xref: /linux/tools/testing/selftests/tpm2/tpm2.py (revision 2b64b2ed277ff23e785fbdb65098ee7e1252d64f)
1# SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
2
3import hashlib
4import os
5import socket
6import struct
7import sys
8import unittest
9from fcntl import ioctl
10
11
12TPM2_ST_NO_SESSIONS = 0x8001
13TPM2_ST_SESSIONS = 0x8002
14
15TPM2_CC_FIRST = 0x01FF
16
17TPM2_CC_CREATE_PRIMARY = 0x0131
18TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET = 0x0139
19TPM2_CC_CREATE = 0x0153
20TPM2_CC_LOAD = 0x0157
21TPM2_CC_UNSEAL = 0x015E
22TPM2_CC_FLUSH_CONTEXT = 0x0165
23TPM2_CC_START_AUTH_SESSION = 0x0176
24TPM2_CC_GET_CAPABILITY	= 0x017A
25TPM2_CC_PCR_READ = 0x017E
26TPM2_CC_POLICY_PCR = 0x017F
27TPM2_CC_PCR_EXTEND = 0x0182
28TPM2_CC_POLICY_PASSWORD = 0x018C
29TPM2_CC_POLICY_GET_DIGEST = 0x0189
30
31TPM2_SE_POLICY = 0x01
32TPM2_SE_TRIAL = 0x03
33
34TPM2_ALG_RSA = 0x0001
35TPM2_ALG_SHA1 = 0x0004
36TPM2_ALG_AES = 0x0006
37TPM2_ALG_KEYEDHASH = 0x0008
38TPM2_ALG_SHA256 = 0x000B
39TPM2_ALG_NULL = 0x0010
40TPM2_ALG_CBC = 0x0042
41TPM2_ALG_CFB = 0x0043
42
43TPM2_RH_OWNER = 0x40000001
44TPM2_RH_NULL = 0x40000007
45TPM2_RH_LOCKOUT = 0x4000000A
46TPM2_RS_PW = 0x40000009
47
48TPM2_RC_SIZE            = 0x01D5
49TPM2_RC_AUTH_FAIL       = 0x098E
50TPM2_RC_POLICY_FAIL     = 0x099D
51TPM2_RC_COMMAND_CODE    = 0x0143
52
53TSS2_RC_LAYER_SHIFT = 16
54TSS2_RESMGR_TPM_RC_LAYER = (11 << TSS2_RC_LAYER_SHIFT)
55
56TPM2_CAP_HANDLES = 0x00000001
57TPM2_CAP_COMMANDS = 0x00000002
58TPM2_CAP_TPM_PROPERTIES = 0x00000006
59
60TPM2_PT_FIXED = 0x100
61TPM2_PT_TOTAL_COMMANDS = TPM2_PT_FIXED + 41
62
63HR_SHIFT = 24
64HR_LOADED_SESSION = 0x02000000
65HR_TRANSIENT = 0x80000000
66
67SHA1_DIGEST_SIZE = 20
68SHA256_DIGEST_SIZE = 32
69
70TPM2_VER0_ERRORS = {
71    0x000: "TPM_RC_SUCCESS",
72    0x030: "TPM_RC_BAD_TAG",
73}
74
75TPM2_VER1_ERRORS = {
76    0x000: "TPM_RC_FAILURE",
77    0x001: "TPM_RC_FAILURE",
78    0x003: "TPM_RC_SEQUENCE",
79    0x00B: "TPM_RC_PRIVATE",
80    0x019: "TPM_RC_HMAC",
81    0x020: "TPM_RC_DISABLED",
82    0x021: "TPM_RC_EXCLUSIVE",
83    0x024: "TPM_RC_AUTH_TYPE",
84    0x025: "TPM_RC_AUTH_MISSING",
85    0x026: "TPM_RC_POLICY",
86    0x027: "TPM_RC_PCR",
87    0x028: "TPM_RC_PCR_CHANGED",
88    0x02D: "TPM_RC_UPGRADE",
89    0x02E: "TPM_RC_TOO_MANY_CONTEXTS",
90    0x02F: "TPM_RC_AUTH_UNAVAILABLE",
91    0x030: "TPM_RC_REBOOT",
92    0x031: "TPM_RC_UNBALANCED",
93    0x042: "TPM_RC_COMMAND_SIZE",
94    0x043: "TPM_RC_COMMAND_CODE",
95    0x044: "TPM_RC_AUTHSIZE",
96    0x045: "TPM_RC_AUTH_CONTEXT",
97    0x046: "TPM_RC_NV_RANGE",
98    0x047: "TPM_RC_NV_SIZE",
99    0x048: "TPM_RC_NV_LOCKED",
100    0x049: "TPM_RC_NV_AUTHORIZATION",
101    0x04A: "TPM_RC_NV_UNINITIALIZED",
102    0x04B: "TPM_RC_NV_SPACE",
103    0x04C: "TPM_RC_NV_DEFINED",
104    0x050: "TPM_RC_BAD_CONTEXT",
105    0x051: "TPM_RC_CPHASH",
106    0x052: "TPM_RC_PARENT",
107    0x053: "TPM_RC_NEEDS_TEST",
108    0x054: "TPM_RC_NO_RESULT",
109    0x055: "TPM_RC_SENSITIVE",
110    0x07F: "RC_MAX_FM0",
111}
112
113TPM2_FMT1_ERRORS = {
114    0x001: "TPM_RC_ASYMMETRIC",
115    0x002: "TPM_RC_ATTRIBUTES",
116    0x003: "TPM_RC_HASH",
117    0x004: "TPM_RC_VALUE",
118    0x005: "TPM_RC_HIERARCHY",
119    0x007: "TPM_RC_KEY_SIZE",
120    0x008: "TPM_RC_MGF",
121    0x009: "TPM_RC_MODE",
122    0x00A: "TPM_RC_TYPE",
123    0x00B: "TPM_RC_HANDLE",
124    0x00C: "TPM_RC_KDF",
125    0x00D: "TPM_RC_RANGE",
126    0x00E: "TPM_RC_AUTH_FAIL",
127    0x00F: "TPM_RC_NONCE",
128    0x010: "TPM_RC_PP",
129    0x012: "TPM_RC_SCHEME",
130    0x015: "TPM_RC_SIZE",
131    0x016: "TPM_RC_SYMMETRIC",
132    0x017: "TPM_RC_TAG",
133    0x018: "TPM_RC_SELECTOR",
134    0x01A: "TPM_RC_INSUFFICIENT",
135    0x01B: "TPM_RC_SIGNATURE",
136    0x01C: "TPM_RC_KEY",
137    0x01D: "TPM_RC_POLICY_FAIL",
138    0x01F: "TPM_RC_INTEGRITY",
139    0x020: "TPM_RC_TICKET",
140    0x021: "TPM_RC_RESERVED_BITS",
141    0x022: "TPM_RC_BAD_AUTH",
142    0x023: "TPM_RC_EXPIRED",
143    0x024: "TPM_RC_POLICY_CC",
144    0x025: "TPM_RC_BINDING",
145    0x026: "TPM_RC_CURVE",
146    0x027: "TPM_RC_ECC_POINT",
147}
148
149TPM2_WARN_ERRORS = {
150    0x001: "TPM_RC_CONTEXT_GAP",
151    0x002: "TPM_RC_OBJECT_MEMORY",
152    0x003: "TPM_RC_SESSION_MEMORY",
153    0x004: "TPM_RC_MEMORY",
154    0x005: "TPM_RC_SESSION_HANDLES",
155    0x006: "TPM_RC_OBJECT_HANDLES",
156    0x007: "TPM_RC_LOCALITY",
157    0x008: "TPM_RC_YIELDED",
158    0x009: "TPM_RC_CANCELED",
159    0x00A: "TPM_RC_TESTING",
160    0x010: "TPM_RC_REFERENCE_H0",
161    0x011: "TPM_RC_REFERENCE_H1",
162    0x012: "TPM_RC_REFERENCE_H2",
163    0x013: "TPM_RC_REFERENCE_H3",
164    0x014: "TPM_RC_REFERENCE_H4",
165    0x015: "TPM_RC_REFERENCE_H5",
166    0x016: "TPM_RC_REFERENCE_H6",
167    0x018: "TPM_RC_REFERENCE_S0",
168    0x019: "TPM_RC_REFERENCE_S1",
169    0x01A: "TPM_RC_REFERENCE_S2",
170    0x01B: "TPM_RC_REFERENCE_S3",
171    0x01C: "TPM_RC_REFERENCE_S4",
172    0x01D: "TPM_RC_REFERENCE_S5",
173    0x01E: "TPM_RC_REFERENCE_S6",
174    0x020: "TPM_RC_NV_RATE",
175    0x021: "TPM_RC_LOCKOUT",
176    0x022: "TPM_RC_RETRY",
177    0x023: "TPM_RC_NV_UNAVAILABLE",
178    0x7F: "TPM_RC_NOT_USED",
179}
180
181RC_VER1 = 0x100
182RC_FMT1 = 0x080
183RC_WARN = 0x900
184
185ALG_DIGEST_SIZE_MAP = {
186    TPM2_ALG_SHA1: SHA1_DIGEST_SIZE,
187    TPM2_ALG_SHA256: SHA256_DIGEST_SIZE,
188}
189
190ALG_HASH_FUNCTION_MAP = {
191    TPM2_ALG_SHA1: hashlib.sha1,
192    TPM2_ALG_SHA256: hashlib.sha256
193}
194
195NAME_ALG_MAP = {
196    "sha1": TPM2_ALG_SHA1,
197    "sha256": TPM2_ALG_SHA256,
198}
199
200
201class UnknownAlgorithmIdError(Exception):
202    def __init__(self, alg):
203        self.alg = alg
204
205    def __str__(self):
206        return '0x%0x' % (alg)
207
208
209class UnknownAlgorithmNameError(Exception):
210    def __init__(self, name):
211        self.name = name
212
213    def __str__(self):
214        return name
215
216
217class UnknownPCRBankError(Exception):
218    def __init__(self, alg):
219        self.alg = alg
220
221    def __str__(self):
222        return '0x%0x' % (alg)
223
224
225class ProtocolError(Exception):
226    def __init__(self, cc, rc):
227        self.cc = cc
228        self.rc = rc
229
230        if (rc & RC_FMT1) == RC_FMT1:
231            self.name = TPM2_FMT1_ERRORS.get(rc & 0x3f, "TPM_RC_UNKNOWN")
232        elif (rc & RC_WARN) == RC_WARN:
233            self.name = TPM2_WARN_ERRORS.get(rc & 0x7f, "TPM_RC_UNKNOWN")
234        elif (rc & RC_VER1) == RC_VER1:
235            self.name = TPM2_VER1_ERRORS.get(rc & 0x7f, "TPM_RC_UNKNOWN")
236        else:
237            self.name = TPM2_VER0_ERRORS.get(rc & 0x7f, "TPM_RC_UNKNOWN")
238
239    def __str__(self):
240        if self.cc:
241            return '%s: cc=0x%08x, rc=0x%08x' % (self.name, self.cc, self.rc)
242        else:
243            return '%s: rc=0x%08x' % (self.name, self.rc)
244
245
246class AuthCommand(object):
247    """TPMS_AUTH_COMMAND"""
248
249    def __init__(self, session_handle=TPM2_RS_PW, nonce='', session_attributes=0,
250                 hmac=''):
251        self.session_handle = session_handle
252        self.nonce = nonce
253        self.session_attributes = session_attributes
254        self.hmac = hmac
255
256    def __str__(self):
257        fmt = '>I H%us B H%us' % (len(self.nonce), len(self.hmac))
258        return struct.pack(fmt, self.session_handle, len(self.nonce),
259                           self.nonce, self.session_attributes, len(self.hmac),
260                           self.hmac)
261
262    def __len__(self):
263        fmt = '>I H%us B H%us' % (len(self.nonce), len(self.hmac))
264        return struct.calcsize(fmt)
265
266
267class SensitiveCreate(object):
268    """TPMS_SENSITIVE_CREATE"""
269
270    def __init__(self, user_auth='', data=''):
271        self.user_auth = user_auth
272        self.data = data
273
274    def __str__(self):
275        fmt = '>H%us H%us' % (len(self.user_auth), len(self.data))
276        return struct.pack(fmt, len(self.user_auth), self.user_auth,
277                           len(self.data), self.data)
278
279    def __len__(self):
280        fmt = '>H%us H%us' % (len(self.user_auth), len(self.data))
281        return struct.calcsize(fmt)
282
283
284class Public(object):
285    """TPMT_PUBLIC"""
286
287    FIXED_TPM = (1 << 1)
288    FIXED_PARENT = (1 << 4)
289    SENSITIVE_DATA_ORIGIN = (1 << 5)
290    USER_WITH_AUTH = (1 << 6)
291    RESTRICTED = (1 << 16)
292    DECRYPT = (1 << 17)
293
294    def __fmt(self):
295        return '>HHIH%us%usH%us' % \
296            (len(self.auth_policy), len(self.parameters), len(self.unique))
297
298    def __init__(self, object_type, name_alg, object_attributes, auth_policy='',
299                 parameters='', unique=''):
300        self.object_type = object_type
301        self.name_alg = name_alg
302        self.object_attributes = object_attributes
303        self.auth_policy = auth_policy
304        self.parameters = parameters
305        self.unique = unique
306
307    def __str__(self):
308        return struct.pack(self.__fmt(),
309                           self.object_type,
310                           self.name_alg,
311                           self.object_attributes,
312                           len(self.auth_policy),
313                           self.auth_policy,
314                           self.parameters,
315                           len(self.unique),
316                           self.unique)
317
318    def __len__(self):
319        return struct.calcsize(self.__fmt())
320
321
322def get_digest_size(alg):
323    ds = ALG_DIGEST_SIZE_MAP.get(alg)
324    if not ds:
325        raise UnknownAlgorithmIdError(alg)
326    return ds
327
328
329def get_hash_function(alg):
330    f = ALG_HASH_FUNCTION_MAP.get(alg)
331    if not f:
332        raise UnknownAlgorithmIdError(alg)
333    return f
334
335
336def get_algorithm(name):
337    alg = NAME_ALG_MAP.get(name)
338    if not alg:
339        raise UnknownAlgorithmNameError(name)
340    return alg
341
342
343def hex_dump(d):
344    d = [format(ord(x), '02x') for x in d]
345    d = [d[i: i + 16] for i in xrange(0, len(d), 16)]
346    d = [' '.join(x) for x in d]
347    d = os.linesep.join(d)
348
349    return d
350
351class Client:
352    FLAG_DEBUG = 0x01
353    FLAG_SPACE = 0x02
354    TPM_IOC_NEW_SPACE = 0xa200
355
356    def __init__(self, flags = 0):
357        self.flags = flags
358
359        if (self.flags & Client.FLAG_SPACE) == 0:
360            self.tpm = open('/dev/tpm0', 'r+b')
361        else:
362            self.tpm = open('/dev/tpmrm0', 'r+b')
363
364    def close(self):
365        self.tpm.close()
366
367    def send_cmd(self, cmd):
368        self.tpm.write(cmd)
369        rsp = self.tpm.read()
370
371        if (self.flags & Client.FLAG_DEBUG) != 0:
372            sys.stderr.write('cmd' + os.linesep)
373            sys.stderr.write(hex_dump(cmd) + os.linesep)
374            sys.stderr.write('rsp' + os.linesep)
375            sys.stderr.write(hex_dump(rsp) + os.linesep)
376
377        rc = struct.unpack('>I', rsp[6:10])[0]
378        if rc != 0:
379            cc = struct.unpack('>I', cmd[6:10])[0]
380            raise ProtocolError(cc, rc)
381
382        return rsp
383
384    def read_pcr(self, i, bank_alg = TPM2_ALG_SHA1):
385        pcrsel_len = max((i >> 3) + 1, 3)
386        pcrsel = [0] * pcrsel_len
387        pcrsel[i >> 3] = 1 << (i & 7)
388        pcrsel = ''.join(map(chr, pcrsel))
389
390        fmt = '>HII IHB%us' % (pcrsel_len)
391        cmd = struct.pack(fmt,
392                          TPM2_ST_NO_SESSIONS,
393                          struct.calcsize(fmt),
394                          TPM2_CC_PCR_READ,
395                          1,
396                          bank_alg,
397                          pcrsel_len, pcrsel)
398
399        rsp = self.send_cmd(cmd)
400
401        pcr_update_cnt, pcr_select_cnt = struct.unpack('>II', rsp[10:18])
402        assert pcr_select_cnt == 1
403        rsp = rsp[18:]
404
405        alg2, pcrsel_len2 = struct.unpack('>HB', rsp[:3])
406        assert bank_alg == alg2 and pcrsel_len == pcrsel_len2
407        rsp = rsp[3 + pcrsel_len:]
408
409        digest_cnt = struct.unpack('>I', rsp[:4])[0]
410        if digest_cnt == 0:
411            return None
412        rsp = rsp[6:]
413
414        return rsp
415
416    def extend_pcr(self, i, dig, bank_alg = TPM2_ALG_SHA1):
417        ds = get_digest_size(bank_alg)
418        assert(ds == len(dig))
419
420        auth_cmd = AuthCommand()
421
422        fmt = '>HII I I%us IH%us' % (len(auth_cmd), ds)
423        cmd = struct.pack(
424            fmt,
425            TPM2_ST_SESSIONS,
426            struct.calcsize(fmt),
427            TPM2_CC_PCR_EXTEND,
428            i,
429            len(auth_cmd),
430            str(auth_cmd),
431            1, bank_alg, dig)
432
433        self.send_cmd(cmd)
434
435    def start_auth_session(self, session_type, name_alg = TPM2_ALG_SHA1):
436        fmt = '>HII IIH16sHBHH'
437        cmd = struct.pack(fmt,
438                          TPM2_ST_NO_SESSIONS,
439                          struct.calcsize(fmt),
440                          TPM2_CC_START_AUTH_SESSION,
441                          TPM2_RH_NULL,
442                          TPM2_RH_NULL,
443                          16,
444                          '\0' * 16,
445                          0,
446                          session_type,
447                          TPM2_ALG_NULL,
448                          name_alg)
449
450        return struct.unpack('>I', self.send_cmd(cmd)[10:14])[0]
451
452    def __calc_pcr_digest(self, pcrs, bank_alg = TPM2_ALG_SHA1,
453                          digest_alg = TPM2_ALG_SHA1):
454        x = []
455        f = get_hash_function(digest_alg)
456
457        for i in pcrs:
458            pcr = self.read_pcr(i, bank_alg)
459            if pcr == None:
460                return None
461            x += pcr
462
463        return f(bytearray(x)).digest()
464
465    def policy_pcr(self, handle, pcrs, bank_alg = TPM2_ALG_SHA1,
466                   name_alg = TPM2_ALG_SHA1):
467        ds = get_digest_size(name_alg)
468        dig = self.__calc_pcr_digest(pcrs, bank_alg, name_alg)
469        if not dig:
470            raise UnknownPCRBankError(bank_alg)
471
472        pcrsel_len = max((max(pcrs) >> 3) + 1, 3)
473        pcrsel = [0] * pcrsel_len
474        for i in pcrs:
475            pcrsel[i >> 3] |= 1 << (i & 7)
476        pcrsel = ''.join(map(chr, pcrsel))
477
478        fmt = '>HII IH%usIHB3s' % ds
479        cmd = struct.pack(fmt,
480                          TPM2_ST_NO_SESSIONS,
481                          struct.calcsize(fmt),
482                          TPM2_CC_POLICY_PCR,
483                          handle,
484                          len(dig), str(dig),
485                          1,
486                          bank_alg,
487                          pcrsel_len, pcrsel)
488
489        self.send_cmd(cmd)
490
491    def policy_password(self, handle):
492        fmt = '>HII I'
493        cmd = struct.pack(fmt,
494                          TPM2_ST_NO_SESSIONS,
495                          struct.calcsize(fmt),
496                          TPM2_CC_POLICY_PASSWORD,
497                          handle)
498
499        self.send_cmd(cmd)
500
501    def get_policy_digest(self, handle):
502        fmt = '>HII I'
503        cmd = struct.pack(fmt,
504                          TPM2_ST_NO_SESSIONS,
505                          struct.calcsize(fmt),
506                          TPM2_CC_POLICY_GET_DIGEST,
507                          handle)
508
509        return self.send_cmd(cmd)[12:]
510
511    def flush_context(self, handle):
512        fmt = '>HIII'
513        cmd = struct.pack(fmt,
514                          TPM2_ST_NO_SESSIONS,
515                          struct.calcsize(fmt),
516                          TPM2_CC_FLUSH_CONTEXT,
517                          handle)
518
519        self.send_cmd(cmd)
520
521    def create_root_key(self, auth_value = ''):
522        attributes = \
523            Public.FIXED_TPM | \
524            Public.FIXED_PARENT | \
525            Public.SENSITIVE_DATA_ORIGIN | \
526            Public.USER_WITH_AUTH | \
527            Public.RESTRICTED | \
528            Public.DECRYPT
529
530        auth_cmd = AuthCommand()
531        sensitive = SensitiveCreate(user_auth=auth_value)
532
533        public_parms = struct.pack(
534            '>HHHHHI',
535            TPM2_ALG_AES,
536            128,
537            TPM2_ALG_CFB,
538            TPM2_ALG_NULL,
539            2048,
540            0)
541
542        public = Public(
543            object_type=TPM2_ALG_RSA,
544            name_alg=TPM2_ALG_SHA1,
545            object_attributes=attributes,
546            parameters=public_parms)
547
548        fmt = '>HIII I%us H%us H%us HI' % \
549            (len(auth_cmd), len(sensitive), len(public))
550        cmd = struct.pack(
551            fmt,
552            TPM2_ST_SESSIONS,
553            struct.calcsize(fmt),
554            TPM2_CC_CREATE_PRIMARY,
555            TPM2_RH_OWNER,
556            len(auth_cmd),
557            str(auth_cmd),
558            len(sensitive),
559            str(sensitive),
560            len(public),
561            str(public),
562            0, 0)
563
564        return struct.unpack('>I', self.send_cmd(cmd)[10:14])[0]
565
566    def seal(self, parent_key, data, auth_value, policy_dig,
567             name_alg = TPM2_ALG_SHA1):
568        ds = get_digest_size(name_alg)
569        assert(not policy_dig or ds == len(policy_dig))
570
571        attributes = 0
572        if not policy_dig:
573            attributes |= Public.USER_WITH_AUTH
574            policy_dig = ''
575
576        auth_cmd =  AuthCommand()
577        sensitive = SensitiveCreate(user_auth=auth_value, data=data)
578
579        public = Public(
580            object_type=TPM2_ALG_KEYEDHASH,
581            name_alg=name_alg,
582            object_attributes=attributes,
583            auth_policy=policy_dig,
584            parameters=struct.pack('>H', TPM2_ALG_NULL))
585
586        fmt = '>HIII I%us H%us H%us HI' % \
587            (len(auth_cmd), len(sensitive), len(public))
588        cmd = struct.pack(
589            fmt,
590            TPM2_ST_SESSIONS,
591            struct.calcsize(fmt),
592            TPM2_CC_CREATE,
593            parent_key,
594            len(auth_cmd),
595            str(auth_cmd),
596            len(sensitive),
597            str(sensitive),
598            len(public),
599            str(public),
600            0, 0)
601
602        rsp = self.send_cmd(cmd)
603
604        return rsp[14:]
605
606    def unseal(self, parent_key, blob, auth_value, policy_handle):
607        private_len = struct.unpack('>H', blob[0:2])[0]
608        public_start = private_len + 2
609        public_len = struct.unpack('>H', blob[public_start:public_start + 2])[0]
610        blob = blob[:private_len + public_len + 4]
611
612        auth_cmd = AuthCommand()
613
614        fmt = '>HII I I%us %us' % (len(auth_cmd), len(blob))
615        cmd = struct.pack(
616            fmt,
617            TPM2_ST_SESSIONS,
618            struct.calcsize(fmt),
619            TPM2_CC_LOAD,
620            parent_key,
621            len(auth_cmd),
622            str(auth_cmd),
623            blob)
624
625        data_handle = struct.unpack('>I', self.send_cmd(cmd)[10:14])[0]
626
627        if policy_handle:
628            auth_cmd = AuthCommand(session_handle=policy_handle, hmac=auth_value)
629        else:
630            auth_cmd = AuthCommand(hmac=auth_value)
631
632        fmt = '>HII I I%us' % (len(auth_cmd))
633        cmd = struct.pack(
634            fmt,
635            TPM2_ST_SESSIONS,
636            struct.calcsize(fmt),
637            TPM2_CC_UNSEAL,
638            data_handle,
639            len(auth_cmd),
640            str(auth_cmd))
641
642        try:
643            rsp = self.send_cmd(cmd)
644        finally:
645            self.flush_context(data_handle)
646
647        data_len = struct.unpack('>I', rsp[10:14])[0] - 2
648
649        return rsp[16:16 + data_len]
650
651    def reset_da_lock(self):
652        auth_cmd = AuthCommand()
653
654        fmt = '>HII I I%us' % (len(auth_cmd))
655        cmd = struct.pack(
656            fmt,
657            TPM2_ST_SESSIONS,
658            struct.calcsize(fmt),
659            TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET,
660            TPM2_RH_LOCKOUT,
661            len(auth_cmd),
662            str(auth_cmd))
663
664        self.send_cmd(cmd)
665
666    def __get_cap_cnt(self, cap, pt, cnt):
667        handles = []
668        fmt = '>HII III'
669
670        cmd = struct.pack(fmt,
671                          TPM2_ST_NO_SESSIONS,
672                          struct.calcsize(fmt),
673                          TPM2_CC_GET_CAPABILITY,
674                          cap, pt, cnt)
675
676        rsp = self.send_cmd(cmd)[10:]
677        more_data, cap, cnt = struct.unpack('>BII', rsp[:9])
678        rsp = rsp[9:]
679
680        for i in xrange(0, cnt):
681            handle = struct.unpack('>I', rsp[:4])[0]
682            handles.append(handle)
683            rsp = rsp[4:]
684
685        return handles, more_data
686
687    def get_cap(self, cap, pt):
688        handles = []
689
690        more_data = True
691        while more_data:
692            next_handles, more_data = self.__get_cap_cnt(cap, pt, 1)
693            handles += next_handles
694            pt += 1
695
696        return handles
697