utils¶
- tpm2_pytss.utils.make_credential(public, credential, name)[source]¶
Encrypts credential for use with activate_credential
- Parameters
public (TPMT_PUBLIC) – The public area of the activation key
credential (bytes) – The credential to be encrypted
name (bytes) – The name of the key associated with the credential
- Returns
A tuple of (TPM2B_ID_OBJECT, TPM2B_ENCRYPTED_SECRET)
- Raises
ValueError – If the public key type is not supported
- tpm2_pytss.utils.unwrap(newparentpub, newparentpriv, public, duplicate, outsymseed, symkey=None, symdef=None)[source]¶
unwraps a key under a TPM key hierarchy. In essence, export key from TPM.
This is the inverse function to the wrap() routine. This is usually performed by the TPM when importing objects, however, if an object is duplicated under a new parent where one has both the public and private keys, the object can be unwrapped.
- Parameters
newparentpub (TPMT_PUBLIC) – The public area of the parent the key was duplicated/wrapped under.
newparentpriv (TPMT_SENSITIVE) – The private key of the parent the key was duplicated/wrapped under.
public (TPM2B_PUBLIC) – The public area of the key to be unwrapped.
duplicate (TPM2B_PRIVATE) – The private or wrapped key to be unwrapped.
outsymseed (TPM2B_ENCRYPTED_SECRET) – The output symmetric seed from a wrap or duplicate call.
symkey (bytes or None) – Symmetric key for inner encryption. Defaults to None. When None
symdef. (and symdef is defined a key will be generated based on the key size for) –
symdef (TPMT_SYMDEF_OBJECT) – Symmetric algorithm to be used for inner encryption, defaults to None.
performed (If None no inner wrapping is) –
what (else this should be set to aes128CFB since that is) –
aes128cfb (the TPM supports. To set to) –
do –
TPMT_SYM_DEF( – algorithm=TPM2_ALG.AES, keyBits=TPMU_SYM_KEY_BITS(sym=128), mode=TPMU_SYM_MODE(sym=TPM2_ALG.CFB),
) –
- Returns
A TPM2B_SENSITIVE which contains the raw key material.
- Raises
ValueError – If the public key type or symmetric algorithm are not supported
- tpm2_pytss.utils.wrap(newparent, public, sensitive, symkey=None, symdef=None)[source]¶
Wraps key under a TPM key hierarchy
A key is wrapped following the Duplication protections of the TPM Architecture specification. The architecture specification is found in “Part 1: Architecture” at the following link: - https://trustedcomputinggroup.org/resource/tpm-library-specification/
At the time of this writing, spec 1.59 was most recent and it was under section 23.3, titled “Duplication”.
- Parameters
newparent (TPMT_PUBLIC) – The public area of the parent
public (TPM2B_PUBLIC) – The public area of the key
sensitive (TPM2B_SENSITIVE) – The sensitive area of the key
symkey (bytes or None) – Symmetric key for inner encryption. Defaults to None. When None
symdef. (and symdef is defined a key will be generated based on the key size for) –
symdef (TPMT_SYMDEF_OBJECT) – Symmetric algorithm to be used for inner encryption, defaults to None.
performed (If None no inner wrapping is) –
what (else this should be set to aes128CFB since that is) –
aes128cfb (the TPM supports. To set to) –
do –
TPMT_SYM_DEF( – algorithm=TPM2_ALG.AES, keyBits=TPMU_SYM_KEY_BITS(sym=128), mode=TPMU_SYM_MODE(sym=TPM2_ALG.CFB),
) –
- Returns
A tuple of (TPM2B_DATA, TPM2B_PRIVATE, TPM2B_ENCRYPTED_SECRET) which is the encryption key, the the wrapped duplicate and the encrypted seed.
- Raises
ValueError – If the public key type or symmetric algorithm are not supported