1// This file was extracted from the TCG Published 2// Trusted Platform Module Library 3// Part 4: Supporting Routines 4// Family "2.0" 5// Level 00 Revision 01.16 6// October 30, 2014 7 8#include "Tpm.h" 9#include "InternalRoutines.h" 10typedef UINT16 ATTRIBUTE_TYPE; 11// 12// The following file is produced from the command tables in part 3 of the specification. It defines the 13// attributes for each of the commands. 14// 15// NOTE: This file is currently produced by an automated process. Files produced from Part 2 or Part 3 tables through 16// automated processes are not included in the specification so that their is no ambiguity about the table 17// containing the information being the normative definition. 18// 19#include "CommandAttributeData.c" 20// 21// 22// Command Attribute Functions 23// 24// CommandAuthRole() 25// 26// This function returns the authorization role required of a handle. 27// 28// Return Value Meaning 29// 30// AUTH_NONE no authorization is required 31// AUTH_USER user role authorization is required 32// AUTH_ADMIN admin role authorization is required 33// AUTH_DUP duplication role authorization is required 34// 35AUTH_ROLE 36CommandAuthRole( 37 TPM_CC commandCode, // IN: command code 38 UINT32 handleIndex // IN: handle index (zero based) 39 ) 40{ 41 if(handleIndex > 1) 42 return AUTH_NONE; 43 if(handleIndex == 0) { 44 ATTRIBUTE_TYPE properties = s_commandAttributes[commandCode - TPM_CC_FIRST]; 45 if(properties & HANDLE_1_USER) return AUTH_USER; 46 if(properties & HANDLE_1_ADMIN) return AUTH_ADMIN; 47 if(properties & HANDLE_1_DUP) return AUTH_DUP; 48 return AUTH_NONE; 49 } 50 if(s_commandAttributes[commandCode - TPM_CC_FIRST] & HANDLE_2_USER) 51 return AUTH_USER; 52 return AUTH_NONE; 53} 54// 55// 56// CommandIsImplemented() 57// 58// This function indicates if a command is implemented. 59// 60// Return Value Meaning 61// 62// TRUE if the command is implemented 63// FALSE if the command is not implemented 64// 65BOOL 66CommandIsImplemented( 67 TPM_CC commandCode // IN: command code 68 ) 69{ 70 if(commandCode < TPM_CC_FIRST || commandCode > TPM_CC_LAST) 71 return FALSE; 72 if((s_commandAttributes[commandCode - TPM_CC_FIRST] & IS_IMPLEMENTED)) 73 return TRUE; 74 else 75 return FALSE; 76} 77// 78// 79// CommandGetAttribute() 80// 81// return a TPMA_CC structure for the given command code 82// 83TPMA_CC 84CommandGetAttribute( 85 TPM_CC commandCode // IN: command code 86 ) 87{ 88 UINT32 size = sizeof(s_ccAttr) / sizeof(s_ccAttr[0]); 89 UINT32 i; 90 for(i = 0; i < size; i++) { 91 if(s_ccAttr[i].commandIndex == (UINT16) commandCode) 92 return s_ccAttr[i]; 93 } 94 // This function should be called in the way that the command code 95 // attribute is available. 96 FAIL(FATAL_ERROR_INTERNAL); 97 98 return s_ccAttr[0]; // Just to appease the compiler, never reached. 99} 100// 101// 102// EncryptSize() 103// 104// This function returns the size of the decrypt size field. This function returns 0 if encryption is not allowed 105// 106// Return Value Meaning 107// 108// 0 encryption not allowed 109// 2 size field is two bytes 110// 4 size field is four bytes 111// 112int 113EncryptSize( 114 TPM_CC commandCode // IN: commandCode 115 ) 116{ 117 COMMAND_ATTRIBUTES ca = s_commandAttributes[commandCode - TPM_CC_FIRST]; 118 if(ca & ENCRYPT_2) 119 return 2; 120 if(ca & ENCRYPT_4) 121 return 4; 122 return 0; 123} 124// 125// 126// DecryptSize() 127// 128// This function returns the size of the decrypt size field. This function returns 0 if decryption is not allowed 129// 130// Return Value Meaning 131// 132// 0 encryption not allowed 133// 2 size field is two bytes 134// 4 size field is four bytes 135// 136int 137DecryptSize( 138 TPM_CC commandCode // IN: commandCode 139 ) 140{ 141 COMMAND_ATTRIBUTES ca = s_commandAttributes[commandCode - TPM_CC_FIRST]; 142 if(ca & DECRYPT_2) 143 return 2; 144 if(ca & DECRYPT_4) 145 return 4; 146 return 0; 147} 148// 149// 150// IsSessionAllowed() 151// 152// This function indicates if the command is allowed to have sessions. 153// This function must not be called if the command is not known to be implemented. 154// 155// Return Value Meaning 156// 157// TRUE session is allowed with this command 158// FALSE session is not allowed with this command 159// 160BOOL 161IsSessionAllowed( 162 TPM_CC commandCode // IN: the command to be checked 163 ) 164{ 165 if(s_commandAttributes[commandCode - TPM_CC_FIRST] & NO_SESSIONS) 166 return FALSE; 167 else 168 return TRUE; 169} 170// 171// 172// IsHandleInResponse() 173// 174BOOL 175IsHandleInResponse( 176 TPM_CC commandCode 177 ) 178{ 179 if(s_commandAttributes[commandCode - TPM_CC_FIRST] & R_HANDLE) 180 return TRUE; 181 else 182 return FALSE; 183// 184} 185// 186// 187// IsWriteOperation() 188// 189// Checks to see if an operation will write to NV memory 190// 191BOOL 192IsWriteOperation( 193 TPM_CC command // IN: Command to check 194 ) 195{ 196 switch (command) 197 { 198 case TPM_CC_NV_Write: 199 case TPM_CC_NV_Increment: 200 case TPM_CC_NV_SetBits: 201 case TPM_CC_NV_Extend: 202 // Nv write lock counts as a write operation for authorization purposes. 203 // We check to see if the NV is write locked before we do the authorization 204 // If it is locked, we fail the command early. 205 case TPM_CC_NV_WriteLock: 206 return TRUE; 207 default: 208 break; 209 } 210 return FALSE; 211} 212// 213// 214// IsReadOperation() 215// 216// Checks to see if an operation will write to NV memory 217// 218BOOL 219IsReadOperation( 220 TPM_CC command // IN: Command to check 221 ) 222{ 223 switch (command) 224 { 225 case TPM_CC_NV_Read: 226 case TPM_CC_PolicyNV: 227 case TPM_CC_NV_Certify: 228 // Nv read lock counts as a read operation for authorization purposes. 229 // We check to see if the NV is read locked before we do the authorization 230 // If it is locked, we fail the command early. 231 case TPM_CC_NV_ReadLock: 232 return TRUE; 233 default: 234 break; 235 } 236 return FALSE; 237} 238// 239// 240// CommandCapGetCCList() 241// 242// This function returns a list of implemented commands and command attributes starting from the 243// command in commandCode. 244// 245// 246// 247// 248// Return Value Meaning 249// 250// YES more command attributes are available 251// NO no more command attributes are available 252// 253TPMI_YES_NO 254CommandCapGetCCList( 255 TPM_CC commandCode, // IN: start command code 256 UINT32 count, // IN: maximum count for number of entries in 257 // 'commandList' 258 TPML_CCA *commandList // OUT: list of TPMA_CC 259 ) 260{ 261 TPMI_YES_NO more = NO; 262 UINT32 i; 263 // initialize output handle list count 264 commandList->count = 0; 265 // The maximum count of commands that may be return is MAX_CAP_CC. 266 if(count > MAX_CAP_CC) count = MAX_CAP_CC; 267 // If the command code is smaller than TPM_CC_FIRST, start from TPM_CC_FIRST 268 if(commandCode < TPM_CC_FIRST) commandCode = TPM_CC_FIRST; 269 // Collect command attributes 270 for(i = commandCode; i <= TPM_CC_LAST; i++) 271 { 272 if(CommandIsImplemented(i)) 273 { 274 if(commandList->count < count) 275 { 276 // If the list is not full, add the attributes for this command. 277 commandList->commandAttributes[commandList->count] 278 = CommandGetAttribute(i); 279 commandList->count++; 280 } 281 else 282 { 283 // If the list is full but there are more commands to report, 284 // indicate this and return. 285 more = YES; 286 break; 287 } 288 } 289 } 290 return more; 291} 292