/* SPDX-License-Identifier: BSD-2-Clause */ /***********************************************************************; * Copyright (c) 2015 - 2017, Intel Corporation * All rights reserved. ***********************************************************************/ #ifdef HAVE_CONFIG_H #include #endif #include "tss2_tpm2_types.h" #include "tss2_mu.h" #include "sysapi_util.h" TSS2_RC Tss2_Sys_PolicyAuthorize_Prepare( TSS2_SYS_CONTEXT *sysContext, TPMI_SH_POLICY policySession, const TPM2B_DIGEST *approvedPolicy, const TPM2B_NONCE *policyRef, const TPM2B_NAME *keySign, const TPMT_TK_VERIFIED *checkTicket) { _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext); TSS2_RC rval; if (!ctx || !checkTicket) return TSS2_SYS_RC_BAD_REFERENCE; rval = CommonPreparePrologue(ctx, TPM2_CC_PolicyAuthorize); if (rval) return rval; rval = Tss2_MU_UINT32_Marshal(policySession, ctx->cmdBuffer, ctx->maxCmdSize, &ctx->nextData); if (rval) return rval; if (!approvedPolicy) { ctx->decryptNull = 1; rval = Tss2_MU_UINT16_Marshal(0, ctx->cmdBuffer, ctx->maxCmdSize, &ctx->nextData); } else { rval = Tss2_MU_TPM2B_DIGEST_Marshal(approvedPolicy, ctx->cmdBuffer, ctx->maxCmdSize, &ctx->nextData); } if (rval) return rval; if (!policyRef) { rval = Tss2_MU_UINT16_Marshal(0, ctx->cmdBuffer, ctx->maxCmdSize, &ctx->nextData); } else { rval = Tss2_MU_TPM2B_NONCE_Marshal(policyRef, ctx->cmdBuffer, ctx->maxCmdSize, &ctx->nextData); } if (rval) return rval; if (!keySign) { rval = Tss2_MU_UINT16_Marshal(0, ctx->cmdBuffer, ctx->maxCmdSize, &ctx->nextData); } else { rval = Tss2_MU_TPM2B_NAME_Marshal(keySign, ctx->cmdBuffer, ctx->maxCmdSize, &ctx->nextData); } if (rval) return rval; rval = Tss2_MU_TPMT_TK_VERIFIED_Marshal(checkTicket, ctx->cmdBuffer, ctx->maxCmdSize, &ctx->nextData); if (rval) return rval; ctx->decryptAllowed = 1; ctx->encryptAllowed = 0; ctx->authAllowed = 1; return CommonPrepareEpilogue(ctx); } TSS2_RC Tss2_Sys_PolicyAuthorize_Complete ( TSS2_SYS_CONTEXT *sysContext) { _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext); if (!ctx) return TSS2_SYS_RC_BAD_REFERENCE; return CommonComplete(ctx); } TSS2_RC Tss2_Sys_PolicyAuthorize( TSS2_SYS_CONTEXT *sysContext, TPMI_SH_POLICY policySession, TSS2L_SYS_AUTH_COMMAND const *cmdAuthsArray, const TPM2B_DIGEST *approvedPolicy, const TPM2B_NONCE *policyRef, const TPM2B_NAME *keySign, const TPMT_TK_VERIFIED *checkTicket, TSS2L_SYS_AUTH_RESPONSE *rspAuthsArray) { _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext); TSS2_RC rval; if (!checkTicket) return TSS2_SYS_RC_BAD_REFERENCE; rval = Tss2_Sys_PolicyAuthorize_Prepare(sysContext, policySession, approvedPolicy, policyRef, keySign, checkTicket); if (rval) return rval; rval = CommonOneCall(ctx, cmdAuthsArray, rspAuthsArray); if (rval) return rval; return Tss2_Sys_PolicyAuthorize_Complete(sysContext); }