// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { tpm.PolicyLocality(authSession, AllowedLocality); return tpm._GetLastResponseCode(); }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { throw new Exception("Do not include in running policies"); }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { tpm.PolicyNameHash(authSession, NameHash); return tpm._GetLastResponseCode(); }
private void CheckParamEncSessCandidate(AuthSession candidate, SessionAttr directionFlag) { if (!candidate.Attrs.HasFlag(directionFlag)) { return; } bool decrypt = directionFlag == SessionAttr.Decrypt; if (!_Behavior.Passthrough) { if (!candidate.CanEncrypt()) { throw new Exception(string.Format("{0} session is missing symmetric algorithm", decrypt ? "Decryption" : "Encryption")); } if ((decrypt ? DecSession : EncSession) != null) { throw new Exception(string.Format("Multiple {0} sessions", decrypt ? "decryption" : "encryption")); } } if (decrypt) { DecSession = candidate; } else { EncSession = candidate; } }
/// <summary> /// Called from TpmPolicySecret. /// </summary> /// <returns></returns> internal void ExecutePolicySecretCallback(TpmPolicySecret ace, out SessionBase authorizingSession, out TpmHandle authorizedEntityHandle, out bool flushAuthEntity) { if (PolicySecretCallback == null) { Globs.Throw("No policy secret callback installed."); authorizingSession = new AuthSession(new TpmHandle()); authorizedEntityHandle = new TpmHandle(); flushAuthEntity = false; return; } PolicySecretCallback(this, ace, out authorizingSession, out authorizedEntityHandle, out flushAuthEntity); }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { tpm.PolicyPassword(authSession); authSession.SessIncludesAuth = true; authSession.PlaintextAuth = true; return tpm._GetLastResponseCode(); }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { byte[] nonceTpm = UseNonceTpm ? Globs.CopyData(authSession.NonceTpm) : new byte[0]; var dataToSign = new Marshaller(); dataToSign.Put(nonceTpm, ""); ISignatureUnion signature; // If the library has been given a signing key we can do the challenge here (else we need to call out) TpmHandle verificationKey; if (SigningKey != null) { dataToSign.Put(ExpirationTime, ""); dataToSign.Put(CpHash, ""); dataToSign.Put(PolicyRef, ""); // Just ask the key to sign the challenge signature = SigningKey.Sign(dataToSign.GetBytes()); verificationKey = tpm.LoadExternal(null, SigningKeyPub, TpmRh.Owner); } else { TpmPublic verifier; signature = AssociatedPolicy.ExecuteSignerCallback(this, nonceTpm, out verifier); verificationKey = tpm.LoadExternal(null, verifier, TpmRh.Owner); } TkAuth policyTicket; Timeout = tpm.PolicySigned(verificationKey, authSession, nonceTpm, CpHash, PolicyRef, ExpirationTime, signature, out policyTicket); TpmRc responseCode = tpm._GetLastResponseCode(); // Save the policyTicket in case it is needed later PolicyTicket = policyTicket; tpm.FlushContext(verificationKey); return responseCode; }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { return TpmRc.Success; }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { policy.ExecutePolicyActionCallback(this); return TpmRc.Success; }
internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { tpm.PolicyAuthorizeNV(AuthHandle, NvIndex, authSession); return tpm._GetLastResponseCode(); }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { byte includeName = IncludeObjectNameInPolicyHash ? (byte)1 : (byte)0; tpm.PolicyDuplicationSelect(authSession, NameOfObject, NameOfNewParent, includeName); return tpm._GetLastResponseCode(); }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { byte[] dataToSign = Globs.Concatenate(PolicyToReplace, PolicyRef); byte[] aHash = CryptoLib.HashData(SigningHash, dataToSign); TpmHandle verifierHandle = tpm.LoadExternal(null, SigningKey, TpmRh.Owner); if (policy.AllowErrorsInPolicyEval) { tpm._AllowErrors(); } // todo - fix the serialization so that we can persist the interface ISignatureUnion theSig = null; if(null!= (Object) Sig1) { theSig = Sig1; } if (null != (Object)Sig2) { theSig = Sig2; } if (theSig != null) { Ticket = tpm.VerifySignature(verifierHandle, aHash, theSig); TpmRc intermediateError = tpm._GetLastResponseCode(); if (intermediateError != TpmRc.Success) { tpm.FlushContext(verifierHandle); return intermediateError; } } else { // create a dummy ticket = e.g. for a trial session Ticket = new TkVerified(TpmRh.Owner, new byte[0]); } tpm.FlushContext(verifierHandle); byte[] keySign = SigningKey.GetName(); TpmHandle policySession = authSession; if (TheParamsCallback != null) { TheParamsCallback(tpm, ref policySession, ref PolicyToReplace, ref PolicyRef, keySign, ref Ticket); } if (policy.AllowErrorsInPolicyEval) { tpm._AllowErrors(); } tpm.PolicyAuthorize(policySession, PolicyToReplace, PolicyRef, keySign, Ticket); return tpm._GetLastResponseCode(); }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { if (ObjectName == null) { ObjectName = AuthorizingKey.GetName(); } tpm.PolicyTicket(authSession, ExpirationTime, CpHash, PolicyRef, Marshaller.GetTpmRepresentation(ObjectName), Ticket); return tpm._GetLastResponseCode(); }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { TpmRc res; byte[] nonceTpm = UseNonceTpm ? Globs.CopyData(authSession.NonceTpm) : new byte[0]; if (AuthVal == null) { SessionBase session; TpmHandle authorizedEntity; bool flushHandleOnCompletion; AssociatedPolicy.ExecutePolicySecretCallback(this, out session, out authorizedEntity, out flushHandleOnCompletion); Timeout = tpm[session].PolicySecret(authorizedEntity, authSession, nonceTpm, CpHash, PolicyRef, ExpirationTime, out PolicyTicket); res = tpm._GetLastResponseCode(); if (flushHandleOnCompletion) { tpm.FlushContext(authorizedEntity); } if (!(session is Pwap)) { tpm.FlushContext(session); } } else { Timeout = tpm[AuthVal].PolicySecret(AuthorityHandle, authSession, nonceTpm, CpHash, PolicyRef, ExpirationTime, out PolicyTicket); res = tpm._GetLastResponseCode(); } return res; }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { TpmRc res; if (AuthorizationHandle == null) { TpmHandle nvHandle, authHandle; SessionBase nvAuth; AssociatedPolicy.ExecutePolicyNvCallback(this, out authHandle, out nvHandle, out nvAuth); tpm[nvAuth].PolicyNV(authHandle, nvHandle, authSession, OperandB, Offset, Operation); res = tpm._GetLastResponseCode(); if (!(nvAuth is Pwap)) { tpm.FlushContext(nvAuth); } } else { tpm[NvAccessAuth].PolicyNV(AuthorizationHandle, NvIndex, authSession, OperandB, Offset, Operation); res = tpm._GetLastResponseCode(); } return res; }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { byte writtenName = IsNvIndexRequiredToHaveBeenWritten ? (byte)1 : (byte)0; tpm.PolicyNvWritten(authSession, writtenName); return tpm._GetLastResponseCode(); }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { Globs.Throw("Do not include PolicyRestart in running policies"); return TpmRc.Policy; }
// ReSharper disable once InconsistentNaming internal abstract TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy);
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { tpm.PolicyPhysicalPresence(authSession); return tpm._GetLastResponseCode(); }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { Tpm2bDigest[] branchList = GetPolicyHashArray(policy.PolicyHash.HashAlg); tpm.PolicyOR(authSession, branchList); return tpm._GetLastResponseCode(); }
/// <summary> /// Copies parameters associated with the session handle encapsulated in the /// sess argument into the sess object. These parameters are the ones passed /// to the StartAuthSession command. They are remembered by this Tpm2 object, /// until this method is called. /// /// Note that _InitializeSession() can be used only once for the given session /// handle, as the associated parameters are erased from Tpm2 Object after /// they were copied into AuthSession object for the first time. /// </summary> /// <param name="sess"></param> internal bool _InitializeSession(AuthSession sess) { if (!sess.Initialized()) { if (!SessionParams.ContainsKey(sess)) { // There are no session parameters associated with the session // handle (e.g., when the session was created by other Tpm2 object). return false; } sess.Init(SessionParams[sess]); sess.CalcSessionKey(); SessionParams.Remove(sess); } return true; }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession policySession, PolicyTree policy) { tpm.PolicyPCR(policySession, Pcrs.GetSelectionHash(policy.PolicyHash.HashAlg), Pcrs.GetPcrSelectionArray()); return tpm._GetLastResponseCode(); }
/// <summary> /// Sets parameters associated with the session. /// </summary> internal void Init (AuthSession Params) { SessionType = Params.SessionType; BindObject = Params.BindObject; NonceCaller = Params.NonceCaller; NonceTpm = Params.NonceTpm; Symmetric = Params.Symmetric; AuthHash = Params.AuthHash; AuthHandle = Params.AuthHandle; // When salt is required, destination session will have it set directly by the user if (Params.Salt != SaltNeeded) Salt = null; }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession policySession, PolicyTree policy) { tpm.PolicyCounterTimer(policySession, OperandB, Offset, Operation); return tpm._GetLastResponseCode(); }
/// <summary> /// Called from TpmPolicyNV. /// </summary> /// <returns></returns> internal void ExecutePolicyNvCallback(TpmPolicyNV ace, out TpmHandle authHandle, out TpmHandle nvHandle, out SessionBase authSession) { if (PolicyNVCallback == null) { Globs.Throw("No policyNV callback installed."); authHandle = new TpmHandle(); nvHandle = new TpmHandle(); authSession = new AuthSession(new TpmHandle()); return; } PolicyNVCallback(this, ace, out authSession, out authHandle, out nvHandle); }
/// <summary> /// This sample illustrates the use of the resource manager built into /// Tpm2Lib. Using the resource manager relieves the programmer of the /// (sometimes burdensome) chore of juggling a small number of TPM slots /// </summary> /// <param name="tpm">Reference to the TPM object.</param> static void ResourceManager(Tpm2 tpm) { // // The Tbs device class has a built-in resource manager. We create an // instance of the Tbs device class, but hook it up to the TCP device // created above. We also tell the Tbs device class to clean the TPM // before we start using it. // This sample won't work on top of the default Windows resource manager // (TBS). // var tbs = new Tbs(tpm._GetUnderlyingDevice(), false); var tbsTpm = new Tpm2(tbs.CreateTbsContext()); // // Make more sessions than the TPM has room for // const int count = 32; var sessions = new AuthSession[count]; for (int j = 0; j < count; j++) { sessions[j] = tbsTpm.StartAuthSessionEx(TpmSe.Policy, TpmAlgId.Sha1); } Console.WriteLine("Created {0} sessions.", count); // // And now use them. The resource manager will use ContextLoad and // ContextSave to bring them into the TPM // for (int j = 0; j < count; j++) { tbsTpm.PolicyAuthValue(sessions[j].Handle); } Console.WriteLine("Used {0} sessions.", count); // // And now clean up // for (int j = 0; j < count; j++) { tbsTpm.FlushContext(sessions[j].Handle); } Console.WriteLine("Cleaned up."); // // Dispose of the Tbs device object. // tbsTpm.Dispose(); }