1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /***********************************************************************;
3 * Copyright (c) 2015 - 2017, Intel Corporation
4 * All rights reserved.
5 ***********************************************************************/
6
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include "tss2_tpm2_types.h"
12 #include "tss2_mu.h"
13 #include "sysapi_util.h"
14
Tss2_Sys_PolicySigned_Prepare(TSS2_SYS_CONTEXT * sysContext,TPMI_DH_OBJECT authObject,TPMI_SH_POLICY policySession,const TPM2B_NONCE * nonceTPM,const TPM2B_DIGEST * cpHashA,const TPM2B_NONCE * policyRef,INT32 expiration,const TPMT_SIGNATURE * auth)15 TSS2_RC Tss2_Sys_PolicySigned_Prepare(
16 TSS2_SYS_CONTEXT *sysContext,
17 TPMI_DH_OBJECT authObject,
18 TPMI_SH_POLICY policySession,
19 const TPM2B_NONCE *nonceTPM,
20 const TPM2B_DIGEST *cpHashA,
21 const TPM2B_NONCE *policyRef,
22 INT32 expiration,
23 const TPMT_SIGNATURE *auth)
24 {
25 _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
26 TSS2_RC rval;
27
28 if (!ctx || !auth)
29 return TSS2_SYS_RC_BAD_REFERENCE;
30
31 rval = CommonPreparePrologue(ctx, TPM2_CC_PolicySigned);
32 if (rval)
33 return rval;
34
35 rval = Tss2_MU_UINT32_Marshal(authObject, ctx->cmdBuffer,
36 ctx->maxCmdSize,
37 &ctx->nextData);
38 if (rval)
39 return rval;
40
41 rval = Tss2_MU_UINT32_Marshal(policySession, ctx->cmdBuffer,
42 ctx->maxCmdSize,
43 &ctx->nextData);
44 if (rval)
45 return rval;
46
47 if (!nonceTPM) {
48 ctx->decryptNull = 1;
49
50 rval = Tss2_MU_UINT16_Marshal(0, ctx->cmdBuffer,
51 ctx->maxCmdSize,
52 &ctx->nextData);
53 } else {
54
55 rval = Tss2_MU_TPM2B_NONCE_Marshal(nonceTPM, ctx->cmdBuffer,
56 ctx->maxCmdSize,
57 &ctx->nextData);
58 }
59
60 if (rval)
61 return rval;
62
63 if (!cpHashA) {
64 rval = Tss2_MU_UINT16_Marshal(0, ctx->cmdBuffer,
65 ctx->maxCmdSize,
66 &ctx->nextData);
67
68 } else {
69
70 rval = Tss2_MU_TPM2B_DIGEST_Marshal(cpHashA, ctx->cmdBuffer,
71 ctx->maxCmdSize,
72 &ctx->nextData);
73 }
74
75 if (rval)
76 return rval;
77
78 if (!policyRef) {
79 rval = Tss2_MU_UINT16_Marshal(0, ctx->cmdBuffer,
80 ctx->maxCmdSize,
81 &ctx->nextData);
82
83 } else {
84
85 rval = Tss2_MU_TPM2B_NONCE_Marshal(policyRef, ctx->cmdBuffer,
86 ctx->maxCmdSize,
87 &ctx->nextData);
88 }
89
90 if (rval)
91 return rval;
92
93 rval = Tss2_MU_UINT32_Marshal(expiration, ctx->cmdBuffer,
94 ctx->maxCmdSize,
95 &ctx->nextData);
96 if (rval)
97 return rval;
98
99 rval = Tss2_MU_TPMT_SIGNATURE_Marshal(auth, ctx->cmdBuffer,
100 ctx->maxCmdSize,
101 &ctx->nextData);
102 if (rval)
103 return rval;
104
105 ctx->decryptAllowed = 1;
106 ctx->encryptAllowed = 1;
107 ctx->authAllowed = 1;
108
109 return CommonPrepareEpilogue(ctx);
110 }
111
Tss2_Sys_PolicySigned_Complete(TSS2_SYS_CONTEXT * sysContext,TPM2B_TIMEOUT * timeout,TPMT_TK_AUTH * policyTicket)112 TSS2_RC Tss2_Sys_PolicySigned_Complete(
113 TSS2_SYS_CONTEXT *sysContext,
114 TPM2B_TIMEOUT *timeout,
115 TPMT_TK_AUTH *policyTicket)
116 {
117 _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
118 TSS2_RC rval;
119
120 if (!ctx)
121 return TSS2_SYS_RC_BAD_REFERENCE;
122
123 rval = CommonComplete(ctx);
124 if (rval)
125 return rval;
126
127 rval = Tss2_MU_TPM2B_TIMEOUT_Unmarshal(ctx->cmdBuffer,
128 ctx->maxCmdSize,
129 &ctx->nextData, timeout);
130 if (rval)
131 return rval;
132
133 return Tss2_MU_TPMT_TK_AUTH_Unmarshal(ctx->cmdBuffer,
134 ctx->maxCmdSize,
135 &ctx->nextData, policyTicket);
136 }
137
Tss2_Sys_PolicySigned(TSS2_SYS_CONTEXT * sysContext,TPMI_DH_OBJECT authObject,TPMI_SH_POLICY policySession,TSS2L_SYS_AUTH_COMMAND const * cmdAuthsArray,const TPM2B_NONCE * nonceTPM,const TPM2B_DIGEST * cpHashA,const TPM2B_NONCE * policyRef,INT32 expiration,const TPMT_SIGNATURE * auth,TPM2B_TIMEOUT * timeout,TPMT_TK_AUTH * policyTicket,TSS2L_SYS_AUTH_RESPONSE * rspAuthsArray)138 TSS2_RC Tss2_Sys_PolicySigned(
139 TSS2_SYS_CONTEXT *sysContext,
140 TPMI_DH_OBJECT authObject,
141 TPMI_SH_POLICY policySession,
142 TSS2L_SYS_AUTH_COMMAND const *cmdAuthsArray,
143 const TPM2B_NONCE *nonceTPM,
144 const TPM2B_DIGEST *cpHashA,
145 const TPM2B_NONCE *policyRef,
146 INT32 expiration,
147 const TPMT_SIGNATURE *auth,
148 TPM2B_TIMEOUT *timeout,
149 TPMT_TK_AUTH *policyTicket,
150 TSS2L_SYS_AUTH_RESPONSE *rspAuthsArray)
151 {
152 _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
153 TSS2_RC rval;
154
155 if (!auth)
156 return TSS2_SYS_RC_BAD_REFERENCE;
157
158 rval = Tss2_Sys_PolicySigned_Prepare(sysContext, authObject, policySession, nonceTPM, cpHashA, policyRef, expiration, auth);
159 if (rval)
160 return rval;
161
162 rval = CommonOneCall(ctx, cmdAuthsArray, rspAuthsArray);
163 if (rval)
164 return rval;
165
166 return Tss2_Sys_PolicySigned_Complete(sysContext, timeout, policyTicket);
167 }
168