refactor: handle provisioning

Author: loicsikidi

tpm2/reflect.go

@@ -903,12 +903,10 @@ func unmarshalParameter[C Command[R, *R], R any](buf *bytes.Buffer, cmd *C, i in
 	return unmarshalStructField(buf, cmdValue, fieldIndex)
 }
 
-// populateHandlesFromNames populates the handle fields of a command with NamedHandles
+// populateHandlesFromNames populates the handle fields of a command with handles
 // created from the provided names.
 //
-// Supports different handle types based on struct tags:
-//   - gotpm:"handle" → NamedHandle (without handle value)
-//   - gotpm:"handle,auth" → AuthHandle (without handle value and nil Auth)
+// All handle fields are populated with [UnmarshalledHandle]
 func populateHandlesFromNames[C Command[R, *R], R any](cmd *C, names []TPM2BName) error {
 	cmdValue := reflect.ValueOf(cmd).Elem()
 	cmdType := reflect.TypeOf(*cmd)
@@ -930,19 +928,8 @@ func populateHandlesFromNames[C Command[R, *R], R any](cmd *C, names []TPM2BName
 			return fmt.Errorf("not enough names for handle field %d", i)
 		}
 
-		// Create the appropriate handle type based on the "auth" tag
-		var handleValue any
-		if hasTag(field, "auth") {
-			handleValue = AuthHandle{
-				Handle: 0, // Handle value not available from CommandPreimage
-				Name:   names[nameIdx],
-				Auth:   nil, // No session available
-			}
-		} else {
-			handleValue = NamedHandle{
-				Handle: 0, // Handle value not available from CommandPreimage
-				Name:   names[nameIdx],
-			}
+		handleValue := UnmarshalledHandle{
+			Name: names[nameIdx],
 		}
 
 		cmdValue.Field(i).Set(reflect.ValueOf(handleValue))

tpm2/tpm2.go

@@ -59,6 +59,30 @@ func (h AuthHandle) KnownName() *TPM2BName {
 	return h.Handle.KnownName()
 }
 
+// invalidHandleValue is the sentinel value used for handles that have been
+// reconstructed from unmarshalling.
+// This value is intentionally invalid to prevent accidental use with a real TPM.
+const invalidHandleValue TPMHandle = 0xFFFFFFFF
+
+// UnmarshalledHandle represents a handle reconstructed from unmarshalling.
+// This type is used for audit and inspection purposes where only the Name is
+// available, not the actual TPM handle value.
+//
+// The HandleValue() method returns [invalidHandleValue] to prevent accidental
+// use of these handles with a real TPM.
+type UnmarshalledHandle struct {
+	Name TPM2BName
+}
+
+// Returns invalidHandleValue since unmarshalled handles don't have real TPM handle values.
+func (h UnmarshalledHandle) HandleValue() uint32 {
+	return uint32(invalidHandleValue)
+}
+
+func (h UnmarshalledHandle) KnownName() *TPM2BName {
+	return &h.Name
+}
+
 // Command is an interface for any TPM command, parameterized by its response
 // type.
 type Command[R any, PR *R] interface {