protected override TPMCommandResponse InternalProcess() { byte[] ownerAuth = _params.GetValueOf <byte[]> (PARAM_OWNERAUTH); byte[] srkAuth = _params.GetValueOf <byte[]> (PARAM_SRKAUTH); TPMBlob requestBlob = new TPMBlob(); requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_TakeOwnership); requestBlob.WriteUInt16((ushort)TPMProtocolId.TPM_PID_OWNER); requestBlob.WriteUInt32((uint)ownerAuth.Length); requestBlob.Write(ownerAuth, 0, ownerAuth.Length); requestBlob.WriteUInt32((uint)srkAuth.Length); requestBlob.Write(srkAuth, 0, srkAuth.Length); _tpmKey.WriteToTpmBlob(requestBlob); _responseBlob = AuthorizeMeAndTransmit(requestBlob); CheckResponseAuthInfo(); return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_TakeOwnership, new Parameters())); }
protected override TPMCommandResponse InternalProcess() { TPMBlob requestBlob = new TPMBlob(); requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_LoadKey2); //If not loaded load now if (_params.GetValueOf <bool>("parent_key_srk") == false) { _keyManager.LoadKey(_params.GetValueOf <string>("parent_identifier")); } //To be inserted later requestBlob.WriteUInt32(0); _tpmKey.WriteToTpmBlob(requestBlob); //Blocking authorize, blocks till the user has entered the authorization data AuthorizeMe(requestBlob); using (_keyManager.AcquireLock()) { _keyManager.EnsureFreeSlot(); uint tpmKeyHandle; if (_params.GetValueOf <bool>("parent_key_srk")) { tpmKeyHandle = (uint)TPMKeyHandles.TPM_KH_SRK; } else { tpmKeyHandle = _keyManager.IdentifierToHandle(_params.GetValueOf <string>("parent_identifier")).Handle; } //Write key handle to the first position after the header requestBlob.SkipHeader(); requestBlob.WriteUInt32(tpmKeyHandle); _responseBlob = TransmitMe(requestBlob); } CheckResponseAuthInfo(); _responseBlob.SkipHeader(); uint loadedTpmHandle = _responseBlob.ReadUInt32(); KeyHandle loadedHandle = new KeyHandle(_params.GetValueOf <string>("key_identifier"), loadedTpmHandle); _responseParameters = new Parameters(); _responseParameters.AddPrimitiveType("handle", loadedHandle); return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_LoadKey2, _responseParameters)); }
protected override TPMCommandResponse InternalProcess() { // Unencrypted authorization values, they need to be XOR-Encrypted with // XOR(auth, SHA-1(OSAP shared secret | session nonce)) // // OSAP_shared_secret = HMAC(key=usage secret of key handle, nonce even osap | nonce odd osap) AuthHandle auth1OSAP = _commandAuthHelper.AssureOSAPSharedSecret(this, AuthSessionNum.Auth1); _usageAuth = _params.GetValueOf <byte[]> ("usage_auth"); _migrationAuth = _params.GetValueOf <byte[]> ("migration_auth"); byte[] xorKey = new HashProvider().Hash( new HashByteDataProvider(auth1OSAP.SharedSecret), new HashByteDataProvider(auth1OSAP.NonceEven)); ByteHelper.XORBytes(_usageAuth, xorKey); ByteHelper.XORBytes(_migrationAuth, xorKey); //Load parent key if not loaded _keyManager.LoadKey(_params.GetValueOf <string>("parent")); TPMBlob requestBlob = new TPMBlob(); requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_CreateWrapKey); //parent key handle gets inserted later, it may be not available now requestBlob.WriteUInt32(0); requestBlob.Write(_usageAuth, 0, 20); requestBlob.Write(_migrationAuth, 0, 20); _tpmKey.WriteToTpmBlob(requestBlob); using (_keyManager.AcquireLock()) { AuthorizeMe(requestBlob); requestBlob.SkipHeader(); if (_params.GetValueOf <string>("parent") == KeyHandle.KEY_SRK) { requestBlob.WriteUInt32((uint)TPMKeyHandles.TPM_KH_SRK); } else { requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf <string>("parent")).Handle); } _responseBlob = TransmitMe(requestBlob); } CheckResponseAuthInfo(); _responseBlob.SkipHeader(); TPMKeyCore newKey = new TPMKeyCore(_responseBlob); _responseParameters = new Parameters(); //Build and save the key identifier //The key identifier is the hex-string representation of the hash of the newly created key _responseParameters.AddPrimitiveType("key_identifier", ByteHelper.ByteArrayToHexString( new HashProvider().Hash( new HashByteDataProvider( ByteHelper.SerializeToBytes(newKey) ) ), "")); _responseParameters.AddPrimitiveType("key_data", ByteHelper.SerializeToBytes(newKey)); return(new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_CreateWrapKey, _responseParameters)); }