/** @file\r
Implement TPM2 EnhancedAuthorization related command.\r
\r
-Copyright (c) 2014, Intel Corporation. All rights reserved. <BR>\r
+Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved. <BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
TPMS_AUTH_RESPONSE AuthSession;\r
} TPM2_POLICY_SECRET_RESPONSE;\r
\r
+typedef struct {\r
+ TPM2_COMMAND_HEADER Header;\r
+ TPMI_SH_POLICY PolicySession;\r
+ TPML_DIGEST HashList;\r
+} TPM2_POLICY_OR_COMMAND;\r
+\r
+typedef struct {\r
+ TPM2_RESPONSE_HEADER Header;\r
+} TPM2_POLICY_OR_RESPONSE;\r
+\r
typedef struct {\r
TPM2_COMMAND_HEADER Header;\r
TPMI_SH_POLICY PolicySession;\r
RecvBufferSize = sizeof (RecvBuffer);\r
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
if (EFI_ERROR (Status)) {\r
- return Status;\r
+ goto Done;\r
}\r
\r
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - RecvBufferSize Error - %x\n", RecvBufferSize));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
\r
//\r
//\r
Buffer = (UINT8 *)&RecvBuffer.Timeout;\r
Timeout->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
+ if (Timeout->size > sizeof(UINT64)) {\r
+ DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - Timeout->size error %x\n", Timeout->size));\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
+ }\r
+\r
Buffer += sizeof(UINT16);\r
CopyMem (Timeout->buffer, Buffer, Timeout->size);\r
\r
Buffer += sizeof(UINT32);\r
PolicyTicket->digest.size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
Buffer += sizeof(UINT16);\r
+ if (PolicyTicket->digest.size > sizeof(TPMU_HA)) {\r
+ DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - digest.size error %x\n", PolicyTicket->digest.size));\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
+ }\r
+\r
CopyMem (PolicyTicket->digest.buffer, Buffer, PolicyTicket->digest.size);\r
\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
+ ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
+ return Status;\r
+}\r
+\r
+/**\r
+ This command allows options in authorizations without requiring that the TPM evaluate all of the options.\r
+ If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that\r
+ satisfies the policy. This command will indicate that one of the required sets of conditions has been\r
+ satisfied.\r
+\r
+ @param[in] PolicySession Handle for the policy session being extended.\r
+ @param[in] HashList the list of hashes to check for a match.\r
+ \r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2PolicyOR (\r
+ IN TPMI_SH_POLICY PolicySession,\r
+ IN TPML_DIGEST *HashList\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TPM2_POLICY_OR_COMMAND SendBuffer;\r
+ TPM2_POLICY_OR_RESPONSE RecvBuffer;\r
+ UINT32 SendBufferSize;\r
+ UINT32 RecvBufferSize;\r
+ UINT8 *Buffer;\r
+ UINTN Index;\r
+\r
+ //\r
+ // Construct command\r
+ //\r
+ SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
+ SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyOR);\r
+\r
+ SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
+ Buffer = (UINT8 *)&SendBuffer.HashList;\r
+ WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (HashList->count));\r
+ Buffer += sizeof(UINT32);\r
+ for (Index = 0; Index < HashList->count; Index++) {\r
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashList->digests[Index].size));\r
+ Buffer += sizeof(UINT16);\r
+ CopyMem (Buffer, HashList->digests[Index].buffer, HashList->digests[Index].size);\r
+ Buffer += HashList->digests[Index].size;\r
+ }\r
+\r
+ SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
+ SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
+\r
+ //\r
+ // send Tpm command\r
+ //\r
+ RecvBufferSize = sizeof (RecvBuffer);\r
+ Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
+ DEBUG ((EFI_D_ERROR, "Tpm2PolicyOR - RecvBufferSize Error - %x\n", RecvBufferSize));\r
+ return EFI_DEVICE_ERROR;\r
+ }\r
+ if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
+ DEBUG ((EFI_D_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
+ return EFI_DEVICE_ERROR;\r
+ }\r
+\r
return EFI_SUCCESS;\r
}\r
\r
// Return the response\r
//\r
PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size);\r
+ if (PolicyHash->size > sizeof(TPMU_HA)) {\r
+ DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - PolicyHash->size error %x\n", PolicyHash->size));\r
+ return EFI_DEVICE_ERROR;\r
+ }\r
+\r
CopyMem (PolicyHash->buffer, &RecvBuffer.PolicyHash.buffer, PolicyHash->size);\r
\r
return EFI_SUCCESS;\r