tss_esapi/context/session_administration.rs
1// Copyright 2021 Contributors to the Parsec project.
2// SPDX-License-Identifier: Apache-2.0
3use crate::{
4 attributes::{SessionAttributes, SessionAttributesMask},
5 ffi::take_from_esys,
6 handles::SessionHandle,
7 interface_types::session_handles::AuthSession,
8 structures::Nonce,
9 tss2_esys::{Esys_TRSess_GetAttributes, Esys_TRSess_GetNonceTPM, Esys_TRSess_SetAttributes},
10 Context, Result, ReturnCode,
11};
12use log::error;
13use std::convert::TryInto;
14
15impl Context {
16 /// Set the given attributes on a given session.
17 pub fn tr_sess_set_attributes(
18 &mut self,
19 session: AuthSession,
20 attributes: SessionAttributes,
21 mask: SessionAttributesMask,
22 ) -> Result<()> {
23 ReturnCode::ensure_success(
24 unsafe {
25 Esys_TRSess_SetAttributes(
26 self.mut_context(),
27 SessionHandle::from(session).into(),
28 attributes.try_into()?,
29 mask.try_into()?,
30 )
31 },
32 |ret| {
33 error!("Error when setting session attributes: {:#010X}", ret);
34 },
35 )
36 }
37
38 /// Get session attribute flags.
39 pub fn tr_sess_get_attributes(&mut self, session: AuthSession) -> Result<SessionAttributes> {
40 let mut flags = 0;
41 ReturnCode::ensure_success(
42 unsafe {
43 Esys_TRSess_GetAttributes(
44 self.mut_context(),
45 SessionHandle::from(session).into(),
46 &mut flags,
47 )
48 },
49 |ret| {
50 error!("Error when getting session attributes: {:#010X}", ret);
51 },
52 )?;
53 Ok(SessionAttributes(flags))
54 }
55
56 /// Get the TPM nonce from a session.
57 ///
58 /// # Arguments
59 /// * `session` - An [AuthSession] handle to the authentication session from which to retrieve
60 /// the TPM nonce.
61 ///
62 /// # Returns
63 /// The TPM nonce as a [Nonce] struct on success.
64 ///
65 /// # Details
66 /// This function retrieves the nonceTPM value from an authentication session.
67 ///
68 /// Extracted nonceTPM can be useful in some scenarios. For example, a TPM object protected by a
69 /// PolicySigned policy requires the nonceTPM value to be extracted and included in the signed
70 /// digest to satisfy the policy.
71 ///
72 /// # Example
73 /// ```rust
74 /// # use tss_esapi::{Context, TctiNameConf};
75 /// # use tss_esapi::constants::SessionType;
76 /// # use tss_esapi::interface_types::algorithm::HashingAlgorithm;
77 /// # use tss_esapi::structures::SymmetricDefinition;
78 ///
79 /// let mut context = Context::new(
80 /// TctiNameConf::from_environment_variable().expect("Failed to get TCTI"),
81 /// ).expect("Failed to create context");
82 ///
83 /// let session = context
84 /// .start_auth_session(
85 /// None,
86 /// None,
87 /// None,
88 /// SessionType::Policy,
89 /// SymmetricDefinition::AES_256_CFB,
90 /// HashingAlgorithm::Sha256,
91 /// )
92 /// .expect("Failed to create session")
93 /// .expect("Received invalid handle");
94 /// let nonce_tpm = context.tr_sess_get_nonce_tpm(session).expect("Failed to get nonceTPM");
95 /// // Use the nonce_tpm value as needed
96 /// ```
97 pub fn tr_sess_get_nonce_tpm(&mut self, session: AuthSession) -> Result<Nonce> {
98 let mut nonce_ptr = std::ptr::null_mut();
99 ReturnCode::ensure_success(
100 unsafe {
101 Esys_TRSess_GetNonceTPM(
102 self.mut_context(),
103 SessionHandle::from(session).into(),
104 &mut nonce_ptr,
105 )
106 },
107 |ret| {
108 error!("Error when getting session nonceTPM: {:#010X}", ret);
109 },
110 )?;
111
112 let nonce_tpm = unsafe { take_from_esys(nonce_ptr)? };
113 nonce_tpm.try_into()
114 }
115}