tpm2-common: initialize policy session

Initialize the policy session with the policy command included in the key.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

2 files changed, 67 insertions, 0 deletions

diff --git a/tpm2-common.c b/tpm2-common.c
index 5381369..60e7e35 100644
--- a/tpm2-common.c
+++ b/tpm2-common.c
@@ -19,6 +19,7 @@
 #include TSSINCLUDE(tssmarshal.h)
 #include TSSINCLUDE(tsscrypto.h)
 #include TSSINCLUDE(tsscryptoh.h)
+#include TSSINCLUDE(Unmarshal_fp.h)
 
 #include "tpm2-common.h"
 
@@ -608,6 +609,64 @@ TPM_RC tpm2_get_session_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
 }
 
 /*
+ * PolicyPCR_In_Unmarshal() cannot be used because pcrs and digestTPM
+ * are inverted in the policy command.
+ */
+TPM_RC policy_pcr_unmarshal(PolicyPCR_In *target, BYTE **buffer, INT32 *size)
+{
+	return TPML_PCR_SELECTION_Unmarshal(&target->pcrs, buffer, size);
+}
+
+TPM_RC tpm2_init_session(TSS_CONTEXT *tssContext, TPM_HANDLE handle,
+			 int num_commands, struct policy_command *commands)
+{
+	INT32 size;
+	BYTE *policy;
+	TPM_RC rc = 0;
+	COMMAND_PARAMETERS in;
+	int i;
+
+	((PolicyPCR_In *)&in)->policySession = handle;
+
+	for (i = 0; i < num_commands; i++) {
+		size = commands[i].size;
+		policy = commands[i].policy;
+
+		switch (commands[i].code) {
+		case TPM_CC_PolicyPCR:
+			rc = TPML_PCR_SELECTION_Unmarshal(
+				&((PolicyPCR_In *)&in)->pcrs, &policy, &size);
+			((PolicyPCR_In *)&in)->pcrDigest.b.size = 0;
+			break;
+		case TPM_CC_PolicyAuthValue:
+			break;
+		default:
+			fprintf(stderr, "Unsupported policy command %d\n",
+				commands[i].code);
+			return TPM_RC_FAILURE;
+		}
+
+		if (rc) {
+			tpm2_error(rc, "unmarshal");
+			return rc;
+		}
+
+		rc = TSS_Execute(tssContext,
+				NULL,
+				(COMMAND_PARAMETERS *)&in,
+				NULL,
+				commands[i].code,
+				TPM_RH_NULL, NULL, 0);
+		if (rc) {
+			tpm2_error(rc, "policy command");
+			return rc;
+		}
+	}
+
+	return TPM_RC_SUCCESS;
+}
+
+/*
  * Cut down version of Part 4 Supporting Routines 7.6.3.10
  *
  * Hard coded to symmetrically encrypt with aes128 as the inner
diff --git a/tpm2-common.h b/tpm2-common.h
index a33e238..1eed54b 100644
--- a/tpm2-common.h
+++ b/tpm2-common.h
@@ -4,6 +4,12 @@
 #define	T2_AES_KEY_BITS		128
 #define T2_AES_KEY_BYTES	(T2_AES_KEY_BITS/8)
 
+struct policy_command {
+	TPM_CC code;
+	INT32 size;
+	BYTE *policy;
+};
+
 void tpm2_error(TPM_RC rc, const char *reason);
 TPM_RC tpm2_load_srk(TSS_CONTEXT *tssContext, TPM_HANDLE *h, const char *auth, TPM2B_PUBLIC *pub, TPM_HANDLE handle);
 void tpm2_flush_handle(TSS_CONTEXT *tssContext, TPM_HANDLE h);
@@ -11,6 +17,8 @@ EVP_PKEY *tpm2_to_openssl_public(TPMT_PUBLIC *pub);
 void tpm2_flush_srk(TSS_CONTEXT *tssContext, TPM_HANDLE hSRK);
 TPM_RC tpm2_get_session_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
 			       TPM_HANDLE salt_key, TPM_SE sessionType);
+TPM_RC tpm2_init_session(TSS_CONTEXT *tssContext, TPM_HANDLE handle,
+			 int num_commands, struct policy_command *commands);
 TPM_RC tpm2_get_bound_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
 			     TPM_HANDLE bind, const char *auth);
 TPM_RC tpm2_SensitiveToDuplicate(TPMT_SENSITIVE *s,