Adds the Attest and AttestInfo type.

- Adds the Attest and AttestInfo types. The Attest type corresponds
  to the TPMS_ATTEST and the AttestInfo type corresponds somewhat
  to the TPMU_ATTEST type.

Signed-off-by: Jesper Brynolf <jesper.brynolf@gmail.com>

Author: Superhepper

tss-esapi/src/structures/attest.rs

@@ -0,0 +1,118 @@
+// Copyright 2021 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+
+use crate::{
+    constants::tss::TPM2_GENERATED_VALUE,
+    interface_types::structure_tags::AttestationType,
+    structures::{AttestInfo, ClockInfo, Data, Name},
+    tss2_esys::TPMS_ATTEST,
+    Error, Result, WrapperErrorKind,
+};
+use log::error;
+use std::convert::{TryFrom, TryInto};
+
+/// Type for holding attestation data
+///
+/// # Details
+/// Corresponds to `TPMS_ATTEST`.
+#[derive(Debug, Clone)]
+pub struct Attest {
+    attestation_type: AttestationType,
+    qualified_signer: Name,
+    extra_data: Data,
+    clock_info: ClockInfo,
+    firmware_version: u64,
+    attested: AttestInfo,
+}
+
+impl Attest {
+    /// Returns ttestation type
+    pub const fn attestation_type(&self) -> AttestationType {
+        self.attestation_type
+    }
+
+    /// Returns the qualified name of the signing object.
+    pub const fn qualified_signer(&self) -> &Name {
+        &self.qualified_signer
+    }
+
+    /// Retirns the extra data specified by the caller.
+    pub const fn extra_data(&self) -> &Data {
+        &self.extra_data
+    }
+
+    /// Returns the internal TPM clock data.
+    pub const fn clock_info(&self) -> &ClockInfo {
+        &self.clock_info
+    }
+
+    /// Returns TPM firmware version number.
+    pub const fn firmware_version(&self) -> u64 {
+        self.firmware_version
+    }
+
+    /// Returns types specific attestation information
+    pub const fn attested(&self) -> &AttestInfo {
+        &self.attested
+    }
+}
+
+impl From<Attest> for TPMS_ATTEST {
+    fn from(attest: Attest) -> Self {
+        TPMS_ATTEST {
+            magic: TPM2_GENERATED_VALUE,
+            type_: attest.attestation_type.into(),
+            qualifiedSigner: attest.qualified_signer.into(),
+            extraData: attest.extra_data.into(),
+            clockInfo: attest.clock_info.into(),
+            firmwareVersion: attest.firmware_version,
+            attested: attest.attested.into(),
+        }
+    }
+}
+
+impl TryFrom<TPMS_ATTEST> for Attest {
+    type Error = Error;
+
+    fn try_from(tpms_attest: TPMS_ATTEST) -> Result<Self> {
+        if tpms_attest.magic != TPM2_GENERATED_VALUE {
+            return Err(Error::local_error(WrapperErrorKind::InvalidParam));
+        }
+
+        let attestation_type = AttestationType::try_from(tpms_attest.type_)?;
+        Ok(Attest {
+            attestation_type,
+            qualified_signer: Name::try_from(tpms_attest.qualifiedSigner)?,
+            extra_data: Data::try_from(tpms_attest.extraData)?,
+            clock_info: ClockInfo::try_from(tpms_attest.clockInfo)?,
+            firmware_version: tpms_attest.firmwareVersion,
+            attested: match attestation_type {
+                AttestationType::Certify => AttestInfo::Certify {
+                    info: unsafe { tpms_attest.attested.certify }.try_into()?,
+                },
+                AttestationType::Quote => AttestInfo::Quote {
+                    info: unsafe { tpms_attest.attested.quote }.try_into()?,
+                },
+                AttestationType::SessionAudit => AttestInfo::SessionAudit {
+                    info: unsafe { tpms_attest.attested.sessionAudit }.try_into()?,
+                },
+                AttestationType::CommandAudit => AttestInfo::CommandAudit {
+                    info: unsafe { tpms_attest.attested.commandAudit }.try_into()?,
+                },
+                AttestationType::Time => AttestInfo::Time {
+                    info: unsafe { tpms_attest.attested.time }.try_into()?,
+                },
+                AttestationType::Creation => AttestInfo::Creation {
+                    info: unsafe { tpms_attest.attested.creation }.try_into()?,
+                },
+                AttestationType::Nv => AttestInfo::Nv {
+                    info: unsafe { tpms_attest.attested.nv }.try_into()?,
+                },
+                AttestationType::NvDigest => {
+                    error!("NvDigest attestation type is currently not supported");
+                    return Err(Error::local_error(WrapperErrorKind::UnsupportedParam));
+                }
+            },
+        })
+    }
+}

tss-esapi/src/structures/attest_info.rs

@@ -0,0 +1,52 @@
+// Copyright 2021 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+
+use crate::{
+    structures::{
+        CertifyInfo, CommandAuditInfo, CreationInfo, NvCertifyInfo, QuoteInfo, SessionAuditInfo,
+        TimeAttestInfo,
+    },
+    tss2_esys::TPMU_ATTEST,
+};
+
+/// Enum that holds the different types of
+/// attest info.
+///
+/// # Details
+/// This type does to some degree corresponds to the
+/// TPMU_ATTEST but with the TPM_ST_ATTEST selectore
+/// included.
+#[derive(Debug, Clone)]
+pub enum AttestInfo {
+    Certify { info: CertifyInfo },
+    Quote { info: QuoteInfo },
+    SessionAudit { info: SessionAuditInfo },
+    CommandAudit { info: CommandAuditInfo },
+    Time { info: TimeAttestInfo },
+    Creation { info: CreationInfo },
+    Nv { info: NvCertifyInfo },
+    // NvDigest, the TPMS_NV_DIGEST_CERTIFY_INFO,
+    // was first added in the 3.1.0 version of the tpm2-tss
+}
+
+impl From<AttestInfo> for TPMU_ATTEST {
+    fn from(attest_info: AttestInfo) -> Self {
+        match attest_info {
+            AttestInfo::Certify { info } => TPMU_ATTEST {
+                certify: info.into(),
+            },
+            AttestInfo::Quote { info } => TPMU_ATTEST { quote: info.into() },
+            AttestInfo::SessionAudit { info } => TPMU_ATTEST {
+                sessionAudit: info.into(),
+            },
+            AttestInfo::CommandAudit { info } => TPMU_ATTEST {
+                commandAudit: info.into(),
+            },
+            AttestInfo::Time { info } => TPMU_ATTEST { time: info.into() },
+            AttestInfo::Creation { info } => TPMU_ATTEST {
+                creation: info.into(),
+            },
+            AttestInfo::Nv { info } => TPMU_ATTEST { nv: info.into() },
+        }
+    }
+}

tss-esapi/src/structures/mod.rs

@@ -188,3 +188,13 @@ pub use nv_certify_info::NvCertifyInfo;
 /////////////////////////////////////////////////////////
 mod nv_digest_certify_info;
 pub use nv_digest_certify_info::NvDigestCertifyInfo;
+/////////////////////////////////////////////////////////
+/// Attest Info
+/////////////////////////////////////////////////////////
+mod attest_info;
+pub use attest_info::AttestInfo;
+/////////////////////////////////////////////////////////
+/// Attest
+/////////////////////////////////////////////////////////
+mod attest;
+pub use attest::Attest;

tss-esapi/tests/integration_tests/common/tpms_types_equality_checks.rs

@@ -1,7 +1,13 @@
-use tss_esapi::tss2_esys::{
-    TPMS_CERTIFY_INFO, TPMS_CLOCK_INFO, TPMS_COMMAND_AUDIT_INFO, TPMS_CREATION_INFO,
-    TPMS_NV_CERTIFY_INFO, TPMS_PCR_SELECTION, TPMS_QUOTE_INFO, TPMS_SESSION_AUDIT_INFO,
-    TPMS_TIME_ATTEST_INFO, TPMS_TIME_INFO,
+use tss_esapi::{
+    constants::tss::{
+        TPM2_ST_ATTEST_CERTIFY, TPM2_ST_ATTEST_COMMAND_AUDIT, TPM2_ST_ATTEST_CREATION,
+        TPM2_ST_ATTEST_NV, TPM2_ST_ATTEST_QUOTE, TPM2_ST_ATTEST_SESSION_AUDIT, TPM2_ST_ATTEST_TIME,
+    },
+    tss2_esys::{
+        TPMS_ATTEST, TPMS_CERTIFY_INFO, TPMS_CLOCK_INFO, TPMS_COMMAND_AUDIT_INFO,
+        TPMS_CREATION_INFO, TPMS_NV_CERTIFY_INFO, TPMS_PCR_SELECTION, TPMS_QUOTE_INFO,
+        TPMS_SESSION_AUDIT_INFO, TPMS_TIME_ATTEST_INFO, TPMS_TIME_INFO,
+    },
 };
 
 macro_rules! ensure_sized_buffer_field_equality {
@@ -146,3 +152,58 @@ pub fn ensure_tpms_nv_certify_info_equality(
     );
     ensure_sized_buffer_field_equality!(expected, actual, nvContents, buffer, TPM2B_MAX_NV_BUFFER);
 }
+
+#[allow(dead_code)]
+pub fn ensure_tpms_attest_equality(expected: &TPMS_ATTEST, actual: &TPMS_ATTEST) {
+    assert_eq!(
+        expected.magic, actual.magic,
+        "'magic' value in TPMS_ATTEST, mismatch between actual and expected"
+    );
+    assert_eq!(
+        expected.type_, actual.type_,
+        "'type_' value in TPMS_ATTEST, mismatch between actual and expected",
+    );
+    ensure_sized_buffer_field_equality!(expected, actual, qualifiedSigner, name, TPM2B_NAME);
+    ensure_sized_buffer_field_equality!(expected, actual, extraData, buffer, TPM2B_DATA);
+    ensure_tpms_clock_info_equality(&expected.clockInfo, &actual.clockInfo);
+    assert_eq!(
+        expected.firmwareVersion, actual.firmwareVersion,
+        "'firmwareVersion' value in TPMS_ATTEST, mismatch between actual and expected",
+    );
+    match expected.type_ {
+        TPM2_ST_ATTEST_CERTIFY => {
+            ensure_tpms_certify_info_equality(unsafe { &expected.attested.certify }, unsafe {
+                &actual.attested.certify
+            });
+        }
+        TPM2_ST_ATTEST_QUOTE => {
+            ensure_tpms_quote_info_equality(unsafe { &expected.attested.quote }, unsafe {
+                &actual.attested.quote
+            });
+        }
+        TPM2_ST_ATTEST_SESSION_AUDIT => ensure_tpms_session_audit_info_equality(
+            unsafe { &expected.attested.sessionAudit },
+            unsafe { &actual.attested.sessionAudit },
+        ),
+        TPM2_ST_ATTEST_COMMAND_AUDIT => ensure_tpms_command_audit_info_equality(
+            unsafe { &expected.attested.commandAudit },
+            unsafe { &actual.attested.commandAudit },
+        ),
+        TPM2_ST_ATTEST_TIME => {
+            ensure_tpms_time_attest_info_equality(unsafe { &expected.attested.time }, unsafe {
+                &actual.attested.time
+            })
+        }
+        TPM2_ST_ATTEST_CREATION => {
+            ensure_tpms_creation_info_equality(unsafe { &expected.attested.creation }, unsafe {
+                &actual.attested.creation
+            })
+        }
+        TPM2_ST_ATTEST_NV => {
+            ensure_tpms_nv_certify_info_equality(unsafe { &expected.attested.nv }, unsafe {
+                &actual.attested.nv
+            })
+        }
+        _ => panic!("'type_' value in TPMS_ATTEST contained invalid or unsupported value"),
+    }
+}