nv: add nv_increment function

sarnautov · sarnautov · commit 556c8729d354 · 2022-07-10T08:15:50.000Z
Signed-off-by: Sergey Arnautov &lt;sergey.arnautov@gmail.com&gt;
diff --git a/tss-esapi/src/context/tpm_commands/non_volatile_storage.rs b/tss-esapi/src/context/tpm_commands/non_volatile_storage.rs
@@ -6,7 +6,8 @@ use crate::{
     interface_types::resource_handles::{NvAuth, Provision},
     structures::{Auth, MaxNvBuffer, Name, NvPublic},
     tss2_esys::{
-        Esys_NV_DefineSpace, Esys_NV_Read, Esys_NV_ReadPublic, Esys_NV_UndefineSpace, Esys_NV_Write,
+        Esys_NV_DefineSpace, Esys_NV_Increment, Esys_NV_Read, Esys_NV_ReadPublic,
+        Esys_NV_UndefineSpace, Esys_NV_Write,
     },
     Context, Error, Result,
 };
@@ -157,7 +158,35 @@ impl Context {
         }
     }
 
-    // Missing function: NV_Increment
+    /// Increment monotonic counter index
+    ///
+    /// # Details
+    /// This method is used to increment monotonic counter
+    /// in the TPM.
+    pub fn nv_increment(
+        &mut self,
+        auth_handle: NvAuth,
+        nv_index_handle: NvIndexHandle,
+    ) -> Result<()> {
+        let ret = unsafe {
+            Esys_NV_Increment(
+                self.mut_context(),
+                AuthHandle::from(auth_handle).into(),
+                nv_index_handle.into(),
+                self.optional_session_1(),
+                self.optional_session_2(),
+                self.optional_session_3(),
+            )
+        };
+        let ret = Error::from_tss_rc(ret);
+        if ret.is_success() {
+            Ok(())
+        } else {
+            error!("Error when incrementing NV: {}", ret);
+            Err(ret)
+        }
+    }
+
     // Missing function: NV_Extend
     // Missing function: NV_SetBits
     // Missing function: NV_WriteLock
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/non_volatile_storage_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/non_volatile_storage_tests.rs
@@ -328,3 +328,90 @@ mod test_nv_read {
         assert_eq!(expected_data, actual_data);
     }
 }
+
+mod test_nv_increment {
+    use crate::common::create_ctx_with_session;
+    use std::convert::TryInto;
+    use tss_esapi::{
+        attributes::NvIndexAttributesBuilder,
+        constants::nv_index_type::NvIndexType,
+        handles::NvIndexTpmHandle,
+        interface_types::{
+            algorithm::HashingAlgorithm,
+            resource_handles::{NvAuth, Provision},
+        },
+        structures::NvPublicBuilder,
+    };
+    #[test]
+    fn test_nv_increment() {
+        let mut context = create_ctx_with_session();
+        let nv_index = NvIndexTpmHandle::new(0x01500021).unwrap();
+
+        // Create owner nv public.
+        let owner_nv_index_attributes = NvIndexAttributesBuilder::new()
+            .with_owner_write(true)
+            .with_owner_read(true)
+            .with_nv_index_type(NvIndexType::Counter)
+            .build()
+            .expect("Failed to create owner nv index attributes");
+
+        let owner_nv_public = NvPublicBuilder::new()
+            .with_nv_index(nv_index)
+            .with_index_name_algorithm(HashingAlgorithm::Sha256)
+            .with_index_attributes(owner_nv_index_attributes)
+            .with_data_area_size(8)
+            .build()
+            .expect("Failed to build NvPublic for owner");
+
+        let owner_nv_index_handle = context
+            .nv_define_space(Provision::Owner, None, owner_nv_public)
+            .expect("Call to nv_define_space failed");
+
+        // Increment the counter using Owner authorization. This call initializes the counter
+        let increment_result = context.nv_increment(NvAuth::Owner, owner_nv_index_handle);
+        if let Err(e) = increment_result {
+            panic!("Failed to perform nv increment: {}", e);
+        }
+
+        // Read the counter using owner authorization (first call)
+        let read_result_first_value = context.nv_read(NvAuth::Owner, owner_nv_index_handle, 8, 0);
+
+        // Increment the counter using Owner authorization (second increment)
+        let increment_result = context.nv_increment(NvAuth::Owner, owner_nv_index_handle);
+        if let Err(e) = increment_result {
+            panic!("Failed to perform nv increment: {}", e);
+        }
+
+        // Read the counter using owner authorization
+        let read_result_second_value = context.nv_read(NvAuth::Owner, owner_nv_index_handle, 8, 0);
+
+        context
+            .nv_undefine_space(Provision::Owner, owner_nv_index_handle)
+            .expect("Call to nv_undefine_space failed");
+
+        // Report error
+        if let Err(e) = read_result_first_value {
+            panic!("Failed to read public of nv index: {}", e);
+        }
+        if let Err(e) = read_result_second_value {
+            panic!("Failed to read public of nv index: {}", e);
+        }
+
+        // Check result.
+        let first_value = u64::from_be_bytes(
+            read_result_first_value
+                .unwrap()
+                .to_vec()
+                .try_into()
+                .unwrap(),
+        );
+        let second_value = u64::from_be_bytes(
+            read_result_second_value
+                .unwrap()
+                .to_vec()
+                .try_into()
+                .unwrap(),
+        );
+        assert_eq!(first_value + 1, second_value);
+    }
+}
