Add tr_sess_get_nonce_tpm interface

Muxi Yan · Muxi Yan · commit 427620c16ab6 · 2025-10-22T21:50:50.000-05:00
diff --git a/tss-esapi/src/context/session_administration.rs b/tss-esapi/src/context/session_administration.rs
@@ -2,9 +2,11 @@
 // SPDX-License-Identifier: Apache-2.0
 use crate::{
     attributes::{SessionAttributes, SessionAttributesMask},
+    ffi::take_from_esys,
     handles::SessionHandle,
     interface_types::session_handles::AuthSession,
-    tss2_esys::{Esys_TRSess_GetAttributes, Esys_TRSess_SetAttributes},
+    structures::Nonce,
+    tss2_esys::{Esys_TRSess_GetAttributes, Esys_TRSess_GetNonceTPM, Esys_TRSess_SetAttributes},
     Context, Result, ReturnCode,
 };
 use log::error;
@@ -51,5 +53,23 @@ impl Context {
         Ok(SessionAttributes(flags))
     }
 
-    // Missing function: Esys_TRSess_GetNonceTPM
+    /// Get the TPM nonce from a session.
+    pub fn tr_sess_get_nonce_tpm(&mut self, session: AuthSession) -> Result<Nonce> {
+        let mut nonce_ptr = std::ptr::null_mut();
+        ReturnCode::ensure_success(
+            unsafe {
+                Esys_TRSess_GetNonceTPM(
+                    self.mut_context(),
+                    SessionHandle::from(session).into(),
+                    &mut nonce_ptr,
+                )
+            },
+            |ret| {
+                error!("Error when getting session nonceTPM: {:#010X}", ret);
+            },
+        )?;
+
+        let nonce_tpm = unsafe { take_from_esys(nonce_ptr)? };
+        nonce_tpm.try_into()
+    }
 }
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/session_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/session_commands_tests.rs
@@ -138,6 +138,30 @@ mod test_start_auth_session {
             .unwrap_err();
         });
     }
+
+    #[test]
+    fn test_get_nonce_tpm() {
+        let mut context = create_ctx_without_session();
+        let session = context
+            .start_auth_session(
+                None,
+                None,
+                None,
+                SessionType::Policy,
+                SymmetricDefinition::AES_256_CFB,
+                HashingAlgorithm::Sha256,
+            )
+            .unwrap()
+            .expect("Received invalid handle");
+
+        // Get the TPM nonce from the session
+        let nonce_tpm = context
+            .tr_sess_get_nonce_tpm(session)
+            .expect("Failed to get nonceTPM");
+
+        // Verify the nonce is not empty
+        assert!(!nonce_tpm.as_bytes().is_empty());
+    }
 }
 
 mod test_policy_restart {
