smoke test update
diff --git a/tpm2.py b/tpm2.py
index d32a86e..ac420e2 100644
--- a/tpm2.py
+++ b/tpm2.py
@@ -12,6 +12,7 @@
TPM2_CC_CREATE_PRIMARY = 0x0131
TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET = 0x0139
+TPM2_CC_OBJECT_CHANGE_AUTH = 0x0150
TPM2_CC_CREATE = 0x0153
TPM2_CC_LOAD = 0x0157
TPM2_CC_UNSEAL = 0x015E
diff --git a/tpm2_sessions_smoke.py b/tpm2_sessions_smoke.py
index f9ce342..d233d08 100755
--- a/tpm2_sessions_smoke.py
+++ b/tpm2_sessions_smoke.py
@@ -9,7 +9,7 @@
import tss2
pwd1 = "wibble"
-
+pwd2 = "newpassword"
class SessionTest(unittest.TestCase):
def setUp(self):
@@ -31,7 +31,7 @@
raise e
return ha
- def test_handle_clearing(self):
+ def test_handle_flush_on_space_close(self):
i = self.open_handles()
print "Ran out of handles at %d" %len(i)
self.c.close()
@@ -52,19 +52,33 @@
def test_session_consumption(self):
self.c.read_public(self.c.SRK)
+ # authorization hmac session
hmac = self.c.start_session(tpm2.TPM2_SE_HMAC)
+ # parameter encryption session
enc = self.c.start_session(tpm2.TPM2_SE_HMAC, self.c.SRK)
+ # fill all remaing handles
i = self.open_handles()
# create rsa key continuing both hmac and encryption sessions
- k = self.c.create_rsa(self.c.SRK, pwd1, hmac, 1, enc, 1)
+ self.c.create_rsa(self.c.SRK, pwd1, hmac, 1, enc, 1)
# should be no handles left
i = self.open_handles()
self.assertEqual(len(i),0)
- k = self.c.create_rsa(self.c.SRK, pwd1, hmac, 0, enc, 0)
- # now should be two handles left
+ # now create rsa key continuing hmac and consuming encryption
+ k = self.c.create_rsa(self.c.SRK, pwd1, hmac, 1, enc, 0)
+ # now should be one handle remaining
i = self.open_handles()
- self.assertEqual(len(i),2)
+ self.assertEqual(len(i),1)
+ self.c.flush_context(i[0])
+ # check the hmac continuation actually works
k = self.c.load(self.c.SRK, k.outPrivate, k.outPublic, None)
+ print "Loaded key at handle %x" %k
+ # and finally verify with an authenticated encrypted operation
+ # consuming both handles
+ enc = self.c.start_session(tpm2.TPM2_SE_HMAC, k)
+ self.c.change_auth(self.c.SRK, k, pwd1, pwd2, hmac, 0, enc, 0)
+ i = self.open_handles()
+ self.assertEqual(len(i), 2)
+
diff --git a/tss2.py b/tss2.py
index 2ef0568..67f5a4f 100644
--- a/tss2.py
+++ b/tss2.py
@@ -117,6 +117,14 @@
_fields_ = [("objectHandle", ctypes.c_uint32),
("name", TPM2B_NONCE)]
+class ObjectChangeAuth_In(ctypes.Structure):
+ _fields_ = [("objectHandle", ctypes.c_uint32),
+ ("parentHandle", ctypes.c_uint32),
+ ("newAuth", TPM2B_NONCE)]
+
+class ObjectChangeAuth_Out(ctypes.Structure):
+ _fields_ = [("outPrivate", TPM2B_PRIVATE)]
+
class tpm_error(Exception):
def __init__(self, rc):
@@ -197,8 +205,10 @@
inp.parentHandle = parent
if (auth != None):
- inp.inSensitive.sensitive.userAuth.b = ctypes.c_ubyte_Array_128(auth)
- inp.inSensitive.sensitive.userAuth.s = strlen(auth)
+ lenauth = len(auth)
+ print "AUTh len is %d" %lenauth
+ inp.inSensitive.sensitive.userAuth.b[0:lenauth] = bytearray(auth)
+ inp.inSensitive.sensitive.userAuth.s = lenauth
inp.inPublic.publicArea.Type = tpm2.TPM2_ALG_RSA
inp.inPublic.publicArea.nameAlg = tpm2.TPM2_ALG_SHA256
inp.inPublic.publicArea.objectAttributes = tpm2.TPMA_OBJECT_NODA | tpm2.TPMA_OBJECT_DECRYPT | tpm2.TPMA_OBJECT_USERWITHAUTH | tpm2.TPMA_OBJECT_SENSITIVEDATAORIGIN
@@ -231,3 +241,20 @@
tpm2.TPM2_RH_NULL, None, 0);
return out.objectHandle
+
+ def change_auth(self, parent, handle, oldauth, newauth, hmacSession = tpm2.TPM2_RS_PW, hmacCont = 0, encSession = tpm2.TPM2_RH_NULL, encCont = 0):
+ inp = ObjectChangeAuth_In()
+ out = ObjectChangeAuth_Out()
+
+ inp.parentHandle = parent
+ inp.objectHandle = handle
+ inp.newAuth.b[0:len(newauth)] = bytearray(newauth)
+ inp.newAuth.s = len(newauth)
+
+ self.TSS_Execute(ctypes.byref(out), ctypes.byref(inp), None,
+ tpm2.TPM2_CC_OBJECT_CHANGE_AUTH,
+ hmacSession, oldauth, hmacCont,
+ encSession, None, encCont | 0x20,
+ tpm2.TPM2_RH_NULL, None, 0)
+
+ return out.outPrivate