|
TSS2_RC | Esys_PolicySigned_Async (ESYS_CONTEXT *esysContext, ESYS_TR authObject, ESYS_TR policySession, ESYS_TR shandle1, ESYS_TR shandle2, ESYS_TR shandle3, const TPM2B_NONCE *nonceTPM, const TPM2B_DIGEST *cpHashA, const TPM2B_NONCE *policyRef, INT32 expiration, const TPMT_SIGNATURE *auth) |
|
TSS2_RC | Esys_PolicySigned (ESYS_CONTEXT *esysContext, ESYS_TR authObject, ESYS_TR policySession, ESYS_TR shandle1, ESYS_TR shandle2, ESYS_TR shandle3, const TPM2B_NONCE *nonceTPM, const TPM2B_DIGEST *cpHashA, const TPM2B_NONCE *policyRef, INT32 expiration, const TPMT_SIGNATURE *auth, TPM2B_TIMEOUT **timeout, TPMT_TK_AUTH **policyTicket) |
|
TSS2_RC | Esys_PolicySigned_Finish (ESYS_CONTEXT *esysContext, TPM2B_TIMEOUT **timeout, TPMT_TK_AUTH **policyTicket) |
|
ESAPI function to invoke the TPM2_PolicySigned command either as a one-call or in an asynchronous manner.
◆ Esys_PolicySigned()
TSS2_RC Esys_PolicySigned |
( |
ESYS_CONTEXT * |
esysContext, |
|
|
ESYS_TR |
authObject, |
|
|
ESYS_TR |
policySession, |
|
|
ESYS_TR |
shandle1, |
|
|
ESYS_TR |
shandle2, |
|
|
ESYS_TR |
shandle3, |
|
|
const TPM2B_NONCE * |
nonceTPM, |
|
|
const TPM2B_DIGEST * |
cpHashA, |
|
|
const TPM2B_NONCE * |
policyRef, |
|
|
INT32 |
expiration, |
|
|
const TPMT_SIGNATURE * |
auth, |
|
|
TPM2B_TIMEOUT ** |
timeout, |
|
|
TPMT_TK_AUTH ** |
policyTicket |
|
) |
| |
One-Call function for TPM2_PolicySigned
This function invokes the TPM2_PolicySigned command in a one-call variant. This means the function will block until the TPM response is available. All input parameters are const. The memory for non-simple output parameters is allocated by the function implementation.
- Parameters
-
[in,out] | esysContext | The ESYS_CONTEXT. |
[in] | authObject | Handle for a key that will validate the signature. |
[in] | policySession | Handle for the policy session being extended. |
[in] | shandle1 | First session handle. |
[in] | shandle2 | Second session handle. |
[in] | shandle3 | Third session handle. |
[in] | nonceTPM | The policy nonce for the session. |
[in] | cpHashA | Digest of the command parameters to which this authorization is limited. |
[in] | policyRef | A reference to a policy relating to the authorization
|
[in] | expiration | Time when authorization will expire, measured in seconds from the time that nonceTPM was generated. |
[in] | auth | Signed authorization (not optional). |
[out] | timeout | Implementation-specific time value, used to indicate to the TPM when the ticket expires. (callee-allocated) |
[out] | policyTicket | Produced if the command succeeds and expiration in the command was non-zero; this ticket will use the TPMT_ST_AUTH_SIGNED structure tag. See 23.2.5. (callee-allocated) |
- Return values
-
TSS2_RC_SUCCESS | if the function call was a success. |
TSS2_ESYS_RC_BAD_REFERENCE | if the esysContext or required input pointers or required output handle references are NULL. |
TSS2_ESYS_RC_BAD_CONTEXT | if esysContext corruption is detected. |
TSS2_ESYS_RC_MEMORY | if the ESAPI cannot allocate enough memory for internal operations or return parameters. |
TSS2_ESYS_RC_BAD_SEQUENCE | if the context has an asynchronous operation already pending. |
TSS2_ESYS_RC_INSUFFICIENT_RESPONSE | if the TPM's response does not at least contain the tag, response length, and response code. |
TSS2_ESYS_RC_MALFORMED_RESPONSE | if the TPM's response is corrupted. |
TSS2_ESYS_RC_RSP_AUTH_FAILED | if the response HMAC from the TPM did not verify. |
TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS | if more than one session has the 'decrypt' attribute bit set. |
TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS | if more than one session has the 'encrypt' attribute bit set. |
TSS2_ESYS_RC_BAD_TR | if any of the ESYS_TR objects are unknown to the ESYS_CONTEXT or are of the wrong type or if required ESYS_TR objects are ESYS_TR_NONE. |
TSS2_RCs | produced by lower layers of the software stack may be returned to the caller unaltered unless handled internally. |
◆ Esys_PolicySigned_Async()
TSS2_RC Esys_PolicySigned_Async |
( |
ESYS_CONTEXT * |
esysContext, |
|
|
ESYS_TR |
authObject, |
|
|
ESYS_TR |
policySession, |
|
|
ESYS_TR |
shandle1, |
|
|
ESYS_TR |
shandle2, |
|
|
ESYS_TR |
shandle3, |
|
|
const TPM2B_NONCE * |
nonceTPM, |
|
|
const TPM2B_DIGEST * |
cpHashA, |
|
|
const TPM2B_NONCE * |
policyRef, |
|
|
INT32 |
expiration, |
|
|
const TPMT_SIGNATURE * |
auth |
|
) |
| |
Asynchronous function for TPM2_PolicySigned
This function invokes the TPM2_PolicySigned command in a asynchronous variant. This means the function will return as soon as the command has been sent downwards the stack to the TPM. All input parameters are const. In order to retrieve the TPM's response call Esys_PolicySigned_Finish.
- Parameters
-
[in,out] | esysContext | The ESYS_CONTEXT. |
[in] | authObject | Handle for a key that will validate the signature. |
[in] | policySession | Handle for the policy session being extended. |
[in] | shandle1 | First session handle. |
[in] | shandle2 | Second session handle. |
[in] | shandle3 | Third session handle. |
[in] | nonceTPM | The policy nonce for the session. |
[in] | cpHashA | Digest of the command parameters to which this authorization is limited. |
[in] | policyRef | A reference to a policy relating to the authorization
|
[in] | expiration | Time when authorization will expire, measured in seconds from the time that nonceTPM was generated. |
[in] | auth | Signed authorization (not optional). |
- Return values
-
ESYS_RC_SUCCESS | if the function call was a success. |
TSS2_ESYS_RC_BAD_REFERENCE | if the esysContext or required input pointers or required output handle references are NULL. |
TSS2_ESYS_RC_BAD_CONTEXT | if esysContext corruption is detected. |
TSS2_ESYS_RC_MEMORY | if the ESAPI cannot allocate enough memory for internal operations or return parameters. |
TSS2_RCs | produced by lower layers of the software stack may be returned to the caller unaltered unless handled internally. |
TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS | if more than one session has the 'decrypt' attribute bit set. |
TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS | if more than one session has the 'encrypt' attribute bit set. |
TSS2_ESYS_RC_BAD_TR | if any of the ESYS_TR objects are unknown to the ESYS_CONTEXT or are of the wrong type or if required ESYS_TR objects are ESYS_TR_NONE. |
◆ Esys_PolicySigned_Finish()
TSS2_RC Esys_PolicySigned_Finish |
( |
ESYS_CONTEXT * |
esysContext, |
|
|
TPM2B_TIMEOUT ** |
timeout, |
|
|
TPMT_TK_AUTH ** |
policyTicket |
|
) |
| |
Asynchronous finish function for TPM2_PolicySigned
This function returns the results of a TPM2_PolicySigned command invoked via Esys_PolicySigned_Finish. All non-simple output parameters are allocated by the function's implementation. NULL can be passed for every output parameter if the value is not required.
- Parameters
-
[in,out] | esysContext | The ESYS_CONTEXT. |
[out] | timeout | Implementation-specific time value, used to indicate to the TPM when the ticket expires. (callee-allocated) |
[out] | policyTicket | Produced if the command succeeds and expiration in the command was non-zero; this ticket will use the TPMT_ST_AUTH_SIGNED structure tag. See 23.2.5. (callee-allocated) |
- Return values
-
TSS2_RC_SUCCESS | on success |
ESYS_RC_SUCCESS | if the function call was a success. |
TSS2_ESYS_RC_BAD_REFERENCE | if the esysContext or required input pointers or required output handle references are NULL. |
TSS2_ESYS_RC_BAD_CONTEXT | if esysContext corruption is detected. |
TSS2_ESYS_RC_MEMORY | if the ESAPI cannot allocate enough memory for internal operations or return parameters. |
TSS2_ESYS_RC_BAD_SEQUENCE | if the context has an asynchronous operation already pending. |
TSS2_ESYS_RC_TRY_AGAIN | if the timeout counter expires before the TPM response is received. |
TSS2_ESYS_RC_INSUFFICIENT_RESPONSE | if the TPM's response does not at least contain the tag, response length, and response code. |
TSS2_ESYS_RC_RSP_AUTH_FAILED | if the response HMAC from the TPM did not verify. |
TSS2_ESYS_RC_MALFORMED_RESPONSE | if the TPM's response is corrupted. |
TSS2_RCs | produced by lower layers of the software stack may be returned to the caller unaltered unless handled internally. |