protected override TPMCommandResponse InternalProcess()
{
byte[] ownerAuth = _params.GetValueOf <byte[]> (PARAM_OWNERAUTH);
byte[] srkAuth = _params.GetValueOf <byte[]> (PARAM_SRKAUTH);
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_TakeOwnership);
requestBlob.WriteUInt16((ushort)TPMProtocolId.TPM_PID_OWNER);
requestBlob.WriteUInt32((uint)ownerAuth.Length);
requestBlob.Write(ownerAuth, 0, ownerAuth.Length);
requestBlob.WriteUInt32((uint)srkAuth.Length);
requestBlob.Write(srkAuth, 0, srkAuth.Length);
_tpmKey.WriteToTpmBlob(requestBlob);
_responseBlob = AuthorizeMeAndTransmit(requestBlob);
CheckResponseAuthInfo();
return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_TakeOwnership, new Parameters()));
}
protected override TPMCommandResponse InternalProcess()
{
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_LoadKey2);
//If not loaded load now
if (_params.GetValueOf <bool>("parent_key_srk") == false)
{
_keyManager.LoadKey(_params.GetValueOf <string>("parent_identifier"));
}
//To be inserted later
requestBlob.WriteUInt32(0);
_tpmKey.WriteToTpmBlob(requestBlob);
//Blocking authorize, blocks till the user has entered the authorization data
AuthorizeMe(requestBlob);
using (_keyManager.AcquireLock())
{
_keyManager.EnsureFreeSlot();
uint tpmKeyHandle;
if (_params.GetValueOf <bool>("parent_key_srk"))
{
tpmKeyHandle = (uint)TPMKeyHandles.TPM_KH_SRK;
}
else
{
tpmKeyHandle = _keyManager.IdentifierToHandle(_params.GetValueOf <string>("parent_identifier")).Handle;
}
//Write key handle to the first position after the header
requestBlob.SkipHeader();
requestBlob.WriteUInt32(tpmKeyHandle);
_responseBlob = TransmitMe(requestBlob);
}
CheckResponseAuthInfo();
_responseBlob.SkipHeader();
uint loadedTpmHandle = _responseBlob.ReadUInt32();
KeyHandle loadedHandle = new KeyHandle(_params.GetValueOf <string>("key_identifier"), loadedTpmHandle);
_responseParameters = new Parameters();
_responseParameters.AddPrimitiveType("handle", loadedHandle);
return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_LoadKey2, _responseParameters));
}
protected override TPMCommandResponse InternalProcess()
{
// Unencrypted authorization values, they need to be XOR-Encrypted with
// XOR(auth, SHA-1(OSAP shared secret | session nonce))
//
// OSAP_shared_secret = HMAC(key=usage secret of key handle, nonce even osap | nonce odd osap)
AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1);
_usageAuth = _params.GetValueOf <byte[]> ("usage_auth");
_migrationAuth = _params.GetValueOf <byte[]> ("migration_auth");
byte[] xorKey = new HashProvider().Hash(
new HashByteDataProvider(auth1OSAP.SharedSecret),
new HashByteDataProvider(auth1OSAP.NonceEven));
ByteHelper.XORBytes(_usageAuth, xorKey);
ByteHelper.XORBytes(_migrationAuth, xorKey);
//Load parent key if not loaded
_keyManager.LoadKey(_params.GetValueOf <string>("parent"));
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateWrapKey);
//parent key handle gets inserted later, it may be not available now
requestBlob.WriteUInt32(0);
requestBlob.Write(_usageAuth, 0, 20);
requestBlob.Write(_migrationAuth, 0, 20);
_tpmKey.WriteToTpmBlob(requestBlob);
using (_keyManager.AcquireLock())
{
AuthorizeMe(requestBlob);
requestBlob.SkipHeader();
if (_params.GetValueOf <string>("parent") == KeyHandle.KEY_SRK)
{
requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK);
}
else
{
requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("parent")).Handle);
}
_responseBlob = TransmitMe(requestBlob);
}
CheckResponseAuthInfo();
_responseBlob.SkipHeader();
TPMKeyCore newKey = new TPMKeyCore(_responseBlob);
_responseParameters = new Parameters();
//Build and save the key identifier
//The key identifier is the hex-string representation of the hash of the newly created key
_responseParameters.AddPrimitiveType("key_identifier",
ByteHelper.ByteArrayToHexString(
new HashProvider().Hash(
new HashByteDataProvider(
ByteHelper.SerializeToBytes(newKey)
)
),
""));
_responseParameters.AddPrimitiveType("key_data", ByteHelper.SerializeToBytes(newKey));
return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateWrapKey, _responseParameters));
}
