[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2EnhancedAuthorization.c

/** @file\r
  Implement TPM2 EnhancedAuthorization related command.\r
\r
Copyright (c) 2014, Intel Corporation. All rights reserved. <BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution.  The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include <IndustryStandard/UefiTcgPlatform.h>\r
#include <Library/Tpm2CommandLib.h>\r
#include <Library/Tpm2DeviceLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
\r
#pragma pack(1)\r
\r
typedef struct {\r
  TPM2_COMMAND_HEADER       Header;\r
  TPMI_DH_ENTITY            AuthHandle;\r
  TPMI_SH_POLICY            PolicySession;\r
  UINT32                    AuthSessionSize;\r
  TPMS_AUTH_COMMAND         AuthSession;\r
  TPM2B_NONCE               NonceTPM;\r
  TPM2B_DIGEST              CpHashA;\r
  TPM2B_NONCE               PolicyRef;\r
  INT32                     Expiration;\r
} TPM2_POLICY_SECRET_COMMAND;\r
\r
typedef struct {\r
  TPM2_RESPONSE_HEADER      Header;\r
  UINT32                    AuthSessionSize;\r
  TPM2B_TIMEOUT             Timeout;\r
  TPMT_TK_AUTH              PolicyTicket;\r
  TPMS_AUTH_RESPONSE        AuthSession;\r
} TPM2_POLICY_SECRET_RESPONSE;\r
\r
typedef struct {\r
  TPM2_COMMAND_HEADER       Header;\r
  TPMI_SH_POLICY            PolicySession;\r
  TPML_DIGEST               HashList;\r
} TPM2_POLICY_OR_COMMAND;\r
\r
typedef struct {\r
  TPM2_RESPONSE_HEADER      Header;\r
} TPM2_POLICY_OR_RESPONSE;\r
\r
typedef struct {\r
  TPM2_COMMAND_HEADER       Header;\r
  TPMI_SH_POLICY            PolicySession;\r
  TPM_CC                    Code;\r
} TPM2_POLICY_COMMAND_CODE_COMMAND;\r
\r
typedef struct {\r
  TPM2_RESPONSE_HEADER      Header;\r
} TPM2_POLICY_COMMAND_CODE_RESPONSE;\r
\r
typedef struct {\r
  TPM2_COMMAND_HEADER       Header;\r
  TPMI_SH_POLICY            PolicySession;\r
} TPM2_POLICY_GET_DIGEST_COMMAND;\r
\r
typedef struct {\r
  TPM2_RESPONSE_HEADER      Header;\r
  TPM2B_DIGEST              PolicyHash;\r
} TPM2_POLICY_GET_DIGEST_RESPONSE;\r
\r
#pragma pack()\r
\r
/**\r
  This command includes a secret-based authorization to a policy.\r
  The caller proves knowledge of the secret value using an authorization\r
  session using the authValue associated with authHandle.\r
\r
  @param[in]  AuthHandle         Handle for an entity providing the authorization\r
  @param[in]  PolicySession      Handle for the policy session being extended.\r
  @param[in]  AuthSession        Auth Session context\r
  @param[in]  NonceTPM           The policy nonce for the session.\r
  @param[in]  CpHashA            Digest of the command parameters to which this authorization is limited.\r
  @param[in]  PolicyRef          A reference to a policy relating to the authorization.\r
  @param[in]  Expiration         Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.\r
  @param[out] Timeout            Time value used to indicate to the TPM when the ticket expires.\r
  @param[out] PolicyTicket       A ticket that includes a value indicating when the authorization expires.\r
  \r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2PolicySecret (\r
  IN      TPMI_DH_ENTITY            AuthHandle,\r
  IN      TPMI_SH_POLICY            PolicySession,\r
  IN      TPMS_AUTH_COMMAND         *AuthSession, OPTIONAL\r
  IN      TPM2B_NONCE               *NonceTPM,\r
  IN      TPM2B_DIGEST              *CpHashA,\r
  IN      TPM2B_NONCE               *PolicyRef,\r
  IN      INT32                     Expiration,\r
  OUT     TPM2B_TIMEOUT             *Timeout,\r
  OUT     TPMT_TK_AUTH              *PolicyTicket\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  TPM2_POLICY_SECRET_COMMAND        SendBuffer;\r
  TPM2_POLICY_SECRET_RESPONSE       RecvBuffer;\r
  UINT32                            SendBufferSize;\r
  UINT32                            RecvBufferSize;\r
  UINT8                             *Buffer;\r
  UINT32                            SessionInfoSize;\r
\r
  //\r
  // Construct command\r
  //\r
  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicySecret);\r
  SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
  SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
  \r
  //\r
  // Add in Auth session\r
  //\r
  Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
\r
  // sessionInfoSize\r
  SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
  Buffer += SessionInfoSize;\r
  SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
\r
  //\r
  // Real data\r
  //\r
  WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NonceTPM->size));\r
  Buffer += sizeof(UINT16);\r
  CopyMem (Buffer, NonceTPM->buffer, NonceTPM->size);\r
  Buffer += NonceTPM->size;\r
\r
  WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(CpHashA->size));\r
  Buffer += sizeof(UINT16);\r
  CopyMem (Buffer, CpHashA->buffer, CpHashA->size);\r
  Buffer += CpHashA->size;\r
\r
  WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PolicyRef->size));\r
  Buffer += sizeof(UINT16);\r
  CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size);\r
  Buffer += PolicyRef->size;\r
  \r
  WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32((UINT32)Expiration));\r
  Buffer += sizeof(UINT32);\r
\r
  SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
\r
  //\r
  // send Tpm command\r
  //\r
  RecvBufferSize = sizeof (RecvBuffer);\r
  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - RecvBufferSize Error - %x\n", RecvBufferSize));\r
    return EFI_DEVICE_ERROR;\r
  }\r
  if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  //\r
  // Return the response\r
  //\r
  Buffer = (UINT8 *)&RecvBuffer.Timeout;\r
  Timeout->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
  Buffer += sizeof(UINT16);\r
  CopyMem (Timeout->buffer, Buffer, Timeout->size);\r
\r
  PolicyTicket->tag = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
  Buffer += sizeof(UINT16);\r
  PolicyTicket->hierarchy = SwapBytes32(ReadUnaligned32 ((UINT32 *)Buffer));\r
  Buffer += sizeof(UINT32);\r
  PolicyTicket->digest.size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
  Buffer += sizeof(UINT16);\r
  CopyMem (PolicyTicket->digest.buffer, Buffer, PolicyTicket->digest.size);\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This command allows options in authorizations without requiring that the TPM evaluate all of the options.\r
  If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that\r
  satisfies the policy. This command will indicate that one of the required sets of conditions has been\r
  satisfied.\r
\r
  @param[in] PolicySession      Handle for the policy session being extended.\r
  @param[in] HashList           the list of hashes to check for a match.\r
  \r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2PolicyOR (\r
  IN TPMI_SH_POLICY           PolicySession,\r
  IN TPML_DIGEST              *HashList\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  TPM2_POLICY_OR_COMMAND            SendBuffer;\r
  TPM2_POLICY_OR_RESPONSE           RecvBuffer;\r
  UINT32                            SendBufferSize;\r
  UINT32                            RecvBufferSize;\r
  UINT8                             *Buffer;\r
  UINTN                             Index;\r
\r
  //\r
  // Construct command\r
  //\r
  SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyOR);\r
\r
  SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
  Buffer = (UINT8 *)&SendBuffer.HashList;\r
  WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (HashList->count));\r
  Buffer += sizeof(UINT32);\r
  for (Index = 0; Index < HashList->count; Index++) {\r
    WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashList->digests[Index].size));\r
    Buffer += sizeof(UINT16);\r
    CopyMem (Buffer, HashList->digests[Index].buffer, HashList->digests[Index].size);\r
    Buffer += HashList->digests[Index].size;\r
  }\r
\r
  SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
\r
  //\r
  // send Tpm command\r
  //\r
  RecvBufferSize = sizeof (RecvBuffer);\r
  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2PolicyOR - RecvBufferSize Error - %x\n", RecvBufferSize));\r
    return EFI_DEVICE_ERROR;\r
  }\r
  if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This command indicates that the authorization will be limited to a specific command code.\r
\r
  @param[in]  PolicySession      Handle for the policy session being extended.\r
  @param[in]  Code               The allowed commandCode.\r
  \r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2PolicyCommandCode (\r
  IN      TPMI_SH_POLICY            PolicySession,\r
  IN      TPM_CC                    Code\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  TPM2_POLICY_COMMAND_CODE_COMMAND  SendBuffer;\r
  TPM2_POLICY_COMMAND_CODE_RESPONSE RecvBuffer;\r
  UINT32                            SendBufferSize;\r
  UINT32                            RecvBufferSize;\r
\r
  //\r
  // Construct command\r
  //\r
  SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyCommandCode);\r
\r
  SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
  SendBuffer.Code = SwapBytes32 (Code);\r
\r
  SendBufferSize = (UINT32) sizeof (SendBuffer);\r
  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
\r
  //\r
  // send Tpm command\r
  //\r
  RecvBufferSize = sizeof (RecvBuffer);\r
  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2PolicyCommandCode - RecvBufferSize Error - %x\n", RecvBufferSize));\r
    return EFI_DEVICE_ERROR;\r
  }\r
  if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This command returns the current policyDigest of the session. This command allows the TPM\r
  to be used to perform the actions required to precompute the authPolicy for an object.\r
\r
  @param[in]  PolicySession      Handle for the policy session.\r
  @param[out] PolicyHash         the current value of the policyHash of policySession.\r
  \r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2PolicyGetDigest (\r
  IN      TPMI_SH_POLICY            PolicySession,\r
     OUT  TPM2B_DIGEST              *PolicyHash\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  TPM2_POLICY_GET_DIGEST_COMMAND    SendBuffer;\r
  TPM2_POLICY_GET_DIGEST_RESPONSE   RecvBuffer;\r
  UINT32                            SendBufferSize;\r
  UINT32                            RecvBufferSize;\r
\r
  //\r
  // Construct command\r
  //\r
  SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyGetDigest);\r
\r
  SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
\r
  SendBufferSize = (UINT32) sizeof (SendBuffer);\r
  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
\r
  //\r
  // send Tpm command\r
  //\r
  RecvBufferSize = sizeof (RecvBuffer);\r
  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2PolicyGetDigest - RecvBufferSize Error - %x\n", RecvBufferSize));\r
    return EFI_DEVICE_ERROR;\r
  }\r
  if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  //\r
  // Return the response\r
  //\r
  PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size);\r
  CopyMem (PolicyHash->buffer, &RecvBuffer.PolicyHash.buffer, PolicyHash->size);\r
\r
  return EFI_SUCCESS;\r
}\r
Commit	Line	Data
967eacca JY	1	/** @file\r
	2	Implement TPM2 EnhancedAuthorization related command.\r
	3	\r
	4	Copyright (c) 2014, Intel Corporation. All rights reserved. <BR>\r
	5	This program and the accompanying materials\r
	6	are licensed and made available under the terms and conditions of the BSD License\r
	7	which accompanies this distribution. The full text of the license may be found at\r
	8	http://opensource.org/licenses/bsd-license.php\r
	9	\r
	10	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	11	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	12	\r
	13	**/\r
	14	\r
	15	#include <IndustryStandard/UefiTcgPlatform.h>\r
	16	#include <Library/Tpm2CommandLib.h>\r
	17	#include <Library/Tpm2DeviceLib.h>\r
	18	#include <Library/BaseMemoryLib.h>\r
	19	#include <Library/BaseLib.h>\r
	20	#include <Library/DebugLib.h>\r
	21	\r
	22	#pragma pack(1)\r
	23	\r
	24	typedef struct {\r
	25	TPM2_COMMAND_HEADER Header;\r
	26	TPMI_DH_ENTITY AuthHandle;\r
	27	TPMI_SH_POLICY PolicySession;\r
	28	UINT32 AuthSessionSize;\r
	29	TPMS_AUTH_COMMAND AuthSession;\r
	30	TPM2B_NONCE NonceTPM;\r
	31	TPM2B_DIGEST CpHashA;\r
	32	TPM2B_NONCE PolicyRef;\r
	33	INT32 Expiration;\r
	34	} TPM2_POLICY_SECRET_COMMAND;\r
	35	\r
	36	typedef struct {\r
	37	TPM2_RESPONSE_HEADER Header;\r
	38	UINT32 AuthSessionSize;\r
	39	TPM2B_TIMEOUT Timeout;\r
	40	TPMT_TK_AUTH PolicyTicket;\r
	41	TPMS_AUTH_RESPONSE AuthSession;\r
	42	} TPM2_POLICY_SECRET_RESPONSE;\r
	43	\r
a50e58f4 JY	44	typedef struct {\r
	45	TPM2_COMMAND_HEADER Header;\r
	46	TPMI_SH_POLICY PolicySession;\r
	47	TPML_DIGEST HashList;\r
	48	} TPM2_POLICY_OR_COMMAND;\r
	49	\r
	50	typedef struct {\r
	51	TPM2_RESPONSE_HEADER Header;\r
	52	} TPM2_POLICY_OR_RESPONSE;\r
	53	\r
967eacca JY	54	typedef struct {\r
	55	TPM2_COMMAND_HEADER Header;\r
	56	TPMI_SH_POLICY PolicySession;\r
	57	TPM_CC Code;\r
	58	} TPM2_POLICY_COMMAND_CODE_COMMAND;\r
	59	\r
	60	typedef struct {\r
	61	TPM2_RESPONSE_HEADER Header;\r
	62	} TPM2_POLICY_COMMAND_CODE_RESPONSE;\r
	63	\r
	64	typedef struct {\r
	65	TPM2_COMMAND_HEADER Header;\r
	66	TPMI_SH_POLICY PolicySession;\r
	67	} TPM2_POLICY_GET_DIGEST_COMMAND;\r
	68	\r
	69	typedef struct {\r
	70	TPM2_RESPONSE_HEADER Header;\r
	71	TPM2B_DIGEST PolicyHash;\r
	72	} TPM2_POLICY_GET_DIGEST_RESPONSE;\r
	73	\r
	74	#pragma pack()\r
	75	\r
	76	/**\r
	77	This command includes a secret-based authorization to a policy.\r
	78	The caller proves knowledge of the secret value using an authorization\r
	79	session using the authValue associated with authHandle.\r
	80	\r
	81	@param[in] AuthHandle Handle for an entity providing the authorization\r
	82	@param[in] PolicySession Handle for the policy session being extended.\r
	83	@param[in] AuthSession Auth Session context\r
	84	@param[in] NonceTPM The policy nonce for the session.\r
	85	@param[in] CpHashA Digest of the command parameters to which this authorization is limited.\r
	86	@param[in] PolicyRef A reference to a policy relating to the authorization.\r
	87	@param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.\r
	88	@param[out] Timeout Time value used to indicate to the TPM when the ticket expires.\r
	89	@param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires.\r
	90	\r
	91	@retval EFI_SUCCESS Operation completed successfully.\r
	92	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
	93	**/\r
	94	EFI_STATUS\r
	95	EFIAPI\r
	96	Tpm2PolicySecret (\r
	97	IN TPMI_DH_ENTITY AuthHandle,\r
	98	IN TPMI_SH_POLICY PolicySession,\r
	99	IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r
	100	IN TPM2B_NONCE *NonceTPM,\r
	101	IN TPM2B_DIGEST *CpHashA,\r
	102	IN TPM2B_NONCE *PolicyRef,\r
	103	IN INT32 Expiration,\r
	104	OUT TPM2B_TIMEOUT *Timeout,\r
	105	OUT TPMT_TK_AUTH *PolicyTicket\r
	106	)\r
	107	{\r
	108	EFI_STATUS Status;\r
	109	TPM2_POLICY_SECRET_COMMAND SendBuffer;\r
	110	TPM2_POLICY_SECRET_RESPONSE RecvBuffer;\r
	111	UINT32 SendBufferSize;\r
	112	UINT32 RecvBufferSize;\r
	113	UINT8 *Buffer;\r
	114	UINT32 SessionInfoSize;\r
	115	\r
	116	//\r
	117	// Construct command\r
118	//\r
119	SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
120	SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicySecret);\r
121	SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
122	SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
123	\r
124	//\r
125	// Add in Auth session\r
126	//\r
127	Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
128	\r
129	// sessionInfoSize\r
130	SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
131	Buffer += SessionInfoSize;\r
132	SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
133	\r
134	//\r
135	// Real data\r
136	//\r
137	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NonceTPM->size));\r
138	Buffer += sizeof(UINT16);\r
139	CopyMem (Buffer, NonceTPM->buffer, NonceTPM->size);\r
140	Buffer += NonceTPM->size;\r
141	\r
142	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(CpHashA->size));\r
143	Buffer += sizeof(UINT16);\r
144	CopyMem (Buffer, CpHashA->buffer, CpHashA->size);\r
145	Buffer += CpHashA->size;\r
146	\r
147	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PolicyRef->size));\r
148	Buffer += sizeof(UINT16);\r
149	CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size);\r
150	Buffer += PolicyRef->size;\r
151	\r
152	WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32((UINT32)Expiration));\r
153	Buffer += sizeof(UINT32);\r
154	\r
155	SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
156	SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
157	\r
158	//\r
159	// send Tpm command\r
160	//\r
161	RecvBufferSize = sizeof (RecvBuffer);\r
162	Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 )&SendBuffer, &RecvBufferSize, (UINT8 )&RecvBuffer);\r
163	if (EFI_ERROR (Status)) {\r
164	return Status;\r
165	}\r
166	\r
167	if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
168	DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - RecvBufferSize Error - %x\n", RecvBufferSize));\r
169	return EFI_DEVICE_ERROR;\r
170	}\r
171	if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
172	DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
173	return EFI_DEVICE_ERROR;\r
174	}\r
175	\r
176	//\r
177	// Return the response\r
178	//\r
179	Buffer = (UINT8 *)&RecvBuffer.Timeout;\r
180	Timeout->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
181	Buffer += sizeof(UINT16);\r
182	CopyMem (Timeout->buffer, Buffer, Timeout->size);\r
183	\r
184	PolicyTicket->tag = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
185	Buffer += sizeof(UINT16);\r
186	PolicyTicket->hierarchy = SwapBytes32(ReadUnaligned32 ((UINT32 *)Buffer));\r
187	Buffer += sizeof(UINT32);\r
188	PolicyTicket->digest.size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
189	Buffer += sizeof(UINT16);\r
190	CopyMem (PolicyTicket->digest.buffer, Buffer, PolicyTicket->digest.size);\r
191	\r
192	return EFI_SUCCESS;\r
193	}\r
194	\r
a50e58f4 JY	195	/**\r
	196	This command allows options in authorizations without requiring that the TPM evaluate all of the options.\r
	197	If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that\r
	198	satisfies the policy. This command will indicate that one of the required sets of conditions has been\r
	199	satisfied.\r
	200	\r
	201	@param[in] PolicySession Handle for the policy session being extended.\r
	202	@param[in] HashList the list of hashes to check for a match.\r
	203	\r
	204	@retval EFI_SUCCESS Operation completed successfully.\r
	205	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
	206	**/\r
	207	EFI_STATUS\r
	208	EFIAPI\r
	209	Tpm2PolicyOR (\r
	210	IN TPMI_SH_POLICY PolicySession,\r
	211	IN TPML_DIGEST *HashList\r
	212	)\r
	213	{\r
	214	EFI_STATUS Status;\r
	215	TPM2_POLICY_OR_COMMAND SendBuffer;\r
	216	TPM2_POLICY_OR_RESPONSE RecvBuffer;\r
	217	UINT32 SendBufferSize;\r
	218	UINT32 RecvBufferSize;\r
	219	UINT8 *Buffer;\r
	220	UINTN Index;\r
	221	\r
	222	//\r
	223	// Construct command\r
	224	//\r
	225	SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
	226	SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyOR);\r
	227	\r
	228	SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
	229	Buffer = (UINT8 *)&SendBuffer.HashList;\r
	230	WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (HashList->count));\r
	231	Buffer += sizeof(UINT32);\r
	232	for (Index = 0; Index < HashList->count; Index++) {\r
	233	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashList->digests[Index].size));\r
	234	Buffer += sizeof(UINT16);\r
	235	CopyMem (Buffer, HashList->digests[Index].buffer, HashList->digests[Index].size);\r
	236	Buffer += HashList->digests[Index].size;\r
	237	}\r
	238	\r
	239	SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
	240	SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
	241	\r
	242	//\r
	243	// send Tpm command\r
	244	//\r
	245	RecvBufferSize = sizeof (RecvBuffer);\r
	246	Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 )&SendBuffer, &RecvBufferSize, (UINT8 )&RecvBuffer);\r
	247	if (EFI_ERROR (Status)) {\r
	248	return Status;\r
	249	}\r
	250	\r
	251	if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
	252	DEBUG ((EFI_D_ERROR, "Tpm2PolicyOR - RecvBufferSize Error - %x\n", RecvBufferSize));\r
	253	return EFI_DEVICE_ERROR;\r
	254	}\r
	255	if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
	256	DEBUG ((EFI_D_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
	257	return EFI_DEVICE_ERROR;\r
	258	}\r
259	\r
260	return EFI_SUCCESS;\r
261	}\r
262	\r
967eacca JY	263	/**\r
	264	This command indicates that the authorization will be limited to a specific command code.\r
	265	\r
	266	@param[in] PolicySession Handle for the policy session being extended.\r
	267	@param[in] Code The allowed commandCode.\r
	268	\r
	269	@retval EFI_SUCCESS Operation completed successfully.\r
	270	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
	271	**/\r
	272	EFI_STATUS\r
	273	EFIAPI\r
	274	Tpm2PolicyCommandCode (\r
	275	IN TPMI_SH_POLICY PolicySession,\r
	276	IN TPM_CC Code\r
	277	)\r
	278	{\r
	279	EFI_STATUS Status;\r
	280	TPM2_POLICY_COMMAND_CODE_COMMAND SendBuffer;\r
	281	TPM2_POLICY_COMMAND_CODE_RESPONSE RecvBuffer;\r
	282	UINT32 SendBufferSize;\r
	283	UINT32 RecvBufferSize;\r
	284	\r
	285	//\r
	286	// Construct command\r
	287	//\r
	288	SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
	289	SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyCommandCode);\r
	290	\r
	291	SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
	292	SendBuffer.Code = SwapBytes32 (Code);\r
	293	\r
	294	SendBufferSize = (UINT32) sizeof (SendBuffer);\r
	295	SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
	296	\r
	297	//\r
	298	// send Tpm command\r
	299	//\r
	300	RecvBufferSize = sizeof (RecvBuffer);\r
	301	Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 )&SendBuffer, &RecvBufferSize, (UINT8 )&RecvBuffer);\r
	302	if (EFI_ERROR (Status)) {\r
	303	return Status;\r
	304	}\r
	305	\r
	306	if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
	307	DEBUG ((EFI_D_ERROR, "Tpm2PolicyCommandCode - RecvBufferSize Error - %x\n", RecvBufferSize));\r
	308	return EFI_DEVICE_ERROR;\r
	309	}\r
	310	if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
	311	DEBUG ((EFI_D_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
	312	return EFI_DEVICE_ERROR;\r
	313	}\r
	314	\r
	315	return EFI_SUCCESS;\r
	316	}\r
	317	\r
	318	/**\r
	319	This command returns the current policyDigest of the session. This command allows the TPM\r
	320	to be used to perform the actions required to precompute the authPolicy for an object.\r
	321	\r
	322	@param[in] PolicySession Handle for the policy session.\r
	323	@param[out] PolicyHash the current value of the policyHash of policySession.\r
	324	\r
	325	@retval EFI_SUCCESS Operation completed successfully.\r
	326	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
327	**/\r
328	EFI_STATUS\r
329	EFIAPI\r
330	Tpm2PolicyGetDigest (\r
331	IN TPMI_SH_POLICY PolicySession,\r
332	OUT TPM2B_DIGEST *PolicyHash\r
333	)\r
334	{\r
335	EFI_STATUS Status;\r
336	TPM2_POLICY_GET_DIGEST_COMMAND SendBuffer;\r
337	TPM2_POLICY_GET_DIGEST_RESPONSE RecvBuffer;\r
338	UINT32 SendBufferSize;\r
339	UINT32 RecvBufferSize;\r
340	\r
341	//\r
342	// Construct command\r
343	//\r
344	SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
345	SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyGetDigest);\r
346	\r
347	SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
348	\r
349	SendBufferSize = (UINT32) sizeof (SendBuffer);\r
350	SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
351	\r
352	//\r
353	// send Tpm command\r
354	//\r
355	RecvBufferSize = sizeof (RecvBuffer);\r
356	Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 )&SendBuffer, &RecvBufferSize, (UINT8 )&RecvBuffer);\r
357	if (EFI_ERROR (Status)) {\r
358	return Status;\r
359	}\r
360	\r
361	if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
362	DEBUG ((EFI_D_ERROR, "Tpm2PolicyGetDigest - RecvBufferSize Error - %x\n", RecvBufferSize));\r
363	return EFI_DEVICE_ERROR;\r
364	}\r
365	if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
366	DEBUG ((EFI_D_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
367	return EFI_DEVICE_ERROR;\r
368	}\r
369	\r
370	//\r
371	// Return the response\r
372	//\r
373	PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size);\r
374	CopyMem (PolicyHash->buffer, &RecvBuffer.PolicyHash.buffer, PolicyHash->size);\r
375	\r
376	return EFI_SUCCESS;\r
377	}\r