1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /***********************************************************************;
3 * Copyright (c) 2015 - 2017, Intel Corporation
4 * All rights reserved.
5 ***********************************************************************/
6
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include "tss2_tpm2_types.h"
12 #include "tss2_mu.h"
13 #include "sysapi_util.h"
14
Tss2_Sys_PolicyAuthorize_Prepare(TSS2_SYS_CONTEXT * sysContext,TPMI_SH_POLICY policySession,const TPM2B_DIGEST * approvedPolicy,const TPM2B_NONCE * policyRef,const TPM2B_NAME * keySign,const TPMT_TK_VERIFIED * checkTicket)15 TSS2_RC Tss2_Sys_PolicyAuthorize_Prepare(
16 TSS2_SYS_CONTEXT *sysContext,
17 TPMI_SH_POLICY policySession,
18 const TPM2B_DIGEST *approvedPolicy,
19 const TPM2B_NONCE *policyRef,
20 const TPM2B_NAME *keySign,
21 const TPMT_TK_VERIFIED *checkTicket)
22 {
23 _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
24 TSS2_RC rval;
25
26 if (!ctx || !checkTicket)
27 return TSS2_SYS_RC_BAD_REFERENCE;
28
29 rval = CommonPreparePrologue(ctx, TPM2_CC_PolicyAuthorize);
30 if (rval)
31 return rval;
32
33 rval = Tss2_MU_UINT32_Marshal(policySession, ctx->cmdBuffer,
34 ctx->maxCmdSize,
35 &ctx->nextData);
36 if (rval)
37 return rval;
38
39 if (!approvedPolicy) {
40 ctx->decryptNull = 1;
41
42 rval = Tss2_MU_UINT16_Marshal(0, ctx->cmdBuffer,
43 ctx->maxCmdSize,
44 &ctx->nextData);
45 } else {
46
47 rval = Tss2_MU_TPM2B_DIGEST_Marshal(approvedPolicy, ctx->cmdBuffer,
48 ctx->maxCmdSize,
49 &ctx->nextData);
50 }
51
52 if (rval)
53 return rval;
54
55 if (!policyRef) {
56 rval = Tss2_MU_UINT16_Marshal(0, ctx->cmdBuffer,
57 ctx->maxCmdSize,
58 &ctx->nextData);
59
60 } else {
61
62 rval = Tss2_MU_TPM2B_NONCE_Marshal(policyRef, ctx->cmdBuffer,
63 ctx->maxCmdSize,
64 &ctx->nextData);
65 }
66
67 if (rval)
68 return rval;
69
70 if (!keySign) {
71 rval = Tss2_MU_UINT16_Marshal(0, ctx->cmdBuffer,
72 ctx->maxCmdSize,
73 &ctx->nextData);
74
75 } else {
76
77 rval = Tss2_MU_TPM2B_NAME_Marshal(keySign, ctx->cmdBuffer,
78 ctx->maxCmdSize,
79 &ctx->nextData);
80 }
81
82 if (rval)
83 return rval;
84
85 rval = Tss2_MU_TPMT_TK_VERIFIED_Marshal(checkTicket, ctx->cmdBuffer,
86 ctx->maxCmdSize,
87 &ctx->nextData);
88 if (rval)
89 return rval;
90
91 ctx->decryptAllowed = 1;
92 ctx->encryptAllowed = 0;
93 ctx->authAllowed = 1;
94
95 return CommonPrepareEpilogue(ctx);
96 }
97
Tss2_Sys_PolicyAuthorize_Complete(TSS2_SYS_CONTEXT * sysContext)98 TSS2_RC Tss2_Sys_PolicyAuthorize_Complete (
99 TSS2_SYS_CONTEXT *sysContext)
100 {
101 _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
102
103 if (!ctx)
104 return TSS2_SYS_RC_BAD_REFERENCE;
105
106 return CommonComplete(ctx);
107 }
108
Tss2_Sys_PolicyAuthorize(TSS2_SYS_CONTEXT * sysContext,TPMI_SH_POLICY policySession,TSS2L_SYS_AUTH_COMMAND const * cmdAuthsArray,const TPM2B_DIGEST * approvedPolicy,const TPM2B_NONCE * policyRef,const TPM2B_NAME * keySign,const TPMT_TK_VERIFIED * checkTicket,TSS2L_SYS_AUTH_RESPONSE * rspAuthsArray)109 TSS2_RC Tss2_Sys_PolicyAuthorize(
110 TSS2_SYS_CONTEXT *sysContext,
111 TPMI_SH_POLICY policySession,
112 TSS2L_SYS_AUTH_COMMAND const *cmdAuthsArray,
113 const TPM2B_DIGEST *approvedPolicy,
114 const TPM2B_NONCE *policyRef,
115 const TPM2B_NAME *keySign,
116 const TPMT_TK_VERIFIED *checkTicket,
117 TSS2L_SYS_AUTH_RESPONSE *rspAuthsArray)
118 {
119 _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
120 TSS2_RC rval;
121
122 if (!checkTicket)
123 return TSS2_SYS_RC_BAD_REFERENCE;
124
125 rval = Tss2_Sys_PolicyAuthorize_Prepare(sysContext, policySession,
126 approvedPolicy, policyRef,
127 keySign, checkTicket);
128 if (rval)
129 return rval;
130
131 rval = CommonOneCall(ctx, cmdAuthsArray, rspAuthsArray);
132 if (rval)
133 return rval;
134
135 return Tss2_Sys_PolicyAuthorize_Complete(sysContext);
136 }
137