~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/tpm2/tpm2.py

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /tools/testing/selftests/tpm2/tpm2.py (Version linux-6.12-rc7) and /tools/testing/selftests/tpm2/tpm2.py (Version linux-6.11.7)


  1 # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-C      1 # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
  2                                                     2 
  3 import hashlib                                      3 import hashlib
  4 import os                                           4 import os
  5 import socket                                       5 import socket
  6 import struct                                       6 import struct
  7 import sys                                          7 import sys
  8 import unittest                                     8 import unittest
  9 import fcntl                                        9 import fcntl
 10 import select                                      10 import select
 11                                                    11 
 12 TPM2_ST_NO_SESSIONS = 0x8001                       12 TPM2_ST_NO_SESSIONS = 0x8001
 13 TPM2_ST_SESSIONS = 0x8002                          13 TPM2_ST_SESSIONS = 0x8002
 14                                                    14 
 15 TPM2_CC_FIRST = 0x01FF                             15 TPM2_CC_FIRST = 0x01FF
 16                                                    16 
 17 TPM2_CC_CREATE_PRIMARY = 0x0131                    17 TPM2_CC_CREATE_PRIMARY = 0x0131
 18 TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET = 0x0139      18 TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET = 0x0139
 19 TPM2_CC_CREATE = 0x0153                            19 TPM2_CC_CREATE = 0x0153
 20 TPM2_CC_LOAD = 0x0157                              20 TPM2_CC_LOAD = 0x0157
 21 TPM2_CC_UNSEAL = 0x015E                            21 TPM2_CC_UNSEAL = 0x015E
 22 TPM2_CC_FLUSH_CONTEXT = 0x0165                     22 TPM2_CC_FLUSH_CONTEXT = 0x0165
 23 TPM2_CC_START_AUTH_SESSION = 0x0176                23 TPM2_CC_START_AUTH_SESSION = 0x0176
 24 TPM2_CC_GET_CAPABILITY  = 0x017A                   24 TPM2_CC_GET_CAPABILITY  = 0x017A
 25 TPM2_CC_GET_RANDOM = 0x017B                        25 TPM2_CC_GET_RANDOM = 0x017B
 26 TPM2_CC_PCR_READ = 0x017E                          26 TPM2_CC_PCR_READ = 0x017E
 27 TPM2_CC_POLICY_PCR = 0x017F                        27 TPM2_CC_POLICY_PCR = 0x017F
 28 TPM2_CC_PCR_EXTEND = 0x0182                        28 TPM2_CC_PCR_EXTEND = 0x0182
 29 TPM2_CC_POLICY_PASSWORD = 0x018C                   29 TPM2_CC_POLICY_PASSWORD = 0x018C
 30 TPM2_CC_POLICY_GET_DIGEST = 0x0189                 30 TPM2_CC_POLICY_GET_DIGEST = 0x0189
 31                                                    31 
 32 TPM2_SE_POLICY = 0x01                              32 TPM2_SE_POLICY = 0x01
 33 TPM2_SE_TRIAL = 0x03                               33 TPM2_SE_TRIAL = 0x03
 34                                                    34 
 35 TPM2_ALG_RSA = 0x0001                              35 TPM2_ALG_RSA = 0x0001
 36 TPM2_ALG_SHA1 = 0x0004                             36 TPM2_ALG_SHA1 = 0x0004
 37 TPM2_ALG_AES = 0x0006                              37 TPM2_ALG_AES = 0x0006
 38 TPM2_ALG_KEYEDHASH = 0x0008                        38 TPM2_ALG_KEYEDHASH = 0x0008
 39 TPM2_ALG_SHA256 = 0x000B                           39 TPM2_ALG_SHA256 = 0x000B
 40 TPM2_ALG_NULL = 0x0010                             40 TPM2_ALG_NULL = 0x0010
 41 TPM2_ALG_CBC = 0x0042                              41 TPM2_ALG_CBC = 0x0042
 42 TPM2_ALG_CFB = 0x0043                              42 TPM2_ALG_CFB = 0x0043
 43                                                    43 
 44 TPM2_RH_OWNER = 0x40000001                         44 TPM2_RH_OWNER = 0x40000001
 45 TPM2_RH_NULL = 0x40000007                          45 TPM2_RH_NULL = 0x40000007
 46 TPM2_RH_LOCKOUT = 0x4000000A                       46 TPM2_RH_LOCKOUT = 0x4000000A
 47 TPM2_RS_PW = 0x40000009                            47 TPM2_RS_PW = 0x40000009
 48                                                    48 
 49 TPM2_RC_SIZE            = 0x01D5                   49 TPM2_RC_SIZE            = 0x01D5
 50 TPM2_RC_AUTH_FAIL       = 0x098E                   50 TPM2_RC_AUTH_FAIL       = 0x098E
 51 TPM2_RC_POLICY_FAIL     = 0x099D                   51 TPM2_RC_POLICY_FAIL     = 0x099D
 52 TPM2_RC_COMMAND_CODE    = 0x0143                   52 TPM2_RC_COMMAND_CODE    = 0x0143
 53                                                    53 
 54 TSS2_RC_LAYER_SHIFT = 16                           54 TSS2_RC_LAYER_SHIFT = 16
 55 TSS2_RESMGR_TPM_RC_LAYER = (11 << TSS2_RC_LAYE     55 TSS2_RESMGR_TPM_RC_LAYER = (11 << TSS2_RC_LAYER_SHIFT)
 56                                                    56 
 57 TPM2_CAP_HANDLES = 0x00000001                      57 TPM2_CAP_HANDLES = 0x00000001
 58 TPM2_CAP_COMMANDS = 0x00000002                     58 TPM2_CAP_COMMANDS = 0x00000002
 59 TPM2_CAP_PCRS = 0x00000005                         59 TPM2_CAP_PCRS = 0x00000005
 60 TPM2_CAP_TPM_PROPERTIES = 0x00000006               60 TPM2_CAP_TPM_PROPERTIES = 0x00000006
 61                                                    61 
 62 TPM2_PT_FIXED = 0x100                              62 TPM2_PT_FIXED = 0x100
 63 TPM2_PT_TOTAL_COMMANDS = TPM2_PT_FIXED + 41        63 TPM2_PT_TOTAL_COMMANDS = TPM2_PT_FIXED + 41
 64                                                    64 
 65 HR_SHIFT = 24                                      65 HR_SHIFT = 24
 66 HR_LOADED_SESSION = 0x02000000                     66 HR_LOADED_SESSION = 0x02000000
 67 HR_TRANSIENT = 0x80000000                          67 HR_TRANSIENT = 0x80000000
 68                                                    68 
 69 SHA1_DIGEST_SIZE = 20                              69 SHA1_DIGEST_SIZE = 20
 70 SHA256_DIGEST_SIZE = 32                            70 SHA256_DIGEST_SIZE = 32
 71                                                    71 
 72 TPM2_VER0_ERRORS = {                               72 TPM2_VER0_ERRORS = {
 73     0x000: "TPM_RC_SUCCESS",                       73     0x000: "TPM_RC_SUCCESS",
 74     0x030: "TPM_RC_BAD_TAG",                       74     0x030: "TPM_RC_BAD_TAG",
 75 }                                                  75 }
 76                                                    76 
 77 TPM2_VER1_ERRORS = {                               77 TPM2_VER1_ERRORS = {
 78     0x000: "TPM_RC_FAILURE",                       78     0x000: "TPM_RC_FAILURE",
 79     0x001: "TPM_RC_FAILURE",                       79     0x001: "TPM_RC_FAILURE",
 80     0x003: "TPM_RC_SEQUENCE",                      80     0x003: "TPM_RC_SEQUENCE",
 81     0x00B: "TPM_RC_PRIVATE",                       81     0x00B: "TPM_RC_PRIVATE",
 82     0x019: "TPM_RC_HMAC",                          82     0x019: "TPM_RC_HMAC",
 83     0x020: "TPM_RC_DISABLED",                      83     0x020: "TPM_RC_DISABLED",
 84     0x021: "TPM_RC_EXCLUSIVE",                     84     0x021: "TPM_RC_EXCLUSIVE",
 85     0x024: "TPM_RC_AUTH_TYPE",                     85     0x024: "TPM_RC_AUTH_TYPE",
 86     0x025: "TPM_RC_AUTH_MISSING",                  86     0x025: "TPM_RC_AUTH_MISSING",
 87     0x026: "TPM_RC_POLICY",                        87     0x026: "TPM_RC_POLICY",
 88     0x027: "TPM_RC_PCR",                           88     0x027: "TPM_RC_PCR",
 89     0x028: "TPM_RC_PCR_CHANGED",                   89     0x028: "TPM_RC_PCR_CHANGED",
 90     0x02D: "TPM_RC_UPGRADE",                       90     0x02D: "TPM_RC_UPGRADE",
 91     0x02E: "TPM_RC_TOO_MANY_CONTEXTS",             91     0x02E: "TPM_RC_TOO_MANY_CONTEXTS",
 92     0x02F: "TPM_RC_AUTH_UNAVAILABLE",              92     0x02F: "TPM_RC_AUTH_UNAVAILABLE",
 93     0x030: "TPM_RC_REBOOT",                        93     0x030: "TPM_RC_REBOOT",
 94     0x031: "TPM_RC_UNBALANCED",                    94     0x031: "TPM_RC_UNBALANCED",
 95     0x042: "TPM_RC_COMMAND_SIZE",                  95     0x042: "TPM_RC_COMMAND_SIZE",
 96     0x043: "TPM_RC_COMMAND_CODE",                  96     0x043: "TPM_RC_COMMAND_CODE",
 97     0x044: "TPM_RC_AUTHSIZE",                      97     0x044: "TPM_RC_AUTHSIZE",
 98     0x045: "TPM_RC_AUTH_CONTEXT",                  98     0x045: "TPM_RC_AUTH_CONTEXT",
 99     0x046: "TPM_RC_NV_RANGE",                      99     0x046: "TPM_RC_NV_RANGE",
100     0x047: "TPM_RC_NV_SIZE",                      100     0x047: "TPM_RC_NV_SIZE",
101     0x048: "TPM_RC_NV_LOCKED",                    101     0x048: "TPM_RC_NV_LOCKED",
102     0x049: "TPM_RC_NV_AUTHORIZATION",             102     0x049: "TPM_RC_NV_AUTHORIZATION",
103     0x04A: "TPM_RC_NV_UNINITIALIZED",             103     0x04A: "TPM_RC_NV_UNINITIALIZED",
104     0x04B: "TPM_RC_NV_SPACE",                     104     0x04B: "TPM_RC_NV_SPACE",
105     0x04C: "TPM_RC_NV_DEFINED",                   105     0x04C: "TPM_RC_NV_DEFINED",
106     0x050: "TPM_RC_BAD_CONTEXT",                  106     0x050: "TPM_RC_BAD_CONTEXT",
107     0x051: "TPM_RC_CPHASH",                       107     0x051: "TPM_RC_CPHASH",
108     0x052: "TPM_RC_PARENT",                       108     0x052: "TPM_RC_PARENT",
109     0x053: "TPM_RC_NEEDS_TEST",                   109     0x053: "TPM_RC_NEEDS_TEST",
110     0x054: "TPM_RC_NO_RESULT",                    110     0x054: "TPM_RC_NO_RESULT",
111     0x055: "TPM_RC_SENSITIVE",                    111     0x055: "TPM_RC_SENSITIVE",
112     0x07F: "RC_MAX_FM0",                          112     0x07F: "RC_MAX_FM0",
113 }                                                 113 }
114                                                   114 
115 TPM2_FMT1_ERRORS = {                              115 TPM2_FMT1_ERRORS = {
116     0x001: "TPM_RC_ASYMMETRIC",                   116     0x001: "TPM_RC_ASYMMETRIC",
117     0x002: "TPM_RC_ATTRIBUTES",                   117     0x002: "TPM_RC_ATTRIBUTES",
118     0x003: "TPM_RC_HASH",                         118     0x003: "TPM_RC_HASH",
119     0x004: "TPM_RC_VALUE",                        119     0x004: "TPM_RC_VALUE",
120     0x005: "TPM_RC_HIERARCHY",                    120     0x005: "TPM_RC_HIERARCHY",
121     0x007: "TPM_RC_KEY_SIZE",                     121     0x007: "TPM_RC_KEY_SIZE",
122     0x008: "TPM_RC_MGF",                          122     0x008: "TPM_RC_MGF",
123     0x009: "TPM_RC_MODE",                         123     0x009: "TPM_RC_MODE",
124     0x00A: "TPM_RC_TYPE",                         124     0x00A: "TPM_RC_TYPE",
125     0x00B: "TPM_RC_HANDLE",                       125     0x00B: "TPM_RC_HANDLE",
126     0x00C: "TPM_RC_KDF",                          126     0x00C: "TPM_RC_KDF",
127     0x00D: "TPM_RC_RANGE",                        127     0x00D: "TPM_RC_RANGE",
128     0x00E: "TPM_RC_AUTH_FAIL",                    128     0x00E: "TPM_RC_AUTH_FAIL",
129     0x00F: "TPM_RC_NONCE",                        129     0x00F: "TPM_RC_NONCE",
130     0x010: "TPM_RC_PP",                           130     0x010: "TPM_RC_PP",
131     0x012: "TPM_RC_SCHEME",                       131     0x012: "TPM_RC_SCHEME",
132     0x015: "TPM_RC_SIZE",                         132     0x015: "TPM_RC_SIZE",
133     0x016: "TPM_RC_SYMMETRIC",                    133     0x016: "TPM_RC_SYMMETRIC",
134     0x017: "TPM_RC_TAG",                          134     0x017: "TPM_RC_TAG",
135     0x018: "TPM_RC_SELECTOR",                     135     0x018: "TPM_RC_SELECTOR",
136     0x01A: "TPM_RC_INSUFFICIENT",                 136     0x01A: "TPM_RC_INSUFFICIENT",
137     0x01B: "TPM_RC_SIGNATURE",                    137     0x01B: "TPM_RC_SIGNATURE",
138     0x01C: "TPM_RC_KEY",                          138     0x01C: "TPM_RC_KEY",
139     0x01D: "TPM_RC_POLICY_FAIL",                  139     0x01D: "TPM_RC_POLICY_FAIL",
140     0x01F: "TPM_RC_INTEGRITY",                    140     0x01F: "TPM_RC_INTEGRITY",
141     0x020: "TPM_RC_TICKET",                       141     0x020: "TPM_RC_TICKET",
142     0x021: "TPM_RC_RESERVED_BITS",                142     0x021: "TPM_RC_RESERVED_BITS",
143     0x022: "TPM_RC_BAD_AUTH",                     143     0x022: "TPM_RC_BAD_AUTH",
144     0x023: "TPM_RC_EXPIRED",                      144     0x023: "TPM_RC_EXPIRED",
145     0x024: "TPM_RC_POLICY_CC",                    145     0x024: "TPM_RC_POLICY_CC",
146     0x025: "TPM_RC_BINDING",                      146     0x025: "TPM_RC_BINDING",
147     0x026: "TPM_RC_CURVE",                        147     0x026: "TPM_RC_CURVE",
148     0x027: "TPM_RC_ECC_POINT",                    148     0x027: "TPM_RC_ECC_POINT",
149 }                                                 149 }
150                                                   150 
151 TPM2_WARN_ERRORS = {                              151 TPM2_WARN_ERRORS = {
152     0x001: "TPM_RC_CONTEXT_GAP",                  152     0x001: "TPM_RC_CONTEXT_GAP",
153     0x002: "TPM_RC_OBJECT_MEMORY",                153     0x002: "TPM_RC_OBJECT_MEMORY",
154     0x003: "TPM_RC_SESSION_MEMORY",               154     0x003: "TPM_RC_SESSION_MEMORY",
155     0x004: "TPM_RC_MEMORY",                       155     0x004: "TPM_RC_MEMORY",
156     0x005: "TPM_RC_SESSION_HANDLES",              156     0x005: "TPM_RC_SESSION_HANDLES",
157     0x006: "TPM_RC_OBJECT_HANDLES",               157     0x006: "TPM_RC_OBJECT_HANDLES",
158     0x007: "TPM_RC_LOCALITY",                     158     0x007: "TPM_RC_LOCALITY",
159     0x008: "TPM_RC_YIELDED",                      159     0x008: "TPM_RC_YIELDED",
160     0x009: "TPM_RC_CANCELED",                     160     0x009: "TPM_RC_CANCELED",
161     0x00A: "TPM_RC_TESTING",                      161     0x00A: "TPM_RC_TESTING",
162     0x010: "TPM_RC_REFERENCE_H0",                 162     0x010: "TPM_RC_REFERENCE_H0",
163     0x011: "TPM_RC_REFERENCE_H1",                 163     0x011: "TPM_RC_REFERENCE_H1",
164     0x012: "TPM_RC_REFERENCE_H2",                 164     0x012: "TPM_RC_REFERENCE_H2",
165     0x013: "TPM_RC_REFERENCE_H3",                 165     0x013: "TPM_RC_REFERENCE_H3",
166     0x014: "TPM_RC_REFERENCE_H4",                 166     0x014: "TPM_RC_REFERENCE_H4",
167     0x015: "TPM_RC_REFERENCE_H5",                 167     0x015: "TPM_RC_REFERENCE_H5",
168     0x016: "TPM_RC_REFERENCE_H6",                 168     0x016: "TPM_RC_REFERENCE_H6",
169     0x018: "TPM_RC_REFERENCE_S0",                 169     0x018: "TPM_RC_REFERENCE_S0",
170     0x019: "TPM_RC_REFERENCE_S1",                 170     0x019: "TPM_RC_REFERENCE_S1",
171     0x01A: "TPM_RC_REFERENCE_S2",                 171     0x01A: "TPM_RC_REFERENCE_S2",
172     0x01B: "TPM_RC_REFERENCE_S3",                 172     0x01B: "TPM_RC_REFERENCE_S3",
173     0x01C: "TPM_RC_REFERENCE_S4",                 173     0x01C: "TPM_RC_REFERENCE_S4",
174     0x01D: "TPM_RC_REFERENCE_S5",                 174     0x01D: "TPM_RC_REFERENCE_S5",
175     0x01E: "TPM_RC_REFERENCE_S6",                 175     0x01E: "TPM_RC_REFERENCE_S6",
176     0x020: "TPM_RC_NV_RATE",                      176     0x020: "TPM_RC_NV_RATE",
177     0x021: "TPM_RC_LOCKOUT",                      177     0x021: "TPM_RC_LOCKOUT",
178     0x022: "TPM_RC_RETRY",                        178     0x022: "TPM_RC_RETRY",
179     0x023: "TPM_RC_NV_UNAVAILABLE",               179     0x023: "TPM_RC_NV_UNAVAILABLE",
180     0x7F: "TPM_RC_NOT_USED",                      180     0x7F: "TPM_RC_NOT_USED",
181 }                                                 181 }
182                                                   182 
183 RC_VER1 = 0x100                                   183 RC_VER1 = 0x100
184 RC_FMT1 = 0x080                                   184 RC_FMT1 = 0x080
185 RC_WARN = 0x900                                   185 RC_WARN = 0x900
186                                                   186 
187 ALG_DIGEST_SIZE_MAP = {                           187 ALG_DIGEST_SIZE_MAP = {
188     TPM2_ALG_SHA1: SHA1_DIGEST_SIZE,              188     TPM2_ALG_SHA1: SHA1_DIGEST_SIZE,
189     TPM2_ALG_SHA256: SHA256_DIGEST_SIZE,          189     TPM2_ALG_SHA256: SHA256_DIGEST_SIZE,
190 }                                                 190 }
191                                                   191 
192 ALG_HASH_FUNCTION_MAP = {                         192 ALG_HASH_FUNCTION_MAP = {
193     TPM2_ALG_SHA1: hashlib.sha1,                  193     TPM2_ALG_SHA1: hashlib.sha1,
194     TPM2_ALG_SHA256: hashlib.sha256               194     TPM2_ALG_SHA256: hashlib.sha256
195 }                                                 195 }
196                                                   196 
197 NAME_ALG_MAP = {                                  197 NAME_ALG_MAP = {
198     "sha1": TPM2_ALG_SHA1,                        198     "sha1": TPM2_ALG_SHA1,
199     "sha256": TPM2_ALG_SHA256,                    199     "sha256": TPM2_ALG_SHA256,
200 }                                                 200 }
201                                                   201 
202                                                   202 
203 class UnknownAlgorithmIdError(Exception):         203 class UnknownAlgorithmIdError(Exception):
204     def __init__(self, alg):                      204     def __init__(self, alg):
205         self.alg = alg                            205         self.alg = alg
206                                                   206 
207     def __str__(self):                            207     def __str__(self):
208         return '0x%0x' % (alg)                    208         return '0x%0x' % (alg)
209                                                   209 
210                                                   210 
211 class UnknownAlgorithmNameError(Exception):       211 class UnknownAlgorithmNameError(Exception):
212     def __init__(self, name):                     212     def __init__(self, name):
213         self.name = name                          213         self.name = name
214                                                   214 
215     def __str__(self):                            215     def __str__(self):
216         return name                               216         return name
217                                                   217 
218                                                   218 
219 class UnknownPCRBankError(Exception):             219 class UnknownPCRBankError(Exception):
220     def __init__(self, alg):                      220     def __init__(self, alg):
221         self.alg = alg                            221         self.alg = alg
222                                                   222 
223     def __str__(self):                            223     def __str__(self):
224         return '0x%0x' % (alg)                    224         return '0x%0x' % (alg)
225                                                   225 
226                                                   226 
227 class ProtocolError(Exception):                   227 class ProtocolError(Exception):
228     def __init__(self, cc, rc):                   228     def __init__(self, cc, rc):
229         self.cc = cc                              229         self.cc = cc
230         self.rc = rc                              230         self.rc = rc
231                                                   231 
232         if (rc & RC_FMT1) == RC_FMT1:             232         if (rc & RC_FMT1) == RC_FMT1:
233             self.name = TPM2_FMT1_ERRORS.get(r    233             self.name = TPM2_FMT1_ERRORS.get(rc & 0x3f, "TPM_RC_UNKNOWN")
234         elif (rc & RC_WARN) == RC_WARN:           234         elif (rc & RC_WARN) == RC_WARN:
235             self.name = TPM2_WARN_ERRORS.get(r    235             self.name = TPM2_WARN_ERRORS.get(rc & 0x7f, "TPM_RC_UNKNOWN")
236         elif (rc & RC_VER1) == RC_VER1:           236         elif (rc & RC_VER1) == RC_VER1:
237             self.name = TPM2_VER1_ERRORS.get(r    237             self.name = TPM2_VER1_ERRORS.get(rc & 0x7f, "TPM_RC_UNKNOWN")
238         else:                                     238         else:
239             self.name = TPM2_VER0_ERRORS.get(r    239             self.name = TPM2_VER0_ERRORS.get(rc & 0x7f, "TPM_RC_UNKNOWN")
240                                                   240 
241     def __str__(self):                            241     def __str__(self):
242         if self.cc:                               242         if self.cc:
243             return '%s: cc=0x%08x, rc=0x%08x'     243             return '%s: cc=0x%08x, rc=0x%08x' % (self.name, self.cc, self.rc)
244         else:                                     244         else:
245             return '%s: rc=0x%08x' % (self.nam    245             return '%s: rc=0x%08x' % (self.name, self.rc)
246                                                   246 
247                                                   247 
248 class AuthCommand(object):                        248 class AuthCommand(object):
249     """TPMS_AUTH_COMMAND"""                       249     """TPMS_AUTH_COMMAND"""
250                                                   250 
251     def __init__(self, session_handle=TPM2_RS_    251     def __init__(self, session_handle=TPM2_RS_PW, nonce=bytes(),
252                  session_attributes=0, hmac=by    252                  session_attributes=0, hmac=bytes()):
253         self.session_handle = session_handle      253         self.session_handle = session_handle
254         self.nonce = nonce                        254         self.nonce = nonce
255         self.session_attributes = session_attr    255         self.session_attributes = session_attributes
256         self.hmac = hmac                          256         self.hmac = hmac
257                                                   257 
258     def __bytes__(self):                          258     def __bytes__(self):
259         fmt = '>I H%us B H%us' % (len(self.non    259         fmt = '>I H%us B H%us' % (len(self.nonce), len(self.hmac))
260         return struct.pack(fmt, self.session_h    260         return struct.pack(fmt, self.session_handle, len(self.nonce),
261                            self.nonce, self.se    261                            self.nonce, self.session_attributes, len(self.hmac),
262                            self.hmac)             262                            self.hmac)
263                                                   263 
264     def __len__(self):                            264     def __len__(self):
265         fmt = '>I H%us B H%us' % (len(self.non    265         fmt = '>I H%us B H%us' % (len(self.nonce), len(self.hmac))
266         return struct.calcsize(fmt)               266         return struct.calcsize(fmt)
267                                                   267 
268                                                   268 
269 class SensitiveCreate(object):                    269 class SensitiveCreate(object):
270     """TPMS_SENSITIVE_CREATE"""                   270     """TPMS_SENSITIVE_CREATE"""
271                                                   271 
272     def __init__(self, user_auth=bytes(), data    272     def __init__(self, user_auth=bytes(), data=bytes()):
273         self.user_auth = user_auth                273         self.user_auth = user_auth
274         self.data = data                          274         self.data = data
275                                                   275 
276     def __bytes__(self):                          276     def __bytes__(self):
277         fmt = '>H%us H%us' % (len(self.user_au    277         fmt = '>H%us H%us' % (len(self.user_auth), len(self.data))
278         return struct.pack(fmt, len(self.user_    278         return struct.pack(fmt, len(self.user_auth), self.user_auth,
279                            len(self.data), sel    279                            len(self.data), self.data)
280                                                   280 
281     def __len__(self):                            281     def __len__(self):
282         fmt = '>H%us H%us' % (len(self.user_au    282         fmt = '>H%us H%us' % (len(self.user_auth), len(self.data))
283         return struct.calcsize(fmt)               283         return struct.calcsize(fmt)
284                                                   284 
285                                                   285 
286 class Public(object):                             286 class Public(object):
287     """TPMT_PUBLIC"""                             287     """TPMT_PUBLIC"""
288                                                   288 
289     FIXED_TPM = (1 << 1)                          289     FIXED_TPM = (1 << 1)
290     FIXED_PARENT = (1 << 4)                       290     FIXED_PARENT = (1 << 4)
291     SENSITIVE_DATA_ORIGIN = (1 << 5)              291     SENSITIVE_DATA_ORIGIN = (1 << 5)
292     USER_WITH_AUTH = (1 << 6)                     292     USER_WITH_AUTH = (1 << 6)
293     RESTRICTED = (1 << 16)                        293     RESTRICTED = (1 << 16)
294     DECRYPT = (1 << 17)                           294     DECRYPT = (1 << 17)
295                                                   295 
296     def __fmt(self):                              296     def __fmt(self):
297         return '>HHIH%us%usH%us' % \              297         return '>HHIH%us%usH%us' % \
298             (len(self.auth_policy), len(self.p    298             (len(self.auth_policy), len(self.parameters), len(self.unique))
299                                                   299 
300     def __init__(self, object_type, name_alg,     300     def __init__(self, object_type, name_alg, object_attributes,
301                  auth_policy=bytes(), paramete    301                  auth_policy=bytes(), parameters=bytes(),
302                  unique=bytes()):                 302                  unique=bytes()):
303         self.object_type = object_type            303         self.object_type = object_type
304         self.name_alg = name_alg                  304         self.name_alg = name_alg
305         self.object_attributes = object_attrib    305         self.object_attributes = object_attributes
306         self.auth_policy = auth_policy            306         self.auth_policy = auth_policy
307         self.parameters = parameters              307         self.parameters = parameters
308         self.unique = unique                      308         self.unique = unique
309                                                   309 
310     def __bytes__(self):                          310     def __bytes__(self):
311         return struct.pack(self.__fmt(),          311         return struct.pack(self.__fmt(),
312                            self.object_type,      312                            self.object_type,
313                            self.name_alg,         313                            self.name_alg,
314                            self.object_attribu    314                            self.object_attributes,
315                            len(self.auth_polic    315                            len(self.auth_policy),
316                            self.auth_policy,      316                            self.auth_policy,
317                            self.parameters,       317                            self.parameters,
318                            len(self.unique),      318                            len(self.unique),
319                            self.unique)           319                            self.unique)
320                                                   320 
321     def __len__(self):                            321     def __len__(self):
322         return struct.calcsize(self.__fmt())      322         return struct.calcsize(self.__fmt())
323                                                   323 
324                                                   324 
325 def get_digest_size(alg):                         325 def get_digest_size(alg):
326     ds = ALG_DIGEST_SIZE_MAP.get(alg)             326     ds = ALG_DIGEST_SIZE_MAP.get(alg)
327     if not ds:                                    327     if not ds:
328         raise UnknownAlgorithmIdError(alg)        328         raise UnknownAlgorithmIdError(alg)
329     return ds                                     329     return ds
330                                                   330 
331                                                   331 
332 def get_hash_function(alg):                       332 def get_hash_function(alg):
333     f = ALG_HASH_FUNCTION_MAP.get(alg)            333     f = ALG_HASH_FUNCTION_MAP.get(alg)
334     if not f:                                     334     if not f:
335         raise UnknownAlgorithmIdError(alg)        335         raise UnknownAlgorithmIdError(alg)
336     return f                                      336     return f
337                                                   337 
338                                                   338 
339 def get_algorithm(name):                          339 def get_algorithm(name):
340     alg = NAME_ALG_MAP.get(name)                  340     alg = NAME_ALG_MAP.get(name)
341     if not alg:                                   341     if not alg:
342         raise UnknownAlgorithmNameError(name)     342         raise UnknownAlgorithmNameError(name)
343     return alg                                    343     return alg
344                                                   344 
345                                                   345 
346 def hex_dump(d):                                  346 def hex_dump(d):
347     d = [format(x, '02x') for x in d]             347     d = [format(x, '02x') for x in d]
348     d = [d[i: i + 16] for i in range(0, len(d)    348     d = [d[i: i + 16] for i in range(0, len(d), 16)]
349     d = [' '.join(x) for x in d]                  349     d = [' '.join(x) for x in d]
350     d = os.linesep.join(d)                        350     d = os.linesep.join(d)
351                                                   351 
352     return d                                      352     return d
353                                                   353 
354 class Client:                                     354 class Client:
355     FLAG_DEBUG = 0x01                             355     FLAG_DEBUG = 0x01
356     FLAG_SPACE = 0x02                             356     FLAG_SPACE = 0x02
357     FLAG_NONBLOCK = 0x04                          357     FLAG_NONBLOCK = 0x04
358     TPM_IOC_NEW_SPACE = 0xa200                    358     TPM_IOC_NEW_SPACE = 0xa200
359                                                   359 
360     def __init__(self, flags = 0):                360     def __init__(self, flags = 0):
361         self.flags = flags                        361         self.flags = flags
362                                                   362 
363         if (self.flags & Client.FLAG_SPACE) ==    363         if (self.flags & Client.FLAG_SPACE) == 0:
364             self.tpm = open('/dev/tpm0', 'r+b'    364             self.tpm = open('/dev/tpm0', 'r+b', buffering=0)
365         else:                                     365         else:
366             self.tpm = open('/dev/tpmrm0', 'r+    366             self.tpm = open('/dev/tpmrm0', 'r+b', buffering=0)
367                                                   367 
368         if (self.flags & Client.FLAG_NONBLOCK)    368         if (self.flags & Client.FLAG_NONBLOCK):
369             flags = fcntl.fcntl(self.tpm, fcnt    369             flags = fcntl.fcntl(self.tpm, fcntl.F_GETFL)
370             flags |= os.O_NONBLOCK                370             flags |= os.O_NONBLOCK
371             fcntl.fcntl(self.tpm, fcntl.F_SETF    371             fcntl.fcntl(self.tpm, fcntl.F_SETFL, flags)
372             self.tpm_poll = select.poll()         372             self.tpm_poll = select.poll()
373                                                   373 
374     def __del__(self):                            374     def __del__(self):
375         if self.tpm:                              375         if self.tpm:
376             self.tpm.close()                      376             self.tpm.close()
377                                                   377 
378     def close(self):                              378     def close(self):
379         self.tpm.close()                          379         self.tpm.close()
380                                                   380 
381     def send_cmd(self, cmd):                      381     def send_cmd(self, cmd):
382         self.tpm.write(cmd)                       382         self.tpm.write(cmd)
383                                                   383 
384         if (self.flags & Client.FLAG_NONBLOCK)    384         if (self.flags & Client.FLAG_NONBLOCK):
385             self.tpm_poll.register(self.tpm, s    385             self.tpm_poll.register(self.tpm, select.POLLIN)
386             self.tpm_poll.poll(10000)             386             self.tpm_poll.poll(10000)
387                                                   387 
388         rsp = self.tpm.read()                     388         rsp = self.tpm.read()
389                                                   389 
390         if (self.flags & Client.FLAG_NONBLOCK)    390         if (self.flags & Client.FLAG_NONBLOCK):
391             self.tpm_poll.unregister(self.tpm)    391             self.tpm_poll.unregister(self.tpm)
392                                                   392 
393         if (self.flags & Client.FLAG_DEBUG) !=    393         if (self.flags & Client.FLAG_DEBUG) != 0:
394             sys.stderr.write('cmd' + os.linese    394             sys.stderr.write('cmd' + os.linesep)
395             sys.stderr.write(hex_dump(cmd) + o    395             sys.stderr.write(hex_dump(cmd) + os.linesep)
396             sys.stderr.write('rsp' + os.linese    396             sys.stderr.write('rsp' + os.linesep)
397             sys.stderr.write(hex_dump(rsp) + o    397             sys.stderr.write(hex_dump(rsp) + os.linesep)
398                                                   398 
399         rc = struct.unpack('>I', rsp[6:10])[0]    399         rc = struct.unpack('>I', rsp[6:10])[0]
400         if rc != 0:                               400         if rc != 0:
401             cc = struct.unpack('>I', cmd[6:10]    401             cc = struct.unpack('>I', cmd[6:10])[0]
402             raise ProtocolError(cc, rc)           402             raise ProtocolError(cc, rc)
403                                                   403 
404         return rsp                                404         return rsp
405                                                   405 
406     def read_pcr(self, i, bank_alg = TPM2_ALG_    406     def read_pcr(self, i, bank_alg = TPM2_ALG_SHA1):
407         pcrsel_len = max((i >> 3) + 1, 3)         407         pcrsel_len = max((i >> 3) + 1, 3)
408         pcrsel = [0] * pcrsel_len                 408         pcrsel = [0] * pcrsel_len
409         pcrsel[i >> 3] = 1 << (i & 7)             409         pcrsel[i >> 3] = 1 << (i & 7)
410         pcrsel = ''.join(map(chr, pcrsel)).enc    410         pcrsel = ''.join(map(chr, pcrsel)).encode()
411                                                   411 
412         fmt = '>HII IHB%us' % (pcrsel_len)        412         fmt = '>HII IHB%us' % (pcrsel_len)
413         cmd = struct.pack(fmt,                    413         cmd = struct.pack(fmt,
414                           TPM2_ST_NO_SESSIONS,    414                           TPM2_ST_NO_SESSIONS,
415                           struct.calcsize(fmt)    415                           struct.calcsize(fmt),
416                           TPM2_CC_PCR_READ,       416                           TPM2_CC_PCR_READ,
417                           1,                      417                           1,
418                           bank_alg,               418                           bank_alg,
419                           pcrsel_len, pcrsel)     419                           pcrsel_len, pcrsel)
420                                                   420 
421         rsp = self.send_cmd(cmd)                  421         rsp = self.send_cmd(cmd)
422                                                   422 
423         pcr_update_cnt, pcr_select_cnt = struc    423         pcr_update_cnt, pcr_select_cnt = struct.unpack('>II', rsp[10:18])
424         assert pcr_select_cnt == 1                424         assert pcr_select_cnt == 1
425         rsp = rsp[18:]                            425         rsp = rsp[18:]
426                                                   426 
427         alg2, pcrsel_len2 = struct.unpack('>HB    427         alg2, pcrsel_len2 = struct.unpack('>HB', rsp[:3])
428         assert bank_alg == alg2 and pcrsel_len    428         assert bank_alg == alg2 and pcrsel_len == pcrsel_len2
429         rsp = rsp[3 + pcrsel_len:]                429         rsp = rsp[3 + pcrsel_len:]
430                                                   430 
431         digest_cnt = struct.unpack('>I', rsp[:    431         digest_cnt = struct.unpack('>I', rsp[:4])[0]
432         if digest_cnt == 0:                       432         if digest_cnt == 0:
433             return None                           433             return None
434         rsp = rsp[6:]                             434         rsp = rsp[6:]
435                                                   435 
436         return rsp                                436         return rsp
437                                                   437 
438     def extend_pcr(self, i, dig, bank_alg = TP    438     def extend_pcr(self, i, dig, bank_alg = TPM2_ALG_SHA1):
439         ds = get_digest_size(bank_alg)            439         ds = get_digest_size(bank_alg)
440         assert(ds == len(dig))                    440         assert(ds == len(dig))
441                                                   441 
442         auth_cmd = AuthCommand()                  442         auth_cmd = AuthCommand()
443                                                   443 
444         fmt = '>HII I I%us IH%us' % (len(auth_    444         fmt = '>HII I I%us IH%us' % (len(auth_cmd), ds)
445         cmd = struct.pack(                        445         cmd = struct.pack(
446             fmt,                                  446             fmt,
447             TPM2_ST_SESSIONS,                     447             TPM2_ST_SESSIONS,
448             struct.calcsize(fmt),                 448             struct.calcsize(fmt),
449             TPM2_CC_PCR_EXTEND,                   449             TPM2_CC_PCR_EXTEND,
450             i,                                    450             i,
451             len(auth_cmd),                        451             len(auth_cmd),
452             bytes(auth_cmd),                      452             bytes(auth_cmd),
453             1, bank_alg, dig)                     453             1, bank_alg, dig)
454                                                   454 
455         self.send_cmd(cmd)                        455         self.send_cmd(cmd)
456                                                   456 
457     def start_auth_session(self, session_type,    457     def start_auth_session(self, session_type, name_alg = TPM2_ALG_SHA1):
458         fmt = '>HII IIH16sHBHH'                   458         fmt = '>HII IIH16sHBHH'
459         cmd = struct.pack(fmt,                    459         cmd = struct.pack(fmt,
460                           TPM2_ST_NO_SESSIONS,    460                           TPM2_ST_NO_SESSIONS,
461                           struct.calcsize(fmt)    461                           struct.calcsize(fmt),
462                           TPM2_CC_START_AUTH_S    462                           TPM2_CC_START_AUTH_SESSION,
463                           TPM2_RH_NULL,           463                           TPM2_RH_NULL,
464                           TPM2_RH_NULL,           464                           TPM2_RH_NULL,
465                           16,                     465                           16,
466                           ('\0' * 16).encode()    466                           ('\0' * 16).encode(),
467                           0,                      467                           0,
468                           session_type,           468                           session_type,
469                           TPM2_ALG_NULL,          469                           TPM2_ALG_NULL,
470                           name_alg)               470                           name_alg)
471                                                   471 
472         return struct.unpack('>I', self.send_c    472         return struct.unpack('>I', self.send_cmd(cmd)[10:14])[0]
473                                                   473 
474     def __calc_pcr_digest(self, pcrs, bank_alg    474     def __calc_pcr_digest(self, pcrs, bank_alg = TPM2_ALG_SHA1,
475                           digest_alg = TPM2_AL    475                           digest_alg = TPM2_ALG_SHA1):
476         x = []                                    476         x = []
477         f = get_hash_function(digest_alg)         477         f = get_hash_function(digest_alg)
478                                                   478 
479         for i in pcrs:                            479         for i in pcrs:
480             pcr = self.read_pcr(i, bank_alg)      480             pcr = self.read_pcr(i, bank_alg)
481             if pcr is None:                       481             if pcr is None:
482                 return None                       482                 return None
483             x += pcr                              483             x += pcr
484                                                   484 
485         return f(bytearray(x)).digest()           485         return f(bytearray(x)).digest()
486                                                   486 
487     def policy_pcr(self, handle, pcrs, bank_al    487     def policy_pcr(self, handle, pcrs, bank_alg = TPM2_ALG_SHA1,
488                    name_alg = TPM2_ALG_SHA1):     488                    name_alg = TPM2_ALG_SHA1):
489         ds = get_digest_size(name_alg)            489         ds = get_digest_size(name_alg)
490         dig = self.__calc_pcr_digest(pcrs, ban    490         dig = self.__calc_pcr_digest(pcrs, bank_alg, name_alg)
491         if not dig:                               491         if not dig:
492             raise UnknownPCRBankError(bank_alg    492             raise UnknownPCRBankError(bank_alg)
493                                                   493 
494         pcrsel_len = max((max(pcrs) >> 3) + 1,    494         pcrsel_len = max((max(pcrs) >> 3) + 1, 3)
495         pcrsel = [0] * pcrsel_len                 495         pcrsel = [0] * pcrsel_len
496         for i in pcrs:                            496         for i in pcrs:
497             pcrsel[i >> 3] |= 1 << (i & 7)        497             pcrsel[i >> 3] |= 1 << (i & 7)
498         pcrsel = ''.join(map(chr, pcrsel)).enc    498         pcrsel = ''.join(map(chr, pcrsel)).encode()
499                                                   499 
500         fmt = '>HII IH%usIHB3s' % ds              500         fmt = '>HII IH%usIHB3s' % ds
501         cmd = struct.pack(fmt,                    501         cmd = struct.pack(fmt,
502                           TPM2_ST_NO_SESSIONS,    502                           TPM2_ST_NO_SESSIONS,
503                           struct.calcsize(fmt)    503                           struct.calcsize(fmt),
504                           TPM2_CC_POLICY_PCR,     504                           TPM2_CC_POLICY_PCR,
505                           handle,                 505                           handle,
506                           len(dig),               506                           len(dig),
507                           bytes(dig),             507                           bytes(dig),
508                           1,                      508                           1,
509                           bank_alg,               509                           bank_alg,
510                           pcrsel_len, pcrsel)     510                           pcrsel_len, pcrsel)
511                                                   511 
512         self.send_cmd(cmd)                        512         self.send_cmd(cmd)
513                                                   513 
514     def policy_password(self, handle):            514     def policy_password(self, handle):
515         fmt = '>HII I'                            515         fmt = '>HII I'
516         cmd = struct.pack(fmt,                    516         cmd = struct.pack(fmt,
517                           TPM2_ST_NO_SESSIONS,    517                           TPM2_ST_NO_SESSIONS,
518                           struct.calcsize(fmt)    518                           struct.calcsize(fmt),
519                           TPM2_CC_POLICY_PASSW    519                           TPM2_CC_POLICY_PASSWORD,
520                           handle)                 520                           handle)
521                                                   521 
522         self.send_cmd(cmd)                        522         self.send_cmd(cmd)
523                                                   523 
524     def get_policy_digest(self, handle):          524     def get_policy_digest(self, handle):
525         fmt = '>HII I'                            525         fmt = '>HII I'
526         cmd = struct.pack(fmt,                    526         cmd = struct.pack(fmt,
527                           TPM2_ST_NO_SESSIONS,    527                           TPM2_ST_NO_SESSIONS,
528                           struct.calcsize(fmt)    528                           struct.calcsize(fmt),
529                           TPM2_CC_POLICY_GET_D    529                           TPM2_CC_POLICY_GET_DIGEST,
530                           handle)                 530                           handle)
531                                                   531 
532         return self.send_cmd(cmd)[12:]            532         return self.send_cmd(cmd)[12:]
533                                                   533 
534     def flush_context(self, handle):              534     def flush_context(self, handle):
535         fmt = '>HIII'                             535         fmt = '>HIII'
536         cmd = struct.pack(fmt,                    536         cmd = struct.pack(fmt,
537                           TPM2_ST_NO_SESSIONS,    537                           TPM2_ST_NO_SESSIONS,
538                           struct.calcsize(fmt)    538                           struct.calcsize(fmt),
539                           TPM2_CC_FLUSH_CONTEX    539                           TPM2_CC_FLUSH_CONTEXT,
540                           handle)                 540                           handle)
541                                                   541 
542         self.send_cmd(cmd)                        542         self.send_cmd(cmd)
543                                                   543 
544     def create_root_key(self, auth_value = byt    544     def create_root_key(self, auth_value = bytes()):
545         attributes = \                            545         attributes = \
546             Public.FIXED_TPM | \                  546             Public.FIXED_TPM | \
547             Public.FIXED_PARENT | \               547             Public.FIXED_PARENT | \
548             Public.SENSITIVE_DATA_ORIGIN | \      548             Public.SENSITIVE_DATA_ORIGIN | \
549             Public.USER_WITH_AUTH | \             549             Public.USER_WITH_AUTH | \
550             Public.RESTRICTED | \                 550             Public.RESTRICTED | \
551             Public.DECRYPT                        551             Public.DECRYPT
552                                                   552 
553         auth_cmd = AuthCommand()                  553         auth_cmd = AuthCommand()
554         sensitive = SensitiveCreate(user_auth=    554         sensitive = SensitiveCreate(user_auth=auth_value)
555                                                   555 
556         public_parms = struct.pack(               556         public_parms = struct.pack(
557             '>HHHHHI',                            557             '>HHHHHI',
558             TPM2_ALG_AES,                         558             TPM2_ALG_AES,
559             128,                                  559             128,
560             TPM2_ALG_CFB,                         560             TPM2_ALG_CFB,
561             TPM2_ALG_NULL,                        561             TPM2_ALG_NULL,
562             2048,                                 562             2048,
563             0)                                    563             0)
564                                                   564 
565         public = Public(                          565         public = Public(
566             object_type=TPM2_ALG_RSA,             566             object_type=TPM2_ALG_RSA,
567             name_alg=TPM2_ALG_SHA1,               567             name_alg=TPM2_ALG_SHA1,
568             object_attributes=attributes,         568             object_attributes=attributes,
569             parameters=public_parms)              569             parameters=public_parms)
570                                                   570 
571         fmt = '>HIII I%us H%us H%us HI' % \       571         fmt = '>HIII I%us H%us H%us HI' % \
572             (len(auth_cmd), len(sensitive), le    572             (len(auth_cmd), len(sensitive), len(public))
573         cmd = struct.pack(                        573         cmd = struct.pack(
574             fmt,                                  574             fmt,
575             TPM2_ST_SESSIONS,                     575             TPM2_ST_SESSIONS,
576             struct.calcsize(fmt),                 576             struct.calcsize(fmt),
577             TPM2_CC_CREATE_PRIMARY,               577             TPM2_CC_CREATE_PRIMARY,
578             TPM2_RH_OWNER,                        578             TPM2_RH_OWNER,
579             len(auth_cmd),                        579             len(auth_cmd),
580             bytes(auth_cmd),                      580             bytes(auth_cmd),
581             len(sensitive),                       581             len(sensitive),
582             bytes(sensitive),                     582             bytes(sensitive),
583             len(public),                          583             len(public),
584             bytes(public),                        584             bytes(public),
585             0, 0)                                 585             0, 0)
586                                                   586 
587         return struct.unpack('>I', self.send_c    587         return struct.unpack('>I', self.send_cmd(cmd)[10:14])[0]
588                                                   588 
589     def seal(self, parent_key, data, auth_valu    589     def seal(self, parent_key, data, auth_value, policy_dig,
590              name_alg = TPM2_ALG_SHA1):           590              name_alg = TPM2_ALG_SHA1):
591         ds = get_digest_size(name_alg)            591         ds = get_digest_size(name_alg)
592         assert(not policy_dig or ds == len(pol    592         assert(not policy_dig or ds == len(policy_dig))
593                                                   593 
594         attributes = 0                            594         attributes = 0
595         if not policy_dig:                        595         if not policy_dig:
596             attributes |= Public.USER_WITH_AUT    596             attributes |= Public.USER_WITH_AUTH
597             policy_dig = bytes()                  597             policy_dig = bytes()
598                                                   598 
599         auth_cmd =  AuthCommand()                 599         auth_cmd =  AuthCommand()
600         sensitive = SensitiveCreate(user_auth=    600         sensitive = SensitiveCreate(user_auth=auth_value, data=data)
601                                                   601 
602         public = Public(                          602         public = Public(
603             object_type=TPM2_ALG_KEYEDHASH,       603             object_type=TPM2_ALG_KEYEDHASH,
604             name_alg=name_alg,                    604             name_alg=name_alg,
605             object_attributes=attributes,         605             object_attributes=attributes,
606             auth_policy=policy_dig,               606             auth_policy=policy_dig,
607             parameters=struct.pack('>H', TPM2_    607             parameters=struct.pack('>H', TPM2_ALG_NULL))
608                                                   608 
609         fmt = '>HIII I%us H%us H%us HI' % \       609         fmt = '>HIII I%us H%us H%us HI' % \
610             (len(auth_cmd), len(sensitive), le    610             (len(auth_cmd), len(sensitive), len(public))
611         cmd = struct.pack(                        611         cmd = struct.pack(
612             fmt,                                  612             fmt,
613             TPM2_ST_SESSIONS,                     613             TPM2_ST_SESSIONS,
614             struct.calcsize(fmt),                 614             struct.calcsize(fmt),
615             TPM2_CC_CREATE,                       615             TPM2_CC_CREATE,
616             parent_key,                           616             parent_key,
617             len(auth_cmd),                        617             len(auth_cmd),
618             bytes(auth_cmd),                      618             bytes(auth_cmd),
619             len(sensitive),                       619             len(sensitive),
620             bytes(sensitive),                     620             bytes(sensitive),
621             len(public),                          621             len(public),
622             bytes(public),                        622             bytes(public),
623             0, 0)                                 623             0, 0)
624                                                   624 
625         rsp = self.send_cmd(cmd)                  625         rsp = self.send_cmd(cmd)
626                                                   626 
627         return rsp[14:]                           627         return rsp[14:]
628                                                   628 
629     def unseal(self, parent_key, blob, auth_va    629     def unseal(self, parent_key, blob, auth_value, policy_handle):
630         private_len = struct.unpack('>H', blob    630         private_len = struct.unpack('>H', blob[0:2])[0]
631         public_start = private_len + 2            631         public_start = private_len + 2
632         public_len = struct.unpack('>H', blob[    632         public_len = struct.unpack('>H', blob[public_start:public_start + 2])[0]
633         blob = blob[:private_len + public_len     633         blob = blob[:private_len + public_len + 4]
634                                                   634 
635         auth_cmd = AuthCommand()                  635         auth_cmd = AuthCommand()
636                                                   636 
637         fmt = '>HII I I%us %us' % (len(auth_cm    637         fmt = '>HII I I%us %us' % (len(auth_cmd), len(blob))
638         cmd = struct.pack(                        638         cmd = struct.pack(
639             fmt,                                  639             fmt,
640             TPM2_ST_SESSIONS,                     640             TPM2_ST_SESSIONS,
641             struct.calcsize(fmt),                 641             struct.calcsize(fmt),
642             TPM2_CC_LOAD,                         642             TPM2_CC_LOAD,
643             parent_key,                           643             parent_key,
644             len(auth_cmd),                        644             len(auth_cmd),
645             bytes(auth_cmd),                      645             bytes(auth_cmd),
646             blob)                                 646             blob)
647                                                   647 
648         data_handle = struct.unpack('>I', self    648         data_handle = struct.unpack('>I', self.send_cmd(cmd)[10:14])[0]
649                                                   649 
650         if policy_handle:                         650         if policy_handle:
651             auth_cmd = AuthCommand(session_han    651             auth_cmd = AuthCommand(session_handle=policy_handle, hmac=auth_value)
652         else:                                     652         else:
653             auth_cmd = AuthCommand(hmac=auth_v    653             auth_cmd = AuthCommand(hmac=auth_value)
654                                                   654 
655         fmt = '>HII I I%us' % (len(auth_cmd))     655         fmt = '>HII I I%us' % (len(auth_cmd))
656         cmd = struct.pack(                        656         cmd = struct.pack(
657             fmt,                                  657             fmt,
658             TPM2_ST_SESSIONS,                     658             TPM2_ST_SESSIONS,
659             struct.calcsize(fmt),                 659             struct.calcsize(fmt),
660             TPM2_CC_UNSEAL,                       660             TPM2_CC_UNSEAL,
661             data_handle,                          661             data_handle,
662             len(auth_cmd),                        662             len(auth_cmd),
663             bytes(auth_cmd))                      663             bytes(auth_cmd))
664                                                   664 
665         try:                                      665         try:
666             rsp = self.send_cmd(cmd)              666             rsp = self.send_cmd(cmd)
667         finally:                                  667         finally:
668             self.flush_context(data_handle)       668             self.flush_context(data_handle)
669                                                   669 
670         data_len = struct.unpack('>I', rsp[10:    670         data_len = struct.unpack('>I', rsp[10:14])[0] - 2
671                                                   671 
672         return rsp[16:16 + data_len]              672         return rsp[16:16 + data_len]
673                                                   673 
674     def reset_da_lock(self):                      674     def reset_da_lock(self):
675         auth_cmd = AuthCommand()                  675         auth_cmd = AuthCommand()
676                                                   676 
677         fmt = '>HII I I%us' % (len(auth_cmd))     677         fmt = '>HII I I%us' % (len(auth_cmd))
678         cmd = struct.pack(                        678         cmd = struct.pack(
679             fmt,                                  679             fmt,
680             TPM2_ST_SESSIONS,                     680             TPM2_ST_SESSIONS,
681             struct.calcsize(fmt),                 681             struct.calcsize(fmt),
682             TPM2_CC_DICTIONARY_ATTACK_LOCK_RES    682             TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET,
683             TPM2_RH_LOCKOUT,                      683             TPM2_RH_LOCKOUT,
684             len(auth_cmd),                        684             len(auth_cmd),
685             bytes(auth_cmd))                      685             bytes(auth_cmd))
686                                                   686 
687         self.send_cmd(cmd)                        687         self.send_cmd(cmd)
688                                                   688 
689     def __get_cap_cnt(self, cap, pt, cnt):        689     def __get_cap_cnt(self, cap, pt, cnt):
690         handles = []                              690         handles = []
691         fmt = '>HII III'                          691         fmt = '>HII III'
692                                                   692 
693         cmd = struct.pack(fmt,                    693         cmd = struct.pack(fmt,
694                           TPM2_ST_NO_SESSIONS,    694                           TPM2_ST_NO_SESSIONS,
695                           struct.calcsize(fmt)    695                           struct.calcsize(fmt),
696                           TPM2_CC_GET_CAPABILI    696                           TPM2_CC_GET_CAPABILITY,
697                           cap, pt, cnt)           697                           cap, pt, cnt)
698                                                   698 
699         rsp = self.send_cmd(cmd)[10:]             699         rsp = self.send_cmd(cmd)[10:]
700         more_data, cap, cnt = struct.unpack('>    700         more_data, cap, cnt = struct.unpack('>BII', rsp[:9])
701         rsp = rsp[9:]                             701         rsp = rsp[9:]
702                                                   702 
703         for i in range(0, cnt):                   703         for i in range(0, cnt):
704             handle = struct.unpack('>I', rsp[:    704             handle = struct.unpack('>I', rsp[:4])[0]
705             handles.append(handle)                705             handles.append(handle)
706             rsp = rsp[4:]                         706             rsp = rsp[4:]
707                                                   707 
708         return handles, more_data                 708         return handles, more_data
709                                                   709 
710     def get_cap(self, cap, pt):                   710     def get_cap(self, cap, pt):
711         handles = []                              711         handles = []
712                                                   712 
713         more_data = True                          713         more_data = True
714         while more_data:                          714         while more_data:
715             next_handles, more_data = self.__g    715             next_handles, more_data = self.__get_cap_cnt(cap, pt, 1)
716             handles += next_handles               716             handles += next_handles
717             pt += 1                               717             pt += 1
718                                                   718 
719         return handles                            719         return handles
720                                                   720 
721     def get_cap_pcrs(self):                       721     def get_cap_pcrs(self):
722         pcr_banks = {}                            722         pcr_banks = {}
723                                                   723 
724         fmt = '>HII III'                          724         fmt = '>HII III'
725                                                   725 
726         cmd = struct.pack(fmt,                    726         cmd = struct.pack(fmt,
727                           TPM2_ST_NO_SESSIONS,    727                           TPM2_ST_NO_SESSIONS,
728                           struct.calcsize(fmt)    728                           struct.calcsize(fmt),
729                           TPM2_CC_GET_CAPABILI    729                           TPM2_CC_GET_CAPABILITY,
730                           TPM2_CAP_PCRS, 0, 1)    730                           TPM2_CAP_PCRS, 0, 1)
731         rsp = self.send_cmd(cmd)[10:]             731         rsp = self.send_cmd(cmd)[10:]
732         _, _, cnt = struct.unpack('>BII', rsp[    732         _, _, cnt = struct.unpack('>BII', rsp[:9])
733         rsp = rsp[9:]                             733         rsp = rsp[9:]
734                                                   734 
735         # items are TPMS_PCR_SELECTION's          735         # items are TPMS_PCR_SELECTION's
736         for i in range(0, cnt):                   736         for i in range(0, cnt):
737               hash, sizeOfSelect = struct.unpa    737               hash, sizeOfSelect = struct.unpack('>HB', rsp[:3])
738               rsp = rsp[3:]                       738               rsp = rsp[3:]
739                                                   739 
740               pcrSelect = 0                       740               pcrSelect = 0
741               if sizeOfSelect > 0:                741               if sizeOfSelect > 0:
742                   pcrSelect, = struct.unpack('    742                   pcrSelect, = struct.unpack('%ds' % sizeOfSelect,
743                                              r    743                                              rsp[:sizeOfSelect])
744                   rsp = rsp[sizeOfSelect:]        744                   rsp = rsp[sizeOfSelect:]
745                   pcrSelect = int.from_bytes(p    745                   pcrSelect = int.from_bytes(pcrSelect, byteorder='big')
746                                                   746 
747               pcr_banks[hash] = pcrSelect         747               pcr_banks[hash] = pcrSelect
748                                                   748 
749         return pcr_banks                          749         return pcr_banks
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php