internal override TpmRc Execute(Tpm2 tpm, AuthSession sess, PolicyTree policy)
{
TpmRc res;
if (AuthorizationHandle == null)
{
TpmHandle nvHandle, authHandle;
SessionBase nvAuth;
AssociatedPolicy.ExecutePolicyNvCallback(this, out authHandle,
out nvHandle, out nvAuth);
tpm[nvAuth].PolicyNV(authHandle, nvHandle, sess,
OperandB, Offset, Operation);
res = tpm._GetLastResponseCode();
if (!(nvAuth is Pwap))
{
tpm.FlushContext(nvAuth);
}
}
else
{
tpm[NvAccessAuth].PolicyNV(AuthorizationHandle, NvIndex, sess,
OperandB, Offset, Operation);
res = tpm._GetLastResponseCode();
}
return(res);
}
internal override TpmRc Execute(Tpm2 tpm, AuthSession sess, PolicyTree policy)
{
byte[] nonceTpm = UseNonceTpm ? Globs.CopyData(sess.NonceTpm) : new byte[0];
TpmHandle sigKey;
// If we have both the authorizing signature and the corresponding
// signing key handle, we are good to go.
if (AuthSig == null)
{
var dataToSign = new Marshaller();
dataToSign.Put(nonceTpm, "");
// If we have a signing key we can build the challenge here
// (else we need to call out)
if (SwSigningKey != null)
{
dataToSign.Put(ExpirationTime, "");
dataToSign.Put(CpHash, "");
dataToSign.Put(PolicyRef, "");
// Just ask the key to sign the challenge
AuthSig = SwSigningKey.Sign(dataToSign.GetBytes());
sigKey = tpm.LoadExternal(null, SigningKeyPub, TpmRh.Owner);
}
else
{
TpmPublic verifier;
AuthSig = AssociatedPolicy.ExecuteSignerCallback(this, nonceTpm,
out verifier);
sigKey = tpm.LoadExternal(null, verifier, TpmRh.Owner);
}
}
else
{
sigKey = tpm.LoadExternal(null, SigningKeyPub, TpmRh.Owner);
}
Timeout = tpm.PolicySigned(sigKey, sess, nonceTpm,
CpHash, PolicyRef, ExpirationTime,
AuthSig, out Ticket);
TpmRc responseCode = tpm._GetLastResponseCode();
tpm.FlushContext(sigKey);
if (!KeepAuth)
{
AuthSig = null;
}
return(responseCode);
}
