/// <summary> /// Selects the specified tpm device (if the authenticated user has the permission) /// </summary> /// <param name="subsystem"></param> /// <param name="requestContext"></param> private void HandleSelectTPMRequest(TPMSubsystem subsystem, RequestContext <SelectTPMRequest, SelectTPMResponse> requestContext) { if (!AssertUserAuthentication("select_" + requestContext.Request.TPMIdentifier, requestContext.CreateResponse())) { return; } SelectTPMResponse response = requestContext.CreateResponse(); if (ServerContext.TPMContexts.ContainsKey(requestContext.Request.TPMIdentifier) == false) { response.Succeeded = false; response.SetKnownErrorCode(TPMSubsystemResponseBase.ErrorCodeEnum.TPMDeviceNotFound); response.Execute(); return; } lock (_selectedTPMs) { int myId = (++_maxTPMIdentifier); _selectedTPMs.Add(myId, ServerContext.TPMContexts[requestContext.Request.TPMIdentifier]); response.TPMSessionIdentifier = myId; } response.Execute(); }
/// <summary> /// Retrieves informations about keys /// </summary> /// <param name="subsystem"></param> /// <param name="requestContext"></param> private void HandleKeyInfoRequest(TPMSubsystem subsystem, RequestContext <KeyInfoRequest, KeyInfoResponse> requestContext) { TPMContext tpmContext; KeyInfoResponse response; lock (_selectedTPMs) { if (_selectedTPMs.ContainsKey(requestContext.Request.TPMIdentifier) == false) { response = requestContext.CreateResponse(); response.Succeeded = false; response.SetKnownErrorCode(TPMSubsystemResponseBase.ErrorCodeEnum.TPMIdentifierNotValid); response.Execute(); return; } tpmContext = _selectedTPMs[requestContext.Request.TPMIdentifier]; } if (!AssertUserAuthentication("key_info_" + _selectedTPMs[requestContext.Request.TPMIdentifier].DeviceName, requestContext.CreateResponse())) { return; } KeyManagerHelper keyManagerHelper = new KeyManagerHelper(ServerContext, tpmContext, requestContext.Request.TPMIdentifier, new CommandAuthorizationHelper(ServerContext, requestContext.Request.TPMIdentifier, tpmContext)); if (keyManagerHelper.ContainsIdentifier(requestContext.Request.KeyIdentifier) == false) { response = requestContext.CreateResponse(); response.Succeeded = false; response.SetKnownErrorCode(TPMSubsystemResponseBase.ErrorCodeEnum.NotAValidKeyIdentifier); response.Execute(); return; } byte[] keyBlob = keyManagerHelper.GetKeyBlob(requestContext.Request.KeyIdentifier); response = requestContext.CreateResponse(); response.Succeeded = true; response.TPMKey = TPMKeyCore.CreateFromBytes(keyBlob); response.Execute(); }
/// <summary> /// Lists all available TPM devices, that can be accessed by the authenticated user /// </summary> /// <param name="subsystem"></param> /// <param name="requestContext"></param> private void HandleListTPMsRequest(TPMSubsystem subsystem, RequestContext <ListTPMsRequest, ListTPMsResponse> requestContext) { if (!AssertUserAuthentication(null, requestContext.CreateResponse())) { return; } List <string> tpmDevices = new List <string> (); foreach (KeyValuePair <string, TPMContext> ctx in ServerContext.TPMContexts) { if (IsAllowedToUseTPMDevice(ctx.Key)) { tpmDevices.Add(ctx.Key); } } ListTPMsResponse response = requestContext.CreateResponse(); response.TPMDevices = tpmDevices.ToArray(); response.Execute(); }
private void HandleTPMRequest(TPMSubsystem subsystem, RequestContext <TPMRequest, TPMResponse> requestContext) { if (!AssertUserAuthentication(null, requestContext.CreateResponse())) { return; } TPMContext tpmContext; TPMResponse response; lock (_selectedTPMs) { if (_selectedTPMs.ContainsKey(requestContext.Request.TPMIdentifier) == false) { response = requestContext.CreateResponse(); response.Succeeded = false; response.SetKnownErrorCode(TPMSubsystemResponseBase.ErrorCodeEnum.TPMIdentifierNotValid); response.Execute(); return; } tpmContext = _selectedTPMs[requestContext.Request.TPMIdentifier]; } string commandIdentifier = requestContext.Request.CommandRequest.CommandIdentifier; if (IsAllowedToRunCommand(commandIdentifier, tpmContext) == false) { response = requestContext.CreateResponse(); response.Succeeded = false; response.SetKnownCommonError(SubsystemResponse.CommonErrorCodes.NotPermitted); response.Execute(); return; } _logger.DebugFormat("Executing {0}", requestContext.Request.CommandRequest.CommandIdentifier); response = requestContext.CreateResponse(); try { TPMCommandResponse commandResponse; //Locking here is not a good idea, because the Process method //block until the final command is executed. This could take a long time, //because the user might be asked to authenticate several commands //lock (tpmContext) //{ ICommandAuthorizationHelper commandAuthHelper = new CommandAuthorizationHelper(ServerContext, requestContext.Request.TPMIdentifier, tpmContext); commandResponse = tpmContext.TPM.Process(requestContext.Request.CommandRequest, commandAuthHelper, new KeyManagerHelper(ServerContext, tpmContext, requestContext.Request.TPMIdentifier, commandAuthHelper)); //} response.CommandResponse = commandResponse; response.Execute(); } catch (Exception ex) { _logger.FatalFormat("Error processing TPMRequest: {0}", ex); response.Succeeded = false; response.CustomErrorMessage = ex.Message; response.Execute(); } }