/src/tpm2/ActivateCredential.c

Source
// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 3: Commands
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014

#include "InternalRoutines.h"
#include "ActivateCredential_fp.h"
#include "Object_spt_fp.h"
//
//
//     Error Returns                Meaning
//
//     TPM_RC_ATTRIBUTES            keyHandle does not reference a decryption key
//     TPM_RC_ECC_POINT             secret is invalid (when keyHandle is an ECC key)
//     TPM_RC_INSUFFICIENT          secret is invalid (when keyHandle is an ECC key)
//     TPM_RC_INTEGRITY             credentialBlob fails integrity test
//     TPM_RC_NO_RESULT             secret is invalid (when keyHandle is an ECC key)
//     TPM_RC_SIZE                  secret size is invalid or the credentialBlob does not unmarshal
//                                  correctly
//     TPM_RC_TYPE                  keyHandle does not reference an asymmetric key.
//     TPM_RC_VALUE                 secret is invalid (when keyHandle is an RSA key)
//
TPM_RC
TPM2_ActivateCredential(
   ActivateCredential_In    *in,                 // IN: input parameter list
   ActivateCredential_Out   *out                 // OUT: output parameter list
   )
{
   TPM_RC                        result = TPM_RC_SUCCESS;
   OBJECT                       *object;        // decrypt key
   OBJECT                       *activateObject;// key associated with
   // credential
   TPM2B_DATA                      data;              // credential data

// Input Validation

   // Get decrypt key pointer
   object = ObjectGet(in->keyHandle);

   // Get certificated object pointer
   activateObject = ObjectGet(in->activateHandle);

   // input decrypt key must be an asymmetric, restricted decryption key
   if(   !CryptIsAsymAlgorithm(object->publicArea.type)
      || object->publicArea.objectAttributes.decrypt == CLEAR
      || object->publicArea.objectAttributes.restricted == CLEAR)
       return TPM_RC_TYPE + RC_ActivateCredential_keyHandle;

// Command output

   // Decrypt input credential data via asymmetric decryption. A
   // TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this
   // point
   result = CryptSecretDecrypt(in->keyHandle, NULL,
                               "IDENTITY", &in->secret, &data);
   if(result != TPM_RC_SUCCESS)
   {
       if(result == TPM_RC_KEY)
           return TPM_RC_FAILURE;
       return RcSafeAddToResult(result, RC_ActivateCredential_secret);
   }

   // Retrieve secret data. A TPM_RC_INTEGRITY error or unmarshal
   // errors may be returned at this point
   result = CredentialToSecret(&in->credentialBlob,
                               &activateObject->name,
                               (TPM2B_SEED *) &data,
                               in->keyHandle,
                               &out->certInfo);
   if(result != TPM_RC_SUCCESS)
       return RcSafeAddToResult(result,RC_ActivateCredential_credentialBlob);

   return TPM_RC_SUCCESS;
}

Coverage Report

Created: 2025-11-24 06:31

Line	Count	Source
1		// This file was extracted from the TCG Published
2		// Trusted Platform Module Library
3		// Part 3: Commands
4		// Family "2.0"
5		// Level 00 Revision 01.16
6		// October 30, 2014
7
8		#include "InternalRoutines.h"
9		#include "ActivateCredential_fp.h"
10		#include "Object_spt_fp.h"
11		//
12		//
13		// Error Returns Meaning
14		//
15		// TPM_RC_ATTRIBUTES keyHandle does not reference a decryption key
16		// TPM_RC_ECC_POINT secret is invalid (when keyHandle is an ECC key)
17		// TPM_RC_INSUFFICIENT secret is invalid (when keyHandle is an ECC key)
18		// TPM_RC_INTEGRITY credentialBlob fails integrity test
19		// TPM_RC_NO_RESULT secret is invalid (when keyHandle is an ECC key)
20		// TPM_RC_SIZE secret size is invalid or the credentialBlob does not unmarshal
21		// correctly
22		// TPM_RC_TYPE keyHandle does not reference an asymmetric key.
23		// TPM_RC_VALUE secret is invalid (when keyHandle is an RSA key)
24		//
25		TPM_RC
26		TPM2_ActivateCredential(
27		ActivateCredential_In *in, // IN: input parameter list
28		ActivateCredential_Out *out // OUT: output parameter list
29		)
30	0	{
31	0	TPM_RC result = TPM_RC_SUCCESS;
32	0	OBJECT *object; // decrypt key
33	0	OBJECT *activateObject;// key associated with
34		// credential
35	0	TPM2B_DATA data; // credential data
36
37		// Input Validation
38
39		// Get decrypt key pointer
40	0	object = ObjectGet(in->keyHandle);
41
42		// Get certificated object pointer
43	0	activateObject = ObjectGet(in->activateHandle);
44
45		// input decrypt key must be an asymmetric, restricted decryption key
46	0	if( !CryptIsAsymAlgorithm(object->publicArea.type)
47	0	\|\| object->publicArea.objectAttributes.decrypt == CLEAR
48	0	\|\| object->publicArea.objectAttributes.restricted == CLEAR)
49	0	return TPM_RC_TYPE + RC_ActivateCredential_keyHandle;
50
51		// Command output
52
53		// Decrypt input credential data via asymmetric decryption. A
54		// TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this
55		// point
56	0	result = CryptSecretDecrypt(in->keyHandle, NULL,
57	0	"IDENTITY", &in->secret, &data);
58	0	if(result != TPM_RC_SUCCESS)
59	0	{
60	0	if(result == TPM_RC_KEY)
61	0	return TPM_RC_FAILURE;
62	0	return RcSafeAddToResult(result, RC_ActivateCredential_secret);
63	0	}
64
65		// Retrieve secret data. A TPM_RC_INTEGRITY error or unmarshal
66		// errors may be returned at this point
67	0	result = CredentialToSecret(&in->credentialBlob,
68	0	&activateObject->name,
69	0	(TPM2B_SEED *) &data,
70	0	in->keyHandle,
71	0	&out->certInfo);
72	0	if(result != TPM_RC_SUCCESS)
73	0	return RcSafeAddToResult(result,RC_ActivateCredential_credentialBlob);
74
75	0	return TPM_RC_SUCCESS;
76	0	}