public AuthorizationInfo[] GenerateResponseAuthData(IAuthorizableCommand cmd)
{
List <AuthorizationInfo> authorizationInfos = new List <AuthorizationInfo>();
List <ResponseAuthHandleInfo> responseAuthHandleInfos = new List <ResponseAuthHandleInfo>(cmd.ResponseAuthHandleInfos);
responseAuthHandleInfos.Reverse();
List <AuthorizationInfo> localAuthorizationInfos = new List <AuthorizationInfo>(cmd.AuthorizationInfos);
localAuthorizationInfos.Reverse();
Stack <ResponseAuthHandleInfo> responseAuthHandles = new Stack <ResponseAuthHandleInfo>(responseAuthHandleInfos);
Stack <AuthorizationInfo> authorizationInfoQueue = new Stack <AuthorizationInfo>(localAuthorizationInfos);
foreach (AuthSessionNum authSessionNum in new AuthSessionNum[] { AuthSessionNum.Auth1, AuthSessionNum.Auth2 })
{
HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum);
if (keyInfo == null)
{
continue;
}
ResponseAuthHandleInfo currentResponseAuthHandleInfo = responseAuthHandles.Pop();
AuthorizationInfo currentAuthorizationInfo = authorizationInfoQueue.Pop();
if (currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OIAP)
{
GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest
(_ctx,
new HashByteDataProvider(cmd.ResponseDigest),
new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven),
new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd),
new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession)
);
request.TpmSessionIdentifier = _tpmSessionIdentifier;
request.KeyInfo = keyInfo;
GenerateHMACResponse response = request.TypedExecute();
response.AssertResponse();
authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, response.TpmAuthData));
}
else if (currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OSAP)
{
byte[] tpmAuth = new HMACProvider(currentAuthorizationInfo.Handle.SharedSecret).Hash(
new HashByteDataProvider(cmd.ResponseDigest),
new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven),
new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd),
new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession));
authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, tpmAuth));
}
}
return(authorizationInfos.ToArray());
}
/// <summary>
/// Assures that the shared secret for the specified authorization handle has been
/// calculated, if not it gets calculated. If no OSAP session exists, create it
/// </summary>
/// <param name="cmd"></param>
/// <param name="sessionNum"></param>
/// <returns></returns>
public AuthHandle AssureOSAPSharedSecret(IAuthorizableCommand cmd, AuthSessionNum authSessionNum)
{
// using(AcquireLock())
// {
// //Must not be called for OSAP at the moment because OSAP session are not cached
// _tpmContext.AuthHandleManager.ReserveAuthHandleSlots(cmd);
// }
//
HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum);
if (keyInfo == null)
{
return(null);
}
AuthHandle authHandle;
using (AcquireLock())
{
authHandle = _tpmContext.AuthHandleManager.GetAuthHandle(cmd, authSessionNum);
}
// If shared secret has not yet been generated, do it
if (authHandle.SharedSecret == null)
{
GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest(
_ctx,
new HashByteDataProvider(authHandle.NonceEvenOSAP),
new HashByteDataProvider(authHandle.NonceOddOSAP)
);
request.TpmSessionIdentifier = _tpmSessionIdentifier;
Parameters paramsSharedSecret = new Parameters();
if (cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_SRK)
{
if (cmd.GetHandle(authSessionNum) == KeyHandle.KEY_SRK)
{
request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, new Parameters());
}
else
{
paramsSharedSecret.AddPrimitiveType("identifier", cmd.GetHandle(authSessionNum));
request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, paramsSharedSecret);
}
}
else if (cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_OWNER)
{
request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.OwnerSecret, new Parameters());
}
else
{
throw new NotSupportedException(string.Format("CommandAuthorizationHelper does not support entity type '{0}'",
cmd.GetEntityType(authSessionNum)));
}
GenerateHMACResponse response = request.TypedExecute();
response.AssertResponse();
authHandle.SharedSecret = response.TpmAuthData;
}
return(authHandle);
}
/// <summary>
/// Authorizes the command and returns the necessary authorization info
/// Blocks till the user has entered the credentials
/// </summary>
/// <param name="cmd">Command to authorize</param>
/// <returns></returns>
public AuthorizationInfo[] AuthorizeCommand(IAuthorizableCommand cmd)
{
List <AuthorizationInfo> authorizationInfos = new List <AuthorizationInfo>();
using (AcquireLock())
{
_tpmContext.AuthHandleManager.ReserveAuthHandleSlots(cmd);
}
foreach (AuthSessionNum authSessionNum in new AuthSessionNum[] { AuthSessionNum.Auth1, AuthSessionNum.Auth2 })
{
HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum);
if (keyInfo == null)
{
continue;
}
AuthHandle authHandle;
using (AcquireLock())
{
authHandle = _tpmContext.AuthHandleManager.GetAuthHandle(cmd, authSessionNum);
}
//Generates the new nonceOdd before the client generates the auth data
authHandle.NewNonceOdd();
if (authHandle.HandleAuthType == AuthHandle.AuthType.OIAP)
{
GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest
(_ctx,
new HashByteDataProvider(cmd.Digest),
new HashByteDataProvider(authHandle.NonceEven),
new HashByteDataProvider(authHandle.NonceOdd),
new HashPrimitiveDataProvider(true)
);
request.TpmSessionIdentifier = _tpmSessionIdentifier;
request.KeyInfo = keyInfo;
GenerateHMACResponse response = request.TypedExecute();
response.AssertResponse();
authorizationInfos.Add(new AuthorizationInfo(authHandle, true, response.TpmAuthData));
}
else if (authHandle.HandleAuthType == AuthHandle.AuthType.OSAP)
{
AssureOSAPSharedSecret(cmd, authSessionNum);
byte[] hmac = new HMACProvider(authHandle.SharedSecret).Hash(
new HashByteDataProvider(cmd.Digest),
new HashByteDataProvider(authHandle.NonceEven),
new HashByteDataProvider(authHandle.NonceOdd),
new HashPrimitiveDataProvider(false));
// GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest
// (_ctx,
// new HashByteDataProvider(cmd.Digest),
// new HashByteDataProvider(authHandle.NonceEven),
// new HashByteDataProvider(authHandle.NonceOdd),
// new HashPrimitiveDataProvider(false)
// );
//
//
// request.TpmSessionIdentifier = _tpmSessionIdentifier;
// request.KeyInfo = keyInfo;
//
//
// GenerateHMACResponse response = request.TypedExecute ();
// response.AssertResponse();
//
authorizationInfos.Add(new AuthorizationInfo(authHandle, false, hmac));
}
}
return(authorizationInfos.ToArray());
}
