1// This file was extracted from the TCG Published 2// Trusted Platform Module Library 3// Part 3: Commands 4// Family "2.0" 5// Level 00 Revision 01.16 6// October 30, 2014 7 8#include "InternalRoutines.h" 9#include "RSA_Decrypt_fp.h" 10#ifdef TPM_ALG_RSA 11// 12// 13// Error Returns Meaning 14// 15// TPM_RC_ATTRIBUTES If the key is restricted or the key is not a decryption key 16// TPM_RC_BINDING The public an private parts of the key are not properly bound 17// TPM_RC_KEY keyHandle does not reference an unrestricted decrypt key 18// TPM_RC_SCHEME incorrect input scheme, or the chosen scheme is not a valid RSA 19// decrypt scheme 20// TPM_RC_SIZE cipherText is not the size of the modulus of key referenced by 21// keyHandle 22// TPM_RC_VALUE label is not a null terminated string or the value of cipherText is 23// greater that the modulus of keyHandle 24// 25TPM_RC 26TPM2_RSA_Decrypt( 27 RSA_Decrypt_In *in, // IN: input parameter list 28 RSA_Decrypt_Out *out // OUT: output parameter list 29 ) 30{ 31 TPM_RC result; 32 OBJECT *rsaKey; 33 TPMT_RSA_DECRYPT *scheme; 34 char *label = NULL; 35 36// Input Validation 37 38 rsaKey = ObjectGet(in->keyHandle); 39 40 // The selected key must be an RSA key 41 if(rsaKey->publicArea.type != TPM_ALG_RSA) 42 return TPM_RC_KEY + RC_RSA_Decrypt_keyHandle; 43 44 // The selected key must be an unrestricted decryption key 45 if( rsaKey->publicArea.objectAttributes.restricted == SET 46 || rsaKey->publicArea.objectAttributes.decrypt == CLEAR) 47 return TPM_RC_ATTRIBUTES + RC_RSA_Decrypt_keyHandle; 48 49 // NOTE: Proper operation of this command requires that the sensitive area 50 // of the key is loaded. This is assured because authorization is required 51 // to use the sensitive area of the key. In order to check the authorization, 52 // the sensitive area has to be loaded, even if authorization is with policy. 53 54 // If label is present, make sure that it is a NULL-terminated string 55 if(in->label.t.size > 0) 56 { 57 // Present, so make sure that it is NULL-terminated 58 if(in->label.t.buffer[in->label.t.size - 1] != 0) 59 return TPM_RC_VALUE + RC_RSA_Decrypt_label; 60 label = (char *)in->label.t.buffer; 61 } 62 63// Command Output 64 65 // Select a scheme for decrypt. 66 scheme = CryptSelectRSAScheme(in->keyHandle, &in->inScheme); 67 if(scheme == NULL) 68 return TPM_RC_SCHEME + RC_RSA_Decrypt_inScheme; 69 70 // Decryption. TPM_RC_VALUE, TPM_RC_SIZE, and TPM_RC_KEY error may be 71 // returned by CryptDecryptRSA. 72 // NOTE: CryptDecryptRSA can also return TPM_RC_ATTRIBUTES or TPM_RC_BINDING 73 // when the key is not a decryption key but that was checked above. 74 out->message.t.size = sizeof(out->message.t.buffer); 75 result = CryptDecryptRSA(&out->message.t.size, out->message.t.buffer, rsaKey, 76 scheme, in->cipherText.t.size, 77 in->cipherText.t.buffer, 78 label); 79 80 return result; 81} 82#endif 83