NV_spt.c@ 91612

最後變更在這個檔案從91612是 91612,由 vboxsync 提交於 3 年前
src/libs: Export libtpms-0.9.0, bugref:10078
檔案大小: 7.6 KB

行
1	/********************************************************************************/
2	/* */
3	/* */
4	/* Written by Ken Goldman */
5	/* IBM Thomas J. Watson Research Center */
6	/* $Id: NV_spt.c 1490 2019-07-26 21:13:22Z kgoldman $ */
7	/* */
8	/* Licenses and Notices */
9	/* */
10	/* 1. Copyright Licenses: */
11	/* */
12	/* - Trusted Computing Group (TCG) grants to the user of the source code in */
13	/* this specification (the "Source Code") a worldwide, irrevocable, */
14	/* nonexclusive, royalty free, copyright license to reproduce, create */
15	/* derivative works, distribute, display and perform the Source Code and */
16	/* derivative works thereof, and to grant others the rights granted herein. */
17	/* */
18	/* - The TCG grants to the user of the other parts of the specification */
19	/* (other than the Source Code) the rights to reproduce, distribute, */
20	/* display, and perform the specification solely for the purpose of */
21	/* developing products based on such documents. */
22	/* */
23	/* 2. Source Code Distribution Conditions: */
24	/* */
25	/* - Redistributions of Source Code must retain the above copyright licenses, */
26	/* this list of conditions and the following disclaimers. */
27	/* */
28	/* - Redistributions in binary form must reproduce the above copyright */
29	/* licenses, this list of conditions and the following disclaimers in the */
30	/* documentation and/or other materials provided with the distribution. */
31	/* */
32	/* 3. Disclaimers: */
33	/* */
34	/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
35	/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
36	/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
37	/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
38	/* Contact TCG Administration ([email protected]) for */
39	/* information on specification licensing rights available through TCG */
40	/* membership agreements. */
41	/* */
42	/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
43	/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
44	/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
45	/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
46	/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
47	/* */
48	/* - Without limitation, TCG and its members and licensors disclaim all */
49	/* liability, including liability for infringement of any proprietary */
50	/* rights, relating to use of information in this specification and to the */
51	/* implementation of this specification, and TCG disclaims all liability for */
52	/* cost of procurement of substitute goods or services, lost profits, loss */
53	/* of use, loss of data or any incidental, consequential, direct, indirect, */
54	/* or special damages, whether under contract, tort, warranty or otherwise, */
55	/* arising in any way out of use or reliance upon this specification or any */
56	/* information herein. */
57	/* */
58	/* (c) Copyright IBM Corp. and others, 2016, 2017 */
59	/* */
60	/********************************************************************************/
61
62	/* 7.5 NV Command Support (NV_spt.c) */
63	/* 7.5.1 Includes */
64	#include "Tpm.h"
65	#include "NV_spt_fp.h"
66	/* 7.5.2 Functions */
67	/* 7.5.2.1 NvReadAccessChecks() */
68	/* Common routine for validating a read Used by TPM2_NV_Read(), TPM2_NV_ReadLock() and
69	TPM2_PolicyNV() */
70	/* Error Returns Meaning */
71	/* TPM_RC_NV_AUTHORIZATION autHandle is not allowed to authorize read of the index */
72	/* TPM_RC_NV_LOCKED Read locked */
73	/* TPM_RC_NV_UNINITIALIZED Try to read an uninitialized index */
74	TPM_RC
75	NvReadAccessChecks(
76	TPM_HANDLE authHandle, // IN: the handle that provided the
77	// authorization
78	TPM_HANDLE nvHandle, // IN: the handle of the NV index to be read
79	TPMA_NV attributes // IN: the attributes of 'nvHandle'
80	)
81	{
82	// If data is read locked, returns an error
83	if(IS_ATTRIBUTE(attributes, TPMA_NV, READLOCKED))
84	return TPM_RC_NV_LOCKED;
85	// If the authorization was provided by the owner or platform, then check
86	// that the attributes allow the read. If the authorization handle
87	// is the same as the index, then the checks were made when the authorization
88	// was checked..
89	if(authHandle == TPM_RH_OWNER)
90	{
91	// If Owner provided authorization then ONWERWRITE must be SET
92	if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERREAD))
93	return TPM_RC_NV_AUTHORIZATION;
94	}
95	else if(authHandle == TPM_RH_PLATFORM)
96	{
97	// If Platform provided authorization then PPWRITE must be SET
98	if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPREAD))
99	return TPM_RC_NV_AUTHORIZATION;
100	}
101	// If neither Owner nor Platform provided authorization, make sure that it was
102	// provided by this index.
103	else if(authHandle != nvHandle)
104	return TPM_RC_NV_AUTHORIZATION;
105	// If the index has not been written, then the value cannot be read
106	// NOTE: This has to come after other access checks to make sure that
107	// the proper authorization is given to TPM2_NV_ReadLock()
108	if(!IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN))
109	return TPM_RC_NV_UNINITIALIZED;
110	return TPM_RC_SUCCESS;
111	}
112	/* 7.5.2.2 NvWriteAccessChecks() */
113	/* Common routine for validating a write Used by TPM2_NV_Write(), TPM2_NV_Increment(),
114	TPM2_SetBits(), and TPM2_NV_WriteLock() */
115	/* Error Returns Meaning */
116	/* TPM_RC_NV_AUTHORIZATION Authorization fails */
117	/* TPM_RC_NV_LOCKED Write locked */
118	TPM_RC
119	NvWriteAccessChecks(
120	TPM_HANDLE authHandle, // IN: the handle that provided the
121	// authorization
122	TPM_HANDLE nvHandle, // IN: the handle of the NV index to be written
123	TPMA_NV attributes // IN: the attributes of 'nvHandle'
124	)
125	{
126	// If data is write locked, returns an error
127	if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED))
128	return TPM_RC_NV_LOCKED;
129	// If the authorization was provided by the owner or platform, then check
130	// that the attributes allow the write. If the authorization handle
131	// is the same as the index, then the checks were made when the authorization
132	// was checked..
133	if(authHandle == TPM_RH_OWNER)
134	{
135	// If Owner provided authorization then ONWERWRITE must be SET
136	if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERWRITE))
137	return TPM_RC_NV_AUTHORIZATION;
138	}
139	else if(authHandle == TPM_RH_PLATFORM)
140	{
141	// If Platform provided authorization then PPWRITE must be SET
142	if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPWRITE))
143	return TPM_RC_NV_AUTHORIZATION;
144	}
145	// If neither Owner nor Platform provided authorization, make sure that it was
146	// provided by this index.
147	else if(authHandle != nvHandle)
148	return TPM_RC_NV_AUTHORIZATION;
149	return TPM_RC_SUCCESS;
150	}
151	/* 7.5.2.3 NvClearOrderly() */
152	/* This function is used to cause gp.orderlyState to be cleared to the non-orderly state. */
153	TPM_RC
154	NvClearOrderly(
155	void
156	)
157	{
158	if(gp.orderlyState < SU_DA_USED_VALUE)
159	RETURN_IF_NV_IS_NOT_AVAILABLE;
160	g_clearOrderly = TRUE;
161	return TPM_RC_SUCCESS;
162	}
163	/* 7.5.2.4 NvIsPinPassIndex() */
164	/* Function to check to see if an NV index is a PIN Pass Index */
165	/* Return Value Meaning */
166	/* TRUE is pin pass */
167	/* FALSE is not pin pass */
168	BOOL
169	NvIsPinPassIndex(
170	TPM_HANDLE index // IN: Handle to check
171	)
172	{
173	if(HandleGetType(index) == TPM_HT_NV_INDEX)
174	{
175	NV_INDEX *nvIndex = NvGetIndexInfo(index, NULL);
176	return IsNvPinPassIndex(nvIndex->publicArea.attributes);
177	}
178	return FALSE;
179	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/libtpms-0.9.0/src/tpm2/NV_spt.c@ 91612

以其他格式下載: