Merge pull request #323 from ionut-arm/customize-ak

Allow customizing AK public

Author: ionut-arm

tss-esapi/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "tss-esapi"
-version = "7.0.0-beta.1"
+version = "7.0.0-beta.2"
 authors = ["Parsec Project Contributors"]
 edition = "2018"
 description = "Rust-native wrapper around TSS 2.0 Enhanced System API"

tss-esapi/src/abstraction/ak.rs

@@ -49,7 +49,7 @@ fn create_ak_public<IKC: IntoKeyCustomization>(
     }
     .build()?;
 
-    match key_alg {
+    let key_builder = match key_alg {
         AsymmetricAlgorithm::Rsa => PublicBuilder::new()
             .with_public_algorithm(PublicAlgorithm::Rsa)
             .with_name_hashing_algorithm(hash_alg)
@@ -67,8 +67,7 @@ fn create_ak_public<IKC: IntoKeyCustomization>(
                     .with_restricted(obj_attrs.restricted())
                     .build()?,
             )
-            .with_rsa_unique_identifier(PublicKeyRsa::default())
-            .build(),
+            .with_rsa_unique_identifier(PublicKeyRsa::default()),
         AsymmetricAlgorithm::Ecc => PublicBuilder::new()
             .with_public_algorithm(PublicAlgorithm::Ecc)
             .with_name_hashing_algorithm(hash_alg)
@@ -84,13 +83,20 @@ fn create_ak_public<IKC: IntoKeyCustomization>(
                     .with_curve(EccCurve::NistP192)
                     .with_key_derivation_function_scheme(KeyDerivationFunctionScheme::Null)
                     .build()?,
-            )
-            .build(),
+            ),
         AsymmetricAlgorithm::Null => {
             // TODO: Figure out what to with Null.
-            Err(Error::local_error(WrapperErrorKind::UnsupportedParam))
+            return Err(Error::local_error(WrapperErrorKind::UnsupportedParam));
         }
-    }
+    };
+
+    let key_builder = if let Some(ref k) = key_customization {
+        k.template(key_builder)
+    } else {
+        key_builder
+    };
+
+    key_builder.build()
 }
 
 /// This loads an Attestation Key previously generated under the Endorsement hierarchy

tss-esapi/src/constants/ecc.rs

@@ -17,7 +17,7 @@ use std::convert::TryFrom;
 ///
 /// # Details
 /// This corresponds to `TPM2_ECC_CURVE`
-#[derive(FromPrimitive, ToPrimitive, Debug, Copy, Clone, PartialEq, Eq)]
+#[derive(FromPrimitive, ToPrimitive, Debug, Copy, Clone, PartialEq, Eq, Hash)]
 #[repr(u16)]
 pub enum EccCurveIdentifier {
     NistP192 = TPM2_ECC_NIST_P192,

tss-esapi/tests/integration_tests/abstraction_tests/ak_tests.rs

@@ -12,7 +12,7 @@ use tss_esapi::{
         algorithm::{AsymmetricAlgorithm, HashingAlgorithm, SignatureSchemeAlgorithm},
         session_handles::PolicySession,
     },
-    structures::{Auth, Digest, SymmetricDefinition},
+    structures::{Auth, Digest, PublicBuilder, SymmetricDefinition},
 };
 
 use crate::common::create_ctx_without_session;
@@ -143,14 +143,18 @@ fn test_create_and_use_ak() {
 
 #[test]
 fn test_create_custom_ak() {
-    struct StClearKeys;
-    impl KeyCustomization for &StClearKeys {
+    struct CustomizeKey;
+    impl KeyCustomization for &CustomizeKey {
         fn attributes(
             &self,
             attributes_builder: ObjectAttributesBuilder,
         ) -> ObjectAttributesBuilder {
             attributes_builder.with_st_clear(true)
         }
+
+        fn template(&self, template_builder: PublicBuilder) -> PublicBuilder {
+            template_builder.with_name_hashing_algorithm(HashingAlgorithm::Sha1)
+        }
     }
     let mut context = create_ctx_without_session();
 
@@ -179,7 +183,7 @@ fn test_create_custom_ak() {
         HashingAlgorithm::Sha256,
         SignatureSchemeAlgorithm::RsaPss,
         Some(ak_auth),
-        &StClearKeys,
+        &CustomizeKey,
     )
     .unwrap();
 
@@ -192,4 +196,9 @@ fn test_create_custom_ak() {
         att_key_without.out_public.object_attributes().0
             | tss_esapi::constants::tss::TPMA_OBJECT_STCLEAR
     );
+
+    assert_eq!(
+        att_key.out_public.name_hashing_algorithm(),
+        HashingAlgorithm::Sha1,
+    );
 }