-
Notifications
You must be signed in to change notification settings - Fork 564
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TPM2: Basic bindings in FFI & Python #4361
TPM2: Basic bindings in FFI & Python #4361
Conversation
ffeac51
to
1818e54
Compare
1818e54
to
bf4a0dc
Compare
83bacd0
to
4c884de
Compare
@@ -20,11 +21,13 @@ | |||
|
|||
from ctypes import CDLL, CFUNCTYPE, POINTER, byref, create_string_buffer, \ | |||
c_void_p, c_size_t, c_uint8, c_uint32, c_uint64, c_int, c_uint, c_char, c_char_p, addressof | |||
from typing import Callable |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This introduces a hard dependency on at least Python 3.5. Which seems fine - that version was released in 2015 - but I realize we currently do not have any specific documentation regarding what our minimum supported Python version is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No strong need to introduce this. We could remove the type annotation for the sake of caution.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One tiny nit in the Python
sessions = TPM2Session.session_bundle_(kwargs.get("tpm2_sessions", None)) | ||
_DLL.botan_tpm2_rng_init(byref(self.__obj), ctx.handle_(), *sessions) | ||
else: | ||
_DLL.botan_rng_init(byref(self.__obj), _ctype_str(rng_type)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should check here that kwargs is otherwise empty
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Used kwargs.pop()
and validated that kwargs
is empty after reading all relevant arguments. Also added a test for that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
|
||
from sys import platform | ||
from time import strptime, mktime, time as system_time | ||
from binascii import hexlify | ||
from datetime import datetime | ||
from collections.abc import Iterable |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For completeness: this adds a dependency to Python 3.3, if I interpret the documentation correctly. Python 3.9 seems to have added additional functionality to also interpret []
as Iterable
, which is vaguely relevant for the use case in this pull request.
4c884de
to
613baec
Compare
This merely exposes enough functionality to establish an RNG backed by the TPM. Explicitly enabling the usage of Botan's crypto primitives for the communication with the TPM is also included.
Enough to set up a TPM context, enable Botan's crypto backend and instantiate a TPM-backed RNG with parameter encryption via an unauthenticated Session object.
613baec
to
4cb6970
Compare
Thanks for the reviews. I addressed Jack's suggestion and rebased to master (after #4325 caused a merge conflict). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Exposes basic TPM 2.0 functionality via the FFI and the Python bindings.
Currently, this allows creating a TPM context object, enabling the usage of the Botan-based crypto backend, setting up an unauthenticated session for parameter encryption and instantiating a TPM-based RNG object.
Additional functionality (particularly to interface with TPM-hosted key material) may be added later.
Here's an example how the above would look in Python: