williamcroberts

#/usr/bin/env python3

from tpm2_pytss import *
from tpm2_pytss.utils import wrap

# This would come from the client, but we create it here for clarity. You
# could serialize and deserialize a TPM2Bw_PUBLIC of the key to use for object
# protections and just open the file here.
e = ESAPI()
primary_ctx, primary_public = e.create_primary(None)[0:2]

williamcroberts

from tpm2_pytss import *

e = ESAPI()

phandle = e.create_primary(None)[0]

sym = TPMT_SYM_DEF(
        algorithm=TPM2_ALG.XOR,
        keyBits=TPMU_SYM_KEY_BITS(exclusiveOr=TPM2_ALG.SHA256),
        mode=TPMU_SYM_MODE(aes=TPM2_ALG.CFB),

williamcroberts

#!/usr/bin/env python3


import sys
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa

from tpm2_pytss.internal.crypto import _MyRSAPrivateNumbers as MyRSAPrivateNumbers

nums = {

williamcroberts

Complete!
‣   Unmounting API VFS
‣  Unmounting Package Cache
‣  Creating compat symlink /var/lib/rpm → /usr/lib/sysimage/rpm
‣  Copying in build script…
‣  Copying in sources…
‣  Mounting Package Cache
‣  Running postinstall script…
‣  Unmounting Package Cache
‣  Unmounting image

williamcroberts

udo mkosi
‣ Removing output files…
‣ Detaching namespace
‣ Setting up temporary workspace.
‣ Temporary workspace set up in /home/test/workspace/mkosi.systemd.tmppepf6iv_
‣ Running first (development) stage…
‣  Mounting image…
‣   Setting up basic OS tree…
‣   Mounting Package Cache
‣    Installing Fedora Linux…

williamcroberts

  Verifying        : valgrind-1:3.20.0-1.fc37.x86_64                                                                                                                                                                                  430/438 
  Verifying        : valgrind-devel-1:3.20.0-1.fc37.x86_64                                                                                                                                                                            431/438 
  Verifying        : vim-common-2:9.0.1182-1.fc37.x86_64                                                                                                                                                                              432/438 
  Verifying        : vim-data-2:9.0.1182-1.fc37.noarch                                                                                                                                                                                433/438 
  Verifying        : vim-filesystem-2:9.0.1182-1.fc37.noarch        

williamcroberts

wcrobert@wcrobert-mobl1:~/workspace/systemd$ git diff
diff --git a/src/cryptenroll/cryptenroll-tpm2.c b/src/cryptenroll/cryptenroll-tpm2.c
index bd60b79e42a7..cce04e6c4496 100644
--- a/src/cryptenroll/cryptenroll-tpm2.c
+++ b/src/cryptenroll/cryptenroll-tpm2.c
@@ -174,6 +174,7 @@ int enroll_tpm2(struct crypt_device *cd,
                 /* re-stringify pin_str */
                 // Question: r is in int but base64mem returns ssize_t, this was copied
                 // from enroll_fido2 from line 56.
+                erase_and_freep(pin_str);

williamcroberts

#!/usr/bin/env python3

import os

from tpm2_pytss import *
from tpm2_pytss.utils import wrap

esapi = ESAPI()
parent, parent_public = esapi.create_primary(None)[0:2]

williamcroberts

/* SPDX-License-Identifier:	BSD-3-Clause or LGPL-2.1-or-later or MIT */
#include <assert.h>
#include <string.h>
#include <stdio.h>
#include <stdbool.h>
#include <tss2/tss2_tpm2_types.h>
#include <tss2/tss2_mu.h>
#include <openssl/evp.h>

const EVP_MD* tpm2_alg_to_ossl(TPMI_ALG_HASH halg) {

williamcroberts

#!/usr/bin/env python

'''
Setup: 
 With the simulator running, I built an EK: tpm2 createek -c 0x81010005 -G rsa -u ek.ak_pub
 Note this is not the exact template as the EK Spec defines:
  - https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_EKCredentialProfile_v2p4_r3.pdf
  The Unique Buffer field is not 256 bytes of 0's it's just 0 len.
  
  I got the pem file by doing a tpm2 print call: