Exemplo n.º 1
0
        /// <summary>
        /// Selects the specified tpm device (if the authenticated user has the permission)
        /// </summary>
        /// <param name="subsystem"></param>
        /// <param name="requestContext"></param>
        private void HandleSelectTPMRequest(TPMSubsystem subsystem, RequestContext <SelectTPMRequest, SelectTPMResponse> requestContext)
        {
            if (!AssertUserAuthentication("select_" + requestContext.Request.TPMIdentifier, requestContext.CreateResponse()))
            {
                return;
            }

            SelectTPMResponse response = requestContext.CreateResponse();

            if (ServerContext.TPMContexts.ContainsKey(requestContext.Request.TPMIdentifier) == false)
            {
                response.Succeeded = false;
                response.SetKnownErrorCode(TPMSubsystemResponseBase.ErrorCodeEnum.TPMDeviceNotFound);
                response.Execute();
                return;
            }


            lock (_selectedTPMs)
            {
                int myId = (++_maxTPMIdentifier);

                _selectedTPMs.Add(myId, ServerContext.TPMContexts[requestContext.Request.TPMIdentifier]);
                response.TPMSessionIdentifier = myId;
            }

            response.Execute();
        }
Exemplo n.º 2
0
        /// <summary>
        /// Retrieves informations about keys
        /// </summary>
        /// <param name="subsystem"></param>
        /// <param name="requestContext"></param>
        private void HandleKeyInfoRequest(TPMSubsystem subsystem, RequestContext <KeyInfoRequest, KeyInfoResponse> requestContext)
        {
            TPMContext      tpmContext;
            KeyInfoResponse response;

            lock (_selectedTPMs)
            {
                if (_selectedTPMs.ContainsKey(requestContext.Request.TPMIdentifier) == false)
                {
                    response           = requestContext.CreateResponse();
                    response.Succeeded = false;
                    response.SetKnownErrorCode(TPMSubsystemResponseBase.ErrorCodeEnum.TPMIdentifierNotValid);
                    response.Execute();
                    return;
                }

                tpmContext = _selectedTPMs[requestContext.Request.TPMIdentifier];
            }

            if (!AssertUserAuthentication("key_info_" + _selectedTPMs[requestContext.Request.TPMIdentifier].DeviceName, requestContext.CreateResponse()))
            {
                return;
            }

            KeyManagerHelper keyManagerHelper = new KeyManagerHelper(ServerContext, tpmContext, requestContext.Request.TPMIdentifier,
                                                                     new CommandAuthorizationHelper(ServerContext, requestContext.Request.TPMIdentifier, tpmContext));

            if (keyManagerHelper.ContainsIdentifier(requestContext.Request.KeyIdentifier) == false)
            {
                response           = requestContext.CreateResponse();
                response.Succeeded = false;
                response.SetKnownErrorCode(TPMSubsystemResponseBase.ErrorCodeEnum.NotAValidKeyIdentifier);
                response.Execute();
                return;
            }

            byte[] keyBlob = keyManagerHelper.GetKeyBlob(requestContext.Request.KeyIdentifier);
            response           = requestContext.CreateResponse();
            response.Succeeded = true;
            response.TPMKey    = TPMKeyCore.CreateFromBytes(keyBlob);
            response.Execute();
        }
Exemplo n.º 3
0
        /// <summary>
        /// Lists all available TPM devices, that can be accessed by the authenticated user
        /// </summary>
        /// <param name="subsystem"></param>
        /// <param name="requestContext"></param>
        private void HandleListTPMsRequest(TPMSubsystem subsystem, RequestContext <ListTPMsRequest, ListTPMsResponse> requestContext)
        {
            if (!AssertUserAuthentication(null, requestContext.CreateResponse()))
            {
                return;
            }

            List <string> tpmDevices = new List <string> ();

            foreach (KeyValuePair <string, TPMContext> ctx in ServerContext.TPMContexts)
            {
                if (IsAllowedToUseTPMDevice(ctx.Key))
                {
                    tpmDevices.Add(ctx.Key);
                }
            }

            ListTPMsResponse response = requestContext.CreateResponse();

            response.TPMDevices = tpmDevices.ToArray();
            response.Execute();
        }
Exemplo n.º 4
0
        private void HandleTPMRequest(TPMSubsystem subsystem, RequestContext <TPMRequest, TPMResponse> requestContext)
        {
            if (!AssertUserAuthentication(null, requestContext.CreateResponse()))
            {
                return;
            }



            TPMContext  tpmContext;
            TPMResponse response;

            lock (_selectedTPMs)
            {
                if (_selectedTPMs.ContainsKey(requestContext.Request.TPMIdentifier) == false)
                {
                    response           = requestContext.CreateResponse();
                    response.Succeeded = false;
                    response.SetKnownErrorCode(TPMSubsystemResponseBase.ErrorCodeEnum.TPMIdentifierNotValid);
                    response.Execute();
                    return;
                }

                tpmContext = _selectedTPMs[requestContext.Request.TPMIdentifier];
            }

            string commandIdentifier = requestContext.Request.CommandRequest.CommandIdentifier;

            if (IsAllowedToRunCommand(commandIdentifier, tpmContext) == false)
            {
                response           = requestContext.CreateResponse();
                response.Succeeded = false;
                response.SetKnownCommonError(SubsystemResponse.CommonErrorCodes.NotPermitted);
                response.Execute();
                return;
            }

            _logger.DebugFormat("Executing {0}", requestContext.Request.CommandRequest.CommandIdentifier);

            response = requestContext.CreateResponse();
            try
            {
                TPMCommandResponse commandResponse;

                //Locking here is not a good idea, because the Process method
                //block until the final command is executed. This could take a long time,
                //because the user might be asked to authenticate several commands
                //lock (tpmContext)
                //{
                ICommandAuthorizationHelper commandAuthHelper = new CommandAuthorizationHelper(ServerContext, requestContext.Request.TPMIdentifier, tpmContext);
                commandResponse = tpmContext.TPM.Process(requestContext.Request.CommandRequest,
                                                         commandAuthHelper,
                                                         new KeyManagerHelper(ServerContext, tpmContext, requestContext.Request.TPMIdentifier, commandAuthHelper));
                //}

                response.CommandResponse = commandResponse;
                response.Execute();
            }
            catch (Exception ex)
            {
                _logger.FatalFormat("Error processing TPMRequest: {0}", ex);
                response.Succeeded          = false;
                response.CustomErrorMessage = ex.Message;
                response.Execute();
            }
        }