
/// <summary>
/// Generates the key exchange key and the public part of the ephemeral key
/// using specified encoding parameters in the KDF (ECC only).
/// </summary>
/// <param name="encodingParms"></param>
/// <param name="decryptKeyNameAlg"></param>
/// <param name="ephemPub"></param>
/// <returns>key exchange key blob</returns>
public byte[] EcdhGetKeyExchangeKey(byte[] encodingParms, TpmAlgId decryptKeyNameAlg, out EccPoint ephemPub)
{
var eccParms = (EccParms)PublicParms.parameters;
int keyBits = RawEccKey.GetKeyLength(eccParms.curveID);
byte[] keyExchangeKey = null;
ephemPub = new EccPoint();
// Make a new ephemeral key
var prov = AsymmetricKeyAlgorithmProvider.OpenAlgorithm(RawEccKey.GetEccAlg(PublicParms));
var ephKey = prov.CreateKeyPair((uint)keyBits);
IBuffer ephPubBuf = ephKey.ExportPublicKey(CryptographicPublicKeyBlobType.BCryptEccFullPublicKey);
byte[] ephPub;
CryptographicBuffer.CopyToByteArray(ephPubBuf, out ephPub);
IBuffer otherPubBuf = Key.ExportPublicKey(CryptographicPublicKeyBlobType.BCryptEccFullPublicKey);
byte[] otherPub;
CryptographicBuffer.CopyToByteArray(otherPubBuf, out otherPub);
byte[] herPubX, herPubY;
RawEccKey.KeyInfoFromPublicBlob(otherPub, out herPubX, out herPubY);
byte[] myPubX, myPubY;
RawEccKey.KeyInfoFromPublicBlob(ephPub, out myPubX, out myPubY);
byte[] otherInfo = Globs.Concatenate(new[] { encodingParms, myPubX, herPubX });
// The TPM uses the following number of bytes from the KDF
int bytesNeeded = CryptoLib.DigestSize(decryptKeyNameAlg);
keyExchangeKey = new byte[bytesNeeded];
for (int pos = 0, count = 1, bytesToCopy = 0;
pos < bytesNeeded;
++count, pos += bytesToCopy)
{
byte[] secretPrepend = Marshaller.GetTpmRepresentation((UInt32)count);
string algName;
KeyDerivationParameters deriveParams;
switch (decryptKeyNameAlg)
{
case TpmAlgId.Kdf1Sp800108:
algName = KeyDerivationAlgorithmNames.Sp800108CtrHmacSha256;
deriveParams = KeyDerivationParameters.BuildForSP800108(CryptographicBuffer.CreateFromByteArray(secretPrepend), CryptographicBuffer.CreateFromByteArray(otherInfo));
break;
case TpmAlgId.Kdf1Sp80056a:
algName = KeyDerivationAlgorithmNames.Sp80056aConcatSha256;
deriveParams = KeyDerivationParameters.BuildForSP80056a(CryptographicBuffer.ConvertStringToBinary(algName, BinaryStringEncoding.Utf8),
CryptographicBuffer.ConvertStringToBinary("TPM", BinaryStringEncoding.Utf8),
CryptographicBuffer.CreateFromByteArray(secretPrepend),
CryptographicBuffer.ConvertStringToBinary("", BinaryStringEncoding.Utf8),
CryptographicBuffer.CreateFromByteArray(otherInfo));
break;
case TpmAlgId.Kdf2:
algName = KeyDerivationAlgorithmNames.Pbkdf2Sha256;
deriveParams = KeyDerivationParameters.BuildForPbkdf2(CryptographicBuffer.CreateFromByteArray(secretPrepend), 1000);
break;
default:
Globs.Throw <ArgumentException>("wrong KDF name");
return(null);
}
KeyDerivationAlgorithmProvider deriveProv = KeyDerivationAlgorithmProvider.OpenAlgorithm(algName);
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(Key, deriveParams, (uint)keyBits);
byte[] fragment;
CryptographicBuffer.CopyToByteArray(keyMaterial, out fragment);
bytesToCopy = Math.Min(bytesNeeded - pos, fragment.Length);
Array.Copy(fragment, 0, keyExchangeKey, pos, bytesToCopy);
}
ephemPub = new EccPoint(myPubX, myPubY);
return(keyExchangeKey);
}
/// <summary>
/// Replace the hash value with the hash of the concatenation of the current value and the TPM representation
/// of objectToExtend
/// </summary>
/// <param name="objectToExtend"></param>
/// <returns></returns>
public TpmHash Extend(Object objectToExtend)
{
byte[] temp = Marshaller.GetTpmRepresentation(objectToExtend);
HashData = CryptoLib.HashData(HashAlg, HashData, temp);
return(this);
}
public byte[] GetTpm2BRepresentation()
{
return(Marshaller.ToTpm2B(GetTpmRepresentation()));
}
internal virtual void ToHost(Marshaller m)
{
var members = GetFieldsToMarshal(true);
dbg.Indent();
for (int i = 0; i < members.Length; ++i)
{
TpmStructMemberInfo memInfo = members[i];
Type memType = Globs.GetMemberType(memInfo);
var wt = members[i].WireType;
switch (wt)
{
case MarshalType.Union:
{
dbg.Trace("Union " + memType.Name + " with selector " + memInfo.Tag.Value);
memInfo.Value = m.Get(UnionElementFromSelector(memType, memInfo.Tag.Value), memType.Name);
break;
}
case MarshalType.FixedLengthArray:
{
object arr = Globs.GetMember(memInfo, this);
memInfo.Value = m.GetArray(memType.GetElementType(), (arr as Array).Length, memInfo.Name);
break;
}
case MarshalType.VariableLengthArray:
{
int size = m.GetSizeTag(memInfo.SizeLength, memInfo.SizeName);
memInfo.Value = m.GetArray(memType.GetElementType(), size, memInfo.Name);
Debug.Assert(size == ((Array)memInfo.Value).Length);
dbg.Trace("Received Array " + memInfo.Name + " of size " + size);
break;
}
case MarshalType.SizedStruct:
{
int size = m.GetSizeTag(memInfo.SizeLength, memInfo.SizeName);
if (size != 0)
{
memInfo.Value = m.Get(memType, memInfo.Name);
Debug.Assert(size == Marshaller.GetTpmRepresentation(memInfo.Value).Length);
}
dbg.Trace("Received Struct " + memInfo.Name + " of size " + size);
break;
}
default:
// Only attempt unmarshaling a field, if it is not sized or
// if its size is non-zero.
if (memInfo.Tag == null ||
memInfo.Tag.GetValueAsUInt() != 0)
{
memInfo.Value = m.Get(memType, memInfo.Name);
}
break;
}
dbg.Trace((i + 1) + ": " + memInfo.Name + " = " + memInfo.Value);
// Some property values are dynamically obtained from their linked fields.
// Correspondingly, they do not have a setter, so we bypass them here.
Debug.Assert(wt != MarshalType.LengthOfStruct && wt != MarshalType.ArrayCount);
if (wt != MarshalType.UnionSelector)
{
Globs.SetMember(memInfo, this, memInfo.Value);
}
}
dbg.Unindent();
}
/// <summary>
/// Implements unmarshaling logic for most of the TPM object types.
/// Can be overridden if a custom unmarshaling logic is required (e.g.
/// when unmarshaling of a field depends on other field's value).
/// </summary>
/// <param name="m"></param>
/// <returns></returns>
internal virtual void ToHost(Marshaller m)
{
dbg.Indent();
var members = GetFieldsToMarshal(true);
uint mshlStartPos = m.GetGetPos();
for (int i = 0; i < members.Length; ++i)
{
TpmStructMemberInfo memInfo = members[i];
Type memType = Globs.GetMemberType(memInfo);
var wt = members[i].WireType;
int size = -1;
switch (wt)
{
case MarshalType.Union:
{
dbg.Trace("Union " + memType.Name +
" with selector " + memInfo.Tag.Value);
var elt = UnionElementFromSelector(memType, memInfo.Tag.Value);
memInfo.Value = m.Get(elt, memType.Name);
break;
}
case MarshalType.FixedLengthArray:
{
object arr = Globs.GetMember(memInfo, this);
memInfo.Value = m.GetArray(memType.GetElementType(),
(arr as Array).Length, memInfo.Name);
break;
}
case MarshalType.VariableLengthArray:
{
size = m.GetSizeTag(memInfo.SizeLength, memInfo.SizeName);
UnmarshalArray(m, memInfo, memType, size);
break;
}
case MarshalType.EncryptedVariableLengthArray:
{
uint unmarshaled = m.GetGetPos() - mshlStartPos;
size = m.SizedStructLen[m.SizedStructLen.Count - 1] - (int)unmarshaled;
UnmarshalArray(m, memInfo, memType, size);
break;
}
case MarshalType.SizedStruct:
{
size = m.GetSizeTag(memInfo.SizeLength, memInfo.SizeName);
if (size == 0)
{
break;
}
m.SizedStructLen.Add(size);
memInfo.Value = m.Get(memType, memInfo.Name);
int unmSize = Marshaller.GetTpmRepresentation(memInfo.Value).Length;
if (unmSize != size)
{
if (unmSize < size && memType.Name == "TpmPublic")
{
var pub = memInfo.Value as TpmPublic;
var label = Marshaller.GetTpmRepresentation(pub.unique);
var context = m.GetArray(typeof(byte), size - unmSize, "")
as byte[];
pub.unique = new TpmDerive(label, context);
}
else
{
var msg = string.Format("Invalid size {0} (instead of "
+ "{1}) for unmarshaled {2}.{3}",
unmSize, size, this.GetType(), memInfo.Name);
throw new TssException(msg);
}
}
m.SizedStructLen.RemoveAt(m.SizedStructLen.Count - 1);
break;
}
default:
// Only attempt unmarshaling a field, if it is not sized or
// if its size is non-zero.
if (memInfo.Tag == null ||
memInfo.Tag.GetValueAsUInt() != 0)
{
memInfo.Value = m.Get(memType, memInfo.Name);
}
break;
}
dbg.Trace((i + 1) + ": " + wt + " " + memInfo.Name +
(size != -1 ? " of size " + size : ""));
// Some property values are dynamically obtained from their linked fields.
// Correspondingly, they do not have a setter, so we bypass them here.
Debug.Assert(wt != MarshalType.LengthOfStruct && wt != MarshalType.ArrayCount);
if (wt != MarshalType.UnionSelector)
{
Globs.SetMember(memInfo, this, memInfo.Value);
}
}
dbg.Unindent();
}
/// <summary>
/// Creates a duplication blob for the current key that can be Imported as a child
/// of newParent. Three forms are possible. GetPlaintextDuplicationBlob() allows
/// plaintext-import. This function enables duplication with and without an
/// inner wrapper (depending on whether innerWrapper is null)
/// </summary>
/// <param name="newParent"></param>
/// <param name="innerWrapper"></param>
/// <param name="encryptedWrappingKey"></param>
/// <returns></returns>
public TpmPrivate GetDuplicationBlob(
TpmPublic newParent,
SymmCipher innerWrapper,
out byte[] encryptedWrappingKey)
{
byte[] encSensitive;
if (innerWrapper == null)
{
// No inner wrapper
encSensitive = Marshaller.ToTpm2B(sensitivePart.GetTpmRepresentation());
Transform(encSensitive);
}
else
{
byte[] sens = Marshaller.ToTpm2B(sensitivePart.GetTpmRepresentation());
byte[] toHash = Globs.Concatenate(sens, GetName());
Transform(toHash);
byte[] innerIntegrity = Marshaller.ToTpm2B(CryptoLib.HashData(publicPart.nameAlg, toHash));
byte[] innerData = Globs.Concatenate(innerIntegrity, sens);
Transform(innerData);
encSensitive = innerWrapper.CFBEncrypt(innerData);
Transform(encSensitive);
}
byte[] seed, encSecret;
SymDefObject symDef = GetSymDef(newParent);
using (AsymCryptoSystem newParentPubKey = AsymCryptoSystem.CreateFrom(newParent))
{
switch (newParent.type)
{
case TpmAlgId.Rsa:
// The seed should be the same size as the symmKey
seed = Globs.GetRandomBytes((symDef.KeyBits + 7) / 8);
encSecret = newParentPubKey.EncryptOaep(seed, DuplicateEncodingParms);
break;
case TpmAlgId.Ecc:
EccPoint pubEphem;
seed = newParentPubKey.EcdhGetKeyExchangeKey(DuplicateEncodingParms,
newParent.nameAlg,
out pubEphem);
encSecret = Marshaller.GetTpmRepresentation(pubEphem);
break;
default:
throw new NotImplementedException("activate crypto scheme not implemented");
}
}
Transform(seed);
Transform(encSecret);
encryptedWrappingKey = encSecret;
byte[] symKey = KDF.KDFa(newParent.nameAlg, seed, "STORAGE", publicPart.GetName(), new byte[0], symDef.KeyBits);
Transform(symKey);
byte[] dupSensitive;
using (SymmCipher enc2 = SymmCipher.Create(symDef, symKey))
{
dupSensitive = enc2.CFBEncrypt(encSensitive);
}
Transform(dupSensitive);
int npNameNumBits = CryptoLib.DigestSize(newParent.nameAlg) * 8;
byte[] hmacKey = KDF.KDFa(newParent.nameAlg, seed, "INTEGRITY", new byte[0], new byte[0], (uint)npNameNumBits);
byte[] outerDataToHmac = Globs.Concatenate(dupSensitive, publicPart.GetName());
Transform(outerDataToHmac);
byte[] outerHmac = Marshaller.ToTpm2B(CryptoLib.HmacData(newParent.nameAlg, hmacKey, outerDataToHmac));
Transform(outerHmac);
byte[] dupBlob = Globs.Concatenate(outerHmac, dupSensitive);
Transform(dupBlob);
return(new TpmPrivate(dupBlob));
}
/// <summary>
/// Create activation blobs that can be passed to ActivateCredential. Two blobs are returned -
/// (a) - encryptedSecret - is the symmetric key cfb-symmetrically encrypted with an enveloping key
/// (b) credentialBlob (the return value of this function) - is the enveloping key OEAP (RSA) encrypted
/// by the public part of this key.
/// </summary>
/// <param name="secret"></param>
/// <param name="nameAlgId"></param>
/// <param name="nameOfKeyToBeActivated"></param>
/// <param name="encryptedSecret"></param>
/// <returns>CredentialBlob (</returns>
public byte[] CreateActivationCredentials(
byte[] secret,
TpmAlgId nameAlgId,
byte[] nameOfKeyToBeActivated,
out byte[] encryptedSecret)
{
byte[] seed, encSecret;
switch (type)
{
case TpmAlgId.Rsa:
// The seed should be the same size as the symmKey
seed = Globs.GetRandomBytes((CryptoLib.DigestSize(nameAlg) + 7) / 8);
encSecret = EncryptOaep(seed, ActivateEncodingParms);
break;
case TpmAlgId.Ecc:
EccPoint pubEphem;
seed = EcdhGetKeyExchangeKey(ActivateEncodingParms, nameAlg, out pubEphem);
encSecret = Marshaller.GetTpmRepresentation(pubEphem);
break;
default:
throw new NotImplementedException("activate crypto scheme not implemented");
}
Transform(seed);
Transform(encSecret);
var cvx = new Tpm2bDigest(secret);
byte[] cvTpm2B = Marshaller.GetTpmRepresentation(cvx);
Transform(cvTpm2B);
SymDefObject symDef = TssObject.GetSymDef(this);
byte[] symKey = KDF.KDFa(nameAlg, seed, "STORAGE", nameOfKeyToBeActivated, new byte[0], symDef.KeyBits);
Transform(symKey);
byte[] encIdentity;
using (SymmCipher symm2 = SymmCipher.Create(symDef, symKey))
{
encIdentity = symm2.CFBEncrypt(cvTpm2B);
}
Transform(encIdentity);
var hmacKeyBits = (uint)CryptoLib.DigestSize(nameAlg);
byte[] hmacKey = KDF.KDFa(nameAlg, seed, "INTEGRITY", new byte[0], new byte[0], hmacKeyBits * 8);
Transform(hmacKey);
byte[] outerHmac = CryptoLib.HmacData(nameAlg,
hmacKey,
Globs.Concatenate(encIdentity, nameOfKeyToBeActivated));
Transform(outerHmac);
byte[] activationBlob = Globs.Concatenate(
Marshaller.ToTpm2B(outerHmac),
encIdentity);
Transform(activationBlob);
encryptedSecret = encSecret;
return(activationBlob);
}
