Merge pull request #26 from iolivergithub/master

Added quote and get_random to PythonTutorials
2024-11-10 01:12:10 +00:00 · 2022-04-25 23:00:28 +03:00 · 2022-04-25 23:00:28 +03:00 · ae4c64fcff
commit ae4c64fcff
parent 3f47821d54 0cdb3dba5c
6 changed files with 107 additions and 9 deletions
--- a/PythonExamples/README.md
+++ b/PythonExamples/README.md
@ -14,4 +14,5 @@ Each example can be run just by typing `python3 example.py`
 Each example has an accompanying description as markdown file, plus annotated code.
   * [randomnumber](randomnumber.md)
   * [quote](quote.md)
--- a/PythonExamples/quote.md
+++ b/PythonExamples/quote.md
@ -9,6 +9,10 @@ The code will:
   * request a quote using the given attestation key, pcrs and extradata
   * unmarshal the returned data structures and print these as a python dict and convert to JSON and pretty print
 then as a bonus example
   * generate a random number from the TPM and use that as the extra data to the quote
 ## Setup and Variables
 The following code might need to be modified for you local setup
@ -28,6 +32,8 @@ Errors might be generated as the pytss libraries search for a suitable TPM devic
 ## Example Output
 The following is example output:
 ```bash
 ~/tpm.dev.tutorials/PythonExamples$ python3 quote.py 
 ERROR:tcti:src/tss2-tcti/tcti-device.c:442:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory 
@ -38,9 +44,9 @@ ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:222:tcti_control_command() Control command
 ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:330:tcti_swtpm_set_locality() Failed to set locality: 0xa000a 
 WARNING:tcti:src/tss2-tcti/tcti-swtpm.c:599:Tss2_Tcti_Swtpm_Init() Could not set locality via control channel: 0xa000a 
 ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0 
-att= <tpm2_pytss.types.TPMS_ATTEST object at 0x7f5fb10419d0>
+att= <tpm2_pytss.types.TPMS_ATTEST object at 0x7f0bebf19070>
 ae= <class 'dict'> 
- {'attested': {'pcrDigest': '38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca', 'pcrSelect': [{'hash': 'sha256', 'pcrSelect': [0, 1, 2, 3]}]}, 'clockInfo': {'clock': 308418200, 'resetCount': 22, 'restartCount': 0, 'safe': 1}, 'extraData': '49616e3132333435', 'firmwareVersion': [538513443, 1455670], 'magic': 4283712327, 'qualifiedSigner': '000bff3ea118be81e7f10ead098c900b93c885785e828bf27d824a87add847b5ec56', 'type': 'attest_quote'}
+ {'attested': {'pcrDigest': '38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca', 'pcrSelect': [{'hash': 'sha256', 'pcrSelect': [0, 1, 2, 3]}]}, 'clockInfo': {'clock': 313399693, 'resetCount': 24, 'restartCount': 0, 'safe': 1}, 'extraData': '49616e3132333435', 'firmwareVersion': [538513443, 1455670], 'magic': 4283712327, 'qualifiedSigner': '000bff3ea118be81e7f10ead098c900b93c885785e828bf27d824a87add847b5ec56', 'type': 'attest_quote'}
 {
    "attested": {
@ -58,8 +64,8 @@ ae= <class 'dict'>
        ]
    },
    "clockInfo": {
-        "clock": 308418200,
+        "clock": 313399693,
-        "resetCount": 22,
+        "resetCount": 24,
        "restartCount": 0,
        "safe": 1
    },
@ -73,4 +79,9 @@ ae= <class 'dict'>
    "type": "attest_quote"
 }
 With randomly generated extra data:  0c830dd1a9dd50c0
 ae2= <class 'dict'> 
 {'attested': {'pcrDigest': '38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca', 'pcrSelect': [{'hash': 'sha256', 'pcrSelect': [0, 1, 2, 3]}]}, 'clockInfo': {'clock': 313399694, 'resetCount': 24, 'restartCount': 0, 'safe': 1}, 'extraData': '30633833306464316139646435306330', 'firmwareVersion': [538513443, 1455670], 'magic': 4283712327, 'qualifiedSigner': '000bff3ea118be81e7f10ead098c900b93c885785e828bf27d824a87add847b5ec56', 'type': 'attest_quote'}
 ```
 The *magic number* of the quote is returned as an integer `4283712327` this corresponds to the better known TPM returned byte sequence `FF544347` in hex.
--- a/PythonExamples/quote.py
+++ b/PythonExamples/quote.py
@ -77,3 +77,23 @@ print("ae=",type(ae),"\n",ae)
 js = json.dumps(ae,indent=4)
 print("\n",js)
 #
 # Now we'll do the same, except we'll generate the nonce using the TPM's random number generator
 #
 r = tpm.get_random( 8 )
 extradata_to_use = TPM2B_DATA(str(r))
 print("\nWith randomly generated extra data: ",str(r))
 quote,signature = tpm.quote(
 	  handle, pcrsels, extradata_to_use
 	)
 att,_ = TPMS_ATTEST.unmarshal( bytes(quote) )
 enc = json_encdec()
 ae = enc.encode(att)
 print("ae2=",type(ae),"\n",ae)
--- a/PythonExamples/randomnumber.md
+++ b/PythonExamples/randomnumber.md
@ -0,0 +1,30 @@
 # Get random
 This example demonstrates the use of ESAPI.get_random
 The code will:
   * setup the ESAPI interface
   * send a TPM_STARTUP clear command
   * request 8 random numbers from the TPM
   * print out the result
 ## Setup and Variables
 No specific setup is required. You may wish to change the number of bytes returned in the `get_random` call. 
 ## Running
 To run type `python3 quote.py`
 Errors might be generated as the pytss libraries search for a suitable TPM device. If everything is successful then a random number will be shown.
 ## Output
 ```bash
 ~/tpm.dev.tutorials/PythonExamples$ python3 randomnumber.py 
 type is  <class 'tpm2_pytss.types.TPM2B_DIGEST'>
 r    is  a10ab7558675a56c
 as int   11604288967829464428
 ```
--- a/PythonExamples/randomnumber.py
+++ b/PythonExamples/randomnumber.py
@ -0,0 +1,31 @@
 #
 # Import the tpm2_pytss libraries 
 #
 from tpm2_pytss import *
 #
 # Make a connection to a TPM and use the ESAPI interface
 # tcti=None means that the pytss libraries will search for an available TCTI
 #
 #
 # When this is run, then as the various TCTI interfaces are searched errors are written if those interfaces are not foud
 #
 tpm = ESAPI(tcti=None)
 # 
 # Send a startup message, just in case (actually this is because I'm using the IBM SW TPM and haven't started it properly)
 #
 tpm.startup(TPM2_SU.CLEAR)
 #
 # Now to make the quote and return the attested values and signature
 #
 r = tpm.get_random( 8 )
 print("type is ",type(r))
 print("r    is ",str(r))
 print("as int  ",int(str(r),16))
--- a/README.md
+++ b/README.md
@ -16,16 +16,19 @@ Why GitHub?
 * [Introduction to TPM Concepts](Intro/README.md)
 * [Random Number Generator](Random_Number_Generator/README.md)
 * [Python examples](PythonExamples/README.md)
-### Advanced Use Cases
+### Advanced usage
 * [Boot with TPM: Secure vs Measured vs Trusted](Boot-with-TPM/README.md)
 * [Attestation, MakeCredential, ActivateCredential](Attestation/README.md)
 * [Enrollment, Enrollment protocols](Enrollment/README.md)
 * [Tboot and TXT installation](TXT/start.md)
 * [TPM2 Commands explained](TPM-Commands/)
 ## Upcomming tutorials
 * Localities
 * Remote Attestation protocols
 * Quick setup for TPM.dev courses
 ## Contributors
@ -38,6 +41,8 @@ Why GitHub?
 * Ken Goldman
 * Trammell Hudson
 * Jason Heiss
 * Tobias Schultz
 * Gabriel Kerneis
 ## Licensing