• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Microsoft Reference Implementation for TPM 2.0
2  *
3  *  The copyright in this software is being made available under the BSD License,
4  *  included below. This software may be subject to other third party and
5  *  contributor rights, including patent rights, and no such rights are granted
6  *  under this license.
7  *
8  *  Copyright (c) Microsoft Corporation
9  *
10  *  All rights reserved.
11  *
12  *  BSD License
13  *
14  *  Redistribution and use in source and binary forms, with or without modification,
15  *  are permitted provided that the following conditions are met:
16  *
17  *  Redistributions of source code must retain the above copyright notice, this list
18  *  of conditions and the following disclaimer.
19  *
20  *  Redistributions in binary form must reproduce the above copyright notice, this
21  *  list of conditions and the following disclaimer in the documentation and/or
22  *  other materials provided with the distribution.
23  *
24  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
25  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27  *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
28  *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29  *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
30  *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
31  *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32  *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 #include "Tpm.h"
36 #include "ActivateCredential_fp.h"
37 
38 #if CC_ActivateCredential  // Conditional expansion of this file
39 
40 #include "Object_spt_fp.h"
41 
42 /*(See part 3 specification)
43 // Activate Credential with an object
44 */
45 //  Return Type: TPM_RC
46 //      TPM_RC_ATTRIBUTES       'keyHandle' does not reference a decryption key
47 //      TPM_RC_ECC_POINT        'secret' is invalid (when 'keyHandle' is an ECC key)
48 //      TPM_RC_INSUFFICIENT     'secret' is invalid (when 'keyHandle' is an ECC key)
49 //      TPM_RC_INTEGRITY        'credentialBlob' fails integrity test
50 //      TPM_RC_NO_RESULT        'secret' is invalid (when 'keyHandle' is an ECC key)
51 //      TPM_RC_SIZE             'secret' size is invalid or the 'credentialBlob'
52 //                              does not unmarshal correctly
53 //      TPM_RC_TYPE             'keyHandle' does not reference an asymmetric key.
54 //      TPM_RC_VALUE            'secret' is invalid (when 'keyHandle' is an RSA key)
55 TPM_RC
TPM2_ActivateCredential(ActivateCredential_In * in,ActivateCredential_Out * out)56 TPM2_ActivateCredential(
57     ActivateCredential_In   *in,            // IN: input parameter list
58     ActivateCredential_Out  *out            // OUT: output parameter list
59     )
60 {
61     TPM_RC                   result = TPM_RC_SUCCESS;
62     OBJECT                  *object;            // decrypt key
63     OBJECT                  *activateObject;    // key associated with credential
64     TPM2B_DATA               data;          // credential data
65 
66 // Input Validation
67 
68     // Get decrypt key pointer
69     object = HandleToObject(in->keyHandle);
70 
71     // Get certificated object pointer
72     activateObject = HandleToObject(in->activateHandle);
73 
74     // input decrypt key must be an asymmetric, restricted decryption key
75     if(!CryptIsAsymAlgorithm(object->publicArea.type)
76        || !IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, decrypt)
77        || !IS_ATTRIBUTE(object->publicArea.objectAttributes,
78                         TPMA_OBJECT, restricted))
79         return TPM_RCS_TYPE + RC_ActivateCredential_keyHandle;
80 
81 // Command output
82 
83     // Decrypt input credential data via asymmetric decryption.  A
84     // TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this
85     // point
86     result = CryptSecretDecrypt(object, NULL, IDENTITY_STRING, &in->secret, &data);
87     if(result != TPM_RC_SUCCESS)
88     {
89         if(result == TPM_RC_KEY)
90             return TPM_RC_FAILURE;
91         return RcSafeAddToResult(result, RC_ActivateCredential_secret);
92     }
93 
94     // Retrieve secret data.  A TPM_RC_INTEGRITY error or unmarshal
95     // errors may be returned at this point
96     result = CredentialToSecret(&in->credentialBlob.b,
97                                 &activateObject->name.b,
98                                 &data.b,
99                                 object,
100                                 &out->certInfo);
101     if(result != TPM_RC_SUCCESS)
102         return RcSafeAddToResult(result, RC_ActivateCredential_credentialBlob);
103 
104     return TPM_RC_SUCCESS;
105 }
106 
107 #endif // CC_ActivateCredential