MakeCredential.c - platform/external/tpm2 - Git at Google

 // This file was extracted from the TCG Published
 // Trusted Platform Module Library
 // Part 3: Commands
 // Family "2.0"
 // Level 00 Revision 01.16
 // October 30, 2014

 #include "InternalRoutines.h"
 #include "MakeCredential_fp.h"
 #include "Object_spt_fp.h"
 //
 //
 //     Error Returns                   Meaning
 //
 //     TPM_RC_KEY                      handle referenced an ECC key that has a unique field that is not a
 //                                     point on the curve of the key
 //     TPM_RC_SIZE                     credential is larger than the digest size of Name algorithm of handle
 //     TPM_RC_TYPE                     handle does not reference an asymmetric decryption key
 //
 TPM_RC
 TPM2_MakeCredential(
    MakeCredential_In    *in,                 // IN: input parameter list
    MakeCredential_Out   *out                 // OUT: output parameter list
    )
 {
    TPM_RC                    result = TPM_RC_SUCCESS;

    OBJECT                    *object;
    TPM2B_DATA                data;

 // Input Validation

    // Get object pointer
    object = ObjectGet(in->handle);

    // input key must be an asymmetric, restricted decryption key
    // NOTE: Needs to be restricted to have a symmetric value.
    if(   !CryptIsAsymAlgorithm(object->publicArea.type)
       || object->publicArea.objectAttributes.decrypt == CLEAR
       || object->publicArea.objectAttributes.restricted == CLEAR
      )
        return TPM_RC_TYPE + RC_MakeCredential_handle;

    // The credential information may not be larger than the digest size used for
    // the Name of the key associated with handle.
    if(in->credential.t.size > CryptGetHashDigestSize(object->publicArea.nameAlg))
        return TPM_RC_SIZE + RC_MakeCredential_credential;

 // Command Output

    // Make encrypt key and its associated secret structure.
    // Even though CrypeSecretEncrypt() may return
    out->secret.t.size = sizeof(out->secret.t.secret);
    result = CryptSecretEncrypt(in->handle, "IDENTITY", &data, &out->secret);
    if(result != TPM_RC_SUCCESS)
        return result;

    // Prepare output credential data from secret
    SecretToCredential(&in->credential, &in->objectName, (TPM2B_SEED *) &data,
                       in->handle, &out->credentialBlob);

    return TPM_RC_SUCCESS;
 }
	// This file was extracted from the TCG Published
	// Trusted Platform Module Library
	// Part 3: Commands
	// Family "2.0"
	// Level 00 Revision 01.16
	// October 30, 2014

	#include "InternalRoutines.h"
	#include "MakeCredential_fp.h"
	#include "Object_spt_fp.h"
	//
	//
	// Error Returns Meaning
	//
	// TPM_RC_KEY handle referenced an ECC key that has a unique field that is not a
	// point on the curve of the key
	// TPM_RC_SIZE credential is larger than the digest size of Name algorithm of handle
	// TPM_RC_TYPE handle does not reference an asymmetric decryption key
	//
	TPM_RC
	TPM2_MakeCredential(
	MakeCredential_In *in, // IN: input parameter list
	MakeCredential_Out *out // OUT: output parameter list
	)
	{
	TPM_RC result = TPM_RC_SUCCESS;

	OBJECT *object;
	TPM2B_DATA data;

	// Input Validation

	// Get object pointer
	object = ObjectGet(in->handle);

	// input key must be an asymmetric, restricted decryption key
	// NOTE: Needs to be restricted to have a symmetric value.
	if( !CryptIsAsymAlgorithm(object->publicArea.type)
	\|\| object->publicArea.objectAttributes.decrypt == CLEAR
	\|\| object->publicArea.objectAttributes.restricted == CLEAR
	)
	return TPM_RC_TYPE + RC_MakeCredential_handle;

	// The credential information may not be larger than the digest size used for
	// the Name of the key associated with handle.
	if(in->credential.t.size > CryptGetHashDigestSize(object->publicArea.nameAlg))
	return TPM_RC_SIZE + RC_MakeCredential_credential;

	// Command Output

	// Make encrypt key and its associated secret structure.
	// Even though CrypeSecretEncrypt() may return
	out->secret.t.size = sizeof(out->secret.t.secret);
	result = CryptSecretEncrypt(in->handle, "IDENTITY", &data, &out->secret);
	if(result != TPM_RC_SUCCESS)
	return result;

	// Prepare output credential data from secret
	SecretToCredential(&in->credential, &in->objectName, (TPM2B_SEED *) &data,
	in->handle, &out->credentialBlob);

	return TPM_RC_SUCCESS;
	}