Incorrect Exception Return in FAPI #661
Description
Using this program the reported exception is, "tpm2_pytss.TSS2_Exception.TSS2_Exception: tpm:parameter(1):value is out of range or is not correct for the context"
However, I would expect a policy/auth failure exception instead
#!/usr/bin/env python
# SPDX-License-Identifier: 0BSD
import os
from contextlib import ExitStack
from textwrap import dedent as DD
from tpm2_pytss import FAPI, FAPIConfig, TSS2_Exception
# we use ExitStack so we don't have to double nest with statements
with ExitStack() as stack:
# Set up the config for the environment
stack.enter_context(
FAPIConfig(
temp_dirs=True,
tcti=os.environ.get("TPM2TOOLS_TCTI"),
ek_cert_less="yes",
profile_name="P_RSA2048SHA256",
firmware_log_file="/dev/null",
ima_log_file="/dev/null",
)
)
# Create a FAPI instance and add it to our stack
f = stack.enter_context(FAPI())
# Provision it, defaults are OK here
f.provision()
# Create a JSON Policy File
json_policy = DD(
"""
{
"description":"Policy PCR for PCR 16",
"policy":[
{
"type":"POLICYPCR",
"currentPCRs": [ 16 ]
}
]
}
""")
# Import that Policy
f.import_object("/policy/my_policy", json_policy)
# Seal some data, convert the string to bytes with encode
f.create_seal(
"/SRK/my_seal", data="Hello World".encode(), policy_path="/policy/my_policy")
# Unseal that data
unsealed = f.unseal("/SRK/my_seal")
# decode that sealed data and print it out
print(f"My Sealed Data was: {unsealed.decode()}")
print("Updating PCR 16")
f.pcr_extend(16, b"\x42" * 100)
print("PCR 16 Updated")
print("Attempting to unseal data tethered to PCR 16 state")
#try:
f.unseal("/SRK/my_seal")
#except TSS2_Exception:
# print("Unseal failed as expected")
print("Deleting Sealed Data")
f.delete("/SRK/my_seal")
print("Sealed data deleted")