1 // This file was extracted from the TCG Published 2 // Trusted Platform Module Library 3 // Part 3: Commands 4 // Family "2.0" 5 // Level 00 Revision 01.16 6 // October 30, 2014 7 8 #include "InternalRoutines.h" 9 #include "RSA_Decrypt_fp.h" 10 #ifdef TPM_ALG_RSA 11 // 12 // 13 // Error Returns Meaning 14 // 15 // TPM_RC_ATTRIBUTES If the key is restricted or the key is not a decryption key 16 // TPM_RC_BINDING The public an private parts of the key are not properly bound 17 // TPM_RC_KEY keyHandle does not reference an unrestricted decrypt key 18 // TPM_RC_SCHEME incorrect input scheme, or the chosen scheme is not a valid RSA 19 // decrypt scheme 20 // TPM_RC_SIZE cipherText is not the size of the modulus of key referenced by 21 // keyHandle 22 // TPM_RC_VALUE label is not a null terminated string or the value of cipherText is 23 // greater that the modulus of keyHandle 24 // 25 TPM_RC 26 TPM2_RSA_Decrypt( 27 RSA_Decrypt_In *in, // IN: input parameter list 28 RSA_Decrypt_Out *out // OUT: output parameter list 29 ) 30 { 31 TPM_RC result; 32 OBJECT *rsaKey; 33 TPMT_RSA_DECRYPT *scheme; 34 char *label = NULL; 35 36 // Input Validation 37 38 rsaKey = ObjectGet(in->keyHandle); 39 40 // The selected key must be an RSA key 41 if(rsaKey->publicArea.type != TPM_ALG_RSA) 42 return TPM_RC_KEY + RC_RSA_Decrypt_keyHandle; 43 44 // The selected key must be an unrestricted decryption key 45 if( rsaKey->publicArea.objectAttributes.restricted == SET 46 || rsaKey->publicArea.objectAttributes.decrypt == CLEAR) 47 return TPM_RC_ATTRIBUTES + RC_RSA_Decrypt_keyHandle; 48 49 // NOTE: Proper operation of this command requires that the sensitive area 50 // of the key is loaded. This is assured because authorization is required 51 // to use the sensitive area of the key. In order to check the authorization, 52 // the sensitive area has to be loaded, even if authorization is with policy. 53 54 // If label is present, make sure that it is a NULL-terminated string 55 if(in->label.t.size > 0) 56 { 57 // Present, so make sure that it is NULL-terminated 58 if(in->label.t.buffer[in->label.t.size - 1] != 0) 59 return TPM_RC_VALUE + RC_RSA_Decrypt_label; 60 label = (char *)in->label.t.buffer; 61 } 62 63 // Command Output 64 65 // Select a scheme for decrypt. 66 scheme = CryptSelectRSAScheme(in->keyHandle, &in->inScheme); 67 if(scheme == NULL) 68 return TPM_RC_SCHEME + RC_RSA_Decrypt_inScheme; 69 70 // Decryption. TPM_RC_VALUE, TPM_RC_SIZE, and TPM_RC_KEY error may be 71 // returned by CryptDecryptRSA. 72 // NOTE: CryptDecryptRSA can also return TPM_RC_ATTRIBUTES or TPM_RC_BINDING 73 // when the key is not a decryption key but that was checked above. 74 out->message.t.size = sizeof(out->message.t.buffer); 75 result = CryptDecryptRSA(&out->message.t.size, out->message.t.buffer, rsaKey, 76 scheme, in->cipherText.t.size, 77 in->cipherText.t.buffer, 78 label); 79 80 return result; 81 } 82 #endif 83