Add duplication example

[Firstyear]

This adds an example of duplication.

As usual - it's broken. I can't seem to work out why, and I was literally copy-pasting as much as possible from this projects own test cases. So any assistance to get this sorted out and over the line would be great.

[ionut-arm]

I believe @wiktor-k might have some working examples or abstractions built to handle something like this - hope I'm not remembering wrong!

[wiktor-k]

Yep, you're right Ionut. I think one example is right in the doctests of the duplicate function. If there are any problems digging it out I'll take a look tomorrow morning.

[wiktor-k]

Btw, check out this tiny example (that should be working).

[Firstyear]

I think this example is pretty much the same as the one I copied from in the duplication tests (except that the test uses ecc not rsa https://github.com/parallaxsecond/rust-tss-esapi/blob/main/tss-esapi/tests/integration_tests/context_tests/tpm_commands/duplication_commands_tests.rs ). But it has a significant flaw, an that is that you are duplicating from a primary to the same primary. It's not actually testing or demonstrating moving between two separate keys.

Additionally, the example I'm trying to make is mean to be for simulating or demonstrating if you have a specific duplication key below a primary, rather than duplicating between the primaries.

So that's part of why I want to get this example to work - Because it certainly looks like it's exposing some bugs or flaws in functions like new_restricted_decryption_key ( https://github.com/parallaxsecond/rust-tss-esapi/pull/460/files#diff-aee362f84ca982e9226800f9ca6cec55b4c53d5e846af0bb475beb7d109bc74dR180 ) which per the docs state: "Create parameters for a restricted decryption key (i.e. a storage key)" (https://github.com/parallaxsecond/rust-tss-esapi/blob/main/tss-esapi/src/structures/tagged/public/ecc.rs#L37)

[wiktor-k]

Just out of curiosity have you tried using RSA keys instead of ECC to see if the example passes? EC keys may have additional requirements for restricted decryption (like KDF specification). I mean: just to take the new_restricted_decryption_key out of the test and see if you can progress. And if so, then fixing new_restricted_decryption_key.

[Firstyear]

Okay, I sorted out the restricted decryption key issues - turns out it was my own silly fault!

Anyway, just down to the policy failure with duplication now. Going to re-read your examples to check but I think they're correct.

EDIT: The policy I was using was correct and the same as the duplication test, but your example uses an authValue based policy instead (which I actually prefer!). So I have adapted my code to use this, but it still fails in the same way.

⚠️ TSS Layer: TPM, Code: 0x0000099D, Message: A policy check failed (associated with session number 1).

[Firstyear]

@wiktor-k Can I get a re-review on this? Still stuck here with the duplication key :(

[wiktor-k]

@wiktor-k Can I get a re-review on this? Still stuck here with the duplication key :(

Sorry for the delay, you know how it is in free-time open-source side-projects :sweat_smile:

I'll try to take a look early next week and thanks for the ping! :pray:

[Firstyear]

@wiktor-k Can I get a re-review on this? Still stuck here with the duplication key :(

Sorry for the delay, you know how it is in free-time open-source side-projects 😅

Very much so 😅

I'll try to take a look early next week and thanks for the ping! 🙏

Thank you so much for your help!

[Firstyear]

@wiktor-k Okay I re-read your comments multiple times, I've been reading section 23 about duplication of the spec and I still can not get this to work. I'm completely stumped now what I have done wrong here. I think I really need you or someone else to send me a diff or PR on what to change because I think this is beyond my ability :(

[Firstyear]

@ionut-arm @wiktor-k @Superhepper Okay, after lots of help from all of you this example now works! Thank you all so much!

I have rebased to main, squashed and signed off. I have also updated the duplication example to be "with_encrypted_duplication(true)" and for bonus, I added a second example which is duplication using inner wrappers only showing how to duplicate against TPM2_RH_NULL.