tstruk
commented
5 years ago It is messed up alright. Not only Esys_Hash() and Esys_SequenceComplete(), but also Esys_LoadExternal() is also screwed the same way. These need to be converted to take ESYS_TR, as in the spec, and then convert the ESYS handle to TPM handle internally using iesys_handle_to_tpm_handle() function. This change would need a major version bump though.
Background: The ESAPI spec (v0.90 Rev 4) defines 'hierarchy' types as ESYS_TR for Hash and Sequence Finish commands. The implementation instead uses TPMI_RH_HIERARCY as the type for this command. The README for ESAPI explains that the API is a 1-to-1 mapping of the commands defined in Pt3 of the TPM2 specification.
Analysis: It is difficult to map 1-to-1 all commands defined in Pt.3 of the TPM specification for ESAPI, since many arguments in ESAPI API must use ESYS_TR types for handles and auth types.
Conclusion: If it is required for the ESAPI Spec and API implementation to be consistent, then should the API implementation follow the ESAPI spec's definition, or should the ESAPI Spec change to make the parameters all TPM-types? If it is not required, then the description of the ESAPI implementation could change to explain that it is a 1-to-1 mapping of only the parameters defined in Pt.3 of the TPM2 Specification (since authorization handles must be ESYS_TR types for ESAPI).