1// This file was extracted from the TCG Published
2// Trusted Platform Module Library
3// Part 3: Commands
4// Family "2.0"
5// Level 00 Revision 01.16
6// October 30, 2014
7
8#include "InternalRoutines.h"
9#include "ActivateCredential_fp.h"
10#include "Object_spt_fp.h"
11//
12//
13//     Error Returns                Meaning
14//
15//     TPM_RC_ATTRIBUTES            keyHandle does not reference a decryption key
16//     TPM_RC_ECC_POINT             secret is invalid (when keyHandle is an ECC key)
17//     TPM_RC_INSUFFICIENT          secret is invalid (when keyHandle is an ECC key)
18//     TPM_RC_INTEGRITY             credentialBlob fails integrity test
19//     TPM_RC_NO_RESULT             secret is invalid (when keyHandle is an ECC key)
20//     TPM_RC_SIZE                  secret size is invalid or the credentialBlob does not unmarshal
21//                                  correctly
22//     TPM_RC_TYPE                  keyHandle does not reference an asymmetric key.
23//     TPM_RC_VALUE                 secret is invalid (when keyHandle is an RSA key)
24//
25TPM_RC
26TPM2_ActivateCredential(
27   ActivateCredential_In    *in,                 // IN: input parameter list
28   ActivateCredential_Out   *out                 // OUT: output parameter list
29   )
30{
31   TPM_RC                        result = TPM_RC_SUCCESS;
32   OBJECT                       *object;        // decrypt key
33   OBJECT                       *activateObject;// key associated with
34   // credential
35   TPM2B_DATA                      data;              // credential data
36
37// Input Validation
38
39   // Get decrypt key pointer
40   object = ObjectGet(in->keyHandle);
41
42   // Get certificated object pointer
43   activateObject = ObjectGet(in->activateHandle);
44
45   // input decrypt key must be an asymmetric, restricted decryption key
46   if(   !CryptIsAsymAlgorithm(object->publicArea.type)
47      || object->publicArea.objectAttributes.decrypt == CLEAR
48      || object->publicArea.objectAttributes.restricted == CLEAR)
49       return TPM_RC_TYPE + RC_ActivateCredential_keyHandle;
50
51// Command output
52
53   // Decrypt input credential data via asymmetric decryption. A
54   // TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this
55   // point
56   result = CryptSecretDecrypt(in->keyHandle, NULL,
57                               "IDENTITY", &in->secret, &data);
58   if(result != TPM_RC_SUCCESS)
59   {
60       if(result == TPM_RC_KEY)
61           return TPM_RC_FAILURE;
62       return RcSafeAddToResult(result, RC_ActivateCredential_secret);
63   }
64
65   // Retrieve secret data. A TPM_RC_INTEGRITY error or unmarshal
66   // errors may be returned at this point
67   result = CredentialToSecret(&in->credentialBlob,
68                               &activateObject->name,
69                               (TPM2B_SEED *) &data,
70                               in->keyHandle,
71                               &out->certInfo);
72   if(result != TPM_RC_SUCCESS)
73       return RcSafeAddToResult(result,RC_ActivateCredential_credentialBlob);
74
75   return TPM_RC_SUCCESS;
76}
77