1 // This file was extracted from the TCG Published 2 // Trusted Platform Module Library 3 // Part 4: Supporting Routines 4 // Family "2.0" 5 // Level 00 Revision 01.16 6 // October 30, 2014 7 8 #include "Tpm.h" 9 #include "InternalRoutines.h" 10 typedef UINT16 ATTRIBUTE_TYPE; 11 // 12 // The following file is produced from the command tables in part 3 of the specification. It defines the 13 // attributes for each of the commands. 14 // 15 // NOTE: This file is currently produced by an automated process. Files produced from Part 2 or Part 3 tables through 16 // automated processes are not included in the specification so that their is no ambiguity about the table 17 // containing the information being the normative definition. 18 // 19 #include "CommandAttributeData.c" 20 // 21 // 22 // Command Attribute Functions 23 // 24 // CommandAuthRole() 25 // 26 // This function returns the authorization role required of a handle. 27 // 28 // Return Value Meaning 29 // 30 // AUTH_NONE no authorization is required 31 // AUTH_USER user role authorization is required 32 // AUTH_ADMIN admin role authorization is required 33 // AUTH_DUP duplication role authorization is required 34 // 35 AUTH_ROLE 36 CommandAuthRole( 37 TPM_CC commandCode, // IN: command code 38 UINT32 handleIndex // IN: handle index (zero based) 39 ) 40 { 41 if(handleIndex > 1) 42 return AUTH_NONE; 43 if(handleIndex == 0) { 44 ATTRIBUTE_TYPE properties = s_commandAttributes[commandCode - TPM_CC_FIRST]; 45 if(properties & HANDLE_1_USER) return AUTH_USER; 46 if(properties & HANDLE_1_ADMIN) return AUTH_ADMIN; 47 if(properties & HANDLE_1_DUP) return AUTH_DUP; 48 return AUTH_NONE; 49 } 50 if(s_commandAttributes[commandCode - TPM_CC_FIRST] & HANDLE_2_USER) 51 return AUTH_USER; 52 return AUTH_NONE; 53 } 54 // 55 // 56 // CommandIsImplemented() 57 // 58 // This function indicates if a command is implemented. 59 // 60 // Return Value Meaning 61 // 62 // TRUE if the command is implemented 63 // FALSE if the command is not implemented 64 // 65 BOOL 66 CommandIsImplemented( 67 TPM_CC commandCode // IN: command code 68 ) 69 { 70 if(commandCode < TPM_CC_FIRST || commandCode > TPM_CC_LAST) 71 return FALSE; 72 if((s_commandAttributes[commandCode - TPM_CC_FIRST] & IS_IMPLEMENTED)) 73 return TRUE; 74 else 75 return FALSE; 76 } 77 // 78 // 79 // CommandGetAttribute() 80 // 81 // return a TPMA_CC structure for the given command code 82 // 83 TPMA_CC 84 CommandGetAttribute( 85 TPM_CC commandCode // IN: command code 86 ) 87 { 88 UINT32 size = sizeof(s_ccAttr) / sizeof(s_ccAttr[0]); 89 UINT32 i; 90 for(i = 0; i < size; i++) { 91 if(s_ccAttr[i].commandIndex == (UINT16) commandCode) 92 return s_ccAttr[i]; 93 } 94 // This function should be called in the way that the command code 95 // attribute is available. 96 FAIL(FATAL_ERROR_INTERNAL); 97 98 return s_ccAttr[0]; // Just to appease the compiler, never reached. 99 } 100 // 101 // 102 // EncryptSize() 103 // 104 // This function returns the size of the decrypt size field. This function returns 0 if encryption is not allowed 105 // 106 // Return Value Meaning 107 // 108 // 0 encryption not allowed 109 // 2 size field is two bytes 110 // 4 size field is four bytes 111 // 112 int 113 EncryptSize( 114 TPM_CC commandCode // IN: commandCode 115 ) 116 { 117 COMMAND_ATTRIBUTES ca = s_commandAttributes[commandCode - TPM_CC_FIRST]; 118 if(ca & ENCRYPT_2) 119 return 2; 120 if(ca & ENCRYPT_4) 121 return 4; 122 return 0; 123 } 124 // 125 // 126 // DecryptSize() 127 // 128 // This function returns the size of the decrypt size field. This function returns 0 if decryption is not allowed 129 // 130 // Return Value Meaning 131 // 132 // 0 encryption not allowed 133 // 2 size field is two bytes 134 // 4 size field is four bytes 135 // 136 int 137 DecryptSize( 138 TPM_CC commandCode // IN: commandCode 139 ) 140 { 141 COMMAND_ATTRIBUTES ca = s_commandAttributes[commandCode - TPM_CC_FIRST]; 142 if(ca & DECRYPT_2) 143 return 2; 144 if(ca & DECRYPT_4) 145 return 4; 146 return 0; 147 } 148 // 149 // 150 // IsSessionAllowed() 151 // 152 // This function indicates if the command is allowed to have sessions. 153 // This function must not be called if the command is not known to be implemented. 154 // 155 // Return Value Meaning 156 // 157 // TRUE session is allowed with this command 158 // FALSE session is not allowed with this command 159 // 160 BOOL 161 IsSessionAllowed( 162 TPM_CC commandCode // IN: the command to be checked 163 ) 164 { 165 if(s_commandAttributes[commandCode - TPM_CC_FIRST] & NO_SESSIONS) 166 return FALSE; 167 else 168 return TRUE; 169 } 170 // 171 // 172 // IsHandleInResponse() 173 // 174 BOOL 175 IsHandleInResponse( 176 TPM_CC commandCode 177 ) 178 { 179 if(s_commandAttributes[commandCode - TPM_CC_FIRST] & R_HANDLE) 180 return TRUE; 181 else 182 return FALSE; 183 // 184 } 185 // 186 // 187 // IsWriteOperation() 188 // 189 // Checks to see if an operation will write to NV memory 190 // 191 BOOL 192 IsWriteOperation( 193 TPM_CC command // IN: Command to check 194 ) 195 { 196 switch (command) 197 { 198 case TPM_CC_NV_Write: 199 case TPM_CC_NV_Increment: 200 case TPM_CC_NV_SetBits: 201 case TPM_CC_NV_Extend: 202 // Nv write lock counts as a write operation for authorization purposes. 203 // We check to see if the NV is write locked before we do the authorization 204 // If it is locked, we fail the command early. 205 case TPM_CC_NV_WriteLock: 206 return TRUE; 207 default: 208 break; 209 } 210 return FALSE; 211 } 212 // 213 // 214 // IsReadOperation() 215 // 216 // Checks to see if an operation will write to NV memory 217 // 218 BOOL 219 IsReadOperation( 220 TPM_CC command // IN: Command to check 221 ) 222 { 223 switch (command) 224 { 225 case TPM_CC_NV_Read: 226 case TPM_CC_PolicyNV: 227 case TPM_CC_NV_Certify: 228 // Nv read lock counts as a read operation for authorization purposes. 229 // We check to see if the NV is read locked before we do the authorization 230 // If it is locked, we fail the command early. 231 case TPM_CC_NV_ReadLock: 232 return TRUE; 233 default: 234 break; 235 } 236 return FALSE; 237 } 238 // 239 // 240 // CommandCapGetCCList() 241 // 242 // This function returns a list of implemented commands and command attributes starting from the 243 // command in commandCode. 244 // 245 // 246 // 247 // 248 // Return Value Meaning 249 // 250 // YES more command attributes are available 251 // NO no more command attributes are available 252 // 253 TPMI_YES_NO 254 CommandCapGetCCList( 255 TPM_CC commandCode, // IN: start command code 256 UINT32 count, // IN: maximum count for number of entries in 257 // 'commandList' 258 TPML_CCA *commandList // OUT: list of TPMA_CC 259 ) 260 { 261 TPMI_YES_NO more = NO; 262 UINT32 i; 263 // initialize output handle list count 264 commandList->count = 0; 265 // The maximum count of commands that may be return is MAX_CAP_CC. 266 if(count > MAX_CAP_CC) count = MAX_CAP_CC; 267 // If the command code is smaller than TPM_CC_FIRST, start from TPM_CC_FIRST 268 if(commandCode < TPM_CC_FIRST) commandCode = TPM_CC_FIRST; 269 // Collect command attributes 270 for(i = commandCode; i <= TPM_CC_LAST; i++) 271 { 272 if(CommandIsImplemented(i)) 273 { 274 if(commandList->count < count) 275 { 276 // If the list is not full, add the attributes for this command. 277 commandList->commandAttributes[commandList->count] 278 = CommandGetAttribute(i); 279 commandList->count++; 280 } 281 else 282 { 283 // If the list is full but there are more commands to report, 284 // indicate this and return. 285 more = YES; 286 break; 287 } 288 } 289 } 290 return more; 291 } 292
