|
public static FromData ( TpmAlgId hashAlg, byte dataToHash ) : |
||
| hashAlg | TpmAlgId | |
| dataToHash | byte | |
| return | ||
public static byte[] PssEncode(byte[] m, TpmAlgId hashAlg, int sLen, int emBits)
{
var emLen = (int)Math.Ceiling(1.0 * emBits / 8);
int hLen = CryptoLib.DigestSize(hashAlg);
// 1 - Ignore
// 2
byte[] mHash = TpmHash.FromData(hashAlg, m);
// 3
if (emLen < hLen + sLen + 2)
{
if (Tpm2._TssBehavior.Passthrough)
{
return(new byte[0]);
}
else
{
throw new Exception("Encoding error");
}
}
// 4
byte[] salt = Globs.GetRandomBytes(sLen);
// 5
byte[] mPrime = Globs.Concatenate(new[] { Globs.ByteArray(8, 0),
mHash,
salt });
// 6
byte[] h = CryptoLib.HashData(hashAlg, mPrime);
// 7
byte[] ps = Globs.GetZeroBytes(emLen - sLen - hLen - 2);
// 8
byte[] db = Globs.Concatenate(new[] { ps,
new byte[] { 0x01 },
salt });
// 9
byte[] dbMask = CryptoLib.MGF(h, emLen - hLen - 1, hashAlg);
// 10
byte[] maskedDb = XorEngine.Xor(db, dbMask);
// 11
int numZeroBits = 8 * emLen - emBits;
byte mask = GetByteMask(numZeroBits);
maskedDb[0] &= mask;
// 12
byte[] em = Globs.Concatenate(new[] { maskedDb,
h,
new byte[] { 0xbc } });
// 13
return(em);
}
/// <summary>
// Calculate and return the name of the entity. The name is an alg-prepended
// digest in a byte buffer
/// </summary>
/// <returns></returns>
public byte[] GetName()
{
byte[] rawData = GetTpmRepresentation();
TpmHash pubDigest = TpmHash.FromData(nameAlg, rawData);
return(Marshaller.GetTpmRepresentation(pubDigest));
}
/// <summary>
/// Verify that quotedInfo is properly signed by an associated private key
/// holder, and that the quotedInfo.type, .extraData and .magic are correct.
/// Also check that the certified name is what the caller expects. The caller
/// must check other fields (for instance the qualified name)
/// </summary>
/// <param name="name"></param>
/// <param name="nonce"></param>
/// <param name="quotedInfo"></param>
/// <param name="expectedName"></param>
/// <param name="signature"></param>
/// <returns></returns>
public bool VerifyCertify(TpmHash name, byte[] nonce, Attest quotedInfo,
byte[] expectedName, ISignatureUnion signature)
{
// Check generic signature stuff
if (quotedInfo.type != TpmSt.AttestCertify)
{
return(false);
}
if (!Globs.ArraysAreEqual(quotedInfo.extraData, nonce))
{
return(false);
}
if (quotedInfo.magic != Generated.Value)
{
return(false);
}
// Check specific certify-signature stuff
var certInfo = (CertifyInfo)quotedInfo.attested;
if (!Globs.ArraysAreEqual(expectedName, certInfo.name))
{
return(false);
}
// Check the actual signature
TpmHash sigHash = TpmHash.FromData(TpmAlgId.Sha1, quotedInfo.GetTpmRepresentation());
bool certifyOk = VerifySignatureOverHash(sigHash, signature);
return(certifyOk);
}
public static byte[] Pkcs15Encode(byte[] m, int emLen, TpmAlgId hashAlg)
{
byte[] prefix;
switch (hashAlg)
{
case TpmAlgId.Sha1:
prefix = new byte[]
{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b,
0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
break;
case TpmAlgId.Sha256:
prefix = new byte[] {
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
};
break;
case TpmAlgId.Sha384:
prefix = new byte[] {
0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
};
break;
case TpmAlgId.Sha512:
prefix = new byte[] {
0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
};
break;
default:
Globs.Throw <ArgumentException>("Pkcs15Encode: Unsupported hashAlg");
return(new byte[0]);
}
byte[] messageHash = TpmHash.FromData(hashAlg, m);
byte[] T = Globs.Concatenate(prefix, messageHash);
int tLen = T.Length;
if (emLen < tLen + 11)
{
Globs.Throw <ArgumentException>("Pkcs15Encode: Encoded message is too short");
return(new byte[0]);
}
byte[] ps = Globs.ByteArray(emLen - tLen - 3, 0xff);
byte[] em = Globs.Concatenate(new[] { new byte[] { 0x00, 0x01 }, ps,
new byte[] { 0x00 }, T });
return(em);
}
internal override TpmHash GetPolicyDigest(TpmAlgId hashAlg)
{
int numBranches = PolicyBranches.Count;
if (numBranches < 2 || numBranches > 8)
{
Globs.Throw("GetPolicyDigest: Must have between 2 and 8 branches in a PolicyOr");
}
var m = new Marshaller();
m.Put(TpmHash.ZeroHash(hashAlg).HashData, "zero");
m.Put(TpmCc.PolicyOR, "ordinal");
foreach (PolicyAce branch in PolicyBranches)
{
TpmHash branchPolicyHash = branch.GetPolicyDigest(hashAlg);
m.Put(branchPolicyHash.HashData, "h");
}
return(TpmHash.FromData(hashAlg, m.GetBytes()));
}
/// <summary>
/// PSS verify. Note: we expect the caller to do the hash.
/// </summary>
/// <param name="m"></param>
/// <param name="em"></param>
/// <param name="sLen"></param>
/// <param name="emBits"></param>
/// <param name="hashAlg"></param>
/// <returns></returns>
public static bool PssVerify(byte[] m, byte[] em, int sLen, int emBits, TpmAlgId hashAlg)
{
var emLen = (int)Math.Ceiling(1.0 * emBits / 8);
int hLen = CryptoLib.DigestSize(hashAlg);
// 1 - Skip
// 2
byte[] mHash = TpmHash.FromData(hashAlg, m);
// 3
if (emLen < hLen + sLen + 2)
{
return(false);
}
// 4
if (em[em.Length - 1] != 0xbc)
{
return(false);
}
// 5
byte[] maskedDB = Globs.CopyData(em, 0, emLen - hLen - 1);
byte[] h = Globs.CopyData(em, emLen - hLen - 1, hLen);
// 6
int numZeroBits = 8 * emLen - emBits;
// First numZero bits is zero in mask
byte mask = GetByteMask(numZeroBits);
if ((maskedDB[0] & mask) != maskedDB[0])
{
return(false);
}
// 7
byte[] dbMask = CryptoLib.MGF(h, emLen - hLen - 1, hashAlg);
// 8
byte[] db = XorEngine.Xor(maskedDB, dbMask);
// 9
int numZeroBits2 = 8 * emLen - emBits;
byte mask2 = GetByteMask(numZeroBits2);
db[0] &= mask2;
// 10
for (int j = 0; j < emLen - hLen - sLen - 2; j++)
{
if (db[j] != 0)
{
return(false);
}
}
if (db[emLen - hLen - sLen - 1 - 1] != 1)
{
return(false);
}
// 11
byte[] salt = Globs.CopyData(db, db.Length - sLen);
// 12
byte[] mPrime = Globs.Concatenate(new[] { Globs.ByteArray(8, 0), mHash, salt });
// 13
byte[] hPrime = TpmHash.FromData(hashAlg, mPrime);
// 14
bool match = Globs.ArraysAreEqual(h, hPrime);
if (match == false)
{
return(false);
}
return(true);
}
/// <summary>
// Verify that a TPM quote matches an expect PCR selection, is well formed,
// and is properly signed. In acse of failure this overload additionally
// returns information about the specific check that failed.
/// </summary>
/// <param name="pcrDigestAlg"></param>
/// <param name="expectedSelectedPcr"></param>
/// <param name="expectedPcrValues"></param>
/// <param name="nonce"></param>
/// <param name="quotedInfo"></param>
/// <param name="signature"></param>
/// <param name="pointOfFailure"></param>
/// <param name="qualifiedNameOfSigner"></param>
/// <returns></returns>
public bool VerifyQuote(TpmAlgId pcrDigestAlg,
PcrSelection[] expectedSelectedPcr,
Tpm2bDigest[] expectedPcrValues,
byte[] nonce,
Attest quotedInfo,
ISignatureUnion signature,
out QuoteElt pointOfFailure,
byte[] qualifiedNameOfSigner = null)
{
pointOfFailure = QuoteElt.None;
if (!(quotedInfo.attested is QuoteInfo))
{
pointOfFailure = QuoteElt.Type;
return(false);
}
if (quotedInfo.magic != Generated.Value)
{
pointOfFailure = QuoteElt.Magic;
return(false);
}
if (!quotedInfo.extraData.IsEqual(nonce))
{
pointOfFailure = QuoteElt.ExtraData;
return(false);
}
// Check environment of signer (name) is expected
if (qualifiedNameOfSigner != null &&
!quotedInfo.qualifiedSigner.IsEqual(qualifiedNameOfSigner))
{
pointOfFailure = QuoteElt.QualifiedSigner;
return(false);
}
// Now check the quote-specific fields
var quoted = (QuoteInfo)quotedInfo.attested;
// Check values pcr indices are what we expect
if (!Globs.ArraysAreEqual(quoted.pcrSelect, expectedSelectedPcr))
{
pointOfFailure = QuoteElt.PcrSelect;
return(false);
}
// Check that values in the indices above are what we expect
// ReSharper disable once UnusedVariable
var expected = new PcrValueCollection(expectedSelectedPcr, expectedPcrValues);
var m = new Marshaller();
foreach (Tpm2bDigest d in expectedPcrValues)
{
m.Put(d.buffer, "");
}
TpmHash expectedPcrHash = TpmHash.FromData(pcrDigestAlg, m.GetBytes());
if (!Globs.ArraysAreEqual(expectedPcrHash, quoted.pcrDigest))
{
pointOfFailure = QuoteElt.PcrDigest;
return(false);
}
// And finally check the signature
if (!VerifySignatureOverData(quotedInfo.GetTpmRepresentation(), signature))
{
pointOfFailure = QuoteElt.Signature;
return(false);
}
return(true);
}
