public KeyManagerHelper(ServerContext ctx, TPMContext tpmContext, int tpmSessionIdentifier, ICommandAuthorizationHelper commandAuthHelper) { _ctx = ctx; _tpmContext = tpmContext; _tpmSessionIdentifier = tpmSessionIdentifier; _commandAuthHelper = commandAuthHelper; }
public TPMCommandResponse Process(TPMCommandRequest request, ICommandAuthorizationHelper commandAuthorizationHelper, IKeyManagerHelper keyManager) { TPMCommand command = TPMCommandFactory.Create(request.CommandIdentifier); command.SetCommandLockProvider(_commandLockProvider); command.SetKeyManager(keyManager); command.SetCommandAuthorizationHelper(commandAuthorizationHelper); command.Init(request.Parameters, _backend, this); return(command.Process()); }
/// <summary> /// Recursivly loads the specified key hierachy and returns the identifier of the parent key /// </summary> /// <param name="identifier">identifier of the key whos parent should be loaded</param> /// <param name="keyContext"></param> /// <param name="keystore"></param> /// <returns></returns> private string InternalLoadKey(string identifier, object keyContext, IKeyManagerHelper keymanagerHelper, ICommandAuthorizationHelper commandAuthHelper) { if (identifier == KeyHandle.KEY_SRK) { return(null); } //SRK if (identifier == null) { return(null); } if (keymanagerHelper.ContainsIdentifier(identifier) == false) { throw new ArgumentException(string.Format("Keystore does not contain key with identifier: '{0}'", identifier)); } bool reloadKey = true; KeyHandleItem keyHandleItem = null; while (reloadKey) { using (AcquireLock()) { keyHandleItem = _keyHandles.FindKeyHandleItem(identifier, keyContext); if (keyHandleItem == null) { //If no key handle with such an identifier exists, add a NotLoaded entry, //so other threads can wait for that handle to become ready _keyHandles.AddKeyHandle(new KeyHandleItem(new KeyHandle(identifier, 0), KeyHandleItem.KeyHandleStatus.NotLoaded, keyContext)); } } reloadKey = false; //The key is currently being loaded, wait till the loading process has finished/or failed if (keyHandleItem != null && keyHandleItem.Status == KeyHandleItem.KeyHandleStatus.NotLoaded) { keyHandleItem.LoadedEvt.WaitOne(); reloadKey = true; } } //Key is already loaded/swaped out if (keyHandleItem != null) { IdentifierToHandle(identifier, keyContext, keymanagerHelper); return(identifier); } string parentKey = keymanagerHelper.FindParentKey(identifier); InternalLoadKey(parentKey, keyContext, keymanagerHelper, commandAuthHelper); Parameters paramLoadKey = new Parameters(); // Load the key //SRK if (parentKey == null || parentKey == KeyHandle.KEY_SRK) { paramLoadKey.AddPrimitiveType("parent_key_srk", true); } else { paramLoadKey.AddPrimitiveType("parent_key_srk", false); //paramLoadKey.AddPrimitiveType("parent_handle", IdentifierToHandle(parentKey, keyContext, keymanagerHelper)); paramLoadKey.AddPrimitiveType("parent_identifier", parentKey); } paramLoadKey.AddPrimitiveType("key_identifier", identifier); paramLoadKey.AddPrimitiveType("key_blob", keymanagerHelper.GetKeyBlob(identifier)); TPMCommandRequest requestLoadKey = new TPMCommandRequest(TPMCommandNames.TPM_CMD_LoadKey2, paramLoadKey); TPMCommandResponse responseLoadKey = _tpmContext.TPM.Process(requestLoadKey, commandAuthHelper, keymanagerHelper); if (responseLoadKey.Status == false) { KeyHandleItem keyHandleToRemove = _keyHandles.FindKeyHandleItem(identifier, keyContext); if (keyHandleToRemove != null) { keyHandleItem.LoadedEvt.Set(); _keyHandles.RemoveKeyHandle(keyHandleToRemove); } throw new TPMRequestException("Unknown error on running TPM_LoadKey2"); } using (AcquireLock()) { //Make sure that a dummy (not loaded) keyhandleitem get removed KeyHandleItem keyHandleToRemove = _keyHandles.FindKeyHandleItem(identifier, keyContext); if (keyHandleToRemove != null) { keyHandleToRemove.LoadedEvt.Set(); _keyHandles.RemoveKeyHandle(keyHandleToRemove); } KeyHandleItem item = new KeyHandleItem(responseLoadKey.Parameters.GetValueOf <KeyHandle>("handle"), KeyHandleItem.KeyHandleStatus.SwappedIn, keyContext); _keyHandles.AddKeyHandle(item); AddNewItem(item); } return(parentKey); }
/// <summary> /// Checks if the specified key is loaded, if not /// the key hierachy is reconstructed and loaded. /// </summary> /// <param name="identifier"></param> /// <param name="keyContext">Specifies the context in which an already loaded key can be used. /// If a key has already been loaded in another context it is not allowed to use this key</param> public void LoadKey(string identifier, object keyContext, IKeyManagerHelper keymanagerHelper, ICommandAuthorizationHelper commandAuthHelper) { KeyHandleItem keyHandleItem; using (AcquireLock()) { keyHandleItem = _keyHandles.FindKeyHandleItem(identifier, keyContext); } if (keyHandleItem == null) { InternalLoadKey(identifier, keyContext, keymanagerHelper, commandAuthHelper); } else { //If the key was loaded and is currently Swapped out it would get //loaded by an outside call of IdentifierToHandle, but if the keyHandle //was not used for a long time or of many key handles where loaded in the meantime, //it is neccessary to re-authorize the key handle (call Load Key again) //This would block the entire Keymanager for a long time because the secrets are requested //from the client so it is done here where the keymanager is (normally) not locked IdentifierToHandle(identifier, keyContext, keymanagerHelper); } }
/// <summary> /// Sets the command authorization helper /// </summary> /// <param name="commandAuthorizer"></param> public void SetCommandAuthorizationHelper(ICommandAuthorizationHelper commandAuthorizer) { _commandAuthHelper = commandAuthorizer; }
public TPMCommandResponse Process(TPMCommandRequest request, ICommandAuthorizationHelper commandAuthorizationHelper, IKeyManagerHelper keyManager) { TPMCommand command = TPMCommandFactory.Create (request.CommandIdentifier); command.SetCommandLockProvider(_commandLockProvider); command.SetKeyManager(keyManager); command.SetCommandAuthorizationHelper(commandAuthorizationHelper); command.Init (request.Parameters, _backend, this); return command.Process (); }