Exemplo n.º 1
0
        public AuthorizationInfo[] GenerateResponseAuthData(IAuthorizableCommand cmd)
        {
            List <AuthorizationInfo> authorizationInfos = new List <AuthorizationInfo>();

            List <ResponseAuthHandleInfo> responseAuthHandleInfos = new List <ResponseAuthHandleInfo>(cmd.ResponseAuthHandleInfos);

            responseAuthHandleInfos.Reverse();

            List <AuthorizationInfo> localAuthorizationInfos = new List <AuthorizationInfo>(cmd.AuthorizationInfos);

            localAuthorizationInfos.Reverse();

            Stack <ResponseAuthHandleInfo> responseAuthHandles    = new Stack <ResponseAuthHandleInfo>(responseAuthHandleInfos);
            Stack <AuthorizationInfo>      authorizationInfoQueue = new Stack <AuthorizationInfo>(localAuthorizationInfos);

            foreach (AuthSessionNum authSessionNum in new AuthSessionNum[] { AuthSessionNum.Auth1, AuthSessionNum.Auth2 })
            {
                HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum);

                if (keyInfo == null)
                {
                    continue;
                }

                ResponseAuthHandleInfo currentResponseAuthHandleInfo = responseAuthHandles.Pop();
                AuthorizationInfo      currentAuthorizationInfo      = authorizationInfoQueue.Pop();


                if (currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OIAP)
                {
                    GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest
                                                      (_ctx,
                                                      new HashByteDataProvider(cmd.ResponseDigest),
                                                      new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven),
                                                      new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd),
                                                      new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession)
                                                      );


                    request.TpmSessionIdentifier = _tpmSessionIdentifier;
                    request.KeyInfo = keyInfo;


                    GenerateHMACResponse response = request.TypedExecute();
                    response.AssertResponse();

                    authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, response.TpmAuthData));
                }
                else if (currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OSAP)
                {
                    byte[] tpmAuth = new HMACProvider(currentAuthorizationInfo.Handle.SharedSecret).Hash(
                        new HashByteDataProvider(cmd.ResponseDigest),
                        new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven),
                        new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd),
                        new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession));

                    authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, tpmAuth));
                }
            }

            return(authorizationInfos.ToArray());
        }
Exemplo n.º 2
0
        /// <summary>
        /// Assures that the shared secret for the specified authorization handle has been
        /// calculated, if not it gets calculated. If no OSAP session exists, create it
        /// </summary>
        /// <param name="cmd"></param>
        /// <param name="sessionNum"></param>
        /// <returns></returns>
        public AuthHandle AssureOSAPSharedSecret(IAuthorizableCommand cmd, AuthSessionNum authSessionNum)
        {
//			using(AcquireLock())
//			{
//				//Must not be called for OSAP at the moment because OSAP session are not cached
//				_tpmContext.AuthHandleManager.ReserveAuthHandleSlots(cmd);
//			}
//
            HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum);

            if (keyInfo == null)
            {
                return(null);
            }

            AuthHandle authHandle;

            using (AcquireLock())
            {
                authHandle = _tpmContext.AuthHandleManager.GetAuthHandle(cmd, authSessionNum);
            }

            // If shared secret has not yet been generated, do it
            if (authHandle.SharedSecret == null)
            {
                GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest(
                    _ctx,
                    new HashByteDataProvider(authHandle.NonceEvenOSAP),
                    new HashByteDataProvider(authHandle.NonceOddOSAP)
                    );

                request.TpmSessionIdentifier = _tpmSessionIdentifier;

                Parameters paramsSharedSecret = new Parameters();

                if (cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_KEYHANDLE ||
                    cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_SRK)
                {
                    if (cmd.GetHandle(authSessionNum) == KeyHandle.KEY_SRK)
                    {
                        request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, new Parameters());
                    }
                    else
                    {
                        paramsSharedSecret.AddPrimitiveType("identifier", cmd.GetHandle(authSessionNum));
                        request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, paramsSharedSecret);
                    }
                }
                else if (cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_OWNER)
                {
                    request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.OwnerSecret, new Parameters());
                }
                else
                {
                    throw new NotSupportedException(string.Format("CommandAuthorizationHelper does not support entity type '{0}'",
                                                                  cmd.GetEntityType(authSessionNum)));
                }

                GenerateHMACResponse response = request.TypedExecute();
                response.AssertResponse();

                authHandle.SharedSecret = response.TpmAuthData;
            }

            return(authHandle);
        }
Exemplo n.º 3
0
        /// <summary>
        /// Authorizes the command and returns the necessary authorization info
        /// Blocks till the user has entered the credentials
        /// </summary>
        /// <param name="cmd">Command to authorize</param>
        /// <returns></returns>
        public AuthorizationInfo[] AuthorizeCommand(IAuthorizableCommand cmd)
        {
            List <AuthorizationInfo> authorizationInfos = new List <AuthorizationInfo>();

            using (AcquireLock())
            {
                _tpmContext.AuthHandleManager.ReserveAuthHandleSlots(cmd);
            }

            foreach (AuthSessionNum authSessionNum in new AuthSessionNum[] { AuthSessionNum.Auth1, AuthSessionNum.Auth2 })
            {
                HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum);

                if (keyInfo == null)
                {
                    continue;
                }

                AuthHandle authHandle;

                using (AcquireLock())
                {
                    authHandle = _tpmContext.AuthHandleManager.GetAuthHandle(cmd, authSessionNum);
                }

                //Generates the new nonceOdd before the client generates the auth data
                authHandle.NewNonceOdd();

                if (authHandle.HandleAuthType == AuthHandle.AuthType.OIAP)
                {
                    GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest
                                                      (_ctx,
                                                      new HashByteDataProvider(cmd.Digest),
                                                      new HashByteDataProvider(authHandle.NonceEven),
                                                      new HashByteDataProvider(authHandle.NonceOdd),
                                                      new HashPrimitiveDataProvider(true)
                                                      );


                    request.TpmSessionIdentifier = _tpmSessionIdentifier;
                    request.KeyInfo = keyInfo;


                    GenerateHMACResponse response = request.TypedExecute();
                    response.AssertResponse();

                    authorizationInfos.Add(new AuthorizationInfo(authHandle, true, response.TpmAuthData));
                }
                else if (authHandle.HandleAuthType == AuthHandle.AuthType.OSAP)
                {
                    AssureOSAPSharedSecret(cmd, authSessionNum);


                    byte[] hmac = new HMACProvider(authHandle.SharedSecret).Hash(
                        new HashByteDataProvider(cmd.Digest),
                        new HashByteDataProvider(authHandle.NonceEven),
                        new HashByteDataProvider(authHandle.NonceOdd),
                        new HashPrimitiveDataProvider(false));

//					GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest
//						(_ctx,
//						 new HashByteDataProvider(cmd.Digest),
//						 new HashByteDataProvider(authHandle.NonceEven),
//						 new HashByteDataProvider(authHandle.NonceOdd),
//						 new HashPrimitiveDataProvider(false)
//						 );
//
//
//					request.TpmSessionIdentifier = _tpmSessionIdentifier;
//					request.KeyInfo = keyInfo;
//
//
//					GenerateHMACResponse response = request.TypedExecute ();
//					response.AssertResponse();
//
                    authorizationInfos.Add(new AuthorizationInfo(authHandle, false, hmac));
                }
            }

            return(authorizationInfos.ToArray());
        }