internal override TpmRc Execute(Tpm2 tpm, AuthSession authSession, PolicyTree policy)
{
byte[] nonceTpm = UseNonceTpm ? Globs.CopyData(authSession.NonceTpm) : new byte[0];
var dataToSign = new Marshaller();
dataToSign.Put(nonceTpm, "");
ISignatureUnion signature;
// If the library has been given a signing key we can do the challenge here (else we need to call out)
TpmHandle verificationKey;
if (SigningKey != null)
{
dataToSign.Put(ExpirationTime, "");
dataToSign.Put(CpHash, "");
dataToSign.Put(PolicyRef, "");
// Just ask the key to sign the challenge
signature = SigningKey.Sign(dataToSign.GetBytes());
verificationKey = tpm.LoadExternal(null, SigningKeyPub, TpmRh.Owner);
}
else
{
TpmPublic verifier;
signature = AssociatedPolicy.ExecuteSignerCallback(this, nonceTpm, out verifier);
verificationKey = tpm.LoadExternal(null, verifier, TpmRh.Owner);
}
TkAuth policyTicket;
Timeout = tpm.PolicySigned(verificationKey,
authSession,
nonceTpm,
CpHash,
PolicyRef,
ExpirationTime,
signature,
out policyTicket);
TpmRc responseCode = tpm._GetLastResponseCode();
// Save the policyTicket in case it is needed later
PolicyTicket = policyTicket;
tpm.FlushContext(verificationKey);
return responseCode;
}