1# SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) 2 3import hashlib 4import os 5import socket 6import struct 7import sys 8import unittest 9import fcntl 10import select 11 12TPM2_ST_NO_SESSIONS = 0x8001 13TPM2_ST_SESSIONS = 0x8002 14 15TPM2_CC_FIRST = 0x01FF 16 17TPM2_CC_CREATE_PRIMARY = 0x0131 18TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET = 0x0139 19TPM2_CC_CREATE = 0x0153 20TPM2_CC_LOAD = 0x0157 21TPM2_CC_UNSEAL = 0x015E 22TPM2_CC_FLUSH_CONTEXT = 0x0165 23TPM2_CC_START_AUTH_SESSION = 0x0176 24TPM2_CC_GET_CAPABILITY = 0x017A 25TPM2_CC_GET_RANDOM = 0x017B 26TPM2_CC_PCR_READ = 0x017E 27TPM2_CC_POLICY_PCR = 0x017F 28TPM2_CC_PCR_EXTEND = 0x0182 29TPM2_CC_POLICY_PASSWORD = 0x018C 30TPM2_CC_POLICY_GET_DIGEST = 0x0189 31 32TPM2_SE_POLICY = 0x01 33TPM2_SE_TRIAL = 0x03 34 35TPM2_ALG_RSA = 0x0001 36TPM2_ALG_SHA1 = 0x0004 37TPM2_ALG_AES = 0x0006 38TPM2_ALG_KEYEDHASH = 0x0008 39TPM2_ALG_SHA256 = 0x000B 40TPM2_ALG_NULL = 0x0010 41TPM2_ALG_CBC = 0x0042 42TPM2_ALG_CFB = 0x0043 43 44TPM2_RH_OWNER = 0x40000001 45TPM2_RH_NULL = 0x40000007 46TPM2_RH_LOCKOUT = 0x4000000A 47TPM2_RS_PW = 0x40000009 48 49TPM2_RC_SIZE = 0x01D5 50TPM2_RC_AUTH_FAIL = 0x098E 51TPM2_RC_POLICY_FAIL = 0x099D 52TPM2_RC_COMMAND_CODE = 0x0143 53 54TSS2_RC_LAYER_SHIFT = 16 55TSS2_RESMGR_TPM_RC_LAYER = (11 << TSS2_RC_LAYER_SHIFT) 56 57TPM2_CAP_HANDLES = 0x00000001 58TPM2_CAP_COMMANDS = 0x00000002 59TPM2_CAP_TPM_PROPERTIES = 0x00000006 60 61TPM2_PT_FIXED = 0x100 62TPM2_PT_TOTAL_COMMANDS = TPM2_PT_FIXED + 41 63 64HR_SHIFT = 24 65HR_LOADED_SESSION = 0x02000000 66HR_TRANSIENT = 0x80000000 67 68SHA1_DIGEST_SIZE = 20 69SHA256_DIGEST_SIZE = 32 70 71TPM2_VER0_ERRORS = { 72 0x000: "TPM_RC_SUCCESS", 73 0x030: "TPM_RC_BAD_TAG", 74} 75 76TPM2_VER1_ERRORS = { 77 0x000: "TPM_RC_FAILURE", 78 0x001: "TPM_RC_FAILURE", 79 0x003: "TPM_RC_SEQUENCE", 80 0x00B: "TPM_RC_PRIVATE", 81 0x019: "TPM_RC_HMAC", 82 0x020: "TPM_RC_DISABLED", 83 0x021: "TPM_RC_EXCLUSIVE", 84 0x024: "TPM_RC_AUTH_TYPE", 85 0x025: "TPM_RC_AUTH_MISSING", 86 0x026: "TPM_RC_POLICY", 87 0x027: "TPM_RC_PCR", 88 0x028: "TPM_RC_PCR_CHANGED", 89 0x02D: "TPM_RC_UPGRADE", 90 0x02E: "TPM_RC_TOO_MANY_CONTEXTS", 91 0x02F: "TPM_RC_AUTH_UNAVAILABLE", 92 0x030: "TPM_RC_REBOOT", 93 0x031: "TPM_RC_UNBALANCED", 94 0x042: "TPM_RC_COMMAND_SIZE", 95 0x043: "TPM_RC_COMMAND_CODE", 96 0x044: "TPM_RC_AUTHSIZE", 97 0x045: "TPM_RC_AUTH_CONTEXT", 98 0x046: "TPM_RC_NV_RANGE", 99 0x047: "TPM_RC_NV_SIZE", 100 0x048: "TPM_RC_NV_LOCKED", 101 0x049: "TPM_RC_NV_AUTHORIZATION", 102 0x04A: "TPM_RC_NV_UNINITIALIZED", 103 0x04B: "TPM_RC_NV_SPACE", 104 0x04C: "TPM_RC_NV_DEFINED", 105 0x050: "TPM_RC_BAD_CONTEXT", 106 0x051: "TPM_RC_CPHASH", 107 0x052: "TPM_RC_PARENT", 108 0x053: "TPM_RC_NEEDS_TEST", 109 0x054: "TPM_RC_NO_RESULT", 110 0x055: "TPM_RC_SENSITIVE", 111 0x07F: "RC_MAX_FM0", 112} 113 114TPM2_FMT1_ERRORS = { 115 0x001: "TPM_RC_ASYMMETRIC", 116 0x002: "TPM_RC_ATTRIBUTES", 117 0x003: "TPM_RC_HASH", 118 0x004: "TPM_RC_VALUE", 119 0x005: "TPM_RC_HIERARCHY", 120 0x007: "TPM_RC_KEY_SIZE", 121 0x008: "TPM_RC_MGF", 122 0x009: "TPM_RC_MODE", 123 0x00A: "TPM_RC_TYPE", 124 0x00B: "TPM_RC_HANDLE", 125 0x00C: "TPM_RC_KDF", 126 0x00D: "TPM_RC_RANGE", 127 0x00E: "TPM_RC_AUTH_FAIL", 128 0x00F: "TPM_RC_NONCE", 129 0x010: "TPM_RC_PP", 130 0x012: "TPM_RC_SCHEME", 131 0x015: "TPM_RC_SIZE", 132 0x016: "TPM_RC_SYMMETRIC", 133 0x017: "TPM_RC_TAG", 134 0x018: "TPM_RC_SELECTOR", 135 0x01A: "TPM_RC_INSUFFICIENT", 136 0x01B: "TPM_RC_SIGNATURE", 137 0x01C: "TPM_RC_KEY", 138 0x01D: "TPM_RC_POLICY_FAIL", 139 0x01F: "TPM_RC_INTEGRITY", 140 0x020: "TPM_RC_TICKET", 141 0x021: "TPM_RC_RESERVED_BITS", 142 0x022: "TPM_RC_BAD_AUTH", 143 0x023: "TPM_RC_EXPIRED", 144 0x024: "TPM_RC_POLICY_CC", 145 0x025: "TPM_RC_BINDING", 146 0x026: "TPM_RC_CURVE", 147 0x027: "TPM_RC_ECC_POINT", 148} 149 150TPM2_WARN_ERRORS = { 151 0x001: "TPM_RC_CONTEXT_GAP", 152 0x002: "TPM_RC_OBJECT_MEMORY", 153 0x003: "TPM_RC_SESSION_MEMORY", 154 0x004: "TPM_RC_MEMORY", 155 0x005: "TPM_RC_SESSION_HANDLES", 156 0x006: "TPM_RC_OBJECT_HANDLES", 157 0x007: "TPM_RC_LOCALITY", 158 0x008: "TPM_RC_YIELDED", 159 0x009: "TPM_RC_CANCELED", 160 0x00A: "TPM_RC_TESTING", 161 0x010: "TPM_RC_REFERENCE_H0", 162 0x011: "TPM_RC_REFERENCE_H1", 163 0x012: "TPM_RC_REFERENCE_H2", 164 0x013: "TPM_RC_REFERENCE_H3", 165 0x014: "TPM_RC_REFERENCE_H4", 166 0x015: "TPM_RC_REFERENCE_H5", 167 0x016: "TPM_RC_REFERENCE_H6", 168 0x018: "TPM_RC_REFERENCE_S0", 169 0x019: "TPM_RC_REFERENCE_S1", 170 0x01A: "TPM_RC_REFERENCE_S2", 171 0x01B: "TPM_RC_REFERENCE_S3", 172 0x01C: "TPM_RC_REFERENCE_S4", 173 0x01D: "TPM_RC_REFERENCE_S5", 174 0x01E: "TPM_RC_REFERENCE_S6", 175 0x020: "TPM_RC_NV_RATE", 176 0x021: "TPM_RC_LOCKOUT", 177 0x022: "TPM_RC_RETRY", 178 0x023: "TPM_RC_NV_UNAVAILABLE", 179 0x7F: "TPM_RC_NOT_USED", 180} 181 182RC_VER1 = 0x100 183RC_FMT1 = 0x080 184RC_WARN = 0x900 185 186ALG_DIGEST_SIZE_MAP = { 187 TPM2_ALG_SHA1: SHA1_DIGEST_SIZE, 188 TPM2_ALG_SHA256: SHA256_DIGEST_SIZE, 189} 190 191ALG_HASH_FUNCTION_MAP = { 192 TPM2_ALG_SHA1: hashlib.sha1, 193 TPM2_ALG_SHA256: hashlib.sha256 194} 195 196NAME_ALG_MAP = { 197 "sha1": TPM2_ALG_SHA1, 198 "sha256": TPM2_ALG_SHA256, 199} 200 201 202class UnknownAlgorithmIdError(Exception): 203 def __init__(self, alg): 204 self.alg = alg 205 206 def __str__(self): 207 return '0x%0x' % (alg) 208 209 210class UnknownAlgorithmNameError(Exception): 211 def __init__(self, name): 212 self.name = name 213 214 def __str__(self): 215 return name 216 217 218class UnknownPCRBankError(Exception): 219 def __init__(self, alg): 220 self.alg = alg 221 222 def __str__(self): 223 return '0x%0x' % (alg) 224 225 226class ProtocolError(Exception): 227 def __init__(self, cc, rc): 228 self.cc = cc 229 self.rc = rc 230 231 if (rc & RC_FMT1) == RC_FMT1: 232 self.name = TPM2_FMT1_ERRORS.get(rc & 0x3f, "TPM_RC_UNKNOWN") 233 elif (rc & RC_WARN) == RC_WARN: 234 self.name = TPM2_WARN_ERRORS.get(rc & 0x7f, "TPM_RC_UNKNOWN") 235 elif (rc & RC_VER1) == RC_VER1: 236 self.name = TPM2_VER1_ERRORS.get(rc & 0x7f, "TPM_RC_UNKNOWN") 237 else: 238 self.name = TPM2_VER0_ERRORS.get(rc & 0x7f, "TPM_RC_UNKNOWN") 239 240 def __str__(self): 241 if self.cc: 242 return '%s: cc=0x%08x, rc=0x%08x' % (self.name, self.cc, self.rc) 243 else: 244 return '%s: rc=0x%08x' % (self.name, self.rc) 245 246 247class AuthCommand(object): 248 """TPMS_AUTH_COMMAND""" 249 250 def __init__(self, session_handle=TPM2_RS_PW, nonce=bytes(), 251 session_attributes=0, hmac=bytes()): 252 self.session_handle = session_handle 253 self.nonce = nonce 254 self.session_attributes = session_attributes 255 self.hmac = hmac 256 257 def __bytes__(self): 258 fmt = '>I H%us B H%us' % (len(self.nonce), len(self.hmac)) 259 return struct.pack(fmt, self.session_handle, len(self.nonce), 260 self.nonce, self.session_attributes, len(self.hmac), 261 self.hmac) 262 263 def __len__(self): 264 fmt = '>I H%us B H%us' % (len(self.nonce), len(self.hmac)) 265 return struct.calcsize(fmt) 266 267 268class SensitiveCreate(object): 269 """TPMS_SENSITIVE_CREATE""" 270 271 def __init__(self, user_auth=bytes(), data=bytes()): 272 self.user_auth = user_auth 273 self.data = data 274 275 def __bytes__(self): 276 fmt = '>H%us H%us' % (len(self.user_auth), len(self.data)) 277 return struct.pack(fmt, len(self.user_auth), self.user_auth, 278 len(self.data), self.data) 279 280 def __len__(self): 281 fmt = '>H%us H%us' % (len(self.user_auth), len(self.data)) 282 return struct.calcsize(fmt) 283 284 285class Public(object): 286 """TPMT_PUBLIC""" 287 288 FIXED_TPM = (1 << 1) 289 FIXED_PARENT = (1 << 4) 290 SENSITIVE_DATA_ORIGIN = (1 << 5) 291 USER_WITH_AUTH = (1 << 6) 292 RESTRICTED = (1 << 16) 293 DECRYPT = (1 << 17) 294 295 def __fmt(self): 296 return '>HHIH%us%usH%us' % \ 297 (len(self.auth_policy), len(self.parameters), len(self.unique)) 298 299 def __init__(self, object_type, name_alg, object_attributes, 300 auth_policy=bytes(), parameters=bytes(), 301 unique=bytes()): 302 self.object_type = object_type 303 self.name_alg = name_alg 304 self.object_attributes = object_attributes 305 self.auth_policy = auth_policy 306 self.parameters = parameters 307 self.unique = unique 308 309 def __bytes__(self): 310 return struct.pack(self.__fmt(), 311 self.object_type, 312 self.name_alg, 313 self.object_attributes, 314 len(self.auth_policy), 315 self.auth_policy, 316 self.parameters, 317 len(self.unique), 318 self.unique) 319 320 def __len__(self): 321 return struct.calcsize(self.__fmt()) 322 323 324def get_digest_size(alg): 325 ds = ALG_DIGEST_SIZE_MAP.get(alg) 326 if not ds: 327 raise UnknownAlgorithmIdError(alg) 328 return ds 329 330 331def get_hash_function(alg): 332 f = ALG_HASH_FUNCTION_MAP.get(alg) 333 if not f: 334 raise UnknownAlgorithmIdError(alg) 335 return f 336 337 338def get_algorithm(name): 339 alg = NAME_ALG_MAP.get(name) 340 if not alg: 341 raise UnknownAlgorithmNameError(name) 342 return alg 343 344 345def hex_dump(d): 346 d = [format(ord(x), '02x') for x in d] 347 d = [d[i: i + 16] for i in range(0, len(d), 16)] 348 d = [' '.join(x) for x in d] 349 d = os.linesep.join(d) 350 351 return d 352 353class Client: 354 FLAG_DEBUG = 0x01 355 FLAG_SPACE = 0x02 356 FLAG_NONBLOCK = 0x04 357 TPM_IOC_NEW_SPACE = 0xa200 358 359 def __init__(self, flags = 0): 360 self.flags = flags 361 362 if (self.flags & Client.FLAG_SPACE) == 0: 363 self.tpm = open('/dev/tpm0', 'r+b', buffering=0) 364 else: 365 self.tpm = open('/dev/tpmrm0', 'r+b', buffering=0) 366 367 if (self.flags & Client.FLAG_NONBLOCK): 368 flags = fcntl.fcntl(self.tpm, fcntl.F_GETFL) 369 flags |= os.O_NONBLOCK 370 fcntl.fcntl(self.tpm, fcntl.F_SETFL, flags) 371 self.tpm_poll = select.poll() 372 373 def __del__(self): 374 if self.tpm: 375 self.tpm.close() 376 377 def close(self): 378 self.tpm.close() 379 380 def send_cmd(self, cmd): 381 self.tpm.write(cmd) 382 383 if (self.flags & Client.FLAG_NONBLOCK): 384 self.tpm_poll.register(self.tpm, select.POLLIN) 385 self.tpm_poll.poll(10000) 386 387 rsp = self.tpm.read() 388 389 if (self.flags & Client.FLAG_NONBLOCK): 390 self.tpm_poll.unregister(self.tpm) 391 392 if (self.flags & Client.FLAG_DEBUG) != 0: 393 sys.stderr.write('cmd' + os.linesep) 394 sys.stderr.write(hex_dump(cmd) + os.linesep) 395 sys.stderr.write('rsp' + os.linesep) 396 sys.stderr.write(hex_dump(rsp) + os.linesep) 397 398 rc = struct.unpack('>I', rsp[6:10])[0] 399 if rc != 0: 400 cc = struct.unpack('>I', cmd[6:10])[0] 401 raise ProtocolError(cc, rc) 402 403 return rsp 404 405 def read_pcr(self, i, bank_alg = TPM2_ALG_SHA1): 406 pcrsel_len = max((i >> 3) + 1, 3) 407 pcrsel = [0] * pcrsel_len 408 pcrsel[i >> 3] = 1 << (i & 7) 409 pcrsel = ''.join(map(chr, pcrsel)).encode() 410 411 fmt = '>HII IHB%us' % (pcrsel_len) 412 cmd = struct.pack(fmt, 413 TPM2_ST_NO_SESSIONS, 414 struct.calcsize(fmt), 415 TPM2_CC_PCR_READ, 416 1, 417 bank_alg, 418 pcrsel_len, pcrsel) 419 420 rsp = self.send_cmd(cmd) 421 422 pcr_update_cnt, pcr_select_cnt = struct.unpack('>II', rsp[10:18]) 423 assert pcr_select_cnt == 1 424 rsp = rsp[18:] 425 426 alg2, pcrsel_len2 = struct.unpack('>HB', rsp[:3]) 427 assert bank_alg == alg2 and pcrsel_len == pcrsel_len2 428 rsp = rsp[3 + pcrsel_len:] 429 430 digest_cnt = struct.unpack('>I', rsp[:4])[0] 431 if digest_cnt == 0: 432 return None 433 rsp = rsp[6:] 434 435 return rsp 436 437 def extend_pcr(self, i, dig, bank_alg = TPM2_ALG_SHA1): 438 ds = get_digest_size(bank_alg) 439 assert(ds == len(dig)) 440 441 auth_cmd = AuthCommand() 442 443 fmt = '>HII I I%us IH%us' % (len(auth_cmd), ds) 444 cmd = struct.pack( 445 fmt, 446 TPM2_ST_SESSIONS, 447 struct.calcsize(fmt), 448 TPM2_CC_PCR_EXTEND, 449 i, 450 len(auth_cmd), 451 bytes(auth_cmd), 452 1, bank_alg, dig) 453 454 self.send_cmd(cmd) 455 456 def start_auth_session(self, session_type, name_alg = TPM2_ALG_SHA1): 457 fmt = '>HII IIH16sHBHH' 458 cmd = struct.pack(fmt, 459 TPM2_ST_NO_SESSIONS, 460 struct.calcsize(fmt), 461 TPM2_CC_START_AUTH_SESSION, 462 TPM2_RH_NULL, 463 TPM2_RH_NULL, 464 16, 465 ('\0' * 16).encode(), 466 0, 467 session_type, 468 TPM2_ALG_NULL, 469 name_alg) 470 471 return struct.unpack('>I', self.send_cmd(cmd)[10:14])[0] 472 473 def __calc_pcr_digest(self, pcrs, bank_alg = TPM2_ALG_SHA1, 474 digest_alg = TPM2_ALG_SHA1): 475 x = [] 476 f = get_hash_function(digest_alg) 477 478 for i in pcrs: 479 pcr = self.read_pcr(i, bank_alg) 480 if pcr is None: 481 return None 482 x += pcr 483 484 return f(bytearray(x)).digest() 485 486 def policy_pcr(self, handle, pcrs, bank_alg = TPM2_ALG_SHA1, 487 name_alg = TPM2_ALG_SHA1): 488 ds = get_digest_size(name_alg) 489 dig = self.__calc_pcr_digest(pcrs, bank_alg, name_alg) 490 if not dig: 491 raise UnknownPCRBankError(bank_alg) 492 493 pcrsel_len = max((max(pcrs) >> 3) + 1, 3) 494 pcrsel = [0] * pcrsel_len 495 for i in pcrs: 496 pcrsel[i >> 3] |= 1 << (i & 7) 497 pcrsel = ''.join(map(chr, pcrsel)).encode() 498 499 fmt = '>HII IH%usIHB3s' % ds 500 cmd = struct.pack(fmt, 501 TPM2_ST_NO_SESSIONS, 502 struct.calcsize(fmt), 503 TPM2_CC_POLICY_PCR, 504 handle, 505 len(dig), 506 bytes(dig), 507 1, 508 bank_alg, 509 pcrsel_len, pcrsel) 510 511 self.send_cmd(cmd) 512 513 def policy_password(self, handle): 514 fmt = '>HII I' 515 cmd = struct.pack(fmt, 516 TPM2_ST_NO_SESSIONS, 517 struct.calcsize(fmt), 518 TPM2_CC_POLICY_PASSWORD, 519 handle) 520 521 self.send_cmd(cmd) 522 523 def get_policy_digest(self, handle): 524 fmt = '>HII I' 525 cmd = struct.pack(fmt, 526 TPM2_ST_NO_SESSIONS, 527 struct.calcsize(fmt), 528 TPM2_CC_POLICY_GET_DIGEST, 529 handle) 530 531 return self.send_cmd(cmd)[12:] 532 533 def flush_context(self, handle): 534 fmt = '>HIII' 535 cmd = struct.pack(fmt, 536 TPM2_ST_NO_SESSIONS, 537 struct.calcsize(fmt), 538 TPM2_CC_FLUSH_CONTEXT, 539 handle) 540 541 self.send_cmd(cmd) 542 543 def create_root_key(self, auth_value = bytes()): 544 attributes = \ 545 Public.FIXED_TPM | \ 546 Public.FIXED_PARENT | \ 547 Public.SENSITIVE_DATA_ORIGIN | \ 548 Public.USER_WITH_AUTH | \ 549 Public.RESTRICTED | \ 550 Public.DECRYPT 551 552 auth_cmd = AuthCommand() 553 sensitive = SensitiveCreate(user_auth=auth_value) 554 555 public_parms = struct.pack( 556 '>HHHHHI', 557 TPM2_ALG_AES, 558 128, 559 TPM2_ALG_CFB, 560 TPM2_ALG_NULL, 561 2048, 562 0) 563 564 public = Public( 565 object_type=TPM2_ALG_RSA, 566 name_alg=TPM2_ALG_SHA1, 567 object_attributes=attributes, 568 parameters=public_parms) 569 570 fmt = '>HIII I%us H%us H%us HI' % \ 571 (len(auth_cmd), len(sensitive), len(public)) 572 cmd = struct.pack( 573 fmt, 574 TPM2_ST_SESSIONS, 575 struct.calcsize(fmt), 576 TPM2_CC_CREATE_PRIMARY, 577 TPM2_RH_OWNER, 578 len(auth_cmd), 579 bytes(auth_cmd), 580 len(sensitive), 581 bytes(sensitive), 582 len(public), 583 bytes(public), 584 0, 0) 585 586 return struct.unpack('>I', self.send_cmd(cmd)[10:14])[0] 587 588 def seal(self, parent_key, data, auth_value, policy_dig, 589 name_alg = TPM2_ALG_SHA1): 590 ds = get_digest_size(name_alg) 591 assert(not policy_dig or ds == len(policy_dig)) 592 593 attributes = 0 594 if not policy_dig: 595 attributes |= Public.USER_WITH_AUTH 596 policy_dig = bytes() 597 598 auth_cmd = AuthCommand() 599 sensitive = SensitiveCreate(user_auth=auth_value, data=data) 600 601 public = Public( 602 object_type=TPM2_ALG_KEYEDHASH, 603 name_alg=name_alg, 604 object_attributes=attributes, 605 auth_policy=policy_dig, 606 parameters=struct.pack('>H', TPM2_ALG_NULL)) 607 608 fmt = '>HIII I%us H%us H%us HI' % \ 609 (len(auth_cmd), len(sensitive), len(public)) 610 cmd = struct.pack( 611 fmt, 612 TPM2_ST_SESSIONS, 613 struct.calcsize(fmt), 614 TPM2_CC_CREATE, 615 parent_key, 616 len(auth_cmd), 617 bytes(auth_cmd), 618 len(sensitive), 619 bytes(sensitive), 620 len(public), 621 bytes(public), 622 0, 0) 623 624 rsp = self.send_cmd(cmd) 625 626 return rsp[14:] 627 628 def unseal(self, parent_key, blob, auth_value, policy_handle): 629 private_len = struct.unpack('>H', blob[0:2])[0] 630 public_start = private_len + 2 631 public_len = struct.unpack('>H', blob[public_start:public_start + 2])[0] 632 blob = blob[:private_len + public_len + 4] 633 634 auth_cmd = AuthCommand() 635 636 fmt = '>HII I I%us %us' % (len(auth_cmd), len(blob)) 637 cmd = struct.pack( 638 fmt, 639 TPM2_ST_SESSIONS, 640 struct.calcsize(fmt), 641 TPM2_CC_LOAD, 642 parent_key, 643 len(auth_cmd), 644 bytes(auth_cmd), 645 blob) 646 647 data_handle = struct.unpack('>I', self.send_cmd(cmd)[10:14])[0] 648 649 if policy_handle: 650 auth_cmd = AuthCommand(session_handle=policy_handle, hmac=auth_value) 651 else: 652 auth_cmd = AuthCommand(hmac=auth_value) 653 654 fmt = '>HII I I%us' % (len(auth_cmd)) 655 cmd = struct.pack( 656 fmt, 657 TPM2_ST_SESSIONS, 658 struct.calcsize(fmt), 659 TPM2_CC_UNSEAL, 660 data_handle, 661 len(auth_cmd), 662 bytes(auth_cmd)) 663 664 try: 665 rsp = self.send_cmd(cmd) 666 finally: 667 self.flush_context(data_handle) 668 669 data_len = struct.unpack('>I', rsp[10:14])[0] - 2 670 671 return rsp[16:16 + data_len] 672 673 def reset_da_lock(self): 674 auth_cmd = AuthCommand() 675 676 fmt = '>HII I I%us' % (len(auth_cmd)) 677 cmd = struct.pack( 678 fmt, 679 TPM2_ST_SESSIONS, 680 struct.calcsize(fmt), 681 TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET, 682 TPM2_RH_LOCKOUT, 683 len(auth_cmd), 684 bytes(auth_cmd)) 685 686 self.send_cmd(cmd) 687 688 def __get_cap_cnt(self, cap, pt, cnt): 689 handles = [] 690 fmt = '>HII III' 691 692 cmd = struct.pack(fmt, 693 TPM2_ST_NO_SESSIONS, 694 struct.calcsize(fmt), 695 TPM2_CC_GET_CAPABILITY, 696 cap, pt, cnt) 697 698 rsp = self.send_cmd(cmd)[10:] 699 more_data, cap, cnt = struct.unpack('>BII', rsp[:9]) 700 rsp = rsp[9:] 701 702 for i in range(0, cnt): 703 handle = struct.unpack('>I', rsp[:4])[0] 704 handles.append(handle) 705 rsp = rsp[4:] 706 707 return handles, more_data 708 709 def get_cap(self, cap, pt): 710 handles = [] 711 712 more_data = True 713 while more_data: 714 next_handles, more_data = self.__get_cap_cnt(cap, pt, 1) 715 handles += next_handles 716 pt += 1 717 718 return handles 719