Merge pull request #342 from ionut-arm/nv-abstraction

Restructure NvOpenOptions

Author: ionut-arm

tss-esapi/src/abstraction/nv.rs

@@ -20,7 +20,11 @@ pub fn read_full(
     auth_handle: NvAuth,
     nv_index_handle: NvIndexTpmHandle,
 ) -> Result<Vec<u8>> {
-    let mut rw = NvOpenOptions::new().open(context, auth_handle, nv_index_handle)?;
+    let mut rw = NvOpenOptions::ExistingIndex {
+        auth_handle,
+        nv_index_handle,
+    }
+    .open(context)?;
     let mut result = Vec::with_capacity(rw.size());
 
     let _ = rw.read_to_end(&mut result).map_err(|e| {
@@ -80,47 +84,34 @@ pub fn list(context: &mut Context) -> Result<Vec<(NvPublic, Name)>> {
 }
 
 /// Options and flags which can be used to determine how a non-volatile storage index is opened.
-///
-/// This builder exposes the ability to determine how a [`NvReaderWriter`] is opened, and is typically used by
-/// calling [`NvOpenOptions::new`], chaining method calls to set each option and then calling [`NvOpenOptions::open`].
-#[derive(Debug, Clone, Default)]
-pub struct NvOpenOptions {
-    nv_public: Option<NvPublic>,
+#[non_exhaustive]
+#[derive(Debug, Clone)]
+pub enum NvOpenOptions {
+    /// Define a new NV space with given auth
+    NewIndex {
+        nv_public: NvPublic,
+        auth_handle: NvAuth,
+    },
+    /// Open the NV space at the given handle, with the given auth
+    ExistingIndex {
+        nv_index_handle: NvIndexTpmHandle,
+        auth_handle: NvAuth,
+    },
 }
 
 impl NvOpenOptions {
-    /// Creates a new blank set of options for opening a non-volatile storage index
-    ///
-    /// All options are initially set to `false`/`None`.
-    pub fn new() -> Self {
-        Self { nv_public: None }
-    }
-
-    /// Sets the public attributes to use when creating the non-volatile storage index
-    ///
-    /// If the public attributes are `None` then the non-volatile storage index will be opened or otherwise
-    /// it will be created.
-    pub fn with_nv_public(&mut self, nv_public: Option<NvPublic>) -> &mut Self {
-        self.nv_public = nv_public;
-        self
-    }
-
     /// Opens a non-volatile storage index using the options specified by `self`
     ///
     /// The non-volatile storage index may be used for reading or writing or both.
-    pub fn open<'a>(
-        &self,
-        context: &'a mut Context,
-        auth_handle: NvAuth,
-        nv_index_handle: NvIndexTpmHandle,
-    ) -> Result<NvReaderWriter<'a>> {
-        let buffer_size = context
-            .get_tpm_property(PropertyTag::NvBufferMax)?
-            .unwrap_or(MaxNvBuffer::MAX_SIZE as u32) as usize;
+    pub fn open<'a>(&self, context: &'a mut Context) -> Result<NvReaderWriter<'a>> {
+        let buffer_size = max_nv_buffer_size(context)?;
 
-        let (data_size, nv_idx) = match &self.nv_public {
-            None => {
-                let nv_idx = TpmHandle::NvIndex(nv_index_handle);
+        let (data_size, nv_idx, auth_handle) = match self {
+            NvOpenOptions::ExistingIndex {
+                nv_index_handle,
+                auth_handle,
+            } => {
+                let nv_idx = TpmHandle::NvIndex(*nv_index_handle);
                 let nv_idx = context
                     .execute_without_session(|ctx| ctx.tr_from_tpm_public(nv_idx))?
                     .into();
@@ -129,23 +120,26 @@ impl NvOpenOptions {
                         .execute_without_session(|ctx| ctx.nv_read_public(nv_idx))
                         .map(|(nvpub, _)| nvpub.data_size())?,
                     nv_idx,
+                    auth_handle,
                 )
             }
-            Some(nv_public) => {
-                if nv_public.nv_index() != nv_index_handle {
-                    return Err(Error::WrapperError(WrapperErrorKind::InconsistentParams));
-                }
-                let auth_handle = AuthHandle::from(auth_handle);
-                (
-                    nv_public.data_size(),
-                    context.nv_define_space(auth_handle.try_into()?, None, nv_public.clone())?,
-                )
-            }
+            NvOpenOptions::NewIndex {
+                nv_public,
+                auth_handle,
+            } => (
+                nv_public.data_size(),
+                context.nv_define_space(
+                    AuthHandle::from(*auth_handle).try_into()?,
+                    None,
+                    nv_public.clone(),
+                )?,
+                auth_handle,
+            ),
         };
 
         Ok(NvReaderWriter {
             context,
-            auth_handle,
+            auth_handle: *auth_handle,
             buffer_size,
             nv_idx,
             data_size,
@@ -154,6 +148,19 @@ impl NvOpenOptions {
     }
 }
 
+/// Get the maximum buffer size for an NV space.
+pub fn max_nv_buffer_size(ctx: &mut Context) -> Result<usize> {
+    Ok(ctx
+        .get_tpm_property(PropertyTag::NvBufferMax)?
+        .map(usize::try_from)
+        .transpose()
+        .map_err(|_| {
+            log::error!("Failed to obtain valid maximum NV buffer size");
+            Error::WrapperError(WrapperErrorKind::InternalError)
+        })?
+        .unwrap_or(MaxNvBuffer::MAX_SIZE))
+}
+
 /// Non-volatile storage index reader/writer
 ///
 /// Provides methods and trait implementations to interact with a non-volatile storage index that has been opened.

tss-esapi/tests/integration_tests/abstraction_tests/nv_tests.rs

@@ -116,7 +116,6 @@ fn write() {
         .with_owner_write(true)
         .with_owner_read(true)
         .with_pp_read(true)
-        .with_owner_read(true)
         .build()
         .expect("Failed to create owner nv index attributes");
     let owner_nv_public = NvPublicBuilder::new()
@@ -127,10 +126,12 @@ fn write() {
         .build()
         .unwrap();
 
-    let mut rw = nv::NvOpenOptions::new()
-        .with_nv_public(Some(owner_nv_public))
-        .open(&mut context, NvAuth::Owner, nv_index)
-        .unwrap();
+    let mut rw = nv::NvOpenOptions::NewIndex {
+        nv_public: owner_nv_public,
+        auth_handle: NvAuth::Owner,
+    }
+    .open(&mut context)
+    .unwrap();
 
     let value = [1, 2, 3, 4, 5, 6, 7];
     rw.write_all(&value).unwrap();