public void PolicyAuthorize(
TpmHandle policySession,
byte[] approvedPolicy,
byte[] policyRef,
byte[] keySign,
TkVerified checkTicket
)
{
Tpm2PolicyAuthorizeRequest inS = new Tpm2PolicyAuthorizeRequest();
inS.policySession = policySession;
inS.approvedPolicy = approvedPolicy;
inS.policyRef = policyRef;
inS.keySign = keySign;
inS.checkTicket = checkTicket;
TpmStructureBase outSBase;
DispatchMethod(TpmCc.PolicyAuthorize, (TpmStructureBase) inS, typeof(Tpm2PolicyAuthorizeResponse), out outSBase, 1, 0);
}
public TkVerified(TkVerified the_TkVerified)
{
if((Object) the_TkVerified == null ) throw new ArgumentException(Globs.GetResourceString("parmError"));
hierarchy = the_TkVerified.hierarchy;
digest = the_TkVerified.digest;
}
public Tpm2PolicyAuthorizeRequest(Tpm2PolicyAuthorizeRequest the_Tpm2PolicyAuthorizeRequest)
{
if((Object) the_Tpm2PolicyAuthorizeRequest == null ) throw new ArgumentException(Globs.GetResourceString("parmError"));
policySession = the_Tpm2PolicyAuthorizeRequest.policySession;
approvedPolicy = the_Tpm2PolicyAuthorizeRequest.approvedPolicy;
policyRef = the_Tpm2PolicyAuthorizeRequest.policyRef;
keySign = the_Tpm2PolicyAuthorizeRequest.keySign;
checkTicket = the_Tpm2PolicyAuthorizeRequest.checkTicket;
}
///<param name = "the_policySession">handle for the policy session being extended Auth Index: None</param>
///<param name = "the_approvedPolicy">digest of the policy being approved</param>
///<param name = "the_policyRef">a policy qualifier</param>
///<param name = "the_keySign">Name of a key that can sign a policy addition</param>
///<param name = "the_checkTicket">ticket validating that approvedPolicy and policyRef were signed by keySign</param>
public Tpm2PolicyAuthorizeRequest(
TpmHandle the_policySession,
byte[] the_approvedPolicy,
byte[] the_policyRef,
byte[] the_keySign,
TkVerified the_checkTicket
)
{
this.policySession = the_policySession;
this.approvedPolicy = the_approvedPolicy;
this.policyRef = the_policyRef;
this.keySign = the_keySign;
this.checkTicket = the_checkTicket;
}
public Tpm2PolicyAuthorizeRequest()
{
policySession = new TpmHandle();
approvedPolicy = new byte[0];
policyRef = new byte[0];
keySign = new byte[0];
checkTicket = new TkVerified();
}
///<param name = "the_validation"></param>
public Tpm2VerifySignatureResponse(
TkVerified the_validation
)
{
this.validation = the_validation;
}
public Tpm2VerifySignatureResponse(Tpm2VerifySignatureResponse the_Tpm2VerifySignatureResponse)
{
if((Object) the_Tpm2VerifySignatureResponse == null ) throw new ArgumentException(Globs.GetResourceString("parmError"));
validation = the_Tpm2VerifySignatureResponse.validation;
}
public Tpm2VerifySignatureResponse()
{
validation = new TkVerified();
}
// ReSharper disable once InconsistentNaming
internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy)
{
byte[] dataToSign = Globs.Concatenate(PolicyToReplace, PolicyRef);
byte[] aHash = CryptoLib.HashData(SigningHash, dataToSign);
TpmHandle verifierHandle = tpm.LoadExternal(null, SigningKey, TpmRh.Owner);
if (policy.AllowErrorsInPolicyEval)
{
tpm._AllowErrors();
}
// todo - fix the serialization so that we can persist the interface
ISignatureUnion theSig = null;
if(null!= (Object) Sig1)
{
theSig = Sig1;
}
if (null != (Object)Sig2)
{
theSig = Sig2;
}
if (theSig != null)
{
Ticket = tpm.VerifySignature(verifierHandle, aHash, theSig);
TpmRc intermediateError = tpm._GetLastResponseCode();
if (intermediateError != TpmRc.Success)
{
tpm.FlushContext(verifierHandle);
return intermediateError;
}
}
else
{
// create a dummy ticket = e.g. for a trial session
Ticket = new TkVerified(TpmRh.Owner, new byte[0]);
}
tpm.FlushContext(verifierHandle);
byte[] keySign = SigningKey.GetName();
TpmHandle policySession = authSession;
if (TheParamsCallback != null)
{
TheParamsCallback(tpm, ref policySession, ref PolicyToReplace, ref PolicyRef, keySign, ref Ticket);
}
if (policy.AllowErrorsInPolicyEval)
{
tpm._AllowErrors();
}
tpm.PolicyAuthorize(policySession, PolicyToReplace, PolicyRef, keySign, Ticket);
return tpm._GetLastResponseCode();
}
