/// <summary>
/// Reserves the number of session slots the given command requires on the tpm.
/// </summary>
/// <remarks>
/// If the command supports OIAP auth handles, it is also possible for the AuthHandleManager to recycle
/// existing OIAP AuthHandles.
///
/// If the command needs OSAP auth handles the AuthHandleManager always creates new sessions, because OSAP is
/// used for auth data insertion, so nothing happens in here for OSAP
/// </remarks>
/// <param name="cmd"></param>
/// <param name="tpmSession"></param>
public void ReserveAuthHandleSlots(IAuthorizableCommand cmd)
{
using (new LockContext(_authHandles, string.Format("AuthHandleManager::ReserveAuthHandleSlots {0}", cmd)))
{
foreach (AuthSessionNum authSession in new AuthSessionNum[] { AuthSessionNum.Auth1, AuthSessionNum.Auth2 })
{
HMACKeyInfo keyInfo = cmd.GetKeyInfo(authSession);
if (keyInfo == null)
{
continue;
}
bool useOIAP = false;
if (cmd.SupportsAuthType(AuthHandle.AuthType.OIAP))
{
useOIAP = true;
}
if (FindReservedHandle(cmd, authSession) != null)
{
continue;
}
//We only cache OIAP sessions, so maybe there is a free
//OIAP session we can use
if (useOIAP)
{
AuthHandleItem handle = FindFreeAuthHandle(AuthHandleItem.AuthHandleStatus.SwappedIn);
if (handle == null)
{
handle = FindFreeAuthHandle(AuthHandleItem.AuthHandleStatus.SwappedOut);
}
if (handle != null)
{
handle.AssociatedCommand = new KeyValuePair <AuthSessionNum, IAuthorizableCommand>(authSession, cmd);
}
}
}
}
}
private AuthHandleItem CreateAuthHandle(IAuthorizableCommand cmd, AuthSessionNum authSession)
{
if (cmd.SupportsAuthType(AuthHandle.AuthType.OIAP))
{
TPMCommandRequest oiapRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_OIAP, new Parameters());
TPMCommandResponse oiapResponse = _tpmContext.TPM.Process(oiapRequest, cmd.CommandAuthHelper, cmd.KeyManager);
if (oiapResponse.Status == false)
{
throw new TPMRequestException("Unknown error while creating oiap auth handle");
}
AuthHandle newAuthHandle = oiapResponse.Parameters.GetValueOf <AuthHandle>("auth_handle");
AuthHandleItem authHandleItem = new AuthHandleItem(newAuthHandle, AuthHandleItem.AuthHandleStatus.SwappedIn);
authHandleItem.AssociatedCommand = new KeyValuePair <AuthSessionNum, IAuthorizableCommand>(authSession, cmd);
using (new LockContext(_authHandles, "CreateAuthHandle OIAP"))
{
_authHandles.AddAuthHandle(authHandleItem);
AddNewItem(authHandleItem);
}
return(authHandleItem);
}
else if (cmd.SupportsAuthType(AuthHandle.AuthType.OSAP))
{
Parameters parameters = new Parameters();
parameters.AddPrimitiveType("entity_msb", TPMEntityTypeMSB.TPM_ET_XOR);
parameters.AddPrimitiveType("entity_lsb", cmd.GetEntityType(authSession));
string identifier = cmd.GetHandle(authSession);
if (identifier == null)
{
throw new TPMRequestException("Missing entity value for OSAP session");
}
parameters.AddPrimitiveType("entity_value", identifier);
TPMCommandRequest osapRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_OSAP, parameters);
TPMCommandResponse osapResponse = _tpmContext.TPM.Process(osapRequest, cmd.CommandAuthHelper, cmd.KeyManager);
if (osapResponse.Status == false)
{
throw new TPMRequestException("Unknown error while creating osap auth handle");
}
AuthHandle newAuthHandle = osapResponse.Parameters.GetValueOf <AuthHandle>("auth_handle");
AuthHandleItem authHandleItem = new AuthHandleItem(newAuthHandle, AuthHandleItem.AuthHandleStatus.SwappedIn);
authHandleItem.AssociatedCommand = new KeyValuePair <AuthSessionNum, IAuthorizableCommand>(authSession, cmd);
using (new LockContext(_authHandles, "CreateAuthHandle OSAP"))
{
_authHandles.AddAuthHandle(authHandleItem);
AddNewItem(authHandleItem);
}
return(authHandleItem);
}
else
{
throw new NotSupportedException("Command does not support a suitable AuthType");
}
}