1 # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
3 from argparse import ArgumentParser
4 from argparse import FileType
8 from tpm2 import ProtocolError
13 class SmokeTest(unittest.TestCase):
15 self.client = tpm2.Client()
16 self.root_key = self.client.create_root_key()
19 self.client.flush_context(self.root_key)
22 def test_seal_with_auth(self):
26 blob = self.client.seal(self.root_key, data, auth, None)
27 result = self.client.unseal(self.root_key, blob, auth, None)
28 self.assertEqual(data, result)
30 def test_seal_with_policy(self):
31 handle = self.client.start_auth_session(tpm2.TPM2_SE_TRIAL)
38 self.client.policy_pcr(handle, pcrs)
39 self.client.policy_password(handle)
41 policy_dig = self.client.get_policy_digest(handle)
43 self.client.flush_context(handle)
45 blob = self.client.seal(self.root_key, data, auth, policy_dig)
47 handle = self.client.start_auth_session(tpm2.TPM2_SE_POLICY)
50 self.client.policy_pcr(handle, pcrs)
51 self.client.policy_password(handle)
53 result = self.client.unseal(self.root_key, blob, auth, handle)
55 self.client.flush_context(handle)
58 self.assertEqual(data, result)
60 def test_unseal_with_wrong_auth(self):
65 blob = self.client.seal(self.root_key, data, auth, None)
67 result = self.client.unseal(self.root_key, blob, auth[:-1] + 'B', None)
68 except ProtocolError, e:
71 self.assertEqual(rc, tpm2.TPM2_RC_AUTH_FAIL)
73 def test_unseal_with_wrong_policy(self):
74 handle = self.client.start_auth_session(tpm2.TPM2_SE_TRIAL)
81 self.client.policy_pcr(handle, pcrs)
82 self.client.policy_password(handle)
84 policy_dig = self.client.get_policy_digest(handle)
86 self.client.flush_context(handle)
88 blob = self.client.seal(self.root_key, data, auth, policy_dig)
90 # Extend first a PCR that is not part of the policy and try to unseal.
91 # This should succeed.
93 ds = tpm2.get_digest_size(tpm2.TPM2_ALG_SHA1)
94 self.client.extend_pcr(1, 'X' * ds)
96 handle = self.client.start_auth_session(tpm2.TPM2_SE_POLICY)
99 self.client.policy_pcr(handle, pcrs)
100 self.client.policy_password(handle)
102 result = self.client.unseal(self.root_key, blob, auth, handle)
104 self.client.flush_context(handle)
107 self.assertEqual(data, result)
109 # Then, extend a PCR that is part of the policy and try to unseal.
111 self.client.extend_pcr(16, 'X' * ds)
113 handle = self.client.start_auth_session(tpm2.TPM2_SE_POLICY)
118 self.client.policy_pcr(handle, pcrs)
119 self.client.policy_password(handle)
121 result = self.client.unseal(self.root_key, blob, auth, handle)
122 except ProtocolError, e:
124 self.client.flush_context(handle)
126 self.client.flush_context(handle)
129 self.assertEqual(rc, tpm2.TPM2_RC_POLICY_FAIL)
131 def test_seal_with_too_long_auth(self):
132 ds = tpm2.get_digest_size(tpm2.TPM2_ALG_SHA1)
134 auth = 'A' * (ds + 1)
138 blob = self.client.seal(self.root_key, data, auth, None)
139 except ProtocolError, e:
142 self.assertEqual(rc, tpm2.TPM2_RC_SIZE)
144 def test_too_short_cmd(self):
148 cmd = struct.pack(fmt,
149 tpm2.TPM2_ST_NO_SESSIONS,
150 struct.calcsize(fmt) + 1,
151 tpm2.TPM2_CC_FLUSH_CONTEXT,
154 self.client.send_cmd(cmd)
159 self.assertEqual(rejected, True)
161 class SpaceTest(unittest.TestCase):
163 logging.basicConfig(filename='SpaceTest.log', level=logging.DEBUG)
165 def test_make_two_spaces(self):
166 log = logging.getLogger(__name__)
167 log.debug("test_make_two_spaces")
169 space1 = tpm2.Client(tpm2.Client.FLAG_SPACE)
170 root1 = space1.create_root_key()
171 space2 = tpm2.Client(tpm2.Client.FLAG_SPACE)
172 root2 = space2.create_root_key()
173 root3 = space2.create_root_key()
175 log.debug("%08x" % (root1))
176 log.debug("%08x" % (root2))
177 log.debug("%08x" % (root3))
179 def test_flush_context(self):
180 log = logging.getLogger(__name__)
181 log.debug("test_flush_context")
183 space1 = tpm2.Client(tpm2.Client.FLAG_SPACE)
184 root1 = space1.create_root_key()
185 log.debug("%08x" % (root1))
187 space1.flush_context(root1)
189 def test_get_handles(self):
190 log = logging.getLogger(__name__)
191 log.debug("test_get_handles")
193 space1 = tpm2.Client(tpm2.Client.FLAG_SPACE)
194 space1.create_root_key()
195 space2 = tpm2.Client(tpm2.Client.FLAG_SPACE)
196 space2.create_root_key()
197 space2.create_root_key()
199 handles = space2.get_cap(tpm2.TPM2_CAP_HANDLES, tpm2.HR_TRANSIENT)
201 self.assertEqual(len(handles), 2)
203 log.debug("%08x" % (handles[0]))
204 log.debug("%08x" % (handles[1]))
206 def test_invalid_cc(self):
207 log = logging.getLogger(__name__)
208 log.debug(sys._getframe().f_code.co_name)
210 TPM2_CC_INVALID = tpm2.TPM2_CC_FIRST - 1
212 space1 = tpm2.Client(tpm2.Client.FLAG_SPACE)
213 root1 = space1.create_root_key()
214 log.debug("%08x" % (root1))
217 cmd = struct.pack(fmt, tpm2.TPM2_ST_NO_SESSIONS, struct.calcsize(fmt),
223 except ProtocolError, e:
226 self.assertEqual(rc, tpm2.TPM2_RC_COMMAND_CODE |
227 tpm2.TSS2_RESMGR_TPM_RC_LAYER)