Home | History | Annotate | Download | only in tpm2 
      1 // This file was extracted from the TCG Published
      2 // Trusted Platform Module Library
      3 // Part 3: Commands
      4 // Family "2.0"
      5 // Level 00 Revision 01.16
      6 // October 30, 2014
      7 
      8 #include "InternalRoutines.h"
      9 #include "ActivateCredential_fp.h"
     10 #include "Object_spt_fp.h"
     11 //
     12 //
     13 //     Error Returns                Meaning
     14 //
     15 //     TPM_RC_ATTRIBUTES            keyHandle does not reference a decryption key
     16 //     TPM_RC_ECC_POINT             secret is invalid (when keyHandle is an ECC key)
     17 //     TPM_RC_INSUFFICIENT          secret is invalid (when keyHandle is an ECC key)
     18 //     TPM_RC_INTEGRITY             credentialBlob fails integrity test
     19 //     TPM_RC_NO_RESULT             secret is invalid (when keyHandle is an ECC key)
     20 //     TPM_RC_SIZE                  secret size is invalid or the credentialBlob does not unmarshal
     21 //                                  correctly
     22 //     TPM_RC_TYPE                  keyHandle does not reference an asymmetric key.
     23 //     TPM_RC_VALUE                 secret is invalid (when keyHandle is an RSA key)
     24 //
     25 TPM_RC
     26 TPM2_ActivateCredential(
     27    ActivateCredential_In    *in,                 // IN: input parameter list
     28    ActivateCredential_Out   *out                 // OUT: output parameter list
     29    )
     30 {
     31    TPM_RC                        result = TPM_RC_SUCCESS;
     32    OBJECT                       *object;        // decrypt key
     33    OBJECT                       *activateObject;// key associated with
     34    // credential
     35    TPM2B_DATA                      data;              // credential data
     36 
     37 // Input Validation
     38 
     39    // Get decrypt key pointer
     40    object = ObjectGet(in->keyHandle);
     41 
     42    // Get certificated object pointer
     43    activateObject = ObjectGet(in->activateHandle);
     44 
     45    // input decrypt key must be an asymmetric, restricted decryption key
     46    if(   !CryptIsAsymAlgorithm(object->publicArea.type)
     47       || object->publicArea.objectAttributes.decrypt == CLEAR
     48       || object->publicArea.objectAttributes.restricted == CLEAR)
     49        return TPM_RC_TYPE + RC_ActivateCredential_keyHandle;
     50 
     51 // Command output
     52 
     53    // Decrypt input credential data via asymmetric decryption. A
     54    // TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this
     55    // point
     56    result = CryptSecretDecrypt(in->keyHandle, NULL,
     57                                "IDENTITY", &in->secret, &data);
     58    if(result != TPM_RC_SUCCESS)
     59    {
     60        if(result == TPM_RC_KEY)
     61            return TPM_RC_FAILURE;
     62        return RcSafeAddToResult(result, RC_ActivateCredential_secret);
     63    }
     64 
     65    // Retrieve secret data. A TPM_RC_INTEGRITY error or unmarshal
     66    // errors may be returned at this point
     67    result = CredentialToSecret(&in->credentialBlob,
     68                                &activateObject->name,
     69                                (TPM2B_SEED *) &data,
     70                                in->keyHandle,
     71                                &out->certInfo);
     72    if(result != TPM_RC_SUCCESS)
     73        return RcSafeAddToResult(result,RC_ActivateCredential_credentialBlob);
     74 
     75    return TPM_RC_SUCCESS;
     76 }
     77