Botan 3.9.0
Crypto and TLS for C&
Botan::TPM2::Context Class Referencefinal

#include <tpm2_context.h>

Inheritance diagram for Botan::TPM2::Context:

Public Member Functions

 Context (const Context &)=delete
 Context (Context &&) noexcept
ESYS_CONTEXT * esys_context () noexcept
void evict (std::unique_ptr< TPM2::PrivateKey > key, const SessionBundle &sessions)
 Evicts a persistent key from the TPM. The key cannot be used after.
std::optional< TPM2_HANDLEfind_free_persistent_handle () const
std::string manufacturer () const
size_t max_random_bytes_per_request () const
 operator ESYS_CONTEXT * () noexcept
Contextoperator= (const Context &)=delete
Contextoperator= (Context &&) noexcept
TPM2_HANDLE persist (TPM2::PrivateKey &key, const SessionBundle &sessions, std::span< const uint8_t > auth_value={}, std::optional< TPM2_HANDLE > persistent_handle=std::nullopt)
 Makes key persistent at location persistent_handle or any free.
std::vector< TPM2_HANDLEpersistent_handles () const
std::unique_ptr< TPM2::PrivateKeystorage_root_key (std::span< const uint8_t > auth_value, const SessionBundle &sessions)
bool supports_algorithm (std::string_view algo_name) const
std::vector< ESYS_TRtransient_handles () const
void use_botan_crypto_backend (const std::shared_ptr< Botan::RandomNumberGenerator > &rng)
bool uses_botan_crypto_backend () const noexcept
std::string vendor () const
 ~Context ()

Static Public Member Functions

static std::shared_ptr< Contextcreate (const std::string &tcti_nameconf)
static std::shared_ptr< Contextcreate (ESYS_CONTEXT *ctx)
static std::shared_ptr< Contextcreate (std::optional< std::string > tcti={}, std::optional< std::string > conf={})
static bool supports_botan_crypto_backend () noexcept

Detailed Description

Central class for interacting with a TPM2. Additional to managing the connection to the TPM, this provides authorative information about the TPM's capabilities. Also, it allows to persist and evict keys generated by the TPM.

Definition at line 39 of file tpm2_context.h.

Constructor & Destructor Documentation

◆ Context() [1/2]

Botan::TPM2::Context::Context ( const Context & )
delete

◆ Context() [2/2]

Botan::TPM2::Context::Context ( Context && )
defaultnoexcept

References Context().

◆ ~Context()

Botan::TPM2::Context::~Context ( )

Definition at line 411 of file tpm2_context.cpp.

411 {
412 if(!m_impl) {
413 return;
414 }
415
416#if defined(BOTAN_HAS_TPM2_CRYPTO_BACKEND)
417 // If this object manages a crypto backend state object and the ESYS context
418 // will live on, because it was externally provided, we have to de-register
419 // this state object from the crypto callbacks.
420 //
421 // This will prevent the crypto backend callbacks from using a dangling
422 // pointer and cause graceful errors if the externally provided ESYS context
423 // is used for any action that would still need the crypto backend state.
424 //
425 // We deliberately do not just disable the crypto backend silently, as that
426 // might give users the false impression that they continue to benefit from
427 // the crypto backend while in fact they're back to the TSS' default.
428 if(m_impl->m_external && uses_botan_crypto_backend()) {
429 try {
430 set_crypto_callbacks(esys_context(), nullptr /* reset callback state */);
431 } catch(...) {
432 // ignore errors in destructor
433 }
434 m_impl->m_crypto_callback_state.reset();
435 }
436#endif
437
438 // We don't finalize contexts that were provided externally. Those are
439 // expected to be handled by the library users' applications.
440 if(!m_impl->m_external) {
441 // If the TCTI context was initialized explicitly, Esys_GetTcti() will
442 // return a pointer to the TCTI context that then has to be finalized
443 // explicitly. See ESAPI Specification Section 6.3 "Esys_GetTcti".
444 TSS2_TCTI_CONTEXT* tcti_ctx = nullptr;
445 Esys_GetTcti(m_impl->m_ctx, &tcti_ctx); // ignore error in destructor
446 if(tcti_ctx != nullptr) {
447 Tss2_TctiLdr_Finalize(&tcti_ctx);
448 }
449
450 Esys_Finalize(&m_impl->m_ctx);
451 }
452}
ESYS_CONTEXT * esys_context() noexcept
bool uses_botan_crypto_backend() const noexcept
void set_crypto_callbacks(ESYS_CONTEXT *ctx, void *callback_state)

References esys_context(), Botan::TPM2::set_crypto_callbacks(), and uses_botan_crypto_backend().

Member Function Documentation

◆ create() [1/3]

std::shared_ptr< Context > Botan::TPM2::Context::create ( const std::string & tcti_nameconf)
static
Parameters
tcti_nameconfthis is passed to Tss2_TctiLdr_Initialize verbatim

Definition at line 55 of file tpm2_context.cpp.

55 {
56 TSS2_TCTI_CONTEXT* tcti_ctx = nullptr;
57 ESYS_CONTEXT* esys_ctx = nullptr;
58 check_rc("TCTI Initialization", Tss2_TctiLdr_Initialize(tcti_nameconf.c_str(), &tcti_ctx));
59 BOTAN_ASSERT_NONNULL(tcti_ctx);
60 check_rc("TPM2 Initialization", Esys_Initialize(&esys_ctx, tcti_ctx, nullptr /* ABI version */));
61 BOTAN_ASSERT_NONNULL(esys_ctx);
62
63 // We cannot std::make_shared as the constructor is private
64 return std::shared_ptr<Context>(new Context(esys_ctx, false /* context is managed by us */));
65}
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:114
Context(const Context &)=delete
constexpr void check_rc(std::string_view location, TSS2_RC rc)
Definition tpm2_util.h:55

References BOTAN_ASSERT_NONNULL, Botan::TPM2::check_rc(), and Context().

Referenced by botan_tpm2_ctx_from_esys(), botan_tpm2_ctx_init(), and botan_tpm2_ctx_init_ex().

◆ create() [2/3]

std::shared_ptr< Context > Botan::TPM2::Context::create ( ESYS_CONTEXT * ctx)
static

Create a TPM2::Context from an externally sourced TPM2-TSS ESYS Context. Note that the input contexts need to remain alive for the lifetime of the entire TPM2::Context! This allows to use Botan's TPM2 functionality within an exising ESAPI application.

Note that Botan won't finalize an externally provided ESYS context, this responsibility remains with the caller in this case.

Parameters
ctxthe already set up ESYS_CONTEXT*

Definition at line 82 of file tpm2_context.cpp.

82 {
83 BOTAN_ARG_CHECK(esys_ctx != nullptr, "provided esys_ctx must not be null");
84
85 // We cannot std::make_shared as the constructor is private
86 return std::shared_ptr<Context>(new Context(esys_ctx, true /* context is managed externally */));
87}
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33

References BOTAN_ARG_CHECK, and Context().

◆ create() [3/3]

std::shared_ptr< Context > Botan::TPM2::Context::create ( std::optional< std::string > tcti = {},
std::optional< std::string > conf = {} )
static
Parameters
tctiif set this is passed to Tss2_TctiLdr_Initialize_Ex verbatim otherwise a nullptr is passed.
confif set this is passed to Tss2_TctiLdr_Initialize_Ex verbatim otherwise a nullptr is passed.

Definition at line 67 of file tpm2_context.cpp.

67 {
68 const char* const tcti_ptr = tcti.has_value() ? tcti->c_str() : nullptr;
69 const char* const conf_ptr = conf.has_value() ? conf->c_str() : nullptr;
70
71 TSS2_TCTI_CONTEXT* tcti_ctx = nullptr;
72 ESYS_CONTEXT* esys_ctx = nullptr;
73 check_rc("TCTI Initialization", Tss2_TctiLdr_Initialize_Ex(tcti_ptr, conf_ptr, &tcti_ctx));
74 BOTAN_ASSERT_NONNULL(tcti_ctx);
75 check_rc("TPM2 Initialization", Esys_Initialize(&esys_ctx, tcti_ctx, nullptr /* ABI version */));
76 BOTAN_ASSERT_NONNULL(esys_ctx);
77
78 // We cannot std::make_shared as the constructor is private
79 return std::shared_ptr<Context>(new Context(esys_ctx, false /* context is managed by us */));
80}

References BOTAN_ASSERT_NONNULL, Botan::TPM2::check_rc(), and Context().

◆ esys_context()

ESYS_CONTEXT * Botan::TPM2::Context::esys_context ( )
noexcept
Returns
an ESYS_CONTEXT* for use in other TPM2 functions.

Definition at line 123 of file tpm2_context.cpp.

123 {
124 return m_impl->m_ctx;
125}

Referenced by operator ESYS_CONTEXT *(), operator=(), use_botan_crypto_backend(), and ~Context().

◆ evict()

void Botan::TPM2::Context::evict ( std::unique_ptr< TPM2::PrivateKey > key,
const SessionBundle & sessions )

Evicts a persistent key from the TPM. The key cannot be used after.

Definition at line 385 of file tpm2_context.cpp.

385 {
387
388 auto& handles = key->handles();
389 BOTAN_ARG_CHECK(handles.has_persistent_handle(), "Key does not have a persistent handle assigned");
390
391 // 1. Evict the key from the TPM's NV storage
392 // This will free the persistent handle, but the transient handle will
393 // still be valid.
394 ESYS_TR no_new_handle = ESYS_TR_NONE;
395 check_rc("Esys_EvictControl",
396 Esys_EvictControl(m_impl->m_ctx,
397 ESYS_TR_RH_OWNER /*TODO: hierarchy*/,
398 handles.transient_handle(),
399 sessions[0],
400 sessions[1],
401 sessions[2],
402 0,
403 &no_new_handle));
404 BOTAN_ASSERT(no_new_handle == ESYS_TR_NONE, "When deleting a key, no new handle is returned");
405
406 // 2. The persistent key was deleted and the transient key was flushed by
407 // Esys_EvictControl().
408 handles._disengage();
409}
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:62
uint32_t ESYS_TR
Forward declaration of TSS2 type for convenience.

References BOTAN_ARG_CHECK, BOTAN_ASSERT, BOTAN_ASSERT_NONNULL, and Botan::TPM2::check_rc().

◆ find_free_persistent_handle()

std::optional< TPM2_HANDLE > Botan::TPM2::Context::find_free_persistent_handle ( ) const
Returns
a persistent handle that is currently not in use or std::nullopt if no such handle is available

Definition at line 305 of file tpm2_context.cpp.

305 {
306 const auto occupied_handles = persistent_handles();
307
308 // This is modeled after the implementation in tpm2-tools, which also takes
309 // "platform persistent" handles into account. We don't do that here, but
310 // we might need to in the future.
311 //
312 // See: https://github.com/tpm2-software/tpm2-tools/blob/bd832d3f79/lib/tpm2_capability.c#L143-L196
313
314 // all persistent handles are occupied
315 if(occupied_handles.size() >= TPM2_MAX_CAP_HANDLES) {
316 return std::nullopt;
317 }
318
319 // find the lowest handle that is not occupied
320 for(TPM2_HANDLE i = TPM2_PERSISTENT_FIRST; i < TPM2_PERSISTENT_LAST; ++i) {
321 if(!value_exists(occupied_handles, i)) {
322 return i;
323 }
324 }
325
327}
#define BOTAN_ASSERT_UNREACHABLE()
Definition assert.h:163
std::vector< TPM2_HANDLE > persistent_handles() const
bool value_exists(const std::vector< T > &vec, const OT &val)
Definition stl_util.h:52
uint32_t TPM2_HANDLE
Forward declaration of TSS2 type for convenience.

References BOTAN_ASSERT_UNREACHABLE, persistent_handles(), and Botan::value_exists().

Referenced by persist().

◆ manufacturer()

std::string Botan::TPM2::Context::manufacturer ( ) const
Returns
the Manufacturer of the TPM2

Definition at line 224 of file tpm2_context.cpp.

224 {
225 std::array<uint8_t, 4 + 1 /* ensure zero termination */> manufacturer_data{};
226 store_be(std::span{manufacturer_data}.first<4>(), get_tpm_property(m_impl->m_ctx, TPM2_PT_MANUFACTURER));
227 return std::string(cast_uint8_ptr_to_char(manufacturer_data.data()));
228}
const char * cast_uint8_ptr_to_char(const uint8_t *b)
Definition mem_ops.h:282
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:745

References Botan::cast_uint8_ptr_to_char(), and Botan::store_be().

◆ max_random_bytes_per_request()

size_t Botan::TPM2::Context::max_random_bytes_per_request ( ) const
Returns
the maximum number of random bytes to be requested at once

Definition at line 292 of file tpm2_context.cpp.

292 {
293 return get_tpm_property(m_impl->m_ctx, TPM2_PT_MAX_DIGEST);
294}

◆ operator ESYS_CONTEXT *()

Botan::TPM2::Context::operator ESYS_CONTEXT * ( )
inlinenoexcept

Definition at line 105 of file tpm2_context.h.

105{ return esys_context(); }

References esys_context().

◆ operator=() [1/2]

Context & Botan::TPM2::Context::operator= ( const Context & )
delete

References Context().

◆ operator=() [2/2]

Context & Botan::TPM2::Context::operator= ( Context && )
defaultnoexcept

◆ persist()

TPM2_HANDLE Botan::TPM2::Context::persist ( TPM2::PrivateKey & key,
const SessionBundle & sessions,
std::span< const uint8_t > auth_value = {},
std::optional< TPM2_HANDLE > persistent_handle = std::nullopt )

Makes key persistent at location persistent_handle or any free.

Definition at line 334 of file tpm2_context.cpp.

337 {
338 auto& handles = key.handles();
339
340 BOTAN_ARG_CHECK(!persistent_handle || !value_exists(persistent_handles(), persistent_handle.value()),
341 "Persistent handle already in use");
342 BOTAN_ARG_CHECK(!handles.has_persistent_handle(), "Key already has a persistent handle assigned");
343
344 // 1. Decide on the location to persist the key to.
345 // This uses either the handle provided by the caller or a free handle.
346 const std::optional<TPMI_DH_PERSISTENT> new_persistent_handle =
347 persistent_handle.has_value() ? persistent_handle : find_free_persistent_handle();
348
349 BOTAN_STATE_CHECK(new_persistent_handle.has_value());
350
351 // 2. Persist the transient key in the TPM's NV storage
352 // This will flush the transient key handle and replace it with a new
353 // transient handle that references the persisted key.
354 check_rc("Esys_EvictControl",
355 Esys_EvictControl(m_impl->m_ctx,
356 ESYS_TR_RH_OWNER /*TODO: hierarchy*/,
357 handles.transient_handle(),
358 sessions[0],
359 sessions[1],
360 sessions[2],
361 *new_persistent_handle,
362 out_transient_handle(handles)));
363 BOTAN_ASSERT_NOMSG(handles.has_transient_handle());
364
365 // 3. Reset the auth value of the key object
366 // This is necessary to ensure that the key object remains usable after
367 // the transient handle was recreated inside Esys_EvictControl().
368 if(!auth_value.empty()) {
369 const auto user_auth = copy_into<TPM2B_AUTH>(auth_value);
370 check_rc("Esys_TR_SetAuth", Esys_TR_SetAuth(m_impl->m_ctx, handles.transient_handle(), &user_auth));
371 }
372
373 // 4. Update the key object with the new persistent handle
374 // This double-checks that the key was persisted at the correct location,
375 // but also brings the key object into a consistent state.
376 check_rc("Esys_TR_GetTpmHandle",
377 Esys_TR_GetTpmHandle(m_impl->m_ctx, handles.transient_handle(), out_persistent_handle(handles)));
378
379 BOTAN_ASSERT_NOMSG(handles.has_persistent_handle());
380 BOTAN_ASSERT_EQUAL(*new_persistent_handle, handles.persistent_handle(), "key was persisted at the correct location");
381
382 return *new_persistent_handle;
383}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition assert.h:88
std::optional< TPM2_HANDLE > find_free_persistent_handle() const
constexpr auto out_persistent_handle(Object &object)
Definition tpm2_util.h:225
constexpr auto out_transient_handle(Object &object)
Definition tpm2_util.h:219
constexpr void copy_into(T &dest, std::span< const uint8_t > data)
Definition tpm2_util.h:118

References BOTAN_ARG_CHECK, BOTAN_ASSERT_EQUAL, BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, Botan::TPM2::check_rc(), Botan::TPM2::copy_into(), find_free_persistent_handle(), Botan::TPM2::PrivateKey::handles(), Botan::TPM2::out_persistent_handle(), Botan::TPM2::out_transient_handle(), persistent_handles(), and Botan::value_exists().

◆ persistent_handles()

std::vector< TPM2_HANDLE > Botan::TPM2::Context::persistent_handles ( ) const

Definition at line 329 of file tpm2_context.cpp.

329 {
330 return get_tpm_property_list<TPM2_CAP_HANDLES, TPM2_HANDLE>(
331 m_impl->m_ctx, TPM2_PERSISTENT_FIRST, TPM2_MAX_CAP_HANDLES);
332}

Referenced by find_free_persistent_handle(), and persist().

◆ storage_root_key()

std::unique_ptr< TPM2::PrivateKey > Botan::TPM2::Context::storage_root_key ( std::span< const uint8_t > auth_value,
const SessionBundle & sessions )

Definition at line 296 of file tpm2_context.cpp.

297 {
298 return TPM2::PrivateKey::load_persistent(shared_from_this(), storage_root_key_handle, auth_value, sessions);
299}
static std::unique_ptr< PrivateKey > load_persistent(const std::shared_ptr< Context > &ctx, TPM2_HANDLE persistent_object_handle, std::span< const uint8_t > auth_value, const SessionBundle &sessions)
Definition tpm2_key.cpp:177

References Botan::TPM2::PrivateKey::load_persistent().

◆ supports_algorithm()

bool Botan::TPM2::Context::supports_algorithm ( std::string_view algo_name) const

The algo_name can be any of the string algorithm specifiers used elsewhere. For example, "RSA", "AES-128", "SHA-1", "CTR(3DES)", etc.

Returns
true if the specified algorithm is supported by the TPM

Definition at line 230 of file tpm2_context.cpp.

230 {
231 // Go through all the string mappings we have available and check if we
232 // can find the algorithm name in any of them. If we do, we can check if
233 // the TPM supports the required algorithms.
234 const auto required_alg_ids = [&]() -> std::vector<TPM2_ALG_ID> {
235 std::vector<TPM2_ALG_ID> result;
236 if(auto algo_id = asymmetric_algorithm_botan_to_tss2(algo_name)) {
237 result.push_back(algo_id.value());
238 }
239
240 if(auto hash_id = hash_algo_botan_to_tss2(algo_name)) {
241 result.push_back(hash_id.value());
242 }
243
244 if(auto block_id = block_cipher_botan_to_tss2(algo_name)) {
245 result.push_back(block_id->first);
246 }
247
248 if(auto cipher_mode_id = cipher_mode_botan_to_tss2(algo_name)) {
249 result.push_back(cipher_mode_id.value());
250 }
251
252 if(auto cipher_spec = cipher_botan_to_tss2(algo_name)) {
253 result.push_back(cipher_spec->algorithm);
254 result.push_back(cipher_spec->mode.sym);
255 }
256
257 if(auto sig_padding = rsa_signature_padding_botan_to_tss2(algo_name)) {
258 result.push_back(sig_padding.value());
259 }
260
261 if(auto sig = rsa_signature_scheme_botan_to_tss2(algo_name)) {
262 result.push_back(sig->scheme);
263 result.push_back(sig->details.any.hashAlg);
264 }
265
266 if(auto enc_scheme = rsa_encryption_scheme_botan_to_tss2(algo_name)) {
267 result.push_back(enc_scheme->scheme);
268 if(enc_scheme->scheme == TPM2_ALG_OAEP) {
269 result.push_back(enc_scheme->details.oaep.hashAlg);
270 }
271 }
272
273 if(auto enc_id = rsa_encryption_padding_botan_to_tss2(algo_name)) {
274 result.push_back(enc_id.value());
275 }
276
277 return result;
278 }();
279
280 if(required_alg_ids.empty()) {
281 // The algorithm name is not known to us, so we cannot check for support.
282 return false;
283 }
284
285 const auto algo_caps =
286 get_tpm_property_list<TPM2_CAP_ALGS, TPM2_ALG_ID>(m_impl->m_ctx, TPM2_ALG_FIRST, TPM2_MAX_CAP_ALGS);
287
288 return std::all_of(
289 required_alg_ids.begin(), required_alg_ids.end(), [&](TPM2_ALG_ID id) { return value_exists(algo_caps, id); });
290}
std::optional< TPMT_SIG_SCHEME > rsa_signature_scheme_botan_to_tss2(std::string_view name)
std::optional< TPMI_ALG_SIG_SCHEME > rsa_signature_padding_botan_to_tss2(std::string_view padding_name) noexcept
std::optional< TPMI_ALG_ASYM_SCHEME > rsa_encryption_padding_botan_to_tss2(std::string_view name) noexcept
std::optional< std::pair< TPMI_ALG_SYM, TPM2_KEY_BITS > > block_cipher_botan_to_tss2(std::string_view cipher_name) noexcept
std::optional< TPMT_SYM_DEF > cipher_botan_to_tss2(std::string_view algo_name)
std::optional< TPMT_RSA_DECRYPT > rsa_encryption_scheme_botan_to_tss2(std::string_view padding)
std::optional< TPMI_ALG_HASH > hash_algo_botan_to_tss2(std::string_view hash_name) noexcept
std::optional< TPM2_ALG_ID > asymmetric_algorithm_botan_to_tss2(std::string_view algo_name) noexcept
std::optional< TPMI_ALG_SYM_MODE > cipher_mode_botan_to_tss2(std::string_view mode_name) noexcept

References Botan::TPM2::asymmetric_algorithm_botan_to_tss2(), Botan::TPM2::block_cipher_botan_to_tss2(), Botan::TPM2::cipher_botan_to_tss2(), Botan::TPM2::cipher_mode_botan_to_tss2(), Botan::TPM2::hash_algo_botan_to_tss2(), Botan::TPM2::rsa_encryption_padding_botan_to_tss2(), Botan::TPM2::rsa_encryption_scheme_botan_to_tss2(), Botan::TPM2::rsa_signature_padding_botan_to_tss2(), and Botan::TPM2::rsa_signature_scheme_botan_to_tss2().

◆ supports_botan_crypto_backend()

bool Botan::TPM2::Context::supports_botan_crypto_backend ( )
staticnoexcept

Checks if the TSS2 supports registering Botan's crypto backend at runtime. Older versions of the TSS2 do not support this feature ( 4.0.0), also Botan may be compiled without support for TSS' crypto backend.

Returns
true if the TSS2 supports Botan's crypto backend

Definition at line 47 of file tpm2_context.cpp.

47 {
48#if defined(BOTAN_HAS_TPM2_CRYPTO_BACKEND)
50#else
51 return false;
52#endif
53}
bool supports_botan_crypto_backend() noexcept

References Botan::TPM2::supports_botan_crypto_backend().

Referenced by botan_tpm2_supports_crypto_backend(), and operator=().

◆ transient_handles()

std::vector< ESYS_TR > Botan::TPM2::Context::transient_handles ( ) const

Definition at line 301 of file tpm2_context.cpp.

301 {
302 return get_tpm_property_list<TPM2_CAP_HANDLES, ESYS_TR>(m_impl->m_ctx, TPM2_TRANSIENT_FIRST, TPM2_MAX_CAP_HANDLES);
303}

◆ use_botan_crypto_backend()

void Botan::TPM2::Context::use_botan_crypto_backend ( const std::shared_ptr< Botan::RandomNumberGenerator > & rng)

Overrides the TSS2's crypto callbacks with Botan's functionality.

This replaces all cryptographic functionality required for the communication with the TPM by botan's implementations. The TSS2 would otherwise use OpenSSL or mbedTLS.

Note that the provided rng should not be dependent on the TPM.

Parameters
rngthe RNG to use for the crypto operations
Exceptions
Not_Implementedif the TPM2-TSS does not support crypto callbacks
See also
supports_botan_crypto_backend()

Definition at line 98 of file tpm2_context.cpp.

98 {
99#if defined(BOTAN_HAS_TPM2_CRYPTO_BACKEND)
101 m_impl->m_crypto_callback_state = Botan::TPM2::use_botan_crypto_backend(esys_context(), rng);
102#else
103 BOTAN_UNUSED(rng);
104 throw Not_Implemented("This build of botan does not provide the TPM2 crypto backend");
105#endif
106}
#define BOTAN_UNUSED
Definition assert.h:144
std::unique_ptr< CryptoCallbackState > use_botan_crypto_backend(ESYS_CONTEXT *context, const std::shared_ptr< Botan::RandomNumberGenerator > &rng)

References BOTAN_STATE_CHECK, BOTAN_UNUSED, Context(), esys_context(), use_botan_crypto_backend(), Botan::TPM2::use_botan_crypto_backend(), and uses_botan_crypto_backend().

Referenced by operator=(), and use_botan_crypto_backend().

◆ uses_botan_crypto_backend()

bool Botan::TPM2::Context::uses_botan_crypto_backend ( ) const
noexcept
Returns
true if botan is used for the TSS' crypto functions

Definition at line 108 of file tpm2_context.cpp.

108 {
109#if defined(BOTAN_HAS_TPM2_CRYPTO_BACKEND)
110 return m_impl->m_crypto_callback_state != nullptr;
111#else
112 return false;
113#endif
114}

Referenced by operator=(), use_botan_crypto_backend(), and ~Context().

◆ vendor()

std::string Botan::TPM2::Context::vendor ( ) const
Returns
the Vendor of the TPM2

Definition at line 207 of file tpm2_context.cpp.

207 {
208 constexpr std::array properties = {
209 TPM2_PT_VENDOR_STRING_1, TPM2_PT_VENDOR_STRING_2, TPM2_PT_VENDOR_STRING_3, TPM2_PT_VENDOR_STRING_4};
210 std::array<uint8_t, properties.size() * 4 + 1 /* ensure zero-termination */> vendor_string{};
211
212 BufferStuffer bs(vendor_string);
213
214 // The vendor name is transported in several uint32_t fields that are
215 // loaded as big-endian bytes and concatenated to form the vendor string.
216 for(auto prop : properties) {
217 bs.append(store_be(get_tpm_property(m_impl->m_ctx, prop)));
218 }
219
220 BOTAN_ASSERT_NOMSG(bs.remaining_capacity() == 1); // the ensured zero-termination
221 return std::string(cast_uint8_ptr_to_char(vendor_string.data()));
222}

References Botan::BufferStuffer::append(), BOTAN_ASSERT_NOMSG, Botan::cast_uint8_ptr_to_char(), Botan::BufferStuffer::remaining_capacity(), and Botan::store_be().


The documentation for this class was generated from the following files: