1 # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
3 from argparse import ArgumentParser
4 from argparse import FileType
8 from tpm2 import ProtocolError
13 class SmokeTest(unittest.TestCase):
15 self.client = tpm2.Client()
16 self.root_key = self.client.create_root_key()
19 self.client.flush_context(self.root_key)
22 def test_seal_with_auth(self):
26 blob = self.client.seal(self.root_key, data, auth, None)
27 result = self.client.unseal(self.root_key, blob, auth, None)
28 self.assertEqual(data, result)
30 def test_seal_with_policy(self):
31 handle = self.client.start_auth_session(tpm2.TPM2_SE_TRIAL)
38 self.client.policy_pcr(handle, pcrs)
39 self.client.policy_password(handle)
41 policy_dig = self.client.get_policy_digest(handle)
43 self.client.flush_context(handle)
45 blob = self.client.seal(self.root_key, data, auth, policy_dig)
47 handle = self.client.start_auth_session(tpm2.TPM2_SE_POLICY)
50 self.client.policy_pcr(handle, pcrs)
51 self.client.policy_password(handle)
53 result = self.client.unseal(self.root_key, blob, auth, handle)
55 self.client.flush_context(handle)
58 self.assertEqual(data, result)
60 def test_unseal_with_wrong_auth(self):
65 blob = self.client.seal(self.root_key, data, auth, None)
67 result = self.client.unseal(self.root_key, blob, auth[:-1] + 'B', None)
68 except ProtocolError, e:
71 self.assertEqual(rc, tpm2.TPM2_RC_AUTH_FAIL)
73 def test_unseal_with_wrong_policy(self):
74 handle = self.client.start_auth_session(tpm2.TPM2_SE_TRIAL)
81 self.client.policy_pcr(handle, pcrs)
82 self.client.policy_password(handle)
84 policy_dig = self.client.get_policy_digest(handle)
86 self.client.flush_context(handle)
88 blob = self.client.seal(self.root_key, data, auth, policy_dig)
90 # Extend first a PCR that is not part of the policy and try to unseal.
91 # This should succeed.
93 ds = tpm2.get_digest_size(tpm2.TPM2_ALG_SHA1)
94 self.client.extend_pcr(1, 'X' * ds)
96 handle = self.client.start_auth_session(tpm2.TPM2_SE_POLICY)
99 self.client.policy_pcr(handle, pcrs)
100 self.client.policy_password(handle)
102 result = self.client.unseal(self.root_key, blob, auth, handle)
104 self.client.flush_context(handle)
107 self.assertEqual(data, result)
109 # Then, extend a PCR that is part of the policy and try to unseal.
111 self.client.extend_pcr(16, 'X' * ds)
113 handle = self.client.start_auth_session(tpm2.TPM2_SE_POLICY)
118 self.client.policy_pcr(handle, pcrs)
119 self.client.policy_password(handle)
121 result = self.client.unseal(self.root_key, blob, auth, handle)
122 except ProtocolError, e:
124 self.client.flush_context(handle)
126 self.client.flush_context(handle)
129 self.assertEqual(rc, tpm2.TPM2_RC_POLICY_FAIL)
131 def test_seal_with_too_long_auth(self):
132 ds = tpm2.get_digest_size(tpm2.TPM2_ALG_SHA1)
134 auth = 'A' * (ds + 1)
138 blob = self.client.seal(self.root_key, data, auth, None)
139 except ProtocolError, e:
142 self.assertEqual(rc, tpm2.TPM2_RC_SIZE)
144 def test_too_short_cmd(self):
148 cmd = struct.pack(fmt,
149 tpm2.TPM2_ST_NO_SESSIONS,
150 struct.calcsize(fmt) + 1,
151 tpm2.TPM2_CC_FLUSH_CONTEXT,
154 self.client.send_cmd(cmd)
159 self.assertEqual(rejected, True)
161 def test_read_partial_resp(self):
164 cmd = struct.pack(fmt,
165 tpm2.TPM2_ST_NO_SESSIONS,
166 struct.calcsize(fmt),
167 tpm2.TPM2_CC_GET_RANDOM,
169 self.client.tpm.write(cmd)
170 hdr = self.client.tpm.read(10)
171 sz = struct.unpack('>I', hdr[2:6])[0]
172 rsp = self.client.tpm.read()
175 self.assertEqual(sz, 10 + 2 + 32)
176 self.assertEqual(len(rsp), 2 + 32)
178 def test_read_partial_overwrite(self):
181 cmd = struct.pack(fmt,
182 tpm2.TPM2_ST_NO_SESSIONS,
183 struct.calcsize(fmt),
184 tpm2.TPM2_CC_GET_RANDOM,
186 self.client.tpm.write(cmd)
187 # Read part of the respone
188 rsp1 = self.client.tpm.read(15)
191 self.client.tpm.write(cmd)
193 # Read the whole respone
194 rsp2 = self.client.tpm.read()
197 self.assertEqual(len(rsp1), 15)
198 self.assertEqual(len(rsp2), 10 + 2 + 32)
200 def test_send_two_cmds(self):
204 cmd = struct.pack(fmt,
205 tpm2.TPM2_ST_NO_SESSIONS,
206 struct.calcsize(fmt),
207 tpm2.TPM2_CC_GET_RANDOM,
209 self.client.tpm.write(cmd)
211 # expect the second one to raise -EBUSY error
212 self.client.tpm.write(cmd)
213 rsp = self.client.tpm.read()
217 rsp = self.client.tpm.read()
222 self.assertEqual(rejected, True)
224 class SpaceTest(unittest.TestCase):
226 logging.basicConfig(filename='SpaceTest.log', level=logging.DEBUG)
228 def test_make_two_spaces(self):
229 log = logging.getLogger(__name__)
230 log.debug("test_make_two_spaces")
232 space1 = tpm2.Client(tpm2.Client.FLAG_SPACE)
233 root1 = space1.create_root_key()
234 space2 = tpm2.Client(tpm2.Client.FLAG_SPACE)
235 root2 = space2.create_root_key()
236 root3 = space2.create_root_key()
238 log.debug("%08x" % (root1))
239 log.debug("%08x" % (root2))
240 log.debug("%08x" % (root3))
242 def test_flush_context(self):
243 log = logging.getLogger(__name__)
244 log.debug("test_flush_context")
246 space1 = tpm2.Client(tpm2.Client.FLAG_SPACE)
247 root1 = space1.create_root_key()
248 log.debug("%08x" % (root1))
250 space1.flush_context(root1)
252 def test_get_handles(self):
253 log = logging.getLogger(__name__)
254 log.debug("test_get_handles")
256 space1 = tpm2.Client(tpm2.Client.FLAG_SPACE)
257 space1.create_root_key()
258 space2 = tpm2.Client(tpm2.Client.FLAG_SPACE)
259 space2.create_root_key()
260 space2.create_root_key()
262 handles = space2.get_cap(tpm2.TPM2_CAP_HANDLES, tpm2.HR_TRANSIENT)
264 self.assertEqual(len(handles), 2)
266 log.debug("%08x" % (handles[0]))
267 log.debug("%08x" % (handles[1]))
269 def test_invalid_cc(self):
270 log = logging.getLogger(__name__)
271 log.debug(sys._getframe().f_code.co_name)
273 TPM2_CC_INVALID = tpm2.TPM2_CC_FIRST - 1
275 space1 = tpm2.Client(tpm2.Client.FLAG_SPACE)
276 root1 = space1.create_root_key()
277 log.debug("%08x" % (root1))
280 cmd = struct.pack(fmt, tpm2.TPM2_ST_NO_SESSIONS, struct.calcsize(fmt),
286 except ProtocolError, e:
289 self.assertEqual(rc, tpm2.TPM2_RC_COMMAND_CODE |
290 tpm2.TSS2_RESMGR_TPM_RC_LAYER)