1 // This file was extracted from the TCG Published
2 // Trusted Platform Module Library
3 // Part 3: Commands
4 // Family "2.0"
5 // Level 00 Revision 01.16
6 // October 30, 2014
7 
8 #include "InternalRoutines.h"
9 #include "ActivateCredential_fp.h"
10 #include "Object_spt_fp.h"
11 //
12 //
13 //     Error Returns                Meaning
14 //
15 //     TPM_RC_ATTRIBUTES            keyHandle does not reference a decryption key
16 //     TPM_RC_ECC_POINT             secret is invalid (when keyHandle is an ECC key)
17 //     TPM_RC_INSUFFICIENT          secret is invalid (when keyHandle is an ECC key)
18 //     TPM_RC_INTEGRITY             credentialBlob fails integrity test
19 //     TPM_RC_NO_RESULT             secret is invalid (when keyHandle is an ECC key)
20 //     TPM_RC_SIZE                  secret size is invalid or the credentialBlob does not unmarshal
21 //                                  correctly
22 //     TPM_RC_TYPE                  keyHandle does not reference an asymmetric key.
23 //     TPM_RC_VALUE                 secret is invalid (when keyHandle is an RSA key)
24 //
25 TPM_RC
TPM2_ActivateCredential(ActivateCredential_In * in,ActivateCredential_Out * out)26 TPM2_ActivateCredential(
27    ActivateCredential_In    *in,                 // IN: input parameter list
28    ActivateCredential_Out   *out                 // OUT: output parameter list
29    )
30 {
31    TPM_RC                        result = TPM_RC_SUCCESS;
32    OBJECT                       *object;        // decrypt key
33    OBJECT                       *activateObject;// key associated with
34    // credential
35    TPM2B_DATA                      data;              // credential data
36 
37 // Input Validation
38 
39    // Get decrypt key pointer
40    object = ObjectGet(in->keyHandle);
41 
42    // Get certificated object pointer
43    activateObject = ObjectGet(in->activateHandle);
44 
45    // input decrypt key must be an asymmetric, restricted decryption key
46    if(   !CryptIsAsymAlgorithm(object->publicArea.type)
47       || object->publicArea.objectAttributes.decrypt == CLEAR
48       || object->publicArea.objectAttributes.restricted == CLEAR)
49        return TPM_RC_TYPE + RC_ActivateCredential_keyHandle;
50 
51 // Command output
52 
53    // Decrypt input credential data via asymmetric decryption. A
54    // TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this
55    // point
56    result = CryptSecretDecrypt(in->keyHandle, NULL,
57                                "IDENTITY", &in->secret, &data);
58    if(result != TPM_RC_SUCCESS)
59    {
60        if(result == TPM_RC_KEY)
61            return TPM_RC_FAILURE;
62        return RcSafeAddToResult(result, RC_ActivateCredential_secret);
63    }
64 
65    // Retrieve secret data. A TPM_RC_INTEGRITY error or unmarshal
66    // errors may be returned at this point
67    result = CredentialToSecret(&in->credentialBlob,
68                                &activateObject->name,
69                                (TPM2B_SEED *) &data,
70                                in->keyHandle,
71                                &out->certInfo);
72    if(result != TPM_RC_SUCCESS)
73        return RcSafeAddToResult(result,RC_ActivateCredential_credentialBlob);
74 
75    return TPM_RC_SUCCESS;
76 }
77