/// <summary> /// This is called from TpmPolicySigned when an external caller must sign the session data. /// </summary> /// <returns></returns> internal ISignatureUnion ExecuteSignerCallback(TpmPolicySigned ace, byte[] nonceTpm, out TpmPublic verificationKey) { if (SignerCallback == null) { throw new Exception("No policy signer callback installed."); } ISignatureUnion signature = SignerCallback(this, ace, nonceTpm, out verificationKey); return(signature); }
/// <summary> /// This is called from TpmPolicySigned when an external caller must sign the session data. /// </summary> /// <returns></returns> internal ISignatureUnion ExecuteSignerCallback(TpmPolicySigned ace, byte[] nonceTpm, out TpmPublic verificationKey) { if (SignerCallback == null) { Globs.Throw("No policy signer callback installed."); verificationKey = new TpmPublic(); return(null); } return(SignerCallback(this, ace, nonceTpm, out verificationKey)); }
/// <summary> /// The callback to sign the TpmPolicySignature challenge from the TPM. /// </summary> /// <param name="policyTree">The policy tree to check.</param> /// <param name="ace">The policy element (TpmPolicySignature) to evaluate.</param> /// <param name="nonceTpm">The nonce from the TPM.</param> /// <returns>Signature of the nonce.</returns> public static ISignatureUnion SignerCallback(PolicyTree policyTree, TpmPolicySigned ace, byte[] nonceTpm, out TpmPublic verificationKey) { // // This function checks the parameters of the associated TpmPolicySigned // ACE, and if they are those expected the TPM challenge is signed. // Note that policy expressions are often obtained from untrustworthy // sources, so it is important for key-holders to check what they // are bing asked to do before signing anything. // // // The policy just contains the name of the signature verification key, however the // TPM needs the actual public key to verify the signature. Check that the name // matches, and if it does return the public key. // byte[] expectedName = _publicSigningKey.GetPublicParms().GetName(); if (!expectedName.SequenceEqual(ace.AuthObjectName)) { throw new Exception("Unexpected name in policy."); } verificationKey = _publicSigningKey.GetPublicParms(); // // Check that the key is the one that we expect // if (ace.NodeId != "Signing Key 1") { throw new Exception("Unrecognized key"); } // // Check that nonceTom is not null (otherwise anything we sign can // be used for any session). // if (nonceTpm.Length == 0) { throw new Exception("Sign challenges with expiration time need nonce."); } // // Check PolicyRef and cpHash are what we want to sign // if (ace.CpHash.Length != 0) { throw new Exception("I only sign null-cpHash"); } if (!ace.PolicyRef.SequenceEqual(new byte[] { 1, 2, 3, 4 })) { throw new Exception("Incorrect PolicyRef"); } // // And finally check that the expiration is set correctly. Check for // positive values (simple signing policy) and negative values (sining // policy with ticket). // if (ace.ExpirationTime != _expectedExpirationTime) { throw new Exception("Unexpected expiration time"); } // // Everything is OK, so get a formatted bloc containing the challenge // data and then sign it. // byte[] dataStructureToSign = PolicyTree.GetDataStructureToSign(ace.ExpirationTime, nonceTpm, ace.CpHash, ace.PolicyRef); ISignatureUnion signature = _publicSigningKey.Sign(dataStructureToSign); return signature; }
/// <summary> /// This is called from TpmPolicySigned when an external caller must sign the session data. /// </summary> /// <returns></returns> internal ISignatureUnion ExecuteSignerCallback(TpmPolicySigned ace, byte[] nonceTpm, out TpmPublic verificationKey) { if (SignerCallback == null) { Globs.Throw("No policy signer callback installed."); verificationKey = new TpmPublic(); return null; } ISignatureUnion signature = SignerCallback(this, ace, nonceTpm, out verificationKey); return signature; }