tpm2: update tpm2 test for supported commands

The test expects TPM2_CC_FIRST - 1 and TPM2_CC_LAST + 1 to be unsupported, but
those are not necessarily invalid commands. Instead test known-invalid
commands. Also add some more valid commands.

diff --git a/src/test/test-tpm2.c b/src/test/test-tpm2.c
index e2c700896a3724e5fd0456026986d4e639927ac1..7195bd613bc50988d1707b8a147a8331994c23bc 100644 (file)
--- a/src/test/test-tpm2.c
+++ b/src/test/test-tpm2.c
@@ -987,11 +987,18 @@ TEST(tpm_required_tests) {
         assert_se(tpm2_supports_alg(c, TPM2_ALG_AES));
         assert_se(tpm2_supports_alg(c, TPM2_ALG_CFB));
 
-        /* Test invalid commands */
-        assert_se(!tpm2_supports_command(c, TPM2_CC_FIRST - 1));
-        assert_se(!tpm2_supports_command(c, TPM2_CC_LAST + 1));
-
-        /* Test valid commands */
+        /* Test invalid commands. TPM specification Part 2 ("Structures") section "TPM_CC (Command Codes)"
+         * states bits 31:30 and 28:16 are reserved and must be 0. */
+        assert_se(!tpm2_supports_command(c, UINT32_C(0x80000000)));
+        assert_se(!tpm2_supports_command(c, UINT32_C(0x40000000)));
+        assert_se(!tpm2_supports_command(c, UINT32_C(0x00100000)));
+        assert_se(!tpm2_supports_command(c, UINT32_C(0x80000144)));
+        assert_se(!tpm2_supports_command(c, UINT32_C(0x40000144)));
+        assert_se(!tpm2_supports_command(c, UINT32_C(0x00100144)));
+
+        /* Test valid commands. We should be able to expect all TPMs support these. */
+        assert_se(tpm2_supports_command(c, TPM2_CC_Startup));
+        assert_se(tpm2_supports_command(c, TPM2_CC_StartAuthSession));
         assert_se(tpm2_supports_command(c, TPM2_CC_Create));
         assert_se(tpm2_supports_command(c, TPM2_CC_CreatePrimary));
         assert_se(tpm2_supports_command(c, TPM2_CC_Unseal));