private TPMCommandResponse BuildDoVerifyRequest(string commandIdentifier, Parameters parameters) { TPMCommandRequest versionRequest = new TPMCommandRequest (commandIdentifier, parameters); TPMCommandResponse response = _tpmSession.DoTPMCommandRequest (versionRequest); if (response.Status == false) throw new TPMRequestException ("An unknown tpm error occured"); return response; }
public static TPMCommand Create(TPMCommandRequest request) { if (commands_.ContainsKey (request.CommandIdentifier)) { ConstructorInfo ctorInfo = commands_[request.CommandIdentifier].GetConstructor (new Type[0]); if (ctorInfo == null) throw new ArgumentException (string.Format ("Cannot create TpmCommand for command request with identifier '{0}'", request.CommandIdentifier)); return (TPMCommand)ctorInfo.Invoke (new object[0]); } else throw new NotSupportedException (string.Format ("Cannot find TpmCommand for command request with identifier '{0}'", request.CommandIdentifier)); }
/// <summary> /// Reads the configured tpm devices from the configuration and /// sets up the corresponding tpm contexts /// </summary> private void SetupTPMContexts() { IConnectionsConfiguration connectionConfig = (IConnectionsConfiguration)ConfigurationManager.GetSection ("connections"); foreach (Iaik.Tc.TPM.Configuration.DotNetConfiguration.TPMDevice device in connectionConfig.TpmDevices) { try { _logger.InfoFormat ("Setting up tpm context '{0}'", device.TPMName); TPMWrapper tpmDevice = new TPMWrapper (); tpmDevice.Init (device.TPMType, device.Parameters); TPMContext tpmContext = new TPMContext (device.TPMName, tpmDevice); _tpmContexts.Add (device.TPMName, tpmContext); _logger.InfoFormat ("Flushing device '{0}'", device.TPMName); foreach (TPMResourceType resourceType in new TPMResourceType[] { TPMResourceType.TPM_RT_AUTH, TPMResourceType.TPM_RT_KEY}) { Parameters listLoadedHandlesParameters = new Parameters (); listLoadedHandlesParameters.AddPrimitiveType ("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE); listLoadedHandlesParameters.AddPrimitiveType ("handle_type", resourceType); TPMCommandRequest listLoadedHandlesRequest = new TPMCommandRequest (TPMCommandNames.TPM_CMD_GetCapability, listLoadedHandlesParameters); TPMCommandResponse response = tpmDevice.Process (listLoadedHandlesRequest); if (response.Status == false) throw new Exception ("An unknown tpm exception while flushing occured"); foreach (uint handle in response.Parameters.GetValueOf<HandleList> ("handles")) { Parameters flushParameters = new Parameters (); flushParameters.AddValue ("handle", HandleFactory.Create (resourceType, handle)); TPMCommandRequest flushRequest = new TPMCommandRequest (TPMCommandNames.TPM_CMD_FlushSpecific, flushParameters); TPMCommandResponse flushResponse = tpmDevice.Process (flushRequest); if (flushResponse.Status == false) throw new Exception ("Something went wrong while flushing"); } } _logger.InfoFormat ("Successfully setup tpm context '{0}' with type '{1}'", device.TPMName, device.TPMType); } catch (Exception ex) { _logger.FatalFormat ("Error setting up tpm device '{0}', the device will not be available ({1})", device.TPMName, ex); } ///Set the Assembly search order for incoming Parameters so that core classes are always at first Parameters.AssemblySearchOrder = new Assembly[]{ typeof(TPMWrapper).Assembly, //lib core typeof(ITypedParameter).Assembly}; //lib common } }
protected override TPMCommandResponse InternalProcess() { TPMBlob requestBlob = new TPMBlob(); requestBlob.WriteCmdHeader(TPMCmdTags.TPM_TAG_RQU_AUTH1_COMMAND, TPMOrdinals.TPM_ORD_Quote); //key handle gets inserted later, it may be not available now requestBlob.WriteUInt32(0); requestBlob.Write(_nonce, 0, 20); _pcrSelection.WriteToTpmBlob(requestBlob); _keyManager.LoadKey(_params.GetValueOf<string>("key")); AuthorizeMe(requestBlob); using(_keyManager.AcquireLock()) { requestBlob.SkipHeader(); requestBlob.WriteUInt32(_keyManager.IdentifierToHandle(_params.GetValueOf<string>("key")).Handle); _responseBlob = TransmitMe(requestBlob); } CheckResponseAuthInfo(); _responseBlob.SkipHeader(); TPMPCRCompositeCore pcrComposite = TPMPCRCompositeCore.CreateFromTPMBlob(_responseBlob); uint sigSize = _responseBlob.ReadUInt32(); byte[] signature = _responseBlob.ReadBytes((int)sigSize); // Do signature verification TPMQuoteInfoCore quoteInfo = TPMQuoteInfoCore.Create(new HashProvider().Hash(new HashTPMBlobWritableDataProvider(pcrComposite)), _nonce); byte[] signingData; using (TPMBlob blob = new TPMBlob()) { quoteInfo.WriteToTpmBlob(blob); signingData = blob.ToArray(); } Parameters pubKeyParams = new Parameters(); pubKeyParams.AddPrimitiveType("key", _params.GetValueOf<string>("key")); TPMCommandRequest pubKeyRequest = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetPubKey, pubKeyParams); TPMCommandResponse pubKeyResponse = _tpmWrapper.Process(pubKeyRequest, _commandAuthHelper, _keyManager); if (pubKeyResponse.Status == false) { _log.FatalFormat("TPM_Quote: Could not retrieve pubkey of key"); return new TPMCommandResponse(false, TPMCommandNames.TPM_CMD_Quote, new Parameters()); } TPMKey keyInfo = TPMKeyCore.CreateFromBytes(_keyManager.GetKeyBlob(_params.GetValueOf<string>("key"))); TPMPubkey pubkey = pubKeyResponse.Parameters.GetValueOf<TPMPubkey>("pubkey"); if (SignatureVerification.VerifySignature(keyInfo, pubkey, signingData, signature) == false) { throw new ArgumentException("The TPM_Quote signature could not be verified"); } Parameters responseParams = new Parameters(); responseParams.AddValue("pcrData", pcrComposite); responseParams.AddPrimitiveType("sig", signature); return new TPMCommandResponse(true, TPMCommandNames.TPM_CMD_Quote, responseParams); }
public TPMCommandResponse Process(TPMCommandRequest request, ICommandAuthorizationHelper commandAuthorizationHelper, IKeyManagerHelper keyManager) { TPMCommand command = TPMCommandFactory.Create (request.CommandIdentifier); command.SetCommandLockProvider(_commandLockProvider); command.SetKeyManager(keyManager); command.SetCommandAuthorizationHelper(commandAuthorizationHelper); command.Init (request.Parameters, _backend, this); return command.Process (); }
public TPMCommandResponse Process(TPMCommandRequest request) { return Process(request, null, null); }
private static void ReadPCRs(TPMWrapper tpm) { uint i = 0; ILog log = LogManager.GetLogger("ReadPCRs"); Parameters param = new Parameters(); param.AddPrimitiveType("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY); param.AddPrimitiveType("subCap", CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR); TPMCommandRequest request = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetCapability, param); TPMCommandResponse response = tpm.Process(request); uint maxPcrs = response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_PCR); for(i=0; i<maxPcrs; ++i){ param = new Parameters(); param.AddPrimitiveType("pcrnum", i); TPMCommandRequest req = new TPMCommandRequest(TPMCommandNames.TPM_CMD_PCRRead,param); TPMCommandResponse resp = tpm.Process(req); byte[] val = resp.Parameters.GetValueOf<byte[]>("value"); log.InfoFormat("Answer for PCR {0} is: 0x{1}", resp.Parameters.GetValueOf<UInt32>("pcrnum"), ByteHelper.ByteArrayToHexString(val)); } // TPMCommandRequest req = new TPMCommandRequest(TPMCommandNames.TPM_CMD_PCRRead, null); // TPMCommand com = TPMCommandFactory.Create(req); // com.Init(param, tpm); // com.Process(); //Console.WriteLine ("Hello World!"); }
private static void ReadCapabilities(TPMWrapper tpm) { ILog log = LogManager.GetLogger("ReadCapabilities"); // Read out each capability property foreach(CapabilityData.TPMSubCapProperty subCap in Enum.GetValues(typeof(CapabilityData.TPMSubCapProperty))) { Parameters param = new Parameters(); param.AddPrimitiveType("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_PROPERTY); param.AddPrimitiveType("subCap", subCap); TPMCommandRequest request = new TPMCommandRequest(TPMCommandNames.TPM_CMD_GetCapability, param); TPMCommandResponse response = tpm.Process(request); switch(subCap) { case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_PCR: log.InfoFormat("Number of PCRs is {0}", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_PCR)); break; //case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_DIR: // log.InfoFormat("Number of DIR is {0} and should be 1 because command is deprecated", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_DIR)); // break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MANUFACTURER: log.InfoFormat("Manufacturer ID is {0}", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_MANUFACTURER)); break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_KEYS: log.InfoFormat("Number of free keyslots is {0}", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_KEYS)); break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_AUTHSESS: log.InfoFormat("Number of max Auth Sessions is {0}", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_MAX_AUTHSESS)); break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_TRANSESS: log.InfoFormat("Number of max Trans Sessions is {0}", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_MAX_TRANSESS)); break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_KEYS: log.InfoFormat("Number of max keys (without EK and SRK) is {0}", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_MAX_KEYS)); break; case CapabilityData.TPMSubCapProperty.TPM_CAP_PROP_MAX_SESSIONS: log.InfoFormat("Number of max Sessions is {0}", response.Parameters.GetValueOf<uint>(CapabilityData.PARAM_PROP_MAX_SESSIONS)); break; default: throw new NotSupportedException("Defined cap or subcap are not supported"); } } }
private static AuthHandle EstablishOIAP(TPMWrapper tpm) { ILog log = LogManager.GetLogger ("EstablishOIAP"); for (int i = 0; i < 2; i++) { TPMCommandRequest request = new TPMCommandRequest (TPMCommandNames.TPM_CMD_OIAP, new Parameters ()); TPMCommandResponse response = tpm.Process (request); AuthHandle myAuthHandle = response.Parameters.GetValueOf<AuthHandle> ("auth_handle"); // Parameters parameters = new Parameters (); // parameters.AddValue ("handle", myAuthHandle); // TPMCommandRequest requestFlush = new TPMCommandRequest (TPMCommandNames.TPM_CMD_FLUSH_SPECIFIC, parameters); // tpm.Process (requestFlush); //return myAuthHandle; } Parameters listHandlesParameters = new Parameters (); listHandlesParameters.AddPrimitiveType ("capArea", CapabilityData.TPMCapabilityArea.TPM_CAP_HANDLE); listHandlesParameters.AddPrimitiveType ("handle_type", TPMResourceType.TPM_RT_AUTH); TPMCommandRequest listHandlesRequest = new TPMCommandRequest (TPMCommandNames.TPM_CMD_GetCapability, listHandlesParameters); TPMCommandResponse listHandlesResponse = tpm.Process (listHandlesRequest); HandleList loadedKeyHandles = listHandlesResponse.Parameters.GetValueOf<HandleList> ("handles"); return null; }
public void Init(bool forEncryption, ICipherParameters parameters) { _forEncryption = forEncryption; if(forEncryption) { _encryptor = _keyHandle.PublicKey.CreateRSAEncrypter(); Parameters bindParameters = new Parameters(); bindParameters.AddPrimitiveType("type", "request_prefix"); TPMCommandRequest bindPrefixRequest = new TPMCommandRequest( TPMCommandNames.TPM_CMD_Bind, bindParameters); _prefix = _session.DoTPMCommandRequest(bindPrefixRequest).Parameters.GetValueOf<byte[]>("prefix"); } }