diff --git a/tss-esapi/src/abstraction/ak.rs b/tss-esapi/src/abstraction/ak.rs index cb0ccac3..79bd3db1 100644 --- a/tss-esapi/src/abstraction/ak.rs +++ b/tss-esapi/src/abstraction/ak.rs @@ -56,7 +56,26 @@ const POLICY_C_SM3_256: [u8; 32] = [ 0x56, 0x99, 0xa3, 0xe3, 0x9f, 0xc3, 0x55, 0x1b, 0xfe, 0xff, 0xcf, 0x13, 0x2b, 0x49, 0xe1, 0x1d, ]; +/// Creates a Public object for an AK key. fn create_ak_public( + key_alg: AsymmetricAlgorithm, + hash_alg: HashingAlgorithm, + sign_alg: SignatureSchemeAlgorithm, + key_customization: IKC, +) -> Result { + create_ak_public_2( + AsymmetricAlgorithmSelection::try_from(key_alg)?, + hash_alg, + sign_alg, + key_customization, + ) +} + +/// Creates a Public object for an AK key. +/// +/// # Details +/// This is only replace the `create_ak` API in the next major version. +fn create_ak_public_2( key_alg: AsymmetricAlgorithmSelection, hash_alg: HashingAlgorithm, sign_alg: SignatureSchemeAlgorithm, @@ -228,8 +247,36 @@ pub fn load_ak( Ok(key_handle) } -/// This creates an Attestation Key in the Endorsement hierarchy +/// This creates an Attestation Key in the Endorsement hierarchy. pub fn create_ak( + context: &mut Context, + parent: KeyHandle, + hash_alg: HashingAlgorithm, + sign_alg: SignatureSchemeAlgorithm, + ak_auth_value: Option, + key_customization: IKC, +) -> Result { + let key_alg = AsymmetricAlgorithm::try_from(sign_alg).map_err(|e| { + // sign_alg is either HMAC or Null. + error!("Could not retrieve asymmetric algorithm for provided signature scheme"); + e + })?; + create_ak_2( + context, + parent, + hash_alg, + AsymmetricAlgorithmSelection::try_from(key_alg)?, + sign_alg, + ak_auth_value, + key_customization, + ) +} + +/// This creates an Attestation Key in the Endorsement hierarchy. +/// +/// # Details +/// This is only replace the `create_ak` API in the next major version. +pub fn create_ak_2( context: &mut Context, parent: KeyHandle, hash_alg: HashingAlgorithm, diff --git a/tss-esapi/src/abstraction/ek.rs b/tss-esapi/src/abstraction/ek.rs index df13e76b..822b46fe 100644 --- a/tss-esapi/src/abstraction/ek.rs +++ b/tss-esapi/src/abstraction/ek.rs @@ -61,6 +61,25 @@ const AUTH_POLICY_B_SM3_256: [u8; 32] = [ /// Source: TCG EK Credential Profile for TPM Family 2.0; Level 0 Version 2.3 Revision 2 /// Appendix B.3.3 and B.3.4 pub fn create_ek_public_from_default_template( + alg: AsymmetricAlgorithm, + key_customization: IKC, +) -> Result { + create_ek_public_from_default_template_2( + AsymmetricAlgorithmSelection::try_from(alg)?, + key_customization, + ) +} + +/// Get the [`Public`] representing a default Endorsement Key +/// +/// **Note**: This only works for key algorithms specified in TCG EK Credential Profile for TPM Family 2.0. +/// +/// Source: TCG EK Credential Profile for TPM Family 2.0; Level 0 Version 2.3 Revision 2 +/// Appendix B.3.3 and B.3.4 +/// +/// # Details +/// This is only replace the `create_ek_public_from_default_template` API in the next major version. +pub fn create_ek_public_from_default_template_2( alg: AsymmetricAlgorithmSelection, key_customization: IKC, ) -> Result { @@ -192,6 +211,22 @@ pub fn create_ek_public_from_default_template( /// Create the Endorsement Key object from the specification templates pub fn create_ek_object( + context: &mut Context, + alg: AsymmetricAlgorithm, + key_customization: IKC, +) -> Result { + create_ek_object_2( + context, + AsymmetricAlgorithmSelection::try_from(alg)?, + key_customization, + ) +} + +/// Create the Endorsement Key object from the specification templates +/// +/// # Details +/// This is only replace the `create_ek_object` API in the next major version. +pub fn create_ek_object_2( context: &mut Context, alg: AsymmetricAlgorithmSelection, key_customization: IKC,