/// <summary> /// Authorizes the command and returns the necessary authorization info /// Blocks till the user has entered the credentials /// </summary> /// <param name="cmd">Command to authorize</param> /// <returns></returns> public AuthorizationInfo[] AuthorizeCommand(IAuthorizableCommand cmd) { List<AuthorizationInfo> authorizationInfos = new List<AuthorizationInfo>(); using(AcquireLock()) { _tpmContext.AuthHandleManager.ReserveAuthHandleSlots(cmd); } foreach(AuthSessionNum authSessionNum in new AuthSessionNum[]{AuthSessionNum.Auth1, AuthSessionNum.Auth2}) { HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum); if(keyInfo == null) continue; AuthHandle authHandle; using(AcquireLock()) { authHandle = _tpmContext.AuthHandleManager.GetAuthHandle(cmd, authSessionNum); } //Generates the new nonceOdd before the client generates the auth data authHandle.NewNonceOdd(); if(authHandle.HandleAuthType == AuthHandle.AuthType.OIAP) { GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest (_ctx, new HashByteDataProvider(cmd.Digest), new HashByteDataProvider(authHandle.NonceEven), new HashByteDataProvider(authHandle.NonceOdd), new HashPrimitiveDataProvider(true) ); request.TpmSessionIdentifier = _tpmSessionIdentifier; request.KeyInfo = keyInfo; GenerateHMACResponse response = request.TypedExecute (); response.AssertResponse(); authorizationInfos.Add(new AuthorizationInfo(authHandle, true, response.TpmAuthData)); } else if(authHandle.HandleAuthType == AuthHandle.AuthType.OSAP) { AssureOSAPSharedSecret(cmd, authSessionNum); byte[] hmac = new HMACProvider(authHandle.SharedSecret).Hash( new HashByteDataProvider(cmd.Digest), new HashByteDataProvider(authHandle.NonceEven), new HashByteDataProvider(authHandle.NonceOdd), new HashPrimitiveDataProvider(false)); // GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest // (_ctx, // new HashByteDataProvider(cmd.Digest), // new HashByteDataProvider(authHandle.NonceEven), // new HashByteDataProvider(authHandle.NonceOdd), // new HashPrimitiveDataProvider(false) // ); // // // request.TpmSessionIdentifier = _tpmSessionIdentifier; // request.KeyInfo = keyInfo; // // // GenerateHMACResponse response = request.TypedExecute (); // response.AssertResponse(); // authorizationInfos.Add(new AuthorizationInfo(authHandle, false, hmac)); } } return authorizationInfos.ToArray(); }
public AuthorizationInfo[] GenerateResponseAuthData(IAuthorizableCommand cmd) { List<AuthorizationInfo> authorizationInfos = new List<AuthorizationInfo>(); List<ResponseAuthHandleInfo> responseAuthHandleInfos = new List<ResponseAuthHandleInfo>(cmd.ResponseAuthHandleInfos); responseAuthHandleInfos.Reverse(); List<AuthorizationInfo> localAuthorizationInfos = new List<AuthorizationInfo>(cmd.AuthorizationInfos); localAuthorizationInfos.Reverse(); Stack<ResponseAuthHandleInfo> responseAuthHandles = new Stack<ResponseAuthHandleInfo>(responseAuthHandleInfos); Stack<AuthorizationInfo> authorizationInfoQueue = new Stack<AuthorizationInfo>(localAuthorizationInfos); foreach(AuthSessionNum authSessionNum in new AuthSessionNum[]{AuthSessionNum.Auth1, AuthSessionNum.Auth2}) { HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum); if(keyInfo == null) continue; ResponseAuthHandleInfo currentResponseAuthHandleInfo = responseAuthHandles.Pop(); AuthorizationInfo currentAuthorizationInfo = authorizationInfoQueue.Pop(); if(currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OIAP) { GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest (_ctx, new HashByteDataProvider(cmd.ResponseDigest), new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven), new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd), new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession) ); request.TpmSessionIdentifier = _tpmSessionIdentifier; request.KeyInfo = keyInfo; GenerateHMACResponse response = request.TypedExecute (); response.AssertResponse(); authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, response.TpmAuthData)); } else if(currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OSAP) { byte[] tpmAuth = new HMACProvider(currentAuthorizationInfo.Handle.SharedSecret).Hash( new HashByteDataProvider(cmd.ResponseDigest), new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven), new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd), new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession)); authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, tpmAuth)); } } return authorizationInfos.ToArray(); }
private static void TestHMAC() { ILog log = LogManager.GetLogger("TestHMAC"); HashProvider hash = new HashProvider(); byte[] h1 = hash.Hash( new HashPrimitiveDataProvider((uint)0x3c), new HashPrimitiveDataProvider((ushort)0x00), new HashEnumDataProvider(testenum.test), new HashByteDataProvider(new byte[]{0xb3,0xd5,0xcb, 0x12,0x73, 0x8b, 0xb6, 0xf9, 0x21, 0xa3, 0xda, 0x42,0xe0, 0x18, 0xd1, 0x43, 0xfa, 0x29, 0x7c, 0xa6})); HMACProvider hmac = new HMACProvider( new byte[]{0x75, 0xf0, 0x86, 0x84, 0x78, 0x24, 0xf8, 0x79, 0x39, 0x5a, 0x18, 0x14, 0x1d, 0x19, 0x0c, 0x2f, 0x01, 0x29, 0x0b, 0x05}); byte[] h2 = new byte[20]; for(int i = 0; i<20; i++) h2[i] = 0xa5; byte[] h3 = new byte[]{ 0xb9, 0x73, 0x05, 0xfa, 0xdb, 0xe3, 0x4d, 0xc5, 0x46, 0x65, 0x10, 0x00, 0x0a, 0x55, 0x04, 0x2e, 0x3f, 0xea, 0xbf, 0x27}; byte[] result = hmac.Hash(new HashByteDataProvider(h1), new HashByteDataProvider(h2), new HashByteDataProvider(h3), new HashPrimitiveDataProvider(true)); byte[] expected = new byte[]{ 0x26, 0x7e, 0xca, 0x16, 0xa1, 0x4d, 0x36, 0xe6, 0x72, 0x2e, 0xaa, 0x7f, 0x7b, 0x53, 0x4a, 0xb3, 0xce, 0x8b, 0x2a, 0xaa}; for(int i = 0; i<20; i++) { if(result[i] != expected[i]) Console.WriteLine("FAILED"); } Console.WriteLine("SUCCESS"); }