fmaury/tpm.dev.tutorials
1
0
Fork 0
mirror of https://github.com/tpm2dev/tpm.dev.tutorials.git synced 2024-11-10 01:12:10 +00:00
Code Issues Projects Releases Packages Wiki Activity
tpm.dev.tutorials/TPM-Commands/TPM2_PolicySecret.md
Nicolas Williams 6413adfe6b Describe TPM2_Policy{Secret,Signed}()
2021-08-28 15:11:18 -05:00

2.7 KiB
Raw Blame History

TPM2_PolicySecret()

TPM2_PolicySecret() allows a caller to assert and prove knowledge of the authValue associated with some entity. The authValue affects the HMAC calculation for the affected session, so the command will fail if the caller does not know the authValue.

The tpmNonce input strongly binds the command to the policySession. If the Empty Buffer is given as the tpmNonce, then the TPM2_PolicySecret() command could be altered to refer to any other policy on the same TPM if the object referred to by authHandle requires an HMAC or policy session, or any TPM otherwise.

If a policyTicket is requested and output, that ticket can be used (up to its expiration), via TPM2_PolicyTicket(), to satisfy the same TPM2_PolicySecret() that produced the ticket.

That is, a caller can get a ticket from a TPM2_PolicySecret() invocation that allows it to re-use the authValue proof many times prior to the ticket's expiration without having to actually prove the authValue again. For example, if the authValue is obtained from a password prompt and the password and authValue erased from memory as soon as the TPM2_PolicySecret() command is marshalled, then the caller can keep satisfying policies containing that TPM2_PolicySecret() by using TPM2_PolicyTicket() instead of TPM2_PolicySecret(). This is useful to avoid requiring repeated password prompts in a short time span.

Inputs

  • TPMI_DH_OBJECT authHandle (handle to the entity whose authValue is to be proven)
  • TPMI_SH_POLICY policySession (handle to the session being extended)
  • TPM2B_NONCE tpmNonce (the policy nonce for the policySession)
  • TPM2B_DIGEST cpHashA (the command parameter hash of a single command to be authorized, or Empty Buffer to not so-limit the assertion)
  • TPM2B_NONCE policyRef (an opaque value of the caller's choosing, possibly the Empty Buffer, that is used to extend the policySession's policyDigest along with the name of authHandle)
  • INT32 expiration (a positive or negative number of milliseconds which, if non-zero, sets an expiration for this assertion; if zero or positive then a policyTicket will not be output)

Outputs

  • TPM2B_TIMEOUT timeout (implementation-specific indication of actual timeout for the session)
  • TPMT_TK_AUTH policyTicket

References