mirror of
https://github.com/tpm2dev/tpm.dev.tutorials.git
synced 2024-11-14 18:52:11 +00:00
1.6 KiB
1.6 KiB
TPM2_ActivateCredential()
TPM2_ActivateCredential()
decrypts a ciphertext made by
TPM2_MakeCredential()
and checks that the
caller has access to the object named by the caller of
TPM2_MakeCredential()
, and if so then
TPM2_ActivateCredential()
outputs the small secret provided by the
caller of TPM2_MakeCredential()
,
otherwise TPM2_ActivateCredential()
fails.
Together with TPM2_MakeCredential()
,
this function can be used to implement attestation protocols.
Inputs
TPMI_DH_OBJECT activateHandle
(e.g., handle for an AK)TPMI_DH_OBJECT keyHandle
(e.g., handle for an EK corresponding to the EKpub encrypted to byTPM2_MakeCredential()
)TPM2B_ID_OBJECT credentialBlob
(output ofTPM2_MakeCredential()
)TPM2B_ENCRYPTED_SECRET secret
(output ofTPM2_MakeCredential()
)
Outputs (success case)
TPM2B_DIGEST certInfo
(not necessarily a digest, but a small [digest-sized] secret that was input toTPM2_MakeCredential()
)