fido2.attestation.tpm

Attributes

`TPM_ALG_NULL`
`OID_AIK_CERTIFICATE`
`TPM_GENERATED_VALUE`
`TPM_ST_ATTEST_CERTIFY`

Classes

`TpmRsaScheme`	Enum where members are also (and must be) ints
`TpmAlgAsym`	Enum where members are also (and must be) ints
`TpmAlgHash`	Enum where members are also (and must be) ints
`TpmsCertifyInfo`
`TpmAttestationFormat`	the signature data is defined by [TPMv2-Part2] Section 10.12.8 (TPMS_ATTEST)
`TpmsRsaParms`	Parse TPMS_RSA_PARMS struct
`Tpm2bPublicKeyRsa`	bytes(iterable_of_ints) -> bytes
`TpmEccCurve`	TPM_ECC_CURVE
`TpmiAlgKdf`	TPMI_ALG_KDF
`TpmsEccParms`
`TpmsEccPoint`	TPMS_ECC_POINT
`ATTRIBUTES`	Object attributes
`TpmPublicFormat`	the public area structure is defined by [TPMv2-Part2] Section 12.2.4
`TpmAttestation`	Implements verification of a specific attestation type.

Module Contents

fido2.attestation.tpm.TPM_ALG_NULL = 16

fido2.attestation.tpm.OID_AIK_CERTIFICATE

class fido2.attestation.tpm.TpmRsaScheme[source]

Bases: enum.IntEnum

Enum where members are also (and must be) ints

RSASSA = 20

RSAPSS = 22

OAEP = 23

RSAES = 21

class fido2.attestation.tpm.TpmAlgAsym[source]

Bases: enum.IntEnum

Enum where members are also (and must be) ints

RSA = 1

ECC = 35

class fido2.attestation.tpm.TpmAlgHash[source]

Bases: enum.IntEnum

Enum where members are also (and must be) ints

SHA1 = 4

SHA256 = 11

SHA384 = 12

SHA512 = 13

class fido2.attestation.tpm.TpmsCertifyInfo[source]

name: bytes

qualified_name: bytes

fido2.attestation.tpm.TPM_GENERATED_VALUE = b'\xffTCG'

fido2.attestation.tpm.TPM_ST_ATTEST_CERTIFY = b'\x80\x17'

class fido2.attestation.tpm.TpmAttestationFormat[source]

the signature data is defined by [TPMv2-Part2] Section 10.12.8 (TPMS_ATTEST) as:

TPM_GENERATED_VALUE (0xff544347 aka “ÿTCG”) TPMI_ST_ATTEST - always TPM_ST_ATTEST_CERTIFY (0x8017)

because signing procedure defines it should call TPM_Certify [TPMv2-Part3] Section 18.2

TPM2B_NAME
size (uint16) name (size long)

TPM2B_DATA
size (uint16) name (size long)

TPMS_CLOCK_INFO
clock (uint64) resetCount (uint32) restartCount (uint32) safe (byte) 1 yes, 0 no

firmwareVersion uint64 attested TPMS_CERTIFY_INFO (because TPM_ST_ATTEST_CERTIFY)

name TPM2B_NAME qualified_name TPM2B_NAME

See:: https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-3-Commands-01.38.pdf

name: bytes

data: bytes

clock_info: Tuple[int, int, int, bool]

firmware_version: int

attested: TpmsCertifyInfo

classmethod parse(data)[source]

Parameters:: data (bytes)
Return type:: TpmAttestationFormat

class fido2.attestation.tpm.TpmsRsaParms[source]

Parse TPMS_RSA_PARMS struct

See: https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf section 12.2.3.5

symmetric: int

scheme: int

key_bits: int

exponent: int

classmethod parse(reader, attributes)[source]

class fido2.attestation.tpm.Tpm2bPublicKeyRsa[source]

Bases: bytes

bytes(iterable_of_ints) -> bytes bytes(string, encoding[, errors]) -> bytes bytes(bytes_or_buffer) -> immutable copy of bytes_or_buffer bytes(int) -> bytes object of size given by the parameter initialized with null bytes bytes() -> empty bytes object

Construct an immutable array of bytes from:

an iterable yielding integers in range(256)
a text string encoded using the specified encoding
any object implementing the buffer API.
an integer

classmethod parse(reader)[source]

Parameters:: reader (fido2.utils.ByteBuffer)
Return type:: Tpm2bPublicKeyRsa

class fido2.attestation.tpm.TpmEccCurve[source]

Bases: enum.IntEnum

TPM_ECC_CURVE https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf section 6.4

NONE = 0

NIST_P192 = 1

NIST_P224 = 2

NIST_P256 = 3

NIST_P384 = 4

NIST_P521 = 5

BN_P256 = 16

BN_P638 = 17

SM2_P256 = 32

to_curve()[source]

Return type:: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve

class fido2.attestation.tpm.TpmiAlgKdf[source]

Bases: enum.IntEnum

TPMI_ALG_KDF https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf section 9.28

NULL

KDF1_SP800_56A = 32

KDF2 = 33

KDF1_SP800_108 = 34

class fido2.attestation.tpm.TpmsEccParms[source]

symmetric: int

scheme: int

curve_id: TpmEccCurve

kdf: TpmiAlgKdf

classmethod parse(reader)[source]

Parameters:: reader (fido2.utils.ByteBuffer)
Return type:: TpmsEccParms

class fido2.attestation.tpm.TpmsEccPoint[source]

TPMS_ECC_POINT https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf Section 11.2.5.2

x: bytes

y: bytes

classmethod parse(reader)[source]

Parameters:: reader (fido2.utils.ByteBuffer)
Return type:: TpmsEccPoint

class fido2.attestation.tpm.ATTRIBUTES[source]

Bases: enum.IntEnum

Object attributes see section 8.3

https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf

FIXED_TPM

ST_CLEAR

FIXED_PARENT

SENSITIVE_DATA_ORIGIN

USER_WITH_AUTH

ADMIN_WITH_POLICY

NO_DA

ENCRYPTED_DUPLICATION

RESTRICTED

DECRYPT

SIGN_ENCRYPT

SHALL_BE_ZERO

class fido2.attestation.tpm.TpmPublicFormat[source]

the public area structure is defined by [TPMv2-Part2] Section 12.2.4 (TPMT_PUBLIC) as:

TPMI_ALG_PUBLIC - type TPMI_ALG_HASH - nameAlg

or + to indicate TPM_ALG_NULL

TPMA_OBJECT - objectAttributes TPM2B_DIGEST - authPolicy TPMU_PUBLIC_PARMS - type parameters TPMU_PUBLIC_ID - uniq