1 // This file was extracted from the TCG Published
2 // Trusted Platform Module Library
3 // Part 3: Commands
4 // Family "2.0"
5 // Level 00 Revision 01.16
6 // October 30, 2014
7 
8 #include "InternalRoutines.h"
9 #include "RSA_Decrypt_fp.h"
10 #ifdef TPM_ALG_RSA
11 //
12 //
13 //     Error Returns                     Meaning
14 //
15 //     TPM_RC_BINDING                    The public an private parts of the key are not properly bound
16 //     TPM_RC_KEY                        keyHandle does not reference an unrestricted decrypt key
17 //     TPM_RC_SCHEME                     incorrect input scheme, or the chosen scheme is not a valid RSA
18 //                                       decrypt scheme
19 //     TPM_RC_SIZE                       cipherText is not the size of the modulus of key referenced by
20 //                                       keyHandle
21 //     TPM_RC_VALUE                      label is not a null terminated string or the value of cipherText is
22 //                                       greater that the modulus of keyHandle
23 //
24 TPM_RC
TPM2_RSA_Decrypt(RSA_Decrypt_In * in,RSA_Decrypt_Out * out)25 TPM2_RSA_Decrypt(
26    RSA_Decrypt_In        *in,                   // IN: input parameter list
27    RSA_Decrypt_Out       *out                   // OUT: output parameter list
28    )
29 {
30    TPM_RC                             result;
31    OBJECT                            *rsaKey;
32    TPMT_RSA_DECRYPT                  *scheme;
33    char                              *label = NULL;
34 
35 // Input Validation
36 
37    rsaKey = ObjectGet(in->keyHandle);
38 
39    // The selected key must be an RSA key
40    if(rsaKey->publicArea.type != TPM_ALG_RSA)
41        return TPM_RC_KEY + RC_RSA_Decrypt_keyHandle;
42 
43    // The selected key must be an unrestricted decryption key
44    if(   rsaKey->publicArea.objectAttributes.restricted == SET
45       || rsaKey->publicArea.objectAttributes.decrypt == CLEAR)
46        return TPM_RC_ATTRIBUTES + RC_RSA_Decrypt_keyHandle;
47 
48    //   NOTE: Proper operation of this command requires that the sensitive area
49    //   of the key is loaded. This is assured because authorization is required
50    //   to use the sensitive area of the key. In order to check the authorization,
51    //   the sensitive area has to be loaded, even if authorization is with policy.
52 
53    // If label is present, make sure that it is a NULL-terminated string
54    if(in->label.t.size > 0)
55    {
56        // Present, so make sure that it is NULL-terminated
57        if(in->label.t.buffer[in->label.t.size - 1] != 0)
58            return TPM_RC_VALUE + RC_RSA_Decrypt_label;
59        label = (char *)in->label.t.buffer;
60    }
61 
62 // Command Output
63 
64    // Select a scheme for decrypt.
65    scheme = CryptSelectRSAScheme(in->keyHandle, &in->inScheme);
66   if(scheme == NULL)
67       return TPM_RC_SCHEME + RC_RSA_Decrypt_inScheme;
68 
69   // Decryption. TPM_RC_VALUE, TPM_RC_SIZE, and TPM_RC_KEY error may be
70   // returned by CryptDecryptRSA.
71   // NOTE: CryptDecryptRSA can also return TPM_RC_ATTRIBUTES or TPM_RC_BINDING
72   // when the key is not a decryption key but that was checked above.
73   out->message.t.size = sizeof(out->message.t.buffer);
74   result = CryptDecryptRSA(&out->message.t.size, out->message.t.buffer, rsaKey,
75                            scheme, in->cipherText.t.size,
76                            in->cipherText.t.buffer,
77                            label);
78 
79    return result;
80 }
81 #endif
82