C# Class Tpm2Lib.PolicyTree

A PolicyTree contains machinery for creating, executing and persisting TPM policy expression.

Mostra file Open project: Microsoft/TSS.MSR Class Usage Examples

Public Methods

Method	Description
Create ( PolicyAce singlePolicyChain ) : void	Create a simple policy chain (no ORs).
CreateNormalizedPolicy ( PolicyAce policy ) : void	A "normalized" policy is one transformed into disjunctive normal form in which a collection of policy "AND chains" is combined with PolicyOR before submission to the TPM. Callers must provide an-array-of-arrays of TpmPolicyACEs. The arrays may NOT contain PolicyOr (these will be added automatically), but each array MUST be terminated with a unique string identifier encoded in a TpmPolicyChainId.
Deserialize ( PolicySerializationFormat format, Stream sourceStream ) : void	Load a policy from a stream (MemoryStream, FileStream) in the specified format
DeserializeFromFile ( PolicySerializationFormat fmt, string fileName ) : void
DeserializeFromString ( PolicySerializationFormat fmt, string stream ) : void
GetDataStructureToSign ( int expirationTime, byte nonceTpm, byte cpHash, byte policyRef ) : byte[]	This is a formatting helper to help callbacks create a properly formed hash to sign.
GetPolicyDigest ( ) : TpmHash
GetPolicyRoot ( ) : PolicyAce
InsertPolicyRoot ( PolicyAce newRoot ) : PolicyTree
PolicyTree ( TpmAlgId hashAlgorithm ) : System
ResetPolicyDigest ( ) : void
Serialize ( string policyIdentifier, PolicySerializationFormat format, Stream targetStream ) : void	Create a serialization of the current policy object in a stream (e.g. MemoryStream or FileStream)
SerializeToFile ( string policyIdentifier, PolicySerializationFormat fmt, string fileName ) : void
SerializeToString ( string policyIdentifier, PolicySerializationFormat fmt ) : string
Set ( PolicyAce leaf ) : void	Sets the current policy tree to a policy branch represented by its leaf ACE. A policy branch can be constructed by means of the following expressions: new TpmAce1().And(new TpmAce2()).And(new TpmAce3()); or new TpmAce1().AddNextAce(new TpmAce2()).AddNextAce(new TpmAce3());
SetNvCallback ( PolicyNVDelegate policyNvCallback ) : void
SetPolicyActionCallback ( PolicyActionDelegate policyActionCallback ) : void
SetPolicyRoot ( PolicyAce root ) : PolicyAce
SetPolicySecretCallback ( PolicySecretDelegate policySecretCallback ) : void
SetSignerCallback ( SignDelegate signer ) : void

Private Methods

Method	Description
CheckPolicy ( string branchIdToFind, PolicyAce &matchingAce ) : void	Check to see if all branches have an ID and that the IDs are unique.
CheckPolicyIdInternal ( PolicyAce ace, string branchIdToFind, PolicyAce &matchingAce, string nodeIdToFind = "" ) : void
ExecutePolicyActionCallback ( TpmPolicyAction ace ) : void
ExecutePolicyNvCallback ( TpmPolicyNV ace, TpmHandle &authHandle, TpmHandle &nvHandle, SessionBase &authSession ) : void	Called from TpmPolicyNV.
ExecutePolicySecretCallback ( TpmPolicySecret ace, SessionBase &authorizingSession, TpmHandle &authorizedEntityHandle, bool &flushAuthEntity ) : void	Called from TpmPolicySecret.
ExecuteSignerCallback ( TpmPolicySigned ace, byte nonceTpm, TpmPublic &verificationKey ) : ISignatureUnion	This is called from TpmPolicySigned when an external caller must sign the session data.

Method Details

Create() public method

Create a simple policy chain (no ORs).

public Create ( PolicyAce singlePolicyChain ) : void
singlePolicyChain	PolicyAce
return	void

CreateNormalizedPolicy() public method

A "normalized" policy is one transformed into disjunctive normal form in which a collection of policy "AND chains" is combined with PolicyOR before submission to the TPM. Callers must provide an-array-of-arrays of TpmPolicyACEs. The arrays may NOT contain PolicyOr (these will be added automatically), but each array MUST be terminated with a unique string identifier encoded in a TpmPolicyChainId.

public CreateNormalizedPolicy ( PolicyAce policy ) : void
policy	PolicyAce
return	void

Deserialize() public method

Load a policy from a stream (MemoryStream, FileStream) in the specified format

public Deserialize ( PolicySerializationFormat format, Stream sourceStream ) : void
format	PolicySerializationFormat
sourceStream	Stream
return	void

DeserializeFromFile() public method

public DeserializeFromFile ( PolicySerializationFormat fmt, string fileName ) : void
fmt	PolicySerializationFormat
fileName	string
return	void

DeserializeFromString() public method

public DeserializeFromString ( PolicySerializationFormat fmt, string stream ) : void
fmt	PolicySerializationFormat
stream	string
return	void

GetDataStructureToSign() public static method

This is a formatting helper to help callbacks create a properly formed hash to sign.

public static GetDataStructureToSign ( int expirationTime, byte nonceTpm, byte cpHash, byte policyRef ) : byte[]
expirationTime	int
nonceTpm	byte
cpHash	byte
policyRef	byte
return	byte[]

GetPolicyDigest() public method

public GetPolicyDigest ( ) : TpmHash
return	TpmHash

GetPolicyRoot() public method

public GetPolicyRoot ( ) : PolicyAce
return	PolicyAce

InsertPolicyRoot() public method

public InsertPolicyRoot ( PolicyAce newRoot ) : PolicyTree
newRoot	PolicyAce
return	PolicyTree

PolicyTree() public method

public PolicyTree ( TpmAlgId hashAlgorithm ) : System
hashAlgorithm	TpmAlgId
return	System

ResetPolicyDigest() public method

public ResetPolicyDigest ( ) : void
return	void

Serialize() public method

Create a serialization of the current policy object in a stream (e.g. MemoryStream or FileStream)

public Serialize ( string policyIdentifier, PolicySerializationFormat format, Stream targetStream ) : void
policyIdentifier	string
format	PolicySerializationFormat
targetStream	Stream
return	void

SerializeToFile() public method

public SerializeToFile ( string policyIdentifier, PolicySerializationFormat fmt, string fileName ) : void
policyIdentifier	string
fmt	PolicySerializationFormat
fileName	string
return	void

SerializeToString() public method

public SerializeToString ( string policyIdentifier, PolicySerializationFormat fmt ) : string
policyIdentifier	string
fmt	PolicySerializationFormat
return	string

Set() public method

Sets the current policy tree to a policy branch represented by its leaf ACE. A policy branch can be constructed by means of the following expressions: new TpmAce1().And(new TpmAce2()).And(new TpmAce3()); or new TpmAce1().AddNextAce(new TpmAce2()).AddNextAce(new TpmAce3());

public Set ( PolicyAce leaf ) : void
leaf	PolicyAce
return	void

SetNvCallback() public method

public SetNvCallback ( PolicyNVDelegate policyNvCallback ) : void
policyNvCallback	PolicyNVDelegate
return	void

SetPolicyActionCallback() public method

public SetPolicyActionCallback ( PolicyActionDelegate policyActionCallback ) : void
policyActionCallback	PolicyActionDelegate
return	void

SetPolicyRoot() public method

public SetPolicyRoot ( PolicyAce root ) : PolicyAce
root	PolicyAce
return	PolicyAce

SetPolicySecretCallback() public method

public SetPolicySecretCallback ( PolicySecretDelegate policySecretCallback ) : void
policySecretCallback	PolicySecretDelegate
return	void

SetSignerCallback() public method

public SetSignerCallback ( SignDelegate signer ) : void
signer	SignDelegate
return	void