Add Seek and Write trait implementations for nv abstraction

Implement std::io::Write trait for non-volatile storage on the
NvReaderWriter object. Using the std::io:Write trait exposes
lower-level functionality versus a stand-alone function meaning it is
more flexible, but the trait also provides higher-level functionality
as well.

Given that non-volatile storage is random access, implement
std::io:Seek as well, giving the benefit of being able to seek to
arbitrary points, as well as query the size of the storage entry.

Signed-off-by: Rob Shearman <[email protected]>

Author: rshearman

tss-esapi/src/abstraction/nv.rs

@@ -1,11 +1,14 @@
 // Copyright 2020 Contributors to the Parsec project.
 // SPDX-License-Identifier: Apache-2.0
 
-use std::{convert::TryFrom, io::Read};
+use std::{
+    convert::{TryFrom, TryInto},
+    io::Read,
+};
 
 use crate::{
     constants::{tss::*, CapabilityType, PropertyTag},
-    handles::{NvIndexHandle, NvIndexTpmHandle, TpmHandle},
+    handles::{AuthHandle, NvIndexHandle, NvIndexTpmHandle, TpmHandle},
     interface_types::resource_handles::NvAuth,
     structures::{CapabilityData, MaxNvBuffer, Name, NvPublic},
     Context, Error, Result, WrapperErrorKind,
@@ -81,16 +84,25 @@ pub fn list(context: &mut Context) -> Result<Vec<(NvPublic, Name)>> {
 /// This builder exposes the ability to determine how a [`NvReaderWriter`] is opened, and is typically used by
 /// calling [`NvOpenOptions::new`], chaining method calls to set each option and then calling [`NvOpenOptions::open`].
 #[derive(Debug, Clone, Default)]
-// The type is going to get more complex in the future
-#[allow(missing_copy_implementations)]
-pub struct NvOpenOptions {}
+pub struct NvOpenOptions {
+    nv_public: Option<NvPublic>,
+}
 
 impl NvOpenOptions {
     /// Creates a new blank set of options for opening a non-volatile storage index
     ///
     /// All options are initially set to `false`/`None`.
     pub fn new() -> Self {
-        Self {}
+        Self { nv_public: None }
+    }
+
+    /// Sets the public attributes to use when creating the non-volatile storage index
+    ///
+    /// If the public attributes are `None` then the non-volatile storage index will be opened or otherwise
+    /// it will be created.
+    pub fn with_nv_public(&mut self, nv_public: Option<NvPublic>) -> &mut Self {
+        self.nv_public = nv_public;
+        self
     }
 
     /// Opens a non-volatile storage index using the options specified by `self`
@@ -106,13 +118,30 @@ impl NvOpenOptions {
             .get_tpm_property(PropertyTag::NvBufferMax)?
             .unwrap_or(MaxNvBuffer::MAX_SIZE as u32) as usize;
 
-        let nv_idx = TpmHandle::NvIndex(nv_index_handle);
-        let nv_idx = context
-            .execute_without_session(|ctx| ctx.tr_from_tpm_public(nv_idx))?
-            .into();
-        let data_size = context
-            .execute_without_session(|ctx| ctx.nv_read_public(nv_idx))
-            .map(|(nvpub, _)| nvpub.data_size())?;
+        let (data_size, nv_idx) = match &self.nv_public {
+            None => {
+                let nv_idx = TpmHandle::NvIndex(nv_index_handle);
+                let nv_idx = context
+                    .execute_without_session(|ctx| ctx.tr_from_tpm_public(nv_idx))?
+                    .into();
+                (
+                    context
+                        .execute_without_session(|ctx| ctx.nv_read_public(nv_idx))
+                        .map(|(nvpub, _)| nvpub.data_size())?,
+                    nv_idx,
+                )
+            }
+            Some(nv_public) => {
+                if nv_public.nv_index() != nv_index_handle {
+                    return Err(Error::WrapperError(WrapperErrorKind::InconsistentParams));
+                }
+                let auth_handle = AuthHandle::from(auth_handle);
+                (
+                    nv_public.data_size(),
+                    context.nv_define_space(auth_handle.try_into()?, None, nv_public.clone())?,
+                )
+            }
+        };
 
         Ok(NvReaderWriter {
             context,
@@ -168,6 +197,61 @@ impl Read for NvReaderWriter<'_> {
     }
 }
 
+impl std::io::Write for NvReaderWriter<'_> {
+    fn write(&mut self, buf: &[u8]) -> std::io::Result<usize> {
+        if self.data_size < self.offset {
+            return Ok(0);
+        }
+
+        let desired_size = std::cmp::min(buf.len(), self.data_size - self.offset);
+        let size = std::cmp::min(self.buffer_size, desired_size) as u16;
+
+        let data = buf[0..size.into()]
+            .try_into()
+            .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e))?;
+        self.context
+            .nv_write(self.auth_handle, self.nv_idx, data, self.offset as u16)
+            .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e))?;
+        self.offset += size as usize;
+
+        Ok(size.into())
+    }
+
+    fn flush(&mut self) -> std::io::Result<()> {
+        // Data isn't buffered
+        Ok(())
+    }
+}
+
+impl std::io::Seek for NvReaderWriter<'_> {
+    fn seek(&mut self, pos: std::io::SeekFrom) -> std::io::Result<u64> {
+        let inv_input_err = |_| {
+            std::io::Error::new(
+                std::io::ErrorKind::InvalidInput,
+                "invalid seek to a negative or overflowing position",
+            )
+        };
+        let (base, offset) = match pos {
+            std::io::SeekFrom::Start(offset) => {
+                (usize::try_from(offset).map_err(inv_input_err)?, 0)
+            }
+            std::io::SeekFrom::End(offset) => (self.data_size, offset),
+            std::io::SeekFrom::Current(offset) => (self.offset, offset),
+        };
+        let new_offset = i64::try_from(base)
+            .map_err(inv_input_err)?
+            .checked_add(offset)
+            .ok_or_else(|| {
+                std::io::Error::new(
+                    std::io::ErrorKind::InvalidInput,
+                    "invalid seek to a negative or overflowing position",
+                )
+            })?;
+        self.offset = new_offset.try_into().map_err(inv_input_err)?;
+        self.offset.try_into().map_err(inv_input_err)
+    }
+}
+
 impl Drop for NvReaderWriter<'_> {
     fn drop(&mut self) {
         let mut obj_handle = self.nv_idx.into();

tss-esapi/tests/integration_tests/abstraction_tests/nv_tests.rs

@@ -1,7 +1,10 @@
 // Copyright 2020 Contributors to the Parsec project.
 // SPDX-License-Identifier: Apache-2.0
 
-use std::convert::TryFrom;
+use std::{
+    convert::TryFrom,
+    io::{ErrorKind, Seek, SeekFrom, Write},
+};
 use tss_esapi::{
     abstraction::nv,
     attributes::NvIndexAttributesBuilder,
@@ -102,3 +105,56 @@ fn read_full() {
     assert_eq!(read_result[0..7], [1, 2, 3, 4, 5, 6, 7]);
     assert_eq!(read_result[1024..1031], [1, 2, 3, 4, 5, 6, 7]);
 }
+
+#[test]
+fn write() {
+    let mut context = create_ctx_with_session();
+
+    let nv_index = NvIndexTpmHandle::new(0x01500015).unwrap();
+
+    let owner_nv_index_attributes = NvIndexAttributesBuilder::new()
+        .with_owner_write(true)
+        .with_owner_read(true)
+        .with_pp_read(true)
+        .with_owner_read(true)
+        .build()
+        .expect("Failed to create owner nv index attributes");
+    let owner_nv_public = NvPublicBuilder::new()
+        .with_nv_index(nv_index)
+        .with_index_name_algorithm(HashingAlgorithm::Sha256)
+        .with_index_attributes(owner_nv_index_attributes)
+        .with_data_area_size(1540)
+        .build()
+        .unwrap();
+
+    let mut rw = nv::NvOpenOptions::new()
+        .with_nv_public(Some(owner_nv_public))
+        .open(&mut context, NvAuth::Owner, nv_index)
+        .unwrap();
+
+    let value = [1, 2, 3, 4, 5, 6, 7];
+    rw.write_all(&value).unwrap();
+    rw.seek(SeekFrom::Start(1024)).unwrap();
+    rw.write_all(&value).unwrap();
+
+    rw.seek(SeekFrom::Start(1540)).unwrap();
+    let e = rw.write_all(&value).unwrap_err();
+    assert_eq!(e.kind(), ErrorKind::WriteZero);
+
+    // Drop the reader/writer so we can use context again
+    drop(rw);
+
+    // Now read it back
+    let read_result = nv::read_full(&mut context, NvAuth::Owner, nv_index).unwrap();
+
+    assert_eq!(read_result.len(), 1540);
+    assert_eq!(read_result[0..7], [1, 2, 3, 4, 5, 6, 7]);
+    assert_eq!(read_result[1024..1031], [1, 2, 3, 4, 5, 6, 7]);
+
+    let owner_nv_index_handle = context
+        .execute_without_session(|ctx| ctx.tr_from_tpm_public(nv_index.into()))
+        .unwrap();
+    context
+        .nv_undefine_space(Provision::Owner, owner_nv_index_handle.into())
+        .unwrap();
+}