From ca1501aad2381576144c4fc03629a035c3aeaab1 Mon Sep 17 00:00:00 2001 From: Ian Date: Fri, 25 Feb 2022 16:09:27 +0200 Subject: [PATCH 1/3] Added pytss python tutorials for quote and get_random --- PythonExamples/README.md | 3 ++- PythonExamples/quote.md | 21 ++++++++++++++++----- PythonExamples/quote.py | 24 ++++++++++++++++++++++-- PythonExamples/randomnumber.md | 30 ++++++++++++++++++++++++++++++ PythonExamples/randomnumber.py | 31 +++++++++++++++++++++++++++++++ 5 files changed, 101 insertions(+), 8 deletions(-) create mode 100644 PythonExamples/randomnumber.md create mode 100644 PythonExamples/randomnumber.py diff --git a/PythonExamples/README.md b/PythonExamples/README.md index 5dbcfc2..9f3dfc2 100644 --- a/PythonExamples/README.md +++ b/PythonExamples/README.md @@ -14,4 +14,5 @@ Each example can be run just by typing `python3 example.py` Each example has an accompanying description as markdown file, plus annotated code. - * [quote](quote.md) + * [randomnumber] + * [quote] diff --git a/PythonExamples/quote.md b/PythonExamples/quote.md index 5cc33e0..0caf248 100644 --- a/PythonExamples/quote.md +++ b/PythonExamples/quote.md @@ -9,6 +9,10 @@ The code will: * request a quote using the given attestation key, pcrs and extradata * unmarshal the returned data structures and print these as a python dict and convert to JSON and pretty print +then as a bonus example + + * generate a random number from the TPM and use that as the extra data to the quote + ## Setup and Variables The following code might need to be modified for you local setup @@ -28,6 +32,8 @@ Errors might be generated as the pytss libraries search for a suitable TPM devic ## Example Output +The following is example output: + ```bash ~/tpm.dev.tutorials/PythonExamples$ python3 quote.py ERROR:tcti:src/tss2-tcti/tcti-device.c:442:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory @@ -38,9 +44,9 @@ ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:222:tcti_control_command() Control command ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:330:tcti_swtpm_set_locality() Failed to set locality: 0xa000a WARNING:tcti:src/tss2-tcti/tcti-swtpm.c:599:Tss2_Tcti_Swtpm_Init() Could not set locality via control channel: 0xa000a ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0 -att= +att= ae= - {'attested': {'pcrDigest': '38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca', 'pcrSelect': [{'hash': 'sha256', 'pcrSelect': [0, 1, 2, 3]}]}, 'clockInfo': {'clock': 308418200, 'resetCount': 22, 'restartCount': 0, 'safe': 1}, 'extraData': '49616e3132333435', 'firmwareVersion': [538513443, 1455670], 'magic': 4283712327, 'qualifiedSigner': '000bff3ea118be81e7f10ead098c900b93c885785e828bf27d824a87add847b5ec56', 'type': 'attest_quote'} + {'attested': {'pcrDigest': '38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca', 'pcrSelect': [{'hash': 'sha256', 'pcrSelect': [0, 1, 2, 3]}]}, 'clockInfo': {'clock': 313399693, 'resetCount': 24, 'restartCount': 0, 'safe': 1}, 'extraData': '49616e3132333435', 'firmwareVersion': [538513443, 1455670], 'magic': 4283712327, 'qualifiedSigner': '000bff3ea118be81e7f10ead098c900b93c885785e828bf27d824a87add847b5ec56', 'type': 'attest_quote'} { "attested": { @@ -58,8 +64,8 @@ ae= ] }, "clockInfo": { - "clock": 308418200, - "resetCount": 22, + "clock": 313399693, + "resetCount": 24, "restartCount": 0, "safe": 1 }, @@ -73,4 +79,9 @@ ae= "type": "attest_quote" } -``` \ No newline at end of file +With randomly generated extra data: 0c830dd1a9dd50c0 +ae2= + {'attested': {'pcrDigest': '38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca', 'pcrSelect': [{'hash': 'sha256', 'pcrSelect': [0, 1, 2, 3]}]}, 'clockInfo': {'clock': 313399694, 'resetCount': 24, 'restartCount': 0, 'safe': 1}, 'extraData': '30633833306464316139646435306330', 'firmwareVersion': [538513443, 1455670], 'magic': 4283712327, 'qualifiedSigner': '000bff3ea118be81e7f10ead098c900b93c885785e828bf27d824a87add847b5ec56', 'type': 'attest_quote'} +``` + +The *magic number* of the quote is returned as an integer `4283712327` this corresponds to the better known TPM returned byte sequence `FF544347` in hex. diff --git a/PythonExamples/quote.py b/PythonExamples/quote.py index 4f47cd8..f75fca5 100644 --- a/PythonExamples/quote.py +++ b/PythonExamples/quote.py @@ -67,7 +67,7 @@ print("att=",att) # We construct an encoder and encode that structure in a python dict # -enc = json_encdec() +enc = json_encdec() ae = enc.encode(att) print("ae=",type(ae),"\n",ae) @@ -76,4 +76,24 @@ print("ae=",type(ae),"\n",ae) # js = json.dumps(ae,indent=4) -print("\n",js) \ No newline at end of file +print("\n",js) + + +# +# Now we'll do the same, except we'll generate the nonce using the TPM's random number generator +# + +r = tpm.get_random( 8 ) + +extradata_to_use = TPM2B_DATA(str(r)) + +print("\nWith randomly generated extra data: ",str(r)) + +quote,signature = tpm.quote( + handle, pcrsels, extradata_to_use + ) + +att,_ = TPMS_ATTEST.unmarshal( bytes(quote) ) +enc = json_encdec() +ae = enc.encode(att) +print("ae2=",type(ae),"\n",ae) diff --git a/PythonExamples/randomnumber.md b/PythonExamples/randomnumber.md new file mode 100644 index 0000000..17ac548 --- /dev/null +++ b/PythonExamples/randomnumber.md @@ -0,0 +1,30 @@ +# Quote + +This example demonstrates the use of ESAPI.get_random + +The code will: + + * setup the ESAPI interface + * send a TPM_STARTUP clear command + * request 8 random numbers from the TPM + * print out the result + +## Setup and Variables + +No specific setup is required. You may wish to change the number of bytes returned in the `get_random` call. + +## Running + +To run type `python3 quote.py` + +Errors might be generated as the pytss libraries search for a suitable TPM device. If everything is successful then a random number will be shown. + +## Output + +```bash +~/tpm.dev.tutorials/PythonExamples$ python3 randomnumber.py +type is +r is a10ab7558675a56c +as int 11604288967829464428 + +``` \ No newline at end of file diff --git a/PythonExamples/randomnumber.py b/PythonExamples/randomnumber.py new file mode 100644 index 0000000..97a58ec --- /dev/null +++ b/PythonExamples/randomnumber.py @@ -0,0 +1,31 @@ +# +# Import the tpm2_pytss libraries +# + +from tpm2_pytss import * + +# +# Make a connection to a TPM and use the ESAPI interface +# tcti=None means that the pytss libraries will search for an available TCTI +# +# +# When this is run, then as the various TCTI interfaces are searched errors are written if those interfaces are not foud +# + +tpm = ESAPI(tcti=None) + +# +# Send a startup message, just in case (actually this is because I'm using the IBM SW TPM and haven't started it properly) +# + +tpm.startup(TPM2_SU.CLEAR) + +# +# Now to make the quote and return the attested values and signature +# + +r = tpm.get_random( 8 ) + +print("type is ",type(r)) +print("r is ",str(r)) +print("as int ",int(str(r),16)) \ No newline at end of file From ada8cf12bf1b4a6f88a8d8fb102d7ff38f59edb8 Mon Sep 17 00:00:00 2001 From: Dimitar Tomov Date: Mon, 25 Apr 2022 22:22:42 +0300 Subject: [PATCH 2/3] Minor fixes Signed-off-by: Dimitar Tomov --- PythonExamples/README.md | 4 ++-- PythonExamples/randomnumber.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/PythonExamples/README.md b/PythonExamples/README.md index 9f3dfc2..1d5a337 100644 --- a/PythonExamples/README.md +++ b/PythonExamples/README.md @@ -14,5 +14,5 @@ Each example can be run just by typing `python3 example.py` Each example has an accompanying description as markdown file, plus annotated code. - * [randomnumber] - * [quote] + * [randomnumber](randomnumber.md) + * [quote](quote.md) diff --git a/PythonExamples/randomnumber.md b/PythonExamples/randomnumber.md index 17ac548..838f47e 100644 --- a/PythonExamples/randomnumber.md +++ b/PythonExamples/randomnumber.md @@ -1,4 +1,4 @@ -# Quote +# Get random This example demonstrates the use of ESAPI.get_random @@ -27,4 +27,4 @@ type is r is a10ab7558675a56c as int 11604288967829464428 -``` \ No newline at end of file +``` From 0cdb3dba5cf34d380b48184a667e85f412137831 Mon Sep 17 00:00:00 2001 From: Dimitar Tomov Date: Mon, 25 Apr 2022 22:44:17 +0300 Subject: [PATCH 3/3] Update README.md and add links to the new tutorials Signed-off-by: Dimitar Tomov --- README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 569324a..c64da5c 100644 --- a/README.md +++ b/README.md @@ -16,16 +16,19 @@ Why GitHub? * [Introduction to TPM Concepts](Intro/README.md) * [Random Number Generator](Random_Number_Generator/README.md) +* [Python examples](PythonExamples/README.md) -### Advanced Use Cases +### Advanced usage * [Boot with TPM: Secure vs Measured vs Trusted](Boot-with-TPM/README.md) * [Attestation, MakeCredential, ActivateCredential](Attestation/README.md) +* [Enrollment, Enrollment protocols](Enrollment/README.md) +* [Tboot and TXT installation](TXT/start.md) +* [TPM2 Commands explained](TPM-Commands/) ## Upcomming tutorials * Localities -* Remote Attestation protocols * Quick setup for TPM.dev courses ## Contributors @@ -38,6 +41,8 @@ Why GitHub? * Ken Goldman * Trammell Hudson * Jason Heiss +* Tobias Schultz +* Gabriel Kerneis ## Licensing