xref: /external/tpm2/MakeCredential.c

// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 3: Commands
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014

#include "InternalRoutines.h"
#include "MakeCredential_fp.h"
#include "Object_spt_fp.h"
//
//
//     Error Returns                   Meaning
//
//     TPM_RC_KEY                      handle referenced an ECC key that has a unique field that is not a
//                                     point on the curve of the key
//     TPM_RC_SIZE                     credential is larger than the digest size of Name algorithm of handle
//     TPM_RC_TYPE                     handle does not reference an asymmetric decryption key
//
TPM_RC
TPM2_MakeCredential(
   MakeCredential_In    *in,                 // IN: input parameter list
   MakeCredential_Out   *out                 // OUT: output parameter list
   )
{
   TPM_RC                    result = TPM_RC_SUCCESS;

   OBJECT                    *object;
   TPM2B_DATA                data;

// Input Validation

   // Get object pointer
   object = ObjectGet(in->handle);

   // input key must be an asymmetric, restricted decryption key
   // NOTE: Needs to be restricted to have a symmetric value.
   if(   !CryptIsAsymAlgorithm(object->publicArea.type)
      || object->publicArea.objectAttributes.decrypt == CLEAR
      || object->publicArea.objectAttributes.restricted == CLEAR
     )
       return TPM_RC_TYPE + RC_MakeCredential_handle;

   // The credential information may not be larger than the digest size used for
   // the Name of the key associated with handle.
   if(in->credential.t.size > CryptGetHashDigestSize(object->publicArea.nameAlg))
       return TPM_RC_SIZE + RC_MakeCredential_credential;

// Command Output

   // Make encrypt key and its associated secret structure.
   // Even though CrypeSecretEncrypt() may return
   out->secret.t.size = sizeof(out->secret.t.secret);
   result = CryptSecretEncrypt(in->handle, "IDENTITY", &data, &out->secret);
   if(result != TPM_RC_SUCCESS)
       return result;

   // Prepare output credential data from secret
   SecretToCredential(&in->credential, &in->objectName, (TPM2B_SEED *) &data,
                      in->handle, &out->credentialBlob);

   return TPM_RC_SUCCESS;
}