예제 #1
0
        public override TPMCommandResponse Process()
        {
            if (_params.IsDefined <ITPMHandle>("handle") == false ||
                _params.IsDefined <byte[]>("context_blob") == false)
            {
                return(new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_LoadContext, new Parameters()));
            }

            ITPMHandle handle = _params.GetValueOf <ITPMHandle>("handle");


            TPMBlob blob = new TPMBlob();

            blob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_LoadContext);
            blob.WriteUInt32(handle.Handle);
            blob.WriteBool(handle.ForceHandle);
            blob.WriteUInt32((uint)handle.ContextBlob.Length);
            blob.Write(handle.ContextBlob, 0, handle.ContextBlob.Length);

            TPMBlob responseBlob = TransmitMe(blob);

            responseBlob.SkipHeader();
            handle.Handle = responseBlob.ReadUInt32();

            Parameters responseParameters = new Parameters();

            responseParameters.AddValue("handle", handle);

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_LoadContext, responseParameters));
        }
예제 #2
0
        public override TPMCommandResponse Process()
        {
            byte[] nonce = NonceGenerator.GenerateByteNonce(20);

            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadPubek);
            requestBlob.Write(nonce, 0, nonce.Length);
            requestBlob.WriteCmdSize();

            TPMBlob responseBlob = TransmitMe(requestBlob);

            responseBlob.SkipHeader();

            long          posStart = responseBlob.Position;
            TPMPubkeyCore pubkey   = TPMPubkeyCore.CreateFromTPMBlob(responseBlob);
            long          posEnd   = responseBlob.Position;

            Digest digest = new Digest(responseBlob, 20);

            if (digest.CompareTo(
                    new HashStreamDataProvider(responseBlob, posStart, posEnd - posStart, false),
                    new HashByteDataProvider(nonce)) == false)
            {
                throw new TPMResponseException("Local digest does not match remote digest");
            }

            Parameters responseParams = new Parameters();

            responseParams.AddValue(TPMPubkey.PARAM_TPM_PUBKEY, pubkey);

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_ReadPubek, responseParams));
        }
예제 #3
0
        /// <summary>
        /// Performs the actual swap-in operation
        /// </summary>
        /// <param name="item"></param>
        protected override void SwappedIn(KeyHandleItem item)
        {
            if (item.Status != KeyHandleItem.KeyHandleStatus.SwappedOut)
            {
                throw new ArgumentException("Invalid key handle state for swap in operation");
            }

            if (AvailableKeySlots <= LoadedKeys)
            {
                SwapOut();
            }


            Parameters swapInParameters = new Parameters();

            swapInParameters.AddValue("handle", item.KeyHandle);
            swapInParameters.AddPrimitiveType("context_blob", item.KeyHandle.ContextBlob);

            TPMCommandRequest swapInRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_LoadContext, swapInParameters);

            TPMCommandResponse swapInResponse = _tpmContext.TPM.Process(swapInRequest);

            if (swapInResponse.Status == false)
            {
                throw new TPMRequestException("Keymanager: Unknown error while swap in operation");
            }

            item.KeyHandle.Handle = swapInResponse.Parameters.GetValueOf <ITPMHandle>("handle").Handle;
        }
예제 #4
0
        /// <summary>
        /// Seals data to the specified pcr selection,
        /// create a valid pcr selection with session.CreateEmptyPCRSelection
        /// </summary>
        /// <param name="pcrSelection"></param>
        /// <param name="data">Data to seal</param>
        /// <returns></returns>
        public byte[] Seal(TPMPCRSelection pcrSelection, byte[] data)
        {
            Parameters paramsSeal = new Parameters();

            paramsSeal.AddPrimitiveType("in_data", data);
            paramsSeal.AddPrimitiveType("key", _keyIdentifier);
            paramsSeal.AddValue("pcr_selection", pcrSelection);

            Parameters paramsSecret = new Parameters();

            paramsSecret.AddPrimitiveType("identifier", KeyIdentifier);
            ProtectedPasswordStorage authSeal = _tpmSession.RequestSecret(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SealAuth, paramsSecret));

            if (authSeal.Hashed == false)
            {
                authSeal.Hash();
            }

            authSeal.DecryptHash();
            paramsSeal.AddPrimitiveType("data_auth", authSeal.HashValue);

            try
            {
                TPMCommandResponse sealResponse = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Seal, paramsSeal);
                return(sealResponse.Parameters.GetValueOf <byte[]>("data"));
            }
            finally
            {
                if (authSeal != null)
                {
                    authSeal.ClearHash();
                }
            }
        }
예제 #5
0
        /// <summary>
        /// Performs the actual swap-in operation
        /// </summary>
        /// <param name="item"></param>
        protected override void SwappedIn(AuthHandleItem item)
        {
            //uint oldHandle = item.AuthHandle.Handle;
            if (item.Status != AuthHandleItem.AuthHandleStatus.SwappedOut)
            {
                throw new ArgumentException("Invalid auth handle state for swap in operation");
            }

            using (new LockContext(_authHandles, "AuthHandleManager::SwappedIn"))
            {
                if (AvailableSessionSlots <= LoadedSessions)
                {
                    SwapOut();
                }


                Parameters swapInParameters = new Parameters();
                swapInParameters.AddValue("handle", item.AuthHandle);
                swapInParameters.AddPrimitiveType("context_blob", item.AuthHandle.ContextBlob);

                TPMCommandRequest swapInRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_LoadContext, swapInParameters);

                TPMCommandResponse swapInResponse = _tpmContext.TPM.Process(swapInRequest);
                if (swapInResponse.Status == false)
                {
                    throw new TPMRequestException("Unknown error while swap in operation");
                }

                item.AuthHandle.Handle = swapInResponse.Parameters.GetValueOf <ITPMHandle>("handle").Handle;
                item.Status            = AuthHandleItem.AuthHandleStatus.SwappedIn;
            }
        }
예제 #6
0
        /// <summary>
        /// Performs the actual swap-out operation
        /// </summary>
        /// <param name="item"></param>
        protected override void SwappedOut(AuthHandleItem item)
        {
            if (item.Status != AuthHandleItem.AuthHandleStatus.SwappedIn)
            {
                throw new ArgumentException("Invalid auth handle state for swap out operation");
            }

            using (new LockContext(_authHandles, "AuthHandleManager::SwappedOut"))
            {
                Parameters swapOutParameters = new Parameters();
                swapOutParameters.AddValue("handle", item.AuthHandle);
                TPMCommandRequest swapOutRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_SaveContext, swapOutParameters);

                TPMCommandResponse swapOutResponse = _tpmContext.TPM.Process(swapOutRequest);

                if (swapOutResponse.Status == false)
                {
                    throw new TPMRequestException("Unknown error while swap out operation");
                }


                item.Status = AuthHandleItem.AuthHandleStatus.SwappedOut;
                item.AuthHandle.ContextBlob = swapOutResponse.Parameters.GetValueOf <byte[]>("context_blob");
            }
        }
예제 #7
0
        /// <summary>
        /// Performs the actual swap-out operation
        /// </summary>
        /// <param name="item"></param>
        protected override void SwappedOut(KeyHandleItem item)
        {
            if (item.Status != KeyHandleItem.KeyHandleStatus.SwappedIn)
            {
                throw new ArgumentException("Invalid auth handle state for swap out operation");
            }

            Parameters swapOutParameters = new Parameters();

            swapOutParameters.AddValue("handle", item.KeyHandle);
            TPMCommandRequest swapOutRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_SaveContext, swapOutParameters);

            TPMCommandResponse swapOutResponse = _tpmContext.TPM.Process(swapOutRequest);

            if (swapOutResponse.Status == false)
            {
                throw new TPMRequestException("Unknown error while swap out operation");
            }

            //For key handles the tpm does not release the memory after save context
            TPMCommandRequest  flushRequest  = new TPMCommandRequest(TPMCommandNames.TPM_CMD_FlushSpecific, swapOutParameters);
            TPMCommandResponse flushResponse = _tpmContext.TPM.Process(flushRequest);

            if (flushResponse.Status == false)
            {
                throw new TPMRequestException("Unknown error while swap out (flush) operation");
            }



            item.Status = KeyHandleItem.KeyHandleStatus.SwappedOut;
            item.KeyHandle.ContextBlob = swapOutResponse.Parameters.GetValueOf <byte[]>("context_blob");
        }
예제 #8
0
        public override TPMCommandResponse Process()
        {
            byte[] nonce = NonceGenerator.GenerateByteNonce (20);

            TPMBlob requestBlob = new TPMBlob ();
            requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadPubek);
            requestBlob.Write (nonce, 0, nonce.Length);
            requestBlob.WriteCmdSize ();

            TPMBlob responseBlob = TransmitMe(requestBlob);
            responseBlob.SkipHeader ();

            long posStart = responseBlob.Position;
            TPMPubkeyCore pubkey = TPMPubkeyCore.CreateFromTPMBlob(responseBlob);
            long posEnd = responseBlob.Position;

            Digest digest = new Digest (responseBlob, 20);
            if (digest.CompareTo (
                new HashStreamDataProvider (responseBlob, posStart, posEnd - posStart, false),
                new HashByteDataProvider (nonce)) == false)
            {
                throw new TPMResponseException ("Local digest does not match remote digest");
            }

            Parameters responseParams = new Parameters ();
            responseParams.AddValue (TPMPubkey.PARAM_TPM_PUBKEY, pubkey);

            return new TPMCommandResponse (true, TPMCommandNames.TPM_CMD_ReadPubek, responseParams);
        }
예제 #9
0
        /// <summary>
        /// Reads the configured tpm devices from the configuration and
        /// sets up the corresponding tpm contexts
        /// </summary>
        private void SetupTPMContexts()
        {
            IConnectionsConfiguration connectionConfig = (IConnectionsConfiguration)ConfigurationManager.GetSection("connections");

            foreach (Iaik.Tc.TPM.Configuration.DotNetConfiguration.TPMDevice device in connectionConfig.TpmDevices)
            {
                try
                {
                    _logger.InfoFormat("Setting up tpm context '{0}'", device.TPMName);
                    TPMWrapper tpmDevice = new TPMWrapper();
                    tpmDevice.Init(device.TPMType, device.Parameters);
                    TPMContext tpmContext = new TPMContext(device.TPMName, tpmDevice);
                    _tpmContexts.Add(device.TPMName, tpmContext);

                    _logger.InfoFormat("Flushing device '{0}'", device.TPMName);
                    foreach (TPMResourceType resourceType in new TPMResourceType[] {
                        TPMResourceType.TPM_RT_AUTH, TPMResourceType.TPM_RT_KEY
                    })
                    {
                        Parameters listLoadedHandlesParameters = new Parameters();
                        listLoadedHandlesParameters.AddPrimitiveType("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE);
                        listLoadedHandlesParameters.AddPrimitiveType("handle_type", resourceType);
                        TPMCommandRequest listLoadedHandlesRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetCapability,
                                                                                           listLoadedHandlesParameters);
                        TPMCommandResponse response = tpmDevice.Process(listLoadedHandlesRequest);

                        if (response.Status == false)
                        {
                            throw new Exception("An unknown tpm exception while flushing occured");
                        }

                        foreach (uint handle in response.Parameters.GetValueOf <HandleList> ("handles"))
                        {
                            Parameters flushParameters = new Parameters();
                            flushParameters.AddValue("handle", HandleFactory.Create(resourceType, handle));
                            TPMCommandRequest  flushRequest  = new TPMCommandRequest(TPMCommandNames.TPM_CMD_FlushSpecific, flushParameters);
                            TPMCommandResponse flushResponse = tpmDevice.Process(flushRequest);

                            if (flushResponse.Status == false)
                            {
                                throw new Exception("Something went wrong while flushing");
                            }
                        }
                    }

                    _logger.InfoFormat("Successfully setup tpm context '{0}' with type '{1}'", device.TPMName, device.TPMType);
                }
                catch (Exception ex)
                {
                    _logger.FatalFormat("Error setting up tpm device '{0}', the device will not be available ({1})", device.TPMName, ex);
                }

                ///Set the Assembly search order for incoming Parameters so that core classes are always at first
                Parameters.AssemblySearchOrder = new Assembly[] {
                    typeof(TPMWrapper).Assembly,                     //lib core
                    typeof(ITypedParameter).Assembly
                };                                                   //lib common
            }
        }
예제 #10
0
파일: TPM_OIAP.cs 프로젝트: deveck/doTSS
        public override TPMCommandResponse Process()
        {
            TPMBlob requestBlob = new TPMBlob();
            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OIAP);
            requestBlob.WriteCmdSize();

            _commandAuthHelper.EnsureFreeSlot();
            TPMBlob responseBlob = TransmitMe(requestBlob);
            responseBlob.SkipHeader();
            AuthHandleCore authHandle = new AuthHandleCore(AuthHandle.AuthType.OIAP, responseBlob);

            _responseParameters = new Parameters();
            _responseParameters.AddValue("auth_handle", authHandle);
            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OIAP, _responseParameters);
        }
예제 #11
0
        public override TPMCommandResponse Process()
        {
            using(TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadCounter);
                requestBlob.WriteUInt32(_params.GetValueOf<uint>("counter_id"));

                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _params.GetValueOf<uint>("counter_id"));
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_ReadCounter, _responseParameters);
        }
예제 #12
0
        public override TPMCommandResponse Process()
        {
            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OIAP);
            requestBlob.WriteCmdSize();

            _commandAuthHelper.EnsureFreeSlot();
            TPMBlob responseBlob = TransmitMe(requestBlob);

            responseBlob.SkipHeader();
            AuthHandleCore authHandle = new AuthHandleCore(AuthHandle.AuthType.OIAP, responseBlob);

            _responseParameters = new Parameters();
            _responseParameters.AddValue("auth_handle", authHandle);
            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OIAP, _responseParameters));
        }
예제 #13
0
        public override TPMCommandResponse Process()
        {
            using (TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadCounter);
                requestBlob.WriteUInt32(_params.GetValueOf <uint>("counter_id"));

                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _params.GetValueOf <uint>("counter_id"));
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_ReadCounter, _responseParameters));
        }
예제 #14
0
        protected override TPMCommandResponse InternalProcess()
        {
            using (TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_IncrementCounter);
                requestBlob.WriteUInt32(_params.GetValueOf <uint>("counter_id"));

                _responseBlob = AuthorizeMeAndTransmit(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _responseBlob.ReadUInt32());
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters));
        }
예제 #15
0
        /// <summary>
        /// Cryptographically reports the selected PCR values and returns
        /// the TPMPCRComposite and the generated signature. If no
        /// external data is supplied a random nonce is generated on the server.
        /// The length of externalData is defined by the hashing algorithm used by the TPM
        /// </summary>
        /// <param name="pcrs"></param>
        /// <param name="externalData">Nonce used for the quoting operation,
        /// use CreateCompatibleHashAlgorithm or CreateCompatibleHashProvider to generate a hash value
        /// with the correct length</param>
        /// <returns></returns>
        public QuoteResponse Quote(TPMPCRSelection pcrs, byte[] externalData)
        {
            Parameters quoteParameters = new Parameters();

            quoteParameters.AddPrimitiveType("key", _keyIdentifier);
            quoteParameters.AddValue("targetPCR", pcrs);

            if (externalData != null)
            {
                quoteParameters.AddPrimitiveType("externalData", externalData);
            }

            TPMCommandResponse response = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Quote, quoteParameters);

            return(new QuoteResponse(response.Parameters.GetValueOf <TPMPCRComposite>("pcrData"),
                                     response.Parameters.GetValueOf <byte[]>("sig")));
        }
예제 #16
0
        /// <summary>
        /// Really destroys the auth handle on the tpm AND in the local cache
        /// </summary>
        /// <param name="item">
        /// A <see cref="AuthHandleItem"/>
        /// </param>
        private void InternalDestroyHandle(AuthHandleItem item)
        {
            Parameters parameters = new Parameters();

            parameters.AddValue("handle", item.AuthHandle);
            parameters.AddPrimitiveType("ignore_tpm_error", true);
            TPMCommandRequest destroyHandleRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_FlushSpecific, parameters);

            TPMCommandResponse destroyHandleResponse = _tpmContext.TPM.Process(destroyHandleRequest);

            if (!destroyHandleResponse.Status)
            {
                throw new TPMRequestException("Error on flushing auth handle context, aborting");
            }

            _logger.DebugFormat("Authhandles before remove: {0}", _authHandles);
            InternalRemoveAuthHandle(item);
            _logger.DebugFormat("Authhandles after remove: {0}", _authHandles);
        }
예제 #17
0
        protected override TPMCommandResponse InternalProcess()
        {
            AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);

            byte[] xorKey = new HashProvider().Hash(
                new HashByteDataProvider(auth1OSAP.SharedSecret),
                new HashByteDataProvider(auth1OSAP.NonceEven));

            ByteHelper.XORBytes(_secret, xorKey);


            if (_secret.Length != 20)
            {
                throw new ArgumentException("secret needs to be 20 bytes long (SHA1 hash)");
            }

            if (_label.Length != 4)
            {
                throw new ArgumentException("Label needs to be 4 bytes long");
            }

            using (TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateCounter);
                requestBlob.Write(_secret, 0, 20);
                requestBlob.Write(_label, 0, 4);

                _responseBlob = AuthorizeMeAndTransmit(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _responseBlob.ReadUInt32());
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters));
        }
예제 #18
0
        /// <summary>
        /// Flushes all keys that belong to the specified context
        /// </summary>
        /// <param name="keyContext">context to check</param>
        public void UnloadKeysOfContext(object keyContext)
        {
            using (AcquireLock())
            {
                List <KeyHandleItem> keysToRemove = new List <KeyHandleItem>();
                foreach (KeyHandleItem item in _keyHandles)
                {
                    if (item.KeyContext.Equals(keyContext))
                    {
                        keysToRemove.Add(item);
                    }
                }

                foreach (KeyHandleItem item in keysToRemove)
                {
                    _keyHandles.RemoveKeyHandle(item);

                    //Flush the key
                    if (item.Status == KeyHandleItem.KeyHandleStatus.SwappedIn)
                    {
                        Parameters flushParams = new Parameters();
                        flushParams.AddValue("handle", item.KeyHandle);
                        TPMCommandRequest flushRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_FlushSpecific, flushParams);
                        _tpmContext.TPM.Process(flushRequest);
                    }
                    //Flush the context
                    else if (item.Status == KeyHandleItem.KeyHandleStatus.SwappedOut)
                    {
                        Parameters flushParams = new Parameters();
                        flushParams.AddValue("handle", new ContextHandle(item.KeyHandle.ContextBlob));
                        TPMCommandRequest flushRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_FlushSpecific, flushParams);
                        _tpmContext.TPM.Process(flushRequest);
                    }
                }
            }
        }
예제 #19
0
        public override TPMCommandResponse Process()
        {
            if(_params.IsDefined<ITPMHandle>("handle") == false ||
               _params.IsDefined<byte[]>("context_blob") == false)
                return new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_LoadContext, new Parameters());

            ITPMHandle handle = _params.GetValueOf<ITPMHandle>("handle");

            TPMBlob blob = new TPMBlob();
            blob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_LoadContext);
            blob.WriteUInt32(handle.Handle);
            blob.WriteBool(handle.ForceHandle);
            blob.WriteUInt32((uint)handle.ContextBlob.Length);
            blob.Write(handle.ContextBlob, 0, handle.ContextBlob.Length);

            TPMBlob responseBlob = TransmitMe(blob);
            responseBlob.SkipHeader();
            handle.Handle = responseBlob.ReadUInt32();

            Parameters responseParameters = new Parameters();
            responseParameters.AddValue("handle", handle);

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_LoadContext, responseParameters);
        }
예제 #20
0
        protected override TPMCommandResponse InternalProcess()
        {
            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_GetPubKey);

            //If not loaded load now
            _keyManager.LoadKey(_params.GetValueOf <string>("key"));

            //KeyHandle To be inserted later
            requestBlob.WriteUInt32(0);

            //Blocking authorize, blocks till the user has entered the authorization data
            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                //Write key handle to the first position after the header
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("key")).Handle);

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            TPMPubkeyCore pubKey = TPMPubkeyCore.CreateFromTPMBlob(_responseBlob);

            Parameters responseParams = new Parameters();

            responseParams.AddValue("pubkey", pubKey);

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_GetPubKey, responseParams));
        }
예제 #21
0
파일: TPM_Quote.cs 프로젝트: deveck/doTSS
        protected override TPMCommandResponse InternalProcess()
        {
            TPMBlob requestBlob = new TPMBlob();
            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Quote);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_nonce, 0, 20);
            _pcrSelection.WriteToTpmBlob(requestBlob);

            _keyManager.LoadKey(_params.GetValueOf<string>("key"));

            AuthorizeMe(requestBlob);

            using(_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("key")).Handle);
                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            TPMPCRCompositeCore pcrComposite = TPMPCRCompositeCore.CreateFromTPMBlob(_responseBlob);
            uint sigSize = _responseBlob.ReadUInt32();
            byte[] signature =  _responseBlob.ReadBytes((int)sigSize);

            // Do signature verification
            TPMQuoteInfoCore quoteInfo = TPMQuoteInfoCore.Create(new HashProvider().Hash(new HashTPMBlobWritableDataProvider(pcrComposite)), _nonce);
            byte[] signingData;
            using (TPMBlob blob = new TPMBlob())
            {
                quoteInfo.WriteToTpmBlob(blob);
                signingData = blob.ToArray();
            }

            Parameters pubKeyParams = new Parameters();
            pubKeyParams.AddPrimitiveType("key", _params.GetValueOf<string>("key"));
            TPMCommandRequest pubKeyRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetPubKey, pubKeyParams);
            TPMCommandResponse pubKeyResponse = _tpmWrapper.Process(pubKeyRequest,
                _commandAuthHelper, _keyManager);

            if (pubKeyResponse.Status == false)
            {
                _log.FatalFormat("TPM_Quote: Could not retrieve pubkey of key");
                return new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_Quote, new Parameters());
            }

            TPMKey keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(_params.GetValueOf<string>("key")));
            TPMPubkey pubkey = pubKeyResponse.Parameters.GetValueOf<TPMPubkey>("pubkey");

            if (SignatureVerification.VerifySignature(keyInfo, pubkey, signingData, signature) == false)
            {
                throw new ArgumentException("The TPM_Quote signature could not be verified");
            }

            Parameters responseParams = new Parameters();
            responseParams.AddValue("pcrData", pcrComposite);
            responseParams.AddPrimitiveType("sig", signature);

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Quote, responseParams);
        }
예제 #22
0
        protected override TPMCommandResponse InternalProcess()
        {
            TPMBlob requestBlob = new TPMBlob ();
            requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_GetPubKey);

            //If not loaded load now
            _keyManager.LoadKey(_params.GetValueOf<string>("key"));

            //KeyHandle To be inserted later
            requestBlob.WriteUInt32 (0);

            //Blocking authorize, blocks till the user has entered the authorization data
            AuthorizeMe(requestBlob);

            using(_keyManager.AcquireLock())
            {
                //Write key handle to the first position after the header
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("key")).Handle);

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            TPMPubkeyCore pubKey = TPMPubkeyCore.CreateFromTPMBlob(_responseBlob);

            Parameters responseParams = new Parameters();
            responseParams.AddValue("pubkey", pubKey);

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_GetPubKey, responseParams);
        }
예제 #23
0
        public override TPMCommandResponse Process()
        {
            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_GetCapability);
            requestBlob.WriteUInt32((uint)_capArea);

            switch (_capArea)
            {
            case CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL:
                //Subcaps are ignored by TPM_CAP_VERSION_VAL
                requestBlob.WriteUInt32(0);
                break;

            case CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE:
                requestBlob.WriteUInt32(4);
                requestBlob.WriteUInt32((uint)_param.GetValueOf <TPMResourceType> ("handle_type"));
                break;

            case CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY:
                CapabilityData.TPMSubCapProperty subCap = _param.GetValueOf <CapabilityData.TPMSubCapProperty> ("subCap");

                //Size of subcap
                requestBlob.WriteUInt32(4);
                requestBlob.WriteUInt32((uint)subCap);
                break;

            case CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE:

                CapabilityDataCore.TPMSelectSizeCore tpmSelectSize =
                    CapabilityDataCore.TPMSelectSizeCore.CreateVersion12(_param.GetValueOf <ushort>(CapabilityData.PARAM_PROP_SELECT_SIZE));

                TPMBlobWriteableHelper.WriteITPMBlobWritableWithUIntSize(requestBlob, tpmSelectSize);
                break;

            default:
                throw new NotSupportedException("Defined cap or subcap are not supported");
            }



//			if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL)
//			{
//				//Subcaps are ignored by TPM_CAP_VERSION_VAL
//				requestBlob.WriteUInt32 (0);
//			}
//			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE)
//			{
//				requestBlob.WriteUInt32 (4);
//				requestBlob.WriteUInt32 ((uint)_param.GetValueOf<TPMResourceType> ("handle_type"));
//			}
//			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY)
//			{
//				CapabilityData.TPMSubCapProperty subCap = _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap");
//
//				//Size of subcap
//				requestBlob.WriteUInt32 (4);
//				requestBlob.WriteUInt32 ((uint)subCap);
//			}
//			else
//				throw new NotSupportedException ("Defined cap or subcap are not supported");

            requestBlob.WriteCmdSize();

            TPMBlob responseBlob = TransmitMe(requestBlob);

            responseBlob.SkipHeader();

            Parameters parameters = new Parameters();


            switch (_capArea)
            {
            case CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL:
                CapabilityDataCore.TPMCapVersionInfoCore tpmVersionInfo = new CapabilityDataCore.TPMCapVersionInfoCore(responseBlob);
                parameters.AddValue(CapabilityData.PARAM_TPM_VERSION_INFO, tpmVersionInfo);
                break;

            case CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE:
                responseBlob.SkipHeader();

                //Reads the response size, which is ignored
                responseBlob.ReadUInt32();

                HandleListCore handleList = new HandleListCore(responseBlob, _param.GetValueOf <TPMResourceType> ("handle_type"));
                parameters.AddValue("handles", handleList);
                break;

            case CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY:
                responseBlob.SkipHeader();
                switch (_param.GetValueOf <CapabilityData.TPMSubCapProperty> ("subCap"))
                {
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR:
                    parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_PCR, ReadUInt32Response(responseBlob));
                    break;

                //case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_DIR:
                //    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_DIR, ReadUInt32Response (responseBlob));
                //    break;
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MANUFACTURER:
                    parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_MANUFACTURER, ReadUInt32Response(responseBlob));
                    break;

                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_KEYS:
                    parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_KEYS, ReadUInt32Response(responseBlob));
                    break;

                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS:
                    parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_MAX_AUTHSESS, ReadUInt32Response(responseBlob));
                    break;

                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS:
                    parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_MAX_TRANSESS, ReadUInt32Response(responseBlob));
                    break;

                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_KEYS:
                    parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_MAX_KEYS, ReadUInt32Response(responseBlob));
                    break;

                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS:
                    parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_MAX_SESSIONS, ReadUInt32Response(responseBlob));
                    break;

                default:
                    throw new NotSupportedException("Defined cap or subcap are not supported");
                }
                break;

            case CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE:
                parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_SELECT_SIZE, ReadBoolResponse(responseBlob));
                break;
            }



//			if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL)
//			{
//				CapabilityDataCore.TPMCapVersionInfoCore tpmVersionInfo = new CapabilityDataCore.TPMCapVersionInfoCore (responseBlob);
//				parameters.AddValue (CapabilityData.PARAM_TPM_VERSION_INFO, tpmVersionInfo);
//			}
//			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE)
//			{
//				responseBlob.SkipHeader ();
//
//				//Reads the response size, which is ignored
//				responseBlob.ReadUInt32 ();
//
//				HandleListCore handleList = new HandleListCore (responseBlob, _param.GetValueOf<TPMResourceType> ("handle_type"));
//				parameters.AddValue ("handles", handleList);
//			}
//
//
//			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
//				    _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR)
//			{
//				responseBlob.SkipHeader ();
//				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_PCR, ReadUInt32Response (responseBlob));
//			}
//
//			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
//				_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS)
//			{
//				responseBlob.SkipHeader ();
//				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_AUTHSESS, ReadUInt32Response (responseBlob));
//			}
//
//			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
//				_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS)
//			{
//				responseBlob.SkipHeader ();
//				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_TRANSESS, ReadUInt32Response (responseBlob));
//			}
//
//			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
//				_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS)
//			{
//				responseBlob.SkipHeader ();
//				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_SESSIONS, ReadUInt32Response (responseBlob));
//			}
//			else
//				throw new NotSupportedException("Defined cap or subcap are not supported");

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_GetCapability, parameters));
        }
예제 #24
0
        protected override TPMCommandResponse InternalProcess()
        {
            using(TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_IncrementCounter);
                requestBlob.WriteUInt32(_params.GetValueOf<uint>("counter_id"));

                _responseBlob = AuthorizeMeAndTransmit(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _responseBlob.ReadUInt32());
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters);
        }
예제 #25
0
        protected override TPMCommandResponse InternalProcess()
        {
            AuthHandle auth1OSAP =_commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);

            byte[] xorKey = new HashProvider().Hash(
                    new HashByteDataProvider(auth1OSAP.SharedSecret),
                    new HashByteDataProvider(auth1OSAP.NonceEven));

            ByteHelper.XORBytes(_secret, xorKey);

            if(_secret.Length != 20)
                throw new ArgumentException("secret needs to be 20 bytes long (SHA1 hash)");

            if(_label.Length != 4)
                throw new ArgumentException("Label needs to be 4 bytes long");

            using(TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateCounter);
                requestBlob.Write(_secret, 0, 20);
                requestBlob.Write(_label, 0, 4);

                _responseBlob = AuthorizeMeAndTransmit(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _responseBlob.ReadUInt32());
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters);
        }
예제 #26
0
        /// <summary>
        /// Seals data to the specified pcr selection,
        /// create a valid pcr selection with session.CreateEmptyPCRSelection
        /// </summary>
        /// <param name="pcrSelection"></param>
        /// <param name="data">Data to seal</param>
        /// <returns></returns>
        public byte[] Seal(TPMPCRSelection pcrSelection, byte[] data)
        {
            Parameters paramsSeal = new Parameters();
            paramsSeal.AddPrimitiveType("in_data", data);
            paramsSeal.AddPrimitiveType("key", _keyIdentifier);
            paramsSeal.AddValue("pcr_selection", pcrSelection);

            Parameters paramsSecret = new Parameters();
            paramsSecret.AddPrimitiveType("identifier", KeyIdentifier);
            ProtectedPasswordStorage authSeal = _tpmSession.RequestSecret(new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SealAuth, paramsSecret));

            if(authSeal.Hashed == false)
                authSeal.Hash();

            authSeal.DecryptHash();
            paramsSeal.AddPrimitiveType("data_auth", authSeal.HashValue);

            try
            {
                TPMCommandResponse sealResponse = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Seal, paramsSeal);
                return sealResponse.Parameters.GetValueOf<byte[]>("data");
            }
            finally
            {
                if(authSeal != null)
                    authSeal.ClearHash();
            }
        }
예제 #27
0
        /// <summary>
        /// Cryptographically reports the selected PCR values and returns
        /// the TPMPCRComposite and the generated signature. If no
        /// external data is supplied a random nonce is generated on the server.
        /// The length of externalData is defined by the hashing algorithm used by the TPM
        /// </summary>
        /// <param name="pcrs"></param>
        /// <param name="externalData">Nonce used for the quoting operation, 
        /// use CreateCompatibleHashAlgorithm or CreateCompatibleHashProvider to generate a hash value
        /// with the correct length</param>
        /// <returns></returns>
        public QuoteResponse Quote(TPMPCRSelection pcrs, byte[] externalData)
        {
            Parameters quoteParameters = new Parameters();
            quoteParameters.AddPrimitiveType("key", _keyIdentifier);
            quoteParameters.AddValue("targetPCR", pcrs);

            if(externalData != null)
                quoteParameters.AddPrimitiveType("externalData", externalData);

            TPMCommandResponse response = BuildDoVerifyRequest(TPMCommandNames.TPM_CMD_Quote, quoteParameters);

            return new QuoteResponse(response.Parameters.GetValueOf<TPMPCRComposite>("pcrData"),
                                     response.Parameters.GetValueOf<byte[]>("sig"));
        }
예제 #28
0
        public override TPMCommandResponse Process()
        {
            TPMBlob requestBlob = new TPMBlob ();
            requestBlob.WriteCmdHeader (TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_GetCapability);
            requestBlob.WriteUInt32 ((uint)_capArea);

            switch(_capArea)
            {
            case CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL:
                //Subcaps are ignored by TPM_CAP_VERSION_VAL
                requestBlob.WriteUInt32 (0);
                break;
            case CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE:
                requestBlob.WriteUInt32 (4);
                requestBlob.WriteUInt32 ((uint)_param.GetValueOf<TPMResourceType> ("handle_type"));
                break;
            case CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY:
                CapabilityData.TPMSubCapProperty subCap = _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap");

                //Size of subcap
                requestBlob.WriteUInt32 (4);
                requestBlob.WriteUInt32 ((uint)subCap);
                break;
            case CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE:

                CapabilityDataCore.TPMSelectSizeCore tpmSelectSize =
                    CapabilityDataCore.TPMSelectSizeCore.CreateVersion12(_param.GetValueOf<ushort>(CapabilityData.PARAM_PROP_SELECT_SIZE));

                TPMBlobWriteableHelper.WriteITPMBlobWritableWithUIntSize(requestBlob, tpmSelectSize);
                break;

            default:
                throw new NotSupportedException ("Defined cap or subcap are not supported");
            }

            //			if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL)
            //			{
            //				//Subcaps are ignored by TPM_CAP_VERSION_VAL
            //				requestBlob.WriteUInt32 (0);
            //			}
            //			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE)
            //			{
            //				requestBlob.WriteUInt32 (4);
            //				requestBlob.WriteUInt32 ((uint)_param.GetValueOf<TPMResourceType> ("handle_type"));
            //			}
            //			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY)
            //			{
            //				CapabilityData.TPMSubCapProperty subCap = _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap");
            //
            //				//Size of subcap
            //				requestBlob.WriteUInt32 (4);
            //				requestBlob.WriteUInt32 ((uint)subCap);
            //			}
            //			else
            //				throw new NotSupportedException ("Defined cap or subcap are not supported");

            requestBlob.WriteCmdSize ();

            TPMBlob responseBlob = TransmitMe(requestBlob);
            responseBlob.SkipHeader ();

            Parameters parameters = new Parameters ();

            switch(_capArea)
            {
            case CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL:
                CapabilityDataCore.TPMCapVersionInfoCore tpmVersionInfo = new CapabilityDataCore.TPMCapVersionInfoCore (responseBlob);
                parameters.AddValue (CapabilityData.PARAM_TPM_VERSION_INFO, tpmVersionInfo);
                break;
            case CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE:
                responseBlob.SkipHeader ();

                //Reads the response size, which is ignored
                responseBlob.ReadUInt32 ();

                HandleListCore handleList = new HandleListCore (responseBlob, _param.GetValueOf<TPMResourceType> ("handle_type"));
                parameters.AddValue ("handles", handleList);
                break;
            case CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY:
                responseBlob.SkipHeader ();
                switch(_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap"))
                {
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR:
                    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_PCR, ReadUInt32Response (responseBlob));
                    break;
                //case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_DIR:
                //    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_DIR, ReadUInt32Response (responseBlob));
                //    break;
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MANUFACTURER:
                    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MANUFACTURER, ReadUInt32Response (responseBlob));
                    break;
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_KEYS:
                    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_KEYS, ReadUInt32Response (responseBlob));
                    break;
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS:
                    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_AUTHSESS, ReadUInt32Response (responseBlob));
                    break;
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS:
                    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_TRANSESS, ReadUInt32Response (responseBlob));
                    break;
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_KEYS:
                    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_KEYS, ReadUInt32Response (responseBlob));
                    break;
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS:
                    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_SESSIONS, ReadUInt32Response (responseBlob));
                    break;
                default:
                    throw new NotSupportedException("Defined cap or subcap are not supported");
                }
                break;

            case CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE:
                parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_SELECT_SIZE, ReadBoolResponse(responseBlob));
                break;
            }

            //			if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL)
            //			{
            //				CapabilityDataCore.TPMCapVersionInfoCore tpmVersionInfo = new CapabilityDataCore.TPMCapVersionInfoCore (responseBlob);
            //				parameters.AddValue (CapabilityData.PARAM_TPM_VERSION_INFO, tpmVersionInfo);
            //			}
            //			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE)
            //			{
            //				responseBlob.SkipHeader ();
            //
            //				//Reads the response size, which is ignored
            //				responseBlob.ReadUInt32 ();
            //
            //				HandleListCore handleList = new HandleListCore (responseBlob, _param.GetValueOf<TPMResourceType> ("handle_type"));
            //				parameters.AddValue ("handles", handleList);
            //			}
            //
            //
            //			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
            //				    _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR)
            //			{
            //				responseBlob.SkipHeader ();
            //				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_PCR, ReadUInt32Response (responseBlob));
            //			}
            //
            //			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
            //				_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS)
            //			{
            //				responseBlob.SkipHeader ();
            //				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_AUTHSESS, ReadUInt32Response (responseBlob));
            //			}
            //
            //			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
            //				_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS)
            //			{
            //				responseBlob.SkipHeader ();
            //				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_TRANSESS, ReadUInt32Response (responseBlob));
            //			}
            //
            //			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
            //				_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS)
            //			{
            //				responseBlob.SkipHeader ();
            //				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_SESSIONS, ReadUInt32Response (responseBlob));
            //			}
            //			else
            //				throw new NotSupportedException("Defined cap or subcap are not supported");

            return new TPMCommandResponse (true, TPMCommandNames.TPM_CMD_GetCapability, parameters);
        }
예제 #29
0
        public override TPMCommandResponse Process()
        {
            TPMEntityTypeLSB entityLSB  = _params.GetValueOf <TPMEntityTypeLSB>("entity_lsb");
            TPMEntityTypeMSB entityMSB  = _params.GetValueOf <TPMEntityTypeMSB>("entity_msb");
            string           identifier = _params.GetValueOf <string>("entity_value");


            if (entityLSB != TPMEntityTypeLSB.TPM_ET_KEYHANDLE &&
                entityLSB != TPMEntityTypeLSB.TPM_ET_SRK &&
                entityLSB != TPMEntityTypeLSB.TPM_ET_OWNER)
            {
                throw new ArgumentException("TPM_OSAP does currently not support entityType: " + entityLSB.ToString());
            }

            if (entityMSB != TPMEntityTypeMSB.TPM_ET_XOR)
            {
                throw new ArgumentException(string.Format("TPM_OSAP does currently not support '{0}' EncAuth encryption", entityMSB));
            }


            if (entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
                entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
            {
                //We now know that the current identifier is a key identifier (maybe srk, but then the value is ignored by TPM_OSAP).
                //So we invoke the key manager to load the key with the specified identifier and establish an OSAP session
                _keyManager.LoadKey(identifier);
            }

            //handle is not known yet
            AuthHandle authHandle = new AuthHandle(AuthHandle.AuthType.OSAP, 0);

            authHandle.EntityType = entityLSB;
            authHandle.NewNonceOddOSAP();


            using (_keyManager.AcquireLock())
            {
                TPMBlob requestBlob = new TPMBlob();
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OSAP);
                requestBlob.WriteUInt16((ushort)(((ushort)entityMSB << 8) | (ushort)entityLSB));

                if (entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
                    entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
                {
                    if (identifier == KeyHandle.KEY_SRK)
                    {
                        requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
                        authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_SRK;
                    }
                    else
                    {
                        KeyHandle keyHandle = _keyManager.IdentifierToHandle(identifier);
                        requestBlob.WriteUInt32(keyHandle.Handle);
                        authHandle.EntityValue = keyHandle.Handle;
                    }
                }
                else if (entityLSB == TPMEntityTypeLSB.TPM_ET_OWNER)
                {
                    requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_OWNER);
                    authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_OWNER;
                }

                requestBlob.Write(authHandle.NonceOddOSAP, 0, authHandle.NonceOddOSAP.Length);
                requestBlob.WriteCmdSize();

                _commandAuthHelper.EnsureFreeSlot();
                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            AuthHandleCore receivedAuthHandle = new AuthHandleCore(AuthHandle.AuthType.OSAP, _responseBlob);

            authHandle.UpdateFromOtherAuthHandle(receivedAuthHandle);


            _responseParameters = new Parameters();
            _responseParameters.AddValue("auth_handle", authHandle);
            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OSAP, _responseParameters));
        }
예제 #30
0
        /// <summary>
        /// Reads the configured tpm devices from the configuration and
        /// sets up the corresponding tpm contexts
        /// </summary>
        private void SetupTPMContexts()
        {
            IConnectionsConfiguration connectionConfig = (IConnectionsConfiguration)ConfigurationManager.GetSection ("connections");

            foreach (Iaik.Tc.TPM.Configuration.DotNetConfiguration.TPMDevice device in connectionConfig.TpmDevices)
            {
                try
                {
                    _logger.InfoFormat ("Setting up tpm context '{0}'", device.TPMName);
                    TPMWrapper tpmDevice = new TPMWrapper ();
                    tpmDevice.Init (device.TPMType, device.Parameters);
                    TPMContext tpmContext = new TPMContext (device.TPMName, tpmDevice);
                    _tpmContexts.Add (device.TPMName, tpmContext);

                    _logger.InfoFormat ("Flushing device '{0}'", device.TPMName);
                    foreach (TPMResourceType resourceType in new TPMResourceType[] {
                        TPMResourceType.TPM_RT_AUTH, TPMResourceType.TPM_RT_KEY})
                    {
                        Parameters listLoadedHandlesParameters = new Parameters ();
                        listLoadedHandlesParameters.AddPrimitiveType ("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE);
                        listLoadedHandlesParameters.AddPrimitiveType ("handle_type", resourceType);
                        TPMCommandRequest listLoadedHandlesRequest = new TPMCommandRequest (TPMCommandNames.TPM_CMD_GetCapability,
                            listLoadedHandlesParameters);
                        TPMCommandResponse response = tpmDevice.Process (listLoadedHandlesRequest);

                        if (response.Status == false)
                            throw new Exception ("An unknown tpm exception while flushing occured");

                        foreach (uint handle in response.Parameters.GetValueOf<HandleList> ("handles"))
                        {
                            Parameters flushParameters = new Parameters ();
                            flushParameters.AddValue ("handle", HandleFactory.Create (resourceType, handle));
                            TPMCommandRequest flushRequest = new TPMCommandRequest (TPMCommandNames.TPM_CMD_FlushSpecific, flushParameters);
                            TPMCommandResponse flushResponse = tpmDevice.Process (flushRequest);

                            if (flushResponse.Status == false)
                                throw new Exception ("Something went wrong while flushing");

                        }
                    }

                    _logger.InfoFormat ("Successfully setup tpm context '{0}' with type '{1}'", device.TPMName, device.TPMType);
                }
                catch (Exception ex)
                {
                    _logger.FatalFormat ("Error setting up tpm device '{0}', the device will not be available ({1})", device.TPMName, ex);
                }

                ///Set the Assembly search order for incoming Parameters so that core classes are always at first
                Parameters.AssemblySearchOrder = new Assembly[]{
                    typeof(TPMWrapper).Assembly, //lib core
                    typeof(ITypedParameter).Assembly};	//lib common

            }
        }
예제 #31
0
        protected override TPMCommandResponse InternalProcess()
        {
            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Quote);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_nonce, 0, 20);
            _pcrSelection.WriteToTpmBlob(requestBlob);

            _keyManager.LoadKey(_params.GetValueOf <string>("key"));

            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("key")).Handle);
                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            TPMPCRCompositeCore pcrComposite = TPMPCRCompositeCore.CreateFromTPMBlob(_responseBlob);
            uint sigSize = _responseBlob.ReadUInt32();

            byte[] signature = _responseBlob.ReadBytes((int)sigSize);

            // Do signature verification
            TPMQuoteInfoCore quoteInfo = TPMQuoteInfoCore.Create(new HashProvider().Hash(new HashTPMBlobWritableDataProvider(pcrComposite)), _nonce);

            byte[] signingData;
            using (TPMBlob blob = new TPMBlob())
            {
                quoteInfo.WriteToTpmBlob(blob);
                signingData = blob.ToArray();
            }

            Parameters pubKeyParams = new Parameters();

            pubKeyParams.AddPrimitiveType("key", _params.GetValueOf <string>("key"));
            TPMCommandRequest  pubKeyRequest  = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetPubKey, pubKeyParams);
            TPMCommandResponse pubKeyResponse = _tpmWrapper.Process(pubKeyRequest,
                                                                    _commandAuthHelper, _keyManager);

            if (pubKeyResponse.Status == false)
            {
                _log.FatalFormat("TPM_Quote: Could not retrieve pubkey of key");
                return(new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_Quote, new Parameters()));
            }

            TPMKey    keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(_params.GetValueOf <string>("key")));
            TPMPubkey pubkey  = pubKeyResponse.Parameters.GetValueOf <TPMPubkey>("pubkey");

            if (SignatureVerification.VerifySignature(keyInfo, pubkey, signingData, signature) == false)
            {
                throw new ArgumentException("The TPM_Quote signature could not be verified");
            }

            Parameters responseParams = new Parameters();

            responseParams.AddValue("pcrData", pcrComposite);
            responseParams.AddPrimitiveType("sig", signature);

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Quote, responseParams));
        }
예제 #32
0
파일: TPM_OSAP.cs 프로젝트: deveck/doTSS
        public override TPMCommandResponse Process()
        {
            TPMEntityTypeLSB entityLSB = _params.GetValueOf<TPMEntityTypeLSB>("entity_lsb");
            TPMEntityTypeMSB entityMSB = _params.GetValueOf<TPMEntityTypeMSB>("entity_msb");
            string identifier = _params.GetValueOf<string>("entity_value");

            if( entityLSB != TPMEntityTypeLSB.TPM_ET_KEYHANDLE &&
                entityLSB != TPMEntityTypeLSB.TPM_ET_SRK &&
                entityLSB != TPMEntityTypeLSB.TPM_ET_OWNER)
            {
                throw new ArgumentException("TPM_OSAP does currently not support entityType: " + entityLSB.ToString());
            }

            if(entityMSB != TPMEntityTypeMSB.TPM_ET_XOR)
            {
                throw new ArgumentException(string.Format("TPM_OSAP does currently not support '{0}' EncAuth encryption", entityMSB));
            }

            if(entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
               entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
            {
                //We now know that the current identifier is a key identifier (maybe srk, but then the value is ignored by TPM_OSAP).
                //So we invoke the key manager to load the key with the specified identifier and establish an OSAP session
                _keyManager.LoadKey(identifier);
            }

            //handle is not known yet
            AuthHandle authHandle = new AuthHandle(AuthHandle.AuthType.OSAP, 0);
            authHandle.EntityType = entityLSB;
            authHandle.NewNonceOddOSAP();

            using(_keyManager.AcquireLock())
            {

                TPMBlob requestBlob = new TPMBlob();
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OSAP);
                requestBlob.WriteUInt16((ushort)(((ushort)entityMSB <<  8) | (ushort)entityLSB));

                if(entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
                   entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
                {
                    if (identifier == KeyHandle.KEY_SRK)
                    {
                        requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
                        authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_SRK;
                    }
                    else
                    {
                        KeyHandle keyHandle = _keyManager.IdentifierToHandle(identifier);
                        requestBlob.WriteUInt32(keyHandle.Handle);
                        authHandle.EntityValue = keyHandle.Handle;
                    }
                }
                else if(entityLSB == TPMEntityTypeLSB.TPM_ET_OWNER)
                {
                    requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_OWNER);
                    authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_OWNER;
                }

                requestBlob.Write(authHandle.NonceOddOSAP, 0, authHandle.NonceOddOSAP.Length);
                requestBlob.WriteCmdSize();

                _commandAuthHelper.EnsureFreeSlot();
                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            AuthHandleCore receivedAuthHandle = new AuthHandleCore(AuthHandle.AuthType.OSAP, _responseBlob);
            authHandle.UpdateFromOtherAuthHandle(receivedAuthHandle);

            _responseParameters = new Parameters();
            _responseParameters.AddValue("auth_handle", authHandle);
            return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OSAP, _responseParameters);
        }