^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) import hashlib
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) import os
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) import socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) import struct
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) import sys
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) import unittest
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) import fcntl
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) import select
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) TPM2_ST_NO_SESSIONS = 0x8001
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) TPM2_ST_SESSIONS = 0x8002
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) TPM2_CC_FIRST = 0x01FF
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) TPM2_CC_CREATE_PRIMARY = 0x0131
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET = 0x0139
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) TPM2_CC_CREATE = 0x0153
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) TPM2_CC_LOAD = 0x0157
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) TPM2_CC_UNSEAL = 0x015E
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) TPM2_CC_FLUSH_CONTEXT = 0x0165
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) TPM2_CC_START_AUTH_SESSION = 0x0176
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) TPM2_CC_GET_CAPABILITY = 0x017A
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) TPM2_CC_GET_RANDOM = 0x017B
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) TPM2_CC_PCR_READ = 0x017E
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) TPM2_CC_POLICY_PCR = 0x017F
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) TPM2_CC_PCR_EXTEND = 0x0182
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) TPM2_CC_POLICY_PASSWORD = 0x018C
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) TPM2_CC_POLICY_GET_DIGEST = 0x0189
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) TPM2_SE_POLICY = 0x01
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) TPM2_SE_TRIAL = 0x03
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) TPM2_ALG_RSA = 0x0001
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) TPM2_ALG_SHA1 = 0x0004
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) TPM2_ALG_AES = 0x0006
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) TPM2_ALG_KEYEDHASH = 0x0008
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) TPM2_ALG_SHA256 = 0x000B
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) TPM2_ALG_NULL = 0x0010
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) TPM2_ALG_CBC = 0x0042
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) TPM2_ALG_CFB = 0x0043
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) TPM2_RH_OWNER = 0x40000001
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) TPM2_RH_NULL = 0x40000007
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) TPM2_RH_LOCKOUT = 0x4000000A
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) TPM2_RS_PW = 0x40000009
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) TPM2_RC_SIZE = 0x01D5
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) TPM2_RC_AUTH_FAIL = 0x098E
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) TPM2_RC_POLICY_FAIL = 0x099D
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) TPM2_RC_COMMAND_CODE = 0x0143
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) TSS2_RC_LAYER_SHIFT = 16
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) TSS2_RESMGR_TPM_RC_LAYER = (11 << TSS2_RC_LAYER_SHIFT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) TPM2_CAP_HANDLES = 0x00000001
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) TPM2_CAP_COMMANDS = 0x00000002
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) TPM2_CAP_TPM_PROPERTIES = 0x00000006
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) TPM2_PT_FIXED = 0x100
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) TPM2_PT_TOTAL_COMMANDS = TPM2_PT_FIXED + 41
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) HR_SHIFT = 24
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) HR_LOADED_SESSION = 0x02000000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) HR_TRANSIENT = 0x80000000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) SHA1_DIGEST_SIZE = 20
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) SHA256_DIGEST_SIZE = 32
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) TPM2_VER0_ERRORS = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) 0x000: "TPM_RC_SUCCESS",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) 0x030: "TPM_RC_BAD_TAG",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) TPM2_VER1_ERRORS = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) 0x000: "TPM_RC_FAILURE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) 0x001: "TPM_RC_FAILURE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) 0x003: "TPM_RC_SEQUENCE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) 0x00B: "TPM_RC_PRIVATE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) 0x019: "TPM_RC_HMAC",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) 0x020: "TPM_RC_DISABLED",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) 0x021: "TPM_RC_EXCLUSIVE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) 0x024: "TPM_RC_AUTH_TYPE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) 0x025: "TPM_RC_AUTH_MISSING",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) 0x026: "TPM_RC_POLICY",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) 0x027: "TPM_RC_PCR",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) 0x028: "TPM_RC_PCR_CHANGED",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) 0x02D: "TPM_RC_UPGRADE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) 0x02E: "TPM_RC_TOO_MANY_CONTEXTS",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) 0x02F: "TPM_RC_AUTH_UNAVAILABLE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) 0x030: "TPM_RC_REBOOT",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) 0x031: "TPM_RC_UNBALANCED",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) 0x042: "TPM_RC_COMMAND_SIZE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) 0x043: "TPM_RC_COMMAND_CODE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) 0x044: "TPM_RC_AUTHSIZE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) 0x045: "TPM_RC_AUTH_CONTEXT",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) 0x046: "TPM_RC_NV_RANGE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) 0x047: "TPM_RC_NV_SIZE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 0x048: "TPM_RC_NV_LOCKED",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 0x049: "TPM_RC_NV_AUTHORIZATION",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 0x04A: "TPM_RC_NV_UNINITIALIZED",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 0x04B: "TPM_RC_NV_SPACE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 0x04C: "TPM_RC_NV_DEFINED",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 0x050: "TPM_RC_BAD_CONTEXT",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 0x051: "TPM_RC_CPHASH",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 0x052: "TPM_RC_PARENT",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 0x053: "TPM_RC_NEEDS_TEST",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 0x054: "TPM_RC_NO_RESULT",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 0x055: "TPM_RC_SENSITIVE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 0x07F: "RC_MAX_FM0",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) TPM2_FMT1_ERRORS = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 0x001: "TPM_RC_ASYMMETRIC",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 0x002: "TPM_RC_ATTRIBUTES",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 0x003: "TPM_RC_HASH",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 0x004: "TPM_RC_VALUE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 0x005: "TPM_RC_HIERARCHY",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 0x007: "TPM_RC_KEY_SIZE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 0x008: "TPM_RC_MGF",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 0x009: "TPM_RC_MODE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 0x00A: "TPM_RC_TYPE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 0x00B: "TPM_RC_HANDLE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 0x00C: "TPM_RC_KDF",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 0x00D: "TPM_RC_RANGE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 0x00E: "TPM_RC_AUTH_FAIL",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 0x00F: "TPM_RC_NONCE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 0x010: "TPM_RC_PP",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 0x012: "TPM_RC_SCHEME",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 0x015: "TPM_RC_SIZE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 0x016: "TPM_RC_SYMMETRIC",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 0x017: "TPM_RC_TAG",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 0x018: "TPM_RC_SELECTOR",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 0x01A: "TPM_RC_INSUFFICIENT",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 0x01B: "TPM_RC_SIGNATURE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 0x01C: "TPM_RC_KEY",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 0x01D: "TPM_RC_POLICY_FAIL",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 0x01F: "TPM_RC_INTEGRITY",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 0x020: "TPM_RC_TICKET",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 0x021: "TPM_RC_RESERVED_BITS",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 0x022: "TPM_RC_BAD_AUTH",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 0x023: "TPM_RC_EXPIRED",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 0x024: "TPM_RC_POLICY_CC",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 0x025: "TPM_RC_BINDING",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 0x026: "TPM_RC_CURVE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 0x027: "TPM_RC_ECC_POINT",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) TPM2_WARN_ERRORS = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 0x001: "TPM_RC_CONTEXT_GAP",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 0x002: "TPM_RC_OBJECT_MEMORY",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 0x003: "TPM_RC_SESSION_MEMORY",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 0x004: "TPM_RC_MEMORY",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 0x005: "TPM_RC_SESSION_HANDLES",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 0x006: "TPM_RC_OBJECT_HANDLES",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 0x007: "TPM_RC_LOCALITY",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 0x008: "TPM_RC_YIELDED",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 0x009: "TPM_RC_CANCELED",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 0x00A: "TPM_RC_TESTING",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 0x010: "TPM_RC_REFERENCE_H0",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 0x011: "TPM_RC_REFERENCE_H1",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 0x012: "TPM_RC_REFERENCE_H2",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 0x013: "TPM_RC_REFERENCE_H3",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 0x014: "TPM_RC_REFERENCE_H4",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 0x015: "TPM_RC_REFERENCE_H5",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 0x016: "TPM_RC_REFERENCE_H6",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 0x018: "TPM_RC_REFERENCE_S0",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 0x019: "TPM_RC_REFERENCE_S1",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 0x01A: "TPM_RC_REFERENCE_S2",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 0x01B: "TPM_RC_REFERENCE_S3",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 0x01C: "TPM_RC_REFERENCE_S4",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 0x01D: "TPM_RC_REFERENCE_S5",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 0x01E: "TPM_RC_REFERENCE_S6",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 0x020: "TPM_RC_NV_RATE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 0x021: "TPM_RC_LOCKOUT",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 0x022: "TPM_RC_RETRY",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 0x023: "TPM_RC_NV_UNAVAILABLE",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 0x7F: "TPM_RC_NOT_USED",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) RC_VER1 = 0x100
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) RC_FMT1 = 0x080
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) RC_WARN = 0x900
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) ALG_DIGEST_SIZE_MAP = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) TPM2_ALG_SHA1: SHA1_DIGEST_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) TPM2_ALG_SHA256: SHA256_DIGEST_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) ALG_HASH_FUNCTION_MAP = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) TPM2_ALG_SHA1: hashlib.sha1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) TPM2_ALG_SHA256: hashlib.sha256
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) NAME_ALG_MAP = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) "sha1": TPM2_ALG_SHA1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) "sha256": TPM2_ALG_SHA256,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) class UnknownAlgorithmIdError(Exception):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) def __init__(self, alg):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) self.alg = alg
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) def __str__(self):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) return '0x%0x' % (alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) class UnknownAlgorithmNameError(Exception):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) def __init__(self, name):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) self.name = name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) def __str__(self):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) return name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) class UnknownPCRBankError(Exception):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) def __init__(self, alg):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) self.alg = alg
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) def __str__(self):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) return '0x%0x' % (alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) class ProtocolError(Exception):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) def __init__(self, cc, rc):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) self.cc = cc
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) self.rc = rc
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) if (rc & RC_FMT1) == RC_FMT1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) self.name = TPM2_FMT1_ERRORS.get(rc & 0x3f, "TPM_RC_UNKNOWN")
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) elif (rc & RC_WARN) == RC_WARN:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) self.name = TPM2_WARN_ERRORS.get(rc & 0x7f, "TPM_RC_UNKNOWN")
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) elif (rc & RC_VER1) == RC_VER1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) self.name = TPM2_VER1_ERRORS.get(rc & 0x7f, "TPM_RC_UNKNOWN")
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) else:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) self.name = TPM2_VER0_ERRORS.get(rc & 0x7f, "TPM_RC_UNKNOWN")
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) def __str__(self):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) if self.cc:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) return '%s: cc=0x%08x, rc=0x%08x' % (self.name, self.cc, self.rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) else:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) return '%s: rc=0x%08x' % (self.name, self.rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) class AuthCommand(object):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) """TPMS_AUTH_COMMAND"""
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) def __init__(self, session_handle=TPM2_RS_PW, nonce=bytes(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) session_attributes=0, hmac=bytes()):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) self.session_handle = session_handle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) self.nonce = nonce
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) self.session_attributes = session_attributes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) self.hmac = hmac
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) def __bytes__(self):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) fmt = '>I H%us B H%us' % (len(self.nonce), len(self.hmac))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) return struct.pack(fmt, self.session_handle, len(self.nonce),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) self.nonce, self.session_attributes, len(self.hmac),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) self.hmac)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) def __len__(self):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) fmt = '>I H%us B H%us' % (len(self.nonce), len(self.hmac))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) return struct.calcsize(fmt)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) class SensitiveCreate(object):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) """TPMS_SENSITIVE_CREATE"""
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) def __init__(self, user_auth=bytes(), data=bytes()):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) self.user_auth = user_auth
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) self.data = data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) def __bytes__(self):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) fmt = '>H%us H%us' % (len(self.user_auth), len(self.data))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) return struct.pack(fmt, len(self.user_auth), self.user_auth,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) len(self.data), self.data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) def __len__(self):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) fmt = '>H%us H%us' % (len(self.user_auth), len(self.data))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) return struct.calcsize(fmt)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) class Public(object):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) """TPMT_PUBLIC"""
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) FIXED_TPM = (1 << 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) FIXED_PARENT = (1 << 4)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) SENSITIVE_DATA_ORIGIN = (1 << 5)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) USER_WITH_AUTH = (1 << 6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) RESTRICTED = (1 << 16)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) DECRYPT = (1 << 17)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) def __fmt(self):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) return '>HHIH%us%usH%us' % \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) (len(self.auth_policy), len(self.parameters), len(self.unique))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) def __init__(self, object_type, name_alg, object_attributes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) auth_policy=bytes(), parameters=bytes(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) unique=bytes()):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) self.object_type = object_type
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) self.name_alg = name_alg
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) self.object_attributes = object_attributes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) self.auth_policy = auth_policy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) self.parameters = parameters
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) self.unique = unique
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) def __bytes__(self):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) return struct.pack(self.__fmt(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) self.object_type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) self.name_alg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) self.object_attributes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) len(self.auth_policy),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) self.auth_policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) self.parameters,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) len(self.unique),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) self.unique)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) def __len__(self):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) return struct.calcsize(self.__fmt())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) def get_digest_size(alg):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) ds = ALG_DIGEST_SIZE_MAP.get(alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) if not ds:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) raise UnknownAlgorithmIdError(alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) return ds
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) def get_hash_function(alg):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) f = ALG_HASH_FUNCTION_MAP.get(alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) if not f:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) raise UnknownAlgorithmIdError(alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) return f
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) def get_algorithm(name):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) alg = NAME_ALG_MAP.get(name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) if not alg:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) raise UnknownAlgorithmNameError(name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) return alg
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) def hex_dump(d):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) d = [format(ord(x), '02x') for x in d]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) d = [d[i: i + 16] for i in range(0, len(d), 16)]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) d = [' '.join(x) for x in d]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) d = os.linesep.join(d)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) return d
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) class Client:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) FLAG_DEBUG = 0x01
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) FLAG_SPACE = 0x02
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) FLAG_NONBLOCK = 0x04
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) TPM_IOC_NEW_SPACE = 0xa200
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) def __init__(self, flags = 0):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) self.flags = flags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) if (self.flags & Client.FLAG_SPACE) == 0:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) self.tpm = open('/dev/tpm0', 'r+b', buffering=0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) else:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) self.tpm = open('/dev/tpmrm0', 'r+b', buffering=0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) if (self.flags & Client.FLAG_NONBLOCK):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) flags = fcntl.fcntl(self.tpm, fcntl.F_GETFL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) flags |= os.O_NONBLOCK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) fcntl.fcntl(self.tpm, fcntl.F_SETFL, flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) self.tpm_poll = select.poll()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) def close(self):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) self.tpm.close()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) def send_cmd(self, cmd):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) self.tpm.write(cmd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) if (self.flags & Client.FLAG_NONBLOCK):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) self.tpm_poll.register(self.tpm, select.POLLIN)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) self.tpm_poll.poll(10000)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) rsp = self.tpm.read()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) if (self.flags & Client.FLAG_NONBLOCK):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) self.tpm_poll.unregister(self.tpm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) if (self.flags & Client.FLAG_DEBUG) != 0:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) sys.stderr.write('cmd' + os.linesep)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) sys.stderr.write(hex_dump(cmd) + os.linesep)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) sys.stderr.write('rsp' + os.linesep)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) sys.stderr.write(hex_dump(rsp) + os.linesep)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) rc = struct.unpack('>I', rsp[6:10])[0]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) if rc != 0:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) cc = struct.unpack('>I', cmd[6:10])[0]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) raise ProtocolError(cc, rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) return rsp
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) def read_pcr(self, i, bank_alg = TPM2_ALG_SHA1):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) pcrsel_len = max((i >> 3) + 1, 3)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) pcrsel = [0] * pcrsel_len
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) pcrsel[i >> 3] = 1 << (i & 7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) pcrsel = ''.join(map(chr, pcrsel)).encode()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) fmt = '>HII IHB%us' % (pcrsel_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) cmd = struct.pack(fmt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) TPM2_ST_NO_SESSIONS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) struct.calcsize(fmt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) TPM2_CC_PCR_READ,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) bank_alg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) pcrsel_len, pcrsel)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) rsp = self.send_cmd(cmd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) pcr_update_cnt, pcr_select_cnt = struct.unpack('>II', rsp[10:18])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) assert pcr_select_cnt == 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) rsp = rsp[18:]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) alg2, pcrsel_len2 = struct.unpack('>HB', rsp[:3])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) assert bank_alg == alg2 and pcrsel_len == pcrsel_len2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) rsp = rsp[3 + pcrsel_len:]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) digest_cnt = struct.unpack('>I', rsp[:4])[0]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) if digest_cnt == 0:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) return None
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) rsp = rsp[6:]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) return rsp
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) def extend_pcr(self, i, dig, bank_alg = TPM2_ALG_SHA1):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) ds = get_digest_size(bank_alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) assert(ds == len(dig))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) auth_cmd = AuthCommand()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) fmt = '>HII I I%us IH%us' % (len(auth_cmd), ds)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) cmd = struct.pack(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) fmt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) TPM2_ST_SESSIONS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) struct.calcsize(fmt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) TPM2_CC_PCR_EXTEND,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) i,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) len(auth_cmd),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) bytes(auth_cmd),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) 1, bank_alg, dig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) self.send_cmd(cmd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) def start_auth_session(self, session_type, name_alg = TPM2_ALG_SHA1):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) fmt = '>HII IIH16sHBHH'
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) cmd = struct.pack(fmt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) TPM2_ST_NO_SESSIONS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) struct.calcsize(fmt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) TPM2_CC_START_AUTH_SESSION,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) TPM2_RH_NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) TPM2_RH_NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) 16,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) ('\0' * 16).encode(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) session_type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) TPM2_ALG_NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) name_alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) return struct.unpack('>I', self.send_cmd(cmd)[10:14])[0]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) def __calc_pcr_digest(self, pcrs, bank_alg = TPM2_ALG_SHA1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) digest_alg = TPM2_ALG_SHA1):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) x = []
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) f = get_hash_function(digest_alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) for i in pcrs:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) pcr = self.read_pcr(i, bank_alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) if pcr is None:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) return None
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) x += pcr
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) return f(bytearray(x)).digest()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) def policy_pcr(self, handle, pcrs, bank_alg = TPM2_ALG_SHA1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) name_alg = TPM2_ALG_SHA1):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) ds = get_digest_size(name_alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) dig = self.__calc_pcr_digest(pcrs, bank_alg, name_alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) if not dig:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) raise UnknownPCRBankError(bank_alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) pcrsel_len = max((max(pcrs) >> 3) + 1, 3)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) pcrsel = [0] * pcrsel_len
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) for i in pcrs:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) pcrsel[i >> 3] |= 1 << (i & 7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) pcrsel = ''.join(map(chr, pcrsel)).encode()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) fmt = '>HII IH%usIHB3s' % ds
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) cmd = struct.pack(fmt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) TPM2_ST_NO_SESSIONS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) struct.calcsize(fmt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) TPM2_CC_POLICY_PCR,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) handle,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) len(dig),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) bytes(dig),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) bank_alg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) pcrsel_len, pcrsel)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) self.send_cmd(cmd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) def policy_password(self, handle):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) fmt = '>HII I'
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) cmd = struct.pack(fmt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) TPM2_ST_NO_SESSIONS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) struct.calcsize(fmt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) TPM2_CC_POLICY_PASSWORD,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) handle)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) self.send_cmd(cmd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) def get_policy_digest(self, handle):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) fmt = '>HII I'
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) cmd = struct.pack(fmt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) TPM2_ST_NO_SESSIONS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) struct.calcsize(fmt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) TPM2_CC_POLICY_GET_DIGEST,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) handle)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) return self.send_cmd(cmd)[12:]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) def flush_context(self, handle):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) fmt = '>HIII'
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) cmd = struct.pack(fmt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) TPM2_ST_NO_SESSIONS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) struct.calcsize(fmt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) TPM2_CC_FLUSH_CONTEXT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) handle)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) self.send_cmd(cmd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) def create_root_key(self, auth_value = bytes()):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) attributes = \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) Public.FIXED_TPM | \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) Public.FIXED_PARENT | \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) Public.SENSITIVE_DATA_ORIGIN | \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) Public.USER_WITH_AUTH | \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) Public.RESTRICTED | \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) Public.DECRYPT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) auth_cmd = AuthCommand()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) sensitive = SensitiveCreate(user_auth=auth_value)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) public_parms = struct.pack(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) '>HHHHHI',
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) TPM2_ALG_AES,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) 128,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) TPM2_ALG_CFB,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) TPM2_ALG_NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) 2048,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560) public = Public(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) object_type=TPM2_ALG_RSA,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) name_alg=TPM2_ALG_SHA1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) object_attributes=attributes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) parameters=public_parms)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) fmt = '>HIII I%us H%us H%us HI' % \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) (len(auth_cmd), len(sensitive), len(public))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) cmd = struct.pack(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) fmt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) TPM2_ST_SESSIONS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) struct.calcsize(fmt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) TPM2_CC_CREATE_PRIMARY,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) TPM2_RH_OWNER,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) len(auth_cmd),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) bytes(auth_cmd),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) len(sensitive),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) bytes(sensitive),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) len(public),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) bytes(public),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) 0, 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) return struct.unpack('>I', self.send_cmd(cmd)[10:14])[0]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) def seal(self, parent_key, data, auth_value, policy_dig,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) name_alg = TPM2_ALG_SHA1):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) ds = get_digest_size(name_alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) assert(not policy_dig or ds == len(policy_dig))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) attributes = 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) if not policy_dig:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) attributes |= Public.USER_WITH_AUTH
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) policy_dig = bytes()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) auth_cmd = AuthCommand()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) sensitive = SensitiveCreate(user_auth=auth_value, data=data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) public = Public(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) object_type=TPM2_ALG_KEYEDHASH,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) name_alg=name_alg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) object_attributes=attributes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) auth_policy=policy_dig,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) parameters=struct.pack('>H', TPM2_ALG_NULL))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) fmt = '>HIII I%us H%us H%us HI' % \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) (len(auth_cmd), len(sensitive), len(public))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) cmd = struct.pack(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) fmt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) TPM2_ST_SESSIONS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609) struct.calcsize(fmt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610) TPM2_CC_CREATE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611) parent_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) len(auth_cmd),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) bytes(auth_cmd),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614) len(sensitive),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) bytes(sensitive),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616) len(public),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) bytes(public),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) 0, 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) rsp = self.send_cmd(cmd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) return rsp[14:]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) def unseal(self, parent_key, blob, auth_value, policy_handle):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625) private_len = struct.unpack('>H', blob[0:2])[0]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) public_start = private_len + 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) public_len = struct.unpack('>H', blob[public_start:public_start + 2])[0]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) blob = blob[:private_len + public_len + 4]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) auth_cmd = AuthCommand()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) fmt = '>HII I I%us %us' % (len(auth_cmd), len(blob))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633) cmd = struct.pack(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) fmt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) TPM2_ST_SESSIONS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) struct.calcsize(fmt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637) TPM2_CC_LOAD,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) parent_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) len(auth_cmd),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) bytes(auth_cmd),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) blob)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) data_handle = struct.unpack('>I', self.send_cmd(cmd)[10:14])[0]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) if policy_handle:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) auth_cmd = AuthCommand(session_handle=policy_handle, hmac=auth_value)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) else:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648) auth_cmd = AuthCommand(hmac=auth_value)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650) fmt = '>HII I I%us' % (len(auth_cmd))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) cmd = struct.pack(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) fmt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) TPM2_ST_SESSIONS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) struct.calcsize(fmt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) TPM2_CC_UNSEAL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) data_handle,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) len(auth_cmd),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) bytes(auth_cmd))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) try:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) rsp = self.send_cmd(cmd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662) finally:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) self.flush_context(data_handle)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) data_len = struct.unpack('>I', rsp[10:14])[0] - 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667) return rsp[16:16 + data_len]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669) def reset_da_lock(self):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) auth_cmd = AuthCommand()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) fmt = '>HII I I%us' % (len(auth_cmd))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) cmd = struct.pack(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674) fmt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) TPM2_ST_SESSIONS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676) struct.calcsize(fmt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678) TPM2_RH_LOCKOUT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) len(auth_cmd),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680) bytes(auth_cmd))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682) self.send_cmd(cmd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) def __get_cap_cnt(self, cap, pt, cnt):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685) handles = []
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686) fmt = '>HII III'
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688) cmd = struct.pack(fmt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) TPM2_ST_NO_SESSIONS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690) struct.calcsize(fmt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691) TPM2_CC_GET_CAPABILITY,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692) cap, pt, cnt)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694) rsp = self.send_cmd(cmd)[10:]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695) more_data, cap, cnt = struct.unpack('>BII', rsp[:9])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696) rsp = rsp[9:]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698) for i in range(0, cnt):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699) handle = struct.unpack('>I', rsp[:4])[0]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700) handles.append(handle)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701) rsp = rsp[4:]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703) return handles, more_data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705) def get_cap(self, cap, pt):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706) handles = []
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708) more_data = True
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709) while more_data:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710) next_handles, more_data = self.__get_cap_cnt(cap, pt, 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711) handles += next_handles
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712) pt += 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714) return handles
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags