ActivateCredential.c - platform/external/tpm2 - Gitiles

 // This file was extracted from the TCG Published
 // Trusted Platform Module Library
 // Part 3: Commands
 // Family "2.0"
 // Level 00 Revision 01.16
 // October 30, 2014

 #include "InternalRoutines.h"
 #include "ActivateCredential_fp.h"
 #include "Object_spt_fp.h"
 //
 //
 //     Error Returns                Meaning
 //
 //     TPM_RC_ATTRIBUTES            keyHandle does not reference a decryption key
 //     TPM_RC_ECC_POINT             secret is invalid (when keyHandle is an ECC key)
 //     TPM_RC_INSUFFICIENT          secret is invalid (when keyHandle is an ECC key)
 //     TPM_RC_INTEGRITY             credentialBlob fails integrity test
 //     TPM_RC_NO_RESULT             secret is invalid (when keyHandle is an ECC key)
 //     TPM_RC_SIZE                  secret size is invalid or the credentialBlob does not unmarshal
 //                                  correctly
 //     TPM_RC_TYPE                  keyHandle does not reference an asymmetric key.
 //     TPM_RC_VALUE                 secret is invalid (when keyHandle is an RSA key)
 //
 TPM_RC
 TPM2_ActivateCredential(
    ActivateCredential_In    *in,                 // IN: input parameter list
    ActivateCredential_Out   *out                 // OUT: output parameter list
    )
 {
    TPM_RC                        result = TPM_RC_SUCCESS;
    OBJECT                       *object;        // decrypt key
    OBJECT                       *activateObject;// key associated with
    // credential
    TPM2B_DATA                      data;              // credential data

 // Input Validation

    // Get decrypt key pointer
    object = ObjectGet(in->keyHandle);

    // Get certificated object pointer
    activateObject = ObjectGet(in->activateHandle);

    // input decrypt key must be an asymmetric, restricted decryption key
    if(   !CryptIsAsymAlgorithm(object->publicArea.type)
       || object->publicArea.objectAttributes.decrypt == CLEAR
       || object->publicArea.objectAttributes.restricted == CLEAR)
        return TPM_RC_TYPE + RC_ActivateCredential_keyHandle;

 // Command output

    // Decrypt input credential data via asymmetric decryption. A
    // TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this
    // point
    result = CryptSecretDecrypt(in->keyHandle, NULL,
                                "IDENTITY", &in->secret, &data);
    if(result != TPM_RC_SUCCESS)
    {
        if(result == TPM_RC_KEY)
            return TPM_RC_FAILURE;
        return RcSafeAddToResult(result, RC_ActivateCredential_secret);
    }

    // Retrieve secret data. A TPM_RC_INTEGRITY error or unmarshal
    // errors may be returned at this point
    result = CredentialToSecret(&in->credentialBlob,
                                &activateObject->name,
                                (TPM2B_SEED *) &data,
                                in->keyHandle,
                                &out->certInfo);
    if(result != TPM_RC_SUCCESS)
        return RcSafeAddToResult(result,RC_ActivateCredential_credentialBlob);

    return TPM_RC_SUCCESS;
 }
	// This file was extracted from the TCG Published
	// Trusted Platform Module Library
	// Part 3: Commands
	// Family "2.0"
	// Level 00 Revision 01.16
	// October 30, 2014

	#include "InternalRoutines.h"
	#include "ActivateCredential_fp.h"
	#include "Object_spt_fp.h"
	//
	//
	// Error Returns Meaning
	//
	// TPM_RC_ATTRIBUTES keyHandle does not reference a decryption key
	// TPM_RC_ECC_POINT secret is invalid (when keyHandle is an ECC key)
	// TPM_RC_INSUFFICIENT secret is invalid (when keyHandle is an ECC key)
	// TPM_RC_INTEGRITY credentialBlob fails integrity test
	// TPM_RC_NO_RESULT secret is invalid (when keyHandle is an ECC key)
	// TPM_RC_SIZE secret size is invalid or the credentialBlob does not unmarshal
	// correctly
	// TPM_RC_TYPE keyHandle does not reference an asymmetric key.
	// TPM_RC_VALUE secret is invalid (when keyHandle is an RSA key)
	//
	TPM_RC
	TPM2_ActivateCredential(
	ActivateCredential_In *in, // IN: input parameter list
	ActivateCredential_Out *out // OUT: output parameter list
	)
	{
	TPM_RC result = TPM_RC_SUCCESS;
	OBJECT *object; // decrypt key
	OBJECT *activateObject;// key associated with
	// credential
	TPM2B_DATA data; // credential data

	// Input Validation

	// Get decrypt key pointer
	object = ObjectGet(in->keyHandle);

	// Get certificated object pointer
	activateObject = ObjectGet(in->activateHandle);

	// input decrypt key must be an asymmetric, restricted decryption key
	if( !CryptIsAsymAlgorithm(object->publicArea.type)
	\|\| object->publicArea.objectAttributes.decrypt == CLEAR
	\|\| object->publicArea.objectAttributes.restricted == CLEAR)
	return TPM_RC_TYPE + RC_ActivateCredential_keyHandle;

	// Command output

	// Decrypt input credential data via asymmetric decryption. A
	// TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this
	// point
	result = CryptSecretDecrypt(in->keyHandle, NULL,
	"IDENTITY", &in->secret, &data);
	if(result != TPM_RC_SUCCESS)
	{
	if(result == TPM_RC_KEY)
	return TPM_RC_FAILURE;
	return RcSafeAddToResult(result, RC_ActivateCredential_secret);
	}

	// Retrieve secret data. A TPM_RC_INTEGRITY error or unmarshal
	// errors may be returned at this point
	result = CredentialToSecret(&in->credentialBlob,
	&activateObject->name,
	(TPM2B_SEED *) &data,
	in->keyHandle,
	&out->certInfo);
	if(result != TPM_RC_SUCCESS)
	return RcSafeAddToResult(result,RC_ActivateCredential_credentialBlob);

	return TPM_RC_SUCCESS;
	}