1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267
// Copyright 2021 Contributors to the Parsec project.
// SPDX-License-Identifier: Apache-2.0
use crate::{
handles::PcrHandle,
structures::{DigestList, DigestValues, PcrSelectionList},
tss2_esys::{Esys_PCR_Extend, Esys_PCR_Read, Esys_PCR_Reset},
Context, Error, Result,
};
use log::error;
use std::convert::{TryFrom, TryInto};
use std::ptr::null_mut;
impl Context {
/// Extends a PCR with the specified digests.
///
/// # Arguments
/// * `pcr_handle`- A [PcrHandle] to the PCR slot that is to be extended.
/// * `digests` - The [DigestValues] with which the slot shall be extended.
///
/// # Details
/// This method is used to cause an update to the indicated PCR. The digests param
/// contains the digests for specific algorithms that are to be used.
///
/// # Example
///
/// ```rust
/// # use tss_esapi::{
/// # Context, TctiNameConf,
/// # constants::SessionType,
/// # attributes::SessionAttributesBuilder,
/// # handles::PcrHandle,
/// # structures::{Digest, SymmetricDefinition},
/// # };
/// # use std::{env, str::FromStr};
/// # // Create context
/// # let mut context =
/// # Context::new(
/// # TctiNameConf::from_environment_variable().expect("Failed to get TCTI"),
/// # ).expect("Failed to create Context");
/// # // Create session for a pcr
/// # let pcr_session = context
/// # .start_auth_session(
/// # None,
/// # None,
/// # None,
/// # SessionType::Hmac,
/// # SymmetricDefinition::AES_256_CFB,
/// # tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha256,
/// # )
/// # .expect("Failed to create session")
/// # .expect("Received invalid handle");
/// # let (session_attributes, session_attributes_mask) = SessionAttributesBuilder::new()
/// # .with_decrypt(true)
/// # .with_encrypt(true)
/// # .build();
/// # context.tr_sess_set_attributes(pcr_session, session_attributes, session_attributes_mask)
/// # .expect("Failed to set attributes on session");
/// #
/// # let digest_sha1 = Digest::try_from(vec![
/// # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20,
/// # ])
/// # .expect("Failed to create sha1 Digest from data");
/// #
/// # let digest_sha256 = Digest::try_from(vec![
/// # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
/// # 24, 25, 26, 27, 28, 29, 30, 31, 32,
/// # ]).expect("Failed to create Sha256 Digest from data");
/// use std::convert::TryFrom;
/// use tss_esapi::{
/// structures::{DigestValues},
/// interface_types::algorithm::HashingAlgorithm,
/// };
/// // Extend both sha256 and sha1
/// let mut vals = DigestValues::new();
/// vals.set(
/// HashingAlgorithm::Sha1,
/// digest_sha1,
/// );
/// vals.set(
/// HashingAlgorithm::Sha256,
/// digest_sha256,
/// );
/// // Use pcr_session for authorization when extending
/// // PCR 16 with the values for the banks specified in
/// // vals.
/// context.execute_with_session(Some(pcr_session), |ctx| {
/// ctx.pcr_extend(PcrHandle::Pcr16, vals).expect("Call to pcr_extend failed");
/// });
/// ```
pub fn pcr_extend(&mut self, pcr_handle: PcrHandle, digests: DigestValues) -> Result<()> {
let ret = unsafe {
Esys_PCR_Extend(
self.mut_context(),
pcr_handle.into(),
self.optional_session_1(),
self.optional_session_2(),
self.optional_session_3(),
&digests.try_into()?,
)
};
let ret = Error::from_tss_rc(ret);
if ret.is_success() {
Ok(())
} else {
error!("Error when extending PCR: {}", ret);
Err(ret)
}
}
// Missing function: PCR_Event
/// Reads the values of a PCR.
///
/// # Arguments
/// * `pcr_selection_list` - A [PcrSelectionList] that contains pcr slots in
/// different banks that is going to be read.
///
/// # Details
/// The provided [PcrSelectionList] contains the pcr slots in the different
/// banks that is going to be read. It is possible to select more pcr slots
/// then what will fit in the returned result so the method returns a [PcrSelectionList]
/// that indicates what values were read. The values that were read are returned
/// in a [DigestList].
///
/// # Errors
/// * Several different errors can occur if conversion of return
/// data fails.
///
/// # Example
///
/// ```rust
/// # use tss_esapi::{Context, TctiNameConf};
/// # use std::{env, str::FromStr};
/// # // Create context
/// # let mut context =
/// # Context::new(
/// # TctiNameConf::from_environment_variable().expect("Failed to get TCTI"),
/// # ).expect("Failed to create Context");
/// use tss_esapi::{
/// interface_types::algorithm::HashingAlgorithm,
/// structures::{PcrSelectionListBuilder, PcrSlot},
/// };
/// // Create PCR selection list with slots in a bank
/// // that is going to be read.
/// let pcr_selection_list = PcrSelectionListBuilder::new()
/// .with_selection(HashingAlgorithm::Sha256, &[PcrSlot::Slot0, PcrSlot::Slot1])
/// .build()
/// .expect("Failed to build PcrSelectionList");
///
/// let (update_counter, read_pcr_list, digest_list) = context.pcr_read(pcr_selection_list)
/// .expect("Call to pcr_read failed");
/// ```
pub fn pcr_read(
&mut self,
pcr_selection_list: PcrSelectionList,
) -> Result<(u32, PcrSelectionList, DigestList)> {
let mut pcr_update_counter: u32 = 0;
let mut pcr_selection_out_ptr = null_mut();
let mut pcr_values_ptr = null_mut();
let ret = unsafe {
Esys_PCR_Read(
self.mut_context(),
self.optional_session_1(),
self.optional_session_2(),
self.optional_session_3(),
&pcr_selection_list.into(),
&mut pcr_update_counter,
&mut pcr_selection_out_ptr,
&mut pcr_values_ptr,
)
};
let ret = Error::from_tss_rc(ret);
if ret.is_success() {
Ok((
pcr_update_counter,
PcrSelectionList::try_from(Context::ffi_data_to_owned(pcr_selection_out_ptr))?,
DigestList::try_from(Context::ffi_data_to_owned(pcr_values_ptr))?,
))
} else {
error!("Error when reading PCR: {}", ret);
Err(ret)
}
}
// Missing function: PCR_Allocate
// Missing function: PCR_SetAuthPolicy
// Missing function: PCR_SetAuthValue
/// Resets the value in a PCR.
///
/// # Arguments
/// * `pcr_handle` - A [PcrHandle] to the PCR slot that is to be reset.
///
/// # Details
/// If the attributes of the PCR indicates that it is allowed
/// to reset them and the proper authorization is provided then
/// this method can be used to set the the specified PCR in all
/// banks to 0.
///
/// # Example
///
/// ```rust
/// # use tss_esapi::{
/// # Context, TctiNameConf,
/// # constants::SessionType,
/// # attributes::SessionAttributesBuilder,
/// # structures::SymmetricDefinition,
/// # interface_types::algorithm::HashingAlgorithm,
/// # };
/// # use std::{env, str::FromStr};
/// # // Create context
/// # let mut context =
/// # Context::new(
/// # TctiNameConf::from_environment_variable().expect("Failed to get TCTI"),
/// # ).expect("Failed to create Context");
/// # // Create session for a pcr
/// # let pcr_session = context
/// # .start_auth_session(
/// # None,
/// # None,
/// # None,
/// # SessionType::Hmac,
/// # SymmetricDefinition::AES_256_CFB,
/// # HashingAlgorithm::Sha256,
/// # )
/// # .expect("Failed to create session")
/// # .expect("Received invalid handle");
/// # let (session_attributes, session_attributes_mask) = SessionAttributesBuilder::new()
/// # .with_decrypt(true)
/// # .with_encrypt(true)
/// # .build();
/// # context.tr_sess_set_attributes(pcr_session, session_attributes, session_attributes_mask)
/// # .expect("Failed to set attributes on session");
///
/// use tss_esapi::{
/// handles::PcrHandle
/// };
/// context.execute_with_session(Some(pcr_session), |ctx| {
/// ctx.pcr_reset(PcrHandle::Pcr16).expect("Call to pcr_reset failed");
/// });
/// ```
pub fn pcr_reset(&mut self, pcr_handle: PcrHandle) -> Result<()> {
let ret = unsafe {
Esys_PCR_Reset(
self.mut_context(),
pcr_handle.into(),
self.optional_session_1(),
self.optional_session_2(),
self.optional_session_3(),
)
};
let ret = Error::from_tss_rc(ret);
if ret.is_success() {
Ok(())
} else {
error!("Error when resetting PCR: {}", ret);
Err(ret)
}
}
// Missing function: _TPM_Hash_Start
// Missing function: _TPM_Hash_Data
// Missing function: _TPM_Hash_End
}