1 // This file was extracted from the TCG Published 2 // Trusted Platform Module Library 3 // Part 3: Commands 4 // Family "2.0" 5 // Level 00 Revision 01.16 6 // October 30, 2014 7 8 #include "InternalRoutines.h" 9 #include "ActivateCredential_fp.h" 10 #include "Object_spt_fp.h" 11 // 12 // 13 // Error Returns Meaning 14 // 15 // TPM_RC_ATTRIBUTES keyHandle does not reference a decryption key 16 // TPM_RC_ECC_POINT secret is invalid (when keyHandle is an ECC key) 17 // TPM_RC_INSUFFICIENT secret is invalid (when keyHandle is an ECC key) 18 // TPM_RC_INTEGRITY credentialBlob fails integrity test 19 // TPM_RC_NO_RESULT secret is invalid (when keyHandle is an ECC key) 20 // TPM_RC_SIZE secret size is invalid or the credentialBlob does not unmarshal 21 // correctly 22 // TPM_RC_TYPE keyHandle does not reference an asymmetric key. 23 // TPM_RC_VALUE secret is invalid (when keyHandle is an RSA key) 24 // 25 TPM_RC 26 TPM2_ActivateCredential( 27 ActivateCredential_In *in, // IN: input parameter list 28 ActivateCredential_Out *out // OUT: output parameter list 29 ) 30 { 31 TPM_RC result = TPM_RC_SUCCESS; 32 OBJECT *object; // decrypt key 33 OBJECT *activateObject;// key associated with 34 // credential 35 TPM2B_DATA data; // credential data 36 37 // Input Validation 38 39 // Get decrypt key pointer 40 object = ObjectGet(in->keyHandle); 41 42 // Get certificated object pointer 43 activateObject = ObjectGet(in->activateHandle); 44 45 // input decrypt key must be an asymmetric, restricted decryption key 46 if( !CryptIsAsymAlgorithm(object->publicArea.type) 47 || object->publicArea.objectAttributes.decrypt == CLEAR 48 || object->publicArea.objectAttributes.restricted == CLEAR) 49 return TPM_RC_TYPE + RC_ActivateCredential_keyHandle; 50 51 // Command output 52 53 // Decrypt input credential data via asymmetric decryption. A 54 // TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this 55 // point 56 result = CryptSecretDecrypt(in->keyHandle, NULL, 57 "IDENTITY", &in->secret, &data); 58 if(result != TPM_RC_SUCCESS) 59 { 60 if(result == TPM_RC_KEY) 61 return TPM_RC_FAILURE; 62 return RcSafeAddToResult(result, RC_ActivateCredential_secret); 63 } 64 65 // Retrieve secret data. A TPM_RC_INTEGRITY error or unmarshal 66 // errors may be returned at this point 67 result = CredentialToSecret(&in->credentialBlob, 68 &activateObject->name, 69 (TPM2B_SEED *) &data, 70 in->keyHandle, 71 &out->certInfo); 72 if(result != TPM_RC_SUCCESS) 73 return RcSafeAddToResult(result,RC_ActivateCredential_credentialBlob); 74 75 return TPM_RC_SUCCESS; 76 } 77