/// <summary>
/// Gets the identifier of the device
/// </summary>
/// <returns></returns>
public string GetHardwareDeviceId()
{
TpmHandle srkHandle = new TpmHandle(TPM_20_SRK_HANDLE);
try
{
string hardwareDeviceId;
// Open the TPM
Tpm2Device tpmDevice = new TbsDevice();
tpmDevice.Connect();
using (var tpm = new Tpm2(tpmDevice))
{
// Read the URI from the TPM
TpmPublic srk = tpm.ReadPublic(srkHandle, out byte[] name, out byte[] qualifiedName);
// Calculate the hardware device id for this logical device
byte[] deviceId = CryptoLib.HashData(TpmAlgId.Sha256, BitConverter.GetBytes(logicalDeviceId), name);
// Produce the output string
hardwareDeviceId = string.Join(string.Empty, deviceId.Select(b => b.ToString("x2")));
}
return(hardwareDeviceId);
}
catch { }
return(string.Empty);
}
protected override IDictionary <string, Entry> Load(string thumbprint)
{
IDictionary <string, Entry> certs = base.Load(thumbprint);
foreach (KeyValuePair <string, Entry> pair in certs)
{
try
{
// Create a handle based on the hash of the cert thumbprint
ushort slotIndex = BitConverter.ToUInt16(CryptoLib.HashData(TpmAlgId.Sha256, Encoding.UTF8.GetBytes(thumbprint)), 0);
TpmHandle nvHandle = TpmHandle.NV(slotIndex);
// Get byte array of hash
byte[] original = Encoding.UTF8.GetBytes(pair.Key.ToCharArray());
// Load hash from NV storage
byte[] rawData = m_tpm[m_ownerAuth].NvRead(nvHandle, nvHandle, (ushort)original.Length, 0);
if (!original.IsEqual(rawData))
{
// hashes don't match, don't return it
certs.Remove(pair.Key);
}
}
catch (Exception e)
{
Utils.Trace(e, "Could not check application certificate thumprint in TPM NV storage!");
}
}
return(certs);
}
public override Task Add(X509Certificate2 certificate)
{
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
lock (m_lock)
{
try
{
// Create a handle based on the hash of the cert thumbprint
ushort slotIndex = BitConverter.ToUInt16(CryptoLib.HashData(TpmAlgId.Sha256, Encoding.UTF8.GetBytes(certificate.Thumbprint)), 0);
TpmHandle nvHandle = TpmHandle.NV(slotIndex);
// Clean up the slot
m_tpm[m_ownerAuth]._AllowErrors().NvUndefineSpace(TpmHandle.RhOwner, nvHandle);
// Define a slot for the thumbprint
m_tpm[m_ownerAuth].NvDefineSpace(TpmHandle.RhOwner, m_ownerAuth, new NvPublic(nvHandle, TpmAlgId.Sha256, NvAttr.Authread | NvAttr.Authwrite, new byte[0], (ushort)certificate.Thumbprint.ToCharArray().Length));
// Write the thumbprint
m_tpm[m_ownerAuth].NvWrite(nvHandle, nvHandle, Encoding.UTF8.GetBytes(certificate.Thumbprint.ToCharArray()), 0);
}
catch (Exception e)
{
Utils.Trace(e, "Could not add application certificate thumprint to TPM NV storage!");
}
}
return(base.Add(certificate));
}
public override Task <bool> Delete(string thumbprint)
{
lock (m_lock)
{
try
{
// Create a handle based on the hash of the cert thumbprint
ushort slotIndex = BitConverter.ToUInt16(CryptoLib.HashData(TpmAlgId.Sha256, Encoding.UTF8.GetBytes(thumbprint)), 0);
TpmHandle nvHandle = TpmHandle.NV(slotIndex);
// Delete hash of thumbprint from NV storage
m_tpm[m_ownerAuth]._AllowErrors().NvUndefineSpace(TpmHandle.RhOwner, nvHandle);
}
catch (Exception e)
{
Utils.Trace(e, "Could not delete application certificate thumprint from TPM NV storage!");
}
}
return(base.Delete(thumbprint));
}
public string GetHardwareDeviceId()
{
TpmHandle srkHandle = new TpmHandle(SRK_HANDLE);
string hardwareDeviceId = "";
Byte[] name;
Byte[] qualifiedName;
try
{
// Open the TPM
Tpm2Device tpmDevice = new TbsDevice();
tpmDevice.Connect();
var tpm = new Tpm2(tpmDevice);
// Read the URI from the TPM
TpmPublic srk = tpm.ReadPublic(srkHandle, out name, out qualifiedName);
// Dispose of the TPM
tpm.Dispose();
}
catch
{
return(hardwareDeviceId);
}
// Calculate the hardware device id for this logical device
byte[] deviceId = CryptoLib.HashData(TpmAlgId.Sha256, BitConverter.GetBytes(logicalDeviceId), name);
// Produce the output string
foreach (byte n in deviceId)
{
hardwareDeviceId += n.ToString("x2");
}
return(hardwareDeviceId);
}
