private TPMCommandResponse BuildDoVerifyRequest(string commandIdentifier, Parameters parameters)
{
TPMCommandRequest versionRequest = new TPMCommandRequest (commandIdentifier, parameters);
TPMCommandResponse response = _tpmSession.DoTPMCommandRequest (versionRequest);
if (response.Status == false)
throw new TPMRequestException ("An unknown tpm error occured");
return response;
}
public static TPMCommand Create(TPMCommandRequest request)
{
if (commands_.ContainsKey (request.CommandIdentifier))
{
ConstructorInfo ctorInfo = commands_[request.CommandIdentifier].GetConstructor (new Type[0]);
if (ctorInfo == null)
throw new ArgumentException (string.Format ("Cannot create TpmCommand for command request with identifier '{0}'",
request.CommandIdentifier));
return (TPMCommand)ctorInfo.Invoke (new object[0]);
}
else
throw new NotSupportedException (string.Format ("Cannot find TpmCommand for command request with identifier '{0}'",
request.CommandIdentifier));
}
/// <summary>
/// Reads the configured tpm devices from the configuration and
/// sets up the corresponding tpm contexts
/// </summary>
private void SetupTPMContexts()
{
IConnectionsConfiguration connectionConfig = (IConnectionsConfiguration)ConfigurationManager.GetSection ("connections");
foreach (Iaik.Tc.TPM.Configuration.DotNetConfiguration.TPMDevice device in connectionConfig.TpmDevices)
{
try
{
_logger.InfoFormat ("Setting up tpm context '{0}'", device.TPMName);
TPMWrapper tpmDevice = new TPMWrapper ();
tpmDevice.Init (device.TPMType, device.Parameters);
TPMContext tpmContext = new TPMContext (device.TPMName, tpmDevice);
_tpmContexts.Add (device.TPMName, tpmContext);
_logger.InfoFormat ("Flushing device '{0}'", device.TPMName);
foreach (TPMResourceType resourceType in new TPMResourceType[] {
TPMResourceType.TPM_RT_AUTH, TPMResourceType.TPM_RT_KEY})
{
Parameters listLoadedHandlesParameters = new Parameters ();
listLoadedHandlesParameters.AddPrimitiveType ("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE);
listLoadedHandlesParameters.AddPrimitiveType ("handle_type", resourceType);
TPMCommandRequest listLoadedHandlesRequest = new TPMCommandRequest (TPMCommandNames.TPM_CMD_GetCapability,
listLoadedHandlesParameters);
TPMCommandResponse response = tpmDevice.Process (listLoadedHandlesRequest);
if (response.Status == false)
throw new Exception ("An unknown tpm exception while flushing occured");
foreach (uint handle in response.Parameters.GetValueOf<HandleList> ("handles"))
{
Parameters flushParameters = new Parameters ();
flushParameters.AddValue ("handle", HandleFactory.Create (resourceType, handle));
TPMCommandRequest flushRequest = new TPMCommandRequest (TPMCommandNames.TPM_CMD_FlushSpecific, flushParameters);
TPMCommandResponse flushResponse = tpmDevice.Process (flushRequest);
if (flushResponse.Status == false)
throw new Exception ("Something went wrong while flushing");
}
}
_logger.InfoFormat ("Successfully setup tpm context '{0}' with type '{1}'", device.TPMName, device.TPMType);
}
catch (Exception ex)
{
_logger.FatalFormat ("Error setting up tpm device '{0}', the device will not be available ({1})", device.TPMName, ex);
}
///Set the Assembly search order for incoming Parameters so that core classes are always at first
Parameters.AssemblySearchOrder = new Assembly[]{
typeof(TPMWrapper).Assembly, //lib core
typeof(ITypedParameter).Assembly}; //lib common
}
}
protected override TPMCommandResponse InternalProcess()
{
TPMBlob requestBlob = new TPMBlob();
requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Quote);
//key handle gets inserted later, it may be not available now
requestBlob.WriteUInt32(0);
requestBlob.Write(_nonce, 0, 20);
_pcrSelection.WriteToTpmBlob(requestBlob);
_keyManager.LoadKey(_params.GetValueOf<string>("key"));
AuthorizeMe(requestBlob);
using(_keyManager.AcquireLock())
{
requestBlob.SkipHeader();
requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("key")).Handle);
_responseBlob = TransmitMe(requestBlob);
}
CheckResponseAuthInfo();
_responseBlob.SkipHeader();
TPMPCRCompositeCore pcrComposite = TPMPCRCompositeCore.CreateFromTPMBlob(_responseBlob);
uint sigSize = _responseBlob.ReadUInt32();
byte[] signature = _responseBlob.ReadBytes((int)sigSize);
// Do signature verification
TPMQuoteInfoCore quoteInfo = TPMQuoteInfoCore.Create(new HashProvider().Hash(new HashTPMBlobWritableDataProvider(pcrComposite)), _nonce);
byte[] signingData;
using (TPMBlob blob = new TPMBlob())
{
quoteInfo.WriteToTpmBlob(blob);
signingData = blob.ToArray();
}
Parameters pubKeyParams = new Parameters();
pubKeyParams.AddPrimitiveType("key", _params.GetValueOf<string>("key"));
TPMCommandRequest pubKeyRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetPubKey, pubKeyParams);
TPMCommandResponse pubKeyResponse = _tpmWrapper.Process(pubKeyRequest,
_commandAuthHelper, _keyManager);
if (pubKeyResponse.Status == false)
{
_log.FatalFormat("TPM_Quote: Could not retrieve pubkey of key");
return new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_Quote, new Parameters());
}
TPMKey keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(_params.GetValueOf<string>("key")));
TPMPubkey pubkey = pubKeyResponse.Parameters.GetValueOf<TPMPubkey>("pubkey");
if (SignatureVerification.VerifySignature(keyInfo, pubkey, signingData, signature) == false)
{
throw new ArgumentException("The TPM_Quote signature could not be verified");
}
Parameters responseParams = new Parameters();
responseParams.AddValue("pcrData", pcrComposite);
responseParams.AddPrimitiveType("sig", signature);
return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Quote, responseParams);
}
public TPMCommandResponse Process(TPMCommandRequest request, ICommandAuthorizationHelper commandAuthorizationHelper,
IKeyManagerHelper keyManager)
{
TPMCommand command = TPMCommandFactory.Create (request.CommandIdentifier);
command.SetCommandLockProvider(_commandLockProvider);
command.SetKeyManager(keyManager);
command.SetCommandAuthorizationHelper(commandAuthorizationHelper);
command.Init (request.Parameters, _backend, this);
return command.Process ();
}
public TPMCommandResponse Process(TPMCommandRequest request)
{
return Process(request, null, null);
}
private static void ReadPCRs(TPMWrapper tpm)
{
uint i = 0;
ILog log = LogManager.GetLogger("ReadPCRs");
Parameters param = new Parameters();
param.AddPrimitiveType("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY);
param.AddPrimitiveType("subCap", CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR);
TPMCommandRequest request = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetCapability, param);
TPMCommandResponse response = tpm.Process(request);
uint maxPcrs = response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_PCR);
for(i=0; i<maxPcrs; ++i){
param = new Parameters();
param.AddPrimitiveType("pcrnum", i);
TPMCommandRequest req = new TPMCommandRequest(TPMCommandNames.TPM_CMD_PCRRead,param);
TPMCommandResponse resp = tpm.Process(req);
byte[] val = resp.Parameters.GetValueOf<byte[]>("value");
log.InfoFormat("Answer for PCR {0} is: 0x{1}", resp.Parameters.GetValueOf<UInt32>("pcrnum"),
ByteHelper.ByteArrayToHexString(val));
}
// TPMCommandRequest req = new TPMCommandRequest(TPMCommandNames.TPM_CMD_PCRRead, null);
// TPMCommand com = TPMCommandFactory.Create(req);
// com.Init(param, tpm);
// com.Process();
//Console.WriteLine ("Hello World!");
}
private static void ReadCapabilities(TPMWrapper tpm)
{
ILog log = LogManager.GetLogger("ReadCapabilities");
// Read out each capability property
foreach(CapabilityData.TPMSubCapProperty subCap in Enum.GetValues(typeof(CapabilityData.TPMSubCapProperty)))
{
Parameters param = new Parameters();
param.AddPrimitiveType("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY);
param.AddPrimitiveType("subCap", subCap);
TPMCommandRequest request = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetCapability, param);
TPMCommandResponse response = tpm.Process(request);
switch(subCap)
{
case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR:
log.InfoFormat("Number of PCRs is {0}", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_PCR));
break;
//case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_DIR:
// log.InfoFormat("Number of DIR is {0} and should be 1 because command is deprecated", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_DIR));
// break;
case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MANUFACTURER:
log.InfoFormat("Manufacturer ID is {0}", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_MANUFACTURER));
break;
case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_KEYS:
log.InfoFormat("Number of free keyslots is {0}", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_KEYS));
break;
case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS:
log.InfoFormat("Number of max Auth Sessions is {0}", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_MAX_AUTHSESS));
break;
case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS:
log.InfoFormat("Number of max Trans Sessions is {0}", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_MAX_TRANSESS));
break;
case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_KEYS:
log.InfoFormat("Number of max keys (without EK and SRK) is {0}", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_MAX_KEYS));
break;
case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS:
log.InfoFormat("Number of max Sessions is {0}", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_MAX_SESSIONS));
break;
default:
throw new NotSupportedException("Defined cap or subcap are not supported");
}
}
}
private static AuthHandle EstablishOIAP(TPMWrapper tpm)
{
ILog log = LogManager.GetLogger ("EstablishOIAP");
for (int i = 0; i < 2; i++)
{
TPMCommandRequest request = new TPMCommandRequest (TPMCommandNames.TPM_CMD_OIAP, new Parameters ());
TPMCommandResponse response = tpm.Process (request);
AuthHandle myAuthHandle = response.Parameters.GetValueOf<AuthHandle> ("auth_handle");
// Parameters parameters = new Parameters ();
// parameters.AddValue ("handle", myAuthHandle);
// TPMCommandRequest requestFlush = new TPMCommandRequest (TPMCommandNames.TPM_CMD_FLUSH_SPECIFIC, parameters);
// tpm.Process (requestFlush);
//return myAuthHandle;
}
Parameters listHandlesParameters = new Parameters ();
listHandlesParameters.AddPrimitiveType ("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE);
listHandlesParameters.AddPrimitiveType ("handle_type", TPMResourceType.TPM_RT_AUTH);
TPMCommandRequest listHandlesRequest = new TPMCommandRequest (TPMCommandNames.TPM_CMD_GetCapability, listHandlesParameters);
TPMCommandResponse listHandlesResponse = tpm.Process (listHandlesRequest);
HandleList loadedKeyHandles = listHandlesResponse.Parameters.GetValueOf<HandleList> ("handles");
return null;
}
public void Init(bool forEncryption, ICipherParameters parameters)
{
_forEncryption = forEncryption;
if(forEncryption)
{
_encryptor = _keyHandle.PublicKey.CreateRSAEncrypter();
Parameters bindParameters = new Parameters();
bindParameters.AddPrimitiveType("type", "request_prefix");
TPMCommandRequest bindPrefixRequest = new TPMCommandRequest(
TPMCommandNames.TPM_CMD_Bind, bindParameters);
_prefix = _session.DoTPMCommandRequest(bindPrefixRequest).Parameters.GetValueOf<byte[]>("prefix");
}
}
