TPM2: Basic bindings in FFI & Python #4361
Conversation
reneme
force-pushed
the
feature/tpm2_rng_in_python
branch
4 times, most recently
from
ffeac51
to
1818e54
Compare
reneme
force-pushed
the
feature/tpm2_rng_in_python
branch
from
1818e54
to
bf4a0dc
Compare
reneme
force-pushed
the
feature/tpm2_rng_in_python
branch
2 times, most recently
from
83bacd0
to
4c884de
Compare
| @@ -20,11 +21,13 @@ | |||
|
|
|||
| from ctypes import CDLL, CFUNCTYPE, POINTER, byref, create_string_buffer, \ | |||
| c_void_p, c_size_t, c_uint8, c_uint32, c_uint64, c_int, c_uint, c_char, c_char_p, addressof | |||
| from typing import Callable | |||
There was a problem hiding this comment.
This introduces a hard dependency on at least Python 3.5. Which seems fine - that version was released in 2015 - but I realize we currently do not have any specific documentation regarding what our minimum supported Python version is.
There was a problem hiding this comment.
No strong need to introduce this. We could remove the type annotation for the sake of caution.
| sessions = TPM2Session.session_bundle_(kwargs.get("tpm2_sessions", None)) | ||
| _DLL.botan_tpm2_rng_init(byref(self.__obj), ctx.handle_(), *sessions) | ||
| else: | ||
| _DLL.botan_rng_init(byref(self.__obj), _ctype_str(rng_type)) |
There was a problem hiding this comment.
Should check here that kwargs is otherwise empty
There was a problem hiding this comment.
Used kwargs.pop() and validated that kwargs is empty after reading all relevant arguments. Also added a test for that.
|
|
||
| from sys import platform | ||
| from time import strptime, mktime, time as system_time | ||
| from binascii import hexlify | ||
| from datetime import datetime | ||
| from collections.abc import Iterable |
There was a problem hiding this comment.
For completeness: this adds a dependency to Python 3.3, if I interpret the documentation correctly. Python 3.9 seems to have added additional functionality to also interpret [] as Iterable, which is vaguely relevant for the use case in this pull request.
reneme
force-pushed
the
feature/tpm2_rng_in_python
branch
from
4c884de
to
613baec
Compare
This merely exposes enough functionality to establish an RNG backed by the TPM. Explicitly enabling the usage of Botan's crypto primitives for the communication with the TPM is also included.
Enough to set up a TPM context, enable Botan's crypto backend and instantiate a TPM-backed RNG with parameter encryption via an unauthenticated Session object.
reneme
force-pushed
the
feature/tpm2_rng_in_python
branch
from
613baec
to
4cb6970
Compare
|
Thanks for the reviews. I addressed Jack's suggestion and rebased to master (after #4325 caused a merge conflict). |
Exposes basic TPM 2.0 functionality via the FFI and the Python bindings.
Currently, this allows creating a TPM context object, enabling the usage of the Botan-based crypto backend, setting up an unauthenticated session for parameter encryption and instantiating a TPM-based RNG object.
Additional functionality (particularly to interface with TPM-hosted key material) may be added later.
Here's an example how the above would look in Python: