private PolicySigned ( TpmHandle authObject, TpmHandle policySession, byte nonceTPM, byte cpHashA, byte policyRef, int expiration, ISignatureUnion auth, [ policyTicket ) : byte[] | ||
authObject | TpmHandle | |
policySession | TpmHandle | |
nonceTPM | byte | |
cpHashA | byte | |
policyRef | byte | |
expiration | int | |
auth | ISignatureUnion | |
policyTicket | [ | |
Результат | byte[] |
internal override TpmRc Execute(Tpm2 tpm, AuthSession sess, PolicyTree policy) { byte[] nonceTpm = UseNonceTpm ? Globs.CopyData(sess.NonceTpm) : new byte[0]; TpmHandle sigKey; // If we have both the authorizing signature and the corresponding // signing key handle, we are good to go. if (AuthSig == null) { var dataToSign = new Marshaller(); dataToSign.Put(nonceTpm, ""); // If we have a signing key we can build the challenge here // (else we need to call out) if (SwSigningKey != null) { dataToSign.Put(ExpirationTime, ""); dataToSign.Put(CpHash, ""); dataToSign.Put(PolicyRef, ""); // Just ask the key to sign the challenge AuthSig = SwSigningKey.Sign(dataToSign.GetBytes()); sigKey = tpm.LoadExternal(null, SigningKeyPub, TpmRh.Owner); } else { TpmPublic verifier; AuthSig = AssociatedPolicy.ExecuteSignerCallback(this, nonceTpm, out verifier); sigKey = tpm.LoadExternal(null, verifier, TpmRh.Owner); } } else { sigKey = tpm.LoadExternal(null, SigningKeyPub, TpmRh.Owner); } Timeout = tpm.PolicySigned(sigKey, sess, nonceTpm, CpHash, PolicyRef, ExpirationTime, AuthSig, out Ticket); TpmRc responseCode = tpm._GetLastResponseCode(); tpm.FlushContext(sigKey); if (!KeepAuth) { AuthSig = null; } return(responseCode); }
// ReSharper disable once InconsistentNaming internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy) { byte[] nonceTpm = UseNonceTpm ? Globs.CopyData(authSession.NonceTpm) : new byte[0]; var dataToSign = new Marshaller(); dataToSign.Put(nonceTpm, ""); ISignatureUnion signature; // If the library has been given a signing key we can do the challenge here (else we need to call out) TpmHandle verificationKey; if (SigningKey != null) { dataToSign.Put(ExpirationTime, ""); dataToSign.Put(CpHash, ""); dataToSign.Put(PolicyRef, ""); // Just ask the key to sign the challenge signature = SigningKey.Sign(dataToSign.GetBytes()); verificationKey = tpm.LoadExternal(null, SigningKeyPub, TpmRh.Owner); } else { TpmPublic verifier; signature = AssociatedPolicy.ExecuteSignerCallback(this, nonceTpm, out verifier); verificationKey = tpm.LoadExternal(null, verifier, TpmRh.Owner); } TkAuth policyTicket; Timeout = tpm.PolicySigned(verificationKey, authSession, nonceTpm, CpHash, PolicyRef, ExpirationTime, signature, out policyTicket); TpmRc responseCode = tpm._GetLastResponseCode(); // Save the policyTicket in case it is needed later PolicyTicket = policyTicket; tpm.FlushContext(verificationKey); return responseCode; }