Fixes issue wrong max size in some sized buffer types.

Some of the sized buffers had their buffer sizes
set as numbers. Even though this in some cases
were the correct numbers they were a little hard
to determine if they actually followed the size
specified in the standard. So this PR fixes #548
in the main branch by using the the calculations
specified in the standard for the buffer sizes.

Signed-off-by: Jesper Brynolf <[email protected]>

Author: Superhepper

tss-esapi/src/structures/buffers.rs

@@ -103,15 +103,30 @@ pub mod sensitive;
 pub mod sensitive_create;
 
 pub mod auth {
-    buffer_type!(Auth, 64, TPM2B_AUTH);
+    // Same size as TPM2B_DIGEST according to the specification.
+    use crate::tss2_esys::TPMU_HA;
+    use std::mem::size_of;
+    const TPM2B_AUTH_BUFFER_SIZE: usize = size_of::<TPMU_HA>();
+    buffer_type!(Auth, TPM2B_AUTH_BUFFER_SIZE, TPM2B_AUTH);
 }
 
 pub mod data {
-    buffer_type!(Data, 64, TPM2B_DATA);
+    // This should, according to the specification, be
+    // size_of::<TPMT_HA>() but due to a bug in tpm2-tss
+    // (https://github.com/tpm2-software/tpm2-tss/issues/2888)
+    // it is the size of TPMU_HA
+    use crate::tss2_esys::TPMU_HA;
+    use std::mem::size_of;
+    const TPM2B_DATA_BUFFER_SIZE: usize = size_of::<TPMU_HA>();
+    buffer_type!(Data, TPM2B_DATA_BUFFER_SIZE, TPM2B_DATA);
 }
 
 pub mod digest {
-    buffer_type!(Digest, 64, TPM2B_DIGEST);
+    use crate::tss2_esys::TPMU_HA;
+    use std::mem::size_of;
+    const TPM2B_DIGEST_BUFFER_SIZE: usize = size_of::<TPMU_HA>();
+
+    buffer_type!(Digest, TPM2B_DIGEST_BUFFER_SIZE, TPM2B_DIGEST);
 
     // Some implementations to get from Digest to [u8; N] for common values of N (sha* primarily)
     // This is used to work around the fact that Rust does not allow custom functions for general values of N in [T; N],
@@ -208,80 +223,101 @@ pub mod digest {
 }
 
 pub mod ecc_parameter {
+    use crate::tss2_esys::TPM2_MAX_ECC_KEY_BYTES;
+    const TPM2B_ECC_PARAMETER_BUFFER_SIZE: usize = TPM2_MAX_ECC_KEY_BYTES as usize;
     buffer_type!(
         EccParameter,
-        crate::tss2_esys::TPM2_MAX_ECC_KEY_BYTES as usize,
+        TPM2B_ECC_PARAMETER_BUFFER_SIZE,
         TPM2B_ECC_PARAMETER
     );
 }
 
 pub mod encrypted_secret {
-    named_field_buffer_type!(EncryptedSecret, 256, TPM2B_ENCRYPTED_SECRET, secret);
+    use crate::tss2_esys::TPMU_ENCRYPTED_SECRET;
+    use std::mem::size_of;
+    const TPM2B_ENCRYPTED_SECRET_BUFFER_SIZE: usize = size_of::<TPMU_ENCRYPTED_SECRET>();
+    named_field_buffer_type!(
+        EncryptedSecret,
+        TPM2B_ENCRYPTED_SECRET_BUFFER_SIZE,
+        TPM2B_ENCRYPTED_SECRET,
+        secret
+    );
 }
 
 pub mod id_object {
-    named_field_buffer_type!(IdObject, 256, TPM2B_ID_OBJECT, credential);
+    use crate::tss2_esys::TPMS_ID_OBJECT;
+    use std::mem::size_of;
+    const TPM2B_ID_OBJECT_BUFFER_SIZE: usize = size_of::<TPMS_ID_OBJECT>();
+    named_field_buffer_type!(
+        IdObject,
+        TPM2B_ID_OBJECT_BUFFER_SIZE,
+        TPM2B_ID_OBJECT,
+        credential
+    );
 }
 
 pub mod initial_value {
-    buffer_type!(
-        InitialValue,
-        crate::tss2_esys::TPM2_MAX_SYM_BLOCK_SIZE as usize,
-        TPM2B_IV
-    );
+    use crate::tss2_esys::TPM2_MAX_SYM_BLOCK_SIZE;
+    const TPM2B_IV_BUFFER_SIZE: usize = TPM2_MAX_SYM_BLOCK_SIZE as usize;
+    buffer_type!(InitialValue, TPM2B_IV_BUFFER_SIZE, TPM2B_IV);
 }
 
 pub mod max_buffer {
     use crate::tss2_esys::TPM2_MAX_DIGEST_BUFFER;
-    buffer_type!(MaxBuffer, TPM2_MAX_DIGEST_BUFFER as usize, TPM2B_MAX_BUFFER);
+    const TPM2B_MAX_BUFFER_BUFFER_SIZE: usize = TPM2_MAX_DIGEST_BUFFER as usize;
+    buffer_type!(MaxBuffer, TPM2B_MAX_BUFFER_BUFFER_SIZE, TPM2B_MAX_BUFFER);
 }
 
 pub mod max_nv_buffer {
     use crate::tss2_esys::TPM2_MAX_NV_BUFFER_SIZE;
+    const TPM2B_MAX_NV_BUFFER_BUFFER_SIZE: usize = TPM2_MAX_NV_BUFFER_SIZE as usize;
     buffer_type!(
         MaxNvBuffer,
-        TPM2_MAX_NV_BUFFER_SIZE as usize,
+        TPM2B_MAX_NV_BUFFER_BUFFER_SIZE,
         TPM2B_MAX_NV_BUFFER
     );
 }
 
 pub mod nonce {
-    buffer_type!(Nonce, 64, TPM2B_NONCE);
+    // Same size as TPM2B_DIGEST according to the specification.
+    use crate::tss2_esys::TPMU_HA;
+    use std::mem::size_of;
+    const TPM2B_NONCE_BUFFER_SIZE: usize = size_of::<TPMU_HA>();
+
+    buffer_type!(Nonce, TPM2B_NONCE_BUFFER_SIZE, TPM2B_NONCE);
 }
 
 pub mod private_key_rsa {
     use crate::tss2_esys::TPM2_MAX_RSA_KEY_BYTES;
+    const TPM2B_PRIVATE_KEY_RSA_BUFFER_SIZE: usize = (TPM2_MAX_RSA_KEY_BYTES as usize) * 5 / 2;
 
-    // The maximum size is given in the spec as:
-    // "RSA_PRIVATE_SIZE is a vendor specific value that can be (MAX_RSA_KEY_BYTES / 2) or
-    // ((MAX_RSA_KEY_BYTES * 5) ./ 2. The larger size would only apply to keys that have fixedTPM parents.
-    // The larger size was added in revision 01.53."
-    // The TSS stack we use only accepts the smaller of the two sizes described above (for now).
     buffer_type!(
         PrivateKeyRsa,
-        (TPM2_MAX_RSA_KEY_BYTES / 2) as usize,
+        TPM2B_PRIVATE_KEY_RSA_BUFFER_SIZE,
         TPM2B_PRIVATE_KEY_RSA
     );
 }
 
 pub mod private_vendor_specific {
     use crate::tss2_esys::TPM2_PRIVATE_VENDOR_SPECIFIC_BYTES;
-
+    const TPM2B_PRIVATE_VENDOR_SPECIFIC_BUFFER_SIZE: usize =
+        TPM2_PRIVATE_VENDOR_SPECIFIC_BYTES as usize;
     // The spec states the maximum size as:
     // "The value for PRIVATE_VENDOR_SPECIFIC_BYTES is determined by the vendor."
     // Not very helpful, but the TSS exposes a generic value that we can use.
     buffer_type!(
         PrivateVendorSpecific,
-        TPM2_PRIVATE_VENDOR_SPECIFIC_BYTES as usize,
+        TPM2B_PRIVATE_VENDOR_SPECIFIC_BUFFER_SIZE,
         TPM2B_PRIVATE_VENDOR_SPECIFIC
     );
 }
 
 pub mod public_key_rsa {
     use crate::{interface_types::key_bits::RsaKeyBits, tss2_esys::TPM2_MAX_RSA_KEY_BYTES};
+    const TPM2B_PUBLIC_KEY_RSA_BUFFER_SIZE: usize = TPM2_MAX_RSA_KEY_BYTES as usize;
     buffer_type!(
         PublicKeyRsa,
-        TPM2_MAX_RSA_KEY_BYTES as usize,
+        TPM2B_PUBLIC_KEY_RSA_BUFFER_SIZE,
         TPM2B_PUBLIC_KEY_RSA
     );
 
@@ -359,45 +395,47 @@ pub mod sensitive_data {
     // versions of tpm2-tss supported by the crate so the fall back is to
     // calculate the max size by removing the size of the size parameter(UINT16)
     // from the total size of the buffer type.
+    use std::mem::size_of;
     cfg_if::cfg_if! {
         if #[cfg(has_tpmu_sensitive_create)] {
             use crate::tss2_esys::TPMU_SENSITIVE_CREATE;
-            #[allow(unused_qualifications)]
-            const TPMU_SENSITIVE_CREATE_MEM_SIZE: usize = std::mem::size_of::<TPMU_SENSITIVE_CREATE>();
+            const TPM2B_SENSITIVE_DATA_BUFFER_SIZE: usize = size_of::<TPMU_SENSITIVE_CREATE>();
         } else {
             use crate::tss2_esys::UINT16;
-            #[allow(unused_qualifications)]
-            const TPMU_SENSITIVE_CREATE_MEM_SIZE: usize = std::mem::size_of::<TPM2B_SENSITIVE_DATA>() - std::mem::size_of::<UINT16>();
+            const TPM2B_SENSITIVE_DATA_BUFFER_SIZE: usize = size_of::<TPM2B_SENSITIVE_DATA>() - size_of::<UINT16>();
         }
     }
     buffer_type!(
         SensitiveData,
-        TPMU_SENSITIVE_CREATE_MEM_SIZE,
+        TPM2B_SENSITIVE_DATA_BUFFER_SIZE,
         TPM2B_SENSITIVE_DATA
     );
 }
 
 pub mod symmetric_key {
     use crate::tss2_esys::TPM2_MAX_SYM_KEY_BYTES;
-
+    const TPM2B_SYM_KEY_BUFFER_SIZE: usize = TPM2_MAX_SYM_KEY_BYTES as usize;
     // The spec states the maximum size as:
     // "MAX_SYM_KEY_BYTES will be the larger of the largest symmetric key supported by the TPM and the
     // largest digest produced by any hashing algorithm implemented on the TPM"
-    buffer_type!(SymmetricKey, TPM2_MAX_SYM_KEY_BYTES as usize, TPM2B_SYM_KEY);
+    buffer_type!(SymmetricKey, TPM2B_SYM_KEY_BUFFER_SIZE, TPM2B_SYM_KEY);
 }
 
 pub mod timeout {
-    buffer_type!(Timeout, 8, TPM2B_TIMEOUT);
+    use crate::tss2_esys::UINT64;
+    use std::mem::size_of;
+    const TPM2B_TIMEOUT_BUFFER_SIZE: usize = size_of::<UINT64>();
+    buffer_type!(Timeout, TPM2B_TIMEOUT_BUFFER_SIZE, TPM2B_TIMEOUT);
 }
 
 pub mod tpm_context_data {
     use crate::tss2_esys::TPMS_CONTEXT_DATA;
+    use std::mem::size_of;
 
-    #[allow(unused_qualifications)]
-    const TPMS_CONTEXT_DATA_MEM_SIZE: usize = std::mem::size_of::<TPMS_CONTEXT_DATA>();
+    const TPM2B_CONTEXT_DATA_BUFFER_SIZE: usize = size_of::<TPMS_CONTEXT_DATA>();
     buffer_type!(
         TpmContextData,
-        TPMS_CONTEXT_DATA_MEM_SIZE,
+        TPM2B_CONTEXT_DATA_BUFFER_SIZE,
         TPM2B_CONTEXT_DATA
     );
 }

tss-esapi/src/structures/buffers/private.rs

@@ -2,9 +2,12 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use crate::traits::impl_mu_standard;
+use std::mem::size_of;
 use tss_esapi_sys::_PRIVATE;
 
-buffer_type!(Private, ::std::mem::size_of::<_PRIVATE>(), TPM2B_PRIVATE);
+const TPM2B_PRIVATE_BUFFER_SIZE: usize = size_of::<_PRIVATE>();
+
+buffer_type!(Private, TPM2B_PRIVATE_BUFFER_SIZE, TPM2B_PRIVATE);
 
 impl_mu_standard!(Private, TPM2B_PRIVATE);
 

tss-esapi/src/structures/buffers/public.rs

@@ -10,6 +10,7 @@ use crate::{
 use log::error;
 use std::{
     convert::{TryFrom, TryInto},
+    mem::size_of,
     ops::Deref,
 };
 use zeroize::{Zeroize, ZeroizeOnDrop};
@@ -24,8 +25,7 @@ use zeroize::{Zeroize, ZeroizeOnDrop};
 pub struct PublicBuffer(Vec<u8>);
 
 impl PublicBuffer {
-    #[allow(unused_qualifications)]
-    pub const MAX_SIZE: usize = std::mem::size_of::<TPMT_PUBLIC>();
+    pub const MAX_SIZE: usize = size_of::<TPMT_PUBLIC>();
 
     pub fn value(&self) -> &[u8] {
         &self.0

tss-esapi/src/structures/buffers/sensitive.rs

@@ -9,6 +9,7 @@ use crate::{
 use log::error;
 use std::{
     convert::{TryFrom, TryInto},
+    mem::size_of,
     ops::Deref,
 };
 use zeroize::{Zeroize, ZeroizeOnDrop};
@@ -23,8 +24,7 @@ use zeroize::{Zeroize, ZeroizeOnDrop};
 pub struct SensitiveBuffer(Vec<u8>);
 
 impl SensitiveBuffer {
-    #[allow(unused_qualifications)]
-    pub const MAX_SIZE: usize = std::mem::size_of::<TPMT_SENSITIVE>();
+    pub const MAX_SIZE: usize = size_of::<TPMT_SENSITIVE>();
 
     pub fn value(&self) -> &[u8] {
         &self.0

tss-esapi/src/structures/buffers/sensitive_create.rs

@@ -9,6 +9,7 @@ use crate::{
 use log::error;
 use std::{
     convert::{TryFrom, TryInto},
+    mem::size_of,
     ops::Deref,
 };
 use zeroize::{Zeroize, ZeroizeOnDrop};
@@ -23,8 +24,7 @@ use zeroize::{Zeroize, ZeroizeOnDrop};
 pub struct SensitiveCreateBuffer(Vec<u8>);
 
 impl SensitiveCreateBuffer {
-    #[allow(unused_qualifications)]
-    pub const MAX_SIZE: usize = std::mem::size_of::<TPMS_SENSITIVE_CREATE>();
+    pub const MAX_SIZE: usize = size_of::<TPMS_SENSITIVE_CREATE>();
     pub const MIN_SIZE: usize = 4;
 
     /// Returns the content of the buffer.

tss-esapi/src/structures/ecc/point.rs

@@ -3,7 +3,10 @@ use tss_esapi_sys::TPM2B_ECC_POINT;
 // Copyright 2021 Contributors to the Parsec project.
 // SPDX-License-Identifier: Apache-2.0
 use crate::{structures::EccParameter, tss2_esys::TPMS_ECC_POINT, Error, Result};
-use std::convert::{TryFrom, TryInto};
+use std::{
+    convert::{TryFrom, TryInto},
+    mem::size_of,
+};
 
 /// Structure holding ecc point information
 ///
@@ -49,11 +52,7 @@ impl From<EccPoint> for TPMS_ECC_POINT {
 
 impl From<EccPoint> for TPM2B_ECC_POINT {
     fn from(ecc_point: EccPoint) -> Self {
-        #[allow(unused_qualifications)]
-        let size = std::mem::size_of::<u16>()
-            + ecc_point.x().len()
-            + std::mem::size_of::<u16>()
-            + ecc_point.y().len();
+        let size = size_of::<u16>() + ecc_point.x().len() + size_of::<u16>() + ecc_point.y().len();
         TPM2B_ECC_POINT {
             size: size as u16,
             point: ecc_point.into(),

tss-esapi/src/structures/nv/storage/public.rs

@@ -10,7 +10,10 @@ use crate::{
     Error, Result, WrapperErrorKind,
 };
 use log::error;
-use std::convert::{TryFrom, TryInto};
+use std::{
+    convert::{TryFrom, TryInto},
+    mem::size_of,
+};
 
 /// Representation of the public parameters of a non-volatile
 /// space allocation.
@@ -27,8 +30,7 @@ pub struct NvPublic {
 }
 
 impl NvPublic {
-    #[allow(unused_qualifications)]
-    const MAX_SIZE: usize = std::mem::size_of::<TPMS_NV_PUBLIC>();
+    const MAX_SIZE: usize = size_of::<TPMS_NV_PUBLIC>();
 
     pub fn nv_index(&self) -> NvIndexTpmHandle {
         self.nv_index

tss-esapi/src/traits.rs

@@ -49,7 +49,7 @@ macro_rules! impl_marshall_trait {
     ($native_type:ident, $tss_type:ident, $tss_mu_type:ident, $convert_expression:stmt, $( $ref_sign:tt )?) => {
         paste::item! {
             impl $crate::traits::Marshall for $native_type {
-                const BUFFER_SIZE: usize = std::mem::size_of::<$tss_type>();
+                const BUFFER_SIZE: usize = ::std::mem::size_of::<$tss_type>();
 
                 fn marshall_offset(
                     &self,

tss-esapi/tests/integration_tests/structures_tests/buffers_tests/attest_buffer_tests.rs

@@ -51,3 +51,15 @@ fn test_default() {
         assert_eq!(expected, actual);
     }
 }
+
+#[test]
+fn test_max_sized_attest_buffer_conversions() {
+    let expected_attestation_data = [0xffu8; AttestBuffer::MAX_SIZE];
+    let native = AttestBuffer::try_from(expected_attestation_data.as_slice().to_vec()).expect(
+        "It should be possible to convert an array of MAX size into a AttestBuffer object.",
+    );
+    let tss = TPM2B_ATTEST::from(native);
+    assert_eq!(AttestBuffer::MAX_SIZE, tss.size as usize);
+    // This will be a compiler error if the max size does not match the TSS buffer size.
+    assert_eq!(expected_attestation_data, tss.attestationData);
+}