/// <summary>
/// This is called from TpmPolicySigned when an external caller must sign the session data.
/// </summary>
/// <returns></returns>
internal ISignatureUnion ExecuteSignerCallback(TpmPolicySigned ace, byte[] nonceTpm, out TpmPublic verificationKey)
{
if (SignerCallback == null)
{
throw new Exception("No policy signer callback installed.");
}
ISignatureUnion signature = SignerCallback(this, ace, nonceTpm, out verificationKey);
return(signature);
}
/// <summary>
/// This is called from TpmPolicySigned when an external caller must sign the session data.
/// </summary>
/// <returns></returns>
internal ISignatureUnion ExecuteSignerCallback(TpmPolicySigned ace, byte[] nonceTpm,
out TpmPublic verificationKey)
{
if (SignerCallback == null)
{
Globs.Throw("No policy signer callback installed.");
verificationKey = new TpmPublic();
return(null);
}
return(SignerCallback(this, ace, nonceTpm, out verificationKey));
}
/// <summary>
/// The callback to sign the TpmPolicySignature challenge from the TPM.
/// </summary>
/// <param name="policyTree">The policy tree to check.</param>
/// <param name="ace">The policy element (TpmPolicySignature) to evaluate.</param>
/// <param name="nonceTpm">The nonce from the TPM.</param>
/// <returns>Signature of the nonce.</returns>
public static ISignatureUnion SignerCallback(PolicyTree policyTree, TpmPolicySigned ace,
byte[] nonceTpm, out TpmPublic verificationKey)
{
//
// This function checks the parameters of the associated TpmPolicySigned
// ACE, and if they are those expected the TPM challenge is signed.
// Note that policy expressions are often obtained from untrustworthy
// sources, so it is important for key-holders to check what they
// are bing asked to do before signing anything.
//
//
// The policy just contains the name of the signature verification key, however the
// TPM needs the actual public key to verify the signature. Check that the name
// matches, and if it does return the public key.
//
byte[] expectedName = _publicSigningKey.GetPublicParms().GetName();
if (!expectedName.SequenceEqual(ace.AuthObjectName))
{
throw new Exception("Unexpected name in policy.");
}
verificationKey = _publicSigningKey.GetPublicParms();
//
// Check that the key is the one that we expect
//
if (ace.NodeId != "Signing Key 1")
{
throw new Exception("Unrecognized key");
}
//
// Check that nonceTom is not null (otherwise anything we sign can
// be used for any session).
//
if (nonceTpm.Length == 0)
{
throw new Exception("Sign challenges with expiration time need nonce.");
}
//
// Check PolicyRef and cpHash are what we want to sign
//
if (ace.CpHash.Length != 0)
{
throw new Exception("I only sign null-cpHash");
}
if (!ace.PolicyRef.SequenceEqual(new byte[] { 1, 2, 3, 4 }))
{
throw new Exception("Incorrect PolicyRef");
}
//
// And finally check that the expiration is set correctly. Check for
// positive values (simple signing policy) and negative values (sining
// policy with ticket).
//
if (ace.ExpirationTime != _expectedExpirationTime)
{
throw new Exception("Unexpected expiration time");
}
//
// Everything is OK, so get a formatted bloc containing the challenge
// data and then sign it.
//
byte[] dataStructureToSign = PolicyTree.GetDataStructureToSign(ace.ExpirationTime,
nonceTpm,
ace.CpHash,
ace.PolicyRef);
ISignatureUnion signature = _publicSigningKey.Sign(dataStructureToSign);
return signature;
}
/// <summary>
/// This is called from TpmPolicySigned when an external caller must sign the session data.
/// </summary>
/// <returns></returns>
internal ISignatureUnion ExecuteSignerCallback(TpmPolicySigned ace, byte[] nonceTpm, out TpmPublic verificationKey)
{
if (SignerCallback == null)
{
Globs.Throw("No policy signer callback installed.");
verificationKey = new TpmPublic();
return null;
}
ISignatureUnion signature = SignerCallback(this, ace, nonceTpm, out verificationKey);
return signature;
}
