/src/tpm2/CommandCodeAttributes.c

Source (jump to first uncovered line)
// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 4: Supporting Routines
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014

#include    "Tpm.h"
#include    "InternalRoutines.h"
typedef UINT16          ATTRIBUTE_TYPE;
//
//     The following file is produced from the command tables in part 3 of the specification. It defines the
//     attributes for each of the commands.
//
//     NOTE:           This file is currently produced by an automated process. Files produced from Part 2 or Part 3 tables through
//                     automated processes are not included in the specification so that their is no ambiguity about the table
//                     containing the information being the normative definition.
//
#include       "CommandAttributeData.c"
//
//  SafeGetAttributesForCC()
//
//  Helper function returning a command attribute value for the given command
//  code or extended command code.
//
//  Return Value                 Meaning
//
//  COMMAND_ATTRIBUTES            command attribute for the given command
//
static COMMAND_ATTRIBUTES SafeGetAttributesForCC(TPM_CC commandCode) {
  const COMMAND_ATTRIBUTES kUnimplementedAttr = 0;

  if (commandCode & TPM_CCE_BIT_MASK) {
    if (commandCode >= TPM_CCE_FIRST && commandCode <= TPM_CCE_LAST)
      return s_commandAttributesExt[commandCode - TPM_CCE_FIRST];
  } else {
    if (commandCode >= TPM_CC_FIRST && commandCode <= TPM_CC_LAST)
      return s_commandAttributes[commandCode - TPM_CC_FIRST];
  }

  return kUnimplementedAttr;
}
//
//
//
//          Command Attribute Functions
//
//          CommandAuthRole()
//
//     This function returns the authorization role required of a handle.
//
//     Return Value                       Meaning
//
//     AUTH_NONE                          no authorization is required
//     AUTH_USER                          user role authorization is required
//     AUTH_ADMIN                         admin role authorization is required
//     AUTH_DUP                           duplication role authorization is required
//
AUTH_ROLE
CommandAuthRole(
     TPM_CC        commandCode,                 // IN: command code
     UINT32        handleIndex                  // IN: handle index (zero based)
     )
{
   ATTRIBUTE_TYPE properties = SafeGetAttributesForCC(commandCode);

   if(handleIndex > 1)
       return AUTH_NONE;
   if(handleIndex == 0) {
       if(properties & HANDLE_1_USER) return AUTH_USER;
       if(properties & HANDLE_1_ADMIN) return AUTH_ADMIN;
       if(properties & HANDLE_1_DUP) return AUTH_DUP;
       return AUTH_NONE;
   }
   if(properties & HANDLE_2_USER)
           return AUTH_USER;
   return AUTH_NONE;
}
//
//
//          CommandIsImplemented()
//
//     This function indicates if a command is implemented.
//
//     Return Value                      Meaning
//
//     TRUE                              if the command is implemented
//     FALSE                             if the command is not implemented
//
BOOL
CommandIsImplemented(
    TPM_CC                commandCode          // IN: command code
    )
{
  return (SafeGetAttributesForCC(commandCode) & IS_IMPLEMENTED) ? TRUE : FALSE;
}
//
//
//          CommandGetAttribute()
//
//     return a TPMA_CC structure for the given command code
//
TPMA_CC
CommandGetAttribute(
    TPM_CC                commandCode          // IN: command code
    )
{
    UINT32      size = sizeof(s_ccAttr) / sizeof(s_ccAttr[0]);
    UINT32      i;
    for(i = 0; i < size; i++) {
        if(s_ccAttr[i].commandIndex == (UINT16) commandCode)
            return s_ccAttr[i];
    }
    // This function should be called in the way that the command code
    // attribute is available.
    FAIL(FATAL_ERROR_INTERNAL);

    return s_ccAttr[0]; // Just to appease the compiler, never reached.
}
//
//
//          EncryptSize()
//
//     This function returns the size of the decrypt size field. This function returns 0 if encryption is not allowed
//
//     Return Value                      Meaning
//
//     0                                 encryption not allowed
//     2                                 size field is two bytes
//     4                                 size field is four bytes
//
int
EncryptSize(
    TPM_CC                commandCode          // IN: commandCode
    )
{
    COMMAND_ATTRIBUTES        ca = SafeGetAttributesForCC(commandCode);
    if(ca & ENCRYPT_2)
        return 2;
    if(ca & ENCRYPT_4)
        return 4;
    return 0;
}
//
//
//          DecryptSize()
//
//     This function returns the size of the decrypt size field. This function returns 0 if decryption is not allowed
//
//     Return Value                      Meaning
//
//     0                                 encryption not allowed
//     2                                 size field is two bytes
//     4                                 size field is four bytes
//
int
DecryptSize(
    TPM_CC                commandCode          // IN: commandCode
    )
{
    COMMAND_ATTRIBUTES        ca = SafeGetAttributesForCC(commandCode);
    if(ca & DECRYPT_2)
        return 2;
    if(ca & DECRYPT_4)
        return 4;
    return 0;
}
//
//
//          IsSessionAllowed()
//
//     This function indicates if the command is allowed to have sessions.
//     This function must not be called if the command is not known to be implemented.
//
//     Return Value                      Meaning
//
//     TRUE                              session is allowed with this command
//     FALSE                             session is not allowed with this command
//
BOOL
IsSessionAllowed(
    TPM_CC                commandCode          // IN: the command to be checked
    )
{
    return (SafeGetAttributesForCC(commandCode) & NO_SESSIONS) ? FALSE : TRUE;
}
//
//
//          IsHandleInResponse()
//
BOOL
IsHandleInResponse(
    TPM_CC                commandCode
    )
{
    return (SafeGetAttributesForCC(commandCode) & R_HANDLE) ? TRUE : FALSE;
}
//
//
//           IsWriteOperation()
//
//      Checks to see if an operation will write to NV memory
//
BOOL
IsWriteOperation(
   TPM_CC               command           // IN: Command to check
   )
{
   switch (command)
   {
       case TPM_CC_NV_Write:
       case TPM_CC_NV_Increment:
       case TPM_CC_NV_SetBits:
       case TPM_CC_NV_Extend:
       // Nv write lock counts as a write operation for authorization purposes.
       // We check to see if the NV is write locked before we do the authorization
       // If it is locked, we fail the command early.
       case TPM_CC_NV_WriteLock:
           return TRUE;
       default:
           break;
   }
   return FALSE;
}
//
//
//           IsReadOperation()
//
//      Checks to see if an operation will write to NV memory
//
BOOL
IsReadOperation(
   TPM_CC               command           // IN: Command to check
   )
{
   switch (command)
   {
       case TPM_CC_NV_Read:
       case TPM_CC_PolicyNV:
       case TPM_CC_NV_Certify:
       // Nv read lock counts as a read operation for authorization purposes.
       // We check to see if the NV is read locked before we do the authorization
       // If it is locked, we fail the command early.
       case TPM_CC_NV_ReadLock:
           return TRUE;
       default:
           break;
   }
   return FALSE;
}
//
//
//          CommandCapGetCCList()
//
//      This function returns a list of implemented commands and command attributes starting from the
//      command in commandCode.
//
//
//
//
//      Return Value                      Meaning
//
//      YES                               more command attributes are available
//      NO                                no more command attributes are available
//
TPMI_YES_NO
CommandCapGetCCList(
     TPM_CC            commandCode,         // IN: start command code
     UINT32            count,               // IN: maximum count for number of entries in
                                            //     'commandList'
     TPML_CCA         *commandList          // OUT: list of TPMA_CC
     )
{
     TPMI_YES_NO       more = NO;
     UINT32            i;
     // initialize output handle list count
     commandList->count = 0;
     // The maximum count of commands that may be returned is MAX_CAP_CC_ALL.
     if(count > MAX_CAP_CC_ALL) count = MAX_CAP_CC_ALL;
     // If the command code is smaller than TPM_CC_FIRST, start from TPM_CC_FIRST
     if(commandCode < TPM_CC_FIRST) commandCode = TPM_CC_FIRST;
     // Collect command attributes
     for(i = commandCode; i <= TPM_CCE_LAST; i++)
     {
         if (i > TPM_CC_LAST && i < TPM_CCE_FIRST)
         {
             i = TPM_CCE_FIRST;
         }
         if(CommandIsImplemented(i))
         {
             if(commandList->count < count)
             {
                 // If the list is not full, add the attributes for this command.
                 commandList->commandAttributes[commandList->count]
                     = CommandGetAttribute(i);
                 commandList->count++;
             }
             else
             {
                 // If the list is full but there are more commands to report,
                 // indicate this and return.
                 more = YES;
                 break;
             }
         }
     }
     return more;
}

Coverage Report

Created: 2023-06-07 06:46

Line	Count	Source (jump to first uncovered line)
1		// This file was extracted from the TCG Published
2		// Trusted Platform Module Library
3		// Part 4: Supporting Routines
4		// Family "2.0"
5		// Level 00 Revision 01.16
6		// October 30, 2014
7
8		#include "Tpm.h"
9		#include "InternalRoutines.h"
10		typedef UINT16 ATTRIBUTE_TYPE;
11		//
12		// The following file is produced from the command tables in part 3 of the specification. It defines the
13		// attributes for each of the commands.
14		//
15		// NOTE: This file is currently produced by an automated process. Files produced from Part 2 or Part 3 tables through
16		// automated processes are not included in the specification so that their is no ambiguity about the table
17		// containing the information being the normative definition.
18		//
19		#include "CommandAttributeData.c"
20		//
21		// SafeGetAttributesForCC()
22		//
23		// Helper function returning a command attribute value for the given command
24		// code or extended command code.
25		//
26		// Return Value Meaning
27		//
28		// COMMAND_ATTRIBUTES command attribute for the given command
29		//
30	37.3k	static COMMAND_ATTRIBUTES SafeGetAttributesForCC(TPM_CC commandCode) {
31	37.3k	const COMMAND_ATTRIBUTES kUnimplementedAttr = 0;
32
33	37.3k	if (commandCode & TPM_CCE_BIT_MASK) {
34	68	if (commandCode >= TPM_CCE_FIRST && commandCode <= TPM_CCE_LAST)
35	68	return s_commandAttributesExt[commandCode - TPM_CCE_FIRST];
36	37.3k	} else {
37	37.3k	if (commandCode >= TPM_CC_FIRST && commandCode <= TPM_CC_LAST)
38	37.3k	return s_commandAttributes[commandCode - TPM_CC_FIRST];
39	37.3k	}
40
41	0	return kUnimplementedAttr;
42	37.3k	}
43		//
44		//
45		//
46		// Command Attribute Functions
47		//
48		// CommandAuthRole()
49		//
50		// This function returns the authorization role required of a handle.
51		//
52		// Return Value Meaning
53		//
54		// AUTH_NONE no authorization is required
55		// AUTH_USER user role authorization is required
56		// AUTH_ADMIN admin role authorization is required
57		// AUTH_DUP duplication role authorization is required
58		//
59		AUTH_ROLE
60		CommandAuthRole(
61		TPM_CC commandCode, // IN: command code
62		UINT32 handleIndex // IN: handle index (zero based)
63		)
64	2.24k	{
65	2.24k	ATTRIBUTE_TYPE properties = SafeGetAttributesForCC(commandCode);
66
67	2.24k	if(handleIndex > 1)
68	0	return AUTH_NONE;
69	2.24k	if(handleIndex == 0) {
70	2.05k	if(properties & HANDLE_1_USER) return AUTH_USER;
71	192	if(properties & HANDLE_1_ADMIN) return AUTH_ADMIN;
72	192	if(properties & HANDLE_1_DUP) return AUTH_DUP;
73	192	return AUTH_NONE;
74	192	}
75	192	if(properties & HANDLE_2_USER)
76	0	return AUTH_USER;
77	192	return AUTH_NONE;
78	192	}
79		//
80		//
81		// CommandIsImplemented()
82		//
83		// This function indicates if a command is implemented.
84		//
85		// Return Value Meaning
86		//
87		// TRUE if the command is implemented
88		// FALSE if the command is not implemented
89		//
90		BOOL
91		CommandIsImplemented(
92		TPM_CC commandCode // IN: command code
93		)
94	27.2k	{
95	27.2k	return (SafeGetAttributesForCC(commandCode) & IS_IMPLEMENTED) ? TRUE : FALSE;
96	27.2k	}
97		//
98		//
99		// CommandGetAttribute()
100		//
101		// return a TPMA_CC structure for the given command code
102		//
103		TPMA_CC
104		CommandGetAttribute(
105		TPM_CC commandCode // IN: command code
106		)
107	680	{
108	680	UINT32 size = sizeof(s_ccAttr) / sizeof(s_ccAttr[0]);
109	680	UINT32 i;
110	38.5k	for(i = 0; i < size; i++) {
111	38.5k	if(s_ccAttr[i].commandIndex == (UINT16) commandCode)
112	680	return s_ccAttr[i];
113	38.5k	}
114		// This function should be called in the way that the command code
115		// attribute is available.
116	0	FAIL(FATAL_ERROR_INTERNAL);
117
118	0	return s_ccAttr[0]; // Just to appease the compiler, never reached.
119	680	}
120		//
121		//
122		// EncryptSize()
123		//
124		// This function returns the size of the decrypt size field. This function returns 0 if encryption is not allowed
125		//
126		// Return Value Meaning
127		//
128		// 0 encryption not allowed
129		// 2 size field is two bytes
130		// 4 size field is four bytes
131		//
132		int
133		EncryptSize(
134		TPM_CC commandCode // IN: commandCode
135		)
136	0	{
137	0	COMMAND_ATTRIBUTES ca = SafeGetAttributesForCC(commandCode);
138	0	if(ca & ENCRYPT_2)
139	0	return 2;
140	0	if(ca & ENCRYPT_4)
141	0	return 4;
142	0	return 0;
143	0	}
144		//
145		//
146		// DecryptSize()
147		//
148		// This function returns the size of the decrypt size field. This function returns 0 if decryption is not allowed
149		//
150		// Return Value Meaning
151		//
152		// 0 encryption not allowed
153		// 2 size field is two bytes
154		// 4 size field is four bytes
155		//
156		int
157		DecryptSize(
158		TPM_CC commandCode // IN: commandCode
159		)
160	0	{
161	0	COMMAND_ATTRIBUTES ca = SafeGetAttributesForCC(commandCode);
162	0	if(ca & DECRYPT_2)
163	0	return 2;
164	0	if(ca & DECRYPT_4)
165	0	return 4;
166	0	return 0;
167	0	}
168		//
169		//
170		// IsSessionAllowed()
171		//
172		// This function indicates if the command is allowed to have sessions.
173		// This function must not be called if the command is not known to be implemented.
174		//
175		// Return Value Meaning
176		//
177		// TRUE session is allowed with this command
178		// FALSE session is not allowed with this command
179		//
180		BOOL
181		IsSessionAllowed(
182		TPM_CC commandCode // IN: the command to be checked
183		)
184	7.89k	{
185	7.89k	return (SafeGetAttributesForCC(commandCode) & NO_SESSIONS) ? FALSE : TRUE;
186	7.89k	}
187		//
188		//
189		// IsHandleInResponse()
190		//
191		BOOL
192		IsHandleInResponse(
193		TPM_CC commandCode
194		)
195	0	{
196	0	return (SafeGetAttributesForCC(commandCode) & R_HANDLE) ? TRUE : FALSE;
197	0	}
198		//
199		//
200		// IsWriteOperation()
201		//
202		// Checks to see if an operation will write to NV memory
203		//
204		BOOL
205		IsWriteOperation(
206		TPM_CC command // IN: Command to check
207		)
208	0	{
209	0	switch (command)
210	0	{
211	0	case TPM_CC_NV_Write:
212	0	case TPM_CC_NV_Increment:
213	0	case TPM_CC_NV_SetBits:
214	0	case TPM_CC_NV_Extend:
215		// Nv write lock counts as a write operation for authorization purposes.
216		// We check to see if the NV is write locked before we do the authorization
217		// If it is locked, we fail the command early.
218	0	case TPM_CC_NV_WriteLock:
219	0	return TRUE;
220	0	default:
221	0	break;
222	0	}
223	0	return FALSE;
224	0	}
225		//
226		//
227		// IsReadOperation()
228		//
229		// Checks to see if an operation will write to NV memory
230		//
231		BOOL
232		IsReadOperation(
233		TPM_CC command // IN: Command to check
234		)
235	0	{
236	0	switch (command)
237	0	{
238	0	case TPM_CC_NV_Read:
239	0	case TPM_CC_PolicyNV:
240	0	case TPM_CC_NV_Certify:
241		// Nv read lock counts as a read operation for authorization purposes.
242		// We check to see if the NV is read locked before we do the authorization
243		// If it is locked, we fail the command early.
244	0	case TPM_CC_NV_ReadLock:
245	0	return TRUE;
246	0	default:
247	0	break;
248	0	}
249	0	return FALSE;
250	0	}
251		//
252		//
253		// CommandCapGetCCList()
254		//
255		// This function returns a list of implemented commands and command attributes starting from the
256		// command in commandCode.
257		//
258		//
259		//
260		//
261		// Return Value Meaning
262		//
263		// YES more command attributes are available
264		// NO no more command attributes are available
265		//
266		TPMI_YES_NO
267		CommandCapGetCCList(
268		TPM_CC commandCode, // IN: start command code
269		UINT32 count, // IN: maximum count for number of entries in
270		// 'commandList'
271		TPML_CCA *commandList // OUT: list of TPMA_CC
272		)
273	91	{
274	91	TPMI_YES_NO more = NO;
275	91	UINT32 i;
276		// initialize output handle list count
277	91	commandList->count = 0;
278		// The maximum count of commands that may be returned is MAX_CAP_CC_ALL.
279	91	if(count > MAX_CAP_CC_ALL) count = MAX_CAP_CC_ALL;
280		// If the command code is smaller than TPM_CC_FIRST, start from TPM_CC_FIRST
281	91	if(commandCode < TPM_CC_FIRST) commandCode = TPM_CC_FIRST;
282		// Collect command attributes
283	1.33k	for(i = commandCode; i <= TPM_CCE_LAST; i++)
284	1.25k	{
285	1.25k	if (i > TPM_CC_LAST && i < TPM_CCE_FIRST)
286	45	{
287	45	i = TPM_CCE_FIRST;
288	45	}
289	1.25k	if(CommandIsImplemented(i))
290	697	{
291	697	if(commandList->count < count)
292	680	{
293		// If the list is not full, add the attributes for this command.
294	680	commandList->commandAttributes[commandList->count]
295	680	= CommandGetAttribute(i);
296	680	commandList->count++;
297	680	}
298	17	else
299	17	{
300		// If the list is full but there are more commands to report,
301		// indicate this and return.
302	17	more = YES;
303	17	break;
304	17	}
305	697	}
306	1.25k	}
307	91	return more;
308	91	}