public static ProtectedPasswordStorage ReadPassword(string hintText, TPMConsole console, bool retypePw) { console.Out.Write (hintText); ConsoleKeyInfo consoleKeyInfo; ProtectedPasswordStorage[] pws; if(retypePw) pws = new ProtectedPasswordStorage[] { new ProtectedPasswordStorage (), new ProtectedPasswordStorage () }; else pws = new ProtectedPasswordStorage[] { new ProtectedPasswordStorage() }; for (int i = 0; i < pws.Length; i++) { ProtectedPasswordStorage pw = pws[i]; if (i == 1) console.Out.Write ("Retype password:"******"Error: Passwords do not match!"); return null; } }
public static void Main(string[] args) { // Establish Connections IDictionary<string, TPMSession> sessions = XMLConfiguration.EstablischConnection(base_path + "ClientConfigXml/UnixSocketDeviceLin.xml"); // Create one keystore per opened session //foreach (TPMSession tpmSes in sessions.Values) // tpmSes.Keystore = new InMemoryKeystore(); TPMSession sessionToUse = sessions["local0"]; // sessionToUse.SetRequestSecretCallback(RequestSecret); ProtectedPasswordStorage pws = new ProtectedPasswordStorage(); pws.WellKnown(); sessionToUse.AdministrationClient.TakeOwnership(ConsoleUtils.ReadPassword("Owner Password: "******"PCRS = " + sessionToUse.CapabilityClient.GetPCRCount()); }
public void TakeOwnership(ProtectedPasswordStorage ownerSecret, ProtectedPasswordStorage srkSecret) { _tpmSession.SetValue ("secret_" + TPMSession.PARAM_AUTH_OWNER, ownerSecret); _tpmSession.SetValue ("secret_" + TPMSession.PARAM_AUTH_SRK, srkSecret); IAsymmetricBlockCipher ekEncryptor = _tpmSession.EndorsementKeyHandling.PublicKey.CreateRSAEncrypter (); ownerSecret.DecryptHash (); byte[] encOwnerSecret = ekEncryptor.ProcessBlock (ownerSecret.HashValue, 0, ownerSecret.HashValue.Length); ownerSecret.ClearHash (); srkSecret.DecryptHash (); byte[] encSrkSecret = ekEncryptor.ProcessBlock (srkSecret.HashValue, 0, srkSecret.HashValue.Length); srkSecret.ClearHash (); Parameters parameters = new Parameters (); parameters.AddPrimitiveType (PARAM_OWNERAUTH, encOwnerSecret); parameters.AddPrimitiveType (PARAM_SRKAUTH, encSrkSecret); /*TPMCommandResponse response = */BuildDoVerifyRequest (TPMCommandNames.TPM_CMD_TakeOwnership, parameters); }
public bool EqualPassword(ProtectedPasswordStorage obj) { if (obj == null) { return(false); } IntPtr plain1 = Marshal.SecureStringToBSTR(_plainPassword); IntPtr plain2 = Marshal.SecureStringToBSTR(obj._plainPassword); try { unsafe { int currentIndex = 0; while (true) { char char1 = ((char *)plain1)[currentIndex]; char char2 = ((char *)plain2)[currentIndex]; if (char1 != char2) { return(false); } else if (char1 == 0 || char2 == 0) { return(true); } currentIndex++; } } } finally { Marshal.ZeroFreeBSTR(plain1); Marshal.ZeroFreeBSTR(plain2); } }
public static ProtectedPasswordStorage ReadPassword(string hintText) { Console.Write (hintText); ConsoleKeyInfo consoleKeyInfo; ProtectedPasswordStorage pws = new ProtectedPasswordStorage(); while (true) { consoleKeyInfo = Console.ReadKey(true); if (consoleKeyInfo.Key == ConsoleKey.Enter) { Console.WriteLine (); return pws; } else if (consoleKeyInfo.Key == ConsoleKey.Escape) { Console.WriteLine (); return null; } else pws.AppendPasswordChar (consoleKeyInfo.KeyChar); } }
/// <summary> /// Constructs a new SealBlockCipher with the specified arguments and caches the specified seal auth value /// </summary> /// <param name="keyHandle"></param> /// <param name="session"></param> /// <param name="sealAuth"></param> public SealBlockCipher(ClientKeyHandle keyHandle, TPMSession session, TPMPCRSelection pcrSelection, ProtectedPasswordStorage sealAuth) : this(keyHandle, session, pcrSelection) { _session.SetValue("secret_seal_" + _keyHandle.FriendlyName + "_" + _myId.ToString(), sealAuth); }
public HMACProvider(ProtectedPasswordStorage key) : base("HMACSHA1") { key.DecryptHash(); HMACAlgorithm.Key = key.HashValue; }
static ProtectedPasswordStorage RequestSecret(HMACKeyInfo keyInfo) { if(keyInfo.KeyType == HMACKeyInfo.HMACKeyType.SrkSecret) { ProtectedPasswordStorage secret = new ProtectedPasswordStorage(); secret.WellKnown(); return secret; } ProtectedPasswordStorage pws = new ProtectedPasswordStorage(); pws.AppendPasswordChar('I'); pws.AppendPasswordChar('A'); pws.AppendPasswordChar('I'); pws.AppendPasswordChar('K'); return pws; }
public override void Execute(string[] commandline) { if (commandline.Length < 2) { _console.Out.WriteLine ("Error: [local_session_alias] not specified"); return; } else if (commandline.Length < 3) { _console.Out.WriteLine ("Error: [command] not specified"); return; } ClientContext ctx = _console.GetValue<ClientContext> ("client_context", null); if (ctx == null) { _console.Out.WriteLine ("No active connection was found"); return; } string localAlias = commandline[1]; string keyCommand = commandline[2]; IDictionary<string, TPMSession> tpmSessions = _console.GetValue<IDictionary<string, TPMSession>> ("tpm_sessions", null); if (tpmSessions == null || tpmSessions.ContainsKey (localAlias) == false) { _console.Out.WriteLine ("Error: Specified local alias was not found"); return; } if (keyCommand == "clear") { List<string> toRemove = new List<string>(); foreach(string key in tpmSessions[localAlias].ListValueKeys()) { if(key.StartsWith("secret_")) toRemove.Add(key); } foreach(string key in toRemove) { tpmSessions[localAlias].ClearValue(key); } } else if (keyCommand == "remove") { IDictionary<string, string> arguments = null; if(commandline.Length >= 4) arguments = _console.SplitArguments(commandline[3], 0); if(commandline.Length < 4 || arguments.ContainsKey("type") == false) { _console.Out.WriteLine("Error: No type to remove specified"); return; } tpmSessions[localAlias].ClearValue("secret_" + arguments["type"]); } else if(keyCommand == "add") { if(commandline.Length < 4) { _console.Out.WriteLine("Error: No arguments specified"); return; } IDictionary<string, string> arguments = _console.SplitArguments(commandline[3], 0); if(arguments.ContainsKey("type") == false) { _console.Out.WriteLine("Error: No type specified"); return; } string dictKey = arguments["type"]; HMACKeyInfo keyInfo; Parameters hmacKeyInfoParams = new Parameters(); if(dictKey == "owner") { dictKey = TPMSession.PARAM_AUTH_OWNER; keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.OwnerSecret, hmacKeyInfoParams); } else if(dictKey == "srk") { dictKey = TPMSession.PARAM_AUTH_SRK; keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SrkSecret, hmacKeyInfoParams); } else if(dictKey == "key_usage") { if(arguments.ContainsKey("name") == false) { _console.Out.WriteLine("Error: key_usage requires name of key"); return; } dictKey = "usage_" + arguments["name"]; hmacKeyInfoParams.AddPrimitiveType("identifier", arguments["name"]); keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.KeyUsageSecret, hmacKeyInfoParams); } else if(dictKey == "seal") { if(arguments.ContainsKey("name") == false) { _console.Out.WriteLine("Error: seal requires name of key"); return; } dictKey = "seal_" + arguments["name"]; hmacKeyInfoParams.AddPrimitiveType("identifier", arguments["name"]); keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.SealAuth, hmacKeyInfoParams); } else if(dictKey == "counter") { dictKey = "counter"; keyInfo = new HMACKeyInfo(HMACKeyInfo.HMACKeyType.CounterSecret, new Parameters()); } else { _console.Out.WriteLine("Error: Unknown secret type"); return; } ProtectedPasswordStorage pw; if(arguments.ContainsKey("secret")) { pw = new ProtectedPasswordStorage(); foreach(char c in arguments["secret"]) pw.AppendPasswordChar(c); } else { tpmSessions[localAlias].ClearValue("secret_" + dictKey); pw = tpmSessions[localAlias].RequestSecret(keyInfo); } pw.Hash(); tpmSessions[localAlias].SetValue("secret_" + dictKey, pw); } else _console.Out.WriteLine ("Error, unknown command '{0}'", commandline[2]); }
public override void Execute(string[] commandline) { if (commandline.Length < 2) _console.Out.WriteLine ("Error: [local_alias] not specified"); else if (commandline.Length < 3) _console.Out.WriteLine ("Error: [admin_subcommand] not specified"); ClientContext ctx = _console.GetValue<ClientContext> ("client_context", null); if (ctx == null) { _console.Out.WriteLine ("No active connection was found"); return; } string localAlias = commandline[1]; string adminCommand = commandline[2]; IDictionary<string, TPMSession> tpmSessions = _console.GetValue<IDictionary<string, TPMSession>> ("tpm_sessions", null); if (tpmSessions == null || tpmSessions.ContainsKey (localAlias) == false) { _console.Out.WriteLine ("Error: Specified local alias was not found"); return; } if (adminCommand == "take_ownership") { ProtectedPasswordStorage ownerAuth; if(commandline.Length >= 4) { ownerAuth = new ProtectedPasswordStorage(); foreach(char c in commandline[3]) ownerAuth.AppendPasswordChar(c); } else ownerAuth = Utils.ReadPassword ("Enter new owner password:"******"Enter new srk password:"******"Request aborted"); return; } ownerAuth.Hash (); srkAuth.Hash (); tpmSessions[localAlias].AdministrationClient.TakeOwnership (ownerAuth, srkAuth); } else if(adminCommand == "owner_clear") { tpmSessions[localAlias].AdministrationClient.ClearOwner(); } else _console.Out.WriteLine ("Error, unknown admin_subcommand '{0}'", adminCommand); }
/// <summary> /// Creates an IAsymmetricBlockCipher for sealing for this key. This is only valid for storage keys /// </summary> /// <param name="pcrSelection"> </param> /// <returns></returns> public IAsymmetricBlockCipher CreateSealBlockCipher(TPMPCRSelection pcrSelection, ProtectedPasswordStorage sealAuth) { return new SealBlockCipher(this, _tpmSession, pcrSelection, sealAuth); }
public bool EqualPassword(ProtectedPasswordStorage obj) { if (obj == null) return false; IntPtr plain1 = Marshal.SecureStringToBSTR (_plainPassword); IntPtr plain2 = Marshal.SecureStringToBSTR (obj._plainPassword); try { unsafe { int currentIndex = 0; while (true) { char char1 = ((char*)plain1)[currentIndex]; char char2 = ((char*)plain2)[currentIndex]; if (char1 != char2) return false; else if (char1 == 0 || char2 == 0) return true; currentIndex++; } } } finally { Marshal.ZeroFreeBSTR (plain1); Marshal.ZeroFreeBSTR (plain2); } }
public static ProtectedPasswordStorage mycallback(HMACKeyInfo keyInfo) { // We use the empty string as password ... ProtectedPasswordStorage pws = new ProtectedPasswordStorage(); pws.AppendPasswordChar('i'); pws.AppendPasswordChar('a'); pws.AppendPasswordChar('i'); pws.AppendPasswordChar('k'); return pws; }
public HMACProvider(ProtectedPasswordStorage key) : base("HMACSHA1") { key.DecryptHash(); HMACAlgorithm.Key = key.HashValue; }
static ProtectedPasswordStorage RequestSecret(HMACKeyInfo keyInfo) { if(keyInfo.KeyType == HMACKeyInfo.HMACKeyType.SrkSecret) { ProtectedPasswordStorage secret = new ProtectedPasswordStorage(); secret.WellKnown(); return secret; } return ConsoleUtils.ReadPassword(String.Format("Please enter Passwd for key {0}: ", keyInfo.Parameters.GetValueOf<string>("identifier"))); }