TPMCmd/tpm/src/command/NVStorage/NV_spt.c - platform/external/ms-tpm-20-ref - Git at Google

 /* Microsoft Reference Implementation for TPM 2.0
  *
  *  The copyright in this software is being made available under the BSD License,
  *  included below. This software may be subject to other third party and
  *  contributor rights, including patent rights, and no such rights are granted
  *  under this license.
  *
  *  Copyright (c) Microsoft Corporation
  *
  *  All rights reserved.
  *
  *  BSD License
  *
  *  Redistribution and use in source and binary forms, with or without modification,
  *  are permitted provided that the following conditions are met:
  *
  *  Redistributions of source code must retain the above copyright notice, this list
  *  of conditions and the following disclaimer.
  *
  *  Redistributions in binary form must reproduce the above copyright notice, this
  *  list of conditions and the following disclaimer in the documentation and/or other
  *  materials provided with the distribution.
  *
  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
  *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
  *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */

 //** Includes
 #include "Tpm.h"
 #include "NV_spt_fp.h"

 //** Functions

 //*** NvReadAccessChecks()
 // Common routine for validating a read
 // Used by TPM2_NV_Read, TPM2_NV_ReadLock and TPM2_PolicyNV
 // return type: TPM_RC
 //      TPM_RC_NV_AUTHORIZATION     autHandle is not allowed to authorize read
 //                                  of the index
 //      TPM_RC_NV_LOCKED            Read locked
 //      TPM_RC_NV_UNINITIALIZED     Try to read an uninitialized index
 //
 TPM_RC
 NvReadAccessChecks(
     TPM_HANDLE       authHandle,    // IN: the handle that provided the
                                     //     authorization
     TPM_HANDLE       nvHandle,      // IN: the handle of the NV index to be read
     TPMA_NV          attributes     // IN: the attributes of 'nvHandle'
     )
 {
     // If data is read locked, returns an error
    if(IsNv_TPMA_NV_READLOCKED(attributes))
        return TPM_RC_NV_LOCKED;
     // If the authorization was provided by the owner or platform, then check
     // that the attributes allow the read.  If the authorization handle
     // is the same as the index, then the checks were made when the authorization
     // was checked..
     if(authHandle == TPM_RH_OWNER)
     {
         // If Owner provided authorization then ONWERWRITE must be SET
         if(!IsNv_TPMA_NV_OWNERREAD(attributes))
             return TPM_RC_NV_AUTHORIZATION;
     }
     else if(authHandle == TPM_RH_PLATFORM)
     {
         // If Platform provided authorization then PPWRITE must be SET
         if(!IsNv_TPMA_NV_PPREAD(attributes))
             return TPM_RC_NV_AUTHORIZATION;
     }
     // If neither Owner nor Platform provided authorization, make sure that it was
     // provided by this index.
     else if(authHandle != nvHandle)
         return TPM_RC_NV_AUTHORIZATION;

 // If the index has not been written, then the value cannot be read
 // NOTE: This has to come after other access checks to make sure that
 // the proper authorization is given to TPM2_NV_ReadLock()
     if(!IsNv_TPMA_NV_WRITTEN(attributes))
         return TPM_RC_NV_UNINITIALIZED;

     return TPM_RC_SUCCESS;
 }

 //*** NvWriteAccessChecks()
 // Common routine for validating a write
 // Used by TPM2_NV_Write, TPM2_NV_Increment, TPM2_SetBits, and TPM2_NV_WriteLock
 // return type: TPM_RC
 //      TPM_RC_NV_AUTHORIZATION     Authorization fails
 //      TPM_RC_NV_LOCKED            Write locked
 //
 TPM_RC
 NvWriteAccessChecks(
     TPM_HANDLE       authHandle,    // IN: the handle that provided the
                                     //     authorization
     TPM_HANDLE       nvHandle,      // IN: the handle of the NV index to be written
     TPMA_NV          attributes     // IN: the attributes of 'nvHandle'
     )
 {
     // If data is write locked, returns an error
     if(IsNv_TPMA_NV_WRITELOCKED(attributes))
         return TPM_RC_NV_LOCKED;
     // If the authorization was provided by the owner or platform, then check
     // that the attributes allow the write.  If the authorization handle
     // is the same as the index, then the checks were made when the authorization
     // was checked..
     if(authHandle == TPM_RH_OWNER)
     {
         // If Owner provided authorization then ONWERWRITE must be SET
         if(!IsNv_TPMA_NV_OWNERWRITE(attributes))
             return TPM_RC_NV_AUTHORIZATION;
     }
     else if(authHandle == TPM_RH_PLATFORM)
     {
         // If Platform provided authorization then PPWRITE must be SET
         if(!IsNv_TPMA_NV_PPWRITE(attributes))
             return TPM_RC_NV_AUTHORIZATION;
     }
     // If neither Owner nor Platform provided authorization, make sure that it was
     // provided by this index.
     else if(authHandle != nvHandle)
         return TPM_RC_NV_AUTHORIZATION;
     return TPM_RC_SUCCESS;
 }

 //*** NvClearOrderly()
 // This function is used to cause gp.orderlyState to be cleared to the
 // non-orderly state.
 TPM_RC
 NvClearOrderly(
     void
     )
 {
     if(gp.orderlyState < SU_DA_USED_VALUE)
         RETURN_IF_NV_IS_NOT_AVAILABLE;
     g_clearOrderly = TRUE;
     return TPM_RC_SUCCESS;
 }

 //*** NvIsPinPassIndex()
 // Function to check to see if an NV index is a PIN Pass Index
 // return type: BOOL
 //  TRUE    is pin pass
 //  FALSE   is not pin pass
 BOOL
 NvIsPinPassIndex(
     TPM_HANDLE          index       // IN: Handle to check
     )
 {
     if(HandleGetType(index) == TPM_HT_NV_INDEX)
     {
         NV_INDEX                *nvIndex = NvGetIndexInfo(index, NULL);

         return IsNvPinPassIndex(nvIndex->publicArea.attributes);
     }
     return FALSE;
 }
	/* Microsoft Reference Implementation for TPM 2.0
	*
	* The copyright in this software is being made available under the BSD License,
	* included below. This software may be subject to other third party and
	* contributor rights, including patent rights, and no such rights are granted
	* under this license.
	*
	* Copyright (c) Microsoft Corporation
	*
	* All rights reserved.
	*
	* BSD License
	*
	* Redistribution and use in source and binary forms, with or without modification,
	* are permitted provided that the following conditions are met:
	*
	* Redistributions of source code must retain the above copyright notice, this list
	* of conditions and the following disclaimer.
	*
	* Redistributions in binary form must reproduce the above copyright notice, this
	* list of conditions and the following disclaimer in the documentation and/or other
	* materials provided with the distribution.
	*
	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
	* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
	* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
	* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
	* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	*/

	//** Includes
	#include "Tpm.h"
	#include "NV_spt_fp.h"

	//** Functions

	//*** NvReadAccessChecks()
	// Common routine for validating a read
	// Used by TPM2_NV_Read, TPM2_NV_ReadLock and TPM2_PolicyNV
	// return type: TPM_RC
	// TPM_RC_NV_AUTHORIZATION autHandle is not allowed to authorize read
	// of the index
	// TPM_RC_NV_LOCKED Read locked
	// TPM_RC_NV_UNINITIALIZED Try to read an uninitialized index
	//
	TPM_RC
	NvReadAccessChecks(
	TPM_HANDLE authHandle, // IN: the handle that provided the
	// authorization
	TPM_HANDLE nvHandle, // IN: the handle of the NV index to be read
	TPMA_NV attributes // IN: the attributes of 'nvHandle'
	)
	{
	// If data is read locked, returns an error
	if(IsNv_TPMA_NV_READLOCKED(attributes))
	return TPM_RC_NV_LOCKED;
	// If the authorization was provided by the owner or platform, then check
	// that the attributes allow the read. If the authorization handle
	// is the same as the index, then the checks were made when the authorization
	// was checked..
	if(authHandle == TPM_RH_OWNER)
	{
	// If Owner provided authorization then ONWERWRITE must be SET
	if(!IsNv_TPMA_NV_OWNERREAD(attributes))
	return TPM_RC_NV_AUTHORIZATION;
	}
	else if(authHandle == TPM_RH_PLATFORM)
	{
	// If Platform provided authorization then PPWRITE must be SET
	if(!IsNv_TPMA_NV_PPREAD(attributes))
	return TPM_RC_NV_AUTHORIZATION;
	}
	// If neither Owner nor Platform provided authorization, make sure that it was
	// provided by this index.
	else if(authHandle != nvHandle)
	return TPM_RC_NV_AUTHORIZATION;

	// If the index has not been written, then the value cannot be read
	// NOTE: This has to come after other access checks to make sure that
	// the proper authorization is given to TPM2_NV_ReadLock()
	if(!IsNv_TPMA_NV_WRITTEN(attributes))
	return TPM_RC_NV_UNINITIALIZED;

	return TPM_RC_SUCCESS;
	}

	//*** NvWriteAccessChecks()
	// Common routine for validating a write
	// Used by TPM2_NV_Write, TPM2_NV_Increment, TPM2_SetBits, and TPM2_NV_WriteLock
	// return type: TPM_RC
	// TPM_RC_NV_AUTHORIZATION Authorization fails
	// TPM_RC_NV_LOCKED Write locked
	//
	TPM_RC
	NvWriteAccessChecks(
	TPM_HANDLE authHandle, // IN: the handle that provided the
	// authorization
	TPM_HANDLE nvHandle, // IN: the handle of the NV index to be written
	TPMA_NV attributes // IN: the attributes of 'nvHandle'
	)
	{
	// If data is write locked, returns an error
	if(IsNv_TPMA_NV_WRITELOCKED(attributes))
	return TPM_RC_NV_LOCKED;
	// If the authorization was provided by the owner or platform, then check
	// that the attributes allow the write. If the authorization handle
	// is the same as the index, then the checks were made when the authorization
	// was checked..
	if(authHandle == TPM_RH_OWNER)
	{
	// If Owner provided authorization then ONWERWRITE must be SET
	if(!IsNv_TPMA_NV_OWNERWRITE(attributes))
	return TPM_RC_NV_AUTHORIZATION;
	}
	else if(authHandle == TPM_RH_PLATFORM)
	{
	// If Platform provided authorization then PPWRITE must be SET
	if(!IsNv_TPMA_NV_PPWRITE(attributes))
	return TPM_RC_NV_AUTHORIZATION;
	}
	// If neither Owner nor Platform provided authorization, make sure that it was
	// provided by this index.
	else if(authHandle != nvHandle)
	return TPM_RC_NV_AUTHORIZATION;
	return TPM_RC_SUCCESS;
	}

	//*** NvClearOrderly()
	// This function is used to cause gp.orderlyState to be cleared to the
	// non-orderly state.
	TPM_RC
	NvClearOrderly(
	void
	)
	{
	if(gp.orderlyState < SU_DA_USED_VALUE)
	RETURN_IF_NV_IS_NOT_AVAILABLE;
	g_clearOrderly = TRUE;
	return TPM_RC_SUCCESS;
	}

	//*** NvIsPinPassIndex()
	// Function to check to see if an NV index is a PIN Pass Index
	// return type: BOOL
	// TRUE is pin pass
	// FALSE is not pin pass
	BOOL
	NvIsPinPassIndex(
	TPM_HANDLE index // IN: Handle to check
	)
	{
	if(HandleGetType(index) == TPM_HT_NV_INDEX)
	{
	NV_INDEX *nvIndex = NvGetIndexInfo(index, NULL);

	return IsNvPinPassIndex(nvIndex->publicArea.attributes);
	}
	return FALSE;
	}