William Roberts williamcroberts
williamcroberts
/ wrap_sealdata.py
Created
June 12, 2023 20:51
Wrapping an HMAC key with sealed data under a parent for transport between a server and a client device
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/usr/bin/env python3 | |
| from tpm2_pytss import * | |
| from tpm2_pytss.utils import wrap | |
| # This would come from the client, but we create it here for clarity. You | |
| # could serialize and deserialize a TPM2Bw_PUBLIC of the key to use for object | |
| # protections and just open the file here. | |
| e = ESAPI() | |
| primary_ctx, primary_public = e.create_primary(None)[0:2] |
williamcroberts
/ getcapability-sessiontest.py
Created
March 7, 2023 19:59
Test code for sessions with getcap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from tpm2_pytss import * | |
| e = ESAPI() | |
| phandle = e.create_primary(None)[0] | |
| sym = TPMT_SYM_DEF( | |
| algorithm=TPM2_ALG.XOR, | |
| keyBits=TPMU_SYM_KEY_BITS(exclusiveOr=TPM2_ALG.SHA256), | |
| mode=TPMU_SYM_MODE(aes=TPM2_ALG.CFB), |
williamcroberts
/ pkeygen.py
Created
February 22, 2023 18:38
Python script for converting a private key from p, n and e values to a PEM private key format
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys | |
| from cryptography.hazmat.primitives import serialization | |
| from cryptography.hazmat.primitives.asymmetric import rsa | |
| from tpm2_pytss.internal.crypto import _MyRSAPrivateNumbers as MyRSAPrivateNumbers | |
| nums = { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Complete! | |
| ‣ Unmounting API VFS | |
| ‣ Unmounting Package Cache | |
| ‣ Creating compat symlink /var/lib/rpm → /usr/lib/sysimage/rpm | |
| ‣ Copying in build script… | |
| ‣ Copying in sources… | |
| ‣ Mounting Package Cache | |
| ‣ Running postinstall script… | |
| ‣ Unmounting Package Cache | |
| ‣ Unmounting image |
williamcroberts
/ mkosi-main.txt
Created
January 20, 2023 19:44
mkosi output from main commit 6332528b0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| udo mkosi | |
| ‣ Removing output files… | |
| ‣ Detaching namespace | |
| ‣ Setting up temporary workspace. | |
| ‣ Temporary workspace set up in /home/test/workspace/mkosi.systemd.tmppepf6iv_ | |
| ‣ Running first (development) stage… | |
| ‣ Mounting image… | |
| ‣ Setting up basic OS tree… | |
| ‣ Mounting Package Cache | |
| ‣ Installing Fedora Linux… |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Verifying : valgrind-1:3.20.0-1.fc37.x86_64 430/438 | |
| Verifying : valgrind-devel-1:3.20.0-1.fc37.x86_64 431/438 | |
| Verifying : vim-common-2:9.0.1182-1.fc37.x86_64 432/438 | |
| Verifying : vim-data-2:9.0.1182-1.fc37.noarch 433/438 | |
| Verifying : vim-filesystem-2:9.0.1182-1.fc37.noarch |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wcrobert@wcrobert-mobl1:~/workspace/systemd$ git diff | |
| diff --git a/src/cryptenroll/cryptenroll-tpm2.c b/src/cryptenroll/cryptenroll-tpm2.c | |
| index bd60b79e42a7..cce04e6c4496 100644 | |
| --- a/src/cryptenroll/cryptenroll-tpm2.c | |
| +++ b/src/cryptenroll/cryptenroll-tpm2.c | |
| @@ -174,6 +174,7 @@ int enroll_tpm2(struct crypt_device *cd, | |
| /* re-stringify pin_str */ | |
| // Question: r is in int but base64mem returns ssize_t, this was copied | |
| // from enroll_fido2 from line 56. | |
| + erase_and_freep(pin_str); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import os | |
| from tpm2_pytss import * | |
| from tpm2_pytss.utils import wrap | |
| esapi = ESAPI() | |
| parent, parent_public = esapi.create_primary(None)[0:2] |
williamcroberts
/ pcrpolicy.c
Created
September 9, 2022 14:35
Function for computing PCR Policy without a TPM with tests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* SPDX-License-Identifier: BSD-3-Clause or LGPL-2.1-or-later or MIT */ | |
| #include <assert.h> | |
| #include <string.h> | |
| #include <stdio.h> | |
| #include <stdbool.h> | |
| #include <tss2/tss2_tpm2_types.h> | |
| #include <tss2/tss2_mu.h> | |
| #include <openssl/evp.h> | |
| const EVP_MD* tpm2_alg_to_ossl(TPMI_ALG_HASH halg) { |
williamcroberts
/ make_activate.py
Last active
April 18, 2022 19:13
Example for Making and Activating a Credential in tpm2-pytss
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ''' | |
| Setup: | |
| With the simulator running, I built an EK: tpm2 createek -c 0x81010005 -G rsa -u ek.ak_pub | |
| Note this is not the exact template as the EK Spec defines: | |
| - https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_EKCredentialProfile_v2p4_r3.pdf | |
| The Unique Buffer field is not 256 bytes of 0's it's just 0 len. | |
| I got the pem file by doing a tpm2 print call: |
NewerOlder