diff --git a/Cargo.toml b/Cargo.toml index 324e058b..7432e3ec 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,2 +1,3 @@ [workspace] -members = ["tss-esapi", "tss-esapi-sys"] \ No newline at end of file +members = ["tss-esapi", "tss-esapi-sys"] +resolver = "2" diff --git a/tss-esapi/Cargo.toml b/tss-esapi/Cargo.toml index f89fee56..f5d26495 100644 --- a/tss-esapi/Cargo.toml +++ b/tss-esapi/Cargo.toml @@ -15,9 +15,15 @@ rust-version = "1.66.0" [[example]] name = "hmac" +[[example]] +name = "certify" +required-features = ["abstraction"] + [dependencies] bitfield = "0.14" -serde = { version = "1.0.115", features = ["derive"], optional = true, default-features = false } +serde = { version = "1.0.115", features = [ + "derive", +], optional = true, default-features = false } malloced = "1.3.1" log = "0.4.11" enumflags2 = "0.7.7" @@ -40,6 +46,12 @@ getrandom = "0.2.11" env_logger = "0.9.0" sha2 = "0.10.1" serde_json = "^1.0.108" +tss-esapi = { path = ".", features = [ + "integration-tests", + "serde", + "abstraction", +] } + [build-dependencies] semver = "1.0.7" diff --git a/tss-esapi/README.md b/tss-esapi/README.md index 51c5cc92..046088e0 100644 --- a/tss-esapi/README.md +++ b/tss-esapi/README.md @@ -27,6 +27,7 @@ The crate currently offers the following features: * `abstraction` (enabled by default) - provides a set of abstracted primitives on top of the basic Rust-native ESAPI API provided by the crate. This feature can be turned off to reduce the number of dependencies built. +* `serde` - enable serde `Serialize`/`Deserialize` traits for types. ## Cross compiling diff --git a/tss-esapi/src/lib.rs b/tss-esapi/src/lib.rs index 646c2baf..365f2173 100644 --- a/tss-esapi/src/lib.rs +++ b/tss-esapi/src/lib.rs @@ -109,7 +109,7 @@ pub mod structures; pub mod tcti_ldr; pub mod traits; pub mod utils; - +#[cfg(feature = "abstraction")] pub use abstraction::transient::TransientKeyContext; pub use context::Context; pub use error::{Error, Result, ReturnCode, WrapperErrorKind}; diff --git a/tss-esapi/tests/integration_tests/common/mod.rs b/tss-esapi/tests/integration_tests/common/mod.rs index 6f421492..fa0229da 100644 --- a/tss-esapi/tests/integration_tests/common/mod.rs +++ b/tss-esapi/tests/integration_tests/common/mod.rs @@ -8,7 +8,6 @@ use std::{ }; use tss_esapi::{ - abstraction::{cipher::Cipher, pcr::PcrData}, attributes::ObjectAttributes, attributes::{NvIndexAttributesBuilder, ObjectAttributesBuilder, SessionAttributesBuilder}, constants::SessionType, @@ -234,9 +233,7 @@ pub fn create_ctx_with_session() -> Context { #[allow(dead_code)] pub fn decryption_key_pub() -> Public { utils::create_restricted_decryption_rsa_public( - Cipher::aes_256_cfb() - .try_into() - .expect("Failed to create symmetric object"), + SymmetricDefinitionObject::AES_256_CFB, RsaKeyBits::Rsa2048, RsaExponent::default(), ) @@ -278,16 +275,8 @@ pub fn get_pcr_policy_digest( .build() .expect("Failed to create PcrSelectionList"); - let (_update_counter, pcr_selection_list_out, pcr_data) = context + let (_update_counter, pcr_selection_list_out, read_pcr_digests) = context .pcr_read(pcr_selection_list.clone()) - .map(|(update_counter, read_pcr_selections, read_pcr_digests)| { - ( - update_counter, - read_pcr_selections.clone(), - PcrData::create(&read_pcr_selections, &read_pcr_digests) - .expect("Failed to create PcrData"), - ) - }) .expect("Failed to call pcr_read"); assert_eq!(pcr_selection_list, pcr_selection_list_out); @@ -298,22 +287,12 @@ pub fn get_pcr_policy_digest( // values from the command rather than the values from a digest of the TPM PCR." // // "TPM2_Quote() and TPM2_PolicyPCR() digest the concatenation of PCR." - let mut concatenated_pcr_values = [ - pcr_data - .pcr_bank(HashingAlgorithm::Sha256) - .unwrap() - .get_digest(PcrSlot::Slot0) - .unwrap() - .as_bytes(), - pcr_data - .pcr_bank(HashingAlgorithm::Sha256) - .unwrap() - .get_digest(PcrSlot::Slot1) - .unwrap() - .as_bytes(), - ] - .concat(); - + let mut concatenated_pcr_values = read_pcr_digests + .value() + .iter() + .map(|v| v.as_bytes()) + .collect::>() + .concat(); if mangle { concatenated_pcr_values[0] = 0x00; } diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs index 840d0945..f7a39dcf 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs @@ -194,7 +194,6 @@ mod test_policy_pcr { use crate::common::create_ctx_without_session; use std::convert::TryFrom; use tss_esapi::{ - abstraction::pcr::PcrData, attributes::SessionAttributesBuilder, constants::SessionType, interface_types::{ @@ -237,16 +236,8 @@ mod test_policy_pcr { .build() .expect("Failed to create PcrSelectionList"); - let (_update_counter, pcr_selection_list_out, pcr_data) = context + let (_update_counter, pcr_selection_list_out, read_pcr_digests) = context .pcr_read(pcr_selection_list.clone()) - .map(|(update_counter, read_pcr_selections, read_pcr_digests)| { - ( - update_counter, - read_pcr_selections.clone(), - PcrData::create(&read_pcr_selections, &read_pcr_digests) - .expect("Failed to create PcrData"), - ) - }) .expect("Failed to call pcr_read"); assert_eq!(pcr_selection_list, pcr_selection_list_out); @@ -258,22 +249,12 @@ mod test_policy_pcr { // // "TPM2_Quote() and TPM2_PolicyPCR() digest the concatenation of PCR." let concatenated_pcr_values = MaxBuffer::try_from( - [ - pcr_data - .pcr_bank(HashingAlgorithm::Sha256) - .unwrap() - .get_digest(PcrSlot::Slot0) - .unwrap() - .as_bytes(), - pcr_data - .pcr_bank(HashingAlgorithm::Sha256) - .unwrap() - .get_digest(PcrSlot::Slot1) - .unwrap() - .as_bytes(), - ] - .concat() - .to_vec(), + read_pcr_digests + .value() + .iter() + .map(|v| v.as_bytes()) + .collect::>() + .concat(), ) .unwrap(); @@ -679,7 +660,6 @@ mod test_policy_get_digest { use crate::common::create_ctx_without_session; use std::convert::TryFrom; use tss_esapi::{ - abstraction::pcr::PcrData, attributes::SessionAttributesBuilder, constants::SessionType, interface_types::{ @@ -723,16 +703,8 @@ mod test_policy_get_digest { let trial_policy_session = PolicySession::try_from(trial_policy_auth_session) .expect("Failed to convert auth session into policy session"); - let (_update_counter, pcr_selection_list_out, pcr_data) = context + let (_update_counter, pcr_selection_list_out, read_pcr_digests) = context .pcr_read(pcr_selection_list.clone()) - .map(|(update_counter, read_pcr_selections, read_pcr_digests)| { - ( - update_counter, - read_pcr_selections.clone(), - PcrData::create(&read_pcr_selections, &read_pcr_digests) - .expect("Failed to create PcrData"), - ) - }) .expect("Failed to call pcr_read"); assert_eq!(pcr_selection_list, pcr_selection_list_out); @@ -744,22 +716,12 @@ mod test_policy_get_digest { // // "TPM2_Quote() and TPM2_PolicyPCR() digest the concatenation of PCR." let concatenated_pcr_values = MaxBuffer::try_from( - [ - pcr_data - .pcr_bank(HashingAlgorithm::Sha256) - .unwrap() - .get_digest(PcrSlot::Slot0) - .unwrap() - .as_bytes(), - pcr_data - .pcr_bank(HashingAlgorithm::Sha256) - .unwrap() - .get_digest(PcrSlot::Slot1) - .unwrap() - .as_bytes(), - ] - .concat() - .to_vec(), + read_pcr_digests + .value() + .iter() + .map(|v| v.as_bytes()) + .collect::>() + .concat(), ) .unwrap(); diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/integrity_collection_pcr_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/integrity_collection_pcr_tests.rs index dc1168a9..32a5ea9b 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/integrity_collection_pcr_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/integrity_collection_pcr_tests.rs @@ -4,7 +4,6 @@ mod test_pcr_extend_reset { use crate::common::create_ctx_with_session; use std::convert::TryFrom; use tss_esapi::{ - abstraction::pcr::PcrData, handles::PcrHandle, interface_types::algorithm::HashingAlgorithm, structures::{Digest, DigestValues, PcrSelectionListBuilder, PcrSlot}, @@ -34,6 +33,12 @@ mod test_pcr_extend_reset { }); // Needs to have the length of associated with the hashing algorithm + assert_eq!(read_pcr_selections.get_selections().len(), 2); + assert_eq!( + pcr_selection_list.get_selections(), + read_pcr_selections.get_selections() + ); + assert_eq!(read_pcr_digests.value().len(), 2); read_pcr_selections .get_selections() .iter() @@ -73,8 +78,8 @@ mod test_pcr_extend_reset { }); // Read PCR contents - let (_, read_pcr_selections_2, read_pcr_digests_2) = - context.execute_without_session(|ctx| ctx.pcr_read(pcr_selection_list).unwrap()); + let (_, after_extend_read_pcr_selections, after_extend_read_pcr_digests) = context + .execute_without_session(|ctx| ctx.pcr_read(pcr_selection_list.clone()).unwrap()); // Needs to have the length of associated with the hashing algorithm /* Right Hand Side determined by: @@ -87,11 +92,16 @@ mod test_pcr_extend_reset { >>> res = ["0x"+a+b for a,b in zip(it, it)] >>> ", ".join(res) */ - - read_pcr_selections_2 + assert_eq!(after_extend_read_pcr_selections.get_selections().len(), 2); + assert_eq!( + pcr_selection_list.get_selections(), + after_extend_read_pcr_selections.get_selections() + ); + assert_eq!(after_extend_read_pcr_digests.value().len(), 2); + after_extend_read_pcr_selections .get_selections() .iter() - .zip(read_pcr_digests_2.value().iter()) + .zip(after_extend_read_pcr_digests.value().iter()) .for_each(|(pcr_selection, digest)| { if pcr_selection.hashing_algorithm() == HashingAlgorithm::Sha1 { assert_eq!(digest.len(), 20); @@ -121,28 +131,35 @@ mod test_pcr_extend_reset { context.execute_with_session(pcr_ses, |ctx| ctx.pcr_reset(PcrHandle::Pcr16).unwrap()); // Read PCR contents - let pcr_selection_list = PcrSelectionListBuilder::new() - .with_selection(HashingAlgorithm::Sha1, &[PcrSlot::Slot16]) - .with_selection(HashingAlgorithm::Sha256, &[PcrSlot::Slot16]) - .build() - .expect("Failed to create PcrSelectionList for pcr_read call after pcr_reset"); - let pcr_data = context + let (_, after_reset_read_pcr_selections_out, after_reset_read_pcr_digests) = context .execute_without_session(|ctx| { - ctx.pcr_read(pcr_selection_list).map( - |(_, read_pcr_selections, read_pcr_digests)| { - PcrData::create(&read_pcr_selections, &read_pcr_digests) - .expect("Failed to create PcrData") - }, - ) - }) - .expect("Failed to call pcr_read"); - let pcr_sha1_bank = pcr_data.pcr_bank(HashingAlgorithm::Sha1).unwrap(); - let pcr_sha256_bank = pcr_data.pcr_bank(HashingAlgorithm::Sha256).unwrap(); - let pcr_sha1_value = pcr_sha1_bank.get_digest(PcrSlot::Slot16).unwrap(); - let pcr_sha256_value = pcr_sha256_bank.get_digest(PcrSlot::Slot16).unwrap(); - // Needs to have the length of associated with the hashing algorithm - assert_eq!(pcr_sha1_value.as_bytes(), [0; 20]); - assert_eq!(pcr_sha256_value.as_bytes(), [0; 32]); + ctx.pcr_read(pcr_selection_list.clone()) + .expect("Failed to call pcr_read") + }); + assert_eq!( + after_reset_read_pcr_selections_out.get_selections().len(), + 2 + ); + assert_eq!( + pcr_selection_list.get_selections(), + after_reset_read_pcr_selections_out.get_selections() + ); + assert_eq!(after_reset_read_pcr_digests.value().len(), 2); + after_reset_read_pcr_selections_out + .get_selections() + .iter() + .zip(after_reset_read_pcr_digests.value().iter()) + .for_each(|(pcr_selection, digest)| { + if pcr_selection.hashing_algorithm() == HashingAlgorithm::Sha1 { + assert_eq!(digest.len(), 20); + assert_eq!(digest.as_bytes(), [0; 20]); + } else if pcr_selection.hashing_algorithm() == HashingAlgorithm::Sha256 { + assert_eq!(digest.len(), 32); + assert_eq!(digest.as_bytes(), [0; 32]); + } else { + panic!("Read pcr selections contained unexpected HashingAlgorithm"); + } + }); } } diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs index 650bf4fe..165e97bc 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs @@ -2,9 +2,8 @@ // SPDX-License-Identifier: Apache-2.0 mod test_encrypt_decrypt_2 { use crate::common::create_ctx_without_session; - use std::convert::{TryFrom, TryInto}; + use std::convert::TryFrom; use tss_esapi::{ - abstraction::cipher::Cipher, attributes::ObjectAttributesBuilder, interface_types::{ algorithm::{HashingAlgorithm, PublicAlgorithm, SymmetricMode}, @@ -14,7 +13,7 @@ mod test_encrypt_decrypt_2 { }, structures::{ Auth, InitialValue, MaxBuffer, PublicBuilder, RsaExponent, SensitiveData, - SymmetricCipherParameters, + SymmetricCipherParameters, SymmetricDefinitionObject, }, }; #[test] @@ -34,9 +33,7 @@ mod test_encrypt_decrypt_2 { ctx.create_primary( Hierarchy::Owner, tss_esapi::utils::create_restricted_decryption_rsa_public( - Cipher::aes_128_cfb() - .try_into() - .expect("Failed to convert from Cipher"), + SymmetricDefinitionObject::AES_128_CFB, RsaKeyBits::Rsa2048, RsaExponent::default(), ) @@ -66,9 +63,7 @@ mod test_encrypt_decrypt_2 { .with_name_hashing_algorithm(HashingAlgorithm::Sha256) .with_object_attributes(symmetric_key_object_attributes) .with_symmetric_cipher_parameters(SymmetricCipherParameters::new( - Cipher::aes_128_cfb() - .try_into() - .expect("Failed to create symmteric cipher parameters from cipher"), + SymmetricDefinitionObject::AES_128_CFB, )) .with_symmetric_cipher_unique_identifier(Default::default()) .build()