/// <summary>
/// Verify that quotedInfo is properly signed by an associated private key holder, and that the
/// quotedInfo.type, .extraData and .magic are correct. Also check that the certified name is what
/// the caller expects. The caller must check other fields (for instance the qualified name)
/// </summary>
/// <param name="name"></param>
/// <param name="nonce"></param>
/// <param name="quotedInfo"></param>
/// <param name="expectedName"></param>
/// <param name="signature"></param>
/// <returns></returns>
public bool VerifyCertify(TpmHash name, byte[] nonce, Attest quotedInfo, byte[] expectedName, ISignatureUnion signature)
{
// Check generic signature stuff
if (quotedInfo.type != TpmSt.AttestCertify)
{
return false;
}
if (!Globs.ArraysAreEqual(quotedInfo.extraData, nonce))
{
return false;
}
if (quotedInfo.magic != Generated.Value)
{
return false;
}
// Check specific certify-signature stuff
var certInfo = (CertifyInfo)quotedInfo.attested;
if (!Globs.ArraysAreEqual(expectedName, certInfo.name))
{
return false;
}
// Check the actual signature
TpmHash sigHash = TpmHash.FromData(TpmAlgId.Sha1, quotedInfo.GetTpmRepresentation());
bool certifyOk = VerifySignatureOverHash(sigHash, signature);
return certifyOk;
}
///<param name = "the_attestationData">the signed structure</param>
public Tpm2bAttest(
Attest the_attestationData
)
{
this.attestationData = the_attestationData;
}
/// <summary>
/// Verify that a TPM quote matches an expect PCR selection, is well formed, and is properly signed
/// by the private key corresponding to this public key.
/// </summary>
/// <param name="pcrDigestAlg"></param>
/// <param name="expectedSelectedPcr"></param>
/// <param name="expectedPcrValues"></param>
/// <param name="nonce"></param>
/// <param name="quotedInfo"></param>
/// <param name="signature"></param>
/// <param name="qualifiedNameOfSigner"></param>
/// <returns></returns>
public bool VerifyQuote(
TpmAlgId pcrDigestAlg,
PcrSelection[] expectedSelectedPcr,
Tpm2bDigest[] expectedPcrValues,
byte[] nonce,
Attest quotedInfo,
ISignatureUnion signature,
byte[] qualifiedNameOfSigner = null)
{
if (!(quotedInfo.attested is QuoteInfo))
{
return false;
}
if (quotedInfo.magic != Generated.Value)
{
return false;
}
if (!quotedInfo.extraData.IsEqual(nonce))
{
return false;
}
// Check environment of signer (name) is expected
if (qualifiedNameOfSigner != null)
{
if (!quotedInfo.qualifiedSigner.IsEqual(qualifiedNameOfSigner))
{
return false;
}
}
// Now check the quote-specific fields
var quoted = (QuoteInfo)quotedInfo.attested;
// Check values pcr indices are what we expect
if (!Globs.ArraysAreEqual(quoted.pcrSelect, expectedSelectedPcr))
{
return false;
}
// Check that values in the indices above are what we expect
// ReSharper disable once UnusedVariable
var expected = new PcrValueCollection(expectedSelectedPcr, expectedPcrValues);
var m = new Marshaller();
foreach (Tpm2bDigest d in expectedPcrValues)
{
m.Put(d.buffer, "");
}
TpmHash expectedPcrHash = TpmHash.FromData(pcrDigestAlg, m.GetBytes());
if (!Globs.ArraysAreEqual(expectedPcrHash, quoted.pcrDigest))
{
return false;
}
// And finally check the signature
bool sigOk = VerifySignatureOverData(quotedInfo.GetTpmRepresentation(), signature);
return sigOk;
}
public Tpm2bAttest()
{
attestationData = new Attest();
}
public Tpm2bAttest(Tpm2bAttest the_Tpm2bAttest)
{
if((Object) the_Tpm2bAttest == null ) throw new ArgumentException(Globs.GetResourceString("parmError"));
attestationData = the_Tpm2bAttest.attestationData;
}
///<param name = "the_certifyInfo">the structure that was signed</param>
///<param name = "the_signature">the asymmetric signature over certifyInfo using the key referenced by signHandle(One of SignatureRsassa, SignatureRsapss, SignatureEcdsa, SignatureEcdaa, SignatureSm2, SignatureEcschnorr, TpmHash, SchemeHash, NullSignature)</param>
public Tpm2NvCertifyResponse(
Attest the_certifyInfo,
ISignatureUnion the_signature
)
{
this.certifyInfo = the_certifyInfo;
this.signature = the_signature;
}
public Attest(Attest the_Attest)
{
if((Object) the_Attest == null ) throw new ArgumentException(Globs.GetResourceString("parmError"));
magic = the_Attest.magic;
qualifiedSigner = the_Attest.qualifiedSigner;
extraData = the_Attest.extraData;
clockInfo = the_Attest.clockInfo;
firmwareVersion = the_Attest.firmwareVersion;
}
///<param name = "the_timeInfo">standard TPM-generated attestation block</param>
///<param name = "the_signature">the signature over timeInfo(One of SignatureRsassa, SignatureRsapss, SignatureEcdsa, SignatureEcdaa, SignatureSm2, SignatureEcschnorr, TpmHash, SchemeHash, NullSignature)</param>
public Tpm2GetTimeResponse(
Attest the_timeInfo,
ISignatureUnion the_signature
)
{
this.timeInfo = the_timeInfo;
this.signature = the_signature;
}
public Tpm2NvCertifyResponse()
{
certifyInfo = new Attest();
}
///<param name = "the_auditInfo">the auditInfo that was signed</param>
///<param name = "the_signature">the signature over auditInfo(One of SignatureRsassa, SignatureRsapss, SignatureEcdsa, SignatureEcdaa, SignatureSm2, SignatureEcschnorr, TpmHash, SchemeHash, NullSignature)</param>
public Tpm2GetCommandAuditDigestResponse(
Attest the_auditInfo,
ISignatureUnion the_signature
)
{
this.auditInfo = the_auditInfo;
this.signature = the_signature;
}
public Tpm2GetTimeResponse()
{
timeInfo = new Attest();
}
public Tpm2GetCommandAuditDigestResponse()
{
auditInfo = new Attest();
}
public Tpm2GetSessionAuditDigestResponse()
{
auditInfo = new Attest();
}
///<param name = "the_quoted">the quoted information</param>
///<param name = "the_signature">the signature over quoted(One of SignatureRsassa, SignatureRsapss, SignatureEcdsa, SignatureEcdaa, SignatureSm2, SignatureEcschnorr, TpmHash, SchemeHash, NullSignature)</param>
public Tpm2QuoteResponse(
Attest the_quoted,
ISignatureUnion the_signature
)
{
this.quoted = the_quoted;
this.signature = the_signature;
}
public Tpm2QuoteResponse()
{
quoted = new Attest();
}
public Tpm2CertifyCreationResponse()
{
certifyInfo = new Attest();
}
