search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
treewide: remove redundant IS_ERR() before error code check
[linux/fpc-iii.git] / tools / testing / selftests / tpm2 / tpm2.py
blobd0fcb66a88a68a0bf9e57d5da24aadfd695c12f9
1 # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
2
3 import hashlib
4 import os
5 import socket
6 import struct
7 import sys
8 import unittest
9 import fcntl
10 import select
11
12 TPM2_ST_NO_SESSIONS = 0x8001
13 TPM2_ST_SESSIONS = 0x8002
14
15 TPM2_CC_FIRST = 0x01FF
16
17 TPM2_CC_CREATE_PRIMARY = 0x0131
18 TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET = 0x0139
19 TPM2_CC_CREATE = 0x0153
20 TPM2_CC_LOAD = 0x0157
21 TPM2_CC_UNSEAL = 0x015E
22 TPM2_CC_FLUSH_CONTEXT = 0x0165
23 TPM2_CC_START_AUTH_SESSION = 0x0176
24 TPM2_CC_GET_CAPABILITY = 0x017A
25 TPM2_CC_GET_RANDOM = 0x017B
26 TPM2_CC_PCR_READ = 0x017E
27 TPM2_CC_POLICY_PCR = 0x017F
28 TPM2_CC_PCR_EXTEND = 0x0182
29 TPM2_CC_POLICY_PASSWORD = 0x018C
30 TPM2_CC_POLICY_GET_DIGEST = 0x0189
31
32 TPM2_SE_POLICY = 0x01
33 TPM2_SE_TRIAL = 0x03
34
35 TPM2_ALG_RSA = 0x0001
36 TPM2_ALG_SHA1 = 0x0004
37 TPM2_ALG_AES = 0x0006
38 TPM2_ALG_KEYEDHASH = 0x0008
39 TPM2_ALG_SHA256 = 0x000B
40 TPM2_ALG_NULL = 0x0010
41 TPM2_ALG_CBC = 0x0042
42 TPM2_ALG_CFB = 0x0043
43
44 TPM2_RH_OWNER = 0x40000001
45 TPM2_RH_NULL = 0x40000007
46 TPM2_RH_LOCKOUT = 0x4000000A
47 TPM2_RS_PW = 0x40000009
48
49 TPM2_RC_SIZE = 0x01D5
50 TPM2_RC_AUTH_FAIL = 0x098E
51 TPM2_RC_POLICY_FAIL = 0x099D
52 TPM2_RC_COMMAND_CODE = 0x0143
53
54 TSS2_RC_LAYER_SHIFT = 16
55 TSS2_RESMGR_TPM_RC_LAYER = (11 << TSS2_RC_LAYER_SHIFT)
56
57 TPM2_CAP_HANDLES = 0x00000001
58 TPM2_CAP_COMMANDS = 0x00000002
59 TPM2_CAP_TPM_PROPERTIES = 0x00000006
60
61 TPM2_PT_FIXED = 0x100
62 TPM2_PT_TOTAL_COMMANDS = TPM2_PT_FIXED + 41
63
64 HR_SHIFT = 24
65 HR_LOADED_SESSION = 0x02000000
66 HR_TRANSIENT = 0x80000000
67
68 SHA1_DIGEST_SIZE = 20
69 SHA256_DIGEST_SIZE = 32
70
71 TPM2_VER0_ERRORS = {
72 0x000: "TPM_RC_SUCCESS",
73 0x030: "TPM_RC_BAD_TAG",
74 }
75
76 TPM2_VER1_ERRORS = {
77 0x000: "TPM_RC_FAILURE",
78 0x001: "TPM_RC_FAILURE",
79 0x003: "TPM_RC_SEQUENCE",
80 0x00B: "TPM_RC_PRIVATE",
81 0x019: "TPM_RC_HMAC",
82 0x020: "TPM_RC_DISABLED",
83 0x021: "TPM_RC_EXCLUSIVE",
84 0x024: "TPM_RC_AUTH_TYPE",
85 0x025: "TPM_RC_AUTH_MISSING",
86 0x026: "TPM_RC_POLICY",
87 0x027: "TPM_RC_PCR",
88 0x028: "TPM_RC_PCR_CHANGED",
89 0x02D: "TPM_RC_UPGRADE",
90 0x02E: "TPM_RC_TOO_MANY_CONTEXTS",
91 0x02F: "TPM_RC_AUTH_UNAVAILABLE",
92 0x030: "TPM_RC_REBOOT",
93 0x031: "TPM_RC_UNBALANCED",
94 0x042: "TPM_RC_COMMAND_SIZE",
95 0x043: "TPM_RC_COMMAND_CODE",
96 0x044: "TPM_RC_AUTHSIZE",
97 0x045: "TPM_RC_AUTH_CONTEXT",
98 0x046: "TPM_RC_NV_RANGE",
99 0x047: "TPM_RC_NV_SIZE",
100 0x048: "TPM_RC_NV_LOCKED",
101 0x049: "TPM_RC_NV_AUTHORIZATION",
102 0x04A: "TPM_RC_NV_UNINITIALIZED",
103 0x04B: "TPM_RC_NV_SPACE",
104 0x04C: "TPM_RC_NV_DEFINED",
105 0x050: "TPM_RC_BAD_CONTEXT",
106 0x051: "TPM_RC_CPHASH",
107 0x052: "TPM_RC_PARENT",
108 0x053: "TPM_RC_NEEDS_TEST",
109 0x054: "TPM_RC_NO_RESULT",
110 0x055: "TPM_RC_SENSITIVE",
111 0x07F: "RC_MAX_FM0",
112 }
113
114 TPM2_FMT1_ERRORS = {
115 0x001: "TPM_RC_ASYMMETRIC",
116 0x002: "TPM_RC_ATTRIBUTES",
117 0x003: "TPM_RC_HASH",
118 0x004: "TPM_RC_VALUE",
119 0x005: "TPM_RC_HIERARCHY",
120 0x007: "TPM_RC_KEY_SIZE",
121 0x008: "TPM_RC_MGF",
122 0x009: "TPM_RC_MODE",
123 0x00A: "TPM_RC_TYPE",
124 0x00B: "TPM_RC_HANDLE",
125 0x00C: "TPM_RC_KDF",
126 0x00D: "TPM_RC_RANGE",
127 0x00E: "TPM_RC_AUTH_FAIL",
128 0x00F: "TPM_RC_NONCE",
129 0x010: "TPM_RC_PP",
130 0x012: "TPM_RC_SCHEME",
131 0x015: "TPM_RC_SIZE",
132 0x016: "TPM_RC_SYMMETRIC",
133 0x017: "TPM_RC_TAG",
134 0x018: "TPM_RC_SELECTOR",
135 0x01A: "TPM_RC_INSUFFICIENT",
136 0x01B: "TPM_RC_SIGNATURE",
137 0x01C: "TPM_RC_KEY",
138 0x01D: "TPM_RC_POLICY_FAIL",
139 0x01F: "TPM_RC_INTEGRITY",
140 0x020: "TPM_RC_TICKET",
141 0x021: "TPM_RC_RESERVED_BITS",
142 0x022: "TPM_RC_BAD_AUTH",
143 0x023: "TPM_RC_EXPIRED",
144 0x024: "TPM_RC_POLICY_CC",
145 0x025: "TPM_RC_BINDING",
146 0x026: "TPM_RC_CURVE",
147 0x027: "TPM_RC_ECC_POINT",
148 }
149
150 TPM2_WARN_ERRORS = {
151 0x001: "TPM_RC_CONTEXT_GAP",
152 0x002: "TPM_RC_OBJECT_MEMORY",
153 0x003: "TPM_RC_SESSION_MEMORY",
154 0x004: "TPM_RC_MEMORY",
155 0x005: "TPM_RC_SESSION_HANDLES",
156 0x006: "TPM_RC_OBJECT_HANDLES",
157 0x007: "TPM_RC_LOCALITY",
158 0x008: "TPM_RC_YIELDED",
159 0x009: "TPM_RC_CANCELED",
160 0x00A: "TPM_RC_TESTING",
161 0x010: "TPM_RC_REFERENCE_H0",
162 0x011: "TPM_RC_REFERENCE_H1",
163 0x012: "TPM_RC_REFERENCE_H2",
164 0x013: "TPM_RC_REFERENCE_H3",
165 0x014: "TPM_RC_REFERENCE_H4",
166 0x015: "TPM_RC_REFERENCE_H5",
167 0x016: "TPM_RC_REFERENCE_H6",
168 0x018: "TPM_RC_REFERENCE_S0",
169 0x019: "TPM_RC_REFERENCE_S1",
170 0x01A: "TPM_RC_REFERENCE_S2",
171 0x01B: "TPM_RC_REFERENCE_S3",
172 0x01C: "TPM_RC_REFERENCE_S4",
173 0x01D: "TPM_RC_REFERENCE_S5",
174 0x01E: "TPM_RC_REFERENCE_S6",
175 0x020: "TPM_RC_NV_RATE",
176 0x021: "TPM_RC_LOCKOUT",
177 0x022: "TPM_RC_RETRY",
178 0x023: "TPM_RC_NV_UNAVAILABLE",
179 0x7F: "TPM_RC_NOT_USED",
180 }
181
182 RC_VER1 = 0x100
183 RC_FMT1 = 0x080
184 RC_WARN = 0x900
185
186 ALG_DIGEST_SIZE_MAP = {
187 TPM2_ALG_SHA1: SHA1_DIGEST_SIZE,
188 TPM2_ALG_SHA256: SHA256_DIGEST_SIZE,
189 }
190
191 ALG_HASH_FUNCTION_MAP = {
192 TPM2_ALG_SHA1: hashlib.sha1,
193 TPM2_ALG_SHA256: hashlib.sha256
194 }
195
196 NAME_ALG_MAP = {
197 "sha1": TPM2_ALG_SHA1,
198 "sha256": TPM2_ALG_SHA256,
199 }
200
201
202 class UnknownAlgorithmIdError(Exception):
203 def __init__(self, alg):
204 self.alg = alg
205
206 def __str__(self):
207 return '0x%0x' % (alg)
208
209
210 class UnknownAlgorithmNameError(Exception):
211 def __init__(self, name):
212 self.name = name
213
214 def __str__(self):
215 return name
216
217
218 class UnknownPCRBankError(Exception):
219 def __init__(self, alg):
220 self.alg = alg
221
222 def __str__(self):
223 return '0x%0x' % (alg)
224
225
226 class ProtocolError(Exception):
227 def __init__(self, cc, rc):
228 self.cc = cc
229 self.rc = rc
230
231 if (rc & RC_FMT1) == RC_FMT1:
232 self.name = TPM2_FMT1_ERRORS.get(rc & 0x3f, "TPM_RC_UNKNOWN")
233 elif (rc & RC_WARN) == RC_WARN:
234 self.name = TPM2_WARN_ERRORS.get(rc & 0x7f, "TPM_RC_UNKNOWN")
235 elif (rc & RC_VER1) == RC_VER1:
236 self.name = TPM2_VER1_ERRORS.get(rc & 0x7f, "TPM_RC_UNKNOWN")
237 else:
238 self.name = TPM2_VER0_ERRORS.get(rc & 0x7f, "TPM_RC_UNKNOWN")
239
240 def __str__(self):
241 if self.cc:
242 return '%s: cc=0x%08x, rc=0x%08x' % (self.name, self.cc, self.rc)
243 else:
244 return '%s: rc=0x%08x' % (self.name, self.rc)
245
246
247 class AuthCommand(object):
248 """TPMS_AUTH_COMMAND"""
249
250 def __init__(self, session_handle=TPM2_RS_PW, nonce='', session_attributes=0,
251 hmac=''):
252 self.session_handle = session_handle
253 self.nonce = nonce
254 self.session_attributes = session_attributes
255 self.hmac = hmac
256
257 def __str__(self):
258 fmt = '>I H%us B H%us' % (len(self.nonce), len(self.hmac))
259 return struct.pack(fmt, self.session_handle, len(self.nonce),
260 self.nonce, self.session_attributes, len(self.hmac),
261 self.hmac)
262
263 def __len__(self):
264 fmt = '>I H%us B H%us' % (len(self.nonce), len(self.hmac))
265 return struct.calcsize(fmt)
266
267
268 class SensitiveCreate(object):
269 """TPMS_SENSITIVE_CREATE"""
270
271 def __init__(self, user_auth='', data=''):
272 self.user_auth = user_auth
273 self.data = data
274
275 def __str__(self):
276 fmt = '>H%us H%us' % (len(self.user_auth), len(self.data))
277 return struct.pack(fmt, len(self.user_auth), self.user_auth,
278 len(self.data), self.data)
279
280 def __len__(self):
281 fmt = '>H%us H%us' % (len(self.user_auth), len(self.data))
282 return struct.calcsize(fmt)
283
284
285 class Public(object):
286 """TPMT_PUBLIC"""
287
288 FIXED_TPM = (1 << 1)
289 FIXED_PARENT = (1 << 4)
290 SENSITIVE_DATA_ORIGIN = (1 << 5)
291 USER_WITH_AUTH = (1 << 6)
292 RESTRICTED = (1 << 16)
293 DECRYPT = (1 << 17)
294
295 def __fmt(self):
296 return '>HHIH%us%usH%us' % \
297 (len(self.auth_policy), len(self.parameters), len(self.unique))
298
299 def __init__(self, object_type, name_alg, object_attributes, auth_policy='',
300 parameters='', unique=''):
301 self.object_type = object_type
302 self.name_alg = name_alg
303 self.object_attributes = object_attributes
304 self.auth_policy = auth_policy
305 self.parameters = parameters
306 self.unique = unique
307
308 def __str__(self):
309 return struct.pack(self.__fmt(),
310 self.object_type,
311 self.name_alg,
312 self.object_attributes,
313 len(self.auth_policy),
314 self.auth_policy,
315 self.parameters,
316 len(self.unique),
317 self.unique)
318
319 def __len__(self):
320 return struct.calcsize(self.__fmt())
321
322
323 def get_digest_size(alg):
324 ds = ALG_DIGEST_SIZE_MAP.get(alg)
325 if not ds:
326 raise UnknownAlgorithmIdError(alg)
327 return ds
328
329
330 def get_hash_function(alg):
331 f = ALG_HASH_FUNCTION_MAP.get(alg)
332 if not f:
333 raise UnknownAlgorithmIdError(alg)
334 return f
335
336
337 def get_algorithm(name):
338 alg = NAME_ALG_MAP.get(name)
339 if not alg:
340 raise UnknownAlgorithmNameError(name)
341 return alg
342
343
344 def hex_dump(d):
345 d = [format(ord(x), '02x') for x in d]
346 d = [d[i: i + 16] for i in xrange(0, len(d), 16)]
347 d = [' '.join(x) for x in d]
348 d = os.linesep.join(d)
349
350 return d
351
352 class Client:
353 FLAG_DEBUG = 0x01
354 FLAG_SPACE = 0x02
355 FLAG_NONBLOCK = 0x04
356 TPM_IOC_NEW_SPACE = 0xa200
357
358 def __init__(self, flags = 0):
359 self.flags = flags
360
361 if (self.flags & Client.FLAG_SPACE) == 0:
362 self.tpm = open('/dev/tpm0', 'r+b', buffering=0)
363 else:
364 self.tpm = open('/dev/tpmrm0', 'r+b', buffering=0)
365
366 if (self.flags & Client.FLAG_NONBLOCK):
367 flags = fcntl.fcntl(self.tpm, fcntl.F_GETFL)
368 flags |= os.O_NONBLOCK
369 fcntl.fcntl(self.tpm, fcntl.F_SETFL, flags)
370 self.tpm_poll = select.poll()
371
372 def close(self):
373 self.tpm.close()
374
375 def send_cmd(self, cmd):
376 self.tpm.write(cmd)
377
378 if (self.flags & Client.FLAG_NONBLOCK):
379 self.tpm_poll.register(self.tpm, select.POLLIN)
380 self.tpm_poll.poll(10000)
381
382 rsp = self.tpm.read()
383
384 if (self.flags & Client.FLAG_NONBLOCK):
385 self.tpm_poll.unregister(self.tpm)
386
387 if (self.flags & Client.FLAG_DEBUG) != 0:
388 sys.stderr.write('cmd' + os.linesep)
389 sys.stderr.write(hex_dump(cmd) + os.linesep)
390 sys.stderr.write('rsp' + os.linesep)
391 sys.stderr.write(hex_dump(rsp) + os.linesep)
392
393 rc = struct.unpack('>I', rsp[6:10])[0]
394 if rc != 0:
395 cc = struct.unpack('>I', cmd[6:10])[0]
396 raise ProtocolError(cc, rc)
397
398 return rsp
399
400 def read_pcr(self, i, bank_alg = TPM2_ALG_SHA1):
401 pcrsel_len = max((i >> 3) + 1, 3)
402 pcrsel = [0] * pcrsel_len
403 pcrsel[i >> 3] = 1 << (i & 7)
404 pcrsel = ''.join(map(chr, pcrsel))
405
406 fmt = '>HII IHB%us' % (pcrsel_len)
407 cmd = struct.pack(fmt,
408 TPM2_ST_NO_SESSIONS,
409 struct.calcsize(fmt),
410 TPM2_CC_PCR_READ,
411 1,
412 bank_alg,
413 pcrsel_len, pcrsel)
414
415 rsp = self.send_cmd(cmd)
416
417 pcr_update_cnt, pcr_select_cnt = struct.unpack('>II', rsp[10:18])
418 assert pcr_select_cnt == 1
419 rsp = rsp[18:]
420
421 alg2, pcrsel_len2 = struct.unpack('>HB', rsp[:3])
422 assert bank_alg == alg2 and pcrsel_len == pcrsel_len2
423 rsp = rsp[3 + pcrsel_len:]
424
425 digest_cnt = struct.unpack('>I', rsp[:4])[0]
426 if digest_cnt == 0:
427 return None
428 rsp = rsp[6:]
429
430 return rsp
431
432 def extend_pcr(self, i, dig, bank_alg = TPM2_ALG_SHA1):
433 ds = get_digest_size(bank_alg)
434 assert(ds == len(dig))
435
436 auth_cmd = AuthCommand()
437
438 fmt = '>HII I I%us IH%us' % (len(auth_cmd), ds)
439 cmd = struct.pack(
440 fmt,
441 TPM2_ST_SESSIONS,
442 struct.calcsize(fmt),
443 TPM2_CC_PCR_EXTEND,
444 i,
445 len(auth_cmd),
446 str(auth_cmd),
447 1, bank_alg, dig)
448
449 self.send_cmd(cmd)
450
451 def start_auth_session(self, session_type, name_alg = TPM2_ALG_SHA1):
452 fmt = '>HII IIH16sHBHH'
453 cmd = struct.pack(fmt,
454 TPM2_ST_NO_SESSIONS,
455 struct.calcsize(fmt),
456 TPM2_CC_START_AUTH_SESSION,
457 TPM2_RH_NULL,
458 TPM2_RH_NULL,
459 16,
460 '\0' * 16,
461 0,
462 session_type,
463 TPM2_ALG_NULL,
464 name_alg)
465
466 return struct.unpack('>I', self.send_cmd(cmd)[10:14])[0]
467
468 def __calc_pcr_digest(self, pcrs, bank_alg = TPM2_ALG_SHA1,
469 digest_alg = TPM2_ALG_SHA1):
470 x = []
471 f = get_hash_function(digest_alg)
472
473 for i in pcrs:
474 pcr = self.read_pcr(i, bank_alg)
475 if pcr == None:
476 return None
477 x += pcr
478
479 return f(bytearray(x)).digest()
480
481 def policy_pcr(self, handle, pcrs, bank_alg = TPM2_ALG_SHA1,
482 name_alg = TPM2_ALG_SHA1):
483 ds = get_digest_size(name_alg)
484 dig = self.__calc_pcr_digest(pcrs, bank_alg, name_alg)
485 if not dig:
486 raise UnknownPCRBankError(bank_alg)
487
488 pcrsel_len = max((max(pcrs) >> 3) + 1, 3)
489 pcrsel = [0] * pcrsel_len
490 for i in pcrs:
491 pcrsel[i >> 3] |= 1 << (i & 7)
492 pcrsel = ''.join(map(chr, pcrsel))
493
494 fmt = '>HII IH%usIHB3s' % ds
495 cmd = struct.pack(fmt,
496 TPM2_ST_NO_SESSIONS,
497 struct.calcsize(fmt),
498 TPM2_CC_POLICY_PCR,
499 handle,
500 len(dig), str(dig),
501 1,
502 bank_alg,
503 pcrsel_len, pcrsel)
504
505 self.send_cmd(cmd)
506
507 def policy_password(self, handle):
508 fmt = '>HII I'
509 cmd = struct.pack(fmt,
510 TPM2_ST_NO_SESSIONS,
511 struct.calcsize(fmt),
512 TPM2_CC_POLICY_PASSWORD,
513 handle)
514
515 self.send_cmd(cmd)
516
517 def get_policy_digest(self, handle):
518 fmt = '>HII I'
519 cmd = struct.pack(fmt,
520 TPM2_ST_NO_SESSIONS,
521 struct.calcsize(fmt),
522 TPM2_CC_POLICY_GET_DIGEST,
523 handle)
524
525 return self.send_cmd(cmd)[12:]
526
527 def flush_context(self, handle):
528 fmt = '>HIII'
529 cmd = struct.pack(fmt,
530 TPM2_ST_NO_SESSIONS,
531 struct.calcsize(fmt),
532 TPM2_CC_FLUSH_CONTEXT,
533 handle)
534
535 self.send_cmd(cmd)
536
537 def create_root_key(self, auth_value = ''):
538 attributes = \
539 Public.FIXED_TPM | \
540 Public.FIXED_PARENT | \
541 Public.SENSITIVE_DATA_ORIGIN | \
542 Public.USER_WITH_AUTH | \
543 Public.RESTRICTED | \
544 Public.DECRYPT
545
546 auth_cmd = AuthCommand()
547 sensitive = SensitiveCreate(user_auth=auth_value)
548
549 public_parms = struct.pack(
550 '>HHHHHI',
551 TPM2_ALG_AES,
552 128,
553 TPM2_ALG_CFB,
554 TPM2_ALG_NULL,
555 2048,
556 0)
557
558 public = Public(
559 object_type=TPM2_ALG_RSA,
560 name_alg=TPM2_ALG_SHA1,
561 object_attributes=attributes,
562 parameters=public_parms)
563
564 fmt = '>HIII I%us H%us H%us HI' % \
565 (len(auth_cmd), len(sensitive), len(public))
566 cmd = struct.pack(
567 fmt,
568 TPM2_ST_SESSIONS,
569 struct.calcsize(fmt),
570 TPM2_CC_CREATE_PRIMARY,
571 TPM2_RH_OWNER,
572 len(auth_cmd),
573 str(auth_cmd),
574 len(sensitive),
575 str(sensitive),
576 len(public),
577 str(public),
578 0, 0)
579
580 return struct.unpack('>I', self.send_cmd(cmd)[10:14])[0]
581
582 def seal(self, parent_key, data, auth_value, policy_dig,
583 name_alg = TPM2_ALG_SHA1):
584 ds = get_digest_size(name_alg)
585 assert(not policy_dig or ds == len(policy_dig))
586
587 attributes = 0
588 if not policy_dig:
589 attributes |= Public.USER_WITH_AUTH
590 policy_dig = ''
591
592 auth_cmd = AuthCommand()
593 sensitive = SensitiveCreate(user_auth=auth_value, data=data)
594
595 public = Public(
596 object_type=TPM2_ALG_KEYEDHASH,
597 name_alg=name_alg,
598 object_attributes=attributes,
599 auth_policy=policy_dig,
600 parameters=struct.pack('>H', TPM2_ALG_NULL))
601
602 fmt = '>HIII I%us H%us H%us HI' % \
603 (len(auth_cmd), len(sensitive), len(public))
604 cmd = struct.pack(
605 fmt,
606 TPM2_ST_SESSIONS,
607 struct.calcsize(fmt),
608 TPM2_CC_CREATE,
609 parent_key,
610 len(auth_cmd),
611 str(auth_cmd),
612 len(sensitive),
613 str(sensitive),
614 len(public),
615 str(public),
616 0, 0)
617
618 rsp = self.send_cmd(cmd)
619
620 return rsp[14:]
621
622 def unseal(self, parent_key, blob, auth_value, policy_handle):
623 private_len = struct.unpack('>H', blob[0:2])[0]
624 public_start = private_len + 2
625 public_len = struct.unpack('>H', blob[public_start:public_start + 2])[0]
626 blob = blob[:private_len + public_len + 4]
627
628 auth_cmd = AuthCommand()
629
630 fmt = '>HII I I%us %us' % (len(auth_cmd), len(blob))
631 cmd = struct.pack(
632 fmt,
633 TPM2_ST_SESSIONS,
634 struct.calcsize(fmt),
635 TPM2_CC_LOAD,
636 parent_key,
637 len(auth_cmd),
638 str(auth_cmd),
639 blob)
640
641 data_handle = struct.unpack('>I', self.send_cmd(cmd)[10:14])[0]
642
643 if policy_handle:
644 auth_cmd = AuthCommand(session_handle=policy_handle, hmac=auth_value)
645 else:
646 auth_cmd = AuthCommand(hmac=auth_value)
647
648 fmt = '>HII I I%us' % (len(auth_cmd))
649 cmd = struct.pack(
650 fmt,
651 TPM2_ST_SESSIONS,
652 struct.calcsize(fmt),
653 TPM2_CC_UNSEAL,
654 data_handle,
655 len(auth_cmd),
656 str(auth_cmd))
657
658 try:
659 rsp = self.send_cmd(cmd)
660 finally:
661 self.flush_context(data_handle)
662
663 data_len = struct.unpack('>I', rsp[10:14])[0] - 2
664
665 return rsp[16:16 + data_len]
666
667 def reset_da_lock(self):
668 auth_cmd = AuthCommand()
669
670 fmt = '>HII I I%us' % (len(auth_cmd))
671 cmd = struct.pack(
672 fmt,
673 TPM2_ST_SESSIONS,
674 struct.calcsize(fmt),
675 TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET,
676 TPM2_RH_LOCKOUT,
677 len(auth_cmd),
678 str(auth_cmd))
679
680 self.send_cmd(cmd)
681
682 def __get_cap_cnt(self, cap, pt, cnt):
683 handles = []
684 fmt = '>HII III'
685
686 cmd = struct.pack(fmt,
687 TPM2_ST_NO_SESSIONS,
688 struct.calcsize(fmt),
689 TPM2_CC_GET_CAPABILITY,
690 cap, pt, cnt)
691
692 rsp = self.send_cmd(cmd)[10:]
693 more_data, cap, cnt = struct.unpack('>BII', rsp[:9])
694 rsp = rsp[9:]
695
696 for i in xrange(0, cnt):
697 handle = struct.unpack('>I', rsp[:4])[0]
698 handles.append(handle)
699 rsp = rsp[4:]
700
701 return handles, more_data
702
703 def get_cap(self, cap, pt):
704 handles = []
705
706 more_data = True
707 while more_data:
708 next_handles, more_data = self.__get_cap_cnt(cap, pt, 1)
709 handles += next_handles
710 pt += 1
711
712 return handles
Linux with added FPC-III support