mirror of
https://github.com/tpm2dev/tpm.dev.tutorials.git
synced 2024-11-10 01:12:10 +00:00
Merge pull request #26 from iolivergithub/master
Added quote and get_random to PythonTutorials
This commit is contained in:
commit
ae4c64fcff
6 changed files with 107 additions and 9 deletions
|
@ -14,4 +14,5 @@ Each example can be run just by typing `python3 example.py`
|
||||||
|
|
||||||
Each example has an accompanying description as markdown file, plus annotated code.
|
Each example has an accompanying description as markdown file, plus annotated code.
|
||||||
|
|
||||||
|
* [randomnumber](randomnumber.md)
|
||||||
* [quote](quote.md)
|
* [quote](quote.md)
|
||||||
|
|
|
@ -9,6 +9,10 @@ The code will:
|
||||||
* request a quote using the given attestation key, pcrs and extradata
|
* request a quote using the given attestation key, pcrs and extradata
|
||||||
* unmarshal the returned data structures and print these as a python dict and convert to JSON and pretty print
|
* unmarshal the returned data structures and print these as a python dict and convert to JSON and pretty print
|
||||||
|
|
||||||
|
then as a bonus example
|
||||||
|
|
||||||
|
* generate a random number from the TPM and use that as the extra data to the quote
|
||||||
|
|
||||||
## Setup and Variables
|
## Setup and Variables
|
||||||
|
|
||||||
The following code might need to be modified for you local setup
|
The following code might need to be modified for you local setup
|
||||||
|
@ -28,6 +32,8 @@ Errors might be generated as the pytss libraries search for a suitable TPM devic
|
||||||
|
|
||||||
## Example Output
|
## Example Output
|
||||||
|
|
||||||
|
The following is example output:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
~/tpm.dev.tutorials/PythonExamples$ python3 quote.py
|
~/tpm.dev.tutorials/PythonExamples$ python3 quote.py
|
||||||
ERROR:tcti:src/tss2-tcti/tcti-device.c:442:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory
|
ERROR:tcti:src/tss2-tcti/tcti-device.c:442:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory
|
||||||
|
@ -38,9 +44,9 @@ ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:222:tcti_control_command() Control command
|
||||||
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:330:tcti_swtpm_set_locality() Failed to set locality: 0xa000a
|
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:330:tcti_swtpm_set_locality() Failed to set locality: 0xa000a
|
||||||
WARNING:tcti:src/tss2-tcti/tcti-swtpm.c:599:Tss2_Tcti_Swtpm_Init() Could not set locality via control channel: 0xa000a
|
WARNING:tcti:src/tss2-tcti/tcti-swtpm.c:599:Tss2_Tcti_Swtpm_Init() Could not set locality via control channel: 0xa000a
|
||||||
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0
|
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0
|
||||||
att= <tpm2_pytss.types.TPMS_ATTEST object at 0x7f5fb10419d0>
|
att= <tpm2_pytss.types.TPMS_ATTEST object at 0x7f0bebf19070>
|
||||||
ae= <class 'dict'>
|
ae= <class 'dict'>
|
||||||
{'attested': {'pcrDigest': '38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca', 'pcrSelect': [{'hash': 'sha256', 'pcrSelect': [0, 1, 2, 3]}]}, 'clockInfo': {'clock': 308418200, 'resetCount': 22, 'restartCount': 0, 'safe': 1}, 'extraData': '49616e3132333435', 'firmwareVersion': [538513443, 1455670], 'magic': 4283712327, 'qualifiedSigner': '000bff3ea118be81e7f10ead098c900b93c885785e828bf27d824a87add847b5ec56', 'type': 'attest_quote'}
|
{'attested': {'pcrDigest': '38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca', 'pcrSelect': [{'hash': 'sha256', 'pcrSelect': [0, 1, 2, 3]}]}, 'clockInfo': {'clock': 313399693, 'resetCount': 24, 'restartCount': 0, 'safe': 1}, 'extraData': '49616e3132333435', 'firmwareVersion': [538513443, 1455670], 'magic': 4283712327, 'qualifiedSigner': '000bff3ea118be81e7f10ead098c900b93c885785e828bf27d824a87add847b5ec56', 'type': 'attest_quote'}
|
||||||
|
|
||||||
{
|
{
|
||||||
"attested": {
|
"attested": {
|
||||||
|
@ -58,8 +64,8 @@ ae= <class 'dict'>
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"clockInfo": {
|
"clockInfo": {
|
||||||
"clock": 308418200,
|
"clock": 313399693,
|
||||||
"resetCount": 22,
|
"resetCount": 24,
|
||||||
"restartCount": 0,
|
"restartCount": 0,
|
||||||
"safe": 1
|
"safe": 1
|
||||||
},
|
},
|
||||||
|
@ -73,4 +79,9 @@ ae= <class 'dict'>
|
||||||
"type": "attest_quote"
|
"type": "attest_quote"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
With randomly generated extra data: 0c830dd1a9dd50c0
|
||||||
|
ae2= <class 'dict'>
|
||||||
|
{'attested': {'pcrDigest': '38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca', 'pcrSelect': [{'hash': 'sha256', 'pcrSelect': [0, 1, 2, 3]}]}, 'clockInfo': {'clock': 313399694, 'resetCount': 24, 'restartCount': 0, 'safe': 1}, 'extraData': '30633833306464316139646435306330', 'firmwareVersion': [538513443, 1455670], 'magic': 4283712327, 'qualifiedSigner': '000bff3ea118be81e7f10ead098c900b93c885785e828bf27d824a87add847b5ec56', 'type': 'attest_quote'}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
The *magic number* of the quote is returned as an integer `4283712327` this corresponds to the better known TPM returned byte sequence `FF544347` in hex.
|
||||||
|
|
|
@ -77,3 +77,23 @@ print("ae=",type(ae),"\n",ae)
|
||||||
|
|
||||||
js = json.dumps(ae,indent=4)
|
js = json.dumps(ae,indent=4)
|
||||||
print("\n",js)
|
print("\n",js)
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Now we'll do the same, except we'll generate the nonce using the TPM's random number generator
|
||||||
|
#
|
||||||
|
|
||||||
|
r = tpm.get_random( 8 )
|
||||||
|
|
||||||
|
extradata_to_use = TPM2B_DATA(str(r))
|
||||||
|
|
||||||
|
print("\nWith randomly generated extra data: ",str(r))
|
||||||
|
|
||||||
|
quote,signature = tpm.quote(
|
||||||
|
handle, pcrsels, extradata_to_use
|
||||||
|
)
|
||||||
|
|
||||||
|
att,_ = TPMS_ATTEST.unmarshal( bytes(quote) )
|
||||||
|
enc = json_encdec()
|
||||||
|
ae = enc.encode(att)
|
||||||
|
print("ae2=",type(ae),"\n",ae)
|
||||||
|
|
30
PythonExamples/randomnumber.md
Normal file
30
PythonExamples/randomnumber.md
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
# Get random
|
||||||
|
|
||||||
|
This example demonstrates the use of ESAPI.get_random
|
||||||
|
|
||||||
|
The code will:
|
||||||
|
|
||||||
|
* setup the ESAPI interface
|
||||||
|
* send a TPM_STARTUP clear command
|
||||||
|
* request 8 random numbers from the TPM
|
||||||
|
* print out the result
|
||||||
|
|
||||||
|
## Setup and Variables
|
||||||
|
|
||||||
|
No specific setup is required. You may wish to change the number of bytes returned in the `get_random` call.
|
||||||
|
|
||||||
|
## Running
|
||||||
|
|
||||||
|
To run type `python3 quote.py`
|
||||||
|
|
||||||
|
Errors might be generated as the pytss libraries search for a suitable TPM device. If everything is successful then a random number will be shown.
|
||||||
|
|
||||||
|
## Output
|
||||||
|
|
||||||
|
```bash
|
||||||
|
~/tpm.dev.tutorials/PythonExamples$ python3 randomnumber.py
|
||||||
|
type is <class 'tpm2_pytss.types.TPM2B_DIGEST'>
|
||||||
|
r is a10ab7558675a56c
|
||||||
|
as int 11604288967829464428
|
||||||
|
|
||||||
|
```
|
31
PythonExamples/randomnumber.py
Normal file
31
PythonExamples/randomnumber.py
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
#
|
||||||
|
# Import the tpm2_pytss libraries
|
||||||
|
#
|
||||||
|
|
||||||
|
from tpm2_pytss import *
|
||||||
|
|
||||||
|
#
|
||||||
|
# Make a connection to a TPM and use the ESAPI interface
|
||||||
|
# tcti=None means that the pytss libraries will search for an available TCTI
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# When this is run, then as the various TCTI interfaces are searched errors are written if those interfaces are not foud
|
||||||
|
#
|
||||||
|
|
||||||
|
tpm = ESAPI(tcti=None)
|
||||||
|
|
||||||
|
#
|
||||||
|
# Send a startup message, just in case (actually this is because I'm using the IBM SW TPM and haven't started it properly)
|
||||||
|
#
|
||||||
|
|
||||||
|
tpm.startup(TPM2_SU.CLEAR)
|
||||||
|
|
||||||
|
#
|
||||||
|
# Now to make the quote and return the attested values and signature
|
||||||
|
#
|
||||||
|
|
||||||
|
r = tpm.get_random( 8 )
|
||||||
|
|
||||||
|
print("type is ",type(r))
|
||||||
|
print("r is ",str(r))
|
||||||
|
print("as int ",int(str(r),16))
|
|
@ -16,16 +16,19 @@ Why GitHub?
|
||||||
|
|
||||||
* [Introduction to TPM Concepts](Intro/README.md)
|
* [Introduction to TPM Concepts](Intro/README.md)
|
||||||
* [Random Number Generator](Random_Number_Generator/README.md)
|
* [Random Number Generator](Random_Number_Generator/README.md)
|
||||||
|
* [Python examples](PythonExamples/README.md)
|
||||||
|
|
||||||
### Advanced Use Cases
|
### Advanced usage
|
||||||
|
|
||||||
* [Boot with TPM: Secure vs Measured vs Trusted](Boot-with-TPM/README.md)
|
* [Boot with TPM: Secure vs Measured vs Trusted](Boot-with-TPM/README.md)
|
||||||
* [Attestation, MakeCredential, ActivateCredential](Attestation/README.md)
|
* [Attestation, MakeCredential, ActivateCredential](Attestation/README.md)
|
||||||
|
* [Enrollment, Enrollment protocols](Enrollment/README.md)
|
||||||
|
* [Tboot and TXT installation](TXT/start.md)
|
||||||
|
* [TPM2 Commands explained](TPM-Commands/)
|
||||||
|
|
||||||
## Upcomming tutorials
|
## Upcomming tutorials
|
||||||
|
|
||||||
* Localities
|
* Localities
|
||||||
* Remote Attestation protocols
|
|
||||||
* Quick setup for TPM.dev courses
|
* Quick setup for TPM.dev courses
|
||||||
|
|
||||||
## Contributors
|
## Contributors
|
||||||
|
@ -38,6 +41,8 @@ Why GitHub?
|
||||||
* Ken Goldman
|
* Ken Goldman
|
||||||
* Trammell Hudson
|
* Trammell Hudson
|
||||||
* Jason Heiss
|
* Jason Heiss
|
||||||
|
* Tobias Schultz
|
||||||
|
* Gabriel Kerneis
|
||||||
|
|
||||||
## Licensing
|
## Licensing
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue