/src/ibmswtpm2/src/NV_spt.c

Source
/********************************************************************************/
/*                    */
/*                  */
/*           Written by Ken Goldman       */
/*           IBM Thomas J. Watson Research Center     */
/*            $Id: NV_spt.c 1047 2017-07-20 18:27:34Z kgoldman $      */
/*                    */
/*  Licenses and Notices              */
/*                    */
/*  1. Copyright Licenses:              */
/*                    */
/*  - Trusted Computing Group (TCG) grants to the user of the source code in  */
/*    this specification (the "Source Code") a worldwide, irrevocable,    */
/*    nonexclusive, royalty free, copyright license to reproduce, create  */
/*    derivative works, distribute, display and perform the Source Code and */
/*    derivative works thereof, and to grant others the rights granted herein.  */
/*                    */
/*  - The TCG grants to the user of the other parts of the specification  */
/*    (other than the Source Code) the rights to reproduce, distribute,   */
/*    display, and perform the specification solely for the purpose of    */
/*    developing products based on such documents.        */
/*                    */
/*  2. Source Code Distribution Conditions:         */
/*                    */
/*  - Redistributions of Source Code must retain the above copyright licenses,  */
/*    this list of conditions and the following disclaimers.      */
/*                    */
/*  - Redistributions in binary form must reproduce the above copyright   */
/*    licenses, this list of conditions and the following disclaimers in the  */
/*    documentation and/or other materials provided with the distribution.  */
/*                    */
/*  3. Disclaimers:               */
/*                    */
/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.   */
/*  Contact TCG Administration (admin@trustedcomputinggroup.org) for    */
/*  information on specification licensing rights available through TCG   */
/*  membership agreements.              */
/*                    */
/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED   */
/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR   */
/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR    */
/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY    */
/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.   */
/*                    */
/*  - Without limitation, TCG and its members and licensors disclaim all  */
/*    liability, including liability for infringement of any proprietary  */
/*    rights, relating to use of information in this specification and to the */
/*    implementation of this specification, and TCG disclaims all liability for */
/*    cost of procurement of substitute goods or services, lost profits, loss   */
/*    of use, loss of data or any incidental, consequential, direct, indirect,  */
/*    or special damages, whether under contract, tort, warranty or otherwise,  */
/*    arising in any way out of use or reliance upon this specification or any  */
/*    information herein.             */
/*                    */
/*  (c) Copyright IBM Corp. and others, 2016, 2017        */
/*                    */
/********************************************************************************/

/* 7.5 NV Command Support (NV_spt.c) */
/* 7.5.1 Includes */
#include "Tpm.h"
#include "NV_spt_fp.h"
/* 7.5.2 Functions */
/* 7.5.2.1 NvReadAccessChecks() */
/* Common routine for validating a read Used by TPM2_NV_Read(), TPM2_NV_ReadLock() and
   TPM2_PolicyNV() */
/* Error Returns Meaning */
/* TPM_RC_NV_AUTHORIZATION autHandle is not allowed to authorize read of the index */
/* TPM_RC_NV_LOCKED Read locked */
/* TPM_RC_NV_UNINITIALIZED Try to read an uninitialized index */
TPM_RC
NvReadAccessChecks(
       TPM_HANDLE       authHandle,    // IN: the handle that provided the
       //     authorization
       TPM_HANDLE       nvHandle,      // IN: the handle of the NV index to be read
       TPMA_NV          attributes     // IN: the attributes of 'nvHandle'
       )
{
    // If data is read locked, returns an error
    if(IS_ATTRIBUTE(attributes, TPMA_NV, READLOCKED))
  return TPM_RC_NV_LOCKED;
    // If the authorization was provided by the owner or platform, then check
    // that the attributes allow the read.  If the authorization handle
    // is the same as the index, then the checks were made when the authorization
    // was checked..
    if(authHandle == TPM_RH_OWNER)
  {
      // If Owner provided authorization then ONWERWRITE must be SET
      if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERREAD))
    return TPM_RC_NV_AUTHORIZATION;
  }
    else if(authHandle == TPM_RH_PLATFORM)
  {
      // If Platform provided authorization then PPWRITE must be SET
      if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPREAD))
    return TPM_RC_NV_AUTHORIZATION;
  }
    // If neither Owner nor Platform provided authorization, make sure that it was
    // provided by this index.
    else if(authHandle != nvHandle)
  return TPM_RC_NV_AUTHORIZATION;
    // If the index has not been written, then the value cannot be read
    // NOTE: This has to come after other access checks to make sure that
    // the proper authorization is given to TPM2_NV_ReadLock()
    if(!IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN))
  return TPM_RC_NV_UNINITIALIZED;
    return TPM_RC_SUCCESS;
}
/* 7.5.2.2 NvWriteAccessChecks() */
/* Common routine for validating a write Used by TPM2_NV_Write(), TPM2_NV_Increment(),
   TPM2_SetBits(), and TPM2_NV_WriteLock() */
/* Error Returns Meaning */
/* TPM_RC_NV_AUTHORIZATION Authorization fails */
/* TPM_RC_NV_LOCKED Write locked */
TPM_RC
NvWriteAccessChecks(
        TPM_HANDLE       authHandle,    // IN: the handle that provided the
        //     authorization
        TPM_HANDLE       nvHandle,      // IN: the handle of the NV index to be written
        TPMA_NV          attributes     // IN: the attributes of 'nvHandle'
        )
{
    // If data is write locked, returns an error
    if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED))
  return TPM_RC_NV_LOCKED;
    // If the authorization was provided by the owner or platform, then check
    // that the attributes allow the write.  If the authorization handle
    // is the same as the index, then the checks were made when the authorization
    // was checked..
    if(authHandle == TPM_RH_OWNER)
  {
      // If Owner provided authorization then ONWERWRITE must be SET
      if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERWRITE))
    return TPM_RC_NV_AUTHORIZATION;
  }
    else if(authHandle == TPM_RH_PLATFORM)
  {
      // If Platform provided authorization then PPWRITE must be SET
      if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPWRITE))
    return TPM_RC_NV_AUTHORIZATION;
  }
    // If neither Owner nor Platform provided authorization, make sure that it was
    // provided by this index.
    else if(authHandle != nvHandle)
  return TPM_RC_NV_AUTHORIZATION;
    return TPM_RC_SUCCESS;
}
/* 7.5.2.3 NvClearOrderly() */
/* This function is used to cause gp.orderlyState to be cleared to the non-orderly state. */
TPM_RC
NvClearOrderly(
         void
         )
{
    if(gp.orderlyState < SU_DA_USED_VALUE)
  RETURN_IF_NV_IS_NOT_AVAILABLE;
    g_clearOrderly = TRUE;
    return TPM_RC_SUCCESS;
}
/* 7.5.2.4 NvIsPinPassIndex() */
/* Function to check to see if an NV index is a PIN Pass Index */
/* Return Value Meaning */
/* TRUE is pin pass */
/* FALSE is not pin pass */
BOOL
NvIsPinPassIndex(
     TPM_HANDLE          index       // IN: Handle to check
     )
{
    if(HandleGetType(index) == TPM_HT_NV_INDEX)
  {
      NV_INDEX                *nvIndex = NvGetIndexInfo(index, NULL);
      return IsNvPinPassIndex(nvIndex->publicArea.attributes);
  }
    return FALSE;
}

Coverage Report

Created: 2025-10-28 06:54

Line	Count	Source
1		/********************************************************************************/
2		/* */
3		/* */
4		/* Written by Ken Goldman */
5		/* IBM Thomas J. Watson Research Center */
6		/* $Id: NV_spt.c 1047 2017-07-20 18:27:34Z kgoldman $ */
7		/* */
8		/* Licenses and Notices */
9		/* */
10		/* 1. Copyright Licenses: */
11		/* */
12		/* - Trusted Computing Group (TCG) grants to the user of the source code in */
13		/* this specification (the "Source Code") a worldwide, irrevocable, */
14		/* nonexclusive, royalty free, copyright license to reproduce, create */
15		/* derivative works, distribute, display and perform the Source Code and */
16		/* derivative works thereof, and to grant others the rights granted herein. */
17		/* */
18		/* - The TCG grants to the user of the other parts of the specification */
19		/* (other than the Source Code) the rights to reproduce, distribute, */
20		/* display, and perform the specification solely for the purpose of */
21		/* developing products based on such documents. */
22		/* */
23		/* 2. Source Code Distribution Conditions: */
24		/* */
25		/* - Redistributions of Source Code must retain the above copyright licenses, */
26		/* this list of conditions and the following disclaimers. */
27		/* */
28		/* - Redistributions in binary form must reproduce the above copyright */
29		/* licenses, this list of conditions and the following disclaimers in the */
30		/* documentation and/or other materials provided with the distribution. */
31		/* */
32		/* 3. Disclaimers: */
33		/* */
34		/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
35		/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
36		/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
37		/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
38		/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
39		/* information on specification licensing rights available through TCG */
40		/* membership agreements. */
41		/* */
42		/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
43		/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
44		/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
45		/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
46		/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
47		/* */
48		/* - Without limitation, TCG and its members and licensors disclaim all */
49		/* liability, including liability for infringement of any proprietary */
50		/* rights, relating to use of information in this specification and to the */
51		/* implementation of this specification, and TCG disclaims all liability for */
52		/* cost of procurement of substitute goods or services, lost profits, loss */
53		/* of use, loss of data or any incidental, consequential, direct, indirect, */
54		/* or special damages, whether under contract, tort, warranty or otherwise, */
55		/* arising in any way out of use or reliance upon this specification or any */
56		/* information herein. */
57		/* */
58		/* (c) Copyright IBM Corp. and others, 2016, 2017 */
59		/* */
60		/********************************************************************************/
61
62		/* 7.5 NV Command Support (NV_spt.c) */
63		/* 7.5.1 Includes */
64		#include "Tpm.h"
65		#include "NV_spt_fp.h"
66		/* 7.5.2 Functions */
67		/* 7.5.2.1 NvReadAccessChecks() */
68		/* Common routine for validating a read Used by TPM2_NV_Read(), TPM2_NV_ReadLock() and
69		TPM2_PolicyNV() */
70		/* Error Returns Meaning */
71		/* TPM_RC_NV_AUTHORIZATION autHandle is not allowed to authorize read of the index */
72		/* TPM_RC_NV_LOCKED Read locked */
73		/* TPM_RC_NV_UNINITIALIZED Try to read an uninitialized index */
74		TPM_RC
75		NvReadAccessChecks(
76		TPM_HANDLE authHandle, // IN: the handle that provided the
77		// authorization
78		TPM_HANDLE nvHandle, // IN: the handle of the NV index to be read
79		TPMA_NV attributes // IN: the attributes of 'nvHandle'
80		)
81	0	{
82		// If data is read locked, returns an error
83	0	if(IS_ATTRIBUTE(attributes, TPMA_NV, READLOCKED))
84	0	return TPM_RC_NV_LOCKED;
85		// If the authorization was provided by the owner or platform, then check
86		// that the attributes allow the read. If the authorization handle
87		// is the same as the index, then the checks were made when the authorization
88		// was checked..
89	0	if(authHandle == TPM_RH_OWNER)
90	0	{
91		// If Owner provided authorization then ONWERWRITE must be SET
92	0	if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERREAD))
93	0	return TPM_RC_NV_AUTHORIZATION;
94	0	}
95	0	else if(authHandle == TPM_RH_PLATFORM)
96	0	{
97		// If Platform provided authorization then PPWRITE must be SET
98	0	if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPREAD))
99	0	return TPM_RC_NV_AUTHORIZATION;
100	0	}
101		// If neither Owner nor Platform provided authorization, make sure that it was
102		// provided by this index.
103	0	else if(authHandle != nvHandle)
104	0	return TPM_RC_NV_AUTHORIZATION;
105		// If the index has not been written, then the value cannot be read
106		// NOTE: This has to come after other access checks to make sure that
107		// the proper authorization is given to TPM2_NV_ReadLock()
108	0	if(!IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN))
109	0	return TPM_RC_NV_UNINITIALIZED;
110	0	return TPM_RC_SUCCESS;
111	0	}
112		/* 7.5.2.2 NvWriteAccessChecks() */
113		/* Common routine for validating a write Used by TPM2_NV_Write(), TPM2_NV_Increment(),
114		TPM2_SetBits(), and TPM2_NV_WriteLock() */
115		/* Error Returns Meaning */
116		/* TPM_RC_NV_AUTHORIZATION Authorization fails */
117		/* TPM_RC_NV_LOCKED Write locked */
118		TPM_RC
119		NvWriteAccessChecks(
120		TPM_HANDLE authHandle, // IN: the handle that provided the
121		// authorization
122		TPM_HANDLE nvHandle, // IN: the handle of the NV index to be written
123		TPMA_NV attributes // IN: the attributes of 'nvHandle'
124		)
125	0	{
126		// If data is write locked, returns an error
127	0	if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED))
128	0	return TPM_RC_NV_LOCKED;
129		// If the authorization was provided by the owner or platform, then check
130		// that the attributes allow the write. If the authorization handle
131		// is the same as the index, then the checks were made when the authorization
132		// was checked..
133	0	if(authHandle == TPM_RH_OWNER)
134	0	{
135		// If Owner provided authorization then ONWERWRITE must be SET
136	0	if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERWRITE))
137	0	return TPM_RC_NV_AUTHORIZATION;
138	0	}
139	0	else if(authHandle == TPM_RH_PLATFORM)
140	0	{
141		// If Platform provided authorization then PPWRITE must be SET
142	0	if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPWRITE))
143	0	return TPM_RC_NV_AUTHORIZATION;
144	0	}
145		// If neither Owner nor Platform provided authorization, make sure that it was
146		// provided by this index.
147	0	else if(authHandle != nvHandle)
148	0	return TPM_RC_NV_AUTHORIZATION;
149	0	return TPM_RC_SUCCESS;
150	0	}
151		/* 7.5.2.3 NvClearOrderly() */
152		/* This function is used to cause gp.orderlyState to be cleared to the non-orderly state. */
153		TPM_RC
154		NvClearOrderly(
155		void
156		)
157	0	{
158	0	if(gp.orderlyState < SU_DA_USED_VALUE)
159	0	RETURN_IF_NV_IS_NOT_AVAILABLE;
160	0	g_clearOrderly = TRUE;
161	0	return TPM_RC_SUCCESS;
162	0	}
163		/* 7.5.2.4 NvIsPinPassIndex() */
164		/* Function to check to see if an NV index is a PIN Pass Index */
165		/* Return Value Meaning */
166		/* TRUE is pin pass */
167		/* FALSE is not pin pass */
168		BOOL
169		NvIsPinPassIndex(
170		TPM_HANDLE index // IN: Handle to check
171		)
172	0	{
173	0	if(HandleGetType(index) == TPM_HT_NV_INDEX)
174	0	{
175	0	NV_INDEX *nvIndex = NvGetIndexInfo(index, NULL);
176	0	return IsNvPinPassIndex(nvIndex->publicArea.attributes);
177	0	}
178	0	return FALSE;
179	0	}