mirror of
https://github.com/azaion/loader.git
synced 2026-04-22 06:56:31 +00:00
Oleksandr Bezdieniezhnykh
58 lines
1.9 KiB
Python
58 lines
1.9 KiB
Python
from security import (
|
|
security_calc_hash,
|
|
security_decrypt_to,
|
|
security_encrypt_to,
|
|
security_get_api_encryption_key,
|
|
security_get_hw_hash,
|
|
security_get_resource_encryption_key,
|
|
)
|
|
from credentials import Credentials
|
|
from security_provider import SecurityProvider
|
|
|
|
|
|
class TpmSecurityProvider(SecurityProvider):
|
|
def __init__(self):
|
|
try:
|
|
from tpm2_pytss import FAPI
|
|
from tpm2_pytss import TSS2_Exception
|
|
except (ImportError, NotImplementedError) as e:
|
|
raise RuntimeError("tpm2-pytss FAPI is not available") from e
|
|
self._TSS2_Exception = TSS2_Exception
|
|
self._fapi = FAPI()
|
|
try:
|
|
self._fapi.provision(is_provisioned_ok=True)
|
|
except TSS2_Exception:
|
|
pass
|
|
self._fapi.get_random(1)
|
|
|
|
@property
|
|
def kind(self) -> str:
|
|
return "tpm"
|
|
|
|
def encrypt_to(self, input_bytes: bytes, key: str) -> bytes:
|
|
return security_encrypt_to(input_bytes, key)
|
|
|
|
def decrypt_to(self, ciphertext_with_iv_bytes: bytes, key: str) -> bytes:
|
|
return security_decrypt_to(ciphertext_with_iv_bytes, key)
|
|
|
|
def get_hw_hash(self, hardware: str) -> str:
|
|
return security_get_hw_hash(hardware)
|
|
|
|
def get_api_encryption_key(
|
|
self, creds_email: str, creds_password: str, hardware_hash: str
|
|
) -> str:
|
|
creds = Credentials(creds_email, creds_password)
|
|
return security_get_api_encryption_key(creds, hardware_hash)
|
|
|
|
def get_resource_encryption_key(self) -> str:
|
|
return security_get_resource_encryption_key()
|
|
|
|
def calc_hash(self, key: str) -> str:
|
|
return security_calc_hash(key)
|
|
|
|
def seal(self, object_path: str, data: bytes) -> None:
|
|
self._fapi.create_seal(object_path, data=data, exists_ok=True)
|
|
|
|
def unseal(self, object_path: str) -> bytes:
|
|
return self._fapi.unseal(object_path)
|