| private PolicySigned ( TpmHandle authObject, TpmHandle policySession, byte nonceTPM, byte cpHashA, byte policyRef, int expiration, ISignatureUnion auth, [ policyTicket ) : byte[] | ||
| authObject | TpmHandle | |
| policySession | TpmHandle | |
| nonceTPM | byte | |
| cpHashA | byte | |
| policyRef | byte | |
| expiration | int | |
| auth | ISignatureUnion | |
| policyTicket | [ | |
| return | byte[] | |
internal override TpmRc Execute(Tpm2 tpm, AuthSession sess, PolicyTree policy)
{
byte[] nonceTpm = UseNonceTpm ? Globs.CopyData(sess.NonceTpm) : new byte[0];
TpmHandle sigKey;
// If we have both the authorizing signature and the corresponding
// signing key handle, we are good to go.
if (AuthSig == null)
{
var dataToSign = new Marshaller();
dataToSign.Put(nonceTpm, "");
// If we have a signing key we can build the challenge here
// (else we need to call out)
if (SwSigningKey != null)
{
dataToSign.Put(ExpirationTime, "");
dataToSign.Put(CpHash, "");
dataToSign.Put(PolicyRef, "");
// Just ask the key to sign the challenge
AuthSig = SwSigningKey.Sign(dataToSign.GetBytes());
sigKey = tpm.LoadExternal(null, SigningKeyPub, TpmRh.Owner);
}
else
{
TpmPublic verifier;
AuthSig = AssociatedPolicy.ExecuteSignerCallback(this, nonceTpm,
out verifier);
sigKey = tpm.LoadExternal(null, verifier, TpmRh.Owner);
}
}
else
{
sigKey = tpm.LoadExternal(null, SigningKeyPub, TpmRh.Owner);
}
Timeout = tpm.PolicySigned(sigKey, sess, nonceTpm,
CpHash, PolicyRef, ExpirationTime,
AuthSig, out Ticket);
TpmRc responseCode = tpm._GetLastResponseCode();
tpm.FlushContext(sigKey);
if (!KeepAuth)
{
AuthSig = null;
}
return(responseCode);
}
// ReSharper disable once InconsistentNaming
internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy)
{
byte[] nonceTpm = UseNonceTpm ? Globs.CopyData(authSession.NonceTpm) : new byte[0];
var dataToSign = new Marshaller();
dataToSign.Put(nonceTpm, "");
ISignatureUnion signature;
// If the library has been given a signing key we can do the challenge here (else we need to call out)
TpmHandle verificationKey;
if (SigningKey != null)
{
dataToSign.Put(ExpirationTime, "");
dataToSign.Put(CpHash, "");
dataToSign.Put(PolicyRef, "");
// Just ask the key to sign the challenge
signature = SigningKey.Sign(dataToSign.GetBytes());
verificationKey = tpm.LoadExternal(null, SigningKeyPub, TpmRh.Owner);
}
else
{
TpmPublic verifier;
signature = AssociatedPolicy.ExecuteSignerCallback(this, nonceTpm, out verifier);
verificationKey = tpm.LoadExternal(null, verifier, TpmRh.Owner);
}
TkAuth policyTicket;
Timeout = tpm.PolicySigned(verificationKey,
authSession,
nonceTpm,
CpHash,
PolicyRef,
ExpirationTime,
signature,
out policyTicket);
TpmRc responseCode = tpm._GetLastResponseCode();
// Save the policyTicket in case it is needed later
PolicyTicket = policyTicket;
tpm.FlushContext(verificationKey);
return responseCode;
}
