Slightly simplified SealedData and ImportData types, by making the enum variants private.

Author: danieltrick

Cargo.lock

@@ -7,8 +7,8 @@
 use std::{ffi::c_char, fmt::Display, num::NonZeroUsize, os::raw::c_void, ptr, sync::RwLock};
 
 use crate::{
-    BaseErrorCode, BlobType, ErrorCode, FapiCallbacks, ImportData, InternalError, KeyFlags, NvFlags, PaddingFlags, QuoteFlags, QuoteResult, SealData,
-    SealFlags, SignResult, TpmBlobs,
+    BaseErrorCode, BlobType, ErrorCode, FapiCallbacks, ImportData, InternalError, KeyFlags, NvFlags, PaddingFlags, QuoteFlags, QuoteResult, SealFlags,
+    SealedData, SignResult, TpmBlobs,
     callback::{CallbackManager, entry_point},
     fapi_sys::{self, FAPI_CONTEXT, TPM2_RC, TSS2_RC, constants::TSS2_RC_SUCCESS},
     flags::Flags,
@@ -716,7 +716,7 @@ impl FapiContext {
         seal_type: Option<&[SealFlags]>,
         pol_path: Option<&str>,
         auth_val: Option<&str>,
-        data: SealData,
+        data: SealedData,
     ) -> Result<(), ErrorCode> {
         fail_if_opt_empty!(seal_type);
 

src/context.rs

@@ -446,7 +446,7 @@ pub use callback::{AuthCbParam, BranchCbParam, Callbacks, Cancelled, CbResult, F
 pub use context::FapiContext;
 pub use error::{BaseErrorCode, ErrorCode, InternalError, Tpm2ErrFmt0, Tpm2ErrFmt1, Tpm2ErrorCode, Tpm2Warning};
 pub use flags::{BlobType, KeyFlags, NvFlags, PaddingFlags, QuoteFlags, SealFlags};
-pub use types::{ImportData, QuoteResult, SealData, SignResult, TpmBlobs};
+pub use types::{ImportData, QuoteResult, SealedData, SignResult, TpmBlobs};
 pub use version::{FapiVersion, VersionInfo, get_version};
 
 // Re-export JSON module

src/lib.rs

@@ -34,20 +34,18 @@ macro_rules! opt_check {
 // Import Data
 // ==========================================================================
 
-/// Variant that holds the actual import data
+/// Data to be imported, either a [`&JsonValue`](json::JsonValue) or a PEM encoded [`&str`](core::primitive::str).
+///
+/// Instances of this struct may be used with the [`FapiContext::import()`](crate::FapiContext::import) function.
 #[derive(Clone, Copy, Debug)]
 #[non_exhaustive]
-enum ImportVariant<'a> {
+pub enum ImportData<'a> {
+    #[non_exhaustive]
     Pem(&'a str),
+    #[non_exhaustive]
     Json(&'a JsonValue),
 }
 
-/// Data to be imported, either a [`&JsonValue`](json::JsonValue) or a PEM encoded [`&str`](core::primitive::str).
-///
-/// Instances of this struct may be used with the [`FapiContext::import()`](crate::FapiContext::import) function.
-#[derive(Clone, Copy, Debug)]
-pub struct ImportData<'a>(ImportVariant<'a>);
-
 impl<'a> ImportData<'a> {
     /// Attempts to create a new `ImportData` from the given `JsonValue` reference.
     ///
@@ -56,7 +54,7 @@ impl<'a> ImportData<'a> {
     /// The JSON data will be validated, by the FAPI, when it is actually used.
     pub fn from_json(json_value: &'a JsonValue) -> Result<Self, ErrorCode> {
         if json_value.is_object() && (!json_value.is_empty()) {
-            Ok(Self(ImportVariant::Json(json_value)))
+            Ok(Self::Json(json_value))
         } else {
             Err(ErrorCode::InternalError(InternalError::InvalidArguments))
         }
@@ -73,7 +71,7 @@ impl<'a> ImportData<'a> {
             || pem_data.starts_with("-----BEGIN RSA PRIVATE KEY-----")
             || pem_data.starts_with("-----BEGIN EC PRIVATE KEY-----")
         {
-            Ok(Self(ImportVariant::Pem(pem_data)))
+            Ok(Self::Pem(pem_data))
         } else {
             Err(ERR_INVALID_ARGUMENTS)
         }
@@ -84,9 +82,9 @@ impl TryFrom<ImportData<'_>> for CStringHolder {
     type Error = ErrorCode;
 
     fn try_from(data: ImportData) -> Result<Self, Self::Error> {
-        match data.0 {
-            ImportVariant::Json(json_value) => CStringHolder::try_from(json_value),
-            ImportVariant::Pem(pem_data) => CStringHolder::try_from(pem_data),
+        match data {
+            ImportData::Json(json_value) => CStringHolder::try_from(json_value),
+            ImportData::Pem(pem_data) => CStringHolder::try_from(pem_data),
         }
     }
 }
@@ -95,43 +93,40 @@ impl TryFrom<ImportData<'_>> for CStringHolder {
 // Seal Data
 // ==========================================================================
 
-/// Variant that holds the actual seal data
-#[derive(Clone, Copy, Debug)]
-#[non_exhaustive]
-enum SealVariant<'a> {
-    Size(NonZeroUsize),
-    Data(&'a [u8]),
-}
-
-/// The size of the sealed object and, optionally, the initial data
+/// The size of the sealed object and, optionally, the initial data.
 pub type RawSealInfo = (NonZeroUsize, CBinaryHolder);
 
 /// Data to be sealed, either a non-zero size or some explicit data.
 ///
 /// Instances of this struct may be used with the [`FapiContext::create_seal()`](crate::FapiContext::create_seal) function.
 #[derive(Clone, Copy, Debug)]
-pub struct SealData<'a>(SealVariant<'a>);
+#[non_exhaustive]
+pub enum SealedData<'a> {
+    #[non_exhaustive]
+    Data(&'a [u8]),
+    Size(NonZeroUsize),
+}
 
-impl<'a> SealData<'a> {
+impl<'a> SealedData<'a> {
     /// Creates a new `SealData` with the specified non-zero size.
     ///
     /// The new sealed object will be created with the specified size and will be initialized by the TPM with random data.
-    pub fn from_size(size: NonZeroUsize) -> Self {
-        Self(SealVariant::Size(size))
+    pub fn from_size(size: usize) -> Result<Self, ErrorCode> {
+        Ok(Self::Size(NonZeroUsize::new(size).ok_or(ERR_INVALID_ARGUMENTS)?))
     }
 
     /// Creates a new `SealData` containing the specified data.
     ///
     /// The new sealed object will be created with a size of `data.len()` and it will be initialized with the given data.
     pub fn from_data(data: &'a [u8]) -> Result<Self, ErrorCode> {
-        if !data.is_empty() { Ok(Self(SealVariant::Data(data))) } else { Err(ERR_INVALID_ARGUMENTS) }
+        if !data.is_empty() { Ok(Self::Data(data)) } else { Err(ERR_INVALID_ARGUMENTS) }
     }
 
     /// Returns the actual seal size and the associated data (if any)
     pub(crate) fn into_raw_data(self) -> Result<RawSealInfo, ErrorCode> {
-        match self.0 {
-            SealVariant::Size(size) => Ok((size, CBinaryHolder::empty())),
-            SealVariant::Data(data) => {
+        match self {
+            Self::Size(size) => Ok((size, CBinaryHolder::empty())),
+            Self::Data(data) => {
                 let cstr_data = CBinaryHolder::try_from(data)?;
                 let cstr_size = NonZeroUsize::new(cstr_data.len()).expect("Size must not be zero!");
                 Ok((cstr_size, cstr_data))

src/types.rs

@@ -18,8 +18,7 @@ use log::debug;
 use rand::SeedableRng;
 use rand_chacha::ChaChaRng;
 use serial_test::serial;
-use std::num::NonZeroUsize;
-use tss2_fapi_rs::{FapiContext, SealData, SealFlags};
+use tss2_fapi_rs::{FapiContext, SealFlags, SealedData};
 
 const SEAL_TYPE_FLAGS: &[SealFlags] = &[SealFlags::NoDA];
 
@@ -47,7 +46,7 @@ fn test_create_seal_random() {
         tpm_initialize!(context, PASSWORD, MyCallbacks::new(PASSWORD, None));
 
         // Create new seal, if not already created
-        match context.create_seal(key_path, Some(SEAL_TYPE_FLAGS), None, None, SealData::from_size(NonZeroUsize::new(32usize).unwrap())) {
+        match context.create_seal(key_path, Some(SEAL_TYPE_FLAGS), None, None, SealedData::from_size(32usize).unwrap()) {
             Ok(_) => debug!("Seal created."),
             Err(error) => panic!("Seal creation has failed: {:?}", error),
         }
@@ -80,7 +79,7 @@ fn test_create_seal_data() {
         let sealed_data: [u8; 32usize] = generate_bytes(&mut rng);
 
         // Create new seal, if not already created
-        match context.create_seal(key_path, Some(SEAL_TYPE_FLAGS), None, None, SealData::from_data(&sealed_data[..]).unwrap()) {
+        match context.create_seal(key_path, Some(SEAL_TYPE_FLAGS), None, None, SealedData::from_data(&sealed_data[..]).unwrap()) {
             Ok(_) => debug!("Seal created."),
             Err(error) => panic!("Seal creation has failed: {:?}", error),
         }
@@ -113,7 +112,7 @@ fn test_unseal() {
         let original_data: [u8; 128usize] = generate_bytes(&mut rng);
 
         // Create new seal, if not already created
-        match context.create_seal(key_path, Some(SEAL_TYPE_FLAGS), None, None, SealData::from_data(&original_data[..]).unwrap()) {
+        match context.create_seal(key_path, Some(SEAL_TYPE_FLAGS), None, None, SealedData::from_data(&original_data[..]).unwrap()) {
             Ok(_) => debug!("Seal created."),
             Err(error) => panic!("Seal creation has failed: {:?}", error),
         }