Added pytss python tutorials (quote)

This commit is contained in:
Ian 2022-02-25 16:09:27 +02:00
parent f481bf9865
commit 41d7a1a45e
3 changed files with 172 additions and 0 deletions

17
PythonExamples/README.md Normal file
View file

@ -0,0 +1,17 @@
# Python Examples with PYTSS
Now that tpm2_pytss is stable I've started collecting worked examples for some common situations, eg: reading PCRs, quotes etc.
tpm_pytss is here: https://github.com/tpm2-software/tpm2-pytss
## Running the examples
First you will need a TPM, either a real TPM or the IBM SW TPM is a good substitute.
Each example can be run just by typing `python3 example.py`
## Available Examples
Each example has an accompanying description as markdown file, plus annotated code.
* [quote]

76
PythonExamples/quote.md Normal file
View file

@ -0,0 +1,76 @@
# Quote
This example demonstrates the use of ESAPI.quote
The code will:
* setup the ESAPI interface
* send a TPM_STARTUP clear command
* request a quote using the given attestation key, pcrs and extradata
* unmarshal the returned data structures and print these as a python dict and convert to JSON and pretty print
## Setup and Variables
The following code might need to be modified for you local setup
```python3
tcti_to_use = None
attestation_key_handle = 0x810100AA
pcrs_to_quote = "sha256:0,1,2,3"
extradata_to_use = b"Ian12345"
```
## Running
To run type `python3 quote.py`
Errors might be generated as the pytss libraries search for a suitable TPM device. If everything is successful then a pretty printed JSON structure will be shown.
## Example Output
```bash
~/tpm.dev.tutorials/PythonExamples$ python3 quote.py
ERROR:tcti:src/tss2-tcti/tcti-device.c:442:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0
ERROR:tcti:src/tss2-tcti/tcti-device.c:442:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: No such file or directory
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:222:tcti_control_command() Control command failed with error: 1
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:330:tcti_swtpm_set_locality() Failed to set locality: 0xa000a
WARNING:tcti:src/tss2-tcti/tcti-swtpm.c:599:Tss2_Tcti_Swtpm_Init() Could not set locality via control channel: 0xa000a
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0
att= <tpm2_pytss.types.TPMS_ATTEST object at 0x7f5fb10419d0>
ae= <class 'dict'>
{'attested': {'pcrDigest': '38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca', 'pcrSelect': [{'hash': 'sha256', 'pcrSelect': [0, 1, 2, 3]}]}, 'clockInfo': {'clock': 308418200, 'resetCount': 22, 'restartCount': 0, 'safe': 1}, 'extraData': '49616e3132333435', 'firmwareVersion': [538513443, 1455670], 'magic': 4283712327, 'qualifiedSigner': '000bff3ea118be81e7f10ead098c900b93c885785e828bf27d824a87add847b5ec56', 'type': 'attest_quote'}
{
"attested": {
"pcrDigest": "38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca",
"pcrSelect": [
{
"hash": "sha256",
"pcrSelect": [
0,
1,
2,
3
]
}
]
},
"clockInfo": {
"clock": 308418200,
"resetCount": 22,
"restartCount": 0,
"safe": 1
},
"extraData": "49616e3132333435",
"firmwareVersion": [
538513443,
1455670
],
"magic": 4283712327,
"qualifiedSigner": "000bff3ea118be81e7f10ead098c900b93c885785e828bf27d824a87add847b5ec56",
"type": "attest_quote"
}
```

79
PythonExamples/quote.py Normal file
View file

@ -0,0 +1,79 @@
#
# Import the tpm2_pytss libraries and the encoders
#
from tpm2_pytss import *
from tpm2_pytss.encoding import (
base_encdec,
json_encdec,
)
#
# We also need this too, for convenience later
#
import json
#
# Setting up some variables here for convenience
#
tcti_to_use = None
attestation_key_handle = 0x810100AA
pcrs_to_quote = "sha256:0,1,2,3"
extradata_to_use = b"Ian12345"
#
# Make a connection to a TPM and use the ESAPI interface
# tcti=None means that the pytss libraries will search for an available TCTI
#
#
# When this is run, then as the various TCTI interfaces are searched errors are written if those interfaces are not foud
#
tpm = ESAPI(tcti=None)
#
# Send a startup message, just in case (actually this is because I'm using the IBM SW TPM and haven't started it properly)
#
tpm.startup(TPM2_SU.CLEAR)
#
# Create the necessary parameters for making a quote
#
handle = tpm.tr_from_tpmpublic(attestation_key_handle)
pcrsels = TPML_PCR_SELECTION.parse(pcrs_to_quote)
extradata_to_use = TPM2B_DATA(extradata_to_use)
#
# Now to make the quote and return the attested values and signature
#
quote,signature = tpm.quote(
handle, pcrsels, extradata_to_use
)
#
# Now to unmarshal the attested values and we'll print them out which'll give a tpm2_pytss.types.TPMS_ATTEST object
#
att,_ = TPMS_ATTEST.unmarshal( bytes(quote) )
print("att=",att)
#
# We construct an encoder and encode that structure in a python dict
#
enc = json_encdec()
ae = enc.encode(att)
print("ae=",type(ae),"\n",ae)
#
# Now we'll use the json library to convert that to JSON and pretty print it
#
js = json.dumps(ae,indent=4)
print("\n",js)