| // This file was extracted from the TCG Published |
| // Trusted Platform Module Library |
| // Part 3: Commands |
| // Family "2.0" |
| // Level 00 Revision 01.16 |
| // October 30, 2014 |
| |
| #include "InternalRoutines.h" |
| #include "PolicySecret_fp.h" |
| #include "Policy_spt_fp.h" |
| // |
| // |
| // Error Returns Meaning |
| // |
| // TPM_RC_CPHASH cpHash for policy was previously set to a value that is not the same |
| // as cpHashA |
| // TPM_RC_EXPIRED expiration indicates a time in the past |
| // TPM_RC_NONCE nonceTPM does not match the nonce associated with policySession |
| // TPM_RC_SIZE cpHashA is not the size of a digest for the hash associated with |
| // policySession |
| // TPM_RC_VALUE input policyID or expiration does not match the internal data in policy |
| // session |
| // |
| TPM_RC |
| TPM2_PolicySecret( |
| PolicySecret_In *in, // IN: input parameter list |
| PolicySecret_Out *out // OUT: output parameter list |
| ) |
| { |
| TPM_RC result; |
| SESSION *session; |
| TPM2B_NAME entityName; |
| UINT32 expiration = (in->expiration < 0) |
| ? -(in->expiration) : in->expiration; |
| UINT64 authTimeout = 0; |
| |
| // Input Validation |
| |
| // Get pointer to the session structure |
| session = SessionGet(in->policySession); |
| |
| //Only do input validation if this is not a trial policy session |
| if(session->attributes.isTrialPolicy == CLEAR) |
| { |
| |
| if(expiration != 0) |
| authTimeout = expiration * 1000 + session->startTime; |
| |
| result = PolicyParameterChecks(session, authTimeout, |
| &in->cpHashA, &in->nonceTPM, |
| RC_PolicySecret_nonceTPM, |
| RC_PolicySecret_cpHashA, |
| RC_PolicySecret_expiration); |
| if(result != TPM_RC_SUCCESS) |
| return result; |
| } |
| |
| // Internal Data Update |
| // Need the name of the authorizing entity |
| entityName.t.size = EntityGetName(in->authHandle, &entityName.t.name); |
| |
| // Update policy context with input policyRef and name of auth key |
| // This value is computed even for trial sessions. Possibly update the cpHash |
| PolicyContextUpdate(TPM_CC_PolicySecret, &entityName, &in->policyRef, |
| &in->cpHashA, authTimeout, session); |
| |
| // Command Output |
| |
| // Create ticket and timeout buffer if in->expiration < 0 and this is not |
| // a trial session. |
| // NOTE: PolicyParameterChecks() makes sure that nonceTPM is present |
| // when expiration is non-zero. |
| if( in->expiration < 0 |
| && session->attributes.isTrialPolicy == CLEAR |
| ) |
| { |
| // Generate timeout buffer. The format of output timeout buffer is |
| // TPM-specific. |
| // Note: can't do a direct copy because the output buffer is a byte |
| // array and it may not be aligned to accept a 64-bit value. The method |
| // used has the side-effect of making the returned value a big-endian, |
| // 64-bit value that is byte aligned. |
| out->timeout.t.size = sizeof(UINT64); |
| UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer); |
| |
| // Compute policy ticket |
| TicketComputeAuth(TPM_ST_AUTH_SECRET, EntityGetHierarchy(in->authHandle), |
| authTimeout, &in->cpHashA, &in->policyRef, |
| &entityName, &out->policyTicket); |
| } |
| else |
| { |
| // timeout buffer is null |
| out->timeout.t.size = 0; |
| |
| // auth ticket is null |
| out->policyTicket.tag = TPM_ST_AUTH_SECRET; |
| out->policyTicket.hierarchy = TPM_RH_NULL; |
| out->policyTicket.digest.t.size = 0; |
| } |
| |
| return TPM_RC_SUCCESS; |
| } |