Fix handle management for static resources

ionut-arm · ionut-arm · commit 36fe4fe64947 · 2023-02-01T15:35:29.000Z
Making "duplicate" handles acceptable, as per the convo in #383. Also fixing tests that are impacted by this, and documenting it. Co-authored-by: Ionut Mihalcea <ionut.mihalcea@arm.com> Co-authored-by: Jesper Brynolf <jesper.brynolf@gmail.com> Signed-off-by: Ionut Mihalcea <ionut.mihalcea@arm.com>
diff --git a/tss-esapi/src/abstraction/nv.rs b/tss-esapi/src/abstraction/nv.rs
@@ -42,6 +42,8 @@ pub fn read_full(
 }
 
 /// Returns the NvPublic and Name associated with an NV index TPM handle
+///
+/// NOTE: This call _may_ close existing ESYS handles to the NV Index.
 fn get_nv_index_info(
     context: &mut Context,
     nv_index_tpm_handle: NvIndexTpmHandle,
@@ -63,6 +65,8 @@ fn get_nv_index_info(
 }
 
 /// Lists all the currently defined NV Indexes' names and public components
+///
+/// NOTE: This call _may_ close existing ESYS handles to the existing NV Indexes.
 pub fn list(context: &mut Context) -> Result<Vec<(NvPublic, Name)>> {
     context.execute_without_session(|ctx| {
         ctx.get_capability(
@@ -166,6 +170,8 @@ pub fn max_nv_buffer_size(ctx: &mut Context) -> Result<usize> {
 /// Provides methods and trait implementations to interact with a non-volatile storage index that has been opened.
 ///
 /// Use [`NvOpenOptions::open`] to obtain an [`NvReaderWriter`] object.
+///
+/// NOTE: When the `NvReaderWriter` is dropped, any existing ESYS handles to NV Indexes _may_ be closed.
 #[derive(Debug)]
 pub struct NvReaderWriter<'a> {
     context: &'a mut Context,
diff --git a/tss-esapi/src/context/handle_manager.rs b/tss-esapi/src/context/handle_manager.rs
@@ -41,8 +41,12 @@ impl HandleManager {
         }
 
         if self.open_handles.contains_key(&handle) {
-            error!("Handle({}) is already open", ESYS_TR::from(handle));
-            return Err(Error::local_error(WrapperErrorKind::InvalidHandleState));
+            // It is safe to call unwrap because the existance of the key has already been verified.
+            let stored_handle_drop_action = self.open_handles.get(&handle).unwrap();
+            if handle_drop_action != *stored_handle_drop_action {
+                error!("Handle drop action inconsistency");
+                return Err(Error::local_error(WrapperErrorKind::InconsistentParams));
+            }
         }
         let _ = self.open_handles.insert(handle, handle_drop_action);
         Ok(())
diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/ek_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/ek_tests.rs
@@ -10,7 +10,6 @@ use tss_esapi::{
 
 use crate::common::create_ctx_without_session;
 
-#[cfg_attr(tpm2_tss_version = "4", ignore = "issues with tpm2-tss")]
 #[test]
 fn test_retrieve_ek_pubcert() {
     let mut context = create_ctx_without_session();
diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/nv_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/nv_tests.rs
@@ -60,7 +60,6 @@ fn write_nv_index(context: &mut Context, nv_index: NvIndexTpmHandle) -> NvIndexH
     owner_nv_index_handle
 }
 
-#[cfg_attr(tpm2_tss_version = "4", ignore = "issues with tpm2-tss")]
 #[test]
 fn list() {
     let mut context = create_ctx_with_session();
@@ -73,33 +72,40 @@ fn list() {
         .map(|(public, _)| public.nv_index())
         .any(|x| x == nv_index));
 
-    let owner_nv_index_handle = write_nv_index(&mut context, nv_index);
+    let _owner_nv_index_handle = write_nv_index(&mut context, nv_index);
 
     assert!(nv::list(&mut context)
         .unwrap()
         .iter()
         .map(|(public, _)| public.nv_index())
         .any(|x| x == nv_index));
 
+    // Need to get the ESYS handle again, as it was closed by nv::list above
+    let owner_nv_index_handle = context
+        .tr_from_tpm_public(nv_index.into())
+        .expect("Failed to get ObjectHandle for NV Index");
     context
-        .nv_undefine_space(Provision::Owner, owner_nv_index_handle)
+        .nv_undefine_space(Provision::Owner, owner_nv_index_handle.into())
         .expect("Call to nv_undefine_space failed");
 }
 
-#[cfg_attr(tpm2_tss_version = "4", ignore = "issues with tpm2-tss")]
 #[test]
 fn read_full() {
     let mut context = create_ctx_with_session();
 
     let nv_index = NvIndexTpmHandle::new(0x01500015).unwrap();
 
-    let owner_nv_index_handle = write_nv_index(&mut context, nv_index);
+    let _owner_nv_index_handle = write_nv_index(&mut context, nv_index);
 
     // Now read it back
     let read_result = nv::read_full(&mut context, NvAuth::Owner, nv_index);
 
+    // Need to get the ESYS handle again, as it was closed by nv::read_full above
+    let owner_nv_index_handle = context
+        .tr_from_tpm_public(nv_index.into())
+        .expect("Failed to get ObjectHandle for NV Index");
     context
-        .nv_undefine_space(Provision::Owner, owner_nv_index_handle)
+        .nv_undefine_space(Provision::Owner, owner_nv_index_handle.into())
         .expect("Call to nv_undefine_space failed");
 
     let read_result = read_result.unwrap();

Original file line number	Diff line number	Diff line change
`@@ -41,8 +41,12 @@ impl HandleManager {`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`if self.open_handles.contains_key(&handle) {`
`44`		`- error!("Handle({}) is already open", ESYS_TR::from(handle));`
`45`		`- return Err(Error::local_error(WrapperErrorKind::InvalidHandleState));`
	`44`	`+ // It is safe to call unwrap because the existance of the key has already been verified.`
	`45`	`+ let stored_handle_drop_action = self.open_handles.get(&handle).unwrap();`
	`46`	`+ if handle_drop_action != *stored_handle_drop_action {`
	`47`	`+ error!("Handle drop action inconsistency");`
	`48`	`+ return Err(Error::local_error(WrapperErrorKind::InconsistentParams));`
	`49`	`+ }`
`46`	`50`	`}`
`47`	`51`	`let _ = self.open_handles.insert(handle, handle_drop_action);`
`48`	`52`	`Ok(())`