types: add __bytes__ to TPMT_SIGNATURE

Make calling bytes(sig) return the underlying signature bytes. Useful to pass the signature to other APIs/libraries who don't use TPM structures. Signed-off-by: Erik Larsson <who+github@cnackers.org>
tpm2-software · Nov 21, 2022 · 8014ee9 · 8014ee9
1 parent 6605520
commit 8014ee9
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 0 deletions.
diff --git a/src/tpm2_pytss/internal/crypto.py b/src/tpm2_pytss/internal/crypto.py
@@ -402,6 +402,21 @@ def _get_digest_size(alg):
     return dt.digest_size
 
 
+def _get_signature_bytes(sig):
+    if sig.sigAlg in (TPM2_ALG.RSAPSS, TPM2_ALG.RSASSA):
+        rb = bytes(sig.signature.rsapss.sig)
+    elif sig.sigAlg == TPM2_ALG.ECDSA:
+        r = int.from_bytes(sig.signature.ecdsa.signatureR, byteorder="big")
+        s = int.from_bytes(sig.signature.ecdsa.signatureS, byteorder="big")
+        rb = encode_dss_signature(r, s)
+    elif sig.sigAlg == TPM2_ALG.HMAC:
+        rb = bytes(sig.signature.hmac)
+    else:
+        raise TypeError(f"unsupported signature algorithm: {sig.sigAlg}")
+
+    return rb
+
+
 def verify_signature_rsa(signature, key, data):
     dt = _get_digest(signature.signature.any.hashAlg)
     if dt is None:

diff --git a/src/tpm2_pytss/types.py b/src/tpm2_pytss/types.py
@@ -29,6 +29,7 @@
     _public_to_pem,
     _getname,
     _verify_signature,
+    _get_signature_bytes,
     private_to_key,
 )
 import tpm2_pytss.constants as constants  # lgtm [py/import-and-import-from]
@@ -2271,6 +2272,16 @@ def verify_signature(self, key, data):
         """
         _verify_signature(self, key, data)
 
+    def __bytes__(self):
+        """Return the underlying bytes for the signature.
+
+        For RSA and HMAC signatures return the signature bytes, for ECDSA return a ASN.1 encoded signature.
+
+        Raises:
+            TypeError: when the signature algorithm is unsupported.
+        """
+        return _get_signature_bytes(self)
+
 
 class TPMU_SIG_SCHEME(TPM_OBJECT):
     pass

diff --git a/test/test_types.py b/test/test_types.py
@@ -1903,6 +1903,34 @@ def test_TSS2_POLICY_PCR_SELECTION(self):
         self.assertEqual(s.selections.pcr_select.sizeofSelect, 3)
         self.assertEqual(bytes(s.selections.pcr_select.pcrSelect), b"\xFF\xFF\xFF\x00")
 
+    def test_TPMT_SIGNATURE(self):
+        ecdsa = TPMT_SIGNATURE(sigAlg=TPM2_ALG.ECDSA)
+        ecdsa.signature.ecdsa.signatureR = b"\x52" * 32
+        ecdsa.signature.ecdsa.signatureS = b"\x53" * 32
+        ecbytes = bytes(ecdsa)
+
+        self.assertEqual(
+            ecbytes,
+            b"0D\x02 RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR\x02 SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS",
+        )
+
+        rsa = TPMT_SIGNATURE(sigAlg=TPM2_ALG.RSAPSS)
+        rsa.signature.rsapss.sig = b"RSA" * 85
+        rsabytes = bytes(rsa)
+
+        self.assertEqual(rsabytes, b"RSA" * 85)
+
+        hmac = TPMT_SIGNATURE(sigAlg=TPM2_ALG.HMAC)
+        hmac.signature.hmac.hashAlg = TPM2_ALG.SHA256
+        hmac.signature.hmac.digest.sha256 = b"HMAC" * 8
+        hmacbytes = bytes(hmac)
+
+        self.assertEqual(hmacbytes, b"HMAC" * 8)
+
+        bad = TPMT_SIGNATURE(sigAlg=TPM2_ALG.NULL)
+        with self.assertRaises(TypeError):
+            bytes(bad)
+
 
 if __name__ == "__main__":
     unittest.main()