Improves tests for tagged schemes.

- Adds a file for tests for each individual tagged scheme and adds more
  tests for each type in
  ```tss-esapi/src/structures/tagged/schemes.rs```.

- Adds missing support for `Hmac` variant when using `signing_scheme`
  and `set_signing_scheme` methods.

- Changes name of variable holding the signing scheme.

- Refactors the tagged signature scheme tests.

Signed-off-by: Jesper Brynolf <[email protected]>

tss-esapi/src/structures/schemes.rs

@@ -52,6 +52,11 @@ impl HmacScheme {
     pub const fn new(hashing_algorithm: HashingAlgorithm) -> HmacScheme {
         HmacScheme { hashing_algorithm }
     }
+
+    /// Returns the hashing algorithm
+    pub const fn hashing_algorithm(&self) -> HashingAlgorithm {
+        self.hashing_algorithm
+    }
 }
 
 impl From<HashScheme> for HmacScheme {

tss-esapi/tests/integration_tests/common/tpm2b_types_equality_checks.rs

@@ -58,5 +58,5 @@ pub fn ensure_tpm2b_sensitive_create_equality(
         expected.size, actual.size,
         "'size' value in TPM2B_SENSITIVE_CREATE, mismatch between actual and expected",
     );
-    crate::common::ensure_tpms_sensitive_create(&expected.sensitive, &actual.sensitive);
+    crate::common::ensure_tpms_sensitive_create_equality(&expected.sensitive, &actual.sensitive);
 }

tss-esapi/tests/integration_tests/common/tpms_types_equality_checks.rs

@@ -7,9 +7,9 @@ use tss_esapi::{
     },
     tss2_esys::{
         TPMS_ALG_PROPERTY, TPMS_ATTEST, TPMS_CERTIFY_INFO, TPMS_CLOCK_INFO,
-        TPMS_COMMAND_AUDIT_INFO, TPMS_CREATION_INFO, TPMS_ECC_PARMS, TPMS_KEYEDHASH_PARMS,
-        TPMS_NV_CERTIFY_INFO, TPMS_PCR_SELECTION, TPMS_QUOTE_INFO, TPMS_RSA_PARMS,
-        TPMS_SCHEME_ECDAA, TPMS_SCHEME_HASH, TPMS_SCHEME_HMAC, TPMS_SCHEME_XOR,
+        TPMS_COMMAND_AUDIT_INFO, TPMS_CREATION_INFO, TPMS_ECC_PARMS, TPMS_EMPTY,
+        TPMS_KEYEDHASH_PARMS, TPMS_NV_CERTIFY_INFO, TPMS_PCR_SELECTION, TPMS_QUOTE_INFO,
+        TPMS_RSA_PARMS, TPMS_SCHEME_ECDAA, TPMS_SCHEME_HASH, TPMS_SCHEME_HMAC, TPMS_SCHEME_XOR,
         TPMS_SENSITIVE_CREATE, TPMS_SESSION_AUDIT_INFO, TPMS_SYMCIPHER_PARMS,
         TPMS_TAGGED_PCR_SELECT, TPMS_TAGGED_PROPERTY, TPMS_TIME_ATTEST_INFO, TPMS_TIME_INFO,
     },
@@ -302,10 +302,17 @@ pub fn ensure_tpms_symcipher_parms_equality(
     crate::common::ensure_tpmt_sym_def_object_equality(&expected.sym, &actual.sym)
 }
 
-pub fn ensure_tpms_sensitive_create(
+pub fn ensure_tpms_sensitive_create_equality(
     expected: &TPMS_SENSITIVE_CREATE,
     actual: &TPMS_SENSITIVE_CREATE,
 ) {
     crate::common::ensure_tpm2b_auth_equality(&expected.userAuth, &actual.userAuth);
     crate::common::ensure_tpm2b_sensitive_data(&expected.data, &actual.data);
 }
+
+pub fn ensure_tpms_empty_equality(expected: &TPMS_EMPTY, actual: &TPMS_EMPTY) {
+    assert_eq!(
+        expected.empty, actual.empty,
+        "'empty' value TPMS_EMPTY, mismatch between actual and expected."
+    );
+}

tss-esapi/tests/integration_tests/common/tpmt_types_equality_checks.rs

@@ -10,7 +10,7 @@ use tss_esapi::{
     },
     tss2_esys::{
         TPMT_ECC_SCHEME, TPMT_KDF_SCHEME, TPMT_KEYEDHASH_SCHEME, TPMT_PUBLIC_PARMS,
-        TPMT_RSA_SCHEME, TPMT_SYM_DEF, TPMT_SYM_DEF_OBJECT,
+        TPMT_RSA_DECRYPT, TPMT_RSA_SCHEME, TPMT_SIG_SCHEME, TPMT_SYM_DEF, TPMT_SYM_DEF_OBJECT,
     },
 };
 
@@ -336,3 +336,72 @@ pub fn ensure_tpmt_kdf_scheme_equality(expected: &TPMT_KDF_SCHEME, actual: &TPMT
         _ => panic!("Invalid algorithm in TPMT_KDF_SCHEME"),
     }
 }
+
+pub fn ensure_tpmt_rsa_decrypt_equality(expected: &TPMT_RSA_DECRYPT, actual: &TPMT_RSA_DECRYPT) {
+    assert_eq!(
+        expected.scheme, actual.scheme,
+        "'scheme' value in TPMT_RSA_DECRYPT, mismatch between actual and expected",
+    );
+
+    match expected.scheme {
+        TPM2_ALG_RSAES => {
+            let expected_scheme = unsafe { &expected.details.rsaes };
+            let actual_scheme = unsafe { &actual.details.rsaes };
+            crate::common::ensure_tpms_empty_equality(expected_scheme, actual_scheme);
+        }
+        TPM2_ALG_OAEP => {
+            let expected_scheme = unsafe { &expected.details.oaep };
+            let actual_scheme = unsafe { &actual.details.oaep };
+            crate::common::ensure_tpms_scheme_hash_equality(expected_scheme, actual_scheme);
+        }
+        TPM2_ALG_NULL => {}
+        _ => panic!("Invalid algorithm in TPMT_RSA_DECRYPT"),
+    }
+}
+
+pub fn ensure_tpmt_sig_scheme_equality(expected: &TPMT_SIG_SCHEME, actual: &TPMT_SIG_SCHEME) {
+    assert_eq!(
+        expected.scheme, actual.scheme,
+        "'scheme' value in TPMT_SIG_SCHEME, mismatch between actual and expected",
+    );
+
+    match expected.scheme {
+        TPM2_ALG_RSASSA => {
+            let expected_scheme = unsafe { &expected.details.rsassa };
+            let actual_scheme = unsafe { &actual.details.rsassa };
+            crate::common::ensure_tpms_scheme_hash_equality(expected_scheme, actual_scheme);
+        }
+        TPM2_ALG_RSAPSS => {
+            let expected_scheme = unsafe { &expected.details.rsapss };
+            let actual_scheme = unsafe { &actual.details.rsapss };
+            crate::common::ensure_tpms_scheme_hash_equality(expected_scheme, actual_scheme);
+        }
+        TPM2_ALG_ECDSA => {
+            let expected_scheme = unsafe { &expected.details.ecdsa };
+            let actual_scheme = unsafe { &actual.details.ecdsa };
+            crate::common::ensure_tpms_scheme_hash_equality(expected_scheme, actual_scheme);
+        }
+        TPM2_ALG_SM2 => {
+            let expected_scheme = unsafe { &expected.details.sm2 };
+            let actual_scheme = unsafe { &actual.details.sm2 };
+            crate::common::ensure_tpms_scheme_hash_equality(expected_scheme, actual_scheme);
+        }
+        TPM2_ALG_ECSCHNORR => {
+            let expected_scheme = unsafe { &expected.details.ecschnorr };
+            let actual_scheme = unsafe { &actual.details.ecschnorr };
+            crate::common::ensure_tpms_scheme_hash_equality(expected_scheme, actual_scheme);
+        }
+        TPM2_ALG_ECDAA => {
+            let expected_scheme = unsafe { &expected.details.ecdaa };
+            let actual_scheme = unsafe { &actual.details.ecdaa };
+            crate::common::ensure_tpms_scheme_ecdaa_equality(expected_scheme, actual_scheme);
+        }
+        TPM2_ALG_HMAC => {
+            let expected_scheme = unsafe { &expected.details.hmac };
+            let actual_scheme = unsafe { &actual.details.hmac };
+            crate::common::ensure_tpms_scheme_hmac_equality(expected_scheme, actual_scheme);
+        }
+        TPM2_ALG_NULL => {}
+        _ => panic!("Invalid algorithm in TPMT_SIG_SCHEME"),
+    }
+}

tss-esapi/tests/integration_tests/context_tests/tpm_commands/attestation_commands_tests.rs

@@ -131,7 +131,7 @@ mod test_quote {
         let mut context = create_ctx_with_session();
         let qualifying_data = vec![0xff; 16];
         let sign_scheme = SignatureScheme::RsaPss {
-            hash_scheme: HashScheme::new(HashingAlgorithm::Sha256),
+            scheme: HashScheme::new(HashingAlgorithm::Sha256),
         };
 
         let obj_key_handle = context

tss-esapi/tests/integration_tests/structures_tests/algorithm_tests/symmetric_tests/sensitive_create_tests.rs

@@ -51,7 +51,7 @@ fn test_tpms_sensitive_create_conversions() {
         "data() did not return expected value"
     );
     let actual_tpms_sensitive_create: TPMS_SENSITIVE_CREATE = sensitive_create.into();
-    crate::common::ensure_tpms_sensitive_create(
+    crate::common::ensure_tpms_sensitive_create_equality(
         &expected_tpms_sensitive_create,
         &actual_tpms_sensitive_create,
     );

tss-esapi/tests/integration_tests/structures_tests/tagged_tests/mod.rs

@@ -9,4 +9,9 @@ mod sensitive;
 mod signature;
 mod symmetric_definition_object_tests;
 mod symmetric_definition_tests;
+mod tagged_ecc_scheme_tests;
+mod tagged_key_derivation_function_scheme_tests;
+mod tagged_keyed_hash_scheme_tests;
+mod tagged_rsa_decryption_scheme_tests;
+mod tagged_rsa_scheme_tests;
 mod tagged_signature_scheme_tests;