コード例 #1
0
        private static AuthHandle EstablishOIAP(TPMWrapper tpm)
        {
            ILog log = LogManager.GetLogger("EstablishOIAP");

            for (int i = 0; i < 2; i++)
            {
                TPMCommandRequest  request  = new TPMCommandRequest(TPMCommandNames.TPM_CMD_OIAP, new Parameters());
                TPMCommandResponse response = tpm.Process(request);

                AuthHandle myAuthHandle = response.Parameters.GetValueOf <AuthHandle> ("auth_handle");

//				Parameters parameters = new Parameters ();
                //				parameters.AddValue ("handle", myAuthHandle);
                //				TPMCommandRequest requestFlush = new TPMCommandRequest (TPMCommandNames.TPM_CMD_FLUSH_SPECIFIC, parameters);
                //				tpm.Process (requestFlush);

                //return myAuthHandle;
            }

            Parameters listHandlesParameters = new Parameters();

            listHandlesParameters.AddPrimitiveType("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE);
            listHandlesParameters.AddPrimitiveType("handle_type", TPMResourceType.TPM_RT_AUTH);

            TPMCommandRequest  listHandlesRequest  = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetCapability, listHandlesParameters);
            TPMCommandResponse listHandlesResponse = tpm.Process(listHandlesRequest);

            HandleList loadedKeyHandles = listHandlesResponse.Parameters.GetValueOf <HandleList> ("handles");



            return(null);
        }
コード例 #2
0
        private static void ReadPCRs(TPMWrapper tpm)
        {
            uint i = 0;

            ILog log = LogManager.GetLogger("ReadPCRs");

            Parameters param = new Parameters();

            param.AddPrimitiveType("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY);
            param.AddPrimitiveType("subCap", CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR);
            TPMCommandRequest  request  = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetCapability, param);
            TPMCommandResponse response = tpm.Process(request);

            uint maxPcrs = response.Parameters.GetValueOf <uint>(CapabilityData.PARAM_PROP_PCR);

            for (i = 0; i < maxPcrs; ++i)
            {
                param = new Parameters();
                param.AddPrimitiveType("pcrnum", i);
                TPMCommandRequest  req  = new TPMCommandRequest(TPMCommandNames.TPM_CMD_PCRRead, param);
                TPMCommandResponse resp = tpm.Process(req);

                byte[] val = resp.Parameters.GetValueOf <byte[]>("value");

                log.InfoFormat("Answer for PCR {0} is: 0x{1}", resp.Parameters.GetValueOf <UInt32>("pcrnum"),
                               ByteHelper.ByteArrayToHexString(val));
            }

//			TPMCommandRequest req = new TPMCommandRequest(TPMCommandNames.TPM_CMD_PCRRead, null);
//			TPMCommand com = TPMCommandFactory.Create(req);
//			com.Init(param, tpm);
//			com.Process();
            //Console.WriteLine ("Hello World!");
        }
コード例 #3
0
        /// <summary>
        /// Seals data to the specified pcr selection,
        /// create a valid pcr selection with session.CreateEmptyPCRSelection
        /// </summary>
        /// <param name="pcrSelection"></param>
        /// <param name="data">Data to seal</param>
        /// <returns></returns>
        public byte[] Seal(TPMPCRSelection pcrSelection, byte[] data)
        {
            Parameters paramsSeal = new Parameters();

            paramsSeal.AddPrimitiveType("in_data", data);
            paramsSeal.AddPrimitiveType("key", _keyIdentifier);
            paramsSeal.AddValue("pcr_selection", pcrSelection);

            Parameters paramsSecret = new Parameters();

            paramsSecret.AddPrimitiveType("identifier", KeyIdentifier);
            ProtectedPasswordStorage authSeal = _tpmSession.RequestSecret(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SealAuth, paramsSecret));

            if (authSeal.Hashed == false)
            {
                authSeal.Hash();
            }

            authSeal.DecryptHash();
            paramsSeal.AddPrimitiveType("data_auth", authSeal.HashValue);

            try
            {
                TPMCommandResponse sealResponse = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Seal, paramsSeal);
                return(sealResponse.Parameters.GetValueOf <byte[]>("data"));
            }
            finally
            {
                if (authSeal != null)
                {
                    authSeal.ClearHash();
                }
            }
        }
コード例 #4
0
ファイル: CounterClient.cs プロジェクト: smuthubabu/doTSS
        /// <summary>
        /// Creates a new counter if possible.
        /// Creating a counter requires the owner password and also the secret_counter secret
        /// </summary>
        /// <param name="label">4 bytes to label the counter</param>
        /// <returns></returns>
        public CounterContext CreateCounter(byte[] label)
        {
            if (label.Length != 4)
            {
                throw new ArgumentException("label needs to be of size 4");
            }

            ProtectedPasswordStorage counterSecret = _tpmSession.RequestSecret(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.CounterSecret, new Parameters()));

            if (counterSecret.Hashed == false)
            {
                counterSecret.Hash();
            }

            counterSecret.DecryptHash();

            Parameters createCounterParams = new Parameters();

            createCounterParams.AddPrimitiveType("secret", counterSecret.HashValue);
            createCounterParams.AddPrimitiveType("label", label);

            return(new CounterContext(_tpmSession,
                                      _tpmSession.DoTPMCommandRequest(new TPMCommandRequest(TPMCommandNames.TPM_CMD_CreateCounter, createCounterParams))
                                      .Parameters.GetValueOf <uint>("counter_id")
                                      ));
        }
コード例 #5
0
        /// <summary>
        /// Reads the configured tpm devices from the configuration and
        /// sets up the corresponding tpm contexts
        /// </summary>
        private void SetupTPMContexts()
        {
            IConnectionsConfiguration connectionConfig = (IConnectionsConfiguration)ConfigurationManager.GetSection("connections");

            foreach (Iaik.Tc.TPM.Configuration.DotNetConfiguration.TPMDevice device in connectionConfig.TpmDevices)
            {
                try
                {
                    _logger.InfoFormat("Setting up tpm context '{0}'", device.TPMName);
                    TPMWrapper tpmDevice = new TPMWrapper();
                    tpmDevice.Init(device.TPMType, device.Parameters);
                    TPMContext tpmContext = new TPMContext(device.TPMName, tpmDevice);
                    _tpmContexts.Add(device.TPMName, tpmContext);

                    _logger.InfoFormat("Flushing device '{0}'", device.TPMName);
                    foreach (TPMResourceType resourceType in new TPMResourceType[] {
                        TPMResourceType.TPM_RT_AUTH, TPMResourceType.TPM_RT_KEY
                    })
                    {
                        Parameters listLoadedHandlesParameters = new Parameters();
                        listLoadedHandlesParameters.AddPrimitiveType("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE);
                        listLoadedHandlesParameters.AddPrimitiveType("handle_type", resourceType);
                        TPMCommandRequest listLoadedHandlesRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetCapability,
                                                                                           listLoadedHandlesParameters);
                        TPMCommandResponse response = tpmDevice.Process(listLoadedHandlesRequest);

                        if (response.Status == false)
                        {
                            throw new Exception("An unknown tpm exception while flushing occured");
                        }

                        foreach (uint handle in response.Parameters.GetValueOf <HandleList> ("handles"))
                        {
                            Parameters flushParameters = new Parameters();
                            flushParameters.AddValue("handle", HandleFactory.Create(resourceType, handle));
                            TPMCommandRequest  flushRequest  = new TPMCommandRequest(TPMCommandNames.TPM_CMD_FlushSpecific, flushParameters);
                            TPMCommandResponse flushResponse = tpmDevice.Process(flushRequest);

                            if (flushResponse.Status == false)
                            {
                                throw new Exception("Something went wrong while flushing");
                            }
                        }
                    }

                    _logger.InfoFormat("Successfully setup tpm context '{0}' with type '{1}'", device.TPMName, device.TPMType);
                }
                catch (Exception ex)
                {
                    _logger.FatalFormat("Error setting up tpm device '{0}', the device will not be available ({1})", device.TPMName, ex);
                }

                ///Set the Assembly search order for incoming Parameters so that core classes are always at first
                Parameters.AssemblySearchOrder = new Assembly[] {
                    typeof(TPMWrapper).Assembly,                     //lib core
                    typeof(ITypedParameter).Assembly
                };                                                   //lib common
            }
        }
コード例 #6
0
ファイル: TPMCapabilityClient.cs プロジェクト: deveck/doTSS
        /// <summary>
        /// The maximum number of keys the tpm can load at once
        /// </summary>
        /// <returns></returns>
        public uint GetMaxKeys()
        {
            Parameters parameters = new Parameters ();
            parameters.AddPrimitiveType ("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY);
            parameters.AddPrimitiveType ("subCap", CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_KEYS);

            return this.BuildDoVerifyRequest (TPMCommandNames.TPM_CMD_GetCapability, parameters).Parameters.GetValueOf<uint> (CapabilityData.PARAM_PROP_MAX_KEYS);
        }
コード例 #7
0
        /// <summary>
        /// The maximum number of keys the tpm can load at once
        /// </summary>
        /// <returns></returns>
        public uint GetMaxKeys()
        {
            Parameters parameters = new Parameters();

            parameters.AddPrimitiveType("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY);
            parameters.AddPrimitiveType("subCap", CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_KEYS);

            return(this.BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_GetCapability, parameters).Parameters.GetValueOf <uint> (CapabilityData.PARAM_PROP_MAX_KEYS));
        }
コード例 #8
0
        /// <summary>
        /// Retrieves Version information of the TPM
        /// </summary>
        public CapabilityData.TPMCapVersionInfo GetTPMVersion()
        {
            Parameters parameters = new Parameters();

            parameters.AddPrimitiveType("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL);
            parameters.AddPrimitiveType("subCap", new byte[0]);

            return(BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_GetCapability, parameters).Parameters.GetValueOf <CapabilityData.TPMCapVersionInfo> (CapabilityData.PARAM_TPM_VERSION_INFO));
        }
コード例 #9
0
ファイル: TPMIntegrityClient.cs プロジェクト: deveck/doTSS
        /// <summary>
        /// Extends the specified pcr by the specified digest
        /// </summary>
        /// <param name="pcrIndex">The pcr to be extended</param>
        /// <param name="digest"></param>
        /// <returns>Returns the new value of the extended pcr</returns>
        public byte[] Extend(uint pcrIndex, byte[] digest)
        {
            Parameters extendParameters = new Parameters();
            extendParameters.AddPrimitiveType("pcr", pcrIndex);
            extendParameters.AddPrimitiveType("digest", digest);

            return BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Extend, extendParameters)
                .Parameters.GetValueOf<byte[]>("pcr_value");
        }
コード例 #10
0
        /// <summary>
        /// Signs the specified data, but the data is already in the format the signature format (Attached to the key) requires it to be.
        /// </summary>
        /// <remarks>
        /// Use this for large amount of data, or use the <see>CreateSigner</see> method
        /// </remarks>
        /// <param name="data"></param>
        /// <returns></returns>
        public byte[] SignWithProperFormat(byte[] data)
        {
            Parameters signParameters = new Parameters();

            signParameters.AddPrimitiveType("key", _keyIdentifier);
            signParameters.AddPrimitiveType("areaToSign", data);

            return(BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Sign, signParameters).Parameters.GetValueOf <byte[]>("sig"));
        }
コード例 #11
0
        /// <summary>
        /// Extends the specified pcr by the specified digest
        /// </summary>
        /// <param name="pcrIndex">The pcr to be extended</param>
        /// <param name="digest"></param>
        /// <returns>Returns the new value of the extended pcr</returns>
        public byte[] Extend(uint pcrIndex, byte[] digest)
        {
            Parameters extendParameters = new Parameters();

            extendParameters.AddPrimitiveType("pcr", pcrIndex);
            extendParameters.AddPrimitiveType("digest", digest);

            return(BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Extend, extendParameters)
                   .Parameters.GetValueOf <byte[]>("pcr_value"));
        }
コード例 #12
0
        /// <summary>
        /// Returns if the specified sizeIfSelect (= pcrcount / 8) is supported.
        /// This is used to create valid PCRSelection objects for this tpm
        /// </summary>
        /// <param name="size">
        /// A <see cref="System.UInt16"/>
        /// </param>
        /// <returns>
        /// A <see cref="System.Boolean"/>
        /// </returns>
        public bool SupportsSizeOfPcr(ushort size)
        {
            Parameters parameters = new Parameters();

            parameters.AddPrimitiveType("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE);
            parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_SELECT_SIZE, size);

            return(this.BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_GetCapability, parameters)
                   .Parameters.GetValueOf <bool>(CapabilityData.PARAM_PROP_SELECT_SIZE));
        }
コード例 #13
0
        /// <summary>
        /// Unbinds the specified data, the encrypted data needs to be
        /// of type TPMBoundData
        /// </summary>
        /// <param name="data"></param>
        /// <returns>Returns the decrypted data</returns>
        public byte[] Unbind(byte[] data)
        {
            Parameters paramsUnbind = new Parameters();

            paramsUnbind.AddPrimitiveType("in_data", data);
            paramsUnbind.AddPrimitiveType("key", _keyIdentifier);

            TPMCommandResponse unbindResponse = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Unbind, paramsUnbind);

            return(unbindResponse.Parameters.GetValueOf <byte[]>("data"));
        }
コード例 #14
0
        private static void ReadCapabilities(TPMWrapper tpm)
        {
            ILog log = LogManager.GetLogger("ReadCapabilities");

            // Read out each capability property
            foreach (CapabilityData.TPMSubCapProperty subCap in Enum.GetValues(typeof(CapabilityData.TPMSubCapProperty)))
            {
                Parameters param = new Parameters();
                param.AddPrimitiveType("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY);
                param.AddPrimitiveType("subCap", subCap);
                TPMCommandRequest  request  = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetCapability, param);
                TPMCommandResponse response = tpm.Process(request);
                switch (subCap)
                {
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR:
                    log.InfoFormat("Number of PCRs is {0}", response.Parameters.GetValueOf <uint>(CapabilityData.PARAM_PROP_PCR));
                    break;

                //case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_DIR:
                //    log.InfoFormat("Number of DIR is {0} and should be 1 because command is deprecated", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_DIR));
                //    break;
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MANUFACTURER:
                    log.InfoFormat("Manufacturer ID is {0}", response.Parameters.GetValueOf <uint>(CapabilityData.PARAM_PROP_MANUFACTURER));
                    break;

                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_KEYS:
                    log.InfoFormat("Number of free keyslots is {0}", response.Parameters.GetValueOf <uint>(CapabilityData.PARAM_PROP_KEYS));
                    break;

                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS:
                    log.InfoFormat("Number of max Auth Sessions is {0}", response.Parameters.GetValueOf <uint>(CapabilityData.PARAM_PROP_MAX_AUTHSESS));
                    break;

                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS:
                    log.InfoFormat("Number of max Trans Sessions is {0}", response.Parameters.GetValueOf <uint>(CapabilityData.PARAM_PROP_MAX_TRANSESS));
                    break;

                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_KEYS:
                    log.InfoFormat("Number of max keys (without EK and SRK) is {0}", response.Parameters.GetValueOf <uint>(CapabilityData.PARAM_PROP_MAX_KEYS));
                    break;

                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS:
                    log.InfoFormat("Number of max Sessions is {0}", response.Parameters.GetValueOf <uint>(CapabilityData.PARAM_PROP_MAX_SESSIONS));
                    break;

                default:
                    throw new NotSupportedException("Defined cap or subcap are not supported");
                }
            }
        }
コード例 #15
0
ファイル: TPMIntegrityClient.cs プロジェクト: deveck/doTSS
        /// <summary>
        /// Retrieves the index of the specified pcr 
        /// </summary>
        /// <param name="pcrIndex"></param>
        /// <returns></returns>
        public byte[] PCRValue(uint pcrIndex)
        {
            Parameters pcrParams = new Parameters();
            pcrParams.AddPrimitiveType("pcrnum", pcrIndex);

            return BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_PCRRead, pcrParams).Parameters.GetValueOf<byte[]>("value");
        }
コード例 #16
0
ファイル: CounterClient.cs プロジェクト: smuthubabu/doTSS
        /// <summary>
        /// Invalidates the counter
        /// </summary>
        public void Release()
        {
            Parameters releaseCounterParams = new Parameters();

            releaseCounterParams.AddPrimitiveType("counter_id", _counterId);
            _tpmSession.DoTPMCommandRequest(new TPMCommandRequest(TPMCommandNames.TPM_CMD_ReleaseCounter, releaseCounterParams));
        }
コード例 #17
0
ファイル: AuthHandleManager.cs プロジェクト: smuthubabu/doTSS
        /// <summary>
        /// Performs the actual swap-in operation
        /// </summary>
        /// <param name="item"></param>
        protected override void SwappedIn(AuthHandleItem item)
        {
            //uint oldHandle = item.AuthHandle.Handle;
            if (item.Status != AuthHandleItem.AuthHandleStatus.SwappedOut)
            {
                throw new ArgumentException("Invalid auth handle state for swap in operation");
            }

            using (new LockContext(_authHandles, "AuthHandleManager::SwappedIn"))
            {
                if (AvailableSessionSlots <= LoadedSessions)
                {
                    SwapOut();
                }


                Parameters swapInParameters = new Parameters();
                swapInParameters.AddValue("handle", item.AuthHandle);
                swapInParameters.AddPrimitiveType("context_blob", item.AuthHandle.ContextBlob);

                TPMCommandRequest swapInRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_LoadContext, swapInParameters);

                TPMCommandResponse swapInResponse = _tpmContext.TPM.Process(swapInRequest);
                if (swapInResponse.Status == false)
                {
                    throw new TPMRequestException("Unknown error while swap in operation");
                }

                item.AuthHandle.Handle = swapInResponse.Parameters.GetValueOf <ITPMHandle>("handle").Handle;
                item.Status            = AuthHandleItem.AuthHandleStatus.SwappedIn;
            }
        }
コード例 #18
0
        /// <summary>
        /// Unseals the specified data
        /// </summary>
        /// <param name="data">Data to seal</param>
        /// <returns></returns>
        public byte[] Unseal(byte[] data)
        {
            Parameters paramsSeal = new Parameters();

            paramsSeal.AddPrimitiveType("in_data", data);
            paramsSeal.AddPrimitiveType("key", _keyIdentifier);

            Parameters paramsSecret = new Parameters();

            paramsSecret.AddPrimitiveType("identifier", KeyIdentifier);


            TPMCommandResponse unsealResponse = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Unseal, paramsSeal);

            return(unsealResponse.Parameters.GetValueOf <byte[]>("data"));
        }
コード例 #19
0
ファイル: KeyManager.cs プロジェクト: smuthubabu/doTSS
        /// <summary>
        /// Performs the actual swap-in operation
        /// </summary>
        /// <param name="item"></param>
        protected override void SwappedIn(KeyHandleItem item)
        {
            if (item.Status != KeyHandleItem.KeyHandleStatus.SwappedOut)
            {
                throw new ArgumentException("Invalid key handle state for swap in operation");
            }

            if (AvailableKeySlots <= LoadedKeys)
            {
                SwapOut();
            }


            Parameters swapInParameters = new Parameters();

            swapInParameters.AddValue("handle", item.KeyHandle);
            swapInParameters.AddPrimitiveType("context_blob", item.KeyHandle.ContextBlob);

            TPMCommandRequest swapInRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_LoadContext, swapInParameters);

            TPMCommandResponse swapInResponse = _tpmContext.TPM.Process(swapInRequest);

            if (swapInResponse.Status == false)
            {
                throw new TPMRequestException("Keymanager: Unknown error while swap in operation");
            }

            item.KeyHandle.Handle = swapInResponse.Parameters.GetValueOf <ITPMHandle>("handle").Handle;
        }
コード例 #20
0
        public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum)
        {
            if (authSessionNum == AuthSessionNum.Auth1)
            {
                string keyIdentifier = _params.GetValueOf <string>("key");

                Parameters parameters = new Parameters();
                parameters.AddPrimitiveType("identifier", keyIdentifier);

                return(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters));
            }
            else if (authSessionNum == AuthSessionNum.Auth2)
            {
                string identifier = _params.GetValueOf <string>("key");

                Parameters parameters = new Parameters();
                parameters.AddPrimitiveType("identifier", identifier);

                return(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SealAuth, parameters));
            }
            else
            {
                return(null);
            }
        }
コード例 #21
0
ファイル: TPM_SaveContext.cs プロジェクト: deveck/doTSS
        public override TPMCommandResponse Process()
        {
            //We don't have any meaningful labeldata we could include,
            //so generate some random
            byte[] labelData = new byte[16];
            Random r = new Random();
            r.NextBytes(labelData);

            if(_params.IsDefined<ITPMHandle>("handle") == false)
                return new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_SaveContext, new Parameters());

            ITPMHandle handle = _params.GetValueOf<ITPMHandle>("handle");

            TPMBlob requestBlob = new TPMBlob();
            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_SaveContext);
            requestBlob.WriteUInt32(handle.Handle);
            requestBlob.WriteUInt32((uint)handle.ResourceType);
            requestBlob.Write(labelData, 0, labelData.Length);

            TPMBlob responseBlob = TransmitMe(requestBlob);
            responseBlob.SkipHeader();

            uint blobSize = responseBlob.ReadUInt32();
            byte[] contextBlob = responseBlob.ReadBytes((int)blobSize);

            Parameters responseParams = new Parameters();
            responseParams.AddPrimitiveType("context_blob", contextBlob);
            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_SaveContext, responseParams);
        }
コード例 #22
0
        /// <summary>
        /// Retrieves the index of the specified pcr
        /// </summary>
        /// <param name="pcrIndex"></param>
        /// <returns></returns>
        public byte[] PCRValue(uint pcrIndex)
        {
            Parameters pcrParams = new Parameters();

            pcrParams.AddPrimitiveType("pcrnum", pcrIndex);

            return(BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_PCRRead, pcrParams).Parameters.GetValueOf <byte[]>("value"));
        }
コード例 #23
0
        /// <summary>
        /// Cryptographically reports the selected PCR values and returns
        /// the TPMPCRComposite and the generated signature. If no
        /// external data is supplied a random nonce is generated on the server.
        /// The length of externalData is defined by the hashing algorithm used by the TPM
        /// </summary>
        /// <param name="pcrs"></param>
        /// <param name="externalData">Nonce used for the quoting operation,
        /// use CreateCompatibleHashAlgorithm or CreateCompatibleHashProvider to generate a hash value
        /// with the correct length</param>
        /// <returns></returns>
        public QuoteResponse Quote(TPMPCRSelection pcrs, byte[] externalData)
        {
            Parameters quoteParameters = new Parameters();

            quoteParameters.AddPrimitiveType("key", _keyIdentifier);
            quoteParameters.AddValue("targetPCR", pcrs);

            if (externalData != null)
            {
                quoteParameters.AddPrimitiveType("externalData", externalData);
            }

            TPMCommandResponse response = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Quote, quoteParameters);

            return(new QuoteResponse(response.Parameters.GetValueOf <TPMPCRComposite>("pcrData"),
                                     response.Parameters.GetValueOf <byte[]>("sig")));
        }
コード例 #24
0
ファイル: CounterClient.cs プロジェクト: smuthubabu/doTSS
        /// <summary>
        /// Increments the current counter value and returns the new counter value
        /// </summary>
        /// <returns></returns>
        public uint Increment()
        {
            Parameters incCounterParams = new Parameters();

            incCounterParams.AddPrimitiveType("counter_id", _counterId);
            return(_tpmSession.DoTPMCommandRequest(new TPMCommandRequest(TPMCommandNames.TPM_CMD_IncrementCounter, incCounterParams))
                   .Parameters.GetValueOf <TPMCounterValue>("counter_value").CounterValue);
        }
コード例 #25
0
ファイル: TPM_PCRRead.cs プロジェクト: deveck/doTSS
        public override TPMCommandResponse Process()
        {
            TPMBlob requestBlob = new TPMBlob ();
            requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_PcrRead);
            requestBlob.WriteUInt32 ((uint)_register);
            requestBlob.WriteCmdSize ();

            TPMBlob responseBlob = TransmitMe (requestBlob);
            Parameters responseParam = new Parameters();

            byte[] val = responseBlob.ReadBytes(20);

            responseParam.AddPrimitiveType("pcrnum", _register);
            responseParam.AddPrimitiveType("value", val);

            TPMCommandResponse response = new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_PCRRead, responseParam);

            return response;
        }
コード例 #26
0
ファイル: CounterClient.cs プロジェクト: deveck/doTSS
        /// <summary>
        /// Creates a new counter if possible.
        /// Creating a counter requires the owner password and also the secret_counter secret
        /// </summary>
        /// <param name="label">4 bytes to label the counter</param>
        /// <returns></returns>
        public CounterContext CreateCounter(byte[] label)
        {
            if(label.Length != 4)
                throw new ArgumentException("label needs to be of size 4");

            ProtectedPasswordStorage counterSecret = _tpmSession.RequestSecret(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.CounterSecret, new Parameters()));

            if(counterSecret.Hashed == false)
                counterSecret.Hash();

            counterSecret.DecryptHash();

            Parameters createCounterParams = new Parameters();
            createCounterParams.AddPrimitiveType("secret", counterSecret.HashValue);
            createCounterParams.AddPrimitiveType("label", label);

            return new CounterContext(_tpmSession,
                _tpmSession.DoTPMCommandRequest(new TPMCommandRequest(TPMCommandNames.TPM_CMD_CreateCounter, createCounterParams))
                    .Parameters.GetValueOf<uint>("counter_id")
                );
        }
コード例 #27
0
        public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum)
        {
            if (authSessionNum != AuthSessionNum.Auth1)
            {
                return(null);
            }

            Parameters hmacKeyInfoParams = new Parameters();

            hmacKeyInfoParams.AddPrimitiveType("identifier", _params.GetValueOf <string>("key"));
            return(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, hmacKeyInfoParams));
        }
コード例 #28
0
        public override TPMCommandResponse Process()
        {
            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_PcrRead);
            requestBlob.WriteUInt32((uint)_register);
            requestBlob.WriteCmdSize();

            TPMBlob    responseBlob  = TransmitMe(requestBlob);
            Parameters responseParam = new Parameters();


            byte[] val = responseBlob.ReadBytes(20);

            responseParam.AddPrimitiveType("pcrnum", _register);
            responseParam.AddPrimitiveType("value", val);


            TPMCommandResponse response = new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_PCRRead, responseParam);

            return(response);
        }
コード例 #29
0
ファイル: TPM_Seal.cs プロジェクト: smuthubabu/doTSS
        protected override TPMCommandResponse InternalProcess()
        {
            // Unencrypted authorization values, they need to be XOR-Encrypted with
            // XOR(auth, SHA-1(OSAP shared secret | session nonce))
            //
            // OSAP_shared_secret = HMAC(key=usage secret of key handle, nonce even osap | nonce odd osap)
            AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);

            _encAuth = _params.GetValueOf <byte[]> ("data_auth");

            byte[] xorKey = new HashProvider().Hash(
                new HashByteDataProvider(auth1OSAP.SharedSecret),
                new HashByteDataProvider(auth1OSAP.NonceEven));

            ByteHelper.XORBytes(_encAuth, xorKey);

            //Load parent key if not loaded
            _keyManager.LoadKey(_params.GetValueOf <string>("key"));

            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Seal);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_encAuth, 0, 20);
            TPMBlobWriteableHelper.WriteITPMBlobWritableWithUIntSize(requestBlob, _pcrInfo);
            requestBlob.WriteUInt32((uint)_inData.Length);
            requestBlob.Write(_inData, 0, _inData.Length);

            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("key")).Handle);
                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            TPMStoredDataCore sealedData = TPMStoredDataCore.CreateFromTPMBlob(_responseBlob);

            Parameters responseParams = new Parameters();

            responseParams.AddPrimitiveType("data", ByteHelper.SerializeToBytes(sealedData));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Seal, responseParams));
        }
コード例 #30
0
ファイル: TPM_LoadKey2.cs プロジェクト: smuthubabu/doTSS
        protected override TPMCommandResponse InternalProcess()
        {
            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_LoadKey2);

            //If not loaded load now
            if (_params.GetValueOf <bool>("parent_key_srk") == false)
            {
                _keyManager.LoadKey(_params.GetValueOf <string>("parent_identifier"));
            }

            //To be inserted later
            requestBlob.WriteUInt32(0);

            _tpmKey.WriteToTpmBlob(requestBlob);

            //Blocking authorize, blocks till the user has entered the authorization data
            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                _keyManager.EnsureFreeSlot();
                uint tpmKeyHandle;

                if (_params.GetValueOf <bool>("parent_key_srk"))
                {
                    tpmKeyHandle = (uint)TPMKeyHandles.TPM_KH_SRK;
                }
                else
                {
                    tpmKeyHandle = _keyManager.IdentifierToHandle(_params.GetValueOf <string>("parent_identifier")).Handle;
                }

                //Write key handle to the first position after the header
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(tpmKeyHandle);

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();
            uint      loadedTpmHandle = _responseBlob.ReadUInt32();
            KeyHandle loadedHandle    = new KeyHandle(_params.GetValueOf <string>("key_identifier"), loadedTpmHandle);

            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("handle", loadedHandle);
            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_LoadKey2, _responseParameters));
        }
コード例 #31
0
        public void TakeOwnership(ProtectedPasswordStorage ownerSecret, ProtectedPasswordStorage srkSecret)
        {
            _tpmSession.SetValue("secret_" + TPMSession.PARAM_AUTH_OWNER, ownerSecret);
            _tpmSession.SetValue("secret_" + TPMSession.PARAM_AUTH_SRK, srkSecret);


            IAsymmetricBlockCipher ekEncryptor = _tpmSession.EndorsementKeyHandling.PublicKey.CreateRSAEncrypter();

            ownerSecret.DecryptHash();
            byte[] encOwnerSecret = ekEncryptor.ProcessBlock(ownerSecret.HashValue, 0, ownerSecret.HashValue.Length);
            ownerSecret.ClearHash();

            srkSecret.DecryptHash();
            byte[] encSrkSecret = ekEncryptor.ProcessBlock(srkSecret.HashValue, 0, srkSecret.HashValue.Length);
            srkSecret.ClearHash();

            Parameters parameters = new Parameters();

            parameters.AddPrimitiveType(PARAM_OWNERAUTH, encOwnerSecret);
            parameters.AddPrimitiveType(PARAM_SRKAUTH, encSrkSecret);

            /*TPMCommandResponse response = */ BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_TakeOwnership, parameters);
        }
コード例 #32
0
ファイル: BindBlockCipher.cs プロジェクト: smuthubabu/doTSS
        public void Init(bool forEncryption, ICipherParameters parameters)
        {
            _forEncryption = forEncryption;

            if (forEncryption)
            {
                _encryptor = _keyHandle.PublicKey.CreateRSAEncrypter();

                Parameters bindParameters = new Parameters();
                bindParameters.AddPrimitiveType("type", "request_prefix");
                TPMCommandRequest bindPrefixRequest = new TPMCommandRequest(
                    TPMCommandNames.TPM_CMD_Bind, bindParameters);
                _prefix = _session.DoTPMCommandRequest(bindPrefixRequest).Parameters.GetValueOf <byte[]>("prefix");
            }
        }
コード例 #33
0
ファイル: TPM_GetRandom.cs プロジェクト: deveck/doTSS
        public override TPMCommandResponse Process()
        {
            using(TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_GetRandom);
                requestBlob.WriteUInt32(_params.GetValueOf<uint>("bytes_requested"));
                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            uint responseByteSize = _responseBlob.ReadUInt32();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("data", _responseBlob.ReadBytes((int)responseByteSize));

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_GetRandom, _responseParameters);
        }
コード例 #34
0
        public override TPMCommandResponse Process()
        {
            using (TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_GetRandom);
                requestBlob.WriteUInt32(_params.GetValueOf <uint>("bytes_requested"));
                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            uint responseByteSize = _responseBlob.ReadUInt32();

            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("data", _responseBlob.ReadBytes((int)responseByteSize));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_GetRandom, _responseParameters));
        }
コード例 #35
0
ファイル: TPM_ReadCounter.cs プロジェクト: deveck/doTSS
        public override TPMCommandResponse Process()
        {
            using(TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadCounter);
                requestBlob.WriteUInt32(_params.GetValueOf<uint>("counter_id"));

                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _params.GetValueOf<uint>("counter_id"));
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_ReadCounter, _responseParameters);
        }
コード例 #36
0
        public override TPMCommandResponse Process()
        {
            using (TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadCounter);
                requestBlob.WriteUInt32(_params.GetValueOf <uint>("counter_id"));

                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _params.GetValueOf <uint>("counter_id"));
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_ReadCounter, _responseParameters));
        }
コード例 #37
0
        protected override TPMCommandResponse InternalProcess()
        {
            using (TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_IncrementCounter);
                requestBlob.WriteUInt32(_params.GetValueOf <uint>("counter_id"));

                _responseBlob = AuthorizeMeAndTransmit(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _responseBlob.ReadUInt32());
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters));
        }
コード例 #38
0
ファイル: TPM_Bind.cs プロジェクト: deveck/doTSS
        public override TPMCommandResponse Process()
        {
            if(_params.GetValueOf<string>("type", "") == "request_prefix")
            {

                TPMBoundDataCore boundData = TPMBoundDataCore.Encapsulate(new byte[0]);

                _responseParameters = new Parameters();
                using(TPMBlob blob = new TPMBlob())
                {
                    boundData.WriteToTpmBlob(blob);
                    _responseParameters.AddPrimitiveType("prefix", blob.ToArray());
                }

                return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Bind, _responseParameters);
            }
            else
                throw new ArgumentException("TPM_Bind: did not find valid type");
        }
コード例 #39
0
ファイル: TPM_LoadKey2.cs プロジェクト: smuthubabu/doTSS
        public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum)
        {
            if (authSessionNum != AuthSessionNum.Auth1)
            {
                return(null);
            }


            if (_params.GetValueOf <bool>("parent_key_srk"))
            {
                return(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, new Parameters()));
            }
            else
            {
                Parameters hmacKeyInfoParams = new Parameters();
                hmacKeyInfoParams.AddPrimitiveType("identifier", _params.GetValueOf <string>("parent_identifier"));
                return(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, hmacKeyInfoParams));
            }
        }
コード例 #40
0
ファイル: TPM_Extend.cs プロジェクト: deveck/doTSS
        public override TPMCommandResponse Process()
        {
            using(TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_Extend);
                requestBlob.WriteUInt32(_params.GetValueOf<uint>("pcr"));

                byte[] digest = _params.GetValueOf<byte[]>("digest");
                if(digest.Length != 20)
                    throw new ArgumentException("Digest needs to be of length '20'");

                requestBlob.Write(digest, 0, digest.Length);

                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("pcr_value", _responseBlob.ReadBytes(20));
            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Extend, _responseParameters);
        }
コード例 #41
0
ファイル: RNG.cs プロジェクト: deveck/doTSS
        protected override double Sample()
        {
            Parameters getRandomParameters = new Parameters();
            getRandomParameters.AddPrimitiveType("bytes_requested", (uint)4);
            byte[] randomBytes = _tpmSession.DoTPMCommandRequest(new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetRandom, getRandomParameters))
                .Parameters.GetValueOf<byte[]>("data");

            byte[] realData;
            if(randomBytes.Length <4)
            {
                Console.WriteLine("Requested 4 received {0}", randomBytes.Length);
                realData = new byte[4];
                Array.Copy(randomBytes, 0, realData, 0, randomBytes.Length);
            }
            else
                realData = randomBytes;

            UInt32 randomVal = BitConverter.ToUInt32(realData, 0);

            return (double)randomVal/(double)UInt32.MaxValue;
        }
コード例 #42
0
ファイル: TPM_Unbind.cs プロジェクト: deveck/doTSS
        protected override TPMCommandResponse InternalProcess()
        {
            //Load parent key if not loaded
            _keyManager.LoadKey(_params.GetValueOf<string>("key"));

            TPMBlob requestBlob = new TPMBlob();
            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_UnBind);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.WriteUInt32((uint)_inData.Length);
            requestBlob.Write(_inData, 0, _inData.Length);

            AuthorizeMe(requestBlob);

            using(_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("key")).Handle);
                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            uint dataSize = _responseBlob.ReadUInt32();
            byte[] responseData = new byte[dataSize];
            _responseBlob.Read(responseData, 0, responseData.Length);

            Parameters responseParams = new Parameters();
            responseParams.AddPrimitiveType("data", responseData);

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Unbind, responseParams);
        }
コード例 #43
0
ファイル: TPM_CreateWrapKey.cs プロジェクト: deveck/doTSS
        protected override TPMCommandResponse InternalProcess()
        {
            // Unencrypted authorization values, they need to be XOR-Encrypted with
            // XOR(auth, SHA-1(OSAP shared secret | session nonce))
            //
            // OSAP_shared_secret = HMAC(key=usage secret of key handle, nonce even osap | nonce odd osap)
            AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);

            _usageAuth = _params.GetValueOf<byte[]> ("usage_auth");
            _migrationAuth = _params.GetValueOf<byte[]> ("migration_auth");
            byte[] xorKey = new HashProvider().Hash(
                    new HashByteDataProvider(auth1OSAP.SharedSecret),
                    new HashByteDataProvider(auth1OSAP.NonceEven));

            ByteHelper.XORBytes(_usageAuth, xorKey);
            ByteHelper.XORBytes(_migrationAuth, xorKey);

            //Load parent key if not loaded
            _keyManager.LoadKey(_params.GetValueOf<string>("parent"));

            TPMBlob requestBlob = new TPMBlob();
            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateWrapKey);

            //parent key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_usageAuth, 0, 20);
            requestBlob.Write(_migrationAuth, 0, 20);
            _tpmKey.WriteToTpmBlob(requestBlob);

            using(_keyManager.AcquireLock())
            {
                AuthorizeMe(requestBlob);
                requestBlob.SkipHeader();

                if(_params.GetValueOf<string>("parent") == KeyHandle.KEY_SRK)
                    requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
                else
                    requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("parent")).Handle);

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();
            TPMKeyCore newKey = new TPMKeyCore(_responseBlob);
            _responseParameters = new Parameters();

            //Build and save the key identifier
            //The key identifier is the hex-string representation of the hash of the newly created key
            _responseParameters.AddPrimitiveType("key_identifier",
                ByteHelper.ByteArrayToHexString(
                    new HashProvider().Hash(
                            new HashByteDataProvider(
                                ByteHelper.SerializeToBytes(newKey)
                            )
                        ),
                    ""));

            _responseParameters.AddPrimitiveType("key_data", ByteHelper.SerializeToBytes(newKey));

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateWrapKey, _responseParameters);
        }
コード例 #44
0
ファイル: TPM_CreateWrapKey.cs プロジェクト: deveck/doTSS
        public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum)
        {
            if(authSessionNum != AuthSessionNum.Auth1)
                return null;

            string parentIdentifier = _params.GetValueOf<string>("parent");

            if(parentIdentifier == KeyHandle.KEY_SRK)
                return new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, new Parameters());
            else
            {
                Parameters parameters = new Parameters();
                parameters.AddPrimitiveType("identifier", parentIdentifier);

                return new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters);
            }
        }
コード例 #45
0
ファイル: TPMKeyClient.cs プロジェクト: deveck/doTSS
        /// <summary>
        /// Cryptographically reports the selected PCR values and returns
        /// the TPMPCRComposite and the generated signature. If no
        /// external data is supplied a random nonce is generated on the server.
        /// The length of externalData is defined by the hashing algorithm used by the TPM
        /// </summary>
        /// <param name="pcrs"></param>
        /// <param name="externalData">Nonce used for the quoting operation, 
        /// use CreateCompatibleHashAlgorithm or CreateCompatibleHashProvider to generate a hash value
        /// with the correct length</param>
        /// <returns></returns>
        public QuoteResponse Quote(TPMPCRSelection pcrs, byte[] externalData)
        {
            Parameters quoteParameters = new Parameters();
            quoteParameters.AddPrimitiveType("key", _keyIdentifier);
            quoteParameters.AddValue("targetPCR", pcrs);

            if(externalData != null)
                quoteParameters.AddPrimitiveType("externalData", externalData);

            TPMCommandResponse response = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Quote, quoteParameters);

            return new QuoteResponse(response.Parameters.GetValueOf<TPMPCRComposite>("pcrData"),
                                     response.Parameters.GetValueOf<byte[]>("sig"));
        }
コード例 #46
0
ファイル: TPMKeyClient.cs プロジェクト: deveck/doTSS
        public ClientKeyHandle CreateKey(string friendlyName, uint keyLength, TPMKeyUsage keyUsage, TPMKeyFlags keyFlags)
        {
            Parameters paramsCreateWrapKey = new Parameters();
            paramsCreateWrapKey.AddPrimitiveType("parent", KeyIdentifier);
            paramsCreateWrapKey.AddPrimitiveType("key_usage", keyUsage);
            paramsCreateWrapKey.AddPrimitiveType("key_flags", keyFlags);
            paramsCreateWrapKey.AddPrimitiveType("key_length", keyLength);
            paramsCreateWrapKey.AddPrimitiveType("exponent", new byte[0]);
            paramsCreateWrapKey.AddPrimitiveType("num_primes", (uint)0);

            if (keyUsage == TPMKeyUsage.TPM_KEY_SIGNING)
            {
                paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_NONE);
                paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1);
            }
            else
            {
                paramsCreateWrapKey.AddPrimitiveType("enc_scheme", TPMEncScheme.TPM_ES_RSAESOAEP_SHA1_MGF1);
                paramsCreateWrapKey.AddPrimitiveType("sig_scheme", TPMSigScheme.TPM_SS_NONE);
            }

            Parameters parameters = new Parameters();
            parameters.AddPrimitiveType("identifierIsFriendlyName", true);
            parameters.AddPrimitiveType("identifier", friendlyName);

            ProtectedPasswordStorage authUsage = _tpmSession.RequestSecret(
                new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters));

            if(authUsage.Hashed == false)
                authUsage.Hash();

            authUsage.DecryptHash();
            paramsCreateWrapKey.AddPrimitiveType("usage_auth", authUsage.HashValue);

            ProtectedPasswordStorage authMigration = null;

            if((keyFlags & TPMKeyFlags.Migratable) == TPMKeyFlags.Migratable)
            {
                authMigration = _tpmSession.RequestSecret(
                    new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyMigrationSecret, parameters));
                authMigration.DecryptHash();
                paramsCreateWrapKey.AddPrimitiveType("migration_auth", authMigration.HashValue);
            }
            else
                paramsCreateWrapKey.AddPrimitiveType("migration_auth", new byte[20]);

            try
            {
                TPMCommandResponse responseCreateWrapKey =
                    BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_CreateWrapKey, paramsCreateWrapKey);

                _tpmSession.Keystore.AddKey(
                            friendlyName,
                            responseCreateWrapKey.Parameters.GetValueOf<string>("key_identifier"),
                            this.FriendlyName,
                            responseCreateWrapKey.Parameters.GetValueOf<byte[]>("key_data"));

                return new ClientKeyHandle(friendlyName, responseCreateWrapKey.Parameters.GetValueOf<string>("key_identifier"), _tpmSession);
            }
            finally
            {
                if(authMigration != null)
                    authMigration.ClearHash();

                if(authUsage != null)
                    authUsage.ClearHash();
            }
        }
コード例 #47
0
ファイル: TPMKeyClient.cs プロジェクト: deveck/doTSS
        /// <summary>
        /// Unseals the specified data
        /// </summary>
        /// <param name="data">Data to seal</param>
        /// <returns></returns>
        public byte[] Unseal(byte[] data)
        {
            Parameters paramsSeal = new Parameters();
            paramsSeal.AddPrimitiveType("in_data", data);
            paramsSeal.AddPrimitiveType("key", _keyIdentifier);

            Parameters paramsSecret = new Parameters();
            paramsSecret.AddPrimitiveType("identifier", KeyIdentifier);

            TPMCommandResponse unsealResponse = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Unseal, paramsSeal);
            return unsealResponse.Parameters.GetValueOf<byte[]>("data");
        }
コード例 #48
0
ファイル: TPM_IncrementCounter.cs プロジェクト: deveck/doTSS
        protected override TPMCommandResponse InternalProcess()
        {
            using(TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_IncrementCounter);
                requestBlob.WriteUInt32(_params.GetValueOf<uint>("counter_id"));

                _responseBlob = AuthorizeMeAndTransmit(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _responseBlob.ReadUInt32());
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters);
        }
コード例 #49
0
ファイル: TPM_Quote.cs プロジェクト: deveck/doTSS
        protected override TPMCommandResponse InternalProcess()
        {
            TPMBlob requestBlob = new TPMBlob();
            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Quote);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_nonce, 0, 20);
            _pcrSelection.WriteToTpmBlob(requestBlob);

            _keyManager.LoadKey(_params.GetValueOf<string>("key"));

            AuthorizeMe(requestBlob);

            using(_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("key")).Handle);
                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            TPMPCRCompositeCore pcrComposite = TPMPCRCompositeCore.CreateFromTPMBlob(_responseBlob);
            uint sigSize = _responseBlob.ReadUInt32();
            byte[] signature =  _responseBlob.ReadBytes((int)sigSize);

            // Do signature verification
            TPMQuoteInfoCore quoteInfo = TPMQuoteInfoCore.Create(new HashProvider().Hash(new HashTPMBlobWritableDataProvider(pcrComposite)), _nonce);
            byte[] signingData;
            using (TPMBlob blob = new TPMBlob())
            {
                quoteInfo.WriteToTpmBlob(blob);
                signingData = blob.ToArray();
            }

            Parameters pubKeyParams = new Parameters();
            pubKeyParams.AddPrimitiveType("key", _params.GetValueOf<string>("key"));
            TPMCommandRequest pubKeyRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetPubKey, pubKeyParams);
            TPMCommandResponse pubKeyResponse = _tpmWrapper.Process(pubKeyRequest,
                _commandAuthHelper, _keyManager);

            if (pubKeyResponse.Status == false)
            {
                _log.FatalFormat("TPM_Quote: Could not retrieve pubkey of key");
                return new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_Quote, new Parameters());
            }

            TPMKey keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(_params.GetValueOf<string>("key")));
            TPMPubkey pubkey = pubKeyResponse.Parameters.GetValueOf<TPMPubkey>("pubkey");

            if (SignatureVerification.VerifySignature(keyInfo, pubkey, signingData, signature) == false)
            {
                throw new ArgumentException("The TPM_Quote signature could not be verified");
            }

            Parameters responseParams = new Parameters();
            responseParams.AddValue("pcrData", pcrComposite);
            responseParams.AddPrimitiveType("sig", signature);

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Quote, responseParams);
        }
コード例 #50
0
ファイル: TPMCapabilityClient.cs プロジェクト: deveck/doTSS
        /// <summary>
        /// Retrieves Version information of the TPM
        /// </summary>
        public CapabilityData.TPMCapVersionInfo GetTPMVersion()
        {
            Parameters parameters = new Parameters ();
            parameters.AddPrimitiveType ("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL);
            parameters.AddPrimitiveType ("subCap", new byte[0]);

            return BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_GetCapability, parameters).Parameters.GetValueOf<CapabilityData.TPMCapVersionInfo> (CapabilityData.PARAM_TPM_VERSION_INFO);
        }
コード例 #51
0
ファイル: SecretCacheCommand.cs プロジェクト: deveck/doTSS
        public override void Execute(string[] commandline)
        {
            if (commandline.Length < 2)
            {
                _console.Out.WriteLine ("Error: [local_session_alias] not specified");
                return;
            }
            else if (commandline.Length < 3)
            {
                _console.Out.WriteLine ("Error: [command] not specified");
                return;
            }

            ClientContext ctx = _console.GetValue<ClientContext> ("client_context", null);

            if (ctx == null)
            {
                _console.Out.WriteLine ("No active connection was found");
                return;
            }

            string localAlias = commandline[1];
            string keyCommand = commandline[2];

            IDictionary<string, TPMSession> tpmSessions = _console.GetValue<IDictionary<string, TPMSession>> ("tpm_sessions", null);

            if (tpmSessions == null || tpmSessions.ContainsKey (localAlias) == false)
            {
                _console.Out.WriteLine ("Error: Specified local alias was not found");
                return;
            }

            if (keyCommand == "clear")
            {
                List<string> toRemove = new List<string>();

                foreach(string key in tpmSessions[localAlias].ListValueKeys())
                {
                    if(key.StartsWith("secret_"))
                        toRemove.Add(key);
                }

                foreach(string key in toRemove)
                {
                    tpmSessions[localAlias].ClearValue(key);
                }

            }
            else if (keyCommand == "remove")
            {

                IDictionary<string, string> arguments = null;

                if(commandline.Length >= 4)
                    arguments = _console.SplitArguments(commandline[3], 0);

                if(commandline.Length < 4 || arguments.ContainsKey("type") == false)
                {
                    _console.Out.WriteLine("Error: No type to remove specified");
                    return;
                }

                tpmSessions[localAlias].ClearValue("secret_" + arguments["type"]);

            }
            else if(keyCommand == "add")
            {
                if(commandline.Length < 4)
                {
                    _console.Out.WriteLine("Error: No arguments specified");
                    return;
                }

                IDictionary<string, string> arguments = _console.SplitArguments(commandline[3], 0);

                if(arguments.ContainsKey("type") == false)
                {
                    _console.Out.WriteLine("Error: No type specified");
                    return;
                }

                string dictKey = arguments["type"];
                HMACKeyInfo keyInfo;
                Parameters hmacKeyInfoParams = new Parameters();
                if(dictKey == "owner")
                {
                    dictKey = TPMSession.PARAM_AUTH_OWNER;
                    keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.OwnerSecret, hmacKeyInfoParams);
                }
                else if(dictKey == "srk")
                {
                    dictKey = TPMSession.PARAM_AUTH_SRK;
                    keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, hmacKeyInfoParams);
                }
                else if(dictKey == "key_usage")
                {
                    if(arguments.ContainsKey("name") == false)
                    {
                        _console.Out.WriteLine("Error: key_usage requires name of key");
                        return;
                    }

                    dictKey = "usage_" + arguments["name"];
                    hmacKeyInfoParams.AddPrimitiveType("identifier", arguments["name"]);
                    keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, hmacKeyInfoParams);
                }
                else if(dictKey == "seal")
                {
                    if(arguments.ContainsKey("name") == false)
                    {
                        _console.Out.WriteLine("Error: seal requires name of key");
                        return;
                    }

                    dictKey = "seal_" + arguments["name"];
                    hmacKeyInfoParams.AddPrimitiveType("identifier", arguments["name"]);
                    keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SealAuth, hmacKeyInfoParams);
                }
                else if(dictKey == "counter")
                {
                    dictKey = "counter";
                    keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.CounterSecret, new Parameters());
                }
                else
                {
                    _console.Out.WriteLine("Error: Unknown secret type");
                    return;
                }

                ProtectedPasswordStorage pw;

                if(arguments.ContainsKey("secret"))
                {
                    pw = new ProtectedPasswordStorage();
                    foreach(char c in arguments["secret"])
                        pw.AppendPasswordChar(c);

                }
                else
                {
                    tpmSessions[localAlias].ClearValue("secret_" + dictKey);
                    pw = tpmSessions[localAlias].RequestSecret(keyInfo);
                }

                pw.Hash();
                tpmSessions[localAlias].SetValue("secret_" + dictKey, pw);
            }
            else
                _console.Out.WriteLine ("Error, unknown command '{0}'", commandline[2]);
        }
コード例 #52
0
ファイル: TPMKeyClient.cs プロジェクト: deveck/doTSS
        /// <summary>
        /// Unbinds the specified data, the encrypted data needs to be
        /// of type TPMBoundData
        /// </summary>
        /// <param name="data"></param>
        /// <returns>Returns the decrypted data</returns>
        public byte[] Unbind(byte[] data)
        {
            Parameters paramsUnbind = new Parameters();
            paramsUnbind.AddPrimitiveType("in_data", data);
            paramsUnbind.AddPrimitiveType("key", _keyIdentifier);

            TPMCommandResponse unbindResponse = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Unbind, paramsUnbind);
            return unbindResponse.Parameters.GetValueOf<byte[]>("data");
        }
コード例 #53
0
ファイル: TPMKeyClient.cs プロジェクト: deveck/doTSS
        /// <summary>
        /// Signs the specified data, but the data is already in the format the signature format (Attached to the key) requires it to be.
        /// </summary>
        /// <remarks>
        /// Use this for large amount of data, or use the <see>CreateSigner</see> method 
        /// </remarks>
        /// <param name="data"></param>
        /// <returns></returns>
        public byte[] SignWithProperFormat(byte[] data)
        {
            Parameters signParameters = new Parameters();
            signParameters.AddPrimitiveType("key", _keyIdentifier);
            signParameters.AddPrimitiveType("areaToSign", data);

            return BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Sign, signParameters).Parameters.GetValueOf<byte[]>("sig");
        }
コード例 #54
0
ファイル: TPMKeyClient.cs プロジェクト: deveck/doTSS
        /// <summary>
        /// Seals data to the specified pcr selection,
        /// create a valid pcr selection with session.CreateEmptyPCRSelection
        /// </summary>
        /// <param name="pcrSelection"></param>
        /// <param name="data">Data to seal</param>
        /// <returns></returns>
        public byte[] Seal(TPMPCRSelection pcrSelection, byte[] data)
        {
            Parameters paramsSeal = new Parameters();
            paramsSeal.AddPrimitiveType("in_data", data);
            paramsSeal.AddPrimitiveType("key", _keyIdentifier);
            paramsSeal.AddValue("pcr_selection", pcrSelection);

            Parameters paramsSecret = new Parameters();
            paramsSecret.AddPrimitiveType("identifier", KeyIdentifier);
            ProtectedPasswordStorage authSeal = _tpmSession.RequestSecret(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SealAuth, paramsSecret));

            if(authSeal.Hashed == false)
                authSeal.Hash();

            authSeal.DecryptHash();
            paramsSeal.AddPrimitiveType("data_auth", authSeal.HashValue);

            try
            {
                TPMCommandResponse sealResponse = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Seal, paramsSeal);
                return sealResponse.Parameters.GetValueOf<byte[]>("data");
            }
            finally
            {
                if(authSeal != null)
                    authSeal.ClearHash();
            }
        }
コード例 #55
0
        /// <summary>
        /// Assures that the shared secret for the specified authorization handle has been
        /// calculated, if not it gets calculated. If no OSAP session exists, create it
        /// </summary>
        /// <param name="cmd"></param>
        /// <param name="sessionNum"></param>
        /// <returns></returns>
        public AuthHandle AssureOSAPSharedSecret(IAuthorizableCommand cmd, AuthSessionNum authSessionNum)
        {
            //			using(AcquireLock())
            //			{
            //				//Must not be called for OSAP at the moment because OSAP session are not cached
            //				_tpmContext.AuthHandleManager.ReserveAuthHandleSlots(cmd);
            //			}
            //
            HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum);

            if(keyInfo == null)
                return null;

            AuthHandle authHandle;

            using(AcquireLock())
            {
                authHandle = _tpmContext.AuthHandleManager.GetAuthHandle(cmd, authSessionNum);
            }

            // If shared secret has not yet been generated, do it
            if(authHandle.SharedSecret == null)
            {
                GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest(
                    _ctx,
                    new HashByteDataProvider(authHandle.NonceEvenOSAP),
                    new HashByteDataProvider(authHandle.NonceOddOSAP)
                    );

                request.TpmSessionIdentifier = _tpmSessionIdentifier;

                Parameters paramsSharedSecret = new Parameters();

                if(cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
                    cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_SRK)
                {
                    if(cmd.GetHandle(authSessionNum) == KeyHandle.KEY_SRK)
                        request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, new Parameters());
                    else
                    {
                        paramsSharedSecret.AddPrimitiveType("identifier", cmd.GetHandle(authSessionNum));
                        request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, paramsSharedSecret);
                    }
                }
                else if(cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_OWNER)
                    request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.OwnerSecret, new Parameters());
                else
                    throw new NotSupportedException(string.Format("CommandAuthorizationHelper does not support entity type '{0}'",
                        cmd.GetEntityType(authSessionNum)));

                GenerateHMACResponse response = request.TypedExecute ();
                response.AssertResponse();

                authHandle.SharedSecret = response.TpmAuthData;
            }

            return authHandle;
        }
コード例 #56
0
ファイル: TPMCapabilityClient.cs プロジェクト: deveck/doTSS
        /// <summary>
        /// Returns if the specified sizeIfSelect (= pcrcount / 8) is supported.
        /// This is used to create valid PCRSelection objects for this tpm
        /// </summary>
        /// <param name="size">
        /// A <see cref="System.UInt16"/>
        /// </param>
        /// <returns>
        /// A <see cref="System.Boolean"/>
        /// </returns>
        public bool SupportsSizeOfPcr(ushort size)
        {
            Parameters parameters = new Parameters ();
            parameters.AddPrimitiveType ("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE);
            parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_SELECT_SIZE, size);

            return this.BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_GetCapability, parameters)
                .Parameters.GetValueOf<bool>(CapabilityData.PARAM_PROP_SELECT_SIZE);
        }
コード例 #57
0
ファイル: TPM_Quote.cs プロジェクト: deveck/doTSS
        public override HMACKeyInfo GetKeyInfo(AuthSessionNum authSessionNum)
        {
            if(authSessionNum != AuthSessionNum.Auth1)
                return null;

            string keyIdentifier = _params.GetValueOf<string>("key");

            Parameters parameters = new Parameters();
            parameters.AddPrimitiveType("identifier", keyIdentifier);

            return new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, parameters);
        }
コード例 #58
0
ファイル: TPM_Seal.cs プロジェクト: deveck/doTSS
        public override void Init(Parameters param, TPMProvider tpmProvider, TPMWrapper tpmWrapper)
        {
            base.Init (param, tpmProvider, tpmWrapper);

            _digest = null;
            _responseDigest = null;
            _inData = param.GetValueOf<byte[]>("in_data");
            _pcrInfo = new TPMPCRInfoCore(new TPMPCRSelectionCore(param.GetValueOf<TPMPCRSelection>("pcr_selection")));

            _pcrInfo.CalculateDigests((TPMPCRInfoCore.GetPCRValueDelegate)delegate(uint pcrNum)
            {
                //TODO: Use TPM_Quote to determine pcr values once it's available

                Parameters pcrParams = new Parameters();
                pcrParams.AddPrimitiveType("pcrnum", pcrNum);
                TPMCommandResponse pcrResponse = _tpmWrapper.Process(new TPMCommandRequest(TPMCommandNames.TPM_CMD_PCRRead, pcrParams));
                if(!pcrResponse.Status)
                    throw new TPMResponseException("An unknown error occured on performing pcrread");
                return pcrResponse.Parameters.GetValueOf<byte[]>("value");
            });
        }
コード例 #59
0
ファイル: TPMServerContext.cs プロジェクト: deveck/doTSS
        /// <summary>
        /// Reads the configured tpm devices from the configuration and
        /// sets up the corresponding tpm contexts
        /// </summary>
        private void SetupTPMContexts()
        {
            IConnectionsConfiguration connectionConfig = (IConnectionsConfiguration)ConfigurationManager.GetSection ("connections");

            foreach (Iaik.Tc.TPM.Configuration.DotNetConfiguration.TPMDevice device in connectionConfig.TpmDevices)
            {
                try
                {
                    _logger.InfoFormat ("Setting up tpm context '{0}'", device.TPMName);
                    TPMWrapper tpmDevice = new TPMWrapper ();
                    tpmDevice.Init (device.TPMType, device.Parameters);
                    TPMContext tpmContext = new TPMContext (device.TPMName, tpmDevice);
                    _tpmContexts.Add (device.TPMName, tpmContext);

                    _logger.InfoFormat ("Flushing device '{0}'", device.TPMName);
                    foreach (TPMResourceType resourceType in new TPMResourceType[] {
                        TPMResourceType.TPM_RT_AUTH, TPMResourceType.TPM_RT_KEY})
                    {
                        Parameters listLoadedHandlesParameters = new Parameters ();
                        listLoadedHandlesParameters.AddPrimitiveType ("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE);
                        listLoadedHandlesParameters.AddPrimitiveType ("handle_type", resourceType);
                        TPMCommandRequest listLoadedHandlesRequest = new TPMCommandRequest (TPMCommandNames.TPM_CMD_GetCapability,
                            listLoadedHandlesParameters);
                        TPMCommandResponse response = tpmDevice.Process (listLoadedHandlesRequest);

                        if (response.Status == false)
                            throw new Exception ("An unknown tpm exception while flushing occured");

                        foreach (uint handle in response.Parameters.GetValueOf<HandleList> ("handles"))
                        {
                            Parameters flushParameters = new Parameters ();
                            flushParameters.AddValue ("handle", HandleFactory.Create (resourceType, handle));
                            TPMCommandRequest flushRequest = new TPMCommandRequest (TPMCommandNames.TPM_CMD_FlushSpecific, flushParameters);
                            TPMCommandResponse flushResponse = tpmDevice.Process (flushRequest);

                            if (flushResponse.Status == false)
                                throw new Exception ("Something went wrong while flushing");

                        }
                    }

                    _logger.InfoFormat ("Successfully setup tpm context '{0}' with type '{1}'", device.TPMName, device.TPMType);
                }
                catch (Exception ex)
                {
                    _logger.FatalFormat ("Error setting up tpm device '{0}', the device will not be available ({1})", device.TPMName, ex);
                }

                ///Set the Assembly search order for incoming Parameters so that core classes are always at first
                Parameters.AssemblySearchOrder = new Assembly[]{
                    typeof(TPMWrapper).Assembly, //lib core
                    typeof(ITypedParameter).Assembly};	//lib common

            }
        }
コード例 #60
0
ファイル: TPM_Seal.cs プロジェクト: deveck/doTSS
        protected override TPMCommandResponse InternalProcess()
        {
            // Unencrypted authorization values, they need to be XOR-Encrypted with
            // XOR(auth, SHA-1(OSAP shared secret | session nonce))
            //
            // OSAP_shared_secret = HMAC(key=usage secret of key handle, nonce even osap | nonce odd osap)
            AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);

            _encAuth = _params.GetValueOf<byte[]> ("data_auth");

            byte[] xorKey = new HashProvider().Hash(
                    new HashByteDataProvider(auth1OSAP.SharedSecret),
                    new HashByteDataProvider(auth1OSAP.NonceEven));

            ByteHelper.XORBytes(_encAuth, xorKey);

            //Load parent key if not loaded
            _keyManager.LoadKey(_params.GetValueOf<string>("key"));

            TPMBlob requestBlob = new TPMBlob();
            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Seal);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_encAuth, 0, 20);
            TPMBlobWriteableHelper.WriteITPMBlobWritableWithUIntSize(requestBlob, _pcrInfo);
            requestBlob.WriteUInt32((uint)_inData.Length);
            requestBlob.Write(_inData, 0, _inData.Length);

            AuthorizeMe(requestBlob);

            using(_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("key")).Handle);
                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            TPMStoredDataCore sealedData = TPMStoredDataCore.CreateFromTPMBlob(_responseBlob);

            Parameters responseParams = new Parameters();
            responseParams.AddPrimitiveType("data", ByteHelper.SerializeToBytes(sealedData));

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Seal, responseParams);
        }