public static ProtectedPasswordStorage ReadPassword(string hintText, TPMConsole console, bool retypePw)
{
console.Out.Write (hintText);
ConsoleKeyInfo consoleKeyInfo;
ProtectedPasswordStorage[] pws;
if(retypePw)
pws = new ProtectedPasswordStorage[] { new ProtectedPasswordStorage (), new ProtectedPasswordStorage () };
else
pws = new ProtectedPasswordStorage[] { new ProtectedPasswordStorage() };
for (int i = 0; i < pws.Length; i++)
{
ProtectedPasswordStorage pw = pws[i];
if (i == 1)
console.Out.Write ("Retype password:"******"Error: Passwords do not match!");
return null;
}
}
public static void Main(string[] args)
{
// Establish Connections
IDictionary<string, TPMSession> sessions =
XMLConfiguration.EstablischConnection(base_path + "ClientConfigXml/UnixSocketDeviceLin.xml");
// Create one keystore per opened session
//foreach (TPMSession tpmSes in sessions.Values)
// tpmSes.Keystore = new InMemoryKeystore();
TPMSession sessionToUse = sessions["local0"];
// sessionToUse.SetRequestSecretCallback(RequestSecret);
ProtectedPasswordStorage pws = new ProtectedPasswordStorage();
pws.WellKnown();
sessionToUse.AdministrationClient.TakeOwnership(ConsoleUtils.ReadPassword("Owner Password: "******"PCRS = " + sessionToUse.CapabilityClient.GetPCRCount());
}
public void TakeOwnership(ProtectedPasswordStorage ownerSecret, ProtectedPasswordStorage srkSecret)
{
_tpmSession.SetValue ("secret_" + TPMSession.PARAM_AUTH_OWNER, ownerSecret);
_tpmSession.SetValue ("secret_" + TPMSession.PARAM_AUTH_SRK, srkSecret);
IAsymmetricBlockCipher ekEncryptor = _tpmSession.EndorsementKeyHandling.PublicKey.CreateRSAEncrypter ();
ownerSecret.DecryptHash ();
byte[] encOwnerSecret = ekEncryptor.ProcessBlock (ownerSecret.HashValue, 0, ownerSecret.HashValue.Length);
ownerSecret.ClearHash ();
srkSecret.DecryptHash ();
byte[] encSrkSecret = ekEncryptor.ProcessBlock (srkSecret.HashValue, 0, srkSecret.HashValue.Length);
srkSecret.ClearHash ();
Parameters parameters = new Parameters ();
parameters.AddPrimitiveType (PARAM_OWNERAUTH, encOwnerSecret);
parameters.AddPrimitiveType (PARAM_SRKAUTH, encSrkSecret);
/*TPMCommandResponse response = */BuildDoVerifyRequest (TPMCommandNames.TPM_CMD_TakeOwnership, parameters);
}
public bool EqualPassword(ProtectedPasswordStorage obj)
{
if (obj == null)
{
return(false);
}
IntPtr plain1 = Marshal.SecureStringToBSTR(_plainPassword);
IntPtr plain2 = Marshal.SecureStringToBSTR(obj._plainPassword);
try
{
unsafe
{
int currentIndex = 0;
while (true)
{
char char1 = ((char *)plain1)[currentIndex];
char char2 = ((char *)plain2)[currentIndex];
if (char1 != char2)
{
return(false);
}
else if (char1 == 0 || char2 == 0)
{
return(true);
}
currentIndex++;
}
}
}
finally
{
Marshal.ZeroFreeBSTR(plain1);
Marshal.ZeroFreeBSTR(plain2);
}
}
public static ProtectedPasswordStorage ReadPassword(string hintText)
{
Console.Write (hintText);
ConsoleKeyInfo consoleKeyInfo;
ProtectedPasswordStorage pws = new ProtectedPasswordStorage();
while (true)
{
consoleKeyInfo = Console.ReadKey(true);
if (consoleKeyInfo.Key == ConsoleKey.Enter)
{
Console.WriteLine ();
return pws;
}
else if (consoleKeyInfo.Key == ConsoleKey.Escape)
{
Console.WriteLine ();
return null;
}
else
pws.AppendPasswordChar (consoleKeyInfo.KeyChar);
}
}
/// <summary>
/// Constructs a new SealBlockCipher with the specified arguments and caches the specified seal auth value
/// </summary>
/// <param name="keyHandle"></param>
/// <param name="session"></param>
/// <param name="sealAuth"></param>
public SealBlockCipher(ClientKeyHandle keyHandle, TPMSession session, TPMPCRSelection pcrSelection, ProtectedPasswordStorage sealAuth)
: this(keyHandle, session, pcrSelection)
{
_session.SetValue("secret_seal_" + _keyHandle.FriendlyName + "_" + _myId.ToString(), sealAuth);
}
public HMACProvider(ProtectedPasswordStorage key)
: base("HMACSHA1")
{
key.DecryptHash();
HMACAlgorithm.Key = key.HashValue;
}
static ProtectedPasswordStorage RequestSecret(HMACKeyInfo keyInfo)
{
if(keyInfo.KeyType == HMACKeyInfo.HMACKeyType.SrkSecret)
{
ProtectedPasswordStorage secret = new ProtectedPasswordStorage();
secret.WellKnown();
return secret;
}
ProtectedPasswordStorage pws = new ProtectedPasswordStorage();
pws.AppendPasswordChar('I');
pws.AppendPasswordChar('A');
pws.AppendPasswordChar('I');
pws.AppendPasswordChar('K');
return pws;
}
public override void Execute(string[] commandline)
{
if (commandline.Length < 2)
{
_console.Out.WriteLine ("Error: [local_session_alias] not specified");
return;
}
else if (commandline.Length < 3)
{
_console.Out.WriteLine ("Error: [command] not specified");
return;
}
ClientContext ctx = _console.GetValue<ClientContext> ("client_context", null);
if (ctx == null)
{
_console.Out.WriteLine ("No active connection was found");
return;
}
string localAlias = commandline[1];
string keyCommand = commandline[2];
IDictionary<string, TPMSession> tpmSessions = _console.GetValue<IDictionary<string, TPMSession>> ("tpm_sessions", null);
if (tpmSessions == null || tpmSessions.ContainsKey (localAlias) == false)
{
_console.Out.WriteLine ("Error: Specified local alias was not found");
return;
}
if (keyCommand == "clear")
{
List<string> toRemove = new List<string>();
foreach(string key in tpmSessions[localAlias].ListValueKeys())
{
if(key.StartsWith("secret_"))
toRemove.Add(key);
}
foreach(string key in toRemove)
{
tpmSessions[localAlias].ClearValue(key);
}
}
else if (keyCommand == "remove")
{
IDictionary<string, string> arguments = null;
if(commandline.Length >= 4)
arguments = _console.SplitArguments(commandline[3], 0);
if(commandline.Length < 4 || arguments.ContainsKey("type") == false)
{
_console.Out.WriteLine("Error: No type to remove specified");
return;
}
tpmSessions[localAlias].ClearValue("secret_" + arguments["type"]);
}
else if(keyCommand == "add")
{
if(commandline.Length < 4)
{
_console.Out.WriteLine("Error: No arguments specified");
return;
}
IDictionary<string, string> arguments = _console.SplitArguments(commandline[3], 0);
if(arguments.ContainsKey("type") == false)
{
_console.Out.WriteLine("Error: No type specified");
return;
}
string dictKey = arguments["type"];
HMACKeyInfo keyInfo;
Parameters hmacKeyInfoParams = new Parameters();
if(dictKey == "owner")
{
dictKey = TPMSession.PARAM_AUTH_OWNER;
keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.OwnerSecret, hmacKeyInfoParams);
}
else if(dictKey == "srk")
{
dictKey = TPMSession.PARAM_AUTH_SRK;
keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, hmacKeyInfoParams);
}
else if(dictKey == "key_usage")
{
if(arguments.ContainsKey("name") == false)
{
_console.Out.WriteLine("Error: key_usage requires name of key");
return;
}
dictKey = "usage_" + arguments["name"];
hmacKeyInfoParams.AddPrimitiveType("identifier", arguments["name"]);
keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, hmacKeyInfoParams);
}
else if(dictKey == "seal")
{
if(arguments.ContainsKey("name") == false)
{
_console.Out.WriteLine("Error: seal requires name of key");
return;
}
dictKey = "seal_" + arguments["name"];
hmacKeyInfoParams.AddPrimitiveType("identifier", arguments["name"]);
keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SealAuth, hmacKeyInfoParams);
}
else if(dictKey == "counter")
{
dictKey = "counter";
keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.CounterSecret, new Parameters());
}
else
{
_console.Out.WriteLine("Error: Unknown secret type");
return;
}
ProtectedPasswordStorage pw;
if(arguments.ContainsKey("secret"))
{
pw = new ProtectedPasswordStorage();
foreach(char c in arguments["secret"])
pw.AppendPasswordChar(c);
}
else
{
tpmSessions[localAlias].ClearValue("secret_" + dictKey);
pw = tpmSessions[localAlias].RequestSecret(keyInfo);
}
pw.Hash();
tpmSessions[localAlias].SetValue("secret_" + dictKey, pw);
}
else
_console.Out.WriteLine ("Error, unknown command '{0}'", commandline[2]);
}
public override void Execute(string[] commandline)
{
if (commandline.Length < 2)
_console.Out.WriteLine ("Error: [local_alias] not specified");
else if (commandline.Length < 3)
_console.Out.WriteLine ("Error: [admin_subcommand] not specified");
ClientContext ctx = _console.GetValue<ClientContext> ("client_context", null);
if (ctx == null)
{
_console.Out.WriteLine ("No active connection was found");
return;
}
string localAlias = commandline[1];
string adminCommand = commandline[2];
IDictionary<string, TPMSession> tpmSessions = _console.GetValue<IDictionary<string, TPMSession>> ("tpm_sessions", null);
if (tpmSessions == null || tpmSessions.ContainsKey (localAlias) == false)
{
_console.Out.WriteLine ("Error: Specified local alias was not found");
return;
}
if (adminCommand == "take_ownership")
{
ProtectedPasswordStorage ownerAuth;
if(commandline.Length >= 4)
{
ownerAuth = new ProtectedPasswordStorage();
foreach(char c in commandline[3])
ownerAuth.AppendPasswordChar(c);
}
else
ownerAuth = Utils.ReadPassword ("Enter new owner password:"******"Enter new srk password:"******"Request aborted");
return;
}
ownerAuth.Hash ();
srkAuth.Hash ();
tpmSessions[localAlias].AdministrationClient.TakeOwnership (ownerAuth, srkAuth);
}
else if(adminCommand == "owner_clear")
{
tpmSessions[localAlias].AdministrationClient.ClearOwner();
}
else
_console.Out.WriteLine ("Error, unknown admin_subcommand '{0}'", adminCommand);
}
/// <summary>
/// Creates an IAsymmetricBlockCipher for sealing for this key. This is only valid for storage keys
/// </summary>
/// <param name="pcrSelection"> </param>
/// <returns></returns>
public IAsymmetricBlockCipher CreateSealBlockCipher(TPMPCRSelection pcrSelection, ProtectedPasswordStorage sealAuth)
{
return new SealBlockCipher(this, _tpmSession, pcrSelection, sealAuth);
}
public bool EqualPassword(ProtectedPasswordStorage obj)
{
if (obj == null)
return false;
IntPtr plain1 = Marshal.SecureStringToBSTR (_plainPassword);
IntPtr plain2 = Marshal.SecureStringToBSTR (obj._plainPassword);
try
{
unsafe
{
int currentIndex = 0;
while (true)
{
char char1 = ((char*)plain1)[currentIndex];
char char2 = ((char*)plain2)[currentIndex];
if (char1 != char2)
return false;
else if (char1 == 0 || char2 == 0)
return true;
currentIndex++;
}
}
}
finally
{
Marshal.ZeroFreeBSTR (plain1);
Marshal.ZeroFreeBSTR (plain2);
}
}
public static ProtectedPasswordStorage mycallback(HMACKeyInfo keyInfo)
{
// We use the empty string as password ...
ProtectedPasswordStorage pws = new ProtectedPasswordStorage();
pws.AppendPasswordChar('i');
pws.AppendPasswordChar('a');
pws.AppendPasswordChar('i');
pws.AppendPasswordChar('k');
return pws;
}
public HMACProvider(ProtectedPasswordStorage key)
: base("HMACSHA1")
{
key.DecryptHash();
HMACAlgorithm.Key = key.HashValue;
}
static ProtectedPasswordStorage RequestSecret(HMACKeyInfo keyInfo)
{
if(keyInfo.KeyType == HMACKeyInfo.HMACKeyType.SrkSecret)
{
ProtectedPasswordStorage secret = new ProtectedPasswordStorage();
secret.WellKnown();
return secret;
}
return ConsoleUtils.ReadPassword(String.Format("Please enter Passwd for key {0}: ",
keyInfo.Parameters.GetValueOf<string>("identifier")));
}
