internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy)
{
byte[] dataToSign = Globs.Concatenate(PolicyToReplace, PolicyRef);
byte[] aHash = CryptoLib.HashData(SigningHash, dataToSign);
TpmHandle verifierHandle = tpm.LoadExternal(null, SigningKey, TpmRh.Owner);
if (policy.AllowErrorsInPolicyEval)
{
tpm._AllowErrors();
}
// todo - fix the serialization so that we can persist the interface
ISignatureUnion theSig = null;
if(null!= (Object) Sig1)
{
theSig = Sig1;
}
if (null != (Object)Sig2)
{
theSig = Sig2;
}
if (theSig != null)
{
Ticket = tpm.VerifySignature(verifierHandle, aHash, theSig);
TpmRc intermediateError = tpm._GetLastResponseCode();
if (intermediateError != TpmRc.Success)
{
tpm.FlushContext(verifierHandle);
return intermediateError;
}
}
else
{
// create a dummy ticket = e.g. for a trial session
Ticket = new TkVerified(TpmRh.Owner, new byte[0]);
}
tpm.FlushContext(verifierHandle);
byte[] keySign = SigningKey.GetName();
TpmHandle policySession = authSession;
if (TheParamsCallback != null)
{
TheParamsCallback(tpm, ref policySession, ref PolicyToReplace, ref PolicyRef, keySign, ref Ticket);
}
if (policy.AllowErrorsInPolicyEval)
{
tpm._AllowErrors();
}
tpm.PolicyAuthorize(policySession, PolicyToReplace, PolicyRef, keySign, Ticket);
return tpm._GetLastResponseCode();
}
public byte[] PolicyToReplace;