Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / tpm2 / c02cd04e46278d3dcd232f86b3bd6216d84fd3eb / . / CommandCodeAttributes.c
blob: 45cf17e76ba406682cab1a7b3411b4366e47f40e [file] [log] [blame]
Vadim Bendebury56797522015-05-20 10:32:25 -0700[diff] [blame]1// This file was extracted from the TCG Published
2// Trusted Platform Module Library
3// Part 4: Supporting Routines
4// Family "2.0"
5// Level 00 Revision 01.16
6// October 30, 2014
7
8#include "Tpm.h"
9#include "InternalRoutines.h"
10typedef UINT16 ATTRIBUTE_TYPE;
11//
12// The following file is produced from the command tables in part 3 of the specification. It defines the
13// attributes for each of the commands.
14//
15// NOTE: This file is currently produced by an automated process. Files produced from Part 2 or Part 3 tables through
16// automated processes are not included in the specification so that their is no ambiguity about the table
17// containing the information being the normative definition.
18//
19#include "CommandAttributeData.c"
20//
21//
22// Command Attribute Functions
23//
24// CommandAuthRole()
25//
26// This function returns the authorization role required of a handle.
27//
28// Return Value Meaning
29//
30// AUTH_NONE no authorization is required
31// AUTH_USER user role authorization is required
32// AUTH_ADMIN admin role authorization is required
33// AUTH_DUP duplication role authorization is required
34//
35AUTH_ROLE
36CommandAuthRole(
37 TPM_CC commandCode, // IN: command code
38 UINT32 handleIndex // IN: handle index (zero based)
39 )
40{
41 if(handleIndex > 1)
42 return AUTH_NONE;
43 if(handleIndex == 0) {
44 ATTRIBUTE_TYPE properties = s_commandAttributes[commandCode - TPM_CC_FIRST];
45 if(properties & HANDLE_1_USER) return AUTH_USER;
46 if(properties & HANDLE_1_ADMIN) return AUTH_ADMIN;
47 if(properties & HANDLE_1_DUP) return AUTH_DUP;
48 return AUTH_NONE;
49 }
Vadim Bendebury711a0442015-05-28 16:37:42 -0700[diff] [blame]50 if(s_commandAttributes[commandCode - TPM_CC_FIRST] & HANDLE_2_USER)
51 return AUTH_USER;
Vadim Bendebury56797522015-05-20 10:32:25 -0700[diff] [blame]52 return AUTH_NONE;
53}
54//
55//
56// CommandIsImplemented()
57//
58// This function indicates if a command is implemented.
59//
60// Return Value Meaning
61//
62// TRUE if the command is implemented
63// FALSE if the command is not implemented
64//
65BOOL
66CommandIsImplemented(
67 TPM_CC commandCode // IN: command code
68 )
69{
70 if(commandCode < TPM_CC_FIRST || commandCode > TPM_CC_LAST)
71 return FALSE;
72 if((s_commandAttributes[commandCode - TPM_CC_FIRST] & IS_IMPLEMENTED))
73 return TRUE;
74 else
75 return FALSE;
76}
77//
78//
79// CommandGetAttribute()
80//
81// return a TPMA_CC structure for the given command code
82//
83TPMA_CC
84CommandGetAttribute(
85 TPM_CC commandCode // IN: command code
86 )
87{
88 UINT32 size = sizeof(s_ccAttr) / sizeof(s_ccAttr[0]);
89 UINT32 i;
90 for(i = 0; i < size; i++) {
91 if(s_ccAttr[i].commandIndex == (UINT16) commandCode)
92 return s_ccAttr[i];
93 }
94 // This function should be called in the way that the command code
95 // attribute is available.
96 FAIL(FATAL_ERROR_INTERNAL);
Vadim Bendebury711a0442015-05-28 16:37:42 -0700[diff] [blame]97
98 return s_ccAttr[0]; // Just to appease the compiler, never reached.
Vadim Bendebury56797522015-05-20 10:32:25 -0700[diff] [blame]99}
100//
101//
102// EncryptSize()
103//
104// This function returns the size of the decrypt size field. This function returns 0 if encryption is not allowed
105//
106// Return Value Meaning
107//
108// 0 encryption not allowed
109// 2 size field is two bytes
110// 4 size field is four bytes
111//
112int
113EncryptSize(
114 TPM_CC commandCode // IN: commandCode
115 )
116{
117 COMMAND_ATTRIBUTES ca = s_commandAttributes[commandCode - TPM_CC_FIRST];
118 if(ca & ENCRYPT_2)
119 return 2;
120 if(ca & ENCRYPT_4)
121 return 4;
122 return 0;
123}
124//
125//
126// DecryptSize()
127//
128// This function returns the size of the decrypt size field. This function returns 0 if decryption is not allowed
129//
130// Return Value Meaning
131//
132// 0 encryption not allowed
133// 2 size field is two bytes
134// 4 size field is four bytes
135//
136int
137DecryptSize(
138 TPM_CC commandCode // IN: commandCode
139 )
140{
141 COMMAND_ATTRIBUTES ca = s_commandAttributes[commandCode - TPM_CC_FIRST];
142 if(ca & DECRYPT_2)
143 return 2;
144 if(ca & DECRYPT_4)
145 return 4;
146 return 0;
147}
148//
149//
150// IsSessionAllowed()
151//
152// This function indicates if the command is allowed to have sessions.
153// This function must not be called if the command is not known to be implemented.
154//
155// Return Value Meaning
156//
157// TRUE session is allowed with this command
158// FALSE session is not allowed with this command
159//
160BOOL
161IsSessionAllowed(
162 TPM_CC commandCode // IN: the command to be checked
163 )
164{
165 if(s_commandAttributes[commandCode - TPM_CC_FIRST] & NO_SESSIONS)
166 return FALSE;
167 else
168 return TRUE;
169}
170//
171//
172// IsHandleInResponse()
173//
174BOOL
175IsHandleInResponse(
176 TPM_CC commandCode
177 )
178{
179 if(s_commandAttributes[commandCode - TPM_CC_FIRST] & R_HANDLE)
180 return TRUE;
181 else
182 return FALSE;
183//
184}
185//
186//
187// IsWriteOperation()
188//
189// Checks to see if an operation will write to NV memory
190//
191BOOL
192IsWriteOperation(
193 TPM_CC command // IN: Command to check
194 )
195{
196 switch (command)
197 {
198 case TPM_CC_NV_Write:
199 case TPM_CC_NV_Increment:
200 case TPM_CC_NV_SetBits:
201 case TPM_CC_NV_Extend:
202 // Nv write lock counts as a write operation for authorization purposes.
203 // We check to see if the NV is write locked before we do the authorization
204 // If it is locked, we fail the command early.
205 case TPM_CC_NV_WriteLock:
206 return TRUE;
207 default:
208 break;
209 }
210 return FALSE;
211}
212//
213//
214// IsReadOperation()
215//
216// Checks to see if an operation will write to NV memory
217//
218BOOL
219IsReadOperation(
220 TPM_CC command // IN: Command to check
221 )
222{
223 switch (command)
224 {
225 case TPM_CC_NV_Read:
226 case TPM_CC_PolicyNV:
227 case TPM_CC_NV_Certify:
228 // Nv read lock counts as a read operation for authorization purposes.
229 // We check to see if the NV is read locked before we do the authorization
230 // If it is locked, we fail the command early.
231 case TPM_CC_NV_ReadLock:
232 return TRUE;
233 default:
234 break;
235 }
236 return FALSE;
237}
238//
239//
240// CommandCapGetCCList()
241//
242// This function returns a list of implemented commands and command attributes starting from the
243// command in commandCode.
244//
245//
246//
247//
248// Return Value Meaning
249//
250// YES more command attributes are available
251// NO no more command attributes are available
252//
253TPMI_YES_NO
254CommandCapGetCCList(
255 TPM_CC commandCode, // IN: start command code
256 UINT32 count, // IN: maximum count for number of entries in
257 // 'commandList'
258 TPML_CCA *commandList // OUT: list of TPMA_CC
259 )
260{
261 TPMI_YES_NO more = NO;
262 UINT32 i;
263 // initialize output handle list count
264 commandList->count = 0;
265 // The maximum count of commands that may be return is MAX_CAP_CC.
266 if(count > MAX_CAP_CC) count = MAX_CAP_CC;
267 // If the command code is smaller than TPM_CC_FIRST, start from TPM_CC_FIRST
268 if(commandCode < TPM_CC_FIRST) commandCode = TPM_CC_FIRST;
269 // Collect command attributes
270 for(i = commandCode; i <= TPM_CC_LAST; i++)
271 {
272 if(CommandIsImplemented(i))
273 {
274 if(commandList->count < count)
275 {
276 // If the list is not full, add the attributes for this command.
277 commandList->commandAttributes[commandList->count]
278 = CommandGetAttribute(i);
279 commandList->count++;
280 }
281 else
282 {
283 // If the list is full but there are more commands to report,
284 // indicate this and return.
285 more = YES;
286 break;
287 }
288 }
289 }
290 return more;
291}