protected void CheckResponseAuthInfo() { ResponseAuthHandleInfo[] responseAuthHandles = ResponseAuthHandleInfoCore.ReadAuthHandleInfos(this, _responseBlob); if (responseAuthHandles.Length != _currentAuthorizationInfos.Length) { throw new TPMResponseException( string.Format("Expected #{0} auth handles in response, but received #{1}", _currentAuthorizationInfos.Length, responseAuthHandles.Length)); } AuthorizationInfo[] responseAuthInfos = _commandAuthHelper.GenerateResponseAuthData(this); for (int i = 0; i < responseAuthHandles.Length; i++) { if (ByteHelper.CompareByteArrays(responseAuthHandles[i].TpmAuthData, responseAuthInfos[i].AuthData) == false) { throw new TPMResponseException("Received tpm authdata is not valid," + "maybe the response got modified!"); } } for (int i = 0; i < _currentAuthorizationInfos.Length; i++) { ResponseAuthHandleInfo current = responseAuthHandles[i]; if (current.ContinueAuthSession == false) { _commandAuthHelper.DestroyAuthorizationHandle(this, _currentAuthorizationInfos[i].Handle); } else { _currentAuthorizationInfos[i].Handle.UpdateNonceEven(current.NonceEven); } } }
public AuthorizationInfo[] GenerateResponseAuthData(IAuthorizableCommand cmd) { List <AuthorizationInfo> authorizationInfos = new List <AuthorizationInfo>(); List <ResponseAuthHandleInfo> responseAuthHandleInfos = new List <ResponseAuthHandleInfo>(cmd.ResponseAuthHandleInfos); responseAuthHandleInfos.Reverse(); List <AuthorizationInfo> localAuthorizationInfos = new List <AuthorizationInfo>(cmd.AuthorizationInfos); localAuthorizationInfos.Reverse(); Stack <ResponseAuthHandleInfo> responseAuthHandles = new Stack <ResponseAuthHandleInfo>(responseAuthHandleInfos); Stack <AuthorizationInfo> authorizationInfoQueue = new Stack <AuthorizationInfo>(localAuthorizationInfos); foreach (AuthSessionNum authSessionNum in new AuthSessionNum[] { AuthSessionNum.Auth1, AuthSessionNum.Auth2 }) { HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum); if (keyInfo == null) { continue; } ResponseAuthHandleInfo currentResponseAuthHandleInfo = responseAuthHandles.Pop(); AuthorizationInfo currentAuthorizationInfo = authorizationInfoQueue.Pop(); if (currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OIAP) { GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest (_ctx, new HashByteDataProvider(cmd.ResponseDigest), new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven), new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd), new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession) ); request.TpmSessionIdentifier = _tpmSessionIdentifier; request.KeyInfo = keyInfo; GenerateHMACResponse response = request.TypedExecute(); response.AssertResponse(); authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, response.TpmAuthData)); } else if (currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OSAP) { byte[] tpmAuth = new HMACProvider(currentAuthorizationInfo.Handle.SharedSecret).Hash( new HashByteDataProvider(cmd.ResponseDigest), new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven), new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd), new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession)); authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, tpmAuth)); } } return(authorizationInfos.ToArray()); }