tpm2_protocol/message/
mod.rs

1// SPDX-License-Identifier: MIT OR Apache-2.0
2// Copyright (c) 2025 Opinsys Oy
3// Copyright (c) 2024-2025 Jarkko Sakkinen
4
5use crate::{data, tpm_dispatch, TpmBuild, TpmList, TpmParse, TpmResult, TpmWriter};
6use core::fmt::Debug;
7
8mod asymmetric;
9mod attached;
10mod attestation;
11mod audit;
12mod build;
13mod capability;
14mod clocks_and_timers;
15mod context;
16mod dictionary_attack;
17mod duplication;
18mod enhanced_authorization;
19mod ephemeral;
20mod field_upgrade;
21mod hierarchy;
22mod integrity;
23mod miscellaneous_management;
24mod non_volatile;
25mod object;
26mod parse;
27mod random_number;
28mod sequence;
29mod session;
30mod signing;
31mod startup;
32mod symmetric;
33mod testing;
34mod vendor;
35
36pub use self::{
37    asymmetric::*, attached::*, attestation::*, audit::*, build::*, capability::*,
38    clocks_and_timers::*, context::*, dictionary_attack::*, duplication::*,
39    enhanced_authorization::*, ephemeral::*, field_upgrade::*, hierarchy::*, integrity::*,
40    miscellaneous_management::*, non_volatile::*, object::*, parse::*, random_number::*,
41    sequence::*, session::*, signing::*, startup::*, symmetric::*, testing::*, vendor::*,
42};
43
44/// The maximum number of handles a command can have.
45pub const MAX_HANDLES: usize = 8;
46/// The maximum number of sessions a command can have.
47pub const MAX_SESSIONS: usize = 8;
48/// A fixed-capacity list for TPM handles.
49pub type TpmHandles = TpmList<u32, MAX_HANDLES>;
50/// A fixed-capacity list for command authorization sessions.
51pub type TpmAuthCommands = TpmList<data::TpmsAuthCommand, MAX_SESSIONS>;
52/// A fixed-capacity list for response authorization sessions.
53pub type TpmAuthResponses = TpmList<data::TpmsAuthResponse, MAX_SESSIONS>;
54/// A trait for TPM commands and responses that provides header information.
55pub trait TpmHeader: TpmBuild + TpmParse + Debug {
56    const COMMAND: data::TpmCc;
57    const NO_SESSIONS: bool;
58    const WITH_SESSIONS: bool;
59    const HANDLES: usize;
60}
61
62/// A trait for building command bodies in separate handle and parameter sections.
63pub trait TpmHeaderCommand: TpmHeader {
64    /// Builds the handle area of the command.
65    ///
66    /// # Errors
67    ///
68    /// * `TpmErrorKind::Boundary` if the writer runs out of space.
69    fn build_handles(&self, writer: &mut TpmWriter) -> TpmResult<()>;
70
71    /// Builds the parameter area of the command.
72    ///
73    /// # Errors
74    ///
75    /// * `TpmErrorKind::ValueTooLarge` if the object contains a value that cannot be built.
76    /// * `TpmErrorKind::Boundary` if the writer runs out of space.
77    fn build_parameters(&self, writer: &mut TpmWriter) -> TpmResult<()>;
78}
79
80pub const TPM_HEADER_SIZE: usize = 10;
81
82tpm_dispatch! {
83    (TpmNvUndefineSpaceSpecialCommand, TpmNvUndefineSpaceSpecialResponse, NvUndefineSpaceSpecial),
84    (TpmEvictControlCommand, TpmEvictControlResponse, EvictControl),
85    (TpmHierarchyControlCommand, TpmHierarchyControlResponse, HierarchyControl),
86    (TpmNvUndefineSpaceCommand, TpmNvUndefineSpaceResponse, NvUndefineSpace),
87    (TpmChangeEpsCommand, TpmChangeEpsResponse, ChangeEps),
88    (TpmChangePpsCommand, TpmChangePpsResponse, ChangePps),
89    (TpmClearCommand, TpmClearResponse, Clear),
90    (TpmClearControlCommand, TpmClearControlResponse, ClearControl),
91    (TpmClockSetCommand, TpmClockSetResponse, ClockSet),
92    (TpmHierarchyChangeAuthCommand, TpmHierarchyChangeAuthResponse, HierarchyChangeAuth),
93    (TpmNvDefineSpaceCommand, TpmNvDefineSpaceResponse, NvDefineSpace),
94    (TpmPcrAllocateCommand, TpmPcrAllocateResponse, PcrAllocate),
95    (TpmPcrSetAuthPolicyCommand, TpmPcrSetAuthPolicyResponse, PcrSetAuthPolicy),
96    (TpmPpCommandsCommand, TpmPpCommandsResponse, PpCommands),
97    (TpmSetPrimaryPolicyCommand, TpmSetPrimaryPolicyResponse, SetPrimaryPolicy),
98    (TpmFieldUpgradeStartCommand, TpmFieldUpgradeStartResponse, FieldUpgradeStart),
99    (TpmClockRateAdjustCommand, TpmClockRateAdjustResponse, ClockRateAdjust),
100    (TpmCreatePrimaryCommand, TpmCreatePrimaryResponse, CreatePrimary),
101    (TpmNvGlobalWriteLockCommand, TpmNvGlobalWriteLockResponse, NvGlobalWriteLock),
102    (TpmGetCommandAuditDigestCommand, TpmGetCommandAuditDigestResponse, GetCommandAuditDigest),
103    (TpmNvIncrementCommand, TpmNvIncrementResponse, NvIncrement),
104    (TpmNvSetBitsCommand, TpmNvSetBitsResponse, NvSetBits),
105    (TpmNvExtendCommand, TpmNvExtendResponse, NvExtend),
106    (TpmNvWriteCommand, TpmNvWriteResponse, NvWrite),
107    (TpmNvWriteLockCommand, TpmNvWriteLockResponse, NvWriteLock),
108    (TpmDictionaryAttackLockResetCommand, TpmDictionaryAttackLockResetResponse, DictionaryAttackLockReset),
109    (TpmDictionaryAttackParametersCommand, TpmDictionaryAttackParametersResponse, DictionaryAttackParameters),
110    (TpmNvChangeAuthCommand, TpmNvChangeAuthResponse, NvChangeAuth),
111    (TpmPcrEventCommand, TpmPcrEventResponse, PcrEvent),
112    (TpmPcrResetCommand, TpmPcrResetResponse, PcrReset),
113    (TpmSequenceCompleteCommand, TpmSequenceCompleteResponse, SequenceComplete),
114    (TpmSetAlgorithmSetCommand, TpmSetAlgorithmSetResponse, SetAlgorithmSet),
115    (TpmSetCommandCodeAuditStatusCommand, TpmSetCommandCodeAuditStatusResponse, SetCommandCodeAuditStatus),
116    (TpmFieldUpgradeDataCommand, TpmFieldUpgradeDataResponse, FieldUpgradeData),
117    (TpmIncrementalSelfTestCommand, TpmIncrementalSelfTestResponse, IncrementalSelfTest),
118    (TpmSelfTestCommand, TpmSelfTestResponse, SelfTest),
119    (TpmStartupCommand, TpmStartupResponse, Startup),
120    (TpmShutdownCommand, TpmShutdownResponse, Shutdown),
121    (TpmStirRandomCommand, TpmStirRandomResponse, StirRandom),
122    (TpmActivateCredentialCommand, TpmActivateCredentialResponse, ActivateCredential),
123    (TpmCertifyCommand, TpmCertifyResponse, Certify),
124    (TpmPolicyNvCommand, TpmPolicyNvResponse, PolicyNv),
125    (TpmCertifyCreationCommand, TpmCertifyCreationResponse, CertifyCreation),
126    (TpmDuplicateCommand, TpmDuplicateResponse, Duplicate),
127    (TpmGetTimeCommand, TpmGetTimeResponse, GetTime),
128    (TpmGetSessionAuditDigestCommand, TpmGetSessionAuditDigestResponse, GetSessionAuditDigest),
129    (TpmNvReadCommand, TpmNvReadResponse, NvRead),
130    (TpmNvReadLockCommand, TpmNvReadLockResponse, NvReadLock),
131    (TpmObjectChangeAuthCommand, TpmObjectChangeAuthResponse, ObjectChangeAuth),
132    (TpmPolicySecretCommand, TpmPolicySecretResponse, PolicySecret),
133    (TpmRewrapCommand, TpmRewrapResponse, Rewrap),
134    (TpmCreateCommand, TpmCreateResponse, Create),
135    (TpmEcdhZGenCommand, TpmEcdhZGenResponse, EcdhZGen),
136    (TpmHmacCommand, TpmHmacResponse, Hmac),
137    (TpmImportCommand, TpmImportResponse, Import),
138    (TpmLoadCommand, TpmLoadResponse, Load),
139    (TpmQuoteCommand, TpmQuoteResponse, Quote),
140    (TpmRsaDecryptCommand, TpmRsaDecryptResponse, RsaDecrypt),
141    (TpmHmacStartCommand, TpmHmacStartResponse, HmacStart),
142    (TpmSequenceUpdateCommand, TpmSequenceUpdateResponse, SequenceUpdate),
143    (TpmSignCommand, TpmSignResponse, Sign),
144    (TpmUnsealCommand, TpmUnsealResponse, Unseal),
145    (TpmPolicySignedCommand, TpmPolicySignedResponse, PolicySigned),
146    (TpmContextLoadCommand, TpmContextLoadResponse, ContextLoad),
147    (TpmContextSaveCommand, TpmContextSaveResponse, ContextSave),
148    (TpmEcdhKeyGenCommand, TpmEcdhKeyGenResponse, EcdhKeyGen),
149    (TpmEncryptDecryptCommand, TpmEncryptDecryptResponse, EncryptDecrypt),
150    (TpmFlushContextCommand, TpmFlushContextResponse, FlushContext),
151    (TpmLoadExternalCommand, TpmLoadExternalResponse, LoadExternal),
152    (TpmMakeCredentialCommand, TpmMakeCredentialResponse, MakeCredential),
153    (TpmNvReadPublicCommand, TpmNvReadPublicResponse, NvReadPublic),
154    (TpmPolicyAuthorizeCommand, TpmPolicyAuthorizeResponse, PolicyAuthorize),
155    (TpmPolicyAuthValueCommand, TpmPolicyAuthValueResponse, PolicyAuthValue),
156    (TpmPolicyCommandCodeCommand, TpmPolicyCommandCodeResponse, PolicyCommandCode),
157    (TpmPolicyCounterTimerCommand, TpmPolicyCounterTimerResponse, PolicyCounterTimer),
158    (TpmPolicyCpHashCommand, TpmPolicyCpHashResponse, PolicyCpHash),
159    (TpmPolicyLocalityCommand, TpmPolicyLocalityResponse, PolicyLocality),
160    (TpmPolicyNameHashCommand, TpmPolicyNameHashResponse, PolicyNameHash),
161    (TpmPolicyOrCommand, TpmPolicyOrResponse, PolicyOr),
162    (TpmPolicyTicketCommand, TpmPolicyTicketResponse, PolicyTicket),
163    (TpmReadPublicCommand, TpmReadPublicResponse, ReadPublic),
164    (TpmRsaEncryptCommand, TpmRsaEncryptResponse, RsaEncrypt),
165    (TpmStartAuthSessionCommand, TpmStartAuthSessionResponse, StartAuthSession),
166    (TpmVerifySignatureCommand, TpmVerifySignatureResponse, VerifySignature),
167    (TpmEccParametersCommand, TpmEccParametersResponse, EccParameters),
168    (TpmFirmwareReadCommand, TpmFirmwareReadResponse, FirmwareRead),
169    (TpmGetCapabilityCommand, TpmGetCapabilityResponse, GetCapability),
170    (TpmGetRandomCommand, TpmGetRandomResponse, GetRandom),
171    (TpmGetTestResultCommand, TpmGetTestResultResponse, GetTestResult),
172    (TpmHashCommand, TpmHashResponse, Hash),
173    (TpmPcrReadCommand, TpmPcrReadResponse, PcrRead),
174    (TpmPolicyPcrCommand, TpmPolicyPcrResponse, PolicyPcr),
175    (TpmPolicyRestartCommand, TpmPolicyRestartResponse, PolicyRestart),
176    (TpmReadClockCommand, TpmReadClockResponse, ReadClock),
177    (TpmPcrExtendCommand, TpmPcrExtendResponse, PcrExtend),
178    (TpmPcrSetAuthValueCommand, TpmPcrSetAuthValueResponse, PcrSetAuthValue),
179    (TpmNvCertifyCommand, TpmNvCertifyResponse, NvCertify),
180    (TpmEventSequenceCompleteCommand, TpmEventSequenceCompleteResponse, EventSequenceComplete),
181    (TpmHashSequenceStartCommand, TpmHashSequenceStartResponse, HashSequenceStart),
182    (TpmPolicyPhysicalPresenceCommand, TpmPolicyPhysicalPresenceResponse, PolicyPhysicalPresence),
183    (TpmPolicyDuplicationSelectCommand, TpmPolicyDuplicationSelectResponse, PolicyDuplicationSelect),
184    (TpmPolicyGetDigestCommand, TpmPolicyGetDigestResponse, PolicyGetDigest),
185    (TpmTestParmsCommand, TpmTestParmsResponse, TestParms),
186    (TpmCommitCommand, TpmCommitResponse, Commit),
187    (TpmPolicyPasswordCommand, TpmPolicyPasswordResponse, PolicyPassword),
188    (TpmZGen2PhaseCommand, TpmZGen2PhaseResponse, ZGen2Phase),
189    (TpmEcEphemeralCommand, TpmEcEphemeralResponse, EcEphemeral),
190    (TpmPolicyNvWrittenCommand, TpmPolicyNvWrittenResponse, PolicyNvWritten),
191    (TpmPolicyTemplateCommand, TpmPolicyTemplateResponse, PolicyTemplate),
192    (TpmCreateLoadedCommand, TpmCreateLoadedResponse, CreateLoaded),
193    (TpmPolicyAuthorizeNvCommand, TpmPolicyAuthorizeNvResponse, PolicyAuthorizeNv),
194    (TpmEncryptDecrypt2Command, TpmEncryptDecrypt2Response, EncryptDecrypt2),
195    (TpmAcGetCapabilityCommand, TpmAcGetCapabilityResponse, AcGetCapability),
196    (TpmAcSendCommand, TpmAcSendResponse, AcSend),
197    (TpmPolicyAcSendSelectCommand, TpmPolicyAcSendSelectResponse, PolicyAcSendSelect),
198    (TpmActSetTimeoutCommand, TpmActSetTimeoutResponse, ActSetTimeout),
199    (TpmPolicyCapabilityCommand, TpmPolicyCapabilityResponse, PolicyCapability),
200    (TpmPolicyParametersCommand, TpmPolicyParametersResponse, PolicyParameters),
201    (TpmNvDefineSpace2Command, TpmNvDefineSpace2Response, NvDefineSpace2),
202    (TpmNvReadPublic2Command, TpmNvReadPublic2Response, NvReadPublic2),
203    (TpmReadOnlyControlCommand, TpmReadOnlyControlResponse, ReadOnlyControl),
204    (TpmPolicyTransportSpdmCommand, TpmPolicyTransportSpdmResponse, PolicyTransportSpdm),
205    (TpmVendorTcgTestCommand, TpmVendorTcgTestResponse, VendorTcgTest),
206}