tpm2_protocol/message/
mod.rs

1// SPDX-License-Identifier: MIT OR Apache-2.0
2// Copyright (c) 2025 Opinsys Oy
3// Copyright (c) 2024-2025 Jarkko Sakkinen
4
5use crate::{basic::TpmList, tpm_dispatch, TpmBuild, TpmResult, TpmSized, TpmWriter};
6use core::fmt::Debug;
7
8mod build;
9mod data;
10mod parse;
11
12pub use self::{build::*, data::*, parse::*};
13
14use crate::constant::{MAX_HANDLES, MAX_SESSIONS};
15
16/// A fixed-capacity list for TPM handles.
17pub type TpmHandles = TpmList<crate::TpmHandle, MAX_HANDLES>;
18
19/// A fixed-capacity list for command authorization sessions.
20pub type TpmAuthCommands = TpmList<crate::data::TpmsAuthCommand, MAX_SESSIONS>;
21
22/// A fixed-capacity list for response authorization sessions.
23pub type TpmAuthResponses = TpmList<crate::data::TpmsAuthResponse, MAX_SESSIONS>;
24
25/// A trait for TPM commands and responses that provides header information.
26pub trait TpmHeader: TpmBuild + Debug {
27    const CC: crate::data::TpmCc;
28    const HANDLES: usize;
29
30    fn cc(&self) -> crate::data::TpmCc {
31        Self::CC
32    }
33}
34
35/// A trait for building command/response bodies in separate handle and parameter sections.
36pub trait TpmBodyBuild: TpmSized {
37    /// Builds the handle area.
38    ///
39    /// # Errors
40    ///
41    /// Returns `Err(TpmError)` on a build failure.
42    fn build_handles(&self, writer: &mut TpmWriter) -> TpmResult<()>;
43
44    /// Builds the parameter area.
45    ///
46    /// # Errors
47    ///
48    /// Returns `Err(TpmError)` on a build failure.
49    fn build_parameters(&self, writer: &mut TpmWriter) -> TpmResult<()>;
50}
51
52/// Parses a command body from the slices point out to the handle area and
53/// parameter area of the original buffer.
54pub(crate) trait TpmCommandBodyParse: Sized {
55    /// Parses the command body from the handle and parameter area.
56    ///
57    /// # Errors
58    ///
59    /// Returns `Err(TpmError)` on a parse failure.
60    fn parse_body<'a>(handles: &'a [u8], params: &'a [u8]) -> TpmResult<(Self, &'a [u8])>;
61}
62
63/// Parses a response body using the response tag to handle structural variations.
64pub trait TpmResponseBodyParse: Sized {
65    /// Parses the response body from a buffer, using the response tag
66    /// dynamically to determine the structure.
67    ///
68    /// # Errors
69    ///
70    /// Returns `Err(TpmError)` on a parse failure.
71    fn parse_body(tag: crate::data::TpmSt, buf: &[u8]) -> TpmResult<(Self, &[u8])>;
72}
73
74tpm_dispatch! {
75    (TpmNvUndefineSpaceSpecialCommand, TpmNvUndefineSpaceSpecialResponse, NvUndefineSpaceSpecial),
76    (TpmEvictControlCommand, TpmEvictControlResponse, EvictControl),
77    (TpmHierarchyControlCommand, TpmHierarchyControlResponse, HierarchyControl),
78    (TpmNvUndefineSpaceCommand, TpmNvUndefineSpaceResponse, NvUndefineSpace),
79    (TpmChangeEpsCommand, TpmChangeEpsResponse, ChangeEps),
80    (TpmChangePpsCommand, TpmChangePpsResponse, ChangePps),
81    (TpmClearCommand, TpmClearResponse, Clear),
82    (TpmClearControlCommand, TpmClearControlResponse, ClearControl),
83    (TpmClockSetCommand, TpmClockSetResponse, ClockSet),
84    (TpmHierarchyChangeAuthCommand, TpmHierarchyChangeAuthResponse, HierarchyChangeAuth),
85    (TpmNvDefineSpaceCommand, TpmNvDefineSpaceResponse, NvDefineSpace),
86    (TpmPcrAllocateCommand, TpmPcrAllocateResponse, PcrAllocate),
87    (TpmPcrSetAuthPolicyCommand, TpmPcrSetAuthPolicyResponse, PcrSetAuthPolicy),
88    (TpmPpCommandsCommand, TpmPpCommandsResponse, PpCommands),
89    (TpmSetPrimaryPolicyCommand, TpmSetPrimaryPolicyResponse, SetPrimaryPolicy),
90    (TpmFieldUpgradeStartCommand, TpmFieldUpgradeStartResponse, FieldUpgradeStart),
91    (TpmClockRateAdjustCommand, TpmClockRateAdjustResponse, ClockRateAdjust),
92    (TpmCreatePrimaryCommand, TpmCreatePrimaryResponse, CreatePrimary),
93    (TpmNvGlobalWriteLockCommand, TpmNvGlobalWriteLockResponse, NvGlobalWriteLock),
94    (TpmGetCommandAuditDigestCommand, TpmGetCommandAuditDigestResponse, GetCommandAuditDigest),
95    (TpmNvIncrementCommand, TpmNvIncrementResponse, NvIncrement),
96    (TpmNvSetBitsCommand, TpmNvSetBitsResponse, NvSetBits),
97    (TpmNvExtendCommand, TpmNvExtendResponse, NvExtend),
98    (TpmNvWriteCommand, TpmNvWriteResponse, NvWrite),
99    (TpmNvWriteLockCommand, TpmNvWriteLockResponse, NvWriteLock),
100    (TpmDictionaryAttackLockResetCommand, TpmDictionaryAttackLockResetResponse, DictionaryAttackLockReset),
101    (TpmDictionaryAttackParametersCommand, TpmDictionaryAttackParametersResponse, DictionaryAttackParameters),
102    (TpmNvChangeAuthCommand, TpmNvChangeAuthResponse, NvChangeAuth),
103    (TpmPcrEventCommand, TpmPcrEventResponse, PcrEvent),
104    (TpmPcrResetCommand, TpmPcrResetResponse, PcrReset),
105    (TpmSequenceCompleteCommand, TpmSequenceCompleteResponse, SequenceComplete),
106    (TpmSetAlgorithmSetCommand, TpmSetAlgorithmSetResponse, SetAlgorithmSet),
107    (TpmSetCommandCodeAuditStatusCommand, TpmSetCommandCodeAuditStatusResponse, SetCommandCodeAuditStatus),
108    (TpmFieldUpgradeDataCommand, TpmFieldUpgradeDataResponse, FieldUpgradeData),
109    (TpmIncrementalSelfTestCommand, TpmIncrementalSelfTestResponse, IncrementalSelfTest),
110    (TpmSelfTestCommand, TpmSelfTestResponse, SelfTest),
111    (TpmStartupCommand, TpmStartupResponse, Startup),
112    (TpmShutdownCommand, TpmShutdownResponse, Shutdown),
113    (TpmStirRandomCommand, TpmStirRandomResponse, StirRandom),
114    (TpmActivateCredentialCommand, TpmActivateCredentialResponse, ActivateCredential),
115    (TpmCertifyCommand, TpmCertifyResponse, Certify),
116    (TpmPolicyNvCommand, TpmPolicyNvResponse, PolicyNv),
117    (TpmCertifyCreationCommand, TpmCertifyCreationResponse, CertifyCreation),
118    (TpmDuplicateCommand, TpmDuplicateResponse, Duplicate),
119    (TpmGetTimeCommand, TpmGetTimeResponse, GetTime),
120    (TpmGetSessionAuditDigestCommand, TpmGetSessionAuditDigestResponse, GetSessionAuditDigest),
121    (TpmNvReadCommand, TpmNvReadResponse, NvRead),
122    (TpmNvReadLockCommand, TpmNvReadLockResponse, NvReadLock),
123    (TpmObjectChangeAuthCommand, TpmObjectChangeAuthResponse, ObjectChangeAuth),
124    (TpmPolicySecretCommand, TpmPolicySecretResponse, PolicySecret),
125    (TpmRewrapCommand, TpmRewrapResponse, Rewrap),
126    (TpmCreateCommand, TpmCreateResponse, Create),
127    (TpmEcdhZGenCommand, TpmEcdhZGenResponse, EcdhZGen),
128    (TpmHmacCommand, TpmHmacResponse, Hmac),
129    (TpmImportCommand, TpmImportResponse, Import),
130    (TpmLoadCommand, TpmLoadResponse, Load),
131    (TpmQuoteCommand, TpmQuoteResponse, Quote),
132    (TpmRsaDecryptCommand, TpmRsaDecryptResponse, RsaDecrypt),
133    (TpmHmacStartCommand, TpmHmacStartResponse, HmacStart),
134    (TpmSequenceUpdateCommand, TpmSequenceUpdateResponse, SequenceUpdate),
135    (TpmSignCommand, TpmSignResponse, Sign),
136    (TpmUnsealCommand, TpmUnsealResponse, Unseal),
137    (TpmPolicySignedCommand, TpmPolicySignedResponse, PolicySigned),
138    (TpmContextLoadCommand, TpmContextLoadResponse, ContextLoad),
139    (TpmContextSaveCommand, TpmContextSaveResponse, ContextSave),
140    (TpmEcdhKeyGenCommand, TpmEcdhKeyGenResponse, EcdhKeyGen),
141    (TpmEncryptDecryptCommand, TpmEncryptDecryptResponse, EncryptDecrypt),
142    (TpmFlushContextCommand, TpmFlushContextResponse, FlushContext),
143    (TpmLoadExternalCommand, TpmLoadExternalResponse, LoadExternal),
144    (TpmMakeCredentialCommand, TpmMakeCredentialResponse, MakeCredential),
145    (TpmNvReadPublicCommand, TpmNvReadPublicResponse, NvReadPublic),
146    (TpmPolicyAuthorizeCommand, TpmPolicyAuthorizeResponse, PolicyAuthorize),
147    (TpmPolicyAuthValueCommand, TpmPolicyAuthValueResponse, PolicyAuthValue),
148    (TpmPolicyCommandCodeCommand, TpmPolicyCommandCodeResponse, PolicyCommandCode),
149    (TpmPolicyCounterTimerCommand, TpmPolicyCounterTimerResponse, PolicyCounterTimer),
150    (TpmPolicyCpHashCommand, TpmPolicyCpHashResponse, PolicyCpHash),
151    (TpmPolicyLocalityCommand, TpmPolicyLocalityResponse, PolicyLocality),
152    (TpmPolicyNameHashCommand, TpmPolicyNameHashResponse, PolicyNameHash),
153    (TpmPolicyOrCommand, TpmPolicyOrResponse, PolicyOr),
154    (TpmPolicyTicketCommand, TpmPolicyTicketResponse, PolicyTicket),
155    (TpmReadPublicCommand, TpmReadPublicResponse, ReadPublic),
156    (TpmRsaEncryptCommand, TpmRsaEncryptResponse, RsaEncrypt),
157    (TpmStartAuthSessionCommand, TpmStartAuthSessionResponse, StartAuthSession),
158    (TpmVerifySignatureCommand, TpmVerifySignatureResponse, VerifySignature),
159    (TpmEccParametersCommand, TpmEccParametersResponse, EccParameters),
160    (TpmFirmwareReadCommand, TpmFirmwareReadResponse, FirmwareRead),
161    (TpmGetCapabilityCommand, TpmGetCapabilityResponse, GetCapability),
162    (TpmGetRandomCommand, TpmGetRandomResponse, GetRandom),
163    (TpmGetTestResultCommand, TpmGetTestResultResponse, GetTestResult),
164    (TpmHashCommand, TpmHashResponse, Hash),
165    (TpmPcrReadCommand, TpmPcrReadResponse, PcrRead),
166    (TpmPolicyPcrCommand, TpmPolicyPcrResponse, PolicyPcr),
167    (TpmPolicyRestartCommand, TpmPolicyRestartResponse, PolicyRestart),
168    (TpmReadClockCommand, TpmReadClockResponse, ReadClock),
169    (TpmPcrExtendCommand, TpmPcrExtendResponse, PcrExtend),
170    (TpmPcrSetAuthValueCommand, TpmPcrSetAuthValueResponse, PcrSetAuthValue),
171    (TpmNvCertifyCommand, TpmNvCertifyResponse, NvCertify),
172    (TpmEventSequenceCompleteCommand, TpmEventSequenceCompleteResponse, EventSequenceComplete),
173    (TpmHashSequenceStartCommand, TpmHashSequenceStartResponse, HashSequenceStart),
174    (TpmPolicyPhysicalPresenceCommand, TpmPolicyPhysicalPresenceResponse, PolicyPhysicalPresence),
175    (TpmPolicyDuplicationSelectCommand, TpmPolicyDuplicationSelectResponse, PolicyDuplicationSelect),
176    (TpmPolicyGetDigestCommand, TpmPolicyGetDigestResponse, PolicyGetDigest),
177    (TpmTestParmsCommand, TpmTestParmsResponse, TestParms),
178    (TpmCommitCommand, TpmCommitResponse, Commit),
179    (TpmPolicyPasswordCommand, TpmPolicyPasswordResponse, PolicyPassword),
180    (TpmZGen2PhaseCommand, TpmZGen2PhaseResponse, ZGen2Phase),
181    (TpmEcEphemeralCommand, TpmEcEphemeralResponse, EcEphemeral),
182    (TpmPolicyNvWrittenCommand, TpmPolicyNvWrittenResponse, PolicyNvWritten),
183    (TpmPolicyTemplateCommand, TpmPolicyTemplateResponse, PolicyTemplate),
184    (TpmCreateLoadedCommand, TpmCreateLoadedResponse, CreateLoaded),
185    (TpmPolicyAuthorizeNvCommand, TpmPolicyAuthorizeNvResponse, PolicyAuthorizeNv),
186    (TpmEncryptDecrypt2Command, TpmEncryptDecrypt2Response, EncryptDecrypt2),
187    (TpmAcGetCapabilityCommand, TpmAcGetCapabilityResponse, AcGetCapability),
188    (TpmAcSendCommand, TpmAcSendResponse, AcSend),
189    (TpmPolicyAcSendSelectCommand, TpmPolicyAcSendSelectResponse, PolicyAcSendSelect),
190    (TpmActSetTimeoutCommand, TpmActSetTimeoutResponse, ActSetTimeout),
191    (TpmEccEncryptCommand, TpmEccEncryptResponse, EccEncrypt),
192    (TpmEccDecryptCommand, TpmEccDecryptResponse, EccDecrypt),
193    (TpmPolicyCapabilityCommand, TpmPolicyCapabilityResponse, PolicyCapability),
194    (TpmPolicyParametersCommand, TpmPolicyParametersResponse, PolicyParameters),
195    (TpmNvDefineSpace2Command, TpmNvDefineSpace2Response, NvDefineSpace2),
196    (TpmNvReadPublic2Command, TpmNvReadPublic2Response, NvReadPublic2),
197    (TpmReadOnlyControlCommand, TpmReadOnlyControlResponse, ReadOnlyControl),
198    (TpmPolicyTransportSpdmCommand, TpmPolicyTransportSpdmResponse, PolicyTransportSpdm),
199    (TpmVendorTcgTestCommand, TpmVendorTcgTestResponse, VendorTcgTest),
200}