1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /***********************************************************************;
3  * Copyright (c) 2015 - 2017, Intel Corporation
4  * All rights reserved.
5  ***********************************************************************/
6 
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10 
11 #include "tss2_tpm2_types.h"
12 #include "tss2_mu.h"
13 #include "sysapi_util.h"
14 
Tss2_Sys_PolicySecret_Prepare(TSS2_SYS_CONTEXT * sysContext,TPMI_DH_ENTITY authHandle,TPMI_SH_POLICY policySession,const TPM2B_NONCE * nonceTPM,const TPM2B_DIGEST * cpHashA,const TPM2B_NONCE * policyRef,INT32 expiration)15 TSS2_RC Tss2_Sys_PolicySecret_Prepare(
16     TSS2_SYS_CONTEXT *sysContext,
17     TPMI_DH_ENTITY authHandle,
18     TPMI_SH_POLICY policySession,
19     const TPM2B_NONCE *nonceTPM,
20     const TPM2B_DIGEST *cpHashA,
21     const TPM2B_NONCE *policyRef,
22     INT32 expiration)
23 {
24     _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
25     TSS2_RC rval;
26 
27     if (!ctx)
28         return TSS2_SYS_RC_BAD_REFERENCE;
29 
30     rval = CommonPreparePrologue(ctx, TPM2_CC_PolicySecret);
31     if (rval)
32         return rval;
33 
34     rval = Tss2_MU_UINT32_Marshal(authHandle, ctx->cmdBuffer,
35                                   ctx->maxCmdSize,
36                                   &ctx->nextData);
37     if (rval)
38         return rval;
39 
40     rval = Tss2_MU_UINT32_Marshal(policySession, ctx->cmdBuffer,
41                                   ctx->maxCmdSize,
42                                   &ctx->nextData);
43     if (rval)
44         return rval;
45 
46     if (!nonceTPM) {
47         ctx->decryptNull = 1;
48 
49         rval = Tss2_MU_UINT16_Marshal(0, ctx->cmdBuffer,
50                                       ctx->maxCmdSize,
51                                       &ctx->nextData);
52     } else {
53 
54         rval = Tss2_MU_TPM2B_NONCE_Marshal(nonceTPM, ctx->cmdBuffer,
55                                            ctx->maxCmdSize,
56                                            &ctx->nextData);
57     }
58 
59     if (rval)
60         return rval;
61 
62     if (!cpHashA)
63         rval = Tss2_MU_UINT16_Marshal(0, ctx->cmdBuffer,
64                                       ctx->maxCmdSize,
65                                       &ctx->nextData);
66     else
67         rval = Tss2_MU_TPM2B_DIGEST_Marshal(cpHashA, ctx->cmdBuffer,
68                                             ctx->maxCmdSize,
69                                             &ctx->nextData);
70     if (rval)
71         return rval;
72 
73     if (!policyRef)
74         rval = Tss2_MU_UINT16_Marshal(0, ctx->cmdBuffer,
75                                       ctx->maxCmdSize,
76                                       &ctx->nextData);
77     else
78         rval = Tss2_MU_TPM2B_NONCE_Marshal(policyRef, ctx->cmdBuffer,
79                                            ctx->maxCmdSize,
80                                            &ctx->nextData);
81     if (rval)
82         return rval;
83 
84     rval = Tss2_MU_UINT32_Marshal(expiration, ctx->cmdBuffer,
85                                   ctx->maxCmdSize,
86                                   &ctx->nextData);
87     if (rval)
88         return rval;
89 
90     ctx->decryptAllowed = 1;
91     ctx->encryptAllowed = 1;
92     ctx->authAllowed = 1;
93 
94     return CommonPrepareEpilogue(ctx);
95 }
96 
Tss2_Sys_PolicySecret_Complete(TSS2_SYS_CONTEXT * sysContext,TPM2B_TIMEOUT * timeout,TPMT_TK_AUTH * policyTicket)97 TSS2_RC Tss2_Sys_PolicySecret_Complete(
98     TSS2_SYS_CONTEXT *sysContext,
99     TPM2B_TIMEOUT *timeout,
100     TPMT_TK_AUTH *policyTicket)
101 {
102     _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
103     TSS2_RC rval;
104 
105     if (!ctx)
106         return TSS2_SYS_RC_BAD_REFERENCE;
107 
108     rval = CommonComplete(ctx);
109     if (rval)
110         return rval;
111 
112     rval = Tss2_MU_TPM2B_TIMEOUT_Unmarshal(ctx->cmdBuffer,
113                                            ctx->maxCmdSize,
114                                            &ctx->nextData, timeout);
115     if (rval)
116         return rval;
117 
118     return Tss2_MU_TPMT_TK_AUTH_Unmarshal(ctx->cmdBuffer,
119                                           ctx->maxCmdSize,
120                                           &ctx->nextData, policyTicket);
121 }
122 
Tss2_Sys_PolicySecret(TSS2_SYS_CONTEXT * sysContext,TPMI_DH_ENTITY authHandle,TPMI_SH_POLICY policySession,TSS2L_SYS_AUTH_COMMAND const * cmdAuthsArray,const TPM2B_NONCE * nonceTPM,const TPM2B_DIGEST * cpHashA,const TPM2B_NONCE * policyRef,INT32 expiration,TPM2B_TIMEOUT * timeout,TPMT_TK_AUTH * policyTicket,TSS2L_SYS_AUTH_RESPONSE * rspAuthsArray)123 TSS2_RC Tss2_Sys_PolicySecret(
124     TSS2_SYS_CONTEXT *sysContext,
125     TPMI_DH_ENTITY authHandle,
126     TPMI_SH_POLICY policySession,
127     TSS2L_SYS_AUTH_COMMAND const *cmdAuthsArray,
128     const TPM2B_NONCE *nonceTPM,
129     const TPM2B_DIGEST *cpHashA,
130     const TPM2B_NONCE *policyRef,
131     INT32 expiration,
132     TPM2B_TIMEOUT *timeout,
133     TPMT_TK_AUTH *policyTicket,
134     TSS2L_SYS_AUTH_RESPONSE *rspAuthsArray)
135 {
136     _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
137     TSS2_RC rval;
138 
139     rval = Tss2_Sys_PolicySecret_Prepare(sysContext, authHandle, policySession,
140                                          nonceTPM, cpHashA, policyRef, expiration);
141     if (rval)
142         return rval;
143 
144     rval = CommonOneCall(ctx, cmdAuthsArray, rspAuthsArray);
145     if (rval)
146         return rval;
147 
148     return Tss2_Sys_PolicySecret_Complete(sysContext, timeout, policyTicket);
149 }
150