private AuthHandleItem FindReservedHandle(IAuthorizableCommand cmd, AuthSessionNum authSession) { foreach (AuthHandleItem handle in _authHandles.FindAuthHandles(AuthHandleItem.AuthHandleStatus.SwappedIn)) { if (handle.AssociatedCommand == null) { continue; } if (handle.AssociatedCommand.Value.Key == authSession && handle.AssociatedCommand.Value.Value == cmd) { return(handle); } } foreach (AuthHandleItem handle in _authHandles.FindAuthHandles(AuthHandleItem.AuthHandleStatus.SwappedOut)) { if (handle.AssociatedCommand == null) { continue; } if (handle.AssociatedCommand.Value.Key == authSession && handle.AssociatedCommand.Value.Value == cmd) { return(handle); } } return(null); }
public void LoadAuthHandle(AuthHandle authHandle) { using (new LockContext(_authHandles, "AuthHandleManager::LoadAuthHandle")) { List <AuthHandleItem> myAuthHandles = _authHandles.FindAuthHandles(AuthHandleItem.AuthHandleStatus.SwappedOut); _logger.DebugFormat("LoadAuthHandle: #{0}", myAuthHandles.Count); foreach (AuthHandleItem handleItem in myAuthHandles) { _logger.DebugFormat("LoadAuthHandles: Found auth handle {0} with status {1}", handleItem.AuthHandle, handleItem.Status); if (handleItem.AuthHandle == authHandle && handleItem.Status != AuthHandleItem.AuthHandleStatus.SwappedIn) { //If we have an OSAP auth handle, make sure that the corresponding resource is loaded AuthSessionNum authSession = handleItem.AssociatedCommand.Value.Key; IAuthorizableCommand cmd = handleItem.AssociatedCommand.Value.Value; KeyHandle newKeyHandle; if (cmd.GetEntityType(authSession) == TPMEntityTypeLSB.TPM_ET_KEYHANDLE && cmd.GetHandle(authSession) != KeyHandle.KEY_SRK) { cmd.KeyManager.LoadKey(cmd.GetHandle(authSession)); newKeyHandle = cmd.KeyManager.IdentifierToHandle(cmd.GetHandle(authSession)); if (handleItem.AuthHandle.EntityValue != newKeyHandle.Handle) { throw new ArgumentException(string.Format("OSAP with entity type={0}, entity value={1} could not be restored", handleItem.AuthHandle.EntityType, handleItem.AuthHandle.EntityValue)); } } SwapIn(handleItem); _logger.DebugFormat("LoadAuthHandles: Swapped in {0}", handleItem.AuthHandle); } } } }
private AuthHandleItem[] FindReservedHandles(IAuthorizableCommand cmd) { List <AuthHandleItem> returnValues = new List <AuthHandleItem>(); foreach (AuthHandleItem handle in _authHandles.FindAuthHandles(AuthHandleItem.AuthHandleStatus.SwappedIn)) { if (handle.AssociatedCommand == null) { continue; } if (handle.AssociatedCommand.Value.Value == cmd) { returnValues.Add(handle); } } foreach (AuthHandleItem handle in _authHandles.FindAuthHandles(AuthHandleItem.AuthHandleStatus.SwappedOut)) { if (handle.AssociatedCommand == null) { continue; } if (handle.AssociatedCommand.Value.Value == cmd) { returnValues.Add(handle); } } return(returnValues.ToArray()); }
/// <summary> /// Assures that the shared secret for the specified authorization handle has been /// calculated, if not it gets calculated. If no OSAP session exists, create it /// </summary> /// <param name="cmd"></param> /// <param name="sessionNum"></param> /// <returns></returns> public AuthHandle AssureOSAPSharedSecret(IAuthorizableCommand cmd, AuthSessionNum authSessionNum) { // using(AcquireLock()) // { // //Must not be called for OSAP at the moment because OSAP session are not cached // _tpmContext.AuthHandleManager.ReserveAuthHandleSlots(cmd); // } // HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum); if(keyInfo == null) return null; AuthHandle authHandle; using(AcquireLock()) { authHandle = _tpmContext.AuthHandleManager.GetAuthHandle(cmd, authSessionNum); } // If shared secret has not yet been generated, do it if(authHandle.SharedSecret == null) { GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest( _ctx, new HashByteDataProvider(authHandle.NonceEvenOSAP), new HashByteDataProvider(authHandle.NonceOddOSAP) ); request.TpmSessionIdentifier = _tpmSessionIdentifier; Parameters paramsSharedSecret = new Parameters(); if(cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_KEYHANDLE || cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_SRK) { if(cmd.GetHandle(authSessionNum) == KeyHandle.KEY_SRK) request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, new Parameters()); else { paramsSharedSecret.AddPrimitiveType("identifier", cmd.GetHandle(authSessionNum)); request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, paramsSharedSecret); } } else if(cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_OWNER) request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.OwnerSecret, new Parameters()); else throw new NotSupportedException(string.Format("CommandAuthorizationHelper does not support entity type '{0}'", cmd.GetEntityType(authSessionNum))); GenerateHMACResponse response = request.TypedExecute (); response.AssertResponse(); authHandle.SharedSecret = response.TpmAuthData; } return authHandle; }
public void RemoveAuthHandles(IAuthorizableCommand cmd) { using (new LockContext(_authHandles, "AuthHandleManager::RemoveAuthHandles")) { foreach (AuthHandleItem handle in FindReservedHandles(cmd)) { InternalRemoveAuthHandle(handle); } } }
public void ReleaseAuthHandles(IAuthorizableCommand cmd) { using (new LockContext(_authHandles, "AuthHandleManager::ReleaseAuthHandles")) { foreach (AuthHandleItem handle in FindReservedHandles(cmd)) { handle.AssociatedCommand = null; } } }
/// <summary> /// Reserves the number of session slots the given command requires on the tpm. /// </summary> /// <remarks> /// If the command supports OIAP auth handles, it is also possible for the AuthHandleManager to recycle /// existing OIAP AuthHandles. /// /// If the command needs OSAP auth handles the AuthHandleManager always creates new sessions, because OSAP is /// used for auth data insertion, so nothing happens in here for OSAP /// </remarks> /// <param name="cmd"></param> /// <param name="tpmSession"></param> public void ReserveAuthHandleSlots(IAuthorizableCommand cmd) { using (new LockContext(_authHandles, string.Format("AuthHandleManager::ReserveAuthHandleSlots {0}", cmd))) { foreach (AuthSessionNum authSession in new AuthSessionNum[] { AuthSessionNum.Auth1, AuthSessionNum.Auth2 }) { HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSession); if (keyInfo == null) { continue; } bool useOIAP = false; if (cmd.SupportsAuthType(AuthHandle.AuthType.OIAP)) { useOIAP = true; } if (FindReservedHandle(cmd, authSession) != null) { continue; } //We only cache OIAP sessions, so maybe there is a free //OIAP session we can use if (useOIAP) { AuthHandleItem handle = FindFreeAuthHandle(AuthHandleItem.AuthHandleStatus.SwappedIn); if (handle == null) { handle = FindFreeAuthHandle(AuthHandleItem.AuthHandleStatus.SwappedOut); } if (handle != null) { handle.AssociatedCommand = new KeyValuePair <AuthSessionNum, IAuthorizableCommand>(authSession, cmd); } } } } }
public AuthHandle GetAuthHandle(IAuthorizableCommand cmd, AuthSessionNum authSession) { AuthHandleItem reservedHandle = null; using (new LockContext(_authHandles, string.Format("AuthHandleManager::GetAuthHandle {0}", cmd))) { reservedHandle = FindReservedHandle(cmd, authSession); // No reserved auth handle was found, create a new one if (reservedHandle == null) { reservedHandle = CreateAuthHandle(cmd, authSession); } } return(reservedHandle.AuthHandle); }
public void DestroyAuthHandles(IAuthorizableCommand cmd) { try { using (new LockContext(_authHandles, "AuthHandleManager::DestroyAuthHandles")) { foreach (AuthHandleItem item in FindReservedHandles(cmd)) { InternalDestroyHandle(item); } } } catch (Exception ex) { _logger.FatalFormat("ERROR: destroyAuthHandles {0}", ex); throw; } }
public void DestroyAuthHandles(IAuthorizableCommand cmd, params AuthHandle[] authHandles) { using (new LockContext(_authHandles, "AuthHandleManager::DestroyAuthHandles2")) { foreach (AuthHandle authHandle in authHandles) { AuthHandleItem item = FindAuthHandleItem(authHandle); if (item == null) { continue; } if (item.AssociatedCommand != null && item.AssociatedCommand.Value.Value == cmd) { InternalDestroyHandle(item); } } } }
public static ResponseAuthHandleInfo[] ReadAuthHandleInfos(IAuthorizableCommand cmd, TPMBlob blob) { long currentIndex = blob.Length; List<ResponseAuthHandleInfo> responseAuthHandles = new List<ResponseAuthHandleInfo>(); foreach(AuthSessionNum authSession in new AuthSessionNum[]{AuthSessionNum.Auth2, AuthSessionNum.Auth1}) { HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSession); if(keyInfo != null) { currentIndex -= SINGLE_AUTH_HANDLE_SIZE; responseAuthHandles.Add(new ResponseAuthHandleInfoCore(blob, currentIndex)); } } responseAuthHandles.Reverse(); return responseAuthHandles.ToArray(); }
public static ResponseAuthHandleInfo[] ReadAuthHandleInfos(IAuthorizableCommand cmd, TPMBlob blob) { long currentIndex = blob.Length; List <ResponseAuthHandleInfo> responseAuthHandles = new List <ResponseAuthHandleInfo>(); foreach (AuthSessionNum authSession in new AuthSessionNum[] { AuthSessionNum.Auth2, AuthSessionNum.Auth1 }) { HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSession); if (keyInfo != null) { currentIndex -= SINGLE_AUTH_HANDLE_SIZE; responseAuthHandles.Add(new ResponseAuthHandleInfoCore(blob, currentIndex)); } } responseAuthHandles.Reverse(); return(responseAuthHandles.ToArray()); }
public void RemoveAuthHandles(IAuthorizableCommand cmd, AuthHandle authHandle) { using (new LockContext(_authHandles, "AuthHandleManager::RemoveAuthHandles2")) { AuthHandleItem item = FindAuthHandleItem(authHandle); if (item == null) { return; } if (item.AssociatedCommand != null && item.AssociatedCommand.Value.Value == cmd) { InternalRemoveAuthHandle(item); } else { return; } } }
public void DestroyAuthorizationHandle(IAuthorizableCommand cmd, AuthHandle handle) { _tpmContext.AuthHandleManager.DestroyAuthHandles(cmd, handle); }
public void ReleaseAuthorizationHandles(IAuthorizableCommand cmd) { _tpmContext.AuthHandleManager.ReleaseAuthHandles(cmd); }
public AuthorizationInfo[] GenerateResponseAuthData(IAuthorizableCommand cmd) { List <AuthorizationInfo> authorizationInfos = new List <AuthorizationInfo>(); List <ResponseAuthHandleInfo> responseAuthHandleInfos = new List <ResponseAuthHandleInfo>(cmd.ResponseAuthHandleInfos); responseAuthHandleInfos.Reverse(); List <AuthorizationInfo> localAuthorizationInfos = new List <AuthorizationInfo>(cmd.AuthorizationInfos); localAuthorizationInfos.Reverse(); Stack <ResponseAuthHandleInfo> responseAuthHandles = new Stack <ResponseAuthHandleInfo>(responseAuthHandleInfos); Stack <AuthorizationInfo> authorizationInfoQueue = new Stack <AuthorizationInfo>(localAuthorizationInfos); foreach (AuthSessionNum authSessionNum in new AuthSessionNum[] { AuthSessionNum.Auth1, AuthSessionNum.Auth2 }) { HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum); if (keyInfo == null) { continue; } ResponseAuthHandleInfo currentResponseAuthHandleInfo = responseAuthHandles.Pop(); AuthorizationInfo currentAuthorizationInfo = authorizationInfoQueue.Pop(); if (currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OIAP) { GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest (_ctx, new HashByteDataProvider(cmd.ResponseDigest), new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven), new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd), new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession) ); request.TpmSessionIdentifier = _tpmSessionIdentifier; request.KeyInfo = keyInfo; GenerateHMACResponse response = request.TypedExecute(); response.AssertResponse(); authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, response.TpmAuthData)); } else if (currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OSAP) { byte[] tpmAuth = new HMACProvider(currentAuthorizationInfo.Handle.SharedSecret).Hash( new HashByteDataProvider(cmd.ResponseDigest), new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven), new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd), new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession)); authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, tpmAuth)); } } return(authorizationInfos.ToArray()); }
/// <summary> /// Authorizes the command and returns the necessary authorization info /// Blocks till the user has entered the credentials /// </summary> /// <param name="cmd">Command to authorize</param> /// <returns></returns> public AuthorizationInfo[] AuthorizeCommand(IAuthorizableCommand cmd) { List <AuthorizationInfo> authorizationInfos = new List <AuthorizationInfo>(); using (AcquireLock()) { _tpmContext.AuthHandleManager.ReserveAuthHandleSlots(cmd); } foreach (AuthSessionNum authSessionNum in new AuthSessionNum[] { AuthSessionNum.Auth1, AuthSessionNum.Auth2 }) { HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum); if (keyInfo == null) { continue; } AuthHandle authHandle; using (AcquireLock()) { authHandle = _tpmContext.AuthHandleManager.GetAuthHandle(cmd, authSessionNum); } //Generates the new nonceOdd before the client generates the auth data authHandle.NewNonceOdd(); if (authHandle.HandleAuthType == AuthHandle.AuthType.OIAP) { GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest (_ctx, new HashByteDataProvider(cmd.Digest), new HashByteDataProvider(authHandle.NonceEven), new HashByteDataProvider(authHandle.NonceOdd), new HashPrimitiveDataProvider(true) ); request.TpmSessionIdentifier = _tpmSessionIdentifier; request.KeyInfo = keyInfo; GenerateHMACResponse response = request.TypedExecute(); response.AssertResponse(); authorizationInfos.Add(new AuthorizationInfo(authHandle, true, response.TpmAuthData)); } else if (authHandle.HandleAuthType == AuthHandle.AuthType.OSAP) { AssureOSAPSharedSecret(cmd, authSessionNum); byte[] hmac = new HMACProvider(authHandle.SharedSecret).Hash( new HashByteDataProvider(cmd.Digest), new HashByteDataProvider(authHandle.NonceEven), new HashByteDataProvider(authHandle.NonceOdd), new HashPrimitiveDataProvider(false)); // GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest // (_ctx, // new HashByteDataProvider(cmd.Digest), // new HashByteDataProvider(authHandle.NonceEven), // new HashByteDataProvider(authHandle.NonceOdd), // new HashPrimitiveDataProvider(false) // ); // // // request.TpmSessionIdentifier = _tpmSessionIdentifier; // request.KeyInfo = keyInfo; // // // GenerateHMACResponse response = request.TypedExecute (); // response.AssertResponse(); // authorizationInfos.Add(new AuthorizationInfo(authHandle, false, hmac)); } } return(authorizationInfos.ToArray()); }
private AuthHandleItem CreateAuthHandle(IAuthorizableCommand cmd, AuthSessionNum authSession) { if (cmd.SupportsAuthType(AuthHandle.AuthType.OIAP)) { TPMCommandRequest oiapRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_OIAP, new Parameters()); TPMCommandResponse oiapResponse = _tpmContext.TPM.Process(oiapRequest, cmd.CommandAuthHelper, cmd.KeyManager); if (oiapResponse.Status == false) { throw new TPMRequestException("Unknown error while creating oiap auth handle"); } AuthHandle newAuthHandle = oiapResponse.Parameters.GetValueOf <AuthHandle>("auth_handle"); AuthHandleItem authHandleItem = new AuthHandleItem(newAuthHandle, AuthHandleItem.AuthHandleStatus.SwappedIn); authHandleItem.AssociatedCommand = new KeyValuePair <AuthSessionNum, IAuthorizableCommand>(authSession, cmd); using (new LockContext(_authHandles, "CreateAuthHandle OIAP")) { _authHandles.AddAuthHandle(authHandleItem); AddNewItem(authHandleItem); } return(authHandleItem); } else if (cmd.SupportsAuthType(AuthHandle.AuthType.OSAP)) { Parameters parameters = new Parameters(); parameters.AddPrimitiveType("entity_msb", TPMEntityTypeMSB.TPM_ET_XOR); parameters.AddPrimitiveType("entity_lsb", cmd.GetEntityType(authSession)); string identifier = cmd.GetHandle(authSession); if (identifier == null) { throw new TPMRequestException("Missing entity value for OSAP session"); } parameters.AddPrimitiveType("entity_value", identifier); TPMCommandRequest osapRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_OSAP, parameters); TPMCommandResponse osapResponse = _tpmContext.TPM.Process(osapRequest, cmd.CommandAuthHelper, cmd.KeyManager); if (osapResponse.Status == false) { throw new TPMRequestException("Unknown error while creating osap auth handle"); } AuthHandle newAuthHandle = osapResponse.Parameters.GetValueOf <AuthHandle>("auth_handle"); AuthHandleItem authHandleItem = new AuthHandleItem(newAuthHandle, AuthHandleItem.AuthHandleStatus.SwappedIn); authHandleItem.AssociatedCommand = new KeyValuePair <AuthSessionNum, IAuthorizableCommand>(authSession, cmd); using (new LockContext(_authHandles, "CreateAuthHandle OSAP")) { _authHandles.AddAuthHandle(authHandleItem); AddNewItem(authHandleItem); } return(authHandleItem); } else { throw new NotSupportedException("Command does not support a suitable AuthType"); } }
public void RemoveAuthorizationHandle(IAuthorizableCommand cmd, AuthHandle handle) { _tpmContext.AuthHandleManager.RemoveAuthHandles(cmd, handle); }
public void ReleaseAuthorizationHandles(IAuthorizableCommand cmd) { _tpmContext.AuthHandleManager.ReleaseAuthHandles(cmd); }
public AuthorizationInfo[] GenerateResponseAuthData(IAuthorizableCommand cmd) { List<AuthorizationInfo> authorizationInfos = new List<AuthorizationInfo>(); List<ResponseAuthHandleInfo> responseAuthHandleInfos = new List<ResponseAuthHandleInfo>(cmd.ResponseAuthHandleInfos); responseAuthHandleInfos.Reverse(); List<AuthorizationInfo> localAuthorizationInfos = new List<AuthorizationInfo>(cmd.AuthorizationInfos); localAuthorizationInfos.Reverse(); Stack<ResponseAuthHandleInfo> responseAuthHandles = new Stack<ResponseAuthHandleInfo>(responseAuthHandleInfos); Stack<AuthorizationInfo> authorizationInfoQueue = new Stack<AuthorizationInfo>(localAuthorizationInfos); foreach(AuthSessionNum authSessionNum in new AuthSessionNum[]{AuthSessionNum.Auth1, AuthSessionNum.Auth2}) { HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum); if(keyInfo == null) continue; ResponseAuthHandleInfo currentResponseAuthHandleInfo = responseAuthHandles.Pop(); AuthorizationInfo currentAuthorizationInfo = authorizationInfoQueue.Pop(); if(currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OIAP) { GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest (_ctx, new HashByteDataProvider(cmd.ResponseDigest), new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven), new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd), new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession) ); request.TpmSessionIdentifier = _tpmSessionIdentifier; request.KeyInfo = keyInfo; GenerateHMACResponse response = request.TypedExecute (); response.AssertResponse(); authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, response.TpmAuthData)); } else if(currentAuthorizationInfo.Handle.HandleAuthType == AuthHandle.AuthType.OSAP) { byte[] tpmAuth = new HMACProvider(currentAuthorizationInfo.Handle.SharedSecret).Hash( new HashByteDataProvider(cmd.ResponseDigest), new HashByteDataProvider(currentResponseAuthHandleInfo.NonceEven), new HashByteDataProvider(currentAuthorizationInfo.Handle.NonceOdd), new HashPrimitiveDataProvider(currentResponseAuthHandleInfo.ContinueAuthSession)); authorizationInfos.Add(new AuthorizationInfo(null, currentResponseAuthHandleInfo.ContinueAuthSession, tpmAuth)); } } return authorizationInfos.ToArray(); }
public void DestroyAuthorizationHandles(IAuthorizableCommand cmd) { _tpmContext.AuthHandleManager.DestroyAuthHandles(cmd); }
public void RemoveAuthorizationHandle(IAuthorizableCommand cmd, AuthHandle handle) { _tpmContext.AuthHandleManager.RemoveAuthHandles(cmd, handle); }
/// <summary> /// Assures that the shared secret for the specified authorization handle has been /// calculated, if not it gets calculated. If no OSAP session exists, create it /// </summary> /// <param name="cmd"></param> /// <param name="sessionNum"></param> /// <returns></returns> public AuthHandle AssureOSAPSharedSecret(IAuthorizableCommand cmd, AuthSessionNum authSessionNum) { // using(AcquireLock()) // { // //Must not be called for OSAP at the moment because OSAP session are not cached // _tpmContext.AuthHandleManager.ReserveAuthHandleSlots(cmd); // } // HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum); if (keyInfo == null) { return(null); } AuthHandle authHandle; using (AcquireLock()) { authHandle = _tpmContext.AuthHandleManager.GetAuthHandle(cmd, authSessionNum); } // If shared secret has not yet been generated, do it if (authHandle.SharedSecret == null) { GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest( _ctx, new HashByteDataProvider(authHandle.NonceEvenOSAP), new HashByteDataProvider(authHandle.NonceOddOSAP) ); request.TpmSessionIdentifier = _tpmSessionIdentifier; Parameters paramsSharedSecret = new Parameters(); if (cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_KEYHANDLE || cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_SRK) { if (cmd.GetHandle(authSessionNum) == KeyHandle.KEY_SRK) { request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, new Parameters()); } else { paramsSharedSecret.AddPrimitiveType("identifier", cmd.GetHandle(authSessionNum)); request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, paramsSharedSecret); } } else if (cmd.GetEntityType(authSessionNum) == TPMEntityTypeLSB.TPM_ET_OWNER) { request.KeyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.OwnerSecret, new Parameters()); } else { throw new NotSupportedException(string.Format("CommandAuthorizationHelper does not support entity type '{0}'", cmd.GetEntityType(authSessionNum))); } GenerateHMACResponse response = request.TypedExecute(); response.AssertResponse(); authHandle.SharedSecret = response.TpmAuthData; } return(authHandle); }
/// <summary> /// Authorizes the command and returns the necessary authorization info /// Blocks till the user has entered the credentials /// </summary> /// <param name="cmd">Command to authorize</param> /// <returns></returns> public AuthorizationInfo[] AuthorizeCommand(IAuthorizableCommand cmd) { List<AuthorizationInfo> authorizationInfos = new List<AuthorizationInfo>(); using(AcquireLock()) { _tpmContext.AuthHandleManager.ReserveAuthHandleSlots(cmd); } foreach(AuthSessionNum authSessionNum in new AuthSessionNum[]{AuthSessionNum.Auth1, AuthSessionNum.Auth2}) { HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSessionNum); if(keyInfo == null) continue; AuthHandle authHandle; using(AcquireLock()) { authHandle = _tpmContext.AuthHandleManager.GetAuthHandle(cmd, authSessionNum); } //Generates the new nonceOdd before the client generates the auth data authHandle.NewNonceOdd(); if(authHandle.HandleAuthType == AuthHandle.AuthType.OIAP) { GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest (_ctx, new HashByteDataProvider(cmd.Digest), new HashByteDataProvider(authHandle.NonceEven), new HashByteDataProvider(authHandle.NonceOdd), new HashPrimitiveDataProvider(true) ); request.TpmSessionIdentifier = _tpmSessionIdentifier; request.KeyInfo = keyInfo; GenerateHMACResponse response = request.TypedExecute (); response.AssertResponse(); authorizationInfos.Add(new AuthorizationInfo(authHandle, true, response.TpmAuthData)); } else if(authHandle.HandleAuthType == AuthHandle.AuthType.OSAP) { AssureOSAPSharedSecret(cmd, authSessionNum); byte[] hmac = new HMACProvider(authHandle.SharedSecret).Hash( new HashByteDataProvider(cmd.Digest), new HashByteDataProvider(authHandle.NonceEven), new HashByteDataProvider(authHandle.NonceOdd), new HashPrimitiveDataProvider(false)); // GenerateHMACRequest request = GenerateHMACRequest.CreateGenerateHMACRequest // (_ctx, // new HashByteDataProvider(cmd.Digest), // new HashByteDataProvider(authHandle.NonceEven), // new HashByteDataProvider(authHandle.NonceOdd), // new HashPrimitiveDataProvider(false) // ); // // // request.TpmSessionIdentifier = _tpmSessionIdentifier; // request.KeyInfo = keyInfo; // // // GenerateHMACResponse response = request.TypedExecute (); // response.AssertResponse(); // authorizationInfos.Add(new AuthorizationInfo(authHandle, false, hmac)); } } return authorizationInfos.ToArray(); }