Fixes problem with running tests needing features to be specified.

This PR builds upon the work made in parallaxsecond#539 and parallaxsecond#538
and fixes a problem with running tests required
several features to be specified in order for the
tests to compile.

This has been accomplish by doing the following:
1. Tests have been refactored in order to avoid
   dependency on features that may and may not be
   available.
2. Updated workspace Cargo.toml to use version 2
   resolver.
3. Updated tss-esapi Cargo.toml to use the crate
   it self as dev-dependency with most of the
   features enabled.

Co-authored-by: Travis Finkenauer <[email protected]>
Co-authored-by: William Brown <[email protected]>
Signed-off-by: Jesper Brynolf <[email protected]>

Cargo.toml

@@ -1,2 +1,3 @@
 [workspace]
-members = ["tss-esapi", "tss-esapi-sys"]
+members = ["tss-esapi", "tss-esapi-sys"]
+resolver = "2"

tss-esapi/Cargo.toml

@@ -15,9 +15,15 @@ rust-version = "1.66.0"
 [[example]]
 name = "hmac"
 
+[[example]]
+name = "certify"
+required-features = ["abstraction"]
+
 [dependencies]
 bitfield = "0.14"
-serde = { version = "1.0.115", features = ["derive"], optional = true, default-features = false }
+serde = { version = "1.0.115", features = [
+    "derive",
+], optional = true, default-features = false }
 malloced = "1.3.1"
 log = "0.4.11"
 enumflags2 = "0.7.7"
@@ -40,6 +46,12 @@ getrandom = "0.2.11"
 env_logger = "0.9.0"
 sha2 = "0.10.1"
 serde_json = "^1.0.108"
+tss-esapi = { path = ".", features = [
+    "integration-tests",
+    "serde",
+    "abstraction",
+] }
+
 
 [build-dependencies]
 semver = "1.0.7"

tss-esapi/README.md

@@ -27,6 +27,7 @@ The crate currently offers the following features:
 * `abstraction` (enabled by default) - provides a set of abstracted primitives
   on top of the basic Rust-native ESAPI API provided by the crate. This feature
   can be turned off to reduce the number of dependencies built.
+* `serde` - enable serde `Serialize`/`Deserialize` traits for types. 
 
 ## Cross compiling
 

tss-esapi/src/lib.rs

@@ -109,7 +109,7 @@ pub mod structures;
 pub mod tcti_ldr;
 pub mod traits;
 pub mod utils;
-
+#[cfg(feature = "abstraction")]
 pub use abstraction::transient::TransientKeyContext;
 pub use context::Context;
 pub use error::{Error, Result, ReturnCode, WrapperErrorKind};

tss-esapi/tests/integration_tests/common/mod.rs

@@ -8,7 +8,6 @@ use std::{
 };
 
 use tss_esapi::{
-    abstraction::{cipher::Cipher, pcr::PcrData},
     attributes::ObjectAttributes,
     attributes::{NvIndexAttributesBuilder, ObjectAttributesBuilder, SessionAttributesBuilder},
     constants::SessionType,
@@ -234,9 +233,7 @@ pub fn create_ctx_with_session() -> Context {
 #[allow(dead_code)]
 pub fn decryption_key_pub() -> Public {
     utils::create_restricted_decryption_rsa_public(
-        Cipher::aes_256_cfb()
-            .try_into()
-            .expect("Failed to create symmetric object"),
+        SymmetricDefinitionObject::AES_256_CFB,
         RsaKeyBits::Rsa2048,
         RsaExponent::default(),
     )
@@ -278,16 +275,8 @@ pub fn get_pcr_policy_digest(
         .build()
         .expect("Failed to create PcrSelectionList");
 
-    let (_update_counter, pcr_selection_list_out, pcr_data) = context
+    let (_update_counter, pcr_selection_list_out, read_pcr_digests) = context
         .pcr_read(pcr_selection_list.clone())
-        .map(|(update_counter, read_pcr_selections, read_pcr_digests)| {
-            (
-                update_counter,
-                read_pcr_selections.clone(),
-                PcrData::create(&read_pcr_selections, &read_pcr_digests)
-                    .expect("Failed to create PcrData"),
-            )
-        })
         .expect("Failed to call pcr_read");
 
     assert_eq!(pcr_selection_list, pcr_selection_list_out);
@@ -298,22 +287,12 @@ pub fn get_pcr_policy_digest(
     // values from the command rather than the values from a digest of the TPM PCR."
     //
     // "TPM2_Quote() and TPM2_PolicyPCR() digest the concatenation of PCR."
-    let mut concatenated_pcr_values = [
-        pcr_data
-            .pcr_bank(HashingAlgorithm::Sha256)
-            .unwrap()
-            .get_digest(PcrSlot::Slot0)
-            .unwrap()
-            .as_bytes(),
-        pcr_data
-            .pcr_bank(HashingAlgorithm::Sha256)
-            .unwrap()
-            .get_digest(PcrSlot::Slot1)
-            .unwrap()
-            .as_bytes(),
-    ]
-    .concat();
-
+    let mut concatenated_pcr_values = read_pcr_digests
+        .value()
+        .iter()
+        .map(|v| v.as_bytes())
+        .collect::<Vec<&[u8]>>()
+        .concat();
     if mangle {
         concatenated_pcr_values[0] = 0x00;
     }

tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs

@@ -194,7 +194,6 @@ mod test_policy_pcr {
     use crate::common::create_ctx_without_session;
     use std::convert::TryFrom;
     use tss_esapi::{
-        abstraction::pcr::PcrData,
         attributes::SessionAttributesBuilder,
         constants::SessionType,
         interface_types::{
@@ -237,16 +236,8 @@ mod test_policy_pcr {
             .build()
             .expect("Failed to create PcrSelectionList");
 
-        let (_update_counter, pcr_selection_list_out, pcr_data) = context
+        let (_update_counter, pcr_selection_list_out, read_pcr_digests) = context
             .pcr_read(pcr_selection_list.clone())
-            .map(|(update_counter, read_pcr_selections, read_pcr_digests)| {
-                (
-                    update_counter,
-                    read_pcr_selections.clone(),
-                    PcrData::create(&read_pcr_selections, &read_pcr_digests)
-                        .expect("Failed to create PcrData"),
-                )
-            })
             .expect("Failed to call pcr_read");
 
         assert_eq!(pcr_selection_list, pcr_selection_list_out);
@@ -258,22 +249,12 @@ mod test_policy_pcr {
         //
         // "TPM2_Quote() and TPM2_PolicyPCR() digest the concatenation of PCR."
         let concatenated_pcr_values = MaxBuffer::try_from(
-            [
-                pcr_data
-                    .pcr_bank(HashingAlgorithm::Sha256)
-                    .unwrap()
-                    .get_digest(PcrSlot::Slot0)
-                    .unwrap()
-                    .as_bytes(),
-                pcr_data
-                    .pcr_bank(HashingAlgorithm::Sha256)
-                    .unwrap()
-                    .get_digest(PcrSlot::Slot1)
-                    .unwrap()
-                    .as_bytes(),
-            ]
-            .concat()
-            .to_vec(),
+            read_pcr_digests
+                .value()
+                .iter()
+                .map(|v| v.as_bytes())
+                .collect::<Vec<&[u8]>>()
+                .concat(),
         )
         .unwrap();
 
@@ -679,7 +660,6 @@ mod test_policy_get_digest {
     use crate::common::create_ctx_without_session;
     use std::convert::TryFrom;
     use tss_esapi::{
-        abstraction::pcr::PcrData,
         attributes::SessionAttributesBuilder,
         constants::SessionType,
         interface_types::{
@@ -723,16 +703,8 @@ mod test_policy_get_digest {
 
         let trial_policy_session = PolicySession::try_from(trial_policy_auth_session)
             .expect("Failed to convert auth session into policy session");
-        let (_update_counter, pcr_selection_list_out, pcr_data) = context
+        let (_update_counter, pcr_selection_list_out, read_pcr_digests) = context
             .pcr_read(pcr_selection_list.clone())
-            .map(|(update_counter, read_pcr_selections, read_pcr_digests)| {
-                (
-                    update_counter,
-                    read_pcr_selections.clone(),
-                    PcrData::create(&read_pcr_selections, &read_pcr_digests)
-                        .expect("Failed to create PcrData"),
-                )
-            })
             .expect("Failed to call pcr_read");
 
         assert_eq!(pcr_selection_list, pcr_selection_list_out);
@@ -744,22 +716,12 @@ mod test_policy_get_digest {
         //
         // "TPM2_Quote() and TPM2_PolicyPCR() digest the concatenation of PCR."
         let concatenated_pcr_values = MaxBuffer::try_from(
-            [
-                pcr_data
-                    .pcr_bank(HashingAlgorithm::Sha256)
-                    .unwrap()
-                    .get_digest(PcrSlot::Slot0)
-                    .unwrap()
-                    .as_bytes(),
-                pcr_data
-                    .pcr_bank(HashingAlgorithm::Sha256)
-                    .unwrap()
-                    .get_digest(PcrSlot::Slot1)
-                    .unwrap()
-                    .as_bytes(),
-            ]
-            .concat()
-            .to_vec(),
+            read_pcr_digests
+                .value()
+                .iter()
+                .map(|v| v.as_bytes())
+                .collect::<Vec<&[u8]>>()
+                .concat(),
         )
         .unwrap();
 

tss-esapi/tests/integration_tests/context_tests/tpm_commands/integrity_collection_pcr_tests.rs

@@ -4,7 +4,6 @@ mod test_pcr_extend_reset {
     use crate::common::create_ctx_with_session;
     use std::convert::TryFrom;
     use tss_esapi::{
-        abstraction::pcr::PcrData,
         handles::PcrHandle,
         interface_types::algorithm::HashingAlgorithm,
         structures::{Digest, DigestValues, PcrSelectionListBuilder, PcrSlot},
@@ -34,6 +33,12 @@ mod test_pcr_extend_reset {
         });
 
         // Needs to have the length of associated with the hashing algorithm
+        assert_eq!(read_pcr_selections.get_selections().len(), 2);
+        assert_eq!(
+            pcr_selection_list.get_selections(),
+            read_pcr_selections.get_selections()
+        );
+        assert_eq!(read_pcr_digests.value().len(), 2);
         read_pcr_selections
             .get_selections()
             .iter()
@@ -73,8 +78,8 @@ mod test_pcr_extend_reset {
         });
 
         // Read PCR contents
-        let (_, read_pcr_selections_2, read_pcr_digests_2) =
-            context.execute_without_session(|ctx| ctx.pcr_read(pcr_selection_list).unwrap());
+        let (_, after_extend_read_pcr_selections, after_extend_read_pcr_digests) = context
+            .execute_without_session(|ctx| ctx.pcr_read(pcr_selection_list.clone()).unwrap());
         // Needs to have the length of associated with the hashing algorithm
         /*
           Right Hand Side determined by:
@@ -87,11 +92,16 @@ mod test_pcr_extend_reset {
           >>> res = ["0x"+a+b for a,b in zip(it, it)]
           >>> ", ".join(res)
         */
-
-        read_pcr_selections_2
+        assert_eq!(after_extend_read_pcr_selections.get_selections().len(), 2);
+        assert_eq!(
+            pcr_selection_list.get_selections(),
+            after_extend_read_pcr_selections.get_selections()
+        );
+        assert_eq!(after_extend_read_pcr_digests.value().len(), 2);
+        after_extend_read_pcr_selections
             .get_selections()
             .iter()
-            .zip(read_pcr_digests_2.value().iter())
+            .zip(after_extend_read_pcr_digests.value().iter())
             .for_each(|(pcr_selection, digest)| {
                 if pcr_selection.hashing_algorithm() == HashingAlgorithm::Sha1 {
                     assert_eq!(digest.len(), 20);
@@ -121,28 +131,35 @@ mod test_pcr_extend_reset {
         context.execute_with_session(pcr_ses, |ctx| ctx.pcr_reset(PcrHandle::Pcr16).unwrap());
 
         // Read PCR contents
-        let pcr_selection_list = PcrSelectionListBuilder::new()
-            .with_selection(HashingAlgorithm::Sha1, &[PcrSlot::Slot16])
-            .with_selection(HashingAlgorithm::Sha256, &[PcrSlot::Slot16])
-            .build()
-            .expect("Failed to create PcrSelectionList for pcr_read call after pcr_reset");
-        let pcr_data = context
+        let (_, after_reset_read_pcr_selections_out, after_reset_read_pcr_digests) = context
             .execute_without_session(|ctx| {
-                ctx.pcr_read(pcr_selection_list).map(
-                    |(_, read_pcr_selections, read_pcr_digests)| {
-                        PcrData::create(&read_pcr_selections, &read_pcr_digests)
-                            .expect("Failed to create PcrData")
-                    },
-                )
-            })
-            .expect("Failed to call pcr_read");
-        let pcr_sha1_bank = pcr_data.pcr_bank(HashingAlgorithm::Sha1).unwrap();
-        let pcr_sha256_bank = pcr_data.pcr_bank(HashingAlgorithm::Sha256).unwrap();
-        let pcr_sha1_value = pcr_sha1_bank.get_digest(PcrSlot::Slot16).unwrap();
-        let pcr_sha256_value = pcr_sha256_bank.get_digest(PcrSlot::Slot16).unwrap();
-        // Needs to have the length of associated with the hashing algorithm
-        assert_eq!(pcr_sha1_value.as_bytes(), [0; 20]);
-        assert_eq!(pcr_sha256_value.as_bytes(), [0; 32]);
+                ctx.pcr_read(pcr_selection_list.clone())
+                    .expect("Failed to call pcr_read")
+            });
+        assert_eq!(
+            after_reset_read_pcr_selections_out.get_selections().len(),
+            2
+        );
+        assert_eq!(
+            pcr_selection_list.get_selections(),
+            after_reset_read_pcr_selections_out.get_selections()
+        );
+        assert_eq!(after_reset_read_pcr_digests.value().len(), 2);
+        after_reset_read_pcr_selections_out
+            .get_selections()
+            .iter()
+            .zip(after_reset_read_pcr_digests.value().iter())
+            .for_each(|(pcr_selection, digest)| {
+                if pcr_selection.hashing_algorithm() == HashingAlgorithm::Sha1 {
+                    assert_eq!(digest.len(), 20);
+                    assert_eq!(digest.as_bytes(), [0; 20]);
+                } else if pcr_selection.hashing_algorithm() == HashingAlgorithm::Sha256 {
+                    assert_eq!(digest.len(), 32);
+                    assert_eq!(digest.as_bytes(), [0; 32]);
+                } else {
+                    panic!("Read pcr selections contained unexpected HashingAlgorithm");
+                }
+            });
     }
 }
 

tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs

@@ -2,9 +2,8 @@
 // SPDX-License-Identifier: Apache-2.0
 mod test_encrypt_decrypt_2 {
     use crate::common::create_ctx_without_session;
-    use std::convert::{TryFrom, TryInto};
+    use std::convert::TryFrom;
     use tss_esapi::{
-        abstraction::cipher::Cipher,
         attributes::ObjectAttributesBuilder,
         interface_types::{
             algorithm::{HashingAlgorithm, PublicAlgorithm, SymmetricMode},
@@ -14,7 +13,7 @@ mod test_encrypt_decrypt_2 {
         },
         structures::{
             Auth, InitialValue, MaxBuffer, PublicBuilder, RsaExponent, SensitiveData,
-            SymmetricCipherParameters,
+            SymmetricCipherParameters, SymmetricDefinitionObject,
         },
     };
     #[test]
@@ -34,9 +33,7 @@ mod test_encrypt_decrypt_2 {
             ctx.create_primary(
                 Hierarchy::Owner,
                 tss_esapi::utils::create_restricted_decryption_rsa_public(
-                    Cipher::aes_128_cfb()
-                        .try_into()
-                        .expect("Failed to convert from Cipher"),
+                    SymmetricDefinitionObject::AES_128_CFB,
                     RsaKeyBits::Rsa2048,
                     RsaExponent::default(),
                 )
@@ -66,9 +63,7 @@ mod test_encrypt_decrypt_2 {
             .with_name_hashing_algorithm(HashingAlgorithm::Sha256)
             .with_object_attributes(symmetric_key_object_attributes)
             .with_symmetric_cipher_parameters(SymmetricCipherParameters::new(
-                Cipher::aes_128_cfb()
-                    .try_into()
-                    .expect("Failed to create symmteric cipher parameters from cipher"),
+                SymmetricDefinitionObject::AES_128_CFB,
             ))
             .with_symmetric_cipher_unique_identifier(Default::default())
             .build()