Improved return values of pcr_read.

- Changed pcr_read to return a DigestList instead of PcrData.

- Moved PcrData to abstractions and made it possible to construct
  PcrData from rust native types.

- Added subtract to PcrSelectionList.

- Added a pcr_read_all functiion to the pcr module
  in abstractions. This function tries to read all the
  values in a PcrSelectionList.

Signed-off-by: Jesper Brynolf <[email protected]>

Author: Superhepper

tss-esapi/src/abstraction/mod.rs

@@ -5,6 +5,7 @@ pub mod ak;
 pub mod cipher;
 pub mod ek;
 pub mod nv;
+pub mod pcr;
 pub mod transient;
 
 use crate::{attributes::ObjectAttributesBuilder, structures::PublicBuilder};

tss-esapi/src/abstraction/pcr.rs

@@ -0,0 +1,24 @@
+// Copyright 2021 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+mod bank;
+mod data;
+
+use crate::{structures::PcrSelectionList, Context, Result};
+
+pub use bank::PcrBank;
+pub use data::PcrData;
+
+/// Function that reads all the PCRs in a selection list and returns
+/// the result as PCR data.
+pub fn pcr_read_all(
+    context: &mut Context,
+    mut pcr_selection_list: PcrSelectionList,
+) -> Result<PcrData> {
+    let mut pcr_data = PcrData::new();
+    while !pcr_selection_list.is_empty() {
+        let (_, pcrs_read, pcr_digests) = context.pcr_read(&pcr_selection_list)?;
+        pcr_data.add(&pcrs_read, &pcr_digests)?;
+        pcr_selection_list.subtract(&pcrs_read)?;
+    }
+    Ok(pcr_data)
+}

tss-esapi/src/abstraction/pcr/bank.rs

@@ -0,0 +1,77 @@
+// Copyright 2021 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+
+use crate::{
+    structures::{Digest, PcrSlot},
+    Error, Result, WrapperErrorKind,
+};
+use log::error;
+use std::collections::BTreeMap;
+
+/// Struct for holding PcrSlots and their
+/// corresponding values.
+#[derive(Debug, Clone, Eq, PartialEq)]
+pub struct PcrBank {
+    bank: BTreeMap<PcrSlot, Digest>,
+}
+
+impl PcrBank {
+    /// Function that creates PcrBank from a vector of pcr slots and
+    /// a vector of pcr digests.
+    ///
+    /// # Details
+    /// The order of pcr slots are assumed to match the order of the Digests.
+    ///
+    /// # Error
+    /// - If number of pcr slots does not match the number of pcr digests
+    ///   InconsistentParams error is returned.
+    ///
+    /// - If the vector of pcr slots contains duplicates then
+    ///   InconsistentParams error is returned.
+    pub fn create(mut pcr_slots: Vec<PcrSlot>, mut digests: Vec<Digest>) -> Result<PcrBank> {
+        if pcr_slots.len() != digests.len() {
+            error!(
+                "Number of PcrSlots does not match the number of PCR digests. ({} != {})",
+                pcr_slots.len(),
+                digests.len()
+            );
+            return Err(Error::local_error(WrapperErrorKind::InconsistentParams));
+        }
+        pcr_slots
+            .drain(..)
+            .zip(digests.drain(..))
+            .try_fold(BTreeMap::<PcrSlot, Digest>::new(), |mut data, (pcr_slot, digest)| {
+                if data.insert(pcr_slot, digest).is_none() {
+                    Ok(data)
+                } else {
+                    error!("Error trying to insert data into PcrSlot {:?} where data have already been inserted", pcr_slot);
+                    Err(Error::local_error(WrapperErrorKind::InconsistentParams))
+                }
+            })
+            .map(|bank|  PcrBank { bank })
+    }
+
+    /// Function for retrieving a pcr value corresponding to a pcr slot.
+    pub fn pcr_value(&self, pcr_slot: PcrSlot) -> Option<&Digest> {
+        self.bank.get(&pcr_slot)
+    }
+
+    /// Function for retrieiving the number of pcr slot values in the bank.
+    pub fn len(&self) -> usize {
+        self.bank.len()
+    }
+
+    /// Returns true if there are no pcr slot values in the bank.
+    pub fn is_empty(&self) -> bool {
+        self.bank.is_empty()
+    }
+}
+
+impl<'a> IntoIterator for &'a PcrBank {
+    type Item = (&'a PcrSlot, &'a Digest);
+    type IntoIter = ::std::collections::btree_map::Iter<'a, PcrSlot, Digest>;
+
+    fn into_iter(self) -> Self::IntoIter {
+        self.bank.iter()
+    }
+}

tss-esapi/src/abstraction/pcr/data.rs

@@ -0,0 +1,111 @@
+// Copyright 2021 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+
+use crate::{
+    abstraction::pcr::PcrBank,
+    interface_types::algorithm::HashingAlgorithm,
+    structures::{Digest, DigestList, PcrSelectionList},
+    tss2_esys::TPML_DIGEST,
+    Result,
+};
+
+/// Struct holding pcr banks and their associated
+/// hashing algorithm
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct PcrData {
+    data: Vec<(HashingAlgorithm, PcrBank)>,
+}
+
+impl PcrData {
+    /// Creates new empty PcrData
+    pub const fn new() -> Self {
+        PcrData { data: Vec::new() }
+    }
+
+    /// Function for creating PcrData from a pcr selection list and pcr digests list.
+    pub fn create(
+        pcr_selection_list: &PcrSelectionList,
+        digest_list: &DigestList,
+    ) -> Result<PcrData> {
+        Ok(PcrData {
+            data: Self::create_data(pcr_selection_list, digest_list.value().to_vec())?,
+        })
+    }
+
+    /// Adds data to the PcrData
+    pub fn add(
+        &mut self,
+        pcr_selection_list: &PcrSelectionList,
+        digest_list: &DigestList,
+    ) -> Result<()> {
+        self.data.append(&mut Self::create_data(
+            pcr_selection_list,
+            digest_list.value().to_vec(),
+        )?);
+        Ok(())
+    }
+
+    /// Function for turning a pcr selection list and pcr digests values
+    /// into the format in which data is stored in PcrData.
+    fn create_data(
+        pcr_selection_list: &PcrSelectionList,
+        mut digests: Vec<Digest>,
+    ) -> Result<Vec<(HashingAlgorithm, PcrBank)>> {
+        pcr_selection_list
+            .get_selections()
+            .iter()
+            .map(|pcr_selection| {
+                let pcr_slots = pcr_selection.selected_pcrs();
+                let number_of_pcrs = pcr_slots.len();
+                Ok((
+                    pcr_selection.hashing_algorithm(),
+                    PcrBank::create(pcr_slots, digests.drain(..number_of_pcrs).collect())?,
+                ))
+            })
+            .collect()
+    }
+
+    /// Function for retrieving the first PCR values associated with hashing_algorithm.
+    pub fn pcr_bank(&self, hashing_algorithm: HashingAlgorithm) -> Option<&PcrBank> {
+        self.data
+            .iter()
+            .find(|(alg, _)| alg == &hashing_algorithm)
+            .map(|(_, bank)| bank)
+    }
+
+    /// Function for retrieving the number of banks in the data.
+    pub fn len(&self) -> usize {
+        self.data.len()
+    }
+
+    /// Returns true if there are no banks in the data.
+    pub fn is_empty(&self) -> bool {
+        self.data.is_empty()
+    }
+}
+
+impl<'a> IntoIterator for PcrData {
+    type Item = (HashingAlgorithm, PcrBank);
+    type IntoIter = ::std::vec::IntoIter<(HashingAlgorithm, PcrBank)>;
+
+    fn into_iter(self) -> Self::IntoIter {
+        self.data.into_iter()
+    }
+}
+
+impl From<PcrData> for TPML_DIGEST {
+    fn from(pcr_data: PcrData) -> Self {
+        let mut tpml_digest: TPML_DIGEST = Default::default();
+
+        for (_, pcr_bank) in pcr_data.into_iter() {
+            for (_, pcr_value) in pcr_bank.into_iter() {
+                let i = tpml_digest.count as usize;
+                let size = pcr_value.value().len() as u16;
+                tpml_digest.digests[i].size = size;
+                tpml_digest.digests[i].buffer[..size as usize].copy_from_slice(pcr_value.value());
+                tpml_digest.count += 1;
+            }
+        }
+        tpml_digest
+    }
+}

tss-esapi/src/context/tpm_commands/integrity_collection_pcr.rs

@@ -2,9 +2,8 @@
 // SPDX-License-Identifier: Apache-2.0
 use crate::{
     handles::PcrHandle,
-    structures::{DigestValues, PcrSelectionList},
+    structures::{DigestList, DigestValues, PcrSelectionList},
     tss2_esys::*,
-    utils::PcrData,
     Context, Error, Result,
 };
 use log::error;
@@ -149,16 +148,16 @@ impl Context {
     ///     .with_selection(HashingAlgorithm::Sha256, &[PcrSlot::Slot0, PcrSlot::Slot1])
     ///     .build();
     ///
-    /// let (update_counter, read_pcr_list, pcr_data) = context.pcr_read(&pcr_selection_list)
+    /// let (update_counter, read_pcr_list, digest_list) = context.pcr_read(&pcr_selection_list)
     ///     .expect("Call to pcr_read failed");
     /// ```
     pub fn pcr_read(
         &mut self,
         pcr_selection_list: &PcrSelectionList,
-    ) -> Result<(u32, PcrSelectionList, PcrData)> {
+    ) -> Result<(u32, PcrSelectionList, DigestList)> {
         let mut pcr_update_counter: u32 = 0;
         let mut tss_pcr_selection_list_out_ptr = null_mut();
-        let mut tss_digest_ptr = null_mut();
+        let mut tss_digest_list_out_ptr = null_mut();
         let ret = unsafe {
             Esys_PCR_Read(
                 self.mut_context(),
@@ -168,19 +167,20 @@ impl Context {
                 &pcr_selection_list.clone().into(),
                 &mut pcr_update_counter,
                 &mut tss_pcr_selection_list_out_ptr,
-                &mut tss_digest_ptr,
+                &mut tss_digest_list_out_ptr,
             )
         };
         let ret = Error::from_tss_rc(ret);
 
         if ret.is_success() {
             let tss_pcr_selection_list_out =
                 unsafe { MBox::<TPML_PCR_SELECTION>::from_raw(tss_pcr_selection_list_out_ptr) };
-            let tss_digest = unsafe { MBox::<TPML_DIGEST>::from_raw(tss_digest_ptr) };
+            let tss_digest_list_out =
+                unsafe { MBox::<TPML_DIGEST>::from_raw(tss_digest_list_out_ptr) };
             Ok((
                 pcr_update_counter,
                 PcrSelectionList::try_from(*tss_pcr_selection_list_out)?,
-                PcrData::new(tss_pcr_selection_list_out.as_ref(), tss_digest.as_ref())?,
+                DigestList::try_from(*tss_digest_list_out)?,
             ))
         } else {
             error!("Error when reading PCR: {}", ret);

tss-esapi/src/structures/lists/digest.rs

@@ -15,16 +15,30 @@ impl DigestList {
     // minimum is two for TPM2_PolicyOR().
     pub const MIN_SIZE: usize = 2;
     pub const MAX_SIZE: usize = 8;
-    pub fn new() -> Self {
+
+    /// Creates a nnew empty DigestList
+    pub const fn new() -> Self {
         DigestList {
             digests: Vec::new(),
         }
     }
 
+    /// Returns the values in the digest list.
     pub fn value(&self) -> &[Digest] {
         &self.digests
     }
 
+    /// Returns the number of digests in the digestlist
+    pub fn len(&self) -> usize {
+        self.digests.len()
+    }
+
+    /// Indicates if the digest list contains any digests.
+    pub fn is_empty(&self) -> bool {
+        self.digests.is_empty()
+    }
+
+    /// Adds a new digest to the digest list.
     pub fn add(&mut self, dig: Digest) -> Result<()> {
         if self.digests.len() >= DigestList::MAX_SIZE {
             error!("Error: Exceeded maximum count(> {})", DigestList::MAX_SIZE);

tss-esapi/src/structures/lists/pcr_selection.rs

@@ -7,6 +7,7 @@ use crate::{Error, Result, WrapperErrorKind};
 use log::error;
 use std::collections::HashMap;
 use std::convert::TryFrom;
+
 /// A struct representing a pcr selection list. This
 /// corresponds to the TSS TPML_PCR_SELECTION.
 #[derive(Debug, Clone, PartialEq, Eq)]
@@ -31,12 +32,50 @@ impl PcrSelectionList {
         &self.items
     }
 
+    /// Subtracts other from self
+    pub fn subtract(&mut self, other: &Self) -> Result<()> {
+        if self == other {
+            self.items.clear();
+            return Ok(());
+        }
+
+        if self.is_empty() {
+            error!("Cannot remove items that does not exist");
+            return Err(Error::local_error(WrapperErrorKind::InvalidParam));
+        }
+
+        for other_pcr_selection in other.get_selections() {
+            self.remove_selection(other_pcr_selection)?
+        }
+
+        self.remove_empty_selections();
+
+        Ok(())
+    }
+
     /// Function for retrieving the PcrSelectionList from Option<PcrSelectionList>
     ///
     /// This returns an empty list if None is passed
     pub fn list_from_option(pcr_list: Option<PcrSelectionList>) -> PcrSelectionList {
         pcr_list.unwrap_or_else(|| PcrSelectionListBuilder::new().build())
     }
+
+    /// Private methods for removing pcr selections that are empty.
+    fn remove_empty_selections(&mut self) {
+        self.items.retain(|v| v.is_empty());
+    }
+
+    /// Private function for removing PcrSelection for the PcrSelectionList.
+    fn remove_selection(&mut self, other: &PcrSelection) -> Result<()> {
+        self.items
+            .iter_mut()
+            .find(|local| local.hashing_algorithm() == other.hashing_algorithm())
+            .ok_or_else(|| {
+                error!("Cannot remove item that does not exist");
+                Error::local_error(WrapperErrorKind::InvalidParam)
+            })
+            .and_then(|local| local.subtract(other))
+    }
 }
 
 impl From<PcrSelectionList> for TPML_PCR_SELECTION {

tss-esapi/src/structures/pcr/selection.rs

@@ -19,6 +19,7 @@ pub struct PcrSelection {
 }
 
 impl PcrSelection {
+    /// Creates new PcrSelection
     pub fn new(
         hashing_algorithm: HashingAlgorithm,
         size_of_select: PcrSelectSize,
@@ -31,12 +32,14 @@ impl PcrSelection {
         }
     }
 
+    /// Returns the hashing algorithm for the selection
     pub fn hashing_algorithm(&self) -> HashingAlgorithm {
         self.hashing_algorithm
     }
 
-    pub fn selected_pcrs(&self) -> &BitFlags<PcrSlot> {
-        &self.selected_pcrs
+    /// Returns the selected pcrs.
+    pub fn selected_pcrs(&self) -> Vec<PcrSlot> {
+        self.selected_pcrs.iter().collect()
     }
 
     pub fn merge(&mut self, other: &Self) -> Result<()> {