Merge pull request #390 from ionut-arm/handles-fix

Fix handle management for static resources

Author: ionut-arm

tss-esapi/src/abstraction/nv.rs

@@ -42,6 +42,8 @@ pub fn read_full(
 }
 
 /// Returns the NvPublic and Name associated with an NV index TPM handle
+///
+/// NOTE: This call _may_ close existing ESYS handles to the NV Index.
 fn get_nv_index_info(
     context: &mut Context,
     nv_index_tpm_handle: NvIndexTpmHandle,
@@ -63,6 +65,8 @@ fn get_nv_index_info(
 }
 
 /// Lists all the currently defined NV Indexes' names and public components
+///
+/// NOTE: This call _may_ close existing ESYS handles to the existing NV Indexes.
 pub fn list(context: &mut Context) -> Result<Vec<(NvPublic, Name)>> {
     context.execute_without_session(|ctx| {
         ctx.get_capability(
@@ -166,6 +170,8 @@ pub fn max_nv_buffer_size(ctx: &mut Context) -> Result<usize> {
 /// Provides methods and trait implementations to interact with a non-volatile storage index that has been opened.
 ///
 /// Use [`NvOpenOptions::open`] to obtain an [`NvReaderWriter`] object.
+///
+/// NOTE: When the `NvReaderWriter` is dropped, any existing ESYS handles to NV Indexes _may_ be closed.
 #[derive(Debug)]
 pub struct NvReaderWriter<'a> {
     context: &'a mut Context,

tss-esapi/src/context/handle_manager.rs

@@ -40,9 +40,12 @@ impl HandleManager {
             return Err(Error::local_error(WrapperErrorKind::InvalidParam));
         }
 
-        if self.open_handles.contains_key(&handle) {
-            error!("Handle({}) is already open", ESYS_TR::from(handle));
-            return Err(Error::local_error(WrapperErrorKind::InvalidHandleState));
+        // The TSS might return the same handle, see #383
+        if let Some(stored_handle_drop_action) = self.open_handles.get(&handle) {
+            if handle_drop_action != *stored_handle_drop_action {
+                error!("Handle drop action inconsistency");
+                return Err(Error::local_error(WrapperErrorKind::InconsistentParams));
+            }
         }
         let _ = self.open_handles.insert(handle, handle_drop_action);
         Ok(())

tss-esapi/tests/integration_tests/abstraction_tests/ek_tests.rs

@@ -10,7 +10,6 @@ use tss_esapi::{
 
 use crate::common::create_ctx_without_session;
 
-#[cfg_attr(tpm2_tss_version = "4", ignore = "issues with tpm2-tss")]
 #[test]
 fn test_retrieve_ek_pubcert() {
     let mut context = create_ctx_without_session();

tss-esapi/tests/integration_tests/abstraction_tests/nv_tests.rs

@@ -60,7 +60,6 @@ fn write_nv_index(context: &mut Context, nv_index: NvIndexTpmHandle) -> NvIndexH
     owner_nv_index_handle
 }
 
-#[cfg_attr(tpm2_tss_version = "4", ignore = "issues with tpm2-tss")]
 #[test]
 fn list() {
     let mut context = create_ctx_with_session();
@@ -81,12 +80,15 @@ fn list() {
         .map(|(public, _)| public.nv_index())
         .any(|x| x == nv_index));
 
+    // Need to get the ESYS handle again, as it was closed by nv::list above
+    let owner_nv_index_handle = context
+        .tr_from_tpm_public(nv_index.into())
+        .unwrap_or_else(|_| owner_nv_index_handle.into());
     context
-        .nv_undefine_space(Provision::Owner, owner_nv_index_handle)
+        .nv_undefine_space(Provision::Owner, owner_nv_index_handle.into())
         .expect("Call to nv_undefine_space failed");
 }
 
-#[cfg_attr(tpm2_tss_version = "4", ignore = "issues with tpm2-tss")]
 #[test]
 fn read_full() {
     let mut context = create_ctx_with_session();
@@ -98,8 +100,12 @@ fn read_full() {
     // Now read it back
     let read_result = nv::read_full(&mut context, NvAuth::Owner, nv_index);
 
+    // Need to get the ESYS handle again, as it was closed by nv::read_full above
+    let owner_nv_index_handle = context
+        .tr_from_tpm_public(nv_index.into())
+        .unwrap_or_else(|_| owner_nv_index_handle.into());
     context
-        .nv_undefine_space(Provision::Owner, owner_nv_index_handle)
+        .nv_undefine_space(Provision::Owner, owner_nv_index_handle.into())
         .expect("Call to nv_undefine_space failed");
 
     let read_result = read_result.unwrap();