tpm2_protocol/frame/
mod.rs

1// SPDX-License-Identifier: MIT OR Apache-2.0
2// Copyright (c) 2025 Opinsys Oy
3// Copyright (c) 2024-2025 Jarkko Sakkinen
4
5use crate::{basic::TpmList, tpm_dispatch, TpmMarshal, TpmResult, TpmSized, TpmWriter};
6use core::fmt::Debug;
7
8mod data;
9mod marshal;
10mod unmarshal;
11
12pub use self::{data::*, marshal::*, unmarshal::*};
13
14use crate::constant::{MAX_HANDLES, MAX_SESSIONS};
15
16/// A fixed-capacity list for TPM handles.
17pub type TpmHandles = TpmList<crate::TpmHandle, MAX_HANDLES>;
18
19/// A fixed-capacity list for command authorization sessions.
20pub type TpmAuthCommands = TpmList<crate::data::TpmsAuthCommand, MAX_SESSIONS>;
21
22/// A fixed-capacity list for response authorization sessions.
23pub type TpmAuthResponses = TpmList<crate::data::TpmsAuthResponse, MAX_SESSIONS>;
24
25/// A trait for TPM commands and responses that provides static header information.
26pub trait TpmHeader {
27    /// The Command Code (CC) for the command or response.
28    const CC: crate::data::TpmCc;
29    /// The number of handles in the handle area.
30    const HANDLES: usize;
31}
32
33/// A trait for TPM commands and responses that provides dynamic frame information.
34pub trait TpmFrame: TpmMarshal + TpmMarshalBody + Debug {
35    /// Returns the Command Code (CC) for the command or response.
36    fn cc(&self) -> crate::data::TpmCc;
37    /// Returns the number of handles in the handle area.
38    fn handles(&self) -> usize;
39}
40
41/// A trait for marshaling command/response bodies in separate handle and parameter sections.
42pub trait TpmMarshalBody: TpmSized {
43    /// Marshals the handle area.
44    ///
45    /// # Errors
46    ///
47    /// Returns `Err(TpmProtocolError)` on a marshal failure.
48    fn marshal_handles(&self, writer: &mut TpmWriter) -> TpmResult<()>;
49
50    /// Marshals the parameter area.
51    ///
52    /// # Errors
53    ///
54    /// Returns `Err(TpmProtocolError)` on a marshal failure.
55    fn marshal_parameters(&self, writer: &mut TpmWriter) -> TpmResult<()>;
56}
57
58/// Unmarshals a command body from the slices point out to the handle area and
59/// parameter area of the original buffer.
60pub(crate) trait TpmUnmarshalCommand: Sized {
61    /// Unmarshals the command body from the handle and parameter area.
62    ///
63    /// # Errors
64    ///
65    /// Returns `Err(TpmProtocolError)` on a unmarshal failure.
66    fn unmarshal_body<'a>(handles: &'a [u8], params: &'a [u8]) -> TpmResult<(Self, &'a [u8])>;
67}
68
69/// Unmarshals a response body using the response tag to handle structural variations.
70pub trait TpmUnmarshalResponse: Sized {
71    /// Unmarshals the response body from a buffer, using the response tag
72    /// dynamically to determine the structure.
73    ///
74    /// # Errors
75    ///
76    /// Returns `Err(TpmProtocolError)` on a unmarshal failure.
77    fn unmarshal_body(tag: crate::data::TpmSt, buf: &[u8]) -> TpmResult<(Self, &[u8])>;
78}
79
80tpm_dispatch! {
81    (TpmNvUndefineSpaceSpecialCommand, TpmNvUndefineSpaceSpecialResponse, NvUndefineSpaceSpecial),
82    (TpmEvictControlCommand, TpmEvictControlResponse, EvictControl),
83    (TpmHierarchyControlCommand, TpmHierarchyControlResponse, HierarchyControl),
84    (TpmNvUndefineSpaceCommand, TpmNvUndefineSpaceResponse, NvUndefineSpace),
85    (TpmChangeEpsCommand, TpmChangeEpsResponse, ChangeEps),
86    (TpmChangePpsCommand, TpmChangePpsResponse, ChangePps),
87    (TpmClearCommand, TpmClearResponse, Clear),
88    (TpmClearControlCommand, TpmClearControlResponse, ClearControl),
89    (TpmClockSetCommand, TpmClockSetResponse, ClockSet),
90    (TpmHierarchyChangeAuthCommand, TpmHierarchyChangeAuthResponse, HierarchyChangeAuth),
91    (TpmNvDefineSpaceCommand, TpmNvDefineSpaceResponse, NvDefineSpace),
92    (TpmPcrAllocateCommand, TpmPcrAllocateResponse, PcrAllocate),
93    (TpmPcrSetAuthPolicyCommand, TpmPcrSetAuthPolicyResponse, PcrSetAuthPolicy),
94    (TpmPpCommandsCommand, TpmPpCommandsResponse, PpCommands),
95    (TpmSetPrimaryPolicyCommand, TpmSetPrimaryPolicyResponse, SetPrimaryPolicy),
96    (TpmFieldUpgradeStartCommand, TpmFieldUpgradeStartResponse, FieldUpgradeStart),
97    (TpmClockRateAdjustCommand, TpmClockRateAdjustResponse, ClockRateAdjust),
98    (TpmCreatePrimaryCommand, TpmCreatePrimaryResponse, CreatePrimary),
99    (TpmNvGlobalWriteLockCommand, TpmNvGlobalWriteLockResponse, NvGlobalWriteLock),
100    (TpmGetCommandAuditDigestCommand, TpmGetCommandAuditDigestResponse, GetCommandAuditDigest),
101    (TpmNvIncrementCommand, TpmNvIncrementResponse, NvIncrement),
102    (TpmNvSetBitsCommand, TpmNvSetBitsResponse, NvSetBits),
103    (TpmNvExtendCommand, TpmNvExtendResponse, NvExtend),
104    (TpmNvWriteCommand, TpmNvWriteResponse, NvWrite),
105    (TpmNvWriteLockCommand, TpmNvWriteLockResponse, NvWriteLock),
106    (TpmDictionaryAttackLockResetCommand, TpmDictionaryAttackLockResetResponse, DictionaryAttackLockReset),
107    (TpmDictionaryAttackParametersCommand, TpmDictionaryAttackParametersResponse, DictionaryAttackParameters),
108    (TpmNvChangeAuthCommand, TpmNvChangeAuthResponse, NvChangeAuth),
109    (TpmPcrEventCommand, TpmPcrEventResponse, PcrEvent),
110    (TpmPcrResetCommand, TpmPcrResetResponse, PcrReset),
111    (TpmSequenceCompleteCommand, TpmSequenceCompleteResponse, SequenceComplete),
112    (TpmSetAlgorithmSetCommand, TpmSetAlgorithmSetResponse, SetAlgorithmSet),
113    (TpmSetCommandCodeAuditStatusCommand, TpmSetCommandCodeAuditStatusResponse, SetCommandCodeAuditStatus),
114    (TpmFieldUpgradeDataCommand, TpmFieldUpgradeDataResponse, FieldUpgradeData),
115    (TpmIncrementalSelfTestCommand, TpmIncrementalSelfTestResponse, IncrementalSelfTest),
116    (TpmSelfTestCommand, TpmSelfTestResponse, SelfTest),
117    (TpmStartupCommand, TpmStartupResponse, Startup),
118    (TpmShutdownCommand, TpmShutdownResponse, Shutdown),
119    (TpmStirRandomCommand, TpmStirRandomResponse, StirRandom),
120    (TpmActivateCredentialCommand, TpmActivateCredentialResponse, ActivateCredential),
121    (TpmCertifyCommand, TpmCertifyResponse, Certify),
122    (TpmPolicyNvCommand, TpmPolicyNvResponse, PolicyNv),
123    (TpmCertifyCreationCommand, TpmCertifyCreationResponse, CertifyCreation),
124    (TpmDuplicateCommand, TpmDuplicateResponse, Duplicate),
125    (TpmGetTimeCommand, TpmGetTimeResponse, GetTime),
126    (TpmGetSessionAuditDigestCommand, TpmGetSessionAuditDigestResponse, GetSessionAuditDigest),
127    (TpmNvReadCommand, TpmNvReadResponse, NvRead),
128    (TpmNvReadLockCommand, TpmNvReadLockResponse, NvReadLock),
129    (TpmObjectChangeAuthCommand, TpmObjectChangeAuthResponse, ObjectChangeAuth),
130    (TpmPolicySecretCommand, TpmPolicySecretResponse, PolicySecret),
131    (TpmRewrapCommand, TpmRewrapResponse, Rewrap),
132    (TpmCreateCommand, TpmCreateResponse, Create),
133    (TpmEcdhZGenCommand, TpmEcdhZGenResponse, EcdhZGen),
134    (TpmHmacCommand, TpmHmacResponse, Hmac),
135    (TpmImportCommand, TpmImportResponse, Import),
136    (TpmLoadCommand, TpmLoadResponse, Load),
137    (TpmQuoteCommand, TpmQuoteResponse, Quote),
138    (TpmRsaDecryptCommand, TpmRsaDecryptResponse, RsaDecrypt),
139    (TpmHmacStartCommand, TpmHmacStartResponse, HmacStart),
140    (TpmSequenceUpdateCommand, TpmSequenceUpdateResponse, SequenceUpdate),
141    (TpmSignCommand, TpmSignResponse, Sign),
142    (TpmUnsealCommand, TpmUnsealResponse, Unseal),
143    (TpmPolicySignedCommand, TpmPolicySignedResponse, PolicySigned),
144    (TpmContextLoadCommand, TpmContextLoadResponse, ContextLoad),
145    (TpmContextSaveCommand, TpmContextSaveResponse, ContextSave),
146    (TpmEcdhKeyGenCommand, TpmEcdhKeyGenResponse, EcdhKeyGen),
147    (TpmEncryptDecryptCommand, TpmEncryptDecryptResponse, EncryptDecrypt),
148    (TpmFlushContextCommand, TpmFlushContextResponse, FlushContext),
149    (TpmLoadExternalCommand, TpmLoadExternalResponse, LoadExternal),
150    (TpmMakeCredentialCommand, TpmMakeCredentialResponse, MakeCredential),
151    (TpmNvReadPublicCommand, TpmNvReadPublicResponse, NvReadPublic),
152    (TpmPolicyAuthorizeCommand, TpmPolicyAuthorizeResponse, PolicyAuthorize),
153    (TpmPolicyAuthValueCommand, TpmPolicyAuthValueResponse, PolicyAuthValue),
154    (TpmPolicyCommandCodeCommand, TpmPolicyCommandCodeResponse, PolicyCommandCode),
155    (TpmPolicyCounterTimerCommand, TpmPolicyCounterTimerResponse, PolicyCounterTimer),
156    (TpmPolicyCpHashCommand, TpmPolicyCpHashResponse, PolicyCpHash),
157    (TpmPolicyLocalityCommand, TpmPolicyLocalityResponse, PolicyLocality),
158    (TpmPolicyNameHashCommand, TpmPolicyNameHashResponse, PolicyNameHash),
159    (TpmPolicyOrCommand, TpmPolicyOrResponse, PolicyOr),
160    (TpmPolicyTicketCommand, TpmPolicyTicketResponse, PolicyTicket),
161    (TpmReadPublicCommand, TpmReadPublicResponse, ReadPublic),
162    (TpmRsaEncryptCommand, TpmRsaEncryptResponse, RsaEncrypt),
163    (TpmStartAuthSessionCommand, TpmStartAuthSessionResponse, StartAuthSession),
164    (TpmVerifySignatureCommand, TpmVerifySignatureResponse, VerifySignature),
165    (TpmEccParametersCommand, TpmEccParametersResponse, EccParameters),
166    (TpmFirmwareReadCommand, TpmFirmwareReadResponse, FirmwareRead),
167    (TpmGetCapabilityCommand, TpmGetCapabilityResponse, GetCapability),
168    (TpmGetRandomCommand, TpmGetRandomResponse, GetRandom),
169    (TpmGetTestResultCommand, TpmGetTestResultResponse, GetTestResult),
170    (TpmHashCommand, TpmHashResponse, Hash),
171    (TpmPcrReadCommand, TpmPcrReadResponse, PcrRead),
172    (TpmPolicyPcrCommand, TpmPolicyPcrResponse, PolicyPcr),
173    (TpmPolicyRestartCommand, TpmPolicyRestartResponse, PolicyRestart),
174    (TpmReadClockCommand, TpmReadClockResponse, ReadClock),
175    (TpmPcrExtendCommand, TpmPcrExtendResponse, PcrExtend),
176    (TpmPcrSetAuthValueCommand, TpmPcrSetAuthValueResponse, PcrSetAuthValue),
177    (TpmNvCertifyCommand, TpmNvCertifyResponse, NvCertify),
178    (TpmEventSequenceCompleteCommand, TpmEventSequenceCompleteResponse, EventSequenceComplete),
179    (TpmHashSequenceStartCommand, TpmHashSequenceStartResponse, HashSequenceStart),
180    (TpmPolicyPhysicalPresenceCommand, TpmPolicyPhysicalPresenceResponse, PolicyPhysicalPresence),
181    (TpmPolicyDuplicationSelectCommand, TpmPolicyDuplicationSelectResponse, PolicyDuplicationSelect),
182    (TpmPolicyGetDigestCommand, TpmPolicyGetDigestResponse, PolicyGetDigest),
183    (TpmTestParmsCommand, TpmTestParmsResponse, TestParms),
184    (TpmCommitCommand, TpmCommitResponse, Commit),
185    (TpmPolicyPasswordCommand, TpmPolicyPasswordResponse, PolicyPassword),
186    (TpmZGen2PhaseCommand, TpmZGen2PhaseResponse, ZGen2Phase),
187    (TpmEcEphemeralCommand, TpmEcEphemeralResponse, EcEphemeral),
188    (TpmPolicyNvWrittenCommand, TpmPolicyNvWrittenResponse, PolicyNvWritten),
189    (TpmPolicyTemplateCommand, TpmPolicyTemplateResponse, PolicyTemplate),
190    (TpmCreateLoadedCommand, TpmCreateLoadedResponse, CreateLoaded),
191    (TpmPolicyAuthorizeNvCommand, TpmPolicyAuthorizeNvResponse, PolicyAuthorizeNv),
192    (TpmEncryptDecrypt2Command, TpmEncryptDecrypt2Response, EncryptDecrypt2),
193    (TpmAcGetCapabilityCommand, TpmAcGetCapabilityResponse, AcGetCapability),
194    (TpmAcSendCommand, TpmAcSendResponse, AcSend),
195    (TpmPolicyAcSendSelectCommand, TpmPolicyAcSendSelectResponse, PolicyAcSendSelect),
196    (TpmActSetTimeoutCommand, TpmActSetTimeoutResponse, ActSetTimeout),
197    (TpmEccEncryptCommand, TpmEccEncryptResponse, EccEncrypt),
198    (TpmEccDecryptCommand, TpmEccDecryptResponse, EccDecrypt),
199    (TpmPolicyCapabilityCommand, TpmPolicyCapabilityResponse, PolicyCapability),
200    (TpmPolicyParametersCommand, TpmPolicyParametersResponse, PolicyParameters),
201    (TpmNvDefineSpace2Command, TpmNvDefineSpace2Response, NvDefineSpace2),
202    (TpmNvReadPublic2Command, TpmNvReadPublic2Response, NvReadPublic2),
203    (TpmReadOnlyControlCommand, TpmReadOnlyControlResponse, ReadOnlyControl),
204    (TpmPolicyTransportSpdmCommand, TpmPolicyTransportSpdmResponse, PolicyTransportSpdm),
205    (TpmVendorTcgTestCommand, TpmVendorTcgTestResponse, VendorTcgTest),
206}