/src/tpm2/PolicySecret.c

Source (jump to first uncovered line)
// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 3: Commands
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014

#include "InternalRoutines.h"
#include "PolicySecret_fp.h"
#include "Policy_spt_fp.h"
//
//
//     Error Returns                 Meaning
//
//     TPM_RC_CPHASH                 cpHash for policy was previously set to a value that is not the same
//                                   as cpHashA
//     TPM_RC_EXPIRED                expiration indicates a time in the past
//     TPM_RC_NONCE                  nonceTPM does not match the nonce associated with policySession
//     TPM_RC_SIZE                   cpHashA is not the size of a digest for the hash associated with
//                                   policySession
//     TPM_RC_VALUE                  input policyID or expiration does not match the internal data in policy
//                                   session
//
TPM_RC
TPM2_PolicySecret(
   PolicySecret_In    *in,                 // IN: input parameter list
   PolicySecret_Out   *out                 // OUT: output parameter list
   )
{
   TPM_RC                  result;
   SESSION                *session;
   TPM2B_NAME              entityName;
   UINT32                  expiration = (in->expiration < 0)
                                        ? -(in->expiration) : in->expiration;
   UINT64                  authTimeout = 0;

// Input Validation

   // Get pointer to the session structure
   session = SessionGet(in->policySession);

   //Only do input validation if this is not a trial policy session
   if(session->attributes.isTrialPolicy == CLEAR)
   {

       if(expiration != 0)
           authTimeout = expiration * 1000 + session->startTime;

       result = PolicyParameterChecks(session, authTimeout,
                                       &in->cpHashA, &in->nonceTPM,
                                       RC_PolicySecret_nonceTPM,
                                       RC_PolicySecret_cpHashA,
                                       RC_PolicySecret_expiration);
       if(result != TPM_RC_SUCCESS)
           return result;
   }

// Internal Data Update
   // Need the name of the authorizing entity
   entityName.t.size = EntityGetName(in->authHandle, &entityName.t.name);

   // Update policy context with input policyRef and name of auth key
   // This value is computed even for trial sessions. Possibly update the cpHash
   PolicyContextUpdate(TPM_CC_PolicySecret, &entityName, &in->policyRef,
                       &in->cpHashA, authTimeout, session);

// Command Output

   // Create ticket and timeout buffer if in->expiration < 0 and this is not
   // a trial session.
   // NOTE: PolicyParameterChecks() makes sure that nonceTPM is present
   // when expiration is non-zero.
   if(   in->expiration < 0
      && session->attributes.isTrialPolicy == CLEAR
     )
   {
       // Generate timeout buffer. The format of output timeout buffer is
       // TPM-specific.
       // Note: can't do a direct copy because the output buffer is a byte
       // array and it may not be aligned to accept a 64-bit value. The method
       // used has the side-effect of making the returned value a big-endian,
       // 64-bit value that is byte aligned.
       out->timeout.t.size = sizeof(UINT64);
       UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer);

       // Compute policy ticket
       TicketComputeAuth(TPM_ST_AUTH_SECRET, EntityGetHierarchy(in->authHandle),
                         authTimeout, &in->cpHashA, &in->policyRef,
                         &entityName, &out->policyTicket);
   }
   else
   {
       // timeout buffer is null
       out->timeout.t.size = 0;

       // auth ticket is null
       out->policyTicket.tag = TPM_ST_AUTH_SECRET;
       out->policyTicket.hierarchy = TPM_RH_NULL;
       out->policyTicket.digest.t.size = 0;
   }

   return TPM_RC_SUCCESS;
}

Coverage Report

Created: 2025-08-26 06:27

Line	Count	Source (jump to first uncovered line)
1		// This file was extracted from the TCG Published
2		// Trusted Platform Module Library
3		// Part 3: Commands
4		// Family "2.0"
5		// Level 00 Revision 01.16
6		// October 30, 2014
7
8		#include "InternalRoutines.h"
9		#include "PolicySecret_fp.h"
10		#include "Policy_spt_fp.h"
11		//
12		//
13		// Error Returns Meaning
14		//
15		// TPM_RC_CPHASH cpHash for policy was previously set to a value that is not the same
16		// as cpHashA
17		// TPM_RC_EXPIRED expiration indicates a time in the past
18		// TPM_RC_NONCE nonceTPM does not match the nonce associated with policySession
19		// TPM_RC_SIZE cpHashA is not the size of a digest for the hash associated with
20		// policySession
21		// TPM_RC_VALUE input policyID or expiration does not match the internal data in policy
22		// session
23		//
24		TPM_RC
25		TPM2_PolicySecret(
26		PolicySecret_In *in, // IN: input parameter list
27		PolicySecret_Out *out // OUT: output parameter list
28		)
29	0	{
30	0	TPM_RC result;
31	0	SESSION *session;
32	0	TPM2B_NAME entityName;
33	0	UINT32 expiration = (in->expiration < 0)
34	0	? -(in->expiration) : in->expiration;
35	0	UINT64 authTimeout = 0;
36
37		// Input Validation
38
39		// Get pointer to the session structure
40	0	session = SessionGet(in->policySession);
41
42		//Only do input validation if this is not a trial policy session
43	0	if(session->attributes.isTrialPolicy == CLEAR)
44	0	{
45
46	0	if(expiration != 0)
47	0	authTimeout = expiration * 1000 + session->startTime;
48
49	0	result = PolicyParameterChecks(session, authTimeout,
50	0	&in->cpHashA, &in->nonceTPM,
51	0	RC_PolicySecret_nonceTPM,
52	0	RC_PolicySecret_cpHashA,
53	0	RC_PolicySecret_expiration);
54	0	if(result != TPM_RC_SUCCESS)
55	0	return result;
56	0	}
57
58		// Internal Data Update
59		// Need the name of the authorizing entity
60	0	entityName.t.size = EntityGetName(in->authHandle, &entityName.t.name);
61
62		// Update policy context with input policyRef and name of auth key
63		// This value is computed even for trial sessions. Possibly update the cpHash
64	0	PolicyContextUpdate(TPM_CC_PolicySecret, &entityName, &in->policyRef,
65	0	&in->cpHashA, authTimeout, session);
66
67		// Command Output
68
69		// Create ticket and timeout buffer if in->expiration < 0 and this is not
70		// a trial session.
71		// NOTE: PolicyParameterChecks() makes sure that nonceTPM is present
72		// when expiration is non-zero.
73	0	if( in->expiration < 0
74	0	&& session->attributes.isTrialPolicy == CLEAR
75	0	)
76	0	{
77		// Generate timeout buffer. The format of output timeout buffer is
78		// TPM-specific.
79		// Note: can't do a direct copy because the output buffer is a byte
80		// array and it may not be aligned to accept a 64-bit value. The method
81		// used has the side-effect of making the returned value a big-endian,
82		// 64-bit value that is byte aligned.
83	0	out->timeout.t.size = sizeof(UINT64);
84	0	UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer);
85
86		// Compute policy ticket
87	0	TicketComputeAuth(TPM_ST_AUTH_SECRET, EntityGetHierarchy(in->authHandle),
88	0	authTimeout, &in->cpHashA, &in->policyRef,
89	0	&entityName, &out->policyTicket);
90	0	}
91	0	else
92	0	{
93		// timeout buffer is null
94	0	out->timeout.t.size = 0;
95
96		// auth ticket is null
97	0	out->policyTicket.tag = TPM_ST_AUTH_SECRET;
98	0	out->policyTicket.hierarchy = TPM_RH_NULL;
99	0	out->policyTicket.digest.t.size = 0;
100	0	}
101
102	0	return TPM_RC_SUCCESS;
103	0	}