search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-tpm20.c
blobc679cff91ea1ec6558796c98568eb3a82f637ea1
1 /* packet-tpm20.c
2 * Dissector for TPM20 protocol
3 * Copyright (c) 2018, Intel Corporation
4 * Tadeusz Struk <tadeusz.struk@intel.com>
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
9 *
10 * SPDX-License-Identifier: GPL-2.0-or-later
11 */
12
13 #include "config.h"
14
15 #include <epan/packet.h>
16 #include <epan/tvbuff.h>
17 #include <epan/expert.h>
18 #include <epan/tfs.h>
19 #include <wsutil/array.h>
20 #include <epan/wmem_scopes.h>
21
22 typedef struct {
23 uint32_t com_pnum;
24 uint32_t resp_type;
25 uint32_t command;
26 uint32_t num_auths;
27 } tpm_entry;
28
29 static wmem_tree_t *cmd_tree;
30 static unsigned last_command_pnum;
31 static bool response_size = true;
32
33 /* sub tree items */
34 static int proto_tpm20;
35 static int proto_tpm20_header;
36 static int proto_tpm20_resp_header;
37 static int proto_tpm20_hndl_area;
38 static int proto_tpm20_auth_area;
39 static int proto_tpm20_params_area;
40
41 /* pdu fields */
42 static int hf_tpm20_platform_cmd;
43 static int hf_tpm20_platform_resp_code;
44 static int hf_tpm20_platform_resp_size;
45 static int hf_tpm20_tag;
46 static int hf_tpm20_size;
47 static int hf_tpm20_cc;
48 static int hf_tpm20_resp_tag;
49 static int hf_tpm20_resp_size;
50 static int hf_tpm20_resp_code;
51 static int hf_tpm20_startup_type;
52 static int hf_tpmi_rh_hierarhy;
53 static int hf_tpmi_rh_provision;
54 static int hf_tpmi_rh_platform;
55 static int hf_tpmi_rh_endorsment;
56 static int hf_tpmi_rh_nv_index;
57 static int hf_tpmi_rh_nv_auth;
58 static int hf_tpmi_rh_hierarhy_auth;
59 static int hf_tpmi_rh_clear;
60 static int hf_tpmi_rh_lockout;
61 static int hf_tpmi_dh_object;
62 static int hf_tpmi_dh_entity;
63 static int hf_tpmi_dh_context;
64 static int hf_tpmi_dh_parent;
65 static int hf_tpmi_dh_pcr;
66 static int hf_tpmi_ht_handle;
67 static int hf_tpmi_sh_auth_session;
68 static int hf_tpmi_rh_act;
69 static int hf_auth_area_size;
70 static int hf_session_nonce_size;
71 static int hf_session_nonce;
72 static int hf_session_attribs_cont;
73 static int hf_session_attribs_auditex;
74 static int hf_session_attribs_auditreset;
75 static int hf_session_attribs_res;
76 static int hf_session_attribs_decrypt;
77 static int hf_session_attribs_encrypt;
78 static int hf_session_attribs_audit;
79 static int hf_session_auth_size;
80 static int hf_session_auth;
81 static int hf_resp_param_size;
82 static int hf_encrypted_secret_size;
83 static int hf_encrypted_secret;
84 static int hf_session_type;
85 static int hf_alg_hash;
86 static int hf_alg_sym;
87 static int hf_alg_sym_keybits;
88 static int hf_alg_sym_mode;
89 static int hf_tpm_priv_size;
90 static int hf_tpm_priv;
91 static int hf_tpm_pub_size;
92 static int hf_tpm_pub;
93 static int hf_tpm_name_size;
94 static int hf_tpm_name;
95 static int hf_tpm_sensitive_crate_size;
96 static int hf_tpm_sensitive_crate;
97 static int hf_tpm_template_size;
98 static int hf_tpm_template;
99 static int hf_tpm_data_size;
100 static int hf_tpm_data;
101 static int hf_tpm_creation_data_size;
102 static int hf_tpm_creation_data;
103 static int hf_tpm_digest_size;
104 static int hf_tpm_digest;
105 static int hf_params;
106
107 /* sub trees */
108 static int ett_tpm;
109 static int ett_tpm_header;
110 static int ett_tpm_response_header;
111 static int ett_tpm_handles;
112 static int ett_tpm_auth;
113 static int ett_tpm_params;
114 static int ett_tpm_attrib;
115
116 static expert_field ei_invalid_tag;
117 static expert_field ei_invalid_auth_size;
118 static expert_field ei_invalid_num_sessions;
119
120 void proto_register_tpm20(void);
121 void proto_reg_handoff_tpm20(void);
122
123 static dissector_handle_t tpm20_handle;
124
125 #define TCP_TPM_PORT_PLATFORM_PORT 2321
126 #define TCP_TPM_PORT_COMMAND_PORT 2322
127 #define TCP_TPM_PORTS "2321-2322"
128 #define MAX_HNDL 3
129 #define MAX_SESSIONS 3
130 #define TPM_ALG_NULL 0x0010
131 #define TPM_MIN_AUTH_LEN 9
132 #define TPM_COMMAND_HEADER_LEN 10
133
134 struct num_handles {
135 uint32_t command;
136 uint8_t num_req_handles;
137 int *req_pd[MAX_HNDL];
138 uint8_t num_resp_handles;
139 int *resp_pd[MAX_HNDL];
140 };
141
142 static struct num_handles tpm_handles_map[] = {
143 { 0x11f, 2, { &hf_tpmi_rh_provision, &hf_tpmi_dh_object, 0 }, 0, { 0, 0, 0}}, /* CC_NV_UndefineSpaceSpecial */
144 { 0x120, 2, { &hf_tpmi_rh_provision, &hf_tpmi_dh_object, 0 }, 0, { 0, 0, 0}}, /* CC_EvictControl */
145 { 0x121, 1, { &hf_tpmi_rh_hierarhy, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_HierarchyControl */
146 { 0x122, 2, { &hf_tpmi_rh_provision, &hf_tpmi_rh_nv_index, 0 }, 0, { 0, 0, 0 }}, /* CC_NV_UndefineSpace */
147 { 0x124, 1, { &hf_tpmi_rh_platform, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_ChangeEPS */
148 { 0x125, 1, { &hf_tpmi_rh_platform, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_ChangePPS */
149 { 0x126, 1, { &hf_tpmi_rh_clear, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_Clear */
150 { 0x127, 1, { &hf_tpmi_rh_clear, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_ClearControl */
151 { 0x128, 1, { &hf_tpmi_rh_provision, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_ClockSet */
152 { 0x129, 1, { &hf_tpmi_rh_hierarhy_auth, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_HierarchyChangeAuth */
153 { 0x12a, 1, { &hf_tpmi_rh_provision, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_NV_DefineSpace */
154 { 0x12b, 1, { &hf_tpmi_rh_platform, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PCR_Allocate */
155 { 0x12c, 1, { &hf_tpmi_rh_platform, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PCR_SetAuthPolicy */
156 { 0x12d, 1, { &hf_tpmi_rh_platform, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PP_Commands */
157 { 0x12e, 1, { &hf_tpmi_rh_hierarhy_auth, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_SetPrimaryPolicy */
158 { 0x12f, 2, { &hf_tpmi_rh_platform, &hf_tpmi_dh_object, 0 }, 0, { 0, 0, 0 }}, /* CC_FieldUpgradeStart */
159 { 0x130, 1, { &hf_tpmi_rh_platform, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_ClockRateAdjust */
160 { 0x131, 1, { &hf_tpmi_rh_hierarhy, 0, 0 }, 1, { &hf_tpmi_ht_handle, 0, 0 }}, /* CC_CreatePrimary */
161 { 0x132, 1, { &hf_tpmi_rh_provision, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_NV_GlobalWriteLock */
162 { 0x133, 2, { &hf_tpmi_rh_endorsment, &hf_tpmi_dh_object, 0 }, 0, { 0, 0, 0 }}, /* CC_GetCommandAuditDigest */
163 { 0x134, 2, { &hf_tpmi_rh_nv_auth, &hf_tpmi_rh_nv_index, 0 }, 0, { 0, 0, 0 }}, /* CC_NV_Increment */
164 { 0x135, 2, { &hf_tpmi_rh_nv_auth, &hf_tpmi_rh_nv_index, 0 }, 0, { 0, 0, 0 }}, /* CC_NV_SetBits */
165 { 0x136, 2, { &hf_tpmi_rh_nv_auth, &hf_tpmi_rh_nv_index, 0 }, 0, { 0, 0, 0 }}, /* CC_NV_Extend */
166 { 0x137, 2, { &hf_tpmi_rh_nv_auth, &hf_tpmi_rh_nv_index, 0 }, 0, { 0, 0, 0 }}, /* CC_NV_Write */
167 { 0x138, 2, { &hf_tpmi_rh_nv_auth, &hf_tpmi_rh_nv_index, 0 }, 0, { 0, 0, 0 }}, /* CC_NV_WriteLock */
168 { 0x139, 1, { &hf_tpmi_rh_lockout, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_DictionaryAttackLockReset */
169 { 0x13a, 1, { &hf_tpmi_rh_lockout, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_DictionaryAttackParameters */
170 { 0x13b, 1, { &hf_tpmi_rh_nv_index, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_NV_ChangeAuth */
171 { 0x13c, 1, { &hf_tpmi_dh_pcr, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PCR_Event */
172 { 0x13d, 1, { &hf_tpmi_dh_pcr, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PCR_Reset */
173 { 0x13e, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_SequenceComplete */
174 { 0x13f, 1, { &hf_tpmi_rh_platform, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_SetAlgorithmSet */
175 { 0x140, 1, { &hf_tpmi_rh_provision, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_SetCommandCodeAuditStatus */
176 { 0x141, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_FieldUpgradeData */
177 { 0x142, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_IncrementalSelfTest */
178 { 0x143, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_SelfTest */
179 { 0x144, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_Startup */
180 { 0x145, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_Shutdown */
181 { 0x146, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_StirRandom */
182 { 0x147, 2, { &hf_tpmi_dh_object, &hf_tpmi_dh_object, 0 }, 0, { 0, 0, 0 }}, /* CC_ActivateCredential */
183 { 0x148, 2, { &hf_tpmi_dh_object, &hf_tpmi_dh_object, 0 }, 0, { 0, 0, 0 }}, /* CC_Certify */
184 { 0x149, 3, { &hf_tpmi_rh_nv_auth, &hf_tpmi_rh_nv_index, &hf_tpmi_sh_auth_session}, 0, { 0, 0, 0 }}, /* CC_PolicyNV */
185 { 0x14a, 2, { &hf_tpmi_dh_object, &hf_tpmi_dh_object, 0 }, 0, { 0, 0, 0 }}, /* CC_CertifyCreation */
186 { 0x14b, 2, { &hf_tpmi_dh_object, &hf_tpmi_dh_object, 0 }, 0, { 0, 0, 0 }}, /* CC_Duplicate */
187 { 0x14c, 2, { &hf_tpmi_rh_endorsment, &hf_tpmi_dh_object, 0 }, 0, { 0, 0, 0 }}, /* CC_GetTime */
188 { 0x14d, 3, { &hf_tpmi_rh_endorsment, &hf_tpmi_dh_object, &hf_tpmi_sh_auth_session }, 0, { 0, 0, 0 }}, /* CC_GetSessionAuditDigest */
189 { 0x14e, 1, { &hf_tpmi_rh_nv_index, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_NV_Read */
190 { 0x14f, 2, { &hf_tpmi_rh_nv_auth, &hf_tpmi_rh_nv_index, 0 }, 0, { 0, 0, 0 }}, /* CC_NV_ReadLock */
191 { 0x150, 2, { &hf_tpmi_dh_object, &hf_tpmi_dh_object, 0 }, 0, { 0, 0, 0 }}, /* CC_ObjectChangeAuth */
192 { 0x151, 2, { &hf_tpmi_dh_entity, &hf_tpmi_sh_auth_session, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicySecret */
193 { 0x152, 2, { &hf_tpmi_dh_object, &hf_tpmi_dh_object, 0 }, 0, { 0, 0, 0 }}, /* CC_Rewrap */
194 { 0x153, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_Create */
195 { 0x154, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_ECDH_ZGen */
196 { 0x155, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_HMAC */
197 { 0x156, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_Import */
198 { 0x157, 1, { &hf_tpmi_dh_object, 0, 0 }, 1, { &hf_tpmi_ht_handle, 0, 0 }}, /* CC_Load */
199 { 0x158, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_Quote */
200 { 0x159, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_RSA_Decrypt */
201 { 0x15b, 1, { &hf_tpmi_dh_object, 0, 0 }, 1, { &hf_tpmi_dh_object, 0, 0 }}, /* CC_HMAC_Start */
202 { 0x15c, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_SequenceUpdate */
203 { 0x15d, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_Sign */
204 { 0x15e, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_Unseal */
205 { 0x160, 2, { &hf_tpmi_dh_object, &hf_tpmi_sh_auth_session, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicySigned */
206 { 0x161, 0, { 0, 0, 0 }, 1, { &hf_tpmi_dh_context, 0, 0 }}, /* CC_ContextLoad */
207 { 0x162, 1, { &hf_tpmi_dh_context, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_ContextSave */
208 { 0x163, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_ECDH_KeyGen */
209 { 0x164, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_EncryptDecrypt */
210 { 0x165, 1, { &hf_tpmi_dh_context, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_FlushContext */
211 { 0x167, 0, { 0, 0, 0 }, 1, { &hf_tpmi_dh_object, 0, 0 }}, /* CC_LoadExternal */
212 { 0x168, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_MakeCredential */
213 { 0x169, 1, { &hf_tpmi_rh_nv_index, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_NV_ReadPublic */
214 { 0x16a, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyAuthorize */
215 { 0x16b, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyAuthValue */
216 { 0x16c, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyCommandCode */
217 { 0x16d, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyCounterTimer" */
218 { 0x16e, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyCpHash */
219 { 0x16f, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyLocality */
220 { 0x170, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyNameHash */
221 { 0x171, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyOR */
222 { 0x172, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyTicket */
223 { 0x173, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_ReadPublic */
224 { 0x174, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_RSA_Encrypt */
225 { 0x176, 2, { &hf_tpmi_dh_object, &hf_tpmi_dh_entity, 0 }, 1, { &hf_tpmi_sh_auth_session, 0, 0 }}, /* CC_StartAuthSession */
226 { 0x177, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_VerifySignature */
227 { 0x178, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_ECC_Parameters */
228 { 0x179, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_FirmwareRead */
229 { 0x17a, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_GetCapability */
230 { 0x17b, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_GetRandom */
231 { 0x17c, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_GetTestResult */
232 { 0x17d, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_Hash */
233 { 0x17e, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PCR_Read */
234 { 0x17f, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyPCR */
235 { 0x180, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyRestart */
236 { 0x181, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_ReadClock */
237 { 0x182, 1, { &hf_tpmi_dh_pcr, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PCR_Extend */
238 { 0x183, 1, { &hf_tpmi_dh_pcr, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PCR_SetAuthValue */
239 { 0x184, 3, { &hf_tpmi_dh_object, &hf_tpmi_rh_nv_auth, &hf_tpmi_rh_nv_index }, 0, { 0, 0, 0 }}, /* CC_NV_Certify */
240 { 0x185, 2, { &hf_tpmi_dh_pcr, &hf_tpmi_dh_object, 0 }, 0, { 0, 0, 0 }}, /* CC_EventSequenceComplete */
241 { 0x186, 0, { 0, 0, 0 }, 1, { &hf_tpmi_dh_object, 0, 0 }}, /* CC_HashSequenceStart */
242 { 0x187, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyPhysicalPresence */
243 { 0x188, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyDuplicationSelect */
244 { 0x189, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyGetDigest */
245 { 0x18a, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_TestParms */
246 { 0x18b, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_Commit */
247 { 0x18c, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyPassword */
248 { 0x18d, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_ZGen_2Phase */
249 { 0x18e, 0, { 0, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_EC_Ephemeral */
250 { 0x18f, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyNvWritten */
251 { 0x190, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_PolicyTemplate */
252 { 0x191, 1, { &hf_tpmi_rh_hierarhy, 0, 0 }, 1, { &hf_tpmi_dh_parent, 0, 0 }}, /* CC_CreateLoaded */
253 { 0x192, 3, { &hf_tpmi_rh_nv_auth, &hf_tpmi_rh_nv_index, &hf_tpmi_sh_auth_session }, 0, { 0, 0, 0 }}, /* CC_PolicyAuthorizeNV */
254 { 0x193, 1, { &hf_tpmi_dh_object, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_EncryptDecrypt2 */
255 { 0x194, 1, { &hf_tpmi_ht_handle, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_AC_GetCapability */
256 { 0x195, 3, { &hf_tpmi_dh_object, &hf_tpmi_rh_nv_auth, &hf_tpmi_ht_handle }, 0, { 0, 0, 0 }}, /* CC_AC_Send */
257 { 0x196, 1, { &hf_tpmi_sh_auth_session, 0, 0 }, 0, { 0, 0, 0 }}, /* CC_Policy_AC_SendSelect */
258 { 0x197, 2, { &hf_tpmi_dh_object, &hf_tpmi_dh_object, 0 }, 0, { 0, 0, 0 }}, /* CC_CertifyX509 */
259 { 0x198, 1, { &hf_tpmi_rh_act, 0, 0 }, 0, { 0, 0, 0 }}, /* TPM_CC_ACT_SetTimeout */
260 };
261
262 static void get_num_hndl(struct num_handles *map)
263 {
264 uint8_t i, y;
265
266 for (i = 0; i < array_length(tpm_handles_map); i++) {
267 if (map->command == tpm_handles_map[i].command) {
268 map->num_req_handles = tpm_handles_map[i].num_req_handles;
269 map->num_resp_handles = tpm_handles_map[i].num_resp_handles;
270 for (y = 0; y < map->num_req_handles; y++)
271 map->req_pd[y] = tpm_handles_map[i].req_pd[y];
272 for (y = 0; y < map->num_resp_handles; y++)
273 map->resp_pd[y] = tpm_handles_map[i].resp_pd[y];
274 }
275 }
276 }
277
278 static const value_string handles[] = {
279 { 0x40000000, "TPM2_RH_SRK" },
280 { 0x40000001, "TPM2_RH_OWNER" },
281 { 0x40000002, "TPM2_RH_REVOKE" },
282 { 0x40000003, "TPM2_RH_TRANSPORT" },
283 { 0x40000004, "TPM2_RH_OPERATOR" },
284 { 0x40000005, "TPM2_RH_ADMIN" },
285 { 0x40000006, "TPM2_RH_EK" },
286 { 0x40000007, "TPM2_RH_NULL" },
287 { 0x40000008, "TPM2_RH_UNASSIGNED" },
288 { 0x40000009, "TPM2_RS_PW" },
289 { 0x4000000A, "TPM2_RH_LOCKOUT" },
290 { 0x4000000B, "TPM2_RH_ENDORSEMENT" },
291 { 0x4000000C, "TPM2_RH_PLATFORM" },
292 { 0x4000000D, "TPM2_RH_PLATFORM_NV" },
293 { 0x40000010, "TPM2_RH_AUTH_00" },
294 { 0x4000010F, "TPM2_RH_AUTH_FF" },
295 { 0x40000110, "TPM_RH_ACT_0" },
296 { 0x40000111, "TPM_RH_ACT_1" },
297 { 0x40000112, "TPM_RH_ACT_2" },
298 { 0x40000113, "TPM_RH_ACT_3" },
299 { 0x40000114, "TPM_RH_ACT_4" },
300 { 0x40000115, "TPM_RH_ACT_5" },
301 { 0x40000116, "TPM_RH_ACT_6" },
302 { 0x40000117, "TPM_RH_ACT_7" },
303 { 0x40000118, "TPM_RH_ACT_8" },
304 { 0x40000119, "TPM_RH_ACT_9" },
305 { 0x4000011A, "TPM_RH_ACT_10" },
306 { 0x4000011B, "TPM_RH_ACT_11" },
307 { 0x4000011C, "TPM_RH_ACT_12" },
308 { 0x4000011D, "TPM_RH_ACT_13" },
309 { 0x4000011E, "TPM_RH_ACT_14" },
310 { 0x4000011F, "TPM_RH_ACT_15" },
311 { 0, NULL }
312 };
313
314 static const value_string startup_types[] = {
315 { 0x0000, "TPM_SU_CLEAR" },
316 { 0x0001, "TPM_SU_STATE" },
317 { 0, NULL }
318 };
319
320 static const value_string platform_commands[] = {
321 { 0x01, "TPM_POWER_ON" },
322 { 0x02, "TPM_POWER_OFF" },
323 { 0x08, "TPM_SEND_COMMAND" },
324 { 0x09, "TPM_CANCEL_ON" },
325 { 0x0a, "TPM_CANCEL_OFF" },
326 { 0x0b, "TPM_NV_ON" },
327 { 0x14, "TPM_SESSION_END" },
328 { 0, NULL }
329 };
330
331 static const value_string tags[] = {
332 { 0x8001, "Command with no authorization Sessions" },
333 { 0x8002, "Command with authorization Sessions" },
334 { 0, NULL }
335 };
336
337 static const value_string hierarhies[] = {
338 { 0x40000001, "TPM2_RH_OWNER" },
339 { 0x40000007, "TPM2_RH_NULL" },
340 { 0x4000000B, "TPM2_RH_ENDORSEMENT" },
341 { 0x4000000C, "TPM2_RH_PLATFORM" },
342 { 0, NULL }
343 };
344
345 static const value_string algs[] = {
346 { 0x0001, "TPM2_ALG_RSA" },
347 { 0x0004, "TPM2_ALG_SHA" },
348 { 0x0005, "TPM2_ALG_HMAC" },
349 { 0x0006, "TPM2_ALG_AES" },
350 { 0x0007, "TPM2_ALG_MGF1" },
351 { 0x0008, "TPM2_ALG_KEYEDHASH" },
352 { 0x000A, "TPM2_ALG_XOR" },
353 { 0x000B, "TPM2_ALG_SHA256" },
354 { 0x000C, "TPM2_ALG_SHA384" },
355 { 0x000D, "TPM2_ALG_SHA512" },
356 { 0x0010, "TPM2_ALG_NULL" },
357 { 0x0012, "TPM2_ALG_SM3_256" },
358 { 0x0013, "TPM2_ALG_SM4" },
359 { 0x0014, "TPM2_ALG_RSASSA" },
360 { 0x0015, "TPM2_ALG_RSAES" },
361 { 0x0016, "TPM2_ALG_RSAPSS" },
362 { 0x0017, "TPM2_ALG_OAEP" },
363 { 0x0018, "TPM2_ALG_ECDSA" },
364 { 0x0019, "TPM2_ALG_ECDH" },
365 { 0x001A, "TPM2_ALG_ECDAA" },
366 { 0x001B, "TPM2_ALG_SM2" },
367 { 0x001C, "TPM2_ALG_ECSCHNORR" },
368 { 0x001D, "TPM2_ALG_ECMQV" },
369 { 0x0020, "TPM2_ALG_KDF1_SP800_56A" },
370 { 0x0021, "TPM2_ALG_KDF2" },
371 { 0x0022, "TPM2_ALG_KDF1_SP800_108" },
372 { 0x0023, "TPM2_ALG_ECC" },
373 { 0x0025, "TPM2_ALG_SYMCIPHER" },
374 { 0x0026, "TPM2_ALG_CAMELLIA" },
375 { 0x0040, "TPM2_ALG_CTR" },
376 { 0x0027, "TPM2_ALG_SHA3_256" },
377 { 0x0028, "TPM2_ALG_SHA3_384" },
378 { 0x0029, "TPM2_ALG_SHA3_512" },
379 { 0x0041, "TPM2_ALG_OFB" },
380 { 0x0042, "TPM2_ALG_CBC" },
381 { 0x0043, "TPM2_ALG_CFB" },
382 { 0x0044, "TPM2_ALG_ECB" },
383 { 0, NULL }
384 };
385
386 static const value_string commands[] = {
387 { 0x11f, "TPM2_CC_NV_UndefineSpaceSpecial" },
388 { 0x120, "TPM2_CC_EvictControl" },
389 { 0x121, "TPM2_CC_HierarchyControl" },
390 { 0x122, "TPM2_CC_NV_UndefineSpace" },
391 { 0x124, "TPM2_CC_ChangeEPS" },
392 { 0x125, "TPM2_CC_ChangePPS" },
393 { 0x126, "TPM2_CC_Clear" },
394 { 0x127, "TPM2_CC_ClearControl" },
395 { 0x128, "TPM2_CC_ClockSet" },
396 { 0x129, "TPM2_CC_HierarchyChangeAuth" },
397 { 0x12a, "TPM2_CC_NV_DefineSpace" },
398 { 0x12b, "TPM2_CC_PCR_Allocate" },
399 { 0x12c, "TPM2_CC_PCR_SetAuthPolicy" },
400 { 0x12d, "TPM2_CC_PP_Commands" },
401 { 0x12e, "TPM2_CC_SetPrimaryPolicy" },
402 { 0x12f, "TPM2_CC_FieldUpgradeStart" },
403 { 0x130, "TPM2_CC_ClockRateAdjust" },
404 { 0x131, "TPM2_CC_CreatePrimary" },
405 { 0x132, "TPM2_CC_NV_GlobalWriteLock" },
406 { 0x133, "TPM2_CC_GetCommandAuditDigest" },
407 { 0x134, "TPM2_CC_NV_Increment" },
408 { 0x135, "TPM2_CC_NV_SetBits" },
409 { 0x136, "TPM2_CC_NV_Extend" },
410 { 0x137, "TPM2_CC_NV_Write" },
411 { 0x138, "TPM2_CC_NV_WriteLock" },
412 { 0x139, "TPM2_CC_DictionaryAttackLockReset" },
413 { 0x13a, "TPM2_CC_DictionaryAttackParameters" },
414 { 0x13b, "TPM2_CC_NV_ChangeAuth" },
415 { 0x13c, "TPM2_CC_PCR_Event" },
416 { 0x13d, "TPM2_CC_PCR_Reset" },
417 { 0x13e, "TPM2_CC_SequenceComplete" },
418 { 0x13f, "TPM2_CC_SetAlgorithmSet" },
419 { 0x140, "TPM2_CC_SetCommandCodeAuditStatus" },
420 { 0x141, "TPM2_CC_FieldUpgradeData" },
421 { 0x142, "TPM2_CC_IncrementalSelfTest" },
422 { 0x143, "TPM2_CC_SelfTest" },
423 { 0x144, "TPM2_CC_Startup" },
424 { 0x145, "TPM2_CC_Shutdown" },
425 { 0x146, "TPM2_CC_StirRandom" },
426 { 0x147, "TPM2_CC_ActivateCredential" },
427 { 0x148, "TPM2_CC_Certify" },
428 { 0x149, "TPM2_CC_PolicyNV" },
429 { 0x14a, "TPM2_CC_CertifyCreation" },
430 { 0x14b, "TPM2_CC_Duplicate" },
431 { 0x14c, "TPM2_CC_GetTime" },
432 { 0x14d, "TPM2_CC_GetSessionAuditDigest" },
433 { 0x14e, "TPM2_CC_NV_Read" },
434 { 0x14f, "TPM2_CC_NV_ReadLock" },
435 { 0x150, "TPM2_CC_ObjectChangeAuth" },
436 { 0x151, "TPM2_CC_PolicySecret" },
437 { 0x152, "TPM2_CC_Rewrap" },
438 { 0x153, "TPM2_CC_Create" },
439 { 0x154, "TPM2_CC_ECDH_ZGen" },
440 { 0x155, "TPM2_CC_HMAC" },
441 { 0x156, "TPM2_CC_Import" },
442 { 0x157, "TPM2_CC_Load" },
443 { 0x158, "TPM2_CC_Quote" },
444 { 0x159, "TPM2_CC_RSA_Decrypt" },
445 { 0x15b, "TPM2_CC_HMAC_Start" },
446 { 0x15c, "TPM2_CC_SequenceUpdate" },
447 { 0x15d, "TPM2_CC_Sign" },
448 { 0x15e, "TPM2_CC_Unseal" },
449 { 0x160, "TPM2_CC_PolicySigned" },
450 { 0x161, "TPM2_CC_ContextLoad" },
451 { 0x162, "TPM2_CC_ContextSave" },
452 { 0x163, "TPM2_CC_ECDH_KeyGen" },
453 { 0x164, "TPM2_CC_EncryptDecrypt" },
454 { 0x165, "TPM2_CC_FlushContext" },
455 { 0x167, "TPM2_CC_LoadExternal" },
456 { 0x168, "TPM2_CC_MakeCredential" },
457 { 0x169, "TPM2_CC_NV_ReadPublic" },
458 { 0x16a, "TPM2_CC_PolicyAuthorize" },
459 { 0x16b, "TPM2_CC_PolicyAuthValue" },
460 { 0x16c, "TPM2_CC_PolicyCommandCode" },
461 { 0x16d, "TPM2_CC_PolicyCounterTimer" },
462 { 0x16e, "TPM2_CC_PolicyCpHash" },
463 { 0x16f, "TPM2_CC_PolicyLocality" },
464 { 0x170, "TPM2_CC_PolicyNameHash" },
465 { 0x171, "TPM2_CC_PolicyOR" },
466 { 0x172, "TPM2_CC_PolicyTicket" },
467 { 0x173, "TPM2_CC_ReadPublic" },
468 { 0x174, "TPM2_CC_RSA_Encrypt" },
469 { 0x176, "TPM2_CC_StartAuthSession" },
470 { 0x177, "TPM2_CC_VerifySignature" },
471 { 0x178, "TPM2_CC_ECC_Parameters" },
472 { 0x179, "TPM2_CC_FirmwareRead" },
473 { 0x17a, "TPM2_CC_GetCapability" },
474 { 0x17b, "TPM2_CC_GetRandom" },
475 { 0x17c, "TPM2_CC_GetTestResult" },
476 { 0x17d, "TPM2_CC_Hash" },
477 { 0x17e, "TPM2_CC_PCR_Read" },
478 { 0x17f, "TPM2_CC_PolicyPCR" },
479 { 0x180, "TPM2_CC_PolicyRestart" },
480 { 0x181, "TPM2_CC_ReadClock" },
481 { 0x182, "TPM2_CC_PCR_Extend" },
482 { 0x183, "TPM2_CC_PCR_SetAuthValue" },
483 { 0x184, "TPM2_CC_NV_Certify" },
484 { 0x185, "TPM2_CC_EventSequenceComplete" },
485 { 0x186, "TPM2_CC_HashSequenceStart" },
486 { 0x187, "TPM2_CC_PolicyPhysicalPresence" },
487 { 0x188, "TPM2_CC_PolicyDuplicationSelect" },
488 { 0x189, "TPM2_CC_PolicyGetDigest" },
489 { 0x18a, "TPM2_CC_TestParms" },
490 { 0x18b, "TPM2_CC_Commit" },
491 { 0x18c, "TPM2_CC_PolicyPassword" },
492 { 0x18d, "TPM2_CC_ZGen_2Phase" },
493 { 0x18e, "TPM2_CC_EC_Ephemeral" },
494 { 0x18f, "TPM2_CC_PolicyNvWritten" },
495 { 0x190, "TPM2_CC_PolicyTemplate" },
496 { 0x191, "TPM2_CC_CreateLoaded" },
497 { 0x192, "TPM2_CC_PolicyAuthorizeNV" },
498 { 0x193, "TPM2_CC_EncryptDecrypt2" },
499 { 0x194, "TPM2_CC_AC_GetCapability" },
500 { 0x195, "TPM2_CC_AC_Send" },
501 { 0x196, "TPM2_CC_Policy_AC_SendSelect" },
502 { 0x197, "TPM2_CC_CertifyX509" },
503 { 0x198, "TPM2_CC_ACT_SetTimeout" },
504 { 0, NULL }
505 };
506
507 static const value_string session_type [] = {
508 { 0x00, "TPM2_SE_HMAC" },
509 { 0x01, "TPM2_SE_POLICY" },
510 { 0x03, "TPM2_SE_TRIAL" },
511 { 0, NULL }
512 };
513
514 static const value_string responses [] = {
515 { 0x00, "TPM2 Success" },
516 { 0x100, "TPM2_RC_INITIALIZE, TPM not initialized by TPM2_Startup or already initialized" },
517 { 0x101, "TPM2_RC_FAILURE, Commands not being accepted because of a TPM failure" },
518 { 0x103, "TPM2_RC_SEQUENCE, Improper use of a sequence handle" },
519 { 0x10B, "TPM2_RC_PRIVATE" },
520 { 0x119, "TPM2_RC_HMAC" },
521 { 0x120, "TPM2_RC_DISABLED, The command is disabled" },
522 { 0x121, "TPM2_RC_EXCLUSIVE, Command failed because audit sequence required exclusivity" },
523 { 0x124, "TPM2_RC_AUTH_TYPE, Authorization handle is not correct for command" },
524 { 0x125, "TPM2_RC_AUTH_MISSING, Command requires an authorization session for handle and it is not present" },
525 { 0x126, "TPM2_RC_POLICY, Policy failure in math operation or an invalid authPolicy value" },
526 { 0x127, "TPM2_RC_PCR, PCR check fail" },
527 { 0x128, "TPM2_RC_PCR_CHANGED, PCR have changed since checked" },
528 { 0x12D, "TPM2_RC_UPGRADE, TPM is in field upgrade mode" },
529 { 0x12E, "TPM2_RC_TOO_MANY_CONTEXTS, Context ID counter is at maximum" },
530 { 0x12F, "TPM2_RC_AUTH_UNAVAILABLE, AuthValue or authPolicy is not available for selected entity" },
531 { 0x130, "TPM2_RC_REBOOT, _TPM_Init and StartupCLEAR is required before the TPM can resume operation" },
532 { 0x131, "TPM2_RC_UNBALANCED, The digest size of must be larger than the symmetric key size" },
533 { 0x142, "TPM2_RC_COMMAND_SIZE, Command Size value is inconsistent with contents of the command buffer" },
534 { 0x143, "TPM2_RC_COMMAND_CODE, Command code not supported" },
535 { 0x144, "TPM2_RC_AUTHSIZE, The value of authorization size is out of range" },
536 { 0x145, "TPM2_RC_AUTH_CONTEXT, Use of an authorization session with a context that cannot have an authorization session" },
537 { 0x146, "TPM2_RC_NV_RANGE, NV offset + size is out of range" },
538 { 0x147, "TPM2_RC_NV_SIZE, Requested allocation size is larger than allowed" },
539 { 0x148, "TPM2_RC_NV_LOCKED, NV access locked" },
540 { 0x149, "TPM2_RC_NV_AUTHORIZATION, NV access authorization fails in command actions" },
541 { 0x14A, "TPM2_RC_NV_UNINITIALIZED, An NV Index is used before being initialized or the state could not be restored" },
542 { 0x14B, "TPM2_RC_NV_SPACE, Insufficient space for NV allocation" },
543 { 0x14C, "TPM2_RC_NV_DEFINED, NV Index or persistent object already defined" },
544 { 0x150, "TPM2_RC_BAD_CONTEXT, Context in TPM2_ContextLoad is not valid" },
545 { 0x151, "TPM2_RC_CPHASH, cpHash value already set or not correct for use" },
546 { 0x152, "TPM2_RC_PARENT, Handle for parent is not a valid parent" },
547 { 0x153, "TPM2_RC_NEEDS_TEST, Some function needs testing" },
548 { 0x154, "TPM2_RC_NO_RESULT, Internal function cannot process a request due to an unspecified problem" },
549 { 0x155, "TPM2_RC_SENSITIVE, The sensitive area did not unmarshal correctly after decryption" },
550 { 0x801, "TPM2_RC_ASYMMETRIC, Asymmetric algorithm not supported or not correct" },
551 { 0x802, "TPM2_RC_ATTRIBUTES, Inconsistent attributes" },
552 { 0x803, "TPM2_RC_HASH, Hash algorithm not supported or not appropriate" },
553 { 0x804, "TPM2_RC_VALUE, Value is out of range or is not correct for the context" },
554 { 0x805, "TPM2_RC_HIERARCHY, Hierarchy is not enabled or is not correct for the use" },
555 { 0x807, "TPM2_RC_KEY_SIZE, Key size is not supported" },
556 { 0x808, "TPM2_RC_MGF, Mask generation function not supported" },
557 { 0x809, "TPM2_RC_MODE, Mode of operation not supported" },
558 { 0x80A, "TPM2_RC_TYPE, The type of the value is not appropriate for the use" },
559 { 0x80B, "TPM2_RC_HANDLE, The handle is not correct for the use" },
560 { 0x80C, "TPM2_RC_KDF, Unsupported key derivation function or function not appropriate for use" },
561 { 0x80D, "TPM2_RC_RANGE, Value was out of allowed range" },
562 { 0x80E, "TPM2_RC_AUTH_FAIL, The authorization HMAC check failed" },
563 { 0x80F, "TPM2_RC_NONCE, invalid nonce size or nonce value mismatch" },
564 { 0x810, "TPM2_RC_PP, Authorization requires assertion of PP" },
565 { 0x812, "TPM2_RC_SCHEME, Unsupported or incompatible scheme" },
566 { 0x815, "TPM2_RC_SIZE, Structure is the wrong size" },
567 { 0x816, "TPM2_RC_SYMMETRIC, Unsupported symmetric algorithm or key size or not appropriate for instance" },
568 { 0x817, "TPM2_RC_TAG, Incorrect structure tag" },
569 { 0x818, "TPM2_RC_SELECTOR, Union selector is incorrect" },
570 { 0x81A, "TPM2_RC_INSUFFICIENT, Unable to unmarshal a value because there were not enough octets in the input buffer" },
571 { 0x81B, "TPM2_RC_SIGNATURE, The signature is not valid" },
572 { 0x81C, "TPM2_RC_KEY, Key fields are not compatible with the selected use" },
573 { 0x81D, "TPM2_RC_POLICY_FAIL, Policy check failed" },
574 { 0x81F, "TPM2_RC_INTEGRITY, Integrity check failed" },
575 { 0x820, "TPM2_RC_TICKET, Invalid ticket" },
576 { 0x821, "TPM2_RC_RESERVED_BITS, Reserved bits not set to zero as required" },
577 { 0x822, "TPM2_RC_BAD_AUTH, Authorization failure without DA implications" },
578 { 0x823, "TPM2_RC_EXPIRED, The policy has expired" },
579 { 0x824, "TPM2_RC_POLICY_CC, The commandCode in the policy is not the commandCode of the command or command not implemented" },
580 { 0x825, "TPM2_RC_BINDING, Public and sensitive portions of an object are not cryptographically bound" },
581 { 0x826, "TPM2_RC_CURVE, Curve not supported" },
582 { 0x827, "TPM2_RC_ECC_POINT, Point is not on the required curve" },
583 { 0x901, "TPM2_RC_CONTEXT_GAP, Gap for context ID is too large" },
584 { 0x902, "TPM2_RC_OBJECT_MEMORY, Out of memory for object contexts" },
585 { 0x903, "TPM2_RC_SESSION_MEMORY, Out of memory for session contexts" },
586 { 0x904, "TPM2_RC_MEMORY, Out of shared objectsession memory or need space for internal operations" },
587 { 0x905, "TPM2_RC_SESSION_HANDLES, Out of session handles. A session must be flushed before a new session may be created" },
588 { 0x906, "TPM2_RC_OBJECT_HANDLES, Out of object handles. A reboot is required" },
589 { 0x907, "TPM2_RC_LOCALITY, Bad locality" },
590 { 0x908, "TPM2_RC_YIELDED, TPM has suspended operation on the command" },
591 { 0x909, "TPM2_RC_CANCELED, The command was canceled" },
592 { 0x90A, "TPM2_RC_TESTING, TPM is performing selftests" },
593 { 0x910, "TPM2_RC_REFERENCE_H0, The 1st handle references a transient object or session that is not loaded" },
594 { 0x911, "TPM2_RC_REFERENCE_H1, The 2nd handle references a transient object or session that is not loaded" },
595 { 0x912, "TPM2_RC_REFERENCE_H2, The 3rd handle references a transient object or session that is not loaded" },
596 { 0x913, "TPM2_RC_REFERENCE_H3, The 4th handle references a transient object or session that is not loaded" },
597 { 0x914, "TPM2_RC_REFERENCE_H4, The 5th handle references a transient object or session that is not loaded" },
598 { 0x915, "TPM2_RC_REFERENCE_H5, The 6th handle references a transient object or session that is not loaded" },
599 { 0x916, "TPM2_RC_REFERENCE_H6, The 7th handle references a transient object or session that is not loaded" },
600 { 0x918, "TPM2_RC_REFERENCE_S0, The 1st authorization session handle references a session that is not loaded" },
601 { 0x919, "TPM2_RC_REFERENCE_S1, The 2nd authorization session handle references a session that is not loaded" },
602 { 0x91A, "TPM2_RC_REFERENCE_S2, The 3rd authorization session handle references a session that is not loaded" },
603 { 0x91B, "TPM2_RC_REFERENCE_S3, The 4th authorization session handle references a session that is not loaded" },
604 { 0x91C, "TPM2_RC_REFERENCE_S4, The 5th session handle references a session that is not loaded" },
605 { 0x91D, "TPM2_RC_REFERENCE_S5, The 6th session handle references a session that is not loaded" },
606 { 0x91E, "TPM2_RC_REFERENCE_S6, The 7th authorization session handle references a session that is not loaded" },
607 { 0x920, "TPM2_RC_NV_RATE, The TPM is ratelimiting accesses to prevent wearout of NV" },
608 { 0x921, "TPM2_RC_LOCKOUT, Authorizations for objects subject to DA protection are not allowed at this time. TPM is in DA lockout mode" },
609 { 0x922, "TPM2_RC_RETRY - the TPM was not able to start the command" },
610 { 0x923, "TPM2_RC_NV_UNAVAILABLE - the command may require writing of NV and NV is not current accessible" },
611 { 0, NULL }
612 };
613
614 #define TPMA_SESSION_CONTINUESESSION 0x01
615 #define TPMA_SESSION_AUDITEXCLUSIVE 0x02
616 #define TPMA_SESSION_AUDITRESET 0x04
617 #define TPMA_SESSION_RESERVED1_MASK 0x18
618 #define TPMA_SESSION_DECRYPT 0x20
619 #define TPMA_SESSION_ENCRYPT 0x40
620 #define TPMA_SESSION_AUDIT 0x80
621
622 static tpm_entry *get_command_entry(wmem_tree_t *tree, uint32_t pnum)
623 {
624 tpm_entry *entry = (tpm_entry *)wmem_tree_lookup32(tree, pnum);
625 DISSECTOR_ASSERT(entry != NULL);
626 tpm_entry *command_entry = (tpm_entry *)wmem_tree_lookup32(tree, entry->com_pnum);
627 DISSECTOR_ASSERT(command_entry != NULL);
628
629 return command_entry;
630 }
631
632 static void
633 dissect_tpm20_platform_command(tvbuff_t *tvb, packet_info *pinfo,
634 proto_tree *tree)
635 {
636 uint32_t command;
637
638 proto_tree_add_item_ret_uint(tree, hf_tpm20_platform_cmd, tvb, 0,
639 4, ENC_BIG_ENDIAN, &command);
640
641 col_append_fstr(pinfo->cinfo, COL_INFO, ", Platform Command %s",
642 val_to_str(command, platform_commands, "Unknown (0x%02x)"));
643
644 proto_item_append_text(tree, ", %s", val_to_str(command,
645 platform_commands, "Unknown (0x%02x)"));
646 response_size = false;
647 }
648
649 static void
650 dissect_auth_common(tvbuff_t *tvb, packet_info *pinfo _U_,
651 proto_tree *auth, proto_tree *tree _U_, int *offset)
652 {
653 unsigned nonce_size, auth_size;
654 static int * const attrib_fields[] = {
655 &hf_session_attribs_cont,
656 &hf_session_attribs_auditex,
657 &hf_session_attribs_auditreset,
658 &hf_session_attribs_res,
659 &hf_session_attribs_decrypt,
660 &hf_session_attribs_encrypt,
661 &hf_session_attribs_audit,
662 NULL
663 };
664
665 proto_tree_add_item_ret_uint(auth, hf_session_nonce_size, tvb, *offset, 2,
666 ENC_BIG_ENDIAN, &nonce_size);
667 *offset += 2;
668 proto_tree_add_item(auth, hf_session_nonce, tvb, *offset, nonce_size, ENC_NA);
669 *offset += nonce_size;
670 proto_tree_add_bitmask_text(auth, tvb, *offset, 1, "Session attributes", NULL,
671 ett_tpm_attrib, attrib_fields, ENC_NA, BMT_NO_APPEND);
672 *offset += 1;
673 proto_tree_add_item_ret_uint(auth, hf_session_auth_size, tvb, *offset, 2,
674 ENC_BIG_ENDIAN, &auth_size);
675 *offset += 2;
676 proto_tree_add_item(auth, hf_session_auth, tvb, *offset, auth_size, ENC_NA);
677 *offset += auth_size;
678 }
679
680 static void
681 dissect_auth_resp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *auth,
682 proto_tree *tree, int *offset)
683 {
684 tpm_entry *command_entry = get_command_entry(cmd_tree, pinfo->num);
685 uint32_t i;
686
687 for (i = 0; i < command_entry->num_auths; i++)
688 dissect_auth_common(tvb, pinfo, auth, tree, offset);
689 }
690
691 static void
692 dissect_auth_command(tvbuff_t *tvb, packet_info *pinfo, proto_tree *auth,
693 proto_tree *tree, int *offset)
694 {
695 uint32_t auth_area_size;
696 uint32_t num_auths = 0;
697 tpm_entry *entry = (tpm_entry *)wmem_tree_lookup32(cmd_tree, pinfo->num);
698 DISSECTOR_ASSERT(entry != NULL);
699
700 proto_tree_add_item_ret_uint(auth, hf_auth_area_size, tvb, *offset,
701 4, ENC_BIG_ENDIAN, &auth_area_size);
702 *offset += 4;
703
704 if (auth_area_size < TPM_MIN_AUTH_LEN)
705 proto_tree_add_expert_format(auth, pinfo, &ei_invalid_auth_size, tvb, 0, 0,
706 "Error: Auth size: %d", auth_area_size);
707 while (auth_area_size) {
708 uint32_t size;
709 proto_tree_add_item(auth, hf_tpmi_sh_auth_session, tvb, *offset, 4, ENC_BIG_ENDIAN);
710 *offset += 4;
711 auth_area_size -= 4;
712 size = *offset;
713 dissect_auth_common(tvb, pinfo, auth, tree, offset);
714 auth_area_size -= *offset - size;
715 num_auths++;
716 }
717
718 if (num_auths > MAX_SESSIONS)
719 proto_tree_add_expert_format(auth, pinfo, &ei_invalid_num_sessions, tvb, 0, 0,
720 "Error: Invalid Number of sessions: %d", num_auths);
721 entry->num_auths = num_auths;
722 }
723
724 static void
725 dissect_startup(tvbuff_t *tvb, packet_info *pinfo _U_,
726 proto_tree *header, proto_tree *tree _U_, int *offset)
727 {
728 proto_tree_add_item(header, hf_tpm20_startup_type, tvb, *offset, 2, ENC_BIG_ENDIAN);
729 *offset += 2;
730 }
731
732 static void
733 dissect_start_auth_session(tvbuff_t *tvb, packet_info *pinfo _U_,
734 proto_tree *header _U_, proto_tree *tree, int *offset)
735 {
736 uint32_t nonce_size, encrypted, sym_alg;
737 proto_tree_add_item_ret_uint(tree, hf_session_nonce_size, tvb, *offset, 2,
738 ENC_BIG_ENDIAN, &nonce_size);
739 *offset += 2;
740 proto_tree_add_item(tree, hf_session_nonce, tvb, *offset, nonce_size, ENC_NA);
741 *offset += nonce_size;
742
743 proto_tree_add_item_ret_uint(tree, hf_encrypted_secret_size, tvb, *offset, 2,
744 ENC_BIG_ENDIAN, &encrypted);
745 *offset += 2;
746 proto_tree_add_item(tree, hf_encrypted_secret, tvb, *offset, encrypted, ENC_NA);
747 *offset += encrypted;
748 proto_tree_add_item(tree, hf_session_type, tvb, *offset, 1, ENC_NA);
749 *offset += 1;
750
751 proto_tree_add_item_ret_uint(tree, hf_alg_sym, tvb, *offset, 2, ENC_BIG_ENDIAN, &sym_alg);
752 *offset += 2;
753 if (sym_alg != TPM_ALG_NULL) {
754 proto_tree_add_item(tree, hf_alg_sym_keybits, tvb, *offset, 2, ENC_BIG_ENDIAN);
755 *offset += 2;
756 proto_tree_add_item(tree, hf_alg_sym_mode, tvb, *offset, 2, ENC_BIG_ENDIAN);
757 *offset += 2;
758 }
759 proto_tree_add_item(tree, hf_alg_hash, tvb, *offset, 2, ENC_NA);
760 *offset += 2;
761 }
762
763 static void
764 dissect_create_primary(tvbuff_t *tvb, packet_info *pinfo _U_,
765 proto_tree *header _U_, proto_tree *tree, int *offset)
766 {
767 uint32_t sensitive_size, pub_size, data_size;
768
769 proto_tree_add_item_ret_uint(tree, hf_tpm_sensitive_crate_size, tvb, *offset, 2,
770 ENC_BIG_ENDIAN, &sensitive_size);
771 *offset += 2;
772 proto_tree_add_item(tree, hf_tpm_sensitive_crate, tvb, *offset, sensitive_size, ENC_NA);
773 *offset += sensitive_size;
774
775 proto_tree_add_item_ret_uint(tree, hf_tpm_pub_size, tvb, *offset, 2,
776 ENC_BIG_ENDIAN, &pub_size);
777 *offset += 2;
778 proto_tree_add_item(tree, hf_tpm_pub, tvb, *offset, pub_size, ENC_NA);
779 *offset += pub_size;
780
781 proto_tree_add_item_ret_uint(tree, hf_tpm_data_size, tvb, *offset, 2,
782 ENC_BIG_ENDIAN, &data_size);
783 *offset += 2;
784 proto_tree_add_item(tree, hf_tpm_data, tvb, *offset, data_size, ENC_NA);
785 *offset += data_size;
786 }
787
788 static void
789 dissect_create_loaded(tvbuff_t *tvb, packet_info *pinfo _U_,
790 proto_tree *header _U_, proto_tree *tree, int *offset)
791 {
792 uint32_t sensitive_size, template_size;
793
794 proto_tree_add_item_ret_uint(tree, hf_tpm_sensitive_crate_size, tvb, *offset, 2,
795 ENC_BIG_ENDIAN, &sensitive_size);
796 *offset += 2;
797 proto_tree_add_item(tree, hf_tpm_sensitive_crate, tvb, *offset, sensitive_size, ENC_NA);
798 *offset += sensitive_size;
799
800 proto_tree_add_item_ret_uint(tree, hf_tpm_template_size, tvb, *offset, 2,
801 ENC_BIG_ENDIAN, &template_size);
802 *offset += 2;
803 proto_tree_add_item(tree, hf_tpm_template, tvb, *offset, template_size, ENC_NA);
804 *offset += template_size;
805 }
806
807 static void
808 dissect_command(uint32_t command, tvbuff_t *tvb, packet_info *pinfo,
809 proto_tree *header, proto_tree *tree, int *offset)
810 {
811 last_command_pnum = pinfo->num;
812
813 switch (command) {
814 case 0x144: /* TPM Start Up */
815 dissect_startup(tvb, pinfo, header, tree, offset);
816 break;
817 case 0x12e: /* Create Primary */
818 dissect_create_primary(tvb, pinfo, header, tree, offset);
819 break;
820 case 0x176: /* Start Auth Session */
821 dissect_start_auth_session(tvb, pinfo, header, tree, offset);
822 break;
823 case 0x191: /* Create Loaded */
824 dissect_create_loaded(tvb, pinfo, header, tree, offset);
825 break;
826 }
827 }
828
829 static void
830 dissect_tpm20_tpm_command(tvbuff_t *tvb, packet_info *pinfo _U_,
831 proto_tree *tree)
832 {
833 int offset = 0;
834 uint32_t command = tvb_get_uint32(tvb, 6, ENC_BIG_ENDIAN);
835 uint16_t tag = tvb_get_uint16(tvb, 0, ENC_BIG_ENDIAN);
836 struct num_handles handl_map;
837 unsigned int i;
838
839 col_append_fstr(pinfo->cinfo, COL_INFO, ", Command %s",
840 val_to_str(command, commands, "Unknown (0x%02x)"));
841
842 proto_item *item = proto_tree_add_item(tree, proto_tpm20_header,
843 tvb, 0, -1, ENC_NA);
844 proto_item_append_text(item, ", %s", val_to_str(command, commands,
845 "Unknown (0x%02x)"));
846 proto_tree *header = proto_item_add_subtree(item, ett_tpm_header);
847 proto_tree_add_item(header, hf_tpm20_tag, tvb, offset, 2, ENC_BIG_ENDIAN);
848 offset += 2;
849 proto_tree_add_item(header, hf_tpm20_size, tvb, offset, 4, ENC_BIG_ENDIAN);
850 offset += 4;
851 proto_tree_add_item(header, hf_tpm20_cc, tvb, offset, 4, ENC_BIG_ENDIAN);
852 offset += 4;
853
854 tpm_entry *entry = (tpm_entry *)wmem_tree_lookup32(cmd_tree, pinfo->num);
855 DISSECTOR_ASSERT(entry != NULL);
856 entry->command = command;
857
858 handl_map.command = command;
859 handl_map.num_req_handles = 0;
860 handl_map.num_resp_handles = 0;
861 get_num_hndl(&handl_map);
862
863 if (handl_map.num_req_handles) {
864 proto_item *hndls = proto_tree_add_item(tree, proto_tpm20_hndl_area,
865 tvb, 0, -1, ENC_NA);
866 proto_tree *hndl_tree = proto_item_add_subtree(hndls, ett_tpm_handles);
867 for (i = 0; i < handl_map.num_req_handles; i++) {
868 proto_tree_add_item(hndl_tree, *handl_map.req_pd[i], tvb,
869 offset, 4, ENC_BIG_ENDIAN);
870 offset += 4;
871 }
872 }
873 if (tag == 0x8002) {
874 proto_item *auth = proto_tree_add_item(tree, proto_tpm20_auth_area,
875 tvb, 0, -1, ENC_NA);
876 proto_tree *auth_tree = proto_item_add_subtree(auth, ett_tpm_auth);
877 dissect_auth_command(tvb, pinfo, auth_tree, tree, &offset);
878 } else if (tag != 0x8001) {
879 proto_tree_add_expert_format(tree, pinfo, &ei_invalid_tag, tvb, 0, 0,
880 "Error: Invalid Tag: %x", tag);
881 }
882
883 dissect_command(command, tvb, pinfo, header, tree, &offset);
884 response_size = true;
885 }
886
887 #define PNUM_UNINIT 0xFFFFFFFF
888 #define RESP_CODE 1
889 #define RESP_SIZE 2
890 static void
891 dissect_tpm20_platform_response(tvbuff_t *tvb, packet_info *pinfo _U_,
892 proto_tree *tree)
893 {
894 uint32_t rc = tvb_get_uint32(tvb, 0, ENC_BIG_ENDIAN);
895
896 tpm_entry *entry = (tpm_entry *)wmem_tree_lookup32(cmd_tree, pinfo->num);
897 DISSECTOR_ASSERT(entry != NULL);
898
899 if (entry->resp_type == PNUM_UNINIT) {
900 if (response_size == true) {
901 entry->resp_type = RESP_SIZE;
902 response_size = false;
903 } else {
904 entry->resp_type = RESP_CODE;
905 response_size = true;
906 }
907 }
908
909 if (entry->resp_type == RESP_SIZE) {
910 col_append_fstr(pinfo->cinfo, COL_INFO, ", Response size %d", rc);
911 proto_item_append_text(tree, ", Response size %d", rc);
912 proto_tree_add_item(tree, hf_tpm20_platform_resp_size, tvb, 0, 4, ENC_BIG_ENDIAN);
913 } else {
914 col_append_fstr(pinfo->cinfo, COL_INFO, ", Response code %d", rc);
915 proto_item_append_text(tree, ", Response code %s",
916 val_to_str(rc, responses, "Unknown (0x%02x)"));
917 proto_tree_add_item(tree, hf_tpm20_platform_resp_code, tvb, 0, 4, ENC_BIG_ENDIAN);
918 }
919 }
920
921 static void
922 dissect_start_auth_session_resp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
923 int *offset, uint32_t param_size _U_)
924 {
925 uint32_t nonce_size;
926
927 proto_tree_add_item_ret_uint(tree, hf_session_nonce_size, tvb, *offset, 2,
928 ENC_BIG_ENDIAN, &nonce_size);
929 *offset += 2;
930 proto_tree_add_item(tree, hf_session_nonce, tvb, *offset, nonce_size, ENC_NA);
931 *offset += nonce_size;
932 }
933
934 static void
935 dissect_create_primary_resp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
936 int *offset, uint32_t param_size _U_)
937 {
938 uint32_t pub_size, creation_data_size, digest_size, name_size;
939
940 proto_tree_add_item_ret_uint(tree, hf_tpm_pub_size, tvb, *offset, 2,
941 ENC_BIG_ENDIAN, &pub_size);
942 *offset += 2;
943 proto_tree_add_item(tree, hf_tpm_pub, tvb, *offset, pub_size, ENC_NA);
944 *offset += pub_size;
945
946 proto_tree_add_item_ret_uint(tree, hf_tpm_creation_data_size, tvb, *offset, 2,
947 ENC_BIG_ENDIAN, &creation_data_size);
948 *offset += 2;
949 proto_tree_add_item(tree, hf_tpm_creation_data, tvb, *offset, creation_data_size, ENC_NA);
950 *offset += creation_data_size;
951
952 proto_tree_add_item_ret_uint(tree, hf_tpm_digest_size, tvb, *offset, 2,
953 ENC_BIG_ENDIAN, &digest_size);
954 *offset += 2;
955 proto_tree_add_item(tree, hf_tpm_digest, tvb, *offset, digest_size, ENC_NA);
956 *offset += digest_size;
957
958 proto_tree_add_item_ret_uint(tree, hf_tpm_name_size, tvb, *offset, 2,
959 ENC_BIG_ENDIAN, &name_size);
960 *offset += 2;
961 proto_tree_add_item(tree, hf_tpm_name, tvb, *offset, name_size, ENC_NA);
962 *offset += name_size;
963 }
964
965 static void
966 dissect_create_loaded_resp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
967 int *offset, uint32_t param_size _U_)
968 {
969 uint32_t priv_size, pub_size, name_size;
970
971 proto_tree_add_item_ret_uint(tree, hf_tpm_priv_size, tvb, *offset, 2,
972 ENC_BIG_ENDIAN, &priv_size);
973 *offset += 2;
974 proto_tree_add_item(tree, hf_tpm_priv, tvb, *offset, priv_size, ENC_NA);
975 *offset += priv_size;
976
977 proto_tree_add_item_ret_uint(tree, hf_tpm_pub_size, tvb, *offset, 2,
978 ENC_BIG_ENDIAN, &pub_size);
979 *offset += 2;
980 proto_tree_add_item(tree, hf_tpm_pub, tvb, *offset, pub_size, ENC_NA);
981 *offset += pub_size;
982
983 proto_tree_add_item_ret_uint(tree, hf_tpm_name_size, tvb, *offset, 2,
984 ENC_BIG_ENDIAN, &name_size);
985 *offset += 2;
986 proto_tree_add_item(tree, hf_tpm_name, tvb, *offset, name_size, ENC_NA);
987 *offset += name_size;
988 }
989
990 static void
991 dissect_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
992 int *offset, uint32_t param_size)
993 {
994 tpm_entry *entry = get_command_entry(cmd_tree, pinfo->num);
995
996 switch (entry->command) {
997 case 0x12e: /* Create Primary */
998 dissect_create_primary_resp(tvb, pinfo, tree, offset, param_size);
999 break;
1000 case 0x176: /* Start Auth Session */
1001 dissect_start_auth_session_resp(tvb, pinfo, tree, offset, param_size);
1002 break;
1003 case 0x191: /* Create Loaded */
1004 dissect_create_loaded_resp(tvb, pinfo, tree, offset, param_size);
1005 break;
1006 case 0x144: /* TPM Start Up */
1007 break;
1008 default:
1009 /* For now dissect everything else and 'params'.
1010 * This will allow to process the response auth section */
1011 proto_tree_add_item(tree, hf_params, tvb, *offset, param_size, ENC_NA);
1012 *offset += param_size;
1013 }
1014 }
1015
1016 static void
1017 dissect_tpm20_tpm_response(tvbuff_t *tvb, packet_info *pinfo _U_,
1018 proto_tree *tree)
1019 {
1020 int offset = 0;
1021 struct num_handles handl_map;
1022 uint16_t tag = tvb_get_uint16(tvb, 0, ENC_BIG_ENDIAN);
1023 uint32_t rc = tvb_get_uint32(tvb, 6, ENC_BIG_ENDIAN);
1024 uint32_t param_size;
1025 unsigned int i;
1026
1027 col_append_fstr(pinfo->cinfo, COL_INFO, ", Response Code %s",
1028 val_to_str(rc, responses, "Unknown (0x%02x)"));
1029
1030 proto_item *item = proto_tree_add_item(tree, proto_tpm20_resp_header,
1031 tvb, 0, -1, ENC_NA);
1032 proto_item_append_text(item, ", %s", val_to_str(rc, responses, "Unknown (0x%02x)"));
1033 proto_tree *header = proto_item_add_subtree(item, ett_tpm_response_header);
1034
1035 proto_tree_add_item(header, hf_tpm20_resp_tag, tvb, offset, 2, ENC_BIG_ENDIAN);
1036 offset += 2;
1037 proto_tree_add_item(header, hf_tpm20_resp_size, tvb, offset, 4, ENC_BIG_ENDIAN);
1038 offset += 4;
1039 proto_tree_add_item(header, hf_tpm20_resp_code, tvb, offset, 4, ENC_BIG_ENDIAN);
1040 offset += 4;
1041 /* if response code says error stop now */
1042 if (rc)
1043 return;
1044
1045 /* find a corresponding request */
1046 tpm_entry *entry = (tpm_entry *)wmem_tree_lookup32(cmd_tree, pinfo->num);
1047 DISSECTOR_ASSERT(entry != NULL);
1048 if (entry->com_pnum == PNUM_UNINIT) {
1049 entry->com_pnum = last_command_pnum;
1050 }
1051 tpm_entry *command_entry = (tpm_entry *)wmem_tree_lookup32(cmd_tree, entry->com_pnum);
1052 DISSECTOR_ASSERT(command_entry != NULL);
1053
1054 handl_map.command = command_entry->command;
1055 handl_map.num_req_handles = 0;
1056 handl_map.num_resp_handles = 0;
1057 get_num_hndl(&handl_map);
1058
1059 /* Dissect response handles */
1060 if (handl_map.num_resp_handles) {
1061 proto_item *hndls = proto_tree_add_item(tree, proto_tpm20_hndl_area,
1062 tvb, 0, -1, ENC_NA);
1063 proto_tree *hndl_tree = proto_item_add_subtree(hndls, ett_tpm_handles);
1064 for (i = 0; i < handl_map.num_resp_handles; i++) {
1065 proto_tree_add_item(hndl_tree, *handl_map.resp_pd[i], tvb,
1066 offset, 4, ENC_BIG_ENDIAN);
1067 offset += 4;
1068 }
1069 }
1070
1071 if (tag == 0x8002) {
1072 /* Dissect response params size and params */
1073 param_size = tvb_get_uint32(tvb, offset, ENC_BIG_ENDIAN);
1074 proto_tree_add_item(tree, hf_resp_param_size, tvb, offset, 4,
1075 ENC_BIG_ENDIAN);
1076 offset += 4;
1077
1078 if (param_size) {
1079 proto_item *params = proto_tree_add_item(tree, proto_tpm20_params_area,
1080 tvb, 0, -1, ENC_NA);
1081 proto_tree *param_tree = proto_item_add_subtree(params, ett_tpm_params);
1082 dissect_response(tvb, pinfo, param_tree, &offset, param_size);
1083 }
1084
1085 /* Dissect response auth area */
1086 proto_item *auth = proto_tree_add_item(tree, proto_tpm20_auth_area,
1087 tvb, 0, -1, ENC_NA);
1088 proto_tree *auth_tree = proto_item_add_subtree(auth, ett_tpm_auth);
1089 dissect_auth_resp(tvb, pinfo, auth_tree, tree, &offset);
1090 } else if (tag == 0x8001) {
1091
1092 /* Dissect rest of the response */
1093 dissect_response(tvb, pinfo, tree, &offset, 0);
1094 } else {
1095 proto_tree_add_expert_format(tree, pinfo, &ei_invalid_tag, tvb, 0, 0,
1096 "Error: Invalid Tag: %x", tag);
1097 }
1098 }
1099
1100 static int
1101 dissect_tpm20(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
1102 void* data _U_)
1103 {
1104 tpm_entry *entry;
1105 col_set_str(pinfo->cinfo, COL_PROTOCOL, "TPM");
1106 col_clear(pinfo->cinfo, COL_INFO);
1107 col_append_ports(pinfo->cinfo, COL_INFO, PT_NONE, pinfo->srcport,
1108 pinfo->destport);
1109
1110 int length = tvb_reported_length(tvb);
1111 entry = (tpm_entry *)wmem_tree_lookup32(cmd_tree, pinfo->num);
1112
1113 if (entry == NULL) {
1114 entry = wmem_new(wmem_file_scope(), tpm_entry);
1115 entry->com_pnum = PNUM_UNINIT;
1116 entry->resp_type = PNUM_UNINIT;
1117 entry->command = 0;
1118 entry->num_auths = 0;
1119 wmem_tree_insert32(cmd_tree, pinfo->num, entry);
1120 }
1121
1122 proto_item *item = proto_tree_add_item(tree, proto_tpm20, tvb, 0, -1, ENC_NA);
1123 proto_tree *tpm_tree = proto_item_add_subtree(item, ett_tpm);
1124
1125 if (pinfo->srcport > pinfo->destport) {
1126 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL, " [TPM Request]");
1127 if (length >= TPM_COMMAND_HEADER_LEN)
1128 dissect_tpm20_tpm_command(tvb, pinfo, tpm_tree);
1129 else
1130 dissect_tpm20_platform_command(tvb, pinfo, tpm_tree);
1131
1132 } else {
1133 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL, " [TPM Response]");
1134 if (length >= TPM_COMMAND_HEADER_LEN)
1135 dissect_tpm20_tpm_response(tvb, pinfo, tpm_tree);
1136 else
1137 dissect_tpm20_platform_response(tvb, pinfo, tpm_tree);
1138 }
1139 col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL, "len(%d)", length);
1140
1141 return tvb_captured_length(tvb);
1142 }
1143
1144 static hf_register_info hf[] = {
1145 { &proto_tpm20_header,
1146 { "TPM2.0 Header", "tpm.req.header", FT_NONE, BASE_NONE, NULL,
1147 0x0, "Tpm header", HFILL }},
1148 { &hf_tpm20_tag,
1149 { "Tag", "tpm.req.tag", FT_UINT16, BASE_HEX, VALS(tags),
1150 0x0, NULL, HFILL }},
1151 { &hf_tpm20_size,
1152 { "Command size", "tpm.req.size", FT_UINT32, BASE_DEC, NULL,
1153 0x0, NULL, HFILL }},
1154 { &hf_tpm20_cc,
1155 { "Command Code", "tpm.req.cc", FT_UINT32, BASE_HEX, VALS(commands),
1156 0x0, NULL, HFILL }},
1157 { &proto_tpm20_auth_area,
1158 { "Authorization Area", "tpm.req.auth", FT_NONE, BASE_NONE, NULL,
1159 0x0, NULL, HFILL }},
1160 { &proto_tpm20_hndl_area,
1161 { "Handle Area", "tpm.req.hndl", FT_NONE, BASE_NONE, NULL,
1162 0x0, NULL, HFILL }},
1163 { &proto_tpm20_params_area,
1164 { "Parameters Area", "tpm.resp.params", FT_NONE, BASE_NONE, NULL,
1165 0x0, NULL, HFILL }},
1166 { &hf_tpm20_platform_cmd,
1167 { "Platform Command", "tpm.platform_req.cc", FT_UINT32, BASE_HEX, VALS(platform_commands),
1168 0x0, NULL, HFILL }},
1169 { &proto_tpm20_resp_header,
1170 { "TPM2.0 Header", "tpm.resp.header", FT_NONE, BASE_NONE, NULL,
1171 0x0, "Tpm header", HFILL }},
1172 { &hf_tpm20_platform_resp_code,
1173 { "Platform Response Code", "tpm.resp.code", FT_UINT32, BASE_HEX, VALS(responses),
1174 0x0, NULL, HFILL }},
1175 { &hf_tpm20_platform_resp_size,
1176 { "Platform Response size", "tpm.resp.size", FT_UINT32, BASE_HEX, NULL,
1177 0x0, NULL, HFILL }},
1178 { &hf_tpm20_resp_tag,
1179 { "Response Tag", "tpm.resp.tag", FT_UINT16, BASE_HEX, VALS(tags),
1180 0x0, NULL, HFILL }},
1181 { &hf_tpm20_resp_size,
1182 { "Response size", "tpm.resp.size", FT_UINT32, BASE_DEC, NULL,
1183 0x0, NULL, HFILL }},
1184 { &hf_tpm20_resp_code,
1185 { "Response rc", "tpm.resp.rc", FT_UINT32, BASE_HEX, VALS(responses),
1186 0x0, NULL, HFILL }},
1187 { &hf_tpm20_startup_type,
1188 { "Startup type", "tpm.startup.type", FT_UINT16, BASE_HEX, VALS(startup_types),
1189 0x0, NULL, HFILL }},
1190 { &hf_tpmi_dh_object,
1191 { "TPMI_DH_OBJECT", "tpm.handle.TPMI_DH_OBJECT", FT_UINT32, BASE_HEX, VALS(handles),
1192 0x0, NULL, HFILL }},
1193 { &hf_tpmi_dh_entity,
1194 { "TPMI_DH_ENTITY", "tpm.handle.TPMI_DH_ENTITY", FT_UINT32, BASE_HEX, VALS(handles),
1195 0x0, NULL, HFILL }},
1196 { &hf_tpmi_dh_context,
1197 { "TPMI_DH_CONTEXT", "tpm.handle.TPMI_DH_CONTEXT", FT_UINT32, BASE_HEX, NULL,
1198 0x0, NULL, HFILL }},
1199 { &hf_tpmi_dh_parent,
1200 { "TPMI_DH_PARENT", "tpm.handle.TPMI_DH_PARENT", FT_UINT32, BASE_HEX, VALS(hierarhies),
1201 0x0, NULL, HFILL }},
1202 { &hf_tpmi_dh_pcr,
1203 { "TPMI_DH_PCR", "tpm.handle.TPMI_DH_PCR", FT_UINT32, BASE_HEX, NULL,
1204 0x0, NULL, HFILL }},
1205 { &hf_tpmi_sh_auth_session,
1206 { "TPMI_SH_AUTH_SESSION", "tpm.handle.TPMI_SH_AUTH_SESSION", FT_UINT32, BASE_HEX, VALS(handles),
1207 0x0, NULL, HFILL }},
1208 { &hf_tpmi_rh_act,
1209 { "TPMI_RH_ACT", "tpm.handle.TPMI_RH_ACT", FT_UINT32, BASE_HEX, VALS(handles),
1210 0x0, NULL, HFILL }},
1211 { &hf_tpmi_rh_hierarhy,
1212 { "TPMI_RH_HIERARCHY", "tpm.handle.TPMI_RH_HIERARCHY", FT_UINT32, BASE_HEX, VALS(hierarhies),
1213 0x0, NULL, HFILL }},
1214 { &hf_tpmi_rh_provision,
1215 { "TPMI_RH_PROVISION", "tpm.handle.TPMI_RH_PROVISION", FT_UINT32, BASE_HEX, VALS(handles),
1216 0x0, NULL, HFILL }},
1217 { &hf_tpmi_rh_platform,
1218 { "TPMI_RH_PLATFORM", "tpm.handle.TPMI_RH_PLATFORM", FT_UINT32, BASE_HEX, VALS(handles),
1219 0x0, NULL, HFILL }},
1220 { &hf_tpmi_rh_clear,
1221 { "TPMI_RH_CLEAR", "tpm.handle.TPMI_RH_CLEAR", FT_UINT32, BASE_HEX, VALS(handles),
1222 0x0, NULL, HFILL }},
1223 { &hf_tpmi_rh_hierarhy_auth,
1224 { "TPMI_RH_HIERARCHY_AUTH", "tpm.handle.TPMI_RH_HIERARCHY_AUTH", FT_UINT32, BASE_HEX, VALS(handles),
1225 0x0, NULL, HFILL }},
1226 { &hf_tpmi_rh_nv_auth,
1227 { "TPMI_RH_NV_AUTH", "tpm.handle.TPMI_RH_NV_AUTH", FT_UINT32, BASE_HEX, NULL,
1228 0x0, NULL, HFILL }},
1229 { &hf_tpmi_rh_nv_index,
1230 { "TPMI_RH_NV_INDEX", "tpm.handle.TPMI_RH_NV_INDEX", FT_UINT32, BASE_HEX, NULL,
1231 0x0, NULL, HFILL }},
1232 { &hf_tpmi_rh_lockout,
1233 { "TPMI_RH_LOCKOUT", "tpm.handle.TPMI_RH_LOCKOUT", FT_UINT32, BASE_HEX, NULL,
1234 0x0, NULL, HFILL }},
1235 { &hf_tpmi_ht_handle,
1236 { "TPM_HANDLE", "tpm.handle.TPM_HANDLE", FT_UINT32, BASE_HEX, NULL,
1237 0x0, NULL, HFILL }},
1238 { &hf_tpmi_rh_endorsment,
1239 { "TPMI_RH_ENDORSEMENT", "tpm.handle.TPMI_RH_ENDORSEMENT", FT_UINT32, BASE_HEX, NULL,
1240 0x0, NULL, HFILL }},
1241 { &hf_auth_area_size,
1242 { "AUTHAREA SIZE", "tpm.autharea_size", FT_UINT32, BASE_DEC, NULL,
1243 0x0, NULL, HFILL }},
1244 { &hf_session_nonce_size,
1245 { "AUTH NONCE SIZE", "tpm.auth_nonce_size", FT_UINT16, BASE_DEC, NULL,
1246 0x0, NULL, HFILL }},
1247 { &hf_session_nonce,
1248 { "AUTH NONCE", "tpm.auth_nonce", FT_BYTES, BASE_ALLOW_ZERO | BASE_NONE, NULL,
1249 0x0, NULL, HFILL }},
1250 { &hf_session_attribs_cont,
1251 { "SESSION_CONTINUESESSION", "tpm.auth_attribs_cont", FT_BOOLEAN, 8, TFS(&tfs_set_notset),
1252 TPMA_SESSION_CONTINUESESSION, NULL, HFILL }},
1253 { &hf_session_attribs_auditex,
1254 { "SESSION_AUDITEXCLUSIVE", "tpm.auth_attribs_auditex", FT_BOOLEAN, 8, TFS(&tfs_set_notset),
1255 TPMA_SESSION_AUDITEXCLUSIVE, NULL, HFILL }},
1256 { &hf_session_attribs_auditreset,
1257 { "SESSION_AUDITRESET", "tpm.auth_attribs_auditreset", FT_BOOLEAN, 8, TFS(&tfs_set_notset),
1258 TPMA_SESSION_AUDITRESET, NULL, HFILL }},
1259 { &hf_session_attribs_res,
1260 { "SESSION_RESERVED", "tpm.auth_attribs_res", FT_BOOLEAN, 8, TFS(&tfs_set_notset),
1261 TPMA_SESSION_RESERVED1_MASK, NULL, HFILL }},
1262 { &hf_session_attribs_decrypt,
1263 { "SESSION_DECRYPT", "tpm.auth_attribs_decrypt", FT_BOOLEAN, 8, TFS(&tfs_set_notset),
1264 TPMA_SESSION_DECRYPT, NULL, HFILL }},
1265 { &hf_session_attribs_encrypt,
1266 { "SESSION_ENCRYPT", "tpm.auth_attribs_encrypt", FT_BOOLEAN, 8, TFS(&tfs_set_notset),
1267 TPMA_SESSION_ENCRYPT, NULL, HFILL }},
1268 { &hf_session_attribs_audit,
1269 { "SESSION_AUDIT", "tpm.auth_attribs_audit", FT_BOOLEAN, 8, TFS(&tfs_set_notset),
1270 TPMA_SESSION_AUDIT, NULL, HFILL }},
1271 { &hf_session_auth_size,
1272 { "SESSION AUTH SIZE", "tpm.session_auth_size", FT_UINT16, BASE_DEC, NULL,
1273 0x0, NULL, HFILL }},
1274 { &hf_session_auth,
1275 { "SESSION AUTH", "tpm.session_auth", FT_BYTES, BASE_ALLOW_ZERO | BASE_NONE, NULL,
1276 0x0, NULL, HFILL }},
1277 { &hf_resp_param_size,
1278 { "RESP PARAM SIZE", "tpm.resp_param_size", FT_UINT32, BASE_DEC, NULL,
1279 0x0, NULL, HFILL }},
1280 { &hf_encrypted_secret_size,
1281 { "ENCRYPTED SECRET SIZE", "tpm.enc_secret_size", FT_UINT32, BASE_DEC, NULL,
1282 0x0, NULL, HFILL }},
1283 { &hf_encrypted_secret,
1284 { "ENCRYPTED SECRET", "tpm.enc_secret", FT_BYTES, BASE_ALLOW_ZERO | BASE_NONE, NULL,
1285 0x0, NULL, HFILL }},
1286 { &hf_session_type,
1287 { "SESSION TYPE", "tpm.session_type", FT_UINT8, BASE_HEX, VALS(session_type),
1288 0x0, NULL, HFILL }},
1289 { &hf_alg_sym,
1290 { "SYM ALG", "tpm.sym_alg", FT_UINT16, BASE_HEX, VALS(algs),
1291 0x0, NULL, HFILL }},
1292 { &hf_alg_sym_mode,
1293 { "SYM ALG MODE", "tpm.sym_alg_mode", FT_UINT16, BASE_HEX, VALS(algs),
1294 0x0, NULL, HFILL }},
1295 { &hf_alg_sym_keybits,
1296 { "SYM ALG MODE", "tpm.sym_alg_keybits", FT_UINT16, BASE_DEC, NULL,
1297 0x0, NULL, HFILL }},
1298 { &hf_alg_hash,
1299 { "ALG HASH", "tpm.alg_hash", FT_UINT16, BASE_HEX, VALS(algs),
1300 0x0, NULL, HFILL }},
1301 { &hf_tpm_priv_size,
1302 { "TPM PRIVATE SIZE", "tpm.private_size", FT_UINT16, BASE_DEC, NULL,
1303 0x0, NULL, HFILL }},
1304 { &hf_tpm_priv,
1305 { "TPM PRIVATE", "tpm.private", FT_BYTES, BASE_ALLOW_ZERO | BASE_NONE, NULL,
1306 0x0, NULL, HFILL }},
1307 { &hf_tpm_pub_size,
1308 { "TPM PUBLIC SIZE", "tpm.public_size", FT_UINT16, BASE_DEC, NULL,
1309 0x0, NULL, HFILL }},
1310 { &hf_tpm_pub,
1311 { "TPM PUBLIC", "tpm.public", FT_BYTES, BASE_ALLOW_ZERO | BASE_NONE, NULL,
1312 0x0, NULL, HFILL }},
1313 { &hf_tpm_name_size,
1314 { "TPM NAME SIZE", "tpm.name_size", FT_UINT16, BASE_DEC, NULL,
1315 0x0, NULL, HFILL }},
1316 { &hf_tpm_name,
1317 { "TPM NAME", "tpm.name", FT_BYTES, BASE_ALLOW_ZERO | BASE_NONE, NULL,
1318 0x0, NULL, HFILL }},
1319 { &hf_tpm_sensitive_crate_size,
1320 { "TPM SENSITIVE CREATE SIZE", "tpm.sensitive_create_size", FT_UINT16, BASE_DEC, NULL,
1321 0x0, NULL, HFILL }},
1322 { &hf_tpm_sensitive_crate,
1323 { "TPM SENSITIVE CREATE", "tpm.sensitive_create", FT_BYTES, BASE_ALLOW_ZERO | BASE_NONE, NULL,
1324 0x0, NULL, HFILL }},
1325 { &hf_tpm_template_size,
1326 { "TPM TEMPLATE SIZE", "tpm.template_size", FT_UINT16, BASE_DEC, NULL,
1327 0x0, NULL, HFILL }},
1328 { &hf_tpm_template,
1329 { "TPM TEMPLATE", "tpm.template", FT_BYTES, BASE_ALLOW_ZERO | BASE_NONE, NULL,
1330 0x0, NULL, HFILL }},
1331 { &hf_tpm_data_size,
1332 { "TPM DATA SIZE", "tpm.data_size", FT_UINT16, BASE_DEC, NULL,
1333 0x0, NULL, HFILL }},
1334 { &hf_tpm_data,
1335 { "TPM DATA", "tpm.data", FT_BYTES, BASE_ALLOW_ZERO | BASE_NONE, NULL,
1336 0x0, NULL, HFILL }},
1337 { &hf_tpm_creation_data_size,
1338 { "TPM CREATION DATA SIZE", "tpm.creation_data_size", FT_UINT16, BASE_DEC, NULL,
1339 0x0, NULL, HFILL }},
1340 { &hf_tpm_creation_data,
1341 { "TPM CREATION DATA", "tpm.creation_data", FT_BYTES, BASE_ALLOW_ZERO | BASE_NONE, NULL,
1342 0x0, NULL, HFILL }},
1343 { &hf_tpm_digest_size,
1344 { "TPM DIGEST SIZE", "tpm.digest_size", FT_UINT16, BASE_DEC, NULL,
1345 0x0, NULL, HFILL }},
1346 { &hf_tpm_digest,
1347 { "TPM DIGEST", "tpm.digest", FT_BYTES, BASE_ALLOW_ZERO | BASE_NONE, NULL,
1348 0x0, NULL, HFILL }},
1349 { &hf_params,
1350 { "RESPONSE PARAMS", "tpm.PARAMS", FT_BYTES, BASE_NONE, NULL,
1351 0x0, NULL, HFILL }},
1352 };
1353
1354 static int *ett[] = {
1355 &ett_tpm,
1356 &ett_tpm_header,
1357 &ett_tpm_response_header,
1358 &ett_tpm_handles,
1359 &ett_tpm_auth,
1360 &ett_tpm_params,
1361 &ett_tpm_attrib
1362 };
1363
1364 static ei_register_info ei[] = {
1365 { &ei_invalid_tag, { "tpm.invalid_tag", PI_PROTOCOL, PI_ERROR, "Invalid Header Tag", EXPFILL }},
1366 { &ei_invalid_auth_size, { "tpm.invalid_auth_size", PI_PROTOCOL, PI_ERROR, "Auth area size too small", EXPFILL }},
1367 { &ei_invalid_num_sessions, { "tpm.invalid_num_sessions", PI_PROTOCOL, PI_ERROR, "Maximum number of sessions exceeded", EXPFILL }},
1368 };
1369
1370 static void
1371 tpm_init(void)
1372 {
1373 cmd_tree = wmem_tree_new(wmem_file_scope());
1374 }
1375
1376 void
1377 proto_register_tpm20(void)
1378 {
1379 proto_tpm20 = proto_register_protocol("TPM2.0 Protocol", "TPM2.0", "tpm");
1380 proto_register_field_array(proto_tpm20, hf, array_length(hf));
1381 proto_register_subtree_array(ett, array_length(ett));
1382 expert_module_t* expert_mod = expert_register_protocol(proto_tpm20);
1383 expert_register_field_array(expert_mod, ei, array_length(ei));
1384 register_init_routine(tpm_init);
1385 tpm20_handle = register_dissector("tpm", dissect_tpm20, proto_tpm20);
1386 }
1387
1388 void
1389 proto_reg_handoff_tpm20(void)
1390 {
1391 dissector_add_uint_range_with_preference("tcp.port", TCP_TPM_PORTS, tpm20_handle);
1392 }
1393
1394 /*
1395 * Editor modelines - https://www.wireshark.org/tools/modelines.html
1396 *
1397 * Local variables:
1398 * c-basic-offset: 8
1399 * tab-width: 8
1400 * indent-tabs-mode: t
1401 * End:
1402 *
1403 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
1404 * :indentSize=8:tabSize=8:noTabs=false:
1405 */
Metzes wireshark repo