| // This file was extracted from the TCG Published |
| // Trusted Platform Module Library |
| // Part 4: Supporting Routines |
| // Family "2.0" |
| // Level 00 Revision 01.16 |
| // October 30, 2014 |
| |
| #include "Tpm.h" |
| #include "InternalRoutines.h" |
| typedef UINT16 ATTRIBUTE_TYPE; |
| // |
| // The following file is produced from the command tables in part 3 of the specification. It defines the |
| // attributes for each of the commands. |
| // |
| // NOTE: This file is currently produced by an automated process. Files produced from Part 2 or Part 3 tables through |
| // automated processes are not included in the specification so that their is no ambiguity about the table |
| // containing the information being the normative definition. |
| // |
| #include "CommandAttributeData.c" |
| // |
| // |
| // Command Attribute Functions |
| // |
| // CommandAuthRole() |
| // |
| // This function returns the authorization role required of a handle. |
| // |
| // Return Value Meaning |
| // |
| // AUTH_NONE no authorization is required |
| // AUTH_USER user role authorization is required |
| // AUTH_ADMIN admin role authorization is required |
| // AUTH_DUP duplication role authorization is required |
| // |
| AUTH_ROLE |
| CommandAuthRole( |
| TPM_CC commandCode, // IN: command code |
| UINT32 handleIndex // IN: handle index (zero based) |
| ) |
| { |
| if(handleIndex > 1) |
| return AUTH_NONE; |
| if(handleIndex == 0) { |
| ATTRIBUTE_TYPE properties = s_commandAttributes[commandCode - TPM_CC_FIRST]; |
| if(properties & HANDLE_1_USER) return AUTH_USER; |
| if(properties & HANDLE_1_ADMIN) return AUTH_ADMIN; |
| if(properties & HANDLE_1_DUP) return AUTH_DUP; |
| return AUTH_NONE; |
| } |
| if(s_commandAttributes[commandCode - TPM_CC_FIRST] & HANDLE_2_USER) |
| return AUTH_USER; |
| return AUTH_NONE; |
| } |
| // |
| // |
| // CommandIsImplemented() |
| // |
| // This function indicates if a command is implemented. |
| // |
| // Return Value Meaning |
| // |
| // TRUE if the command is implemented |
| // FALSE if the command is not implemented |
| // |
| BOOL |
| CommandIsImplemented( |
| TPM_CC commandCode // IN: command code |
| ) |
| { |
| if(commandCode < TPM_CC_FIRST || commandCode > TPM_CC_LAST) |
| return FALSE; |
| if((s_commandAttributes[commandCode - TPM_CC_FIRST] & IS_IMPLEMENTED)) |
| return TRUE; |
| else |
| return FALSE; |
| } |
| // |
| // |
| // CommandGetAttribute() |
| // |
| // return a TPMA_CC structure for the given command code |
| // |
| TPMA_CC |
| CommandGetAttribute( |
| TPM_CC commandCode // IN: command code |
| ) |
| { |
| UINT32 size = sizeof(s_ccAttr) / sizeof(s_ccAttr[0]); |
| UINT32 i; |
| for(i = 0; i < size; i++) { |
| if(s_ccAttr[i].commandIndex == (UINT16) commandCode) |
| return s_ccAttr[i]; |
| } |
| // This function should be called in the way that the command code |
| // attribute is available. |
| FAIL(FATAL_ERROR_INTERNAL); |
| |
| return s_ccAttr[0]; // Just to appease the compiler, never reached. |
| } |
| // |
| // |
| // EncryptSize() |
| // |
| // This function returns the size of the decrypt size field. This function returns 0 if encryption is not allowed |
| // |
| // Return Value Meaning |
| // |
| // 0 encryption not allowed |
| // 2 size field is two bytes |
| // 4 size field is four bytes |
| // |
| int |
| EncryptSize( |
| TPM_CC commandCode // IN: commandCode |
| ) |
| { |
| COMMAND_ATTRIBUTES ca = s_commandAttributes[commandCode - TPM_CC_FIRST]; |
| if(ca & ENCRYPT_2) |
| return 2; |
| if(ca & ENCRYPT_4) |
| return 4; |
| return 0; |
| } |
| // |
| // |
| // DecryptSize() |
| // |
| // This function returns the size of the decrypt size field. This function returns 0 if decryption is not allowed |
| // |
| // Return Value Meaning |
| // |
| // 0 encryption not allowed |
| // 2 size field is two bytes |
| // 4 size field is four bytes |
| // |
| int |
| DecryptSize( |
| TPM_CC commandCode // IN: commandCode |
| ) |
| { |
| COMMAND_ATTRIBUTES ca = s_commandAttributes[commandCode - TPM_CC_FIRST]; |
| if(ca & DECRYPT_2) |
| return 2; |
| if(ca & DECRYPT_4) |
| return 4; |
| return 0; |
| } |
| // |
| // |
| // IsSessionAllowed() |
| // |
| // This function indicates if the command is allowed to have sessions. |
| // This function must not be called if the command is not known to be implemented. |
| // |
| // Return Value Meaning |
| // |
| // TRUE session is allowed with this command |
| // FALSE session is not allowed with this command |
| // |
| BOOL |
| IsSessionAllowed( |
| TPM_CC commandCode // IN: the command to be checked |
| ) |
| { |
| if(s_commandAttributes[commandCode - TPM_CC_FIRST] & NO_SESSIONS) |
| return FALSE; |
| else |
| return TRUE; |
| } |
| // |
| // |
| // IsHandleInResponse() |
| // |
| BOOL |
| IsHandleInResponse( |
| TPM_CC commandCode |
| ) |
| { |
| if(s_commandAttributes[commandCode - TPM_CC_FIRST] & R_HANDLE) |
| return TRUE; |
| else |
| return FALSE; |
| // |
| } |
| // |
| // |
| // IsWriteOperation() |
| // |
| // Checks to see if an operation will write to NV memory |
| // |
| BOOL |
| IsWriteOperation( |
| TPM_CC command // IN: Command to check |
| ) |
| { |
| switch (command) |
| { |
| case TPM_CC_NV_Write: |
| case TPM_CC_NV_Increment: |
| case TPM_CC_NV_SetBits: |
| case TPM_CC_NV_Extend: |
| // Nv write lock counts as a write operation for authorization purposes. |
| // We check to see if the NV is write locked before we do the authorization |
| // If it is locked, we fail the command early. |
| case TPM_CC_NV_WriteLock: |
| return TRUE; |
| default: |
| break; |
| } |
| return FALSE; |
| } |
| // |
| // |
| // IsReadOperation() |
| // |
| // Checks to see if an operation will write to NV memory |
| // |
| BOOL |
| IsReadOperation( |
| TPM_CC command // IN: Command to check |
| ) |
| { |
| switch (command) |
| { |
| case TPM_CC_NV_Read: |
| case TPM_CC_PolicyNV: |
| case TPM_CC_NV_Certify: |
| // Nv read lock counts as a read operation for authorization purposes. |
| // We check to see if the NV is read locked before we do the authorization |
| // If it is locked, we fail the command early. |
| case TPM_CC_NV_ReadLock: |
| return TRUE; |
| default: |
| break; |
| } |
| return FALSE; |
| } |
| // |
| // |
| // CommandCapGetCCList() |
| // |
| // This function returns a list of implemented commands and command attributes starting from the |
| // command in commandCode. |
| // |
| // |
| // |
| // |
| // Return Value Meaning |
| // |
| // YES more command attributes are available |
| // NO no more command attributes are available |
| // |
| TPMI_YES_NO |
| CommandCapGetCCList( |
| TPM_CC commandCode, // IN: start command code |
| UINT32 count, // IN: maximum count for number of entries in |
| // 'commandList' |
| TPML_CCA *commandList // OUT: list of TPMA_CC |
| ) |
| { |
| TPMI_YES_NO more = NO; |
| UINT32 i; |
| // initialize output handle list count |
| commandList->count = 0; |
| // The maximum count of commands that may be return is MAX_CAP_CC. |
| if(count > MAX_CAP_CC) count = MAX_CAP_CC; |
| // If the command code is smaller than TPM_CC_FIRST, start from TPM_CC_FIRST |
| if(commandCode < TPM_CC_FIRST) commandCode = TPM_CC_FIRST; |
| // Collect command attributes |
| for(i = commandCode; i <= TPM_CC_LAST; i++) |
| { |
| if(CommandIsImplemented(i)) |
| { |
| if(commandList->count < count) |
| { |
| // If the list is not full, add the attributes for this command. |
| commandList->commandAttributes[commandList->count] |
| = CommandGetAttribute(i); |
| commandList->count++; |
| } |
| else |
| { |
| // If the list is full but there are more commands to report, |
| // indicate this and return. |
| more = YES; |
| break; |
| } |
| } |
| } |
| return more; |
| } |