Merge pull request #324 from rshearman/nv-abstract

ionut-arm · web-flow · commit 3295dba3f3f4 · 2022-05-06T11:27:54.000+01:00
nv: Read, Seek and Write trait implementations
diff --git a/tss-esapi/src/abstraction/nv.rs b/tss-esapi/src/abstraction/nv.rs
@@ -1,13 +1,16 @@
 // Copyright 2020 Contributors to the Parsec project.
 // SPDX-License-Identifier: Apache-2.0
 
-use std::convert::TryFrom;
+use std::{
+    convert::{TryFrom, TryInto},
+    io::Read,
+};
 
 use crate::{
     constants::{tss::*, CapabilityType, PropertyTag},
-    handles::{NvIndexHandle, NvIndexTpmHandle, TpmHandle},
+    handles::{AuthHandle, NvIndexHandle, NvIndexTpmHandle, TpmHandle},
     interface_types::resource_handles::NvAuth,
-    structures::{CapabilityData, Name, NvPublic},
+    structures::{CapabilityData, MaxNvBuffer, Name, NvPublic},
     Context, Error, Result, WrapperErrorKind,
 };
 
@@ -17,27 +20,19 @@ pub fn read_full(
     auth_handle: NvAuth,
     nv_index_handle: NvIndexTpmHandle,
 ) -> Result<Vec<u8>> {
-    let maxsize = context
-        .get_tpm_property(PropertyTag::NvBufferMax)?
-        .unwrap_or(512) as usize;
-
-    let nv_idx = TpmHandle::NvIndex(nv_index_handle);
-    let nv_idx = context.execute_without_session(|ctx| ctx.tr_from_tpm_public(nv_idx))?;
-    let nv_idx: NvIndexHandle = nv_idx.into();
-
-    let (nvpub, _) = context.execute_without_session(|ctx| ctx.nv_read_public(nv_idx))?;
-    let nvsize = nvpub.data_size();
+    let mut rw = NvOpenOptions::new().open(context, auth_handle, nv_index_handle)?;
+    let mut result = Vec::with_capacity(rw.size());
 
-    let mut result = Vec::new();
-    result.reserve_exact(nvsize);
-
-    for offset in (0..nvsize).step_by(maxsize) {
-        let size: u16 = std::cmp::min(maxsize, nvsize - offset) as u16;
-
-        let res = context.nv_read(auth_handle, nv_idx, size, offset as u16)?;
-        result.extend_from_slice(&res);
-    }
-    context.execute_without_session(|ctx| ctx.tr_close(&mut nv_idx.into()))?;
+    let _ = rw.read_to_end(&mut result).map_err(|e| {
+        // Try to convert the error back into a tss-esapi::Error if it was one originally
+        match e.into_inner() {
+            None => Error::WrapperError(WrapperErrorKind::InvalidParam),
+            Some(e) => match e.downcast::<Error>() {
+                Ok(e) => *e,
+                Err(_) => Error::WrapperError(WrapperErrorKind::InvalidParam),
+            },
+        }
+    })?;
 
     Ok(result)
 }
@@ -83,3 +78,185 @@ pub fn list(context: &mut Context) -> Result<Vec<(NvPublic, Name)>> {
         })
     })
 }
+
+/// Options and flags which can be used to determine how a non-volatile storage index is opened.
+///
+/// This builder exposes the ability to determine how a [`NvReaderWriter`] is opened, and is typically used by
+/// calling [`NvOpenOptions::new`], chaining method calls to set each option and then calling [`NvOpenOptions::open`].
+#[derive(Debug, Clone, Default)]
+pub struct NvOpenOptions {
+    nv_public: Option<NvPublic>,
+}
+
+impl NvOpenOptions {
+    /// Creates a new blank set of options for opening a non-volatile storage index
+    ///
+    /// All options are initially set to `false`/`None`.
+    pub fn new() -> Self {
+        Self { nv_public: None }
+    }
+
+    /// Sets the public attributes to use when creating the non-volatile storage index
+    ///
+    /// If the public attributes are `None` then the non-volatile storage index will be opened or otherwise
+    /// it will be created.
+    pub fn with_nv_public(&mut self, nv_public: Option<NvPublic>) -> &mut Self {
+        self.nv_public = nv_public;
+        self
+    }
+
+    /// Opens a non-volatile storage index using the options specified by `self`
+    ///
+    /// The non-volatile storage index may be used for reading or writing or both.
+    pub fn open<'a>(
+        &self,
+        context: &'a mut Context,
+        auth_handle: NvAuth,
+        nv_index_handle: NvIndexTpmHandle,
+    ) -> Result<NvReaderWriter<'a>> {
+        let buffer_size = context
+            .get_tpm_property(PropertyTag::NvBufferMax)?
+            .unwrap_or(MaxNvBuffer::MAX_SIZE as u32) as usize;
+
+        let (data_size, nv_idx) = match &self.nv_public {
+            None => {
+                let nv_idx = TpmHandle::NvIndex(nv_index_handle);
+                let nv_idx = context
+                    .execute_without_session(|ctx| ctx.tr_from_tpm_public(nv_idx))?
+                    .into();
+                (
+                    context
+                        .execute_without_session(|ctx| ctx.nv_read_public(nv_idx))
+                        .map(|(nvpub, _)| nvpub.data_size())?,
+                    nv_idx,
+                )
+            }
+            Some(nv_public) => {
+                if nv_public.nv_index() != nv_index_handle {
+                    return Err(Error::WrapperError(WrapperErrorKind::InconsistentParams));
+                }
+                let auth_handle = AuthHandle::from(auth_handle);
+                (
+                    nv_public.data_size(),
+                    context.nv_define_space(auth_handle.try_into()?, None, nv_public.clone())?,
+                )
+            }
+        };
+
+        Ok(NvReaderWriter {
+            context,
+            auth_handle,
+            buffer_size,
+            nv_idx,
+            data_size,
+            offset: 0,
+        })
+    }
+}
+
+/// Non-volatile storage index reader/writer
+///
+/// Provides methods and trait implementations to interact with a non-volatile storage index that has been opened.
+///
+/// Use [`NvOpenOptions::open`] to obtain an [`NvReaderWriter`] object.
+#[derive(Debug)]
+pub struct NvReaderWriter<'a> {
+    context: &'a mut Context,
+    auth_handle: NvAuth,
+
+    buffer_size: usize,
+    nv_idx: NvIndexHandle,
+    data_size: usize,
+    offset: usize,
+}
+
+impl NvReaderWriter<'_> {
+    /// The size of the data in the non-volatile storage index
+    pub fn size(&self) -> usize {
+        self.data_size
+    }
+}
+
+impl Read for NvReaderWriter<'_> {
+    fn read(&mut self, buf: &mut [u8]) -> std::io::Result<usize> {
+        if self.data_size <= self.offset {
+            return Ok(0);
+        }
+
+        let desired_size = std::cmp::min(buf.len(), self.data_size - self.offset);
+        let size: u16 = std::cmp::min(self.buffer_size, desired_size) as u16;
+
+        let res = self
+            .context
+            .nv_read(self.auth_handle, self.nv_idx, size, self.offset as u16)
+            .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e))?;
+        buf[0..size as usize].copy_from_slice(&res);
+        self.offset += size as usize;
+
+        Ok(size.into())
+    }
+}
+
+impl std::io::Write for NvReaderWriter<'_> {
+    fn write(&mut self, buf: &[u8]) -> std::io::Result<usize> {
+        if self.data_size < self.offset {
+            return Ok(0);
+        }
+
+        let desired_size = std::cmp::min(buf.len(), self.data_size - self.offset);
+        let size = std::cmp::min(self.buffer_size, desired_size) as u16;
+
+        let data = buf[0..size.into()]
+            .try_into()
+            .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e))?;
+        self.context
+            .nv_write(self.auth_handle, self.nv_idx, data, self.offset as u16)
+            .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e))?;
+        self.offset += size as usize;
+
+        Ok(size.into())
+    }
+
+    fn flush(&mut self) -> std::io::Result<()> {
+        // Data isn't buffered
+        Ok(())
+    }
+}
+
+impl std::io::Seek for NvReaderWriter<'_> {
+    fn seek(&mut self, pos: std::io::SeekFrom) -> std::io::Result<u64> {
+        let inv_input_err = |_| {
+            std::io::Error::new(
+                std::io::ErrorKind::InvalidInput,
+                "invalid seek to a negative or overflowing position",
+            )
+        };
+        let (base, offset) = match pos {
+            std::io::SeekFrom::Start(offset) => {
+                (usize::try_from(offset).map_err(inv_input_err)?, 0)
+            }
+            std::io::SeekFrom::End(offset) => (self.data_size, offset),
+            std::io::SeekFrom::Current(offset) => (self.offset, offset),
+        };
+        let new_offset = i64::try_from(base)
+            .map_err(inv_input_err)?
+            .checked_add(offset)
+            .ok_or_else(|| {
+                std::io::Error::new(
+                    std::io::ErrorKind::InvalidInput,
+                    "invalid seek to a negative or overflowing position",
+                )
+            })?;
+        self.offset = new_offset.try_into().map_err(inv_input_err)?;
+        self.offset.try_into().map_err(inv_input_err)
+    }
+}
+
+impl Drop for NvReaderWriter<'_> {
+    fn drop(&mut self) {
+        let mut obj_handle = self.nv_idx.into();
+        let _ = self
+            .context
+            .execute_without_session(|ctx| ctx.tr_close(&mut obj_handle));
+    }
+}
diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/nv_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/nv_tests.rs
@@ -1,7 +1,10 @@
 // Copyright 2020 Contributors to the Parsec project.
 // SPDX-License-Identifier: Apache-2.0
 
-use std::convert::TryFrom;
+use std::{
+    convert::TryFrom,
+    io::{ErrorKind, Seek, SeekFrom, Write},
+};
 use tss_esapi::{
     abstraction::nv,
     attributes::NvIndexAttributesBuilder,
@@ -102,3 +105,56 @@ fn read_full() {
     assert_eq!(read_result[0..7], [1, 2, 3, 4, 5, 6, 7]);
     assert_eq!(read_result[1024..1031], [1, 2, 3, 4, 5, 6, 7]);
 }
+
+#[test]
+fn write() {
+    let mut context = create_ctx_with_session();
+
+    let nv_index = NvIndexTpmHandle::new(0x01500015).unwrap();
+
+    let owner_nv_index_attributes = NvIndexAttributesBuilder::new()
+        .with_owner_write(true)
+        .with_owner_read(true)
+        .with_pp_read(true)
+        .with_owner_read(true)
+        .build()
+        .expect("Failed to create owner nv index attributes");
+    let owner_nv_public = NvPublicBuilder::new()
+        .with_nv_index(nv_index)
+        .with_index_name_algorithm(HashingAlgorithm::Sha256)
+        .with_index_attributes(owner_nv_index_attributes)
+        .with_data_area_size(1540)
+        .build()
+        .unwrap();
+
+    let mut rw = nv::NvOpenOptions::new()
+        .with_nv_public(Some(owner_nv_public))
+        .open(&mut context, NvAuth::Owner, nv_index)
+        .unwrap();
+
+    let value = [1, 2, 3, 4, 5, 6, 7];
+    rw.write_all(&value).unwrap();
+    rw.seek(SeekFrom::Start(1024)).unwrap();
+    rw.write_all(&value).unwrap();
+
+    rw.seek(SeekFrom::Start(1540)).unwrap();
+    let e = rw.write_all(&value).unwrap_err();
+    assert_eq!(e.kind(), ErrorKind::WriteZero);
+
+    // Drop the reader/writer so we can use context again
+    drop(rw);
+
+    // Now read it back
+    let read_result = nv::read_full(&mut context, NvAuth::Owner, nv_index).unwrap();
+
+    assert_eq!(read_result.len(), 1540);
+    assert_eq!(read_result[0..7], [1, 2, 3, 4, 5, 6, 7]);
+    assert_eq!(read_result[1024..1031], [1, 2, 3, 4, 5, 6, 7]);
+
+    let owner_nv_index_handle = context
+        .execute_without_session(|ctx| ctx.tr_from_tpm_public(nv_index.into()))
+        .unwrap();
+    context
+        .nv_undefine_space(Provision::Owner, owner_nv_index_handle.into())
+        .unwrap();
+}
