tpm2_protocol/frame/
mod.rs

1// SPDX-License-Identifier: MIT OR Apache-2.0
2// Copyright (c) 2025 Opinsys Oy
3// Copyright (c) 2024-2025 Jarkko Sakkinen
4
5use crate::{basic::TpmList, tpm_dispatch, TpmMarshal, TpmResult, TpmSized, TpmWriter};
6use core::fmt::Debug;
7
8mod data;
9mod marshal;
10mod unmarshal;
11
12pub use self::{data::*, marshal::*, unmarshal::*};
13
14use crate::constant::{MAX_HANDLES, MAX_SESSIONS};
15
16const TPM_HEADER_SIZE: u32 = 10;
17
18/// A fixed-capacity list for TPM handles.
19pub type TpmHandles = TpmList<crate::basic::TpmHandle, MAX_HANDLES>;
20
21/// A fixed-capacity list for command authorization sessions.
22pub type TpmAuthCommands = TpmList<crate::data::TpmsAuthCommand, MAX_SESSIONS>;
23
24/// A fixed-capacity list for response authorization sessions.
25pub type TpmAuthResponses = TpmList<crate::data::TpmsAuthResponse, MAX_SESSIONS>;
26
27/// A trait for TPM commands and responses that provides static header information.
28pub trait TpmHeader {
29    /// The Command Code (CC) for the command or response.
30    const CC: crate::data::TpmCc;
31    /// The number of handles in the handle area.
32    const HANDLES: usize;
33}
34
35/// A trait for TPM commands and responses that provides dynamic frame information.
36pub trait TpmFrame: TpmMarshal + TpmMarshalBody + Debug {
37    /// Returns the Command Code (CC) for the command or response.
38    fn cc(&self) -> crate::data::TpmCc;
39    /// Returns the number of handles in the handle area.
40    fn handles(&self) -> usize;
41}
42
43/// A trait for marshaling command/response bodies in separate handle and parameter sections.
44pub trait TpmMarshalBody: TpmSized {
45    /// Marshals the handle area.
46    ///
47    /// # Errors
48    ///
49    /// Returns `Err(TpmProtocolError)` on a marshal failure.
50    fn marshal_handles(&self, writer: &mut TpmWriter) -> TpmResult<()>;
51
52    /// Marshals the parameter area.
53    ///
54    /// # Errors
55    ///
56    /// Returns `Err(TpmProtocolError)` on a marshal failure.
57    fn marshal_parameters(&self, writer: &mut TpmWriter) -> TpmResult<()>;
58}
59
60/// Unmarshals a command body from the slices point out to the handle area and
61/// parameter area of the original buffer.
62pub(crate) trait TpmUnmarshalCommand: Sized {
63    /// Unmarshals the command body from the handle and parameter area.
64    ///
65    /// # Errors
66    ///
67    /// Returns `Err(TpmProtocolError)` on a unmarshal failure.
68    fn unmarshal_body<'a>(handles: &'a [u8], params: &'a [u8]) -> TpmResult<(Self, &'a [u8])>;
69}
70
71/// Unmarshals a response body using the response tag to handle structural variations.
72pub trait TpmUnmarshalResponse: Sized {
73    /// Unmarshals the response body from a buffer, using the response tag
74    /// dynamically to determine the structure.
75    ///
76    /// # Errors
77    ///
78    /// Returns `Err(TpmProtocolError)` on a unmarshal failure.
79    fn unmarshal_body(tag: crate::data::TpmSt, buf: &[u8]) -> TpmResult<(Self, &[u8])>;
80}
81
82tpm_dispatch! {
83    (TpmNvUndefineSpaceSpecialCommand, TpmNvUndefineSpaceSpecialResponse, NvUndefineSpaceSpecial),
84    (TpmEvictControlCommand, TpmEvictControlResponse, EvictControl),
85    (TpmHierarchyControlCommand, TpmHierarchyControlResponse, HierarchyControl),
86    (TpmNvUndefineSpaceCommand, TpmNvUndefineSpaceResponse, NvUndefineSpace),
87    (TpmChangeEpsCommand, TpmChangeEpsResponse, ChangeEps),
88    (TpmChangePpsCommand, TpmChangePpsResponse, ChangePps),
89    (TpmClearCommand, TpmClearResponse, Clear),
90    (TpmClearControlCommand, TpmClearControlResponse, ClearControl),
91    (TpmClockSetCommand, TpmClockSetResponse, ClockSet),
92    (TpmHierarchyChangeAuthCommand, TpmHierarchyChangeAuthResponse, HierarchyChangeAuth),
93    (TpmNvDefineSpaceCommand, TpmNvDefineSpaceResponse, NvDefineSpace),
94    (TpmPcrAllocateCommand, TpmPcrAllocateResponse, PcrAllocate),
95    (TpmPcrSetAuthPolicyCommand, TpmPcrSetAuthPolicyResponse, PcrSetAuthPolicy),
96    (TpmPpCommandsCommand, TpmPpCommandsResponse, PpCommands),
97    (TpmSetPrimaryPolicyCommand, TpmSetPrimaryPolicyResponse, SetPrimaryPolicy),
98    (TpmFieldUpgradeStartCommand, TpmFieldUpgradeStartResponse, FieldUpgradeStart),
99    (TpmClockRateAdjustCommand, TpmClockRateAdjustResponse, ClockRateAdjust),
100    (TpmCreatePrimaryCommand, TpmCreatePrimaryResponse, CreatePrimary),
101    (TpmNvGlobalWriteLockCommand, TpmNvGlobalWriteLockResponse, NvGlobalWriteLock),
102    (TpmGetCommandAuditDigestCommand, TpmGetCommandAuditDigestResponse, GetCommandAuditDigest),
103    (TpmNvIncrementCommand, TpmNvIncrementResponse, NvIncrement),
104    (TpmNvSetBitsCommand, TpmNvSetBitsResponse, NvSetBits),
105    (TpmNvExtendCommand, TpmNvExtendResponse, NvExtend),
106    (TpmNvWriteCommand, TpmNvWriteResponse, NvWrite),
107    (TpmNvWriteLockCommand, TpmNvWriteLockResponse, NvWriteLock),
108    (TpmDictionaryAttackLockResetCommand, TpmDictionaryAttackLockResetResponse, DictionaryAttackLockReset),
109    (TpmDictionaryAttackParametersCommand, TpmDictionaryAttackParametersResponse, DictionaryAttackParameters),
110    (TpmNvChangeAuthCommand, TpmNvChangeAuthResponse, NvChangeAuth),
111    (TpmPcrEventCommand, TpmPcrEventResponse, PcrEvent),
112    (TpmPcrResetCommand, TpmPcrResetResponse, PcrReset),
113    (TpmSequenceCompleteCommand, TpmSequenceCompleteResponse, SequenceComplete),
114    (TpmSetAlgorithmSetCommand, TpmSetAlgorithmSetResponse, SetAlgorithmSet),
115    (TpmSetCommandCodeAuditStatusCommand, TpmSetCommandCodeAuditStatusResponse, SetCommandCodeAuditStatus),
116    (TpmFieldUpgradeDataCommand, TpmFieldUpgradeDataResponse, FieldUpgradeData),
117    (TpmIncrementalSelfTestCommand, TpmIncrementalSelfTestResponse, IncrementalSelfTest),
118    (TpmSelfTestCommand, TpmSelfTestResponse, SelfTest),
119    (TpmStartupCommand, TpmStartupResponse, Startup),
120    (TpmShutdownCommand, TpmShutdownResponse, Shutdown),
121    (TpmStirRandomCommand, TpmStirRandomResponse, StirRandom),
122    (TpmActivateCredentialCommand, TpmActivateCredentialResponse, ActivateCredential),
123    (TpmCertifyCommand, TpmCertifyResponse, Certify),
124    (TpmPolicyNvCommand, TpmPolicyNvResponse, PolicyNv),
125    (TpmCertifyCreationCommand, TpmCertifyCreationResponse, CertifyCreation),
126    (TpmDuplicateCommand, TpmDuplicateResponse, Duplicate),
127    (TpmGetTimeCommand, TpmGetTimeResponse, GetTime),
128    (TpmGetSessionAuditDigestCommand, TpmGetSessionAuditDigestResponse, GetSessionAuditDigest),
129    (TpmNvReadCommand, TpmNvReadResponse, NvRead),
130    (TpmNvReadLockCommand, TpmNvReadLockResponse, NvReadLock),
131    (TpmObjectChangeAuthCommand, TpmObjectChangeAuthResponse, ObjectChangeAuth),
132    (TpmPolicySecretCommand, TpmPolicySecretResponse, PolicySecret),
133    (TpmRewrapCommand, TpmRewrapResponse, Rewrap),
134    (TpmCreateCommand, TpmCreateResponse, Create),
135    (TpmEcdhZGenCommand, TpmEcdhZGenResponse, EcdhZGen),
136    (TpmHmacCommand, TpmHmacResponse, Hmac),
137    (TpmImportCommand, TpmImportResponse, Import),
138    (TpmLoadCommand, TpmLoadResponse, Load),
139    (TpmQuoteCommand, TpmQuoteResponse, Quote),
140    (TpmRsaDecryptCommand, TpmRsaDecryptResponse, RsaDecrypt),
141    (TpmHmacStartCommand, TpmHmacStartResponse, HmacStart),
142    (TpmSequenceUpdateCommand, TpmSequenceUpdateResponse, SequenceUpdate),
143    (TpmSignCommand, TpmSignResponse, Sign),
144    (TpmUnsealCommand, TpmUnsealResponse, Unseal),
145    (TpmPolicySignedCommand, TpmPolicySignedResponse, PolicySigned),
146    (TpmContextLoadCommand, TpmContextLoadResponse, ContextLoad),
147    (TpmContextSaveCommand, TpmContextSaveResponse, ContextSave),
148    (TpmEcdhKeyGenCommand, TpmEcdhKeyGenResponse, EcdhKeyGen),
149    (TpmEncryptDecryptCommand, TpmEncryptDecryptResponse, EncryptDecrypt),
150    (TpmFlushContextCommand, TpmFlushContextResponse, FlushContext),
151    (TpmLoadExternalCommand, TpmLoadExternalResponse, LoadExternal),
152    (TpmMakeCredentialCommand, TpmMakeCredentialResponse, MakeCredential),
153    (TpmNvReadPublicCommand, TpmNvReadPublicResponse, NvReadPublic),
154    (TpmPolicyAuthorizeCommand, TpmPolicyAuthorizeResponse, PolicyAuthorize),
155    (TpmPolicyAuthValueCommand, TpmPolicyAuthValueResponse, PolicyAuthValue),
156    (TpmPolicyCommandCodeCommand, TpmPolicyCommandCodeResponse, PolicyCommandCode),
157    (TpmPolicyCounterTimerCommand, TpmPolicyCounterTimerResponse, PolicyCounterTimer),
158    (TpmPolicyCpHashCommand, TpmPolicyCpHashResponse, PolicyCpHash),
159    (TpmPolicyLocalityCommand, TpmPolicyLocalityResponse, PolicyLocality),
160    (TpmPolicyNameHashCommand, TpmPolicyNameHashResponse, PolicyNameHash),
161    (TpmPolicyOrCommand, TpmPolicyOrResponse, PolicyOr),
162    (TpmPolicyTicketCommand, TpmPolicyTicketResponse, PolicyTicket),
163    (TpmReadPublicCommand, TpmReadPublicResponse, ReadPublic),
164    (TpmRsaEncryptCommand, TpmRsaEncryptResponse, RsaEncrypt),
165    (TpmStartAuthSessionCommand, TpmStartAuthSessionResponse, StartAuthSession),
166    (TpmVerifySignatureCommand, TpmVerifySignatureResponse, VerifySignature),
167    (TpmEccParametersCommand, TpmEccParametersResponse, EccParameters),
168    (TpmFirmwareReadCommand, TpmFirmwareReadResponse, FirmwareRead),
169    (TpmGetCapabilityCommand, TpmGetCapabilityResponse, GetCapability),
170    (TpmGetRandomCommand, TpmGetRandomResponse, GetRandom),
171    (TpmGetTestResultCommand, TpmGetTestResultResponse, GetTestResult),
172    (TpmHashCommand, TpmHashResponse, Hash),
173    (TpmPcrReadCommand, TpmPcrReadResponse, PcrRead),
174    (TpmPolicyPcrCommand, TpmPolicyPcrResponse, PolicyPcr),
175    (TpmPolicyRestartCommand, TpmPolicyRestartResponse, PolicyRestart),
176    (TpmReadClockCommand, TpmReadClockResponse, ReadClock),
177    (TpmPcrExtendCommand, TpmPcrExtendResponse, PcrExtend),
178    (TpmPcrSetAuthValueCommand, TpmPcrSetAuthValueResponse, PcrSetAuthValue),
179    (TpmNvCertifyCommand, TpmNvCertifyResponse, NvCertify),
180    (TpmEventSequenceCompleteCommand, TpmEventSequenceCompleteResponse, EventSequenceComplete),
181    (TpmHashSequenceStartCommand, TpmHashSequenceStartResponse, HashSequenceStart),
182    (TpmPolicyPhysicalPresenceCommand, TpmPolicyPhysicalPresenceResponse, PolicyPhysicalPresence),
183    (TpmPolicyDuplicationSelectCommand, TpmPolicyDuplicationSelectResponse, PolicyDuplicationSelect),
184    (TpmPolicyGetDigestCommand, TpmPolicyGetDigestResponse, PolicyGetDigest),
185    (TpmTestParmsCommand, TpmTestParmsResponse, TestParms),
186    (TpmCommitCommand, TpmCommitResponse, Commit),
187    (TpmPolicyPasswordCommand, TpmPolicyPasswordResponse, PolicyPassword),
188    (TpmZGen2PhaseCommand, TpmZGen2PhaseResponse, ZGen2Phase),
189    (TpmEcEphemeralCommand, TpmEcEphemeralResponse, EcEphemeral),
190    (TpmPolicyNvWrittenCommand, TpmPolicyNvWrittenResponse, PolicyNvWritten),
191    (TpmPolicyTemplateCommand, TpmPolicyTemplateResponse, PolicyTemplate),
192    (TpmCreateLoadedCommand, TpmCreateLoadedResponse, CreateLoaded),
193    (TpmPolicyAuthorizeNvCommand, TpmPolicyAuthorizeNvResponse, PolicyAuthorizeNv),
194    (TpmEncryptDecrypt2Command, TpmEncryptDecrypt2Response, EncryptDecrypt2),
195    (TpmAcGetCapabilityCommand, TpmAcGetCapabilityResponse, AcGetCapability),
196    (TpmAcSendCommand, TpmAcSendResponse, AcSend),
197    (TpmPolicyAcSendSelectCommand, TpmPolicyAcSendSelectResponse, PolicyAcSendSelect),
198    (TpmActSetTimeoutCommand, TpmActSetTimeoutResponse, ActSetTimeout),
199    (TpmEccEncryptCommand, TpmEccEncryptResponse, EccEncrypt),
200    (TpmEccDecryptCommand, TpmEccDecryptResponse, EccDecrypt),
201    (TpmPolicyCapabilityCommand, TpmPolicyCapabilityResponse, PolicyCapability),
202    (TpmPolicyParametersCommand, TpmPolicyParametersResponse, PolicyParameters),
203    (TpmNvDefineSpace2Command, TpmNvDefineSpace2Response, NvDefineSpace2),
204    (TpmNvReadPublic2Command, TpmNvReadPublic2Response, NvReadPublic2),
205    (TpmReadOnlyControlCommand, TpmReadOnlyControlResponse, ReadOnlyControl),
206    (TpmPolicyTransportSpdmCommand, TpmPolicyTransportSpdmResponse, PolicyTransportSpdm),
207    (TpmVendorTcgTestCommand, TpmVendorTcgTestResponse, VendorTcgTest),
208}