CommandCodeAttributes.c

// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 4: Supporting Routines
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014

#include    "Tpm.h"
#include    "InternalRoutines.h"
typedef UINT16          ATTRIBUTE_TYPE;
//
//     The following file is produced from the command tables in part 3 of the specification. It defines the
//     attributes for each of the commands.
//
//     NOTE:           This file is currently produced by an automated process. Files produced from Part 2 or Part 3 tables through
//                     automated processes are not included in the specification so that their is no ambiguity about the table
//                     containing the information being the normative definition.
//
#include       "CommandAttributeData.c"
//
//  SafeGetAttributesForCC()
//
//  Helper function returning a command attribute value for the given command
//  code or extended command code.
//
//  Return Value                 Meaning
//
//  COMMAND_ATTRIBUTES            command attribute for the given command
//
static COMMAND_ATTRIBUTES SafeGetAttributesForCC(TPM_CC commandCode) {
  const COMMAND_ATTRIBUTES kUnimplementedAttr = 0;

  if (commandCode & TPM_CCE_BIT_MASK) {
    if (commandCode >= TPM_CCE_FIRST && commandCode <= TPM_CCE_LAST)
      return s_commandAttributesExt[commandCode - TPM_CCE_FIRST];
  } else {
    if (commandCode >= TPM_CC_FIRST && commandCode <= TPM_CC_LAST)
      return s_commandAttributes[commandCode - TPM_CC_FIRST];
  }

  return kUnimplementedAttr;
}
//
//
//
//          Command Attribute Functions
//
//          CommandAuthRole()
//
//     This function returns the authorization role required of a handle.
//
//     Return Value                       Meaning
//
//     AUTH_NONE                          no authorization is required
//     AUTH_USER                          user role authorization is required
//     AUTH_ADMIN                         admin role authorization is required
//     AUTH_DUP                           duplication role authorization is required
//
AUTH_ROLE
CommandAuthRole(
     TPM_CC        commandCode,                 // IN: command code
     UINT32        handleIndex                  // IN: handle index (zero based)
     )
{
   ATTRIBUTE_TYPE properties = SafeGetAttributesForCC(commandCode);

   if(handleIndex > 1)
       return AUTH_NONE;
   if(handleIndex == 0) {
       if(properties & HANDLE_1_USER) return AUTH_USER;
       if(properties & HANDLE_1_ADMIN) return AUTH_ADMIN;
       if(properties & HANDLE_1_DUP) return AUTH_DUP;
       return AUTH_NONE;
   }
   if(properties & HANDLE_2_USER)
           return AUTH_USER;
   return AUTH_NONE;
}
//
//
//          CommandIsImplemented()
//
//     This function indicates if a command is implemented.
//
//     Return Value                      Meaning
//
//     TRUE                              if the command is implemented
//     FALSE                             if the command is not implemented
//
BOOL
CommandIsImplemented(
    TPM_CC                commandCode          // IN: command code
    )
{
  return (SafeGetAttributesForCC(commandCode) & IS_IMPLEMENTED) ? TRUE : FALSE;
}
//
//
//          CommandGetAttribute()
//
//     return a TPMA_CC structure for the given command code
//
TPMA_CC
CommandGetAttribute(
    TPM_CC                commandCode          // IN: command code
    )
{
    UINT32      size = sizeof(s_ccAttr) / sizeof(s_ccAttr[0]);
    UINT32      i;
    for(i = 0; i < size; i++) {
        if(s_ccAttr[i].commandIndex == (UINT16) commandCode)
            return s_ccAttr[i];
    }
    // This function should be called in the way that the command code
    // attribute is available.
    FAIL(FATAL_ERROR_INTERNAL);

    return s_ccAttr[0]; // Just to appease the compiler, never reached.
}
//
//
//          EncryptSize()
//
//     This function returns the size of the decrypt size field. This function returns 0 if encryption is not allowed
//
//     Return Value                      Meaning
//
//     0                                 encryption not allowed
//     2                                 size field is two bytes
//     4                                 size field is four bytes
//
int
EncryptSize(
    TPM_CC                commandCode          // IN: commandCode
    )
{
    COMMAND_ATTRIBUTES        ca = SafeGetAttributesForCC(commandCode);
    if(ca & ENCRYPT_2)
        return 2;
    if(ca & ENCRYPT_4)
        return 4;
    return 0;
}
//
//
//          DecryptSize()
//
//     This function returns the size of the decrypt size field. This function returns 0 if decryption is not allowed
//
//     Return Value                      Meaning
//
//     0                                 encryption not allowed
//     2                                 size field is two bytes
//     4                                 size field is four bytes
//
int
DecryptSize(
    TPM_CC                commandCode          // IN: commandCode
    )
{
    COMMAND_ATTRIBUTES        ca = SafeGetAttributesForCC(commandCode);
    if(ca & DECRYPT_2)
        return 2;
    if(ca & DECRYPT_4)
        return 4;
    return 0;
}
//
//
//          IsSessionAllowed()
//
//     This function indicates if the command is allowed to have sessions.
//     This function must not be called if the command is not known to be implemented.
//
//     Return Value                      Meaning
//
//     TRUE                              session is allowed with this command
//     FALSE                             session is not allowed with this command
//
BOOL
IsSessionAllowed(
    TPM_CC                commandCode          // IN: the command to be checked
    )
{
    return (SafeGetAttributesForCC(commandCode) & NO_SESSIONS) ? FALSE : TRUE;
}
//
//
//          IsHandleInResponse()
//
BOOL
IsHandleInResponse(
    TPM_CC                commandCode
    )
{
    return (SafeGetAttributesForCC(commandCode) & R_HANDLE) ? TRUE : FALSE;
}
//
//
//           IsWriteOperation()
//
//      Checks to see if an operation will write to NV memory
//
BOOL
IsWriteOperation(
   TPM_CC               command           // IN: Command to check
   )
{
   switch (command)
   {
       case TPM_CC_NV_Write:
       case TPM_CC_NV_Increment:
       case TPM_CC_NV_SetBits:
       case TPM_CC_NV_Extend:
       // Nv write lock counts as a write operation for authorization purposes.
       // We check to see if the NV is write locked before we do the authorization
       // If it is locked, we fail the command early.
       case TPM_CC_NV_WriteLock:
           return TRUE;
       default:
           break;
   }
   return FALSE;
}
//
//
//           IsReadOperation()
//
//      Checks to see if an operation will write to NV memory
//
BOOL
IsReadOperation(
   TPM_CC               command           // IN: Command to check
   )
{
   switch (command)
   {
       case TPM_CC_NV_Read:
       case TPM_CC_PolicyNV:
       case TPM_CC_NV_Certify:
       // Nv read lock counts as a read operation for authorization purposes.
       // We check to see if the NV is read locked before we do the authorization
       // If it is locked, we fail the command early.
       case TPM_CC_NV_ReadLock:
           return TRUE;
       default:
           break;
   }
   return FALSE;
}
//
//
//          CommandCapGetCCList()
//
//      This function returns a list of implemented commands and command attributes starting from the
//      command in commandCode.
//
//
//
//
//      Return Value                      Meaning
//
//      YES                               more command attributes are available
//      NO                                no more command attributes are available
//
TPMI_YES_NO
CommandCapGetCCList(
     TPM_CC            commandCode,         // IN: start command code
     UINT32            count,               // IN: maximum count for number of entries in
                                            //     'commandList'
     TPML_CCA         *commandList          // OUT: list of TPMA_CC
     )
{
     TPMI_YES_NO       more = NO;
     UINT32            i;
     // initialize output handle list count
     commandList->count = 0;
     // The maximum count of commands that may be returned is MAX_CAP_CC_ALL.
     if(count > MAX_CAP_CC_ALL) count = MAX_CAP_CC_ALL;
     // If the command code is smaller than TPM_CC_FIRST, start from TPM_CC_FIRST
     if(commandCode < TPM_CC_FIRST) commandCode = TPM_CC_FIRST;
     // Collect command attributes
     for(i = commandCode; i <= TPM_CCE_LAST; i++)
     {
         if (i > TPM_CC_LAST && i < TPM_CCE_FIRST)
         {
             i = TPM_CCE_FIRST;
         }
         if(CommandIsImplemented(i))
         {
             if(commandList->count < count)
             {
                 // If the list is not full, add the attributes for this command.
                 commandList->commandAttributes[commandList->count]
                     = CommandGetAttribute(i);
                 commandList->count++;
             }
             else
             {
                 // If the list is full but there are more commands to report,
                 // indicate this and return.
                 more = YES;
                 break;
             }
         }
     }
     return more;
}