Improved return values of pcr_read.

- Changed pcr_read to return a DigestList instead of PcrData.

- Moved PcrData to abstractions and made it possible to construct
  PcrData from rust native types.

- Added subtract to PcrSelectionList.

- Added a pcr_read_all functiion to the pcr module
  in abstractions. This function tries to read all the
  values in a PcrSelectionList.

- Removed lower limit for DigestList.

- Improved linage between the read pcr list and the read pcr digests
  in tests.

Signed-off-by: Jesper Brynolf <[email protected]>

Author: Superhepper

tss-esapi/src/abstraction/mod.rs

@@ -5,6 +5,7 @@ pub mod ak;
 pub mod cipher;
 pub mod ek;
 pub mod nv;
+pub mod pcr;
 pub mod transient;
 
 use crate::{attributes::ObjectAttributesBuilder, structures::PublicBuilder};

tss-esapi/src/abstraction/pcr.rs

@@ -0,0 +1,24 @@
+// Copyright 2021 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+mod bank;
+mod data;
+
+use crate::{structures::PcrSelectionList, Context, Result};
+
+pub use bank::PcrBank;
+pub use data::PcrData;
+
+/// Function that reads all the PCRs in a selection list and returns
+/// the result as PCR data.
+pub fn pcr_read_all(
+    context: &mut Context,
+    mut pcr_selection_list: PcrSelectionList,
+) -> Result<PcrData> {
+    let mut pcr_data = PcrData::new();
+    while !pcr_selection_list.is_empty() {
+        let (_, pcrs_read, pcr_digests) = context.pcr_read(&pcr_selection_list)?;
+        pcr_data.add(&pcrs_read, &pcr_digests)?;
+        pcr_selection_list.subtract(&pcrs_read)?;
+    }
+    Ok(pcr_data)
+}

tss-esapi/src/abstraction/pcr/bank.rs

@@ -0,0 +1,77 @@
+// Copyright 2021 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+
+use crate::{
+    structures::{Digest, PcrSlot},
+    Error, Result, WrapperErrorKind,
+};
+use log::error;
+use std::collections::BTreeMap;
+
+/// Struct for holding PcrSlots and their
+/// corresponding values.
+#[derive(Debug, Clone, Eq, PartialEq)]
+pub struct PcrBank {
+    bank: BTreeMap<PcrSlot, Digest>,
+}
+
+impl PcrBank {
+    /// Function that creates PcrBank from a vector of pcr slots and
+    /// a vector of pcr digests.
+    ///
+    /// # Details
+    /// The order of pcr slots are assumed to match the order of the Digests.
+    ///
+    /// # Error
+    /// - If number of pcr slots does not match the number of pcr digests
+    ///   InconsistentParams error is returned.
+    ///
+    /// - If the vector of pcr slots contains duplicates then
+    ///   InconsistentParams error is returned.
+    pub fn create(mut pcr_slots: Vec<PcrSlot>, mut digests: Vec<Digest>) -> Result<PcrBank> {
+        if pcr_slots.len() != digests.len() {
+            error!(
+                "Number of PcrSlots does not match the number of PCR digests. ({} != {})",
+                pcr_slots.len(),
+                digests.len()
+            );
+            return Err(Error::local_error(WrapperErrorKind::InconsistentParams));
+        }
+        pcr_slots
+            .drain(..)
+            .zip(digests.drain(..))
+            .try_fold(BTreeMap::<PcrSlot, Digest>::new(), |mut data, (pcr_slot, digest)| {
+                if data.insert(pcr_slot, digest).is_none() {
+                    Ok(data)
+                } else {
+                    error!("Error trying to insert data into PcrSlot {:?} where data have already been inserted", pcr_slot);
+                    Err(Error::local_error(WrapperErrorKind::InconsistentParams))
+                }
+            })
+            .map(|bank|  PcrBank { bank })
+    }
+
+    /// Function for retrieving a pcr value corresponding to a pcr slot.
+    pub fn pcr_value(&self, pcr_slot: PcrSlot) -> Option<&Digest> {
+        self.bank.get(&pcr_slot)
+    }
+
+    /// Function for retrieiving the number of pcr slot values in the bank.
+    pub fn len(&self) -> usize {
+        self.bank.len()
+    }
+
+    /// Returns true if there are no pcr slot values in the bank.
+    pub fn is_empty(&self) -> bool {
+        self.bank.is_empty()
+    }
+}
+
+impl<'a> IntoIterator for &'a PcrBank {
+    type Item = (&'a PcrSlot, &'a Digest);
+    type IntoIter = ::std::collections::btree_map::Iter<'a, PcrSlot, Digest>;
+
+    fn into_iter(self) -> Self::IntoIter {
+        self.bank.iter()
+    }
+}

tss-esapi/src/abstraction/pcr/data.rs

@@ -0,0 +1,121 @@
+// Copyright 2021 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+
+use crate::{
+    abstraction::pcr::PcrBank,
+    interface_types::algorithm::HashingAlgorithm,
+    structures::{Digest, DigestList, PcrSelectionList},
+    tss2_esys::TPML_DIGEST,
+    Error, Result, WrapperErrorKind,
+};
+use log::error;
+/// Struct holding pcr banks and their associated
+/// hashing algorithm
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct PcrData {
+    data: Vec<(HashingAlgorithm, PcrBank)>,
+}
+
+impl PcrData {
+    /// Creates new empty PcrData
+    pub const fn new() -> Self {
+        PcrData { data: Vec::new() }
+    }
+
+    /// Function for creating PcrData from a pcr selection list and pcr digests list.
+    pub fn create(
+        pcr_selection_list: &PcrSelectionList,
+        digest_list: &DigestList,
+    ) -> Result<PcrData> {
+        Ok(PcrData {
+            data: Self::create_data(pcr_selection_list, digest_list.value().to_vec())?,
+        })
+    }
+
+    /// Adds data to the PcrData
+    pub fn add(
+        &mut self,
+        pcr_selection_list: &PcrSelectionList,
+        digest_list: &DigestList,
+    ) -> Result<()> {
+        self.data.append(&mut Self::create_data(
+            pcr_selection_list,
+            digest_list.value().to_vec(),
+        )?);
+        Ok(())
+    }
+
+    /// Function for turning a pcr selection list and pcr digests values
+    /// into the format in which data is stored in PcrData.
+    fn create_data(
+        pcr_selection_list: &PcrSelectionList,
+        mut digests: Vec<Digest>,
+    ) -> Result<Vec<(HashingAlgorithm, PcrBank)>> {
+        pcr_selection_list
+            .get_selections()
+            .iter()
+            .map(|pcr_selection| {
+                let pcr_slots = pcr_selection.selected_pcrs();
+                if pcr_slots.len() > digests.len() {
+                    error!("More pcr slots in selection then available digests");
+                    return Err(Error::local_error(WrapperErrorKind::InconsistentParams));
+                }
+                let digests_in_bank = digests.drain(..pcr_slots.len()).collect();
+                Ok((
+                    pcr_selection.hashing_algorithm(),
+                    PcrBank::create(pcr_slots, digests_in_bank)?,
+                ))
+            })
+            .collect()
+    }
+
+    /// Function for retrieving the first PCR values associated with hashing_algorithm.
+    pub fn pcr_bank(&self, hashing_algorithm: HashingAlgorithm) -> Option<&PcrBank> {
+        self.data
+            .iter()
+            .find(|(alg, _)| alg == &hashing_algorithm)
+            .map(|(_, bank)| bank)
+    }
+
+    /// Function for retrieving the number of banks in the data.
+    pub fn len(&self) -> usize {
+        self.data.len()
+    }
+
+    /// Returns true if there are no banks in the data.
+    pub fn is_empty(&self) -> bool {
+        self.data.is_empty()
+    }
+}
+
+impl<'a> IntoIterator for PcrData {
+    type Item = (HashingAlgorithm, PcrBank);
+    type IntoIter = ::std::vec::IntoIter<(HashingAlgorithm, PcrBank)>;
+
+    fn into_iter(self) -> Self::IntoIter {
+        self.data.into_iter()
+    }
+}
+
+impl From<PcrData> for Vec<TPML_DIGEST> {
+    fn from(pcr_data: PcrData) -> Self {
+        pcr_data
+            .data
+            .iter()
+            .flat_map(|(_, pcr_bank)| pcr_bank.into_iter())
+            .map(|(_, digest)| digest)
+            .collect::<Vec<&Digest>>()
+            .chunks(DigestList::MAX_SIZE)
+            .map(|digests| {
+                let mut tpml_digest: TPML_DIGEST = Default::default();
+                for (index, digest) in digests.iter().enumerate() {
+                    tpml_digest.count += 1;
+                    tpml_digest.digests[index].size = digest.len() as u16;
+                    tpml_digest.digests[index].buffer[..digest.len()]
+                        .copy_from_slice(digest.value());
+                }
+                tpml_digest
+            })
+            .collect()
+    }
+}

tss-esapi/src/context/tpm_commands/enhanced_authorization_ea_commands.rs

@@ -130,7 +130,7 @@ impl Context {
     /// by the value of the different hashes.
     ///
     /// # Constraints
-    /// * `hash_list` must be at least 2 and at most 8 elements long
+    /// * `digest_list` must be at least 2 and at most 8 elements long
     ///
     /// # Errors
     /// * if the hash list provided is too short or too long, a `WrongParamSize` wrapper error will be returned
@@ -139,7 +139,13 @@ impl Context {
         policy_session: PolicySession,
         digest_list: DigestList,
     ) -> Result<()> {
-        let digest_list = TPML_DIGEST::try_from(digest_list)?;
+        if 2 > digest_list.len() {
+            error!(
+                "The digest list only contains {} digests, it must contain at least 2",
+                digest_list.len()
+            );
+            return Err(Error::local_error(ErrorKind::WrongParamSize));
+        }
 
         let ret = unsafe {
             Esys_PolicyOR(
@@ -148,7 +154,7 @@ impl Context {
                 self.optional_session_1(),
                 self.optional_session_2(),
                 self.optional_session_3(),
-                &digest_list,
+                &TPML_DIGEST::try_from(digest_list)?,
             )
         };
         let ret = Error::from_tss_rc(ret);

tss-esapi/src/context/tpm_commands/integrity_collection_pcr.rs

@@ -2,9 +2,8 @@
 // SPDX-License-Identifier: Apache-2.0
 use crate::{
     handles::PcrHandle,
-    structures::{DigestValues, PcrSelectionList},
+    structures::{DigestList, DigestValues, PcrSelectionList},
     tss2_esys::*,
-    utils::PcrData,
     Context, Error, Result,
 };
 use log::error;
@@ -149,16 +148,16 @@ impl Context {
     ///     .with_selection(HashingAlgorithm::Sha256, &[PcrSlot::Slot0, PcrSlot::Slot1])
     ///     .build();
     ///
-    /// let (update_counter, read_pcr_list, pcr_data) = context.pcr_read(&pcr_selection_list)
+    /// let (update_counter, read_pcr_list, digest_list) = context.pcr_read(&pcr_selection_list)
     ///     .expect("Call to pcr_read failed");
     /// ```
     pub fn pcr_read(
         &mut self,
         pcr_selection_list: &PcrSelectionList,
-    ) -> Result<(u32, PcrSelectionList, PcrData)> {
+    ) -> Result<(u32, PcrSelectionList, DigestList)> {
         let mut pcr_update_counter: u32 = 0;
         let mut tss_pcr_selection_list_out_ptr = null_mut();
-        let mut tss_digest_ptr = null_mut();
+        let mut tss_digest_list_out_ptr = null_mut();
         let ret = unsafe {
             Esys_PCR_Read(
                 self.mut_context(),
@@ -168,19 +167,20 @@ impl Context {
                 &pcr_selection_list.clone().into(),
                 &mut pcr_update_counter,
                 &mut tss_pcr_selection_list_out_ptr,
-                &mut tss_digest_ptr,
+                &mut tss_digest_list_out_ptr,
             )
         };
         let ret = Error::from_tss_rc(ret);
 
         if ret.is_success() {
             let tss_pcr_selection_list_out =
                 unsafe { MBox::<TPML_PCR_SELECTION>::from_raw(tss_pcr_selection_list_out_ptr) };
-            let tss_digest = unsafe { MBox::<TPML_DIGEST>::from_raw(tss_digest_ptr) };
+            let tss_digest_list_out =
+                unsafe { MBox::<TPML_DIGEST>::from_raw(tss_digest_list_out_ptr) };
             Ok((
                 pcr_update_counter,
                 PcrSelectionList::try_from(*tss_pcr_selection_list_out)?,
-                PcrData::new(tss_pcr_selection_list_out.as_ref(), tss_digest.as_ref())?,
+                DigestList::try_from(*tss_digest_list_out)?,
             ))
         } else {
             error!("Error when reading PCR: {}", ret);