Beispiel #1
0
def calculate_response(challenge, user_id, password):
    obj = decode(challenge)
    out = {
        1: [49],
        2: obj[2],
        3: obj[3],
        8: [ord(c) for c in user_id],
        9: [ord(c) for c in password],
    }
    encoded = encode(out)
    pub_key = RSAPublicNumbers(ba2num(obj[5]), ba2num(obj[4])).public_key(default_backend())
    encrypted = pub_key.encrypt(ba2bytes(encoded), PKCS1v15())
    return bytes2hex(encrypted)
Beispiel #2
0
    def take_ownership(self, ownerpass_digest, srkpass_digest, pubek):
        """ Run TPM_TakeOwernship """

        exponent = int('10001', 16)
        modulus = int(pubek.hex(), 16)
        pubekkey = RSAPublicNumbers(
            exponent, modulus).public_key(backend=default_backend())

        oaep = padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA1()),
                            algorithm=hashes.SHA1(),
                            label="TCPA".encode())
        enc_owner_auth = pubekkey.encrypt(ownerpass_digest, oaep)
        enc_srk_auth = pubekkey.encrypt(srkpass_digest, oaep)

        nonce_even, auth_handle, ret = self.oiap()
        if ret != 0:
            return 1

        tpm_rsa_key_parms = struct.pack(
            ">III",
            2048,  # keyLength
            2,  # numPrimes
            0)  # exponentSize
        tpm_key_parms = struct.pack(
            ">I HH I%ds" % (len(tpm_rsa_key_parms)),
            TPM_ALG_RSA,  # algorithmId
            TPM_ES_RSAESOAEP_SHA1_MGF1,  # encScheme
            TPM_SS_NONE,  # sigScheme
            len(tpm_rsa_key_parms),
            tpm_rsa_key_parms)
        tpm_key12 = struct.pack(
            ">HH HIB %ds I I I" % (len(tpm_key_parms)),
            TPM_TAG_KEY12,
            0,
            TPM_KEY_STORAGE,  # keyUsage
            0,  # keyFlags
            TPM_AUTH_ALWAYS,  # authDataUsage
            tpm_key_parms,
            0,
            0,
            0)
        fmt_auth = ">I20sB20s"
        fmt = ">HII H I256s I256s %ds" % len(tpm_key12)
        nonce_odd = os.urandom(20)
        req = struct.pack(fmt, TPM_TAG_RQU_AUTH1_COMMAND,
                          struct.calcsize(fmt) + struct.calcsize(fmt_auth),
                          TPM_ORD_TAKE_OWNERSHIP, TPM_PID_OWNER,
                          len(enc_owner_auth), enc_owner_auth,
                          len(enc_srk_auth), enc_srk_auth, tpm_key12)
        # req needs authhandle, nonceodd & ownerAuth appended
        shainput = struct.unpack("%ds" % (len(req) - 6), req[6:len(req)])[0]
        in_param_digest = sha1(shainput)

        continue_auth_session = 0
        in_auth_setup_params = struct.pack(">20s20sB", nonce_even, nonce_odd,
                                           continue_auth_session)
        macinput = struct.pack(">20s %ds" % len(in_auth_setup_params),
                               in_param_digest, in_auth_setup_params)
        myhmac = hmac.HMAC(ownerpass_digest,
                           hashes.SHA1(),
                           backend=default_backend())
        myhmac.update(macinput)
        owner_auth = myhmac.finalize()

        req += struct.pack(fmt_auth, auth_handle, nonce_odd,
                           continue_auth_session, owner_auth)

        _, ret = self.transfer(req, "TPM_TakeOwnership")
        return ret