/// <summary>
/// Creates a child of the given storage key, which can be used both for signing and decryption.
/// Illustrates strict mode effect on automatic authorization handling.
/// </summary>
/// <returns>Handle of the created key.</returns>
static TpmHandle CreateSigningDecryptionKey(Tpm2 tpm, TpmHandle primHandle, out TpmPublic keyPublic)
{
TpmPublic keyInPublic = new TpmPublic(
TpmAlgId.Sha1,
ObjectAttr.Decrypt | ObjectAttr.Sign | ObjectAttr.FixedParent | ObjectAttr.FixedTPM
| ObjectAttr.UserWithAuth | ObjectAttr.SensitiveDataOrigin,
new byte[0],
new RsaParms(
new SymDefObject(),
new NullAsymScheme(),
2048, 0),
new Tpm2bPublicKeyRsa());
SensitiveCreate sensCreate = new SensitiveCreate(new byte[] {1, 2, 3}, new byte[0]);
CreationData keyCreationData;
TkCreation creationTicket;
byte[] creationHash;
Console.WriteLine("Automatic authorization of a primary storage key.");
//
// An auth session is added automatically to authorize access to primHandle.
//
TpmPrivate keyPrivate = tpm.Create(primHandle,
sensCreate,
keyInPublic,
new byte[0],
new PcrSelection[0],
out keyPublic,
out keyCreationData,
out creationHash,
out creationTicket);
TpmHandle keyHandle = null;
Console.WriteLine("Strict mode.");
//
// Switch TPM object to the strict mode. (Note that this is a TSS.Net
// specific piece of functionality, not a part of TPM 2.0 specification).
//
tpm._Behavior.Strict = true;
//
// No auth session is added automatically when TPM object is in strict mode.
//
tpm._ExpectError(TpmRc.AuthMissing)
.Load(primHandle, keyPrivate, keyPublic);
//
// Now explicitly request an auth session of a desired type.
// The actual auth value will be supplied by TSS.Net implicitly.
//
keyHandle = tpm[Auth.Default].Load(primHandle, keyPrivate, keyPublic);
//
// Switch TPM object back to the normal mode.
//
tpm._Behavior.Strict = false;
Console.WriteLine("Signing decryption key created.");
return keyHandle;
}
/// <summary>
/// Illustrates various cases of automatic authorization handling.
/// </summary>
static void AutomaticAuth(Tpm2 tpm)
{
TpmHandle primHandle = CreateRsaPrimaryKey(tpm);
TpmPublic keyPublic;
TpmHandle keyHandle = CreateSigningDecryptionKey(tpm, primHandle, out keyPublic);
byte[] message = Globs.GetRandomBytes(32);
IAsymSchemeUnion decScheme = new SchemeOaep(TpmAlgId.Sha1);
ISigSchemeUnion sigScheme = new SchemeRsassa(TpmAlgId.Sha1);
byte[] encrypted = tpm.RsaEncrypt(keyHandle, message, decScheme, new byte[0]);
Console.WriteLine("Automatic authorization of a decryption key.");
//
// An auth session is added automatically when TPM object is not in strict mode.
//
byte[] decrypted1 = tpm.RsaDecrypt(keyHandle, encrypted, decScheme, new byte[0]);
byte[] nonceTpm;
Console.WriteLine("Session object construction.");
//
// If a session with specific properties is required, an AuthSession object
// can be built from the session handle returned by the TPM2_StartAuthSession
// command concatenated, if necessary, with session flags and unencrypted salt
// value (not used in this example).
//
AuthSession auditSess = tpm.StartAuthSession(
TpmRh.Null, // no salt
TpmRh.Null, // no bind object
Globs.GetRandomBytes(16), // nonceCaller
new byte[0], // no salt
TpmSe.Hmac, // session type
new SymDef(), // no encryption/decryption
TpmAlgId.Sha256, // authHash
out nonceTpm)
+ (SessionAttr.ContinueSession | SessionAttr.Audit);
/*
* Alternatively one of the StartAuthSessionEx helpers can be used). E.g.
*
* AuthSession auditSess = tpm.StartAuthSessionEx(TpmSe.Hmac, TpmAlgId.Sha256,
* SessionAttr.ContinueSession | SessionAttr.Audit);
*/
//
// TSS.Net specific call to verify TPM auditing correctness.
//
tpm._SetCommandAuditAlgorithm(TpmAlgId.Sha256);
Console.WriteLine("Automatic authorization using explicitly created session object.");
//
// Appropriate auth value is added automatically into the provided session.
//
byte[] decrypted2 = tpm[auditSess]._Audit()
.RsaDecrypt(keyHandle, encrypted, decScheme, new byte[0]);
ISignatureUnion signature;
Attest attest;
//
// A session is added automatically to authorize usage of the permanent
// handle TpmRh.Endorsement.
//
// Note that if auth value of TpmRh.Endorsement is not empty, you need to
// explicitly assign it to the tpm.EndorsementAuth property of the given
// Tpm2 object.
//
attest = tpm.GetSessionAuditDigest(TpmRh.Endorsement, TpmRh.Null, auditSess,
new byte[0], new NullSigScheme(), out signature);
//
// But if the corresponding auth value stored in the Tpm2 object is invalid, ...
//
AuthValue endorsementAuth = tpm.EndorsementAuth;
tpm.EndorsementAuth = Globs.ByteArray(16, 0xde);
//
// ... the command will fail.
//
tpm._ExpectError(TpmRc.BadAuth)
.GetSessionAuditDigest(TpmRh.Endorsement, TpmRh.Null, auditSess,
new byte[0], new NullSigScheme(), out signature);
//
// Restore correct auth value.
//
tpm.EndorsementAuth = endorsementAuth;
//
// Verify that decryption worked correctly.
//
Debug.Assert(Globs.ArraysAreEqual(decrypted1, decrypted2));
//
// Verify that auditing worked correctly.
//
SessionAuditInfo info = (SessionAuditInfo)attest.attested;
Debug.Assert(Globs.ArraysAreEqual(info.sessionDigest, tpm._GetAuditHash().HashData));
Console.WriteLine("Auth value tracking by TSS.Net.");
//
// Change auth value of the decryption key.
//
TpmPrivate newKeyPrivate = tpm.ObjectChangeAuth(keyHandle, primHandle, AuthValue.FromRandom(16));
TpmHandle newKeyHandle = tpm.Load(primHandle, newKeyPrivate, keyPublic);
//
// Allow non-exclusive usage of the audit session.
//
auditSess.Attrs &= ~SessionAttr.AuditExclusive;
//
// Correct auth value (corresponding to newKeyHandle, and different from
// the one used for keyHandle) will be added to auditSess.
//
decrypted1 = tpm[auditSess]._Audit()
.RsaDecrypt(newKeyHandle, encrypted, decScheme, new byte[0]);
Console.WriteLine("Automatic authorization with multiple sessions.");
//
// Now two sessions are auto-generated (for TpmRh.Endorsement and keyHandle).
//
attest = tpm.GetSessionAuditDigest(TpmRh.Endorsement, keyHandle, auditSess,
new byte[0], sigScheme, out signature);
//
// Verify that the previous command worked correctly.
//
bool sigOk = keyPublic.VerifySignatureOverData(Marshaller.GetTpmRepresentation(attest),
signature, TpmAlgId.Sha1);
Debug.Assert(sigOk);
//
// In the following example the first session is generated based on session
// type indicator (Auth.Pw), and the second one is added automatically.
//
attest = tpm[Auth.Pw].GetSessionAuditDigest(TpmRh.Endorsement, keyHandle, auditSess,
new byte[0], sigScheme, out signature);
//
// Verify that the previous command worked correctly.
//
sigOk = keyPublic.VerifySignatureOverData(Marshaller.GetTpmRepresentation(attest),
signature, TpmAlgId.Sha1);
Debug.Assert(sigOk);
//
// Release TPM resources that we do not need anymore.
//
tpm.FlushContext(newKeyHandle);
tpm.FlushContext(auditSess);
//
// The following example works correctly only when TPM resource management
// is not enabled (e.g. with TPM simulator, or when actual TPM is in raw mode).
//
if (!tpm._GetUnderlyingDevice().HasRM())
{
Console.WriteLine("Using session type indicators.");
//
// Deplete TPM's active session storage
//
List<AuthSession> landfill = new List<AuthSession>();
for (;;)
{
tpm._AllowErrors();
AuthSession s = tpm.StartAuthSessionEx(TpmSe.Hmac, TpmAlgId.Sha256,
SessionAttr.ContinueSession);
if (!tpm._LastCommandSucceeded())
{
break;
}
landfill.Add(s);
}
//
// Check if session type indicators are processed correctly
//
tpm[Auth.Hmac]._ExpectError(TpmRc.SessionMemory)
.RsaDecrypt(keyHandle, encrypted, new NullAsymScheme(), new byte[0]);
//
// Password authorization protocol session uses a predefined handle value,
// so it must work even when there are no free session slots in the TPM.
//
tpm[Auth.Pw].RsaDecrypt(keyHandle, encrypted, new NullAsymScheme(), new byte[0]);
//
// Check if default session type defined by the TPM device is processed correctly.
//
bool needHmac = tpm._GetUnderlyingDevice().NeedsHMAC;
tpm._GetUnderlyingDevice().NeedsHMAC = true;
tpm._ExpectError(TpmRc.SessionMemory)
.RsaDecrypt(keyHandle, encrypted, new NullAsymScheme(), new byte[0]);
tpm[Auth.Default]._ExpectError(TpmRc.SessionMemory)
.RsaDecrypt(keyHandle, encrypted, new NullAsymScheme(), new byte[0]);
tpm._GetUnderlyingDevice().NeedsHMAC = false;
tpm.RsaDecrypt(keyHandle, encrypted, new NullAsymScheme(), new byte[0]);
tpm[Auth.Default].RsaDecrypt(keyHandle, encrypted, new NullAsymScheme(), new byte[0]);
tpm._GetUnderlyingDevice().NeedsHMAC = needHmac;
landfill.ForEach(s => tpm.FlushContext(s));
}
//
// Release TPM resources.
//
tpm.FlushContext(keyHandle);
tpm.FlushContext(primHandle);
Console.WriteLine("Done.");
}
/// <summary>
/// This sample demonstrates the creation of a signing "primary" key and use of this
/// key to sign data, and use of the TPM and Tpm2Lib to validate the signature.
/// </summary>
/// <param name="args">Arguments to this program.</param>
static void Main(string[] args)
{
//
// Parse the program arguments. If the wrong arguments are given or
// are malformed, then instructions for usage are displayed and
// the program terminates.
//
string tpmDeviceName;
if (!ParseArguments(args, out tpmDeviceName))
{
WriteUsage();
return;
}
try
{
//
// Create the device according to the selected connection.
//
Tpm2Device tpmDevice;
switch (tpmDeviceName)
{
case DeviceSimulator:
tpmDevice = new TcpTpmDevice(DefaultSimulatorName, DefaultSimulatorPort);
break;
case DeviceWinTbs:
tpmDevice = new TbsDevice();
break;
default:
throw new Exception("Unknown device selected.");
}
//
// Connect to the TPM device. This function actually establishes the
// connection.
//
tpmDevice.Connect();
//
// Pass the device object used for communication to the TPM 2.0 object
// which provides the command interface.
//
var tpm = new Tpm2(tpmDevice);
if (tpmDevice is TcpTpmDevice)
{
//
// If we are using the simulator, we have to do a few things the
// firmware would usually do. These actions have to occur after
// the connection has been established.
//
tpmDevice.PowerCycle();
tpm.Startup(Su.Clear);
}
//
// AuthValue encapsulates an authorization value: essentially a byte-array.
// OwnerAuth is the owner authorization value of the TPM-under-test. We
// assume that it (and other) auths are set to the default (null) value.
// If running on a real TPM, which has been provisioned by Windows, this
// value will be different. An administrator can retrieve the owner
// authorization value from the registry.
//
var ownerAuth = new AuthValue();
//
// The TPM needs a template that describes the parameters of the key
// or other object to be created. The template below instructs the TPM
// to create a new 2048-bit non-migratable signing key.
//
var keyTemplate = new TpmPublic(TpmAlgId.Sha1, // Name algorithm
ObjectAttr.UserWithAuth | ObjectAttr.Sign | // Signing key
ObjectAttr.FixedParent | ObjectAttr.FixedTPM | // Non-migratable
ObjectAttr.SensitiveDataOrigin,
new byte[0], // No policy
new RsaParms(new SymDefObject(),
new SchemeRsassa(TpmAlgId.Sha1), 2048, 0),
new Tpm2bPublicKeyRsa());
//
// Authorization for the key we are about to create.
//
var keyAuth = new byte[] { 1, 2, 3 };
TpmPublic keyPublic;
CreationData creationData;
TkCreation creationTicket;
byte[] creationHash;
//
// Ask the TPM to create a new primary RSA signing key.
//
TpmHandle keyHandle = tpm[ownerAuth].CreatePrimary(
TpmHandle.RhOwner, // In the owner-hierarchy
new SensitiveCreate(keyAuth, new byte[0]), // With this auth-value
keyTemplate, // Describes key
new byte[0], // For creation ticket
new PcrSelection[0], // For creation ticket
out keyPublic, // Out pubKey and attributes
out creationData, out creationHash, // Not used here
out creationTicket);
//
// Print out text-versions of the public key just created
//
Console.WriteLine("New public key\n" + keyPublic.ToString());
//
// Use the key to sign some data
//
byte[] message = Encoding.Unicode.GetBytes("ABC");
TpmHash dataToSign = TpmHash.FromData(TpmAlgId.Sha1, message);
//
// A different structure is returned for each signing scheme,
// so cast the interface to our signature type (see third argument).
//
// As an alternative, 'signature' can be of type ISignatureUnion and
// cast to SignatureRssa whenever a signature specific type is needed.
//
var signature = tpm[keyAuth].Sign(keyHandle, // Handle of signing key
dataToSign.HashData, // Data to sign
new SchemeRsassa(TpmAlgId.Sha1), // Default scheme
TpmHashCheck.NullHashCheck()) as SignatureRsassa;
//
// Print the signature.
//
Console.WriteLine("Signature: " + BitConverter.ToString(signature.sig));
//
// Use the TPM library to validate the signature
//
bool sigOk = keyPublic.VerifySignatureOverData(message, signature);
if (!sigOk)
{
throw new Exception("Signature did not validate.");
}
Console.WriteLine("Verified signature with TPM2lib (software implementation).");
//
// Load the public key into another slot in the TPM and then
// use the TPM to validate the signature
//
TpmHandle pubHandle = tpm.LoadExternal(null, keyPublic, TpmHandle.RhOwner);
tpm.VerifySignature(pubHandle, dataToSign.HashData, signature);
Console.WriteLine("Verified signature with TPM.");
//
// The default behavior of Tpm2Lib is to create an exception if the
// signature does not validate. If an error is expected the library can
// be notified of this, or the exception can be turned into a value that
// can be later queried. The following are examples of this.
//
signature.sig[0] ^= 1;
tpm._ExpectError(TpmRc.Signature).VerifySignature(pubHandle, dataToSign.HashData, signature);
tpm._AllowErrors().VerifySignature(pubHandle, dataToSign.HashData, signature);
if (tpm._GetLastResponseCode() != TpmRc.Signature)
{
throw new Exception("TPM returned unexpected return code.");
}
Console.WriteLine("Verified that invalid signature causes TPM_RC_SIGNATURE return code.");
//
// Clean up of used handles.
//
tpm.FlushContext(keyHandle);
tpm.FlushContext(pubHandle);
//
// (Note that serialization is not supported on WinRT)
//
// Demonstrate the use of XML persistence by saving keyPublic to
// a file and making a copy by reading it back into a new object
//
// NOTE: 12-JAN-2016: May be removing support for policy
// serialization. We'd like to get feedback on whether
// this is a desirable feature and should be retained.
//
// {
// const string fileName = "sample.xml";
// string xmlVersionOfObject = keyPublic.GetXml();
// keyPublic.XmlSerializeToFile(fileName);
// var copyOfPublic = TpmStructureBase.XmlDeserializeFromFile<TpmPublic>(fileName);
//
// //
// // Demonstrate Tpm2Lib support of TPM-structure equality operators
// //
// if (copyOfPublic != keyPublic)
// {
// Console.WriteLine("Library bug persisting data.");
// }
// }
//
//
// Clean up.
//
tpm.Dispose();
}
catch (Exception e)
{
Console.WriteLine("Exception occurred: {0}", e.Message);
}
Console.WriteLine("Press Any Key to continue.");
Console.ReadLine();
}
