tpm2_protocol/message/
enhanced_authorization.rs

1// SPDX-License-Identifier: MIT OR Apache-2.0 Copyright (c) 2025 Opinsys Oy
2// Copyright (c) 2024-2025 Jarkko Sakkinen
3
4//! 23 Enhanced Authorization (EA) Commands
5//!
6//! 23.3 `TPM2_PolicySigned`
7//! 23.4 `TPM2_PolicySecret`
8//! 23.5 `TPM2_PolicyTicket`
9//! 23.6 `TPM2_PolicyOR`
10//! 23.7 `TPM2_PolicyPCR`
11//! 23.8 `TPM2_PolicyLocality`
12//! 23.9 `TPM2_PolicyNV`
13//! 23.10 `TPM2_PolicyCounterTimer`
14//! 23.11 `TPM2_PolicyCommandCode`
15//! 23.12 `TPM2_PolicyPhysicalPresence`
16//! 23.13 `TPM2_PolicyCpHash`
17//! 23.14 `TPM2_PolicyNameHash`
18//! 23.15 `TPM2_PolicyDuplicationSelect`
19//! 23.16 `TPM2_PolicyAuthorize`
20//! 23.17 `TPM2_PolicyAuthValue`
21//! 23.18 `TPM2_PolicyPassword`
22//! 23.19 `TPM2_PolicyGetDigest`
23//! 23.20 `TPM2_PolicyNvWritten`
24//! 23.21 `TPM2_PolicyTemplate`
25//! 23.22 `TPM2_PolicyAuthorizeNV`
26//! 23.23 `TPM2_PolicyCapability`
27//! 23.24 `TPM2_PolicyParameters`
28//! 23.25 `TPM2_PolicyTransportSPDM`
29
30use crate::{
31    data::{
32        Tpm2bDigest, Tpm2bMaxBuffer, Tpm2bName, Tpm2bNonce, Tpm2bTimeout, TpmCap, TpmCc, TpmEo,
33        TpmaLocality, TpmiYesNo, TpmlDigest, TpmlPcrSelection, TpmtSignature, TpmtTkAuth,
34        TpmtTkVerified,
35    },
36    tpm_struct,
37};
38use core::fmt::Debug;
39
40tpm_struct! (
41    #[derive(Debug, PartialEq, Eq, Clone)]
42    kind: Command,
43    name: TpmPolicySignedCommand,
44    cc: TpmCc::PolicySigned,
45    handles: {
46        pub auth_object: crate::data::TpmiDhObject,
47        pub policy_session: crate::data::TpmiShAuthSession,
48    },
49    parameters: {
50        pub nonce_tpm: Tpm2bNonce,
51        pub cp_hash_a: Tpm2bDigest,
52        pub policy_ref: Tpm2bNonce,
53        pub expiration: i32,
54        pub auth: TpmtSignature,
55    }
56);
57
58tpm_struct! (
59    #[derive(Debug, PartialEq, Eq, Clone)]
60    kind: Response,
61    name: TpmPolicySignedResponse,
62    cc: TpmCc::PolicySigned,
63    handles: {},
64    parameters: {
65        pub timeout: Tpm2bTimeout,
66        pub policy_ticket: TpmtTkAuth,
67    }
68);
69
70tpm_struct! (
71    #[derive(Debug, Default, PartialEq, Eq, Clone)]
72    kind: Command,
73    name: TpmPolicySecretCommand,
74    cc: TpmCc::PolicySecret,
75    handles: {
76        pub auth_handle: crate::data::TpmiDhObject,
77        pub policy_session: crate::data::TpmiShAuthSession,
78    },
79    parameters: {
80        pub nonce_tpm: Tpm2bNonce,
81        pub cp_hash_a: Tpm2bDigest,
82        pub policy_ref: Tpm2bNonce,
83        pub expiration: i32,
84    }
85);
86
87tpm_struct! (
88    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
89    kind: Response,
90    name: TpmPolicySecretResponse,
91    cc: TpmCc::PolicySecret,
92    handles: {},
93    parameters: {}
94);
95
96tpm_struct! (
97    #[derive(Debug, PartialEq, Eq, Clone)]
98    kind: Command,
99    name: TpmPolicyTicketCommand,
100    cc: TpmCc::PolicyTicket,
101    handles: {
102        pub policy_session: crate::data::TpmiShAuthSession,
103    },
104    parameters: {
105        pub timeout: Tpm2bTimeout,
106        pub cp_hash_a: Tpm2bDigest,
107        pub policy_ref: Tpm2bNonce,
108        pub auth_name: Tpm2bName,
109        pub ticket: TpmtTkAuth,
110    }
111);
112
113tpm_struct! (
114    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
115    kind: Response,
116    name: TpmPolicyTicketResponse,
117    cc: TpmCc::PolicyTicket,
118    handles: {},
119    parameters: {}
120);
121
122tpm_struct! (
123    #[derive(Debug, Default, PartialEq, Eq, Clone)]
124    kind: Command,
125    name: TpmPolicyOrCommand,
126    cc: TpmCc::PolicyOR,
127    handles: {
128        pub policy_session: crate::data::TpmiShAuthSession,
129    },
130    parameters: {
131        pub p_hash_list: TpmlDigest,
132    }
133);
134
135tpm_struct! (
136    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
137    kind: Response,
138    name: TpmPolicyOrResponse,
139    cc: TpmCc::PolicyOR,
140    handles: {},
141    parameters: {}
142);
143
144tpm_struct! (
145    #[derive(Debug, Default, PartialEq, Eq, Clone)]
146    kind: Command,
147    name: TpmPolicyPcrCommand,
148    cc: TpmCc::PolicyPcr,
149    handles: {
150        pub policy_session: crate::data::TpmiShAuthSession,
151    },
152    parameters: {
153        pub pcr_digest: Tpm2bDigest,
154        pub pcrs: TpmlPcrSelection,
155    }
156);
157
158tpm_struct! (
159    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
160    kind: Response,
161    name: TpmPolicyPcrResponse,
162    cc: TpmCc::PolicyPcr,
163    handles: {},
164    parameters: {}
165);
166
167tpm_struct! (
168    #[derive(Debug, PartialEq, Eq, Copy, Clone)]
169    kind: Command,
170    name: TpmPolicyLocalityCommand,
171    cc: TpmCc::PolicyLocality,
172    handles: {
173        pub policy_session: crate::data::TpmiShAuthSession,
174    },
175    parameters: {
176        pub locality: TpmaLocality,
177    }
178);
179
180tpm_struct! (
181    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
182    kind: Response,
183    name: TpmPolicyLocalityResponse,
184    cc: TpmCc::PolicyLocality,
185    handles: {},
186    parameters: {}
187);
188
189tpm_struct! {
190    #[derive(Debug, PartialEq, Eq, Clone)]
191    kind: Command,
192    name: TpmPolicyNvCommand,
193    cc: TpmCc::PolicyNv,
194    handles: {
195        pub auth_handle: crate::data::TpmiDhObject,
196        pub nv_index: u32,
197        pub policy_session: crate::data::TpmiShAuthSession,
198    },
199    parameters: {
200        pub operand_b: Tpm2bMaxBuffer,
201        pub offset: u16,
202        pub operation: TpmEo,
203    }
204}
205
206tpm_struct! {
207    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
208    kind: Response,
209    name: TpmPolicyNvResponse,
210    cc: TpmCc::PolicyNv,
211    handles: {},
212    parameters: {}
213}
214
215tpm_struct! {
216    #[derive(Debug, PartialEq, Eq, Clone)]
217    kind: Command,
218    name: TpmPolicyCounterTimerCommand,
219    cc: TpmCc::PolicyCounterTimer,
220    handles: {
221        pub policy_session: crate::data::TpmiShAuthSession,
222    },
223    parameters: {
224        pub operand_b: Tpm2bMaxBuffer,
225        pub offset: u16,
226        pub operation: TpmEo,
227    }
228}
229
230tpm_struct! {
231    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
232    kind: Response,
233    name: TpmPolicyCounterTimerResponse,
234    cc: TpmCc::PolicyCounterTimer,
235    handles: {},
236    parameters: {}
237}
238
239tpm_struct! {
240    #[derive(Debug, PartialEq, Eq, Clone, Copy)]
241    kind: Command,
242    name: TpmPolicyCommandCodeCommand,
243    cc: TpmCc::PolicyCommandCode,
244    handles: {
245        pub policy_session: crate::data::TpmiShAuthSession,
246    },
247    parameters: {
248        pub code: TpmCc,
249    }
250}
251
252tpm_struct! {
253    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
254    kind: Response,
255    name: TpmPolicyCommandCodeResponse,
256    cc: TpmCc::PolicyCommandCode,
257    handles: {},
258    parameters: {}
259}
260
261tpm_struct! {
262    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
263    kind: Command,
264    name: TpmPolicyPhysicalPresenceCommand,
265    cc: TpmCc::PolicyPhysicalPresence,
266    handles: {
267        pub policy_session: crate::data::TpmiShAuthSession,
268    },
269    parameters: {}
270}
271
272tpm_struct! {
273    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
274    kind: Response,
275    name: TpmPolicyPhysicalPresenceResponse,
276    cc: TpmCc::PolicyPhysicalPresence,
277    handles: {},
278    parameters: {}
279}
280
281tpm_struct! (
282    #[derive(Debug, PartialEq, Eq, Clone)]
283    kind: Command,
284    name: TpmPolicyCpHashCommand,
285    cc: TpmCc::PolicyCpHash,
286    handles: {
287        pub policy_session: crate::data::TpmiShAuthSession,
288    },
289    parameters: {
290        pub cp_hash_a: Tpm2bDigest,
291    }
292);
293
294tpm_struct! (
295    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
296    kind: Response,
297    name: TpmPolicyCpHashResponse,
298    cc: TpmCc::PolicyCpHash,
299    handles: {},
300    parameters: {}
301);
302
303tpm_struct! {
304    #[derive(Debug, PartialEq, Eq, Clone)]
305    kind: Command,
306    name: TpmPolicyNameHashCommand,
307    cc: TpmCc::PolicyNameHash,
308    handles: {
309        pub policy_session: crate::data::TpmiShAuthSession,
310    },
311    parameters: {
312        pub name_hash: Tpm2bDigest,
313    }
314}
315
316tpm_struct! {
317    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
318    kind: Response,
319    name: TpmPolicyNameHashResponse,
320    cc: TpmCc::PolicyNameHash,
321    handles: {},
322    parameters: {}
323}
324
325tpm_struct! {
326    #[derive(Debug, PartialEq, Eq, Clone)]
327    kind: Command,
328    name: TpmPolicyDuplicationSelectCommand,
329    cc: TpmCc::PolicyDuplicationSelect,
330    handles: {
331        pub policy_session: crate::data::TpmiShAuthSession,
332    },
333    parameters: {
334        pub object_name: Tpm2bName,
335        pub new_parent_name: Tpm2bName,
336        pub include_object: TpmiYesNo,
337    }
338}
339
340tpm_struct! {
341    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
342    kind: Response,
343    name: TpmPolicyDuplicationSelectResponse,
344    cc: TpmCc::PolicyDuplicationSelect,
345    handles: {},
346    parameters: {}
347}
348
349tpm_struct! {
350    #[derive(Debug, PartialEq, Eq, Clone)]
351    kind: Command,
352    name: TpmPolicyAuthorizeCommand,
353    cc: TpmCc::PolicyAuthorize,
354    handles: {
355        pub policy_session: crate::data::TpmiShAuthSession,
356    },
357    parameters: {
358        pub approved_policy: Tpm2bDigest,
359        pub policy_ref: Tpm2bNonce,
360        pub key_sign: Tpm2bName,
361        pub check_ticket: TpmtTkVerified,
362    }
363}
364
365tpm_struct! {
366    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
367    kind: Response,
368    name: TpmPolicyAuthorizeResponse,
369    cc: TpmCc::PolicyAuthorize,
370    handles: {},
371    parameters: {}
372}
373
374tpm_struct! {
375    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
376    kind: Command,
377    name: TpmPolicyAuthValueCommand,
378    cc: TpmCc::PolicyAuthValue,
379    handles: {
380        pub policy_session: crate::data::TpmiShAuthSession,
381    },
382    parameters: {}
383}
384
385tpm_struct! {
386    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
387    kind: Response,
388    name: TpmPolicyAuthValueResponse,
389    cc: TpmCc::PolicyAuthValue,
390    handles: {},
391    parameters: {}
392}
393
394tpm_struct! {
395    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
396    kind: Command,
397    name: TpmPolicyPasswordCommand,
398    cc: TpmCc::PolicyPassword,
399    handles: {
400        pub policy_session: crate::data::TpmiShAuthSession,
401    },
402    parameters: {}
403}
404
405tpm_struct! {
406    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
407    kind: Response,
408    name: TpmPolicyPasswordResponse,
409    cc: TpmCc::PolicyPassword,
410    handles: {},
411    parameters: {}
412}
413
414tpm_struct! {
415    #[derive(Debug, Default, PartialEq, Eq, Clone)]
416    kind: Response,
417    name: TpmPolicyGetDigestResponse,
418    cc: TpmCc::PolicyGetDigest,
419    handles: {},
420    parameters: {
421        pub policy_digest: Tpm2bDigest,
422    }
423}
424
425tpm_struct! {
426    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
427    kind: Command,
428    name: TpmPolicyGetDigestCommand,
429    cc: TpmCc::PolicyGetDigest,
430    handles: {
431        pub policy_session: crate::data::TpmiShAuthSession,
432    },
433    parameters: {}
434}
435
436tpm_struct! {
437    #[derive(Debug, PartialEq, Eq, Copy, Clone)]
438    kind: Command,
439    name: TpmPolicyNvWrittenCommand,
440    cc: TpmCc::PolicyNvWritten,
441    handles: {
442        pub policy_session: crate::data::TpmiShAuthSession,
443    },
444    parameters: {
445        pub written_set: TpmiYesNo,
446    }
447}
448
449tpm_struct! {
450    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
451    kind: Response,
452    name: TpmPolicyNvWrittenResponse,
453    cc: TpmCc::PolicyNvWritten,
454    handles: {},
455    parameters: {}
456}
457
458tpm_struct! {
459    #[derive(Debug, PartialEq, Eq, Clone)]
460    kind: Command,
461    name: TpmPolicyTemplateCommand,
462    cc: TpmCc::PolicyTemplate,
463    handles: {
464        pub policy_session: crate::data::TpmiShAuthSession,
465    },
466    parameters: {
467        pub template_hash: Tpm2bDigest,
468    }
469}
470
471tpm_struct! {
472    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
473    kind: Response,
474    name: TpmPolicyTemplateResponse,
475    cc: TpmCc::PolicyTemplate,
476    handles: {},
477    parameters: {}
478}
479
480tpm_struct! {
481    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
482    kind: Command,
483    name: TpmPolicyAuthorizeNvCommand,
484    cc: TpmCc::PolicyAuthorizeNv,
485    handles: {
486        pub auth_handle: crate::data::TpmiDhObject,
487        pub nv_index: u32,
488        pub policy_session: crate::data::TpmiShAuthSession,
489    },
490    parameters: {}
491}
492
493tpm_struct! {
494    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
495    kind: Response,
496    name: TpmPolicyAuthorizeNvResponse,
497    cc: TpmCc::PolicyAuthorizeNv,
498    handles: {},
499    parameters: {}
500}
501
502tpm_struct! {
503    #[derive(Debug, PartialEq, Eq, Clone)]
504    kind: Command,
505    name: TpmPolicyCapabilityCommand,
506    cc: TpmCc::PolicyCapability,
507    handles: {
508        pub policy_session: crate::data::TpmiShAuthSession,
509    },
510    parameters: {
511        pub capability: TpmCap,
512        pub property: u32,
513        pub op: TpmEo,
514        pub operand_b: Tpm2bMaxBuffer,
515    }
516}
517
518tpm_struct! {
519    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
520    kind: Response,
521    name: TpmPolicyCapabilityResponse,
522    cc: TpmCc::PolicyCapability,
523    handles: {},
524    parameters: {}
525}
526
527tpm_struct! {
528    #[derive(Debug, PartialEq, Eq, Clone)]
529    kind: Command,
530    name: TpmPolicyParametersCommand,
531    cc: TpmCc::PolicyParameters,
532    handles: {
533        pub policy_session: crate::data::TpmiShAuthSession,
534    },
535    parameters: {
536        pub p_hash: Tpm2bDigest,
537    }
538}
539
540tpm_struct! {
541    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
542    kind: Response,
543    name: TpmPolicyParametersResponse,
544    cc: TpmCc::PolicyParameters,
545    handles: {},
546    parameters: {}
547}
548
549tpm_struct! {
550    #[derive(Debug, PartialEq, Eq, Clone)]
551    kind: Command,
552    name: TpmPolicyTransportSpdmCommand,
553    cc: TpmCc::PolicyTransportSpdm,
554    handles: {
555        pub policy_session: crate::data::TpmiShAuthSession,
556    },
557    parameters: {
558        pub req_key_name: Tpm2bName,
559        pub tpm_key_name: Tpm2bName,
560    }
561}
562
563tpm_struct! {
564    #[derive(Debug, Default, PartialEq, Eq, Copy, Clone)]
565    kind: Response,
566    name: TpmPolicyTransportSpdmResponse,
567    cc: TpmCc::PolicyTransportSpdm,
568    handles: {},
569    parameters: {}
570}
tpm2_protocol/message/enhanced_authorization.rs

tpm2_protocol/message/
enhanced_authorization.rs
