/** @file\r
Implement TPM2 EnhancedAuthorization related command.\r
\r
-Copyright (c) 2014, Intel Corporation. All rights reserved. <BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved. <BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
@param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.\r
@param[out] Timeout Time value used to indicate to the TPM when the ticket expires.\r
@param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires.\r
- \r
+\r
@retval EFI_SUCCESS Operation completed successfully.\r
@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
**/\r
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicySecret);\r
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
- \r
+\r
//\r
// Add in Auth session\r
//\r
Buffer += sizeof(UINT16);\r
CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size);\r
Buffer += PolicyRef->size;\r
- \r
+\r
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32((UINT32)Expiration));\r
Buffer += sizeof(UINT32);\r
\r
RecvBufferSize = sizeof (RecvBuffer);\r
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
if (EFI_ERROR (Status)) {\r
- return Status;\r
+ goto Done;\r
}\r
\r
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - RecvBufferSize Error - %x\n", RecvBufferSize));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
\r
//\r
//\r
Buffer = (UINT8 *)&RecvBuffer.Timeout;\r
Timeout->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
+ if (Timeout->size > sizeof(UINT64)) {\r
+ DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - Timeout->size error %x\n", Timeout->size));\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
+ }\r
+\r
Buffer += sizeof(UINT16);\r
CopyMem (Timeout->buffer, Buffer, Timeout->size);\r
\r
Buffer += sizeof(UINT32);\r
PolicyTicket->digest.size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
Buffer += sizeof(UINT16);\r
+ if (PolicyTicket->digest.size > sizeof(TPMU_HA)) {\r
+ DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - digest.size error %x\n", PolicyTicket->digest.size));\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
+ }\r
+\r
CopyMem (PolicyTicket->digest.buffer, Buffer, PolicyTicket->digest.size);\r
\r
- return EFI_SUCCESS;\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
+ ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
+ return Status;\r
}\r
\r
/**\r
\r
@param[in] PolicySession Handle for the policy session being extended.\r
@param[in] HashList the list of hashes to check for a match.\r
- \r
+\r
@retval EFI_SUCCESS Operation completed successfully.\r
@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
**/\r
\r
@param[in] PolicySession Handle for the policy session being extended.\r
@param[in] Code The allowed commandCode.\r
- \r
+\r
@retval EFI_SUCCESS Operation completed successfully.\r
@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
**/\r
\r
@param[in] PolicySession Handle for the policy session.\r
@param[out] PolicyHash the current value of the policyHash of policySession.\r
- \r
+\r
@retval EFI_SUCCESS Operation completed successfully.\r
@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
**/\r
// Return the response\r
//\r
PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size);\r
+ if (PolicyHash->size > sizeof(TPMU_HA)) {\r
+ DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - PolicyHash->size error %x\n", PolicyHash->size));\r
+ return EFI_DEVICE_ERROR;\r
+ }\r
+\r
CopyMem (PolicyHash->buffer, &RecvBuffer.PolicyHash.buffer, PolicyHash->size);\r
\r
return EFI_SUCCESS;\r