예제 #1
0
        public override TPMCommandResponse Process()
        {
            byte[] nonce = NonceGenerator.GenerateByteNonce(20);

            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadPubek);
            requestBlob.Write(nonce, 0, nonce.Length);
            requestBlob.WriteCmdSize();

            TPMBlob responseBlob = TransmitMe(requestBlob);

            responseBlob.SkipHeader();

            long          posStart = responseBlob.Position;
            TPMPubkeyCore pubkey   = TPMPubkeyCore.CreateFromTPMBlob(responseBlob);
            long          posEnd   = responseBlob.Position;

            Digest digest = new Digest(responseBlob, 20);

            if (digest.CompareTo(
                    new HashStreamDataProvider(responseBlob, posStart, posEnd - posStart, false),
                    new HashByteDataProvider(nonce)) == false)
            {
                throw new TPMResponseException("Local digest does not match remote digest");
            }

            Parameters responseParams = new Parameters();

            responseParams.AddValue(TPMPubkey.PARAM_TPM_PUBKEY, pubkey);

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_ReadPubek, responseParams));
        }
예제 #2
0
        protected override TPMCommandResponse InternalProcess()
        {
            byte[] ownerAuth = _params.GetValueOf <byte[]> (PARAM_OWNERAUTH);
            byte[] srkAuth   = _params.GetValueOf <byte[]> (PARAM_SRKAUTH);


            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_TakeOwnership);

            requestBlob.WriteUInt16((ushort)TPMProtocolId.TPM_PID_OWNER);

            requestBlob.WriteUInt32((uint)ownerAuth.Length);
            requestBlob.Write(ownerAuth, 0, ownerAuth.Length);

            requestBlob.WriteUInt32((uint)srkAuth.Length);
            requestBlob.Write(srkAuth, 0, srkAuth.Length);

            _tpmKey.WriteToTpmBlob(requestBlob);

            _responseBlob = AuthorizeMeAndTransmit(requestBlob);

            CheckResponseAuthInfo();

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_TakeOwnership, new Parameters()));
        }
예제 #3
0
        public override TPMCommandResponse Process()
        {
            ITPMHandle handle = _params.GetValueOf <ITPMHandle> ("handle");

            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_FlushSpecific);
            requestBlob.WriteUInt32(handle.Handle);
            requestBlob.WriteUInt32((uint)handle.ResourceType);

            requestBlob.WriteCmdSize();

            try
            {
                TransmitMe(requestBlob);
            }
            catch (Exception)
            {
                if (!_params.GetValueOf <bool>("ignore_tpm_error", false))
                {
                    throw;
                }
            }

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_FlushSpecific, new Parameters()));
        }
예제 #4
0
        public override TPMCommandResponse Process()
        {
            if (_params.IsDefined <ITPMHandle>("handle") == false ||
                _params.IsDefined <byte[]>("context_blob") == false)
            {
                return(new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_LoadContext, new Parameters()));
            }

            ITPMHandle handle = _params.GetValueOf <ITPMHandle>("handle");


            TPMBlob blob = new TPMBlob();

            blob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_LoadContext);
            blob.WriteUInt32(handle.Handle);
            blob.WriteBool(handle.ForceHandle);
            blob.WriteUInt32((uint)handle.ContextBlob.Length);
            blob.Write(handle.ContextBlob, 0, handle.ContextBlob.Length);

            TPMBlob responseBlob = TransmitMe(blob);

            responseBlob.SkipHeader();
            handle.Handle = responseBlob.ReadUInt32();

            Parameters responseParameters = new Parameters();

            responseParameters.AddValue("handle", handle);

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_LoadContext, responseParameters));
        }
예제 #5
0
        protected override TPMCommandResponse InternalProcess()
        {
            TPMBlob ownerClearRequest = new TPMBlob();

            ownerClearRequest.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_OwnerClear);

            _responseBlob = AuthorizeMeAndTransmit(ownerClearRequest);

            CheckResponseAuthInfo();

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OwnerClear, new Parameters()));
        }
예제 #6
0
        protected override TPMCommandResponse InternalProcess()
        {
            // Unencrypted authorization values, they need to be XOR-Encrypted with
            // XOR(auth, SHA-1(OSAP shared secret | session nonce))
            //
            // OSAP_shared_secret = HMAC(key=usage secret of key handle, nonce even osap | nonce odd osap)
            AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);

            _encAuth = _params.GetValueOf <byte[]> ("data_auth");

            byte[] xorKey = new HashProvider().Hash(
                new HashByteDataProvider(auth1OSAP.SharedSecret),
                new HashByteDataProvider(auth1OSAP.NonceEven));

            ByteHelper.XORBytes(_encAuth, xorKey);

            //Load parent key if not loaded
            _keyManager.LoadKey(_params.GetValueOf <string>("key"));

            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Seal);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_encAuth, 0, 20);
            TPMBlobWriteableHelper.WriteITPMBlobWritableWithUIntSize(requestBlob, _pcrInfo);
            requestBlob.WriteUInt32((uint)_inData.Length);
            requestBlob.Write(_inData, 0, _inData.Length);

            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("key")).Handle);
                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            TPMStoredDataCore sealedData = TPMStoredDataCore.CreateFromTPMBlob(_responseBlob);

            Parameters responseParams = new Parameters();

            responseParams.AddPrimitiveType("data", ByteHelper.SerializeToBytes(sealedData));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Seal, responseParams));
        }
예제 #7
0
        protected override TPMCommandResponse InternalProcess()
        {
            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_LoadKey2);

            //If not loaded load now
            if (_params.GetValueOf <bool>("parent_key_srk") == false)
            {
                _keyManager.LoadKey(_params.GetValueOf <string>("parent_identifier"));
            }

            //To be inserted later
            requestBlob.WriteUInt32(0);

            _tpmKey.WriteToTpmBlob(requestBlob);

            //Blocking authorize, blocks till the user has entered the authorization data
            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                _keyManager.EnsureFreeSlot();
                uint tpmKeyHandle;

                if (_params.GetValueOf <bool>("parent_key_srk"))
                {
                    tpmKeyHandle = (uint)TPMKeyHandles.TPM_KH_SRK;
                }
                else
                {
                    tpmKeyHandle = _keyManager.IdentifierToHandle(_params.GetValueOf <string>("parent_identifier")).Handle;
                }

                //Write key handle to the first position after the header
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(tpmKeyHandle);

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();
            uint      loadedTpmHandle = _responseBlob.ReadUInt32();
            KeyHandle loadedHandle    = new KeyHandle(_params.GetValueOf <string>("key_identifier"), loadedTpmHandle);

            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("handle", loadedHandle);
            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_LoadKey2, _responseParameters));
        }
예제 #8
0
        protected override TPMCommandResponse InternalProcess()
        {
            using (TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_ReleaseCounter);
                requestBlob.WriteUInt32(_params.GetValueOf <uint>("counter_id"));

                _responseBlob = AuthorizeMeAndTransmit(requestBlob);
            }

            _responseParameters = new Parameters();

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters));
        }
예제 #9
0
        public override TPMCommandResponse Process()
        {
            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OIAP);
            requestBlob.WriteCmdSize();

            _commandAuthHelper.EnsureFreeSlot();
            TPMBlob responseBlob = TransmitMe(requestBlob);

            responseBlob.SkipHeader();
            AuthHandleCore authHandle = new AuthHandleCore(AuthHandle.AuthType.OIAP, responseBlob);

            _responseParameters = new Parameters();
            _responseParameters.AddValue("auth_handle", authHandle);
            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OIAP, _responseParameters));
        }
예제 #10
0
        public override TPMCommandResponse Process()
        {
            using (TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_GetRandom);
                requestBlob.WriteUInt32(_params.GetValueOf <uint>("bytes_requested"));
                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            uint responseByteSize = _responseBlob.ReadUInt32();

            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("data", _responseBlob.ReadBytes((int)responseByteSize));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_GetRandom, _responseParameters));
        }
예제 #11
0
        protected override TPMCommandResponse InternalProcess()
        {
            using (TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_IncrementCounter);
                requestBlob.WriteUInt32(_params.GetValueOf <uint>("counter_id"));

                _responseBlob = AuthorizeMeAndTransmit(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _responseBlob.ReadUInt32());
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters));
        }
예제 #12
0
        public override TPMCommandResponse Process()
        {
            using (TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_ReadCounter);
                requestBlob.WriteUInt32(_params.GetValueOf <uint>("counter_id"));

                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _params.GetValueOf <uint>("counter_id"));
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_ReadCounter, _responseParameters));
        }
예제 #13
0
        public override TPMCommandResponse Process()
        {
            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_PcrRead);
            requestBlob.WriteUInt32((uint)_register);
            requestBlob.WriteCmdSize();

            TPMBlob    responseBlob  = TransmitMe(requestBlob);
            Parameters responseParam = new Parameters();


            byte[] val = responseBlob.ReadBytes(20);

            responseParam.AddPrimitiveType("pcrnum", _register);
            responseParam.AddPrimitiveType("value", val);


            TPMCommandResponse response = new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_PCRRead, responseParam);

            return(response);
        }
예제 #14
0
        public override TPMCommandResponse Process()
        {
            //We don't have any meaningful labeldata we could include,
            //so generate some random
            byte[] labelData = new byte[16];
            Random r         = new Random();

            r.NextBytes(labelData);


            if (_params.IsDefined <ITPMHandle>("handle") == false)
            {
                return(new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_SaveContext, new Parameters()));
            }


            ITPMHandle handle = _params.GetValueOf <ITPMHandle>("handle");

            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_SaveContext);
            requestBlob.WriteUInt32(handle.Handle);
            requestBlob.WriteUInt32((uint)handle.ResourceType);
            requestBlob.Write(labelData, 0, labelData.Length);

            TPMBlob responseBlob = TransmitMe(requestBlob);

            responseBlob.SkipHeader();

            uint blobSize = responseBlob.ReadUInt32();

            byte[] contextBlob = responseBlob.ReadBytes((int)blobSize);

            Parameters responseParams = new Parameters();

            responseParams.AddPrimitiveType("context_blob", contextBlob);
            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_SaveContext, responseParams));
        }
예제 #15
0
        protected override TPMCommandResponse InternalProcess()
        {
            //Load parent key if not loaded
            _keyManager.LoadKey(_params.GetValueOf <string>("key"));

            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_UnBind);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.WriteUInt32((uint)_inData.Length);
            requestBlob.Write(_inData, 0, _inData.Length);

            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("key")).Handle);
                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            uint dataSize = _responseBlob.ReadUInt32();

            byte[] responseData = new byte[dataSize];
            _responseBlob.Read(responseData, 0, responseData.Length);

            Parameters responseParams = new Parameters();

            responseParams.AddPrimitiveType("data", responseData);

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Unbind, responseParams));
        }
예제 #16
0
        public override TPMCommandResponse Process()
        {
            using (TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_Extend);
                requestBlob.WriteUInt32(_params.GetValueOf <uint>("pcr"));

                byte[] digest = _params.GetValueOf <byte[]>("digest");
                if (digest.Length != 20)
                {
                    throw new ArgumentException("Digest needs to be of length '20'");
                }

                requestBlob.Write(digest, 0, digest.Length);

                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("pcr_value", _responseBlob.ReadBytes(20));
            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Extend, _responseParameters));
        }
예제 #17
0
        protected override TPMCommandResponse InternalProcess()
        {
            AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);

            byte[] xorKey = new HashProvider().Hash(
                new HashByteDataProvider(auth1OSAP.SharedSecret),
                new HashByteDataProvider(auth1OSAP.NonceEven));

            ByteHelper.XORBytes(_secret, xorKey);


            if (_secret.Length != 20)
            {
                throw new ArgumentException("secret needs to be 20 bytes long (SHA1 hash)");
            }

            if (_label.Length != 4)
            {
                throw new ArgumentException("Label needs to be 4 bytes long");
            }

            using (TPMBlob requestBlob = new TPMBlob())
            {
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateCounter);
                requestBlob.Write(_secret, 0, 20);
                requestBlob.Write(_label, 0, 4);

                _responseBlob = AuthorizeMeAndTransmit(requestBlob);
            }

            _responseBlob.SkipHeader();
            _responseParameters = new Parameters();
            _responseParameters.AddPrimitiveType("counter_id", _responseBlob.ReadUInt32());
            _responseParameters.AddValue("counter_value", TPMCounterValueCore.CreateFromTPMBlob(_responseBlob));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateCounter, _responseParameters));
        }
예제 #18
0
        protected override TPMCommandResponse InternalProcess()
        {
            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_GetPubKey);

            //If not loaded load now
            _keyManager.LoadKey(_params.GetValueOf <string>("key"));

            //KeyHandle To be inserted later
            requestBlob.WriteUInt32(0);

            //Blocking authorize, blocks till the user has entered the authorization data
            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                //Write key handle to the first position after the header
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("key")).Handle);

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            TPMPubkeyCore pubKey = TPMPubkeyCore.CreateFromTPMBlob(_responseBlob);

            Parameters responseParams = new Parameters();

            responseParams.AddValue("pubkey", pubKey);

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_GetPubKey, responseParams));
        }
예제 #19
0
        public override TPMCommandResponse Process()
        {
            TPMEntityTypeLSB entityLSB  = _params.GetValueOf <TPMEntityTypeLSB>("entity_lsb");
            TPMEntityTypeMSB entityMSB  = _params.GetValueOf <TPMEntityTypeMSB>("entity_msb");
            string           identifier = _params.GetValueOf <string>("entity_value");


            if (entityLSB != TPMEntityTypeLSB.TPM_ET_KEYHANDLE &&
                entityLSB != TPMEntityTypeLSB.TPM_ET_SRK &&
                entityLSB != TPMEntityTypeLSB.TPM_ET_OWNER)
            {
                throw new ArgumentException("TPM_OSAP does currently not support entityType: " + entityLSB.ToString());
            }

            if (entityMSB != TPMEntityTypeMSB.TPM_ET_XOR)
            {
                throw new ArgumentException(string.Format("TPM_OSAP does currently not support '{0}' EncAuth encryption", entityMSB));
            }


            if (entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
                entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
            {
                //We now know that the current identifier is a key identifier (maybe srk, but then the value is ignored by TPM_OSAP).
                //So we invoke the key manager to load the key with the specified identifier and establish an OSAP session
                _keyManager.LoadKey(identifier);
            }

            //handle is not known yet
            AuthHandle authHandle = new AuthHandle(AuthHandle.AuthType.OSAP, 0);

            authHandle.EntityType = entityLSB;
            authHandle.NewNonceOddOSAP();


            using (_keyManager.AcquireLock())
            {
                TPMBlob requestBlob = new TPMBlob();
                requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_OSAP);
                requestBlob.WriteUInt16((ushort)(((ushort)entityMSB << 8) | (ushort)entityLSB));

                if (entityLSB == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
                    entityLSB == TPMEntityTypeLSB.TPM_ET_SRK)
                {
                    if (identifier == KeyHandle.KEY_SRK)
                    {
                        requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
                        authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_SRK;
                    }
                    else
                    {
                        KeyHandle keyHandle = _keyManager.IdentifierToHandle(identifier);
                        requestBlob.WriteUInt32(keyHandle.Handle);
                        authHandle.EntityValue = keyHandle.Handle;
                    }
                }
                else if (entityLSB == TPMEntityTypeLSB.TPM_ET_OWNER)
                {
                    requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_OWNER);
                    authHandle.EntityValue = (uint)TPMKeyHandles.TPM_KH_OWNER;
                }

                requestBlob.Write(authHandle.NonceOddOSAP, 0, authHandle.NonceOddOSAP.Length);
                requestBlob.WriteCmdSize();

                _commandAuthHelper.EnsureFreeSlot();
                _responseBlob = TransmitMe(requestBlob);
            }

            _responseBlob.SkipHeader();
            AuthHandleCore receivedAuthHandle = new AuthHandleCore(AuthHandle.AuthType.OSAP, _responseBlob);

            authHandle.UpdateFromOtherAuthHandle(receivedAuthHandle);


            _responseParameters = new Parameters();
            _responseParameters.AddValue("auth_handle", authHandle);
            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_OSAP, _responseParameters));
        }
예제 #20
0
        protected override TPMCommandResponse InternalProcess()
        {
            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Quote);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_nonce, 0, 20);
            _pcrSelection.WriteToTpmBlob(requestBlob);

            _keyManager.LoadKey(_params.GetValueOf <string>("key"));

            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("key")).Handle);
                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            TPMPCRCompositeCore pcrComposite = TPMPCRCompositeCore.CreateFromTPMBlob(_responseBlob);
            uint sigSize = _responseBlob.ReadUInt32();

            byte[] signature = _responseBlob.ReadBytes((int)sigSize);

            // Do signature verification
            TPMQuoteInfoCore quoteInfo = TPMQuoteInfoCore.Create(new HashProvider().Hash(new HashTPMBlobWritableDataProvider(pcrComposite)), _nonce);

            byte[] signingData;
            using (TPMBlob blob = new TPMBlob())
            {
                quoteInfo.WriteToTpmBlob(blob);
                signingData = blob.ToArray();
            }

            Parameters pubKeyParams = new Parameters();

            pubKeyParams.AddPrimitiveType("key", _params.GetValueOf <string>("key"));
            TPMCommandRequest  pubKeyRequest  = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetPubKey, pubKeyParams);
            TPMCommandResponse pubKeyResponse = _tpmWrapper.Process(pubKeyRequest,
                                                                    _commandAuthHelper, _keyManager);

            if (pubKeyResponse.Status == false)
            {
                _log.FatalFormat("TPM_Quote: Could not retrieve pubkey of key");
                return(new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_Quote, new Parameters()));
            }

            TPMKey    keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(_params.GetValueOf <string>("key")));
            TPMPubkey pubkey  = pubKeyResponse.Parameters.GetValueOf <TPMPubkey>("pubkey");

            if (SignatureVerification.VerifySignature(keyInfo, pubkey, signingData, signature) == false)
            {
                throw new ArgumentException("The TPM_Quote signature could not be verified");
            }

            Parameters responseParams = new Parameters();

            responseParams.AddValue("pcrData", pcrComposite);
            responseParams.AddPrimitiveType("sig", signature);

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Quote, responseParams));
        }
예제 #21
0
        protected override TPMCommandResponse InternalProcess()
        {
            // Unencrypted authorization values, they need to be XOR-Encrypted with
            // XOR(auth, SHA-1(OSAP shared secret | session nonce))
            //
            // OSAP_shared_secret = HMAC(key=usage secret of key handle, nonce even osap | nonce odd osap)
            AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);


            _usageAuth     = _params.GetValueOf <byte[]> ("usage_auth");
            _migrationAuth = _params.GetValueOf <byte[]> ("migration_auth");
            byte[] xorKey = new HashProvider().Hash(
                new HashByteDataProvider(auth1OSAP.SharedSecret),
                new HashByteDataProvider(auth1OSAP.NonceEven));

            ByteHelper.XORBytes(_usageAuth, xorKey);
            ByteHelper.XORBytes(_migrationAuth, xorKey);

            //Load parent key if not loaded
            _keyManager.LoadKey(_params.GetValueOf <string>("parent"));

            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateWrapKey);

            //parent key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.Write(_usageAuth, 0, 20);
            requestBlob.Write(_migrationAuth, 0, 20);
            _tpmKey.WriteToTpmBlob(requestBlob);



            using (_keyManager.AcquireLock())
            {
                AuthorizeMe(requestBlob);
                requestBlob.SkipHeader();

                if (_params.GetValueOf <string>("parent") == KeyHandle.KEY_SRK)
                {
                    requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
                }
                else
                {
                    requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("parent")).Handle);
                }

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();
            TPMKeyCore newKey = new TPMKeyCore(_responseBlob);

            _responseParameters = new Parameters();

            //Build and save the key identifier
            //The key identifier is the hex-string representation of the hash of the newly created key
            _responseParameters.AddPrimitiveType("key_identifier",
                                                 ByteHelper.ByteArrayToHexString(
                                                     new HashProvider().Hash(
                                                         new HashByteDataProvider(
                                                             ByteHelper.SerializeToBytes(newKey)
                                                             )
                                                         ),
                                                     ""));

            _responseParameters.AddPrimitiveType("key_data", ByteHelper.SerializeToBytes(newKey));

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateWrapKey, _responseParameters));
        }
예제 #22
0
        protected override TPMCommandResponse InternalProcess()
        {
            string key = _params.GetValueOf <string>("key");

            _keyManager.LoadKey(key);

            TPMKey keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(key));

            if (keyInfo == null)
            {
                throw new ArgumentException(string.Format("TPM_Sign could not retrieve keyinfo for key '{0}'", key));
            }

            byte[] areaToSign = null;

            if (keyInfo.AlgorithmParams.SigScheme == TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1)
            {
                //Client has hopefully put data in the right format ready for the tpm to process
                if (_params.IsDefined <byte[]>("areaToSign"))
                {
                    areaToSign = _params.GetValueOf <byte[]>("areaToSign");
                }
                //Client just sends data, tpm lib cares about the right, signature dependent, processing
                else if (_params.IsDefined <byte[]>("data"))
                {
                    byte[] data = _params.GetValueOf <byte[]>("data");

                    areaToSign = new HashProvider().Hash(new HashByteDataProvider(data));
                }

                if (areaToSign.Length != 20)
                {
                    throw new ArgumentException(string.Format("Sig scheme '{0}' expects an area to sign with length 20!", keyInfo.AlgorithmParams.SigScheme));
                }
            }
            else
            {
                throw new ArgumentException(string.Format("TPM_Sign has not implemented signature scheme '{0}' for algorithm '{1}'", keyInfo.AlgorithmParams.SigScheme, keyInfo.AlgorithmParams.AlgorithmId));
            }


            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Sign);

            //key handle gets inserted later, it may be not available now
            requestBlob.WriteUInt32(0);
            requestBlob.WriteUInt32((uint)areaToSign.Length);
            requestBlob.Write(areaToSign, 0, areaToSign.Length);

            AuthorizeMe(requestBlob);

            using (_keyManager.AcquireLock())
            {
                requestBlob.SkipHeader();
                requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(key).Handle);

                _responseBlob = TransmitMe(requestBlob);
            }

            CheckResponseAuthInfo();

            _responseBlob.SkipHeader();

            uint sigSize = _responseBlob.ReadUInt32();

            byte[] signature = _responseBlob.ReadBytes((int)sigSize);

            Parameters responseParams = new Parameters();

            responseParams.AddPrimitiveType("sig", signature);
            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Sign, responseParams));
        }
예제 #23
0
        public override TPMCommandResponse Process()
        {
            TPMBlob requestBlob = new TPMBlob();

            requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_COMMAND, TPMOrdinals.TPM_ORD_GetCapability);
            requestBlob.WriteUInt32((uint)_capArea);

            switch (_capArea)
            {
            case CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL:
                //Subcaps are ignored by TPM_CAP_VERSION_VAL
                requestBlob.WriteUInt32(0);
                break;

            case CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE:
                requestBlob.WriteUInt32(4);
                requestBlob.WriteUInt32((uint)_param.GetValueOf <TPMResourceType> ("handle_type"));
                break;

            case CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY:
                CapabilityData.TPMSubCapProperty subCap = _param.GetValueOf <CapabilityData.TPMSubCapProperty> ("subCap");

                //Size of subcap
                requestBlob.WriteUInt32(4);
                requestBlob.WriteUInt32((uint)subCap);
                break;

            case CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE:

                CapabilityDataCore.TPMSelectSizeCore tpmSelectSize =
                    CapabilityDataCore.TPMSelectSizeCore.CreateVersion12(_param.GetValueOf <ushort>(CapabilityData.PARAM_PROP_SELECT_SIZE));

                TPMBlobWriteableHelper.WriteITPMBlobWritableWithUIntSize(requestBlob, tpmSelectSize);
                break;

            default:
                throw new NotSupportedException("Defined cap or subcap are not supported");
            }



//			if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL)
//			{
//				//Subcaps are ignored by TPM_CAP_VERSION_VAL
//				requestBlob.WriteUInt32 (0);
//			}
//			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE)
//			{
//				requestBlob.WriteUInt32 (4);
//				requestBlob.WriteUInt32 ((uint)_param.GetValueOf<TPMResourceType> ("handle_type"));
//			}
//			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY)
//			{
//				CapabilityData.TPMSubCapProperty subCap = _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap");
//
//				//Size of subcap
//				requestBlob.WriteUInt32 (4);
//				requestBlob.WriteUInt32 ((uint)subCap);
//			}
//			else
//				throw new NotSupportedException ("Defined cap or subcap are not supported");

            requestBlob.WriteCmdSize();

            TPMBlob responseBlob = TransmitMe(requestBlob);

            responseBlob.SkipHeader();

            Parameters parameters = new Parameters();


            switch (_capArea)
            {
            case CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL:
                CapabilityDataCore.TPMCapVersionInfoCore tpmVersionInfo = new CapabilityDataCore.TPMCapVersionInfoCore(responseBlob);
                parameters.AddValue(CapabilityData.PARAM_TPM_VERSION_INFO, tpmVersionInfo);
                break;

            case CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE:
                responseBlob.SkipHeader();

                //Reads the response size, which is ignored
                responseBlob.ReadUInt32();

                HandleListCore handleList = new HandleListCore(responseBlob, _param.GetValueOf <TPMResourceType> ("handle_type"));
                parameters.AddValue("handles", handleList);
                break;

            case CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY:
                responseBlob.SkipHeader();
                switch (_param.GetValueOf <CapabilityData.TPMSubCapProperty> ("subCap"))
                {
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR:
                    parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_PCR, ReadUInt32Response(responseBlob));
                    break;

                //case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_DIR:
                //    parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_DIR, ReadUInt32Response (responseBlob));
                //    break;
                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MANUFACTURER:
                    parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_MANUFACTURER, ReadUInt32Response(responseBlob));
                    break;

                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_KEYS:
                    parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_KEYS, ReadUInt32Response(responseBlob));
                    break;

                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS:
                    parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_MAX_AUTHSESS, ReadUInt32Response(responseBlob));
                    break;

                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS:
                    parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_MAX_TRANSESS, ReadUInt32Response(responseBlob));
                    break;

                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_KEYS:
                    parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_MAX_KEYS, ReadUInt32Response(responseBlob));
                    break;

                case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS:
                    parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_MAX_SESSIONS, ReadUInt32Response(responseBlob));
                    break;

                default:
                    throw new NotSupportedException("Defined cap or subcap are not supported");
                }
                break;

            case CapabilityData.TPMCapabilityArea.TPM_CAP_SELECT_SIZE:
                parameters.AddPrimitiveType(CapabilityData.PARAM_PROP_SELECT_SIZE, ReadBoolResponse(responseBlob));
                break;
            }



//			if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_VERSION_VAL)
//			{
//				CapabilityDataCore.TPMCapVersionInfoCore tpmVersionInfo = new CapabilityDataCore.TPMCapVersionInfoCore (responseBlob);
//				parameters.AddValue (CapabilityData.PARAM_TPM_VERSION_INFO, tpmVersionInfo);
//			}
//			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE)
//			{
//				responseBlob.SkipHeader ();
//
//				//Reads the response size, which is ignored
//				responseBlob.ReadUInt32 ();
//
//				HandleListCore handleList = new HandleListCore (responseBlob, _param.GetValueOf<TPMResourceType> ("handle_type"));
//				parameters.AddValue ("handles", handleList);
//			}
//
//
//			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
//				    _param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR)
//			{
//				responseBlob.SkipHeader ();
//				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_PCR, ReadUInt32Response (responseBlob));
//			}
//
//			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
//				_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS)
//			{
//				responseBlob.SkipHeader ();
//				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_AUTHSESS, ReadUInt32Response (responseBlob));
//			}
//
//			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
//				_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS)
//			{
//				responseBlob.SkipHeader ();
//				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_TRANSESS, ReadUInt32Response (responseBlob));
//			}
//
//			else if (_capArea == CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY &&
//				_param.GetValueOf<CapabilityData.TPMSubCapProperty> ("subCap") == CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS)
//			{
//				responseBlob.SkipHeader ();
//				parameters.AddPrimitiveType (CapabilityData.PARAM_PROP_MAX_SESSIONS, ReadUInt32Response (responseBlob));
//			}
//			else
//				throw new NotSupportedException("Defined cap or subcap are not supported");

            return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_GetCapability, parameters));
        }