mirror of
https://github.com/tpm2dev/tpm.dev.tutorials.git
synced 2024-11-21 13:32:10 +00:00
Added pytss python tutorials (quote)
This commit is contained in:
parent
f481bf9865
commit
41d7a1a45e
3 changed files with 172 additions and 0 deletions
17
PythonExamples/README.md
Normal file
17
PythonExamples/README.md
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# Python Examples with PYTSS
|
||||||
|
|
||||||
|
Now that tpm2_pytss is stable I've started collecting worked examples for some common situations, eg: reading PCRs, quotes etc.
|
||||||
|
|
||||||
|
tpm_pytss is here: https://github.com/tpm2-software/tpm2-pytss
|
||||||
|
|
||||||
|
## Running the examples
|
||||||
|
|
||||||
|
First you will need a TPM, either a real TPM or the IBM SW TPM is a good substitute.
|
||||||
|
|
||||||
|
Each example can be run just by typing `python3 example.py`
|
||||||
|
|
||||||
|
## Available Examples
|
||||||
|
|
||||||
|
Each example has an accompanying description as markdown file, plus annotated code.
|
||||||
|
|
||||||
|
* [quote]
|
76
PythonExamples/quote.md
Normal file
76
PythonExamples/quote.md
Normal file
|
@ -0,0 +1,76 @@
|
||||||
|
# Quote
|
||||||
|
|
||||||
|
This example demonstrates the use of ESAPI.quote
|
||||||
|
|
||||||
|
The code will:
|
||||||
|
|
||||||
|
* setup the ESAPI interface
|
||||||
|
* send a TPM_STARTUP clear command
|
||||||
|
* request a quote using the given attestation key, pcrs and extradata
|
||||||
|
* unmarshal the returned data structures and print these as a python dict and convert to JSON and pretty print
|
||||||
|
|
||||||
|
## Setup and Variables
|
||||||
|
|
||||||
|
The following code might need to be modified for you local setup
|
||||||
|
|
||||||
|
```python3
|
||||||
|
tcti_to_use = None
|
||||||
|
attestation_key_handle = 0x810100AA
|
||||||
|
pcrs_to_quote = "sha256:0,1,2,3"
|
||||||
|
extradata_to_use = b"Ian12345"
|
||||||
|
```
|
||||||
|
|
||||||
|
## Running
|
||||||
|
|
||||||
|
To run type `python3 quote.py`
|
||||||
|
|
||||||
|
Errors might be generated as the pytss libraries search for a suitable TPM device. If everything is successful then a pretty printed JSON structure will be shown.
|
||||||
|
|
||||||
|
## Example Output
|
||||||
|
|
||||||
|
```bash
|
||||||
|
~/tpm.dev.tutorials/PythonExamples$ python3 quote.py
|
||||||
|
ERROR:tcti:src/tss2-tcti/tcti-device.c:442:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory
|
||||||
|
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0
|
||||||
|
ERROR:tcti:src/tss2-tcti/tcti-device.c:442:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: No such file or directory
|
||||||
|
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0
|
||||||
|
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:222:tcti_control_command() Control command failed with error: 1
|
||||||
|
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:330:tcti_swtpm_set_locality() Failed to set locality: 0xa000a
|
||||||
|
WARNING:tcti:src/tss2-tcti/tcti-swtpm.c:599:Tss2_Tcti_Swtpm_Init() Could not set locality via control channel: 0xa000a
|
||||||
|
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0
|
||||||
|
att= <tpm2_pytss.types.TPMS_ATTEST object at 0x7f5fb10419d0>
|
||||||
|
ae= <class 'dict'>
|
||||||
|
{'attested': {'pcrDigest': '38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca', 'pcrSelect': [{'hash': 'sha256', 'pcrSelect': [0, 1, 2, 3]}]}, 'clockInfo': {'clock': 308418200, 'resetCount': 22, 'restartCount': 0, 'safe': 1}, 'extraData': '49616e3132333435', 'firmwareVersion': [538513443, 1455670], 'magic': 4283712327, 'qualifiedSigner': '000bff3ea118be81e7f10ead098c900b93c885785e828bf27d824a87add847b5ec56', 'type': 'attest_quote'}
|
||||||
|
|
||||||
|
{
|
||||||
|
"attested": {
|
||||||
|
"pcrDigest": "38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca",
|
||||||
|
"pcrSelect": [
|
||||||
|
{
|
||||||
|
"hash": "sha256",
|
||||||
|
"pcrSelect": [
|
||||||
|
0,
|
||||||
|
1,
|
||||||
|
2,
|
||||||
|
3
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"clockInfo": {
|
||||||
|
"clock": 308418200,
|
||||||
|
"resetCount": 22,
|
||||||
|
"restartCount": 0,
|
||||||
|
"safe": 1
|
||||||
|
},
|
||||||
|
"extraData": "49616e3132333435",
|
||||||
|
"firmwareVersion": [
|
||||||
|
538513443,
|
||||||
|
1455670
|
||||||
|
],
|
||||||
|
"magic": 4283712327,
|
||||||
|
"qualifiedSigner": "000bff3ea118be81e7f10ead098c900b93c885785e828bf27d824a87add847b5ec56",
|
||||||
|
"type": "attest_quote"
|
||||||
|
}
|
||||||
|
|
||||||
|
```
|
79
PythonExamples/quote.py
Normal file
79
PythonExamples/quote.py
Normal file
|
@ -0,0 +1,79 @@
|
||||||
|
#
|
||||||
|
# Import the tpm2_pytss libraries and the encoders
|
||||||
|
#
|
||||||
|
|
||||||
|
from tpm2_pytss import *
|
||||||
|
from tpm2_pytss.encoding import (
|
||||||
|
base_encdec,
|
||||||
|
json_encdec,
|
||||||
|
)
|
||||||
|
|
||||||
|
#
|
||||||
|
# We also need this too, for convenience later
|
||||||
|
#
|
||||||
|
|
||||||
|
import json
|
||||||
|
|
||||||
|
#
|
||||||
|
# Setting up some variables here for convenience
|
||||||
|
#
|
||||||
|
|
||||||
|
tcti_to_use = None
|
||||||
|
attestation_key_handle = 0x810100AA
|
||||||
|
pcrs_to_quote = "sha256:0,1,2,3"
|
||||||
|
extradata_to_use = b"Ian12345"
|
||||||
|
|
||||||
|
#
|
||||||
|
# Make a connection to a TPM and use the ESAPI interface
|
||||||
|
# tcti=None means that the pytss libraries will search for an available TCTI
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# When this is run, then as the various TCTI interfaces are searched errors are written if those interfaces are not foud
|
||||||
|
#
|
||||||
|
|
||||||
|
tpm = ESAPI(tcti=None)
|
||||||
|
|
||||||
|
#
|
||||||
|
# Send a startup message, just in case (actually this is because I'm using the IBM SW TPM and haven't started it properly)
|
||||||
|
#
|
||||||
|
|
||||||
|
tpm.startup(TPM2_SU.CLEAR)
|
||||||
|
|
||||||
|
#
|
||||||
|
# Create the necessary parameters for making a quote
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
handle = tpm.tr_from_tpmpublic(attestation_key_handle)
|
||||||
|
pcrsels = TPML_PCR_SELECTION.parse(pcrs_to_quote)
|
||||||
|
extradata_to_use = TPM2B_DATA(extradata_to_use)
|
||||||
|
|
||||||
|
#
|
||||||
|
# Now to make the quote and return the attested values and signature
|
||||||
|
#
|
||||||
|
|
||||||
|
quote,signature = tpm.quote(
|
||||||
|
handle, pcrsels, extradata_to_use
|
||||||
|
)
|
||||||
|
|
||||||
|
#
|
||||||
|
# Now to unmarshal the attested values and we'll print them out which'll give a tpm2_pytss.types.TPMS_ATTEST object
|
||||||
|
#
|
||||||
|
|
||||||
|
att,_ = TPMS_ATTEST.unmarshal( bytes(quote) )
|
||||||
|
print("att=",att)
|
||||||
|
|
||||||
|
#
|
||||||
|
# We construct an encoder and encode that structure in a python dict
|
||||||
|
#
|
||||||
|
|
||||||
|
enc = json_encdec()
|
||||||
|
ae = enc.encode(att)
|
||||||
|
print("ae=",type(ae),"\n",ae)
|
||||||
|
|
||||||
|
#
|
||||||
|
# Now we'll use the json library to convert that to JSON and pretty print it
|
||||||
|
#
|
||||||
|
|
||||||
|
js = json.dumps(ae,indent=4)
|
||||||
|
print("\n",js)
|
Loading…
Reference in a new issue