291 lines
8.5 KiB
C
291 lines
8.5 KiB
C
// This file was extracted from the TCG Published
|
|
// Trusted Platform Module Library
|
|
// Part 4: Supporting Routines
|
|
// Family "2.0"
|
|
// Level 00 Revision 01.16
|
|
// October 30, 2014
|
|
|
|
#include "Tpm.h"
|
|
#include "InternalRoutines.h"
|
|
typedef UINT16 ATTRIBUTE_TYPE;
|
|
//
|
|
// The following file is produced from the command tables in part 3 of the specification. It defines the
|
|
// attributes for each of the commands.
|
|
//
|
|
// NOTE: This file is currently produced by an automated process. Files produced from Part 2 or Part 3 tables through
|
|
// automated processes are not included in the specification so that their is no ambiguity about the table
|
|
// containing the information being the normative definition.
|
|
//
|
|
#include "CommandAttributeData.c"
|
|
//
|
|
//
|
|
// Command Attribute Functions
|
|
//
|
|
// CommandAuthRole()
|
|
//
|
|
// This function returns the authorization role required of a handle.
|
|
//
|
|
// Return Value Meaning
|
|
//
|
|
// AUTH_NONE no authorization is required
|
|
// AUTH_USER user role authorization is required
|
|
// AUTH_ADMIN admin role authorization is required
|
|
// AUTH_DUP duplication role authorization is required
|
|
//
|
|
AUTH_ROLE
|
|
CommandAuthRole(
|
|
TPM_CC commandCode, // IN: command code
|
|
UINT32 handleIndex // IN: handle index (zero based)
|
|
)
|
|
{
|
|
if(handleIndex > 1)
|
|
return AUTH_NONE;
|
|
if(handleIndex == 0) {
|
|
ATTRIBUTE_TYPE properties = s_commandAttributes[commandCode - TPM_CC_FIRST];
|
|
if(properties & HANDLE_1_USER) return AUTH_USER;
|
|
if(properties & HANDLE_1_ADMIN) return AUTH_ADMIN;
|
|
if(properties & HANDLE_1_DUP) return AUTH_DUP;
|
|
return AUTH_NONE;
|
|
}
|
|
if(s_commandAttributes[commandCode - TPM_CC_FIRST] & HANDLE_2_USER)
|
|
return AUTH_USER;
|
|
return AUTH_NONE;
|
|
}
|
|
//
|
|
//
|
|
// CommandIsImplemented()
|
|
//
|
|
// This function indicates if a command is implemented.
|
|
//
|
|
// Return Value Meaning
|
|
//
|
|
// TRUE if the command is implemented
|
|
// FALSE if the command is not implemented
|
|
//
|
|
BOOL
|
|
CommandIsImplemented(
|
|
TPM_CC commandCode // IN: command code
|
|
)
|
|
{
|
|
if(commandCode < TPM_CC_FIRST || commandCode > TPM_CC_LAST)
|
|
return FALSE;
|
|
if((s_commandAttributes[commandCode - TPM_CC_FIRST] & IS_IMPLEMENTED))
|
|
return TRUE;
|
|
else
|
|
return FALSE;
|
|
}
|
|
//
|
|
//
|
|
// CommandGetAttribute()
|
|
//
|
|
// return a TPMA_CC structure for the given command code
|
|
//
|
|
TPMA_CC
|
|
CommandGetAttribute(
|
|
TPM_CC commandCode // IN: command code
|
|
)
|
|
{
|
|
UINT32 size = sizeof(s_ccAttr) / sizeof(s_ccAttr[0]);
|
|
UINT32 i;
|
|
for(i = 0; i < size; i++) {
|
|
if(s_ccAttr[i].commandIndex == (UINT16) commandCode)
|
|
return s_ccAttr[i];
|
|
}
|
|
// This function should be called in the way that the command code
|
|
// attribute is available.
|
|
FAIL(FATAL_ERROR_INTERNAL);
|
|
|
|
return s_ccAttr[0]; // Just to appease the compiler, never reached.
|
|
}
|
|
//
|
|
//
|
|
// EncryptSize()
|
|
//
|
|
// This function returns the size of the decrypt size field. This function returns 0 if encryption is not allowed
|
|
//
|
|
// Return Value Meaning
|
|
//
|
|
// 0 encryption not allowed
|
|
// 2 size field is two bytes
|
|
// 4 size field is four bytes
|
|
//
|
|
int
|
|
EncryptSize(
|
|
TPM_CC commandCode // IN: commandCode
|
|
)
|
|
{
|
|
COMMAND_ATTRIBUTES ca = s_commandAttributes[commandCode - TPM_CC_FIRST];
|
|
if(ca & ENCRYPT_2)
|
|
return 2;
|
|
if(ca & ENCRYPT_4)
|
|
return 4;
|
|
return 0;
|
|
}
|
|
//
|
|
//
|
|
// DecryptSize()
|
|
//
|
|
// This function returns the size of the decrypt size field. This function returns 0 if decryption is not allowed
|
|
//
|
|
// Return Value Meaning
|
|
//
|
|
// 0 encryption not allowed
|
|
// 2 size field is two bytes
|
|
// 4 size field is four bytes
|
|
//
|
|
int
|
|
DecryptSize(
|
|
TPM_CC commandCode // IN: commandCode
|
|
)
|
|
{
|
|
COMMAND_ATTRIBUTES ca = s_commandAttributes[commandCode - TPM_CC_FIRST];
|
|
if(ca & DECRYPT_2)
|
|
return 2;
|
|
if(ca & DECRYPT_4)
|
|
return 4;
|
|
return 0;
|
|
}
|
|
//
|
|
//
|
|
// IsSessionAllowed()
|
|
//
|
|
// This function indicates if the command is allowed to have sessions.
|
|
// This function must not be called if the command is not known to be implemented.
|
|
//
|
|
// Return Value Meaning
|
|
//
|
|
// TRUE session is allowed with this command
|
|
// FALSE session is not allowed with this command
|
|
//
|
|
BOOL
|
|
IsSessionAllowed(
|
|
TPM_CC commandCode // IN: the command to be checked
|
|
)
|
|
{
|
|
if(s_commandAttributes[commandCode - TPM_CC_FIRST] & NO_SESSIONS)
|
|
return FALSE;
|
|
else
|
|
return TRUE;
|
|
}
|
|
//
|
|
//
|
|
// IsHandleInResponse()
|
|
//
|
|
BOOL
|
|
IsHandleInResponse(
|
|
TPM_CC commandCode
|
|
)
|
|
{
|
|
if(s_commandAttributes[commandCode - TPM_CC_FIRST] & R_HANDLE)
|
|
return TRUE;
|
|
else
|
|
return FALSE;
|
|
//
|
|
}
|
|
//
|
|
//
|
|
// IsWriteOperation()
|
|
//
|
|
// Checks to see if an operation will write to NV memory
|
|
//
|
|
BOOL
|
|
IsWriteOperation(
|
|
TPM_CC command // IN: Command to check
|
|
)
|
|
{
|
|
switch (command)
|
|
{
|
|
case TPM_CC_NV_Write:
|
|
case TPM_CC_NV_Increment:
|
|
case TPM_CC_NV_SetBits:
|
|
case TPM_CC_NV_Extend:
|
|
// Nv write lock counts as a write operation for authorization purposes.
|
|
// We check to see if the NV is write locked before we do the authorization
|
|
// If it is locked, we fail the command early.
|
|
case TPM_CC_NV_WriteLock:
|
|
return TRUE;
|
|
default:
|
|
break;
|
|
}
|
|
return FALSE;
|
|
}
|
|
//
|
|
//
|
|
// IsReadOperation()
|
|
//
|
|
// Checks to see if an operation will write to NV memory
|
|
//
|
|
BOOL
|
|
IsReadOperation(
|
|
TPM_CC command // IN: Command to check
|
|
)
|
|
{
|
|
switch (command)
|
|
{
|
|
case TPM_CC_NV_Read:
|
|
case TPM_CC_PolicyNV:
|
|
case TPM_CC_NV_Certify:
|
|
// Nv read lock counts as a read operation for authorization purposes.
|
|
// We check to see if the NV is read locked before we do the authorization
|
|
// If it is locked, we fail the command early.
|
|
case TPM_CC_NV_ReadLock:
|
|
return TRUE;
|
|
default:
|
|
break;
|
|
}
|
|
return FALSE;
|
|
}
|
|
//
|
|
//
|
|
// CommandCapGetCCList()
|
|
//
|
|
// This function returns a list of implemented commands and command attributes starting from the
|
|
// command in commandCode.
|
|
//
|
|
//
|
|
//
|
|
//
|
|
// Return Value Meaning
|
|
//
|
|
// YES more command attributes are available
|
|
// NO no more command attributes are available
|
|
//
|
|
TPMI_YES_NO
|
|
CommandCapGetCCList(
|
|
TPM_CC commandCode, // IN: start command code
|
|
UINT32 count, // IN: maximum count for number of entries in
|
|
// 'commandList'
|
|
TPML_CCA *commandList // OUT: list of TPMA_CC
|
|
)
|
|
{
|
|
TPMI_YES_NO more = NO;
|
|
UINT32 i;
|
|
// initialize output handle list count
|
|
commandList->count = 0;
|
|
// The maximum count of commands that may be return is MAX_CAP_CC.
|
|
if(count > MAX_CAP_CC) count = MAX_CAP_CC;
|
|
// If the command code is smaller than TPM_CC_FIRST, start from TPM_CC_FIRST
|
|
if(commandCode < TPM_CC_FIRST) commandCode = TPM_CC_FIRST;
|
|
// Collect command attributes
|
|
for(i = commandCode; i <= TPM_CC_LAST; i++)
|
|
{
|
|
if(CommandIsImplemented(i))
|
|
{
|
|
if(commandList->count < count)
|
|
{
|
|
// If the list is not full, add the attributes for this command.
|
|
commandList->commandAttributes[commandList->count]
|
|
= CommandGetAttribute(i);
|
|
commandList->count++;
|
|
}
|
|
else
|
|
{
|
|
// If the list is full but there are more commands to report,
|
|
// indicate this and return.
|
|
more = YES;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
return more;
|
|
}
|