Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / third_party / tpm2 / 258ca73479c73062a643bb2c7827429daf71b395 / . / CommandCodeAttributes.c
blob: bf50bbc30d4baf4f3b7dacbea9d991fc0bca20ec [file] [log] [blame]
Vadim Bendebury56797522015-05-20 10:32:25 -0700[diff] [blame]1// This file was extracted from the TCG Published
2// Trusted Platform Module Library
3// Part 4: Supporting Routines
4// Family "2.0"
5// Level 00 Revision 01.16
6// October 30, 2014
7
8#include "Tpm.h"
9#include "InternalRoutines.h"
10typedef UINT16 ATTRIBUTE_TYPE;
11//
12// The following file is produced from the command tables in part 3 of the specification. It defines the
13// attributes for each of the commands.
14//
15// NOTE: This file is currently produced by an automated process. Files produced from Part 2 or Part 3 tables through
16// automated processes are not included in the specification so that their is no ambiguity about the table
17// containing the information being the normative definition.
18//
19#include "CommandAttributeData.c"
20//
21//
22// Command Attribute Functions
23//
24// CommandAuthRole()
25//
26// This function returns the authorization role required of a handle.
27//
28// Return Value Meaning
29//
30// AUTH_NONE no authorization is required
31// AUTH_USER user role authorization is required
32// AUTH_ADMIN admin role authorization is required
33// AUTH_DUP duplication role authorization is required
34//
35AUTH_ROLE
36CommandAuthRole(
37 TPM_CC commandCode, // IN: command code
38 UINT32 handleIndex // IN: handle index (zero based)
39 )
40{
41 if(handleIndex > 1)
42 return AUTH_NONE;
43 if(handleIndex == 0) {
44 ATTRIBUTE_TYPE properties = s_commandAttributes[commandCode - TPM_CC_FIRST];
45 if(properties & HANDLE_1_USER) return AUTH_USER;
46 if(properties & HANDLE_1_ADMIN) return AUTH_ADMIN;
47 if(properties & HANDLE_1_DUP) return AUTH_DUP;
48 return AUTH_NONE;
49 }
50 if(s_commandAttributes[commandCode - TPM_CC_FIRST] & HANDLE_2_USER) return
51// AUTH_USER;
52 return AUTH_NONE;
53}
54//
55//
56// CommandIsImplemented()
57//
58// This function indicates if a command is implemented.
59//
60// Return Value Meaning
61//
62// TRUE if the command is implemented
63// FALSE if the command is not implemented
64//
65BOOL
66CommandIsImplemented(
67 TPM_CC commandCode // IN: command code
68 )
69{
70 if(commandCode < TPM_CC_FIRST || commandCode > TPM_CC_LAST)
71 return FALSE;
72 if((s_commandAttributes[commandCode - TPM_CC_FIRST] & IS_IMPLEMENTED))
73 return TRUE;
74 else
75 return FALSE;
76}
77//
78//
79// CommandGetAttribute()
80//
81// return a TPMA_CC structure for the given command code
82//
83TPMA_CC
84CommandGetAttribute(
85 TPM_CC commandCode // IN: command code
86 )
87{
88 UINT32 size = sizeof(s_ccAttr) / sizeof(s_ccAttr[0]);
89 UINT32 i;
90 for(i = 0; i < size; i++) {
91 if(s_ccAttr[i].commandIndex == (UINT16) commandCode)
92 return s_ccAttr[i];
93 }
94 // This function should be called in the way that the command code
95 // attribute is available.
96 FAIL(FATAL_ERROR_INTERNAL);
97}
98//
99//
100// EncryptSize()
101//
102// This function returns the size of the decrypt size field. This function returns 0 if encryption is not allowed
103//
104// Return Value Meaning
105//
106// 0 encryption not allowed
107// 2 size field is two bytes
108// 4 size field is four bytes
109//
110int
111EncryptSize(
112 TPM_CC commandCode // IN: commandCode
113 )
114{
115 COMMAND_ATTRIBUTES ca = s_commandAttributes[commandCode - TPM_CC_FIRST];
116 if(ca & ENCRYPT_2)
117 return 2;
118 if(ca & ENCRYPT_4)
119 return 4;
120 return 0;
121}
122//
123//
124// DecryptSize()
125//
126// This function returns the size of the decrypt size field. This function returns 0 if decryption is not allowed
127//
128// Return Value Meaning
129//
130// 0 encryption not allowed
131// 2 size field is two bytes
132// 4 size field is four bytes
133//
134int
135DecryptSize(
136 TPM_CC commandCode // IN: commandCode
137 )
138{
139 COMMAND_ATTRIBUTES ca = s_commandAttributes[commandCode - TPM_CC_FIRST];
140 if(ca & DECRYPT_2)
141 return 2;
142 if(ca & DECRYPT_4)
143 return 4;
144 return 0;
145}
146//
147//
148// IsSessionAllowed()
149//
150// This function indicates if the command is allowed to have sessions.
151// This function must not be called if the command is not known to be implemented.
152//
153// Return Value Meaning
154//
155// TRUE session is allowed with this command
156// FALSE session is not allowed with this command
157//
158BOOL
159IsSessionAllowed(
160 TPM_CC commandCode // IN: the command to be checked
161 )
162{
163 if(s_commandAttributes[commandCode - TPM_CC_FIRST] & NO_SESSIONS)
164 return FALSE;
165 else
166 return TRUE;
167}
168//
169//
170// IsHandleInResponse()
171//
172BOOL
173IsHandleInResponse(
174 TPM_CC commandCode
175 )
176{
177 if(s_commandAttributes[commandCode - TPM_CC_FIRST] & R_HANDLE)
178 return TRUE;
179 else
180 return FALSE;
181//
182}
183//
184//
185// IsWriteOperation()
186//
187// Checks to see if an operation will write to NV memory
188//
189BOOL
190IsWriteOperation(
191 TPM_CC command // IN: Command to check
192 )
193{
194 switch (command)
195 {
196 case TPM_CC_NV_Write:
197 case TPM_CC_NV_Increment:
198 case TPM_CC_NV_SetBits:
199 case TPM_CC_NV_Extend:
200 // Nv write lock counts as a write operation for authorization purposes.
201 // We check to see if the NV is write locked before we do the authorization
202 // If it is locked, we fail the command early.
203 case TPM_CC_NV_WriteLock:
204 return TRUE;
205 default:
206 break;
207 }
208 return FALSE;
209}
210//
211//
212// IsReadOperation()
213//
214// Checks to see if an operation will write to NV memory
215//
216BOOL
217IsReadOperation(
218 TPM_CC command // IN: Command to check
219 )
220{
221 switch (command)
222 {
223 case TPM_CC_NV_Read:
224 case TPM_CC_PolicyNV:
225 case TPM_CC_NV_Certify:
226 // Nv read lock counts as a read operation for authorization purposes.
227 // We check to see if the NV is read locked before we do the authorization
228 // If it is locked, we fail the command early.
229 case TPM_CC_NV_ReadLock:
230 return TRUE;
231 default:
232 break;
233 }
234 return FALSE;
235}
236//
237//
238// CommandCapGetCCList()
239//
240// This function returns a list of implemented commands and command attributes starting from the
241// command in commandCode.
242//
243//
244//
245//
246// Return Value Meaning
247//
248// YES more command attributes are available
249// NO no more command attributes are available
250//
251TPMI_YES_NO
252CommandCapGetCCList(
253 TPM_CC commandCode, // IN: start command code
254 UINT32 count, // IN: maximum count for number of entries in
255 // 'commandList'
256 TPML_CCA *commandList // OUT: list of TPMA_CC
257 )
258{
259 TPMI_YES_NO more = NO;
260 UINT32 i;
261 // initialize output handle list count
262 commandList->count = 0;
263 // The maximum count of commands that may be return is MAX_CAP_CC.
264 if(count > MAX_CAP_CC) count = MAX_CAP_CC;
265 // If the command code is smaller than TPM_CC_FIRST, start from TPM_CC_FIRST
266 if(commandCode < TPM_CC_FIRST) commandCode = TPM_CC_FIRST;
267 // Collect command attributes
268 for(i = commandCode; i <= TPM_CC_LAST; i++)
269 {
270 if(CommandIsImplemented(i))
271 {
272 if(commandList->count < count)
273 {
274 // If the list is not full, add the attributes for this command.
275 commandList->commandAttributes[commandList->count]
276 = CommandGetAttribute(i);
277 commandList->count++;
278 }
279 else
280 {
281 // If the list is full but there are more commands to report,
282 // indicate this and return.
283 more = YES;
284 break;
285 }
286 }
287 }
288 return more;
289}