1 // This file was extracted from the TCG Published 2 // Trusted Platform Module Library 3 // Part 3: Commands 4 // Family "2.0" 5 // Level 00 Revision 01.16 6 // October 30, 2014 7 8 #include "InternalRoutines.h" 9 #include "PolicySecret_fp.h" 10 #include "Policy_spt_fp.h" 11 // 12 // 13 // Error Returns Meaning 14 // 15 // TPM_RC_CPHASH cpHash for policy was previously set to a value that is not the same 16 // as cpHashA 17 // TPM_RC_EXPIRED expiration indicates a time in the past 18 // TPM_RC_NONCE nonceTPM does not match the nonce associated with policySession 19 // TPM_RC_SIZE cpHashA is not the size of a digest for the hash associated with 20 // policySession 21 // TPM_RC_VALUE input policyID or expiration does not match the internal data in policy 22 // session 23 // 24 TPM_RC 25 TPM2_PolicySecret( 26 PolicySecret_In *in, // IN: input parameter list 27 PolicySecret_Out *out // OUT: output parameter list 28 ) 29 { 30 TPM_RC result; 31 SESSION *session; 32 TPM2B_NAME entityName; 33 UINT32 expiration = (in->expiration < 0) 34 ? -(in->expiration) : in->expiration; 35 UINT64 authTimeout = 0; 36 37 // Input Validation 38 39 // Get pointer to the session structure 40 session = SessionGet(in->policySession); 41 42 //Only do input validation if this is not a trial policy session 43 if(session->attributes.isTrialPolicy == CLEAR) 44 { 45 46 if(expiration != 0) 47 authTimeout = expiration * 1000 + session->startTime; 48 49 result = PolicyParameterChecks(session, authTimeout, 50 &in->cpHashA, &in->nonceTPM, 51 RC_PolicySecret_nonceTPM, 52 RC_PolicySecret_cpHashA, 53 RC_PolicySecret_expiration); 54 if(result != TPM_RC_SUCCESS) 55 return result; 56 } 57 58 // Internal Data Update 59 // Need the name of the authorizing entity 60 entityName.t.size = EntityGetName(in->authHandle, &entityName.t.name); 61 62 // Update policy context with input policyRef and name of auth key 63 // This value is computed even for trial sessions. Possibly update the cpHash 64 PolicyContextUpdate(TPM_CC_PolicySecret, &entityName, &in->policyRef, 65 &in->cpHashA, authTimeout, session); 66 67 // Command Output 68 69 // Create ticket and timeout buffer if in->expiration < 0 and this is not 70 // a trial session. 71 // NOTE: PolicyParameterChecks() makes sure that nonceTPM is present 72 // when expiration is non-zero. 73 if( in->expiration < 0 74 && session->attributes.isTrialPolicy == CLEAR 75 ) 76 { 77 // Generate timeout buffer. The format of output timeout buffer is 78 // TPM-specific. 79 // Note: can't do a direct copy because the output buffer is a byte 80 // array and it may not be aligned to accept a 64-bit value. The method 81 // used has the side-effect of making the returned value a big-endian, 82 // 64-bit value that is byte aligned. 83 out->timeout.t.size = sizeof(UINT64); 84 UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer); 85 86 // Compute policy ticket 87 TicketComputeAuth(TPM_ST_AUTH_SECRET, EntityGetHierarchy(in->authHandle), 88 authTimeout, &in->cpHashA, &in->policyRef, 89 &entityName, &out->policyTicket); 90 } 91 else 92 { 93 // timeout buffer is null 94 out->timeout.t.size = 0; 95 96 // auth ticket is null 97 out->policyTicket.tag = TPM_ST_AUTH_SECRET; 98 out->policyTicket.hierarchy = TPM_RH_NULL; 99 out->policyTicket.digest.t.size = 0; 100 } 101 102 return TPM_RC_SUCCESS; 103 } 104
