.TH "Esys_PolicySecret" 3 "Sun May 7 2023" "Version 4.0.1" "tpm2-tss" \" -*- nroff -*- .ad l .nh .SH NAME Esys_PolicySecret \- The ESAPI function for the TPM2_PolicySecret command\&. .SH SYNOPSIS .br .PP .SS "Functions" .in +1c .ti -1c .RI "TSS2_RC \fBEsys_PolicySecret_Async\fP (\fBESYS_CONTEXT\fP *esysContext, \fBESYS_TR\fP authHandle, \fBESYS_TR\fP policySession, \fBESYS_TR\fP shandle1, \fBESYS_TR\fP shandle2, \fBESYS_TR\fP shandle3, const TPM2B_NONCE *nonceTPM, const TPM2B_DIGEST *cpHashA, const TPM2B_NONCE *policyRef, INT32 expiration)" .br .ti -1c .RI "TSS2_RC \fBEsys_PolicySecret\fP (\fBESYS_CONTEXT\fP *esysContext, \fBESYS_TR\fP authHandle, \fBESYS_TR\fP policySession, \fBESYS_TR\fP shandle1, \fBESYS_TR\fP shandle2, \fBESYS_TR\fP shandle3, const TPM2B_NONCE *nonceTPM, const TPM2B_DIGEST *cpHashA, const TPM2B_NONCE *policyRef, INT32 expiration, TPM2B_TIMEOUT **timeout, TPMT_TK_AUTH **policyTicket)" .br .ti -1c .RI "TSS2_RC \fBEsys_PolicySecret_Finish\fP (\fBESYS_CONTEXT\fP *esysContext, TPM2B_TIMEOUT **timeout, TPMT_TK_AUTH **policyTicket)" .br .in -1c .SH "Detailed Description" .PP ESAPI function to invoke the TPM2_PolicySecret command either as a one-call or in an asynchronous manner\&. .SH "Function Documentation" .PP .SS "TSS2_RC Esys_PolicySecret (\fBESYS_CONTEXT\fP * esysContext, \fBESYS_TR\fP authHandle, \fBESYS_TR\fP policySession, \fBESYS_TR\fP shandle1, \fBESYS_TR\fP shandle2, \fBESYS_TR\fP shandle3, const TPM2B_NONCE * nonceTPM, const TPM2B_DIGEST * cpHashA, const TPM2B_NONCE * policyRef, INT32 expiration, TPM2B_TIMEOUT ** timeout, TPMT_TK_AUTH ** policyTicket)" One-Call function for TPM2_PolicySecret .PP This function invokes the TPM2_PolicySecret command in a one-call variant\&. This means the function will block until the TPM response is available\&. All input parameters are const\&. The memory for non-simple output parameters is allocated by the function implementation\&. .PP \fBParameters\fP .RS 4 \fIesysContext\fP The \fBESYS_CONTEXT\fP\&. .br \fIauthHandle\fP Handle for an entity providing the authorization\&. .br \fIpolicySession\fP Handle for the policy session being extended\&. .br \fIshandle1\fP Session handle for authorization of authHandle .br \fIshandle2\fP Second session handle\&. .br \fIshandle3\fP Third session handle\&. .br \fInonceTPM\fP The policy nonce for the session\&. .br \fIcpHashA\fP Digest of the command parameters to which this authorization is limited\&. .br \fIpolicyRef\fP A reference to a policy relating to the authorization .IP "\(bu" 2 may be the Empty Buffer\&. .PP .br \fIexpiration\fP Time when authorization will expire, measured in seconds from the time that nonceTPM was generated\&. .br \fItimeout\fP Implementation-specific time value used to indicate to the TPM when the ticket expires; this ticket will use the TPMT_ST_AUTH_SECRET structure tag\&. (callee-allocated) .br \fIpolicyTicket\fP Produced if the command succeeds and expiration in the command was non-zero ( See 23\&.2\&.5)\&. (callee-allocated) .RE .PP \fBReturn values\fP .RS 4 \fITSS2_RC_SUCCESS\fP if the function call was a success\&. .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP if the esysContext or required input pointers or required output handle references are NULL\&. .br \fITSS2_ESYS_RC_BAD_CONTEXT\fP if esysContext corruption is detected\&. .br \fITSS2_ESYS_RC_MEMORY\fP if the ESAPI cannot allocate enough memory for internal operations or return parameters\&. .br \fITSS2_ESYS_RC_BAD_SEQUENCE\fP if the context has an asynchronous operation already pending\&. .br \fITSS2_ESYS_RC_INSUFFICIENT_RESPONSE\fP if the TPM's response does not at least contain the tag, response length, and response code\&. .br \fITSS2_ESYS_RC_MALFORMED_RESPONSE\fP if the TPM's response is corrupted\&. .br \fITSS2_ESYS_RC_RSP_AUTH_FAILED\fP if the response HMAC from the TPM did not verify\&. .br \fITSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS\fP if more than one session has the 'decrypt' attribute bit set\&. .br \fITSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS\fP if more than one session has the 'encrypt' attribute bit set\&. .br \fITSS2_ESYS_RC_BAD_TR\fP if any of the ESYS_TR objects are unknown to the \fBESYS_CONTEXT\fP or are of the wrong type or if required ESYS_TR objects are ESYS_TR_NONE\&. .br \fITSS2_RCs\fP produced by lower layers of the software stack may be returned to the caller unaltered unless handled internally\&. .RE .PP .SS "TSS2_RC Esys_PolicySecret_Async (\fBESYS_CONTEXT\fP * esysContext, \fBESYS_TR\fP authHandle, \fBESYS_TR\fP policySession, \fBESYS_TR\fP shandle1, \fBESYS_TR\fP shandle2, \fBESYS_TR\fP shandle3, const TPM2B_NONCE * nonceTPM, const TPM2B_DIGEST * cpHashA, const TPM2B_NONCE * policyRef, INT32 expiration)" Asynchronous function for TPM2_PolicySecret .PP This function invokes the TPM2_PolicySecret command in a asynchronous variant\&. This means the function will return as soon as the command has been sent downwards the stack to the TPM\&. All input parameters are const\&. In order to retrieve the TPM's response call Esys_PolicySecret_Finish\&. .PP \fBParameters\fP .RS 4 \fIesysContext\fP The \fBESYS_CONTEXT\fP\&. .br \fIauthHandle\fP Handle for an entity providing the authorization\&. .br \fIpolicySession\fP Handle for the policy session being extended\&. .br \fIshandle1\fP Session handle for authorization of authHandle .br \fIshandle2\fP Second session handle\&. .br \fIshandle3\fP Third session handle\&. .br \fInonceTPM\fP The policy nonce for the session\&. .br \fIcpHashA\fP Digest of the command parameters to which this authorization is limited\&. .br \fIpolicyRef\fP A reference to a policy relating to the authorization .IP "\(bu" 2 may be the Empty Buffer\&. .PP .br \fIexpiration\fP Time when authorization will expire, measured in seconds from the time that nonceTPM was generated\&. .RE .PP \fBReturn values\fP .RS 4 \fIESYS_RC_SUCCESS\fP if the function call was a success\&. .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP if the esysContext or required input pointers or required output handle references are NULL\&. .br \fITSS2_ESYS_RC_BAD_CONTEXT\fP if esysContext corruption is detected\&. .br \fITSS2_ESYS_RC_MEMORY\fP if the ESAPI cannot allocate enough memory for internal operations or return parameters\&. .br \fITSS2_RCs\fP produced by lower layers of the software stack may be returned to the caller unaltered unless handled internally\&. .br \fITSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS\fP if more than one session has the 'decrypt' attribute bit set\&. .br \fITSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS\fP if more than one session has the 'encrypt' attribute bit set\&. .br \fITSS2_ESYS_RC_BAD_TR\fP if any of the ESYS_TR objects are unknown to the \fBESYS_CONTEXT\fP or are of the wrong type or if required ESYS_TR objects are ESYS_TR_NONE\&. .RE .PP .SS "TSS2_RC Esys_PolicySecret_Finish (\fBESYS_CONTEXT\fP * esysContext, TPM2B_TIMEOUT ** timeout, TPMT_TK_AUTH ** policyTicket)" Asynchronous finish function for TPM2_PolicySecret .PP This function returns the results of a TPM2_PolicySecret command invoked via Esys_PolicySecret_Finish\&. All non-simple output parameters are allocated by the function's implementation\&. NULL can be passed for every output parameter if the value is not required\&. .PP \fBParameters\fP .RS 4 \fIesysContext\fP The \fBESYS_CONTEXT\fP\&. .br \fItimeout\fP Implementation-specific time value used to indicate to the TPM when the ticket expires; this ticket will use the TPMT_ST_AUTH_SECRET structure tag\&. (callee-allocated) .br \fIpolicyTicket\fP Produced if the command succeeds and expiration in the command was non-zero ( See 23\&.2\&.5)\&. (callee-allocated) .RE .PP \fBReturn values\fP .RS 4 \fITSS2_RC_SUCCESS\fP on success .br \fIESYS_RC_SUCCESS\fP if the function call was a success\&. .br \fITSS2_ESYS_RC_BAD_REFERENCE\fP if the esysContext or required input pointers or required output handle references are NULL\&. .br \fITSS2_ESYS_RC_BAD_CONTEXT\fP if esysContext corruption is detected\&. .br \fITSS2_ESYS_RC_MEMORY\fP if the ESAPI cannot allocate enough memory for internal operations or return parameters\&. .br \fITSS2_ESYS_RC_BAD_SEQUENCE\fP if the context has an asynchronous operation already pending\&. .br \fITSS2_ESYS_RC_TRY_AGAIN\fP if the timeout counter expires before the TPM response is received\&. .br \fITSS2_ESYS_RC_INSUFFICIENT_RESPONSE\fP if the TPM's response does not at least contain the tag, response length, and response code\&. .br \fITSS2_ESYS_RC_RSP_AUTH_FAILED\fP if the response HMAC from the TPM did not verify\&. .br \fITSS2_ESYS_RC_MALFORMED_RESPONSE\fP if the TPM's response is corrupted\&. .br \fITSS2_RCs\fP produced by lower layers of the software stack may be returned to the caller unaltered unless handled internally\&. .RE .PP .SH "Author" .PP Generated automatically by Doxygen for tpm2-tss from the source code\&.