Struct PluginParameters 

pub struct PluginParameters<'a, 'b> {
    pub cmd: u32,
    pub sub_cmd: u32,
    /* private fields */
}

Parameters for a plugin invocation, carrying the command, sub-command, and the inout buffer.

The core design goal of this struct is to prevent developers from forgetting to set out_len. In the C ABI, out_len is a raw pointer that the plugin must write to in order to report how many bytes it actually produced. Forgetting to set it is a silent bug — the TA caller receives garbage (uninitialized or stale) length, leading to buffer over-reads or truncated output that is extremely hard to diagnose.

To eliminate this class of bugs, PluginParameters ties out_len to every output-writing operation: write_output_at and set_buf_from_slice, both automatically update out_len on success, so the plugin developers never has to do it manually. If plugin developers need full control, they can use get_buffer_mut and set_out_len explicitly.

Fields

cmd: u32

Command identifier for the plugin invocation.

sub_cmd: u32

Sub-command identifier for the plugin invocation.

Implementations

impl<'a, 'b> PluginParameters<'a, 'b>

pub unsafe fn from_raw( cmd: u32, sub_cmd: u32, buf: *mut c_void, in_len: size_t, out_len: *mut size_t, ) -> Result<Self>

Constructs a PluginParameters from raw C pointers.

Safety

• buf must be valid for reads/writes of in_len bytes if not null
• out_len must be valid for writes if not null
• both pointers must remain alive for the lifetime of the returned PluginParameters

When out_len is non-null, it will be tracked by the returned struct so that output-writing methods can update it automatically — this is the key mechanism that prevents the “forgot to set out_len” bug.

pub fn set_buf_from_slice(&mut self, sendslice: &[u8]) -> Result<()>

Copies the entire sendslice into the inout buffer starting at offset 0, and automatically sets out_len to sendslice.len().

This is the primary safe way to write output — callers do not need to update out_len separately.

Returns ShortBuffer if the buffer is too small, or BadState if the output length pointer is not available.

pub fn write_output_at(&mut self, pos: usize, data: &[u8]) -> Result<()>

Writes data into the inout buffer at the given pos, and automatically updates out_len to pos + data.len().

By always updating out_len on a successful write, this method eliminates the risk of the developer forgetting to set it.

Returns ShortBuffer if the buffer is too small, or BadState if the output length pointer is not available.

pub fn get_buffer(&self) -> &[u8]

Returns a shared reference to the inout buffer.

pub unsafe fn get_buffer_mut(&mut self) -> &mut [u8]

Returns a mutable reference to the inout buffer.

Safety

The caller is responsible for updating out_len (via [set_out_len]) after writing to the buffer.

pub fn set_out_len(&mut self, out_len: usize) -> Result<()>

Explicitly sets out_len to the given value.

This is an escape hatch for cases where the caller needs full control over the output length (e.g. after using get_buffer_mut). In most cases should prefer write_output_at or set_buf_from_slice, which set out_len automatically and avoid the “forgot to set out_len” bug.

Returns BadParameters if out_len exceeds the buffer size, or BadState if the output length pointer is not available.