[AZ-182][AZ-184][AZ-187] Batch 1

Made-with: Cursor

src/tpm_security_provider.py

@@ -0,0 +1,57 @@
+from security import (
+    security_calc_hash,
+    security_decrypt_to,
+    security_encrypt_to,
+    security_get_api_encryption_key,
+    security_get_hw_hash,
+    security_get_resource_encryption_key,
+)
+from credentials import Credentials
+from security_provider import SecurityProvider
+
+
+class TpmSecurityProvider(SecurityProvider):
+    def __init__(self):
+        try:
+            from tpm2_pytss import FAPI
+            from tpm2_pytss import TSS2_Exception
+        except (ImportError, NotImplementedError) as e:
+            raise RuntimeError("tpm2-pytss FAPI is not available") from e
+        self._TSS2_Exception = TSS2_Exception
+        self._fapi = FAPI()
+        try:
+            self._fapi.provision(is_provisioned_ok=True)
+        except TSS2_Exception:
+            pass
+        self._fapi.get_random(1)
+
+    @property
+    def kind(self) -> str:
+        return "tpm"
+
+    def encrypt_to(self, input_bytes: bytes, key: str) -> bytes:
+        return security_encrypt_to(input_bytes, key)
+
+    def decrypt_to(self, ciphertext_with_iv_bytes: bytes, key: str) -> bytes:
+        return security_decrypt_to(ciphertext_with_iv_bytes, key)
+
+    def get_hw_hash(self, hardware: str) -> str:
+        return security_get_hw_hash(hardware)
+
+    def get_api_encryption_key(
+        self, creds_email: str, creds_password: str, hardware_hash: str
+    ) -> str:
+        creds = Credentials(creds_email, creds_password)
+        return security_get_api_encryption_key(creds, hardware_hash)
+
+    def get_resource_encryption_key(self) -> str:
+        return security_get_resource_encryption_key()
+
+    def calc_hash(self, key: str) -> str:
+        return security_calc_hash(key)
+
+    def seal(self, object_path: str, data: bytes) -> None:
+        self._fapi.create_seal(object_path, data=data, exists_ok=True)
+
+    def unseal(self, object_path: str) -> bytes:
+        return self._fapi.unseal(object_path)