Botan 3.7.1
Crypto and TLS for C&
Botan::TPM2::Context Class Referencefinal

#include <tpm2_context.h>

Inheritance diagram for Botan::TPM2::Context:

Public Member Functions

 Context (const Context &)=delete
 
 Context (Context &&) noexcept
 
ESYS_CONTEXT * esys_context () noexcept
 
void evict (std::unique_ptr< TPM2::PrivateKey > key, const SessionBundle &sessions)
 Evicts a persistent key from the TPM. The key cannot be used after.
 
std::optional< TPM2_HANDLEfind_free_persistent_handle () const
 
std::string manufacturer () const
 
size_t max_random_bytes_per_request () const
 
 operator ESYS_CONTEXT * () noexcept
 
Contextoperator= (const Context &)=delete
 
Contextoperator= (Context &&) noexcept
 
TPM2_HANDLE persist (TPM2::PrivateKey &key, const SessionBundle &sessions, std::span< const uint8_t > auth_value={}, std::optional< TPM2_HANDLE > persistent_handle=std::nullopt)
 Makes key persistent at location persistent_handle or any free.
 
std::vector< TPM2_HANDLEpersistent_handles () const
 
std::unique_ptr< TPM2::PrivateKeystorage_root_key (std::span< const uint8_t > auth_value, const SessionBundle &sessions)
 
bool supports_algorithm (std::string_view algo_name) const
 
std::vector< ESYS_TRtransient_handles () const
 
void use_botan_crypto_backend (const std::shared_ptr< Botan::RandomNumberGenerator > &rng)
 
bool uses_botan_crypto_backend () const noexcept
 
std::string vendor () const
 
 ~Context ()
 

Static Public Member Functions

static std::shared_ptr< Contextcreate (const std::string &tcti_nameconf)
 
static std::shared_ptr< Contextcreate (ESYS_CONTEXT *ctx)
 
static std::shared_ptr< Contextcreate (std::optional< std::string > tcti={}, std::optional< std::string > conf={})
 
static bool supports_botan_crypto_backend () noexcept
 

Detailed Description

Central class for interacting with a TPM2. Additional to managing the connection to the TPM, this provides authorative information about the TPM's capabilities. Also, it allows to persist and evict keys generated by the TPM.

Definition at line 39 of file tpm2_context.h.

Constructor & Destructor Documentation

◆ Context() [1/2]

Botan::TPM2::Context::Context ( const Context & )
delete

Referenced by create(), create(), and create().

◆ Context() [2/2]

Botan::TPM2::Context::Context ( Context && )
defaultnoexcept

◆ ~Context()

Botan::TPM2::Context::~Context ( )

Definition at line 418 of file tpm2_context.cpp.

418 {
419 if(!m_impl) {
420 return;
421 }
422
423#if defined(BOTAN_HAS_TPM2_CRYPTO_BACKEND)
424 // If this object manages a crypto backend state object and the ESYS context
425 // will live on, because it was externally provided, we have to de-register
426 // this state object from the crypto callbacks.
427 //
428 // This will prevent the crypto backend callbacks from using a dangling
429 // pointer and cause graceful errors if the externally provided ESYS context
430 // is used for any action that would still need the crypto backend state.
431 //
432 // We deliberately do not just disable the crypto backend silently, as that
433 // might give users the false impression that they continue to benefit from
434 // the crypto backend while in fact they're back to the TSS' default.
435 if(m_impl->m_external && uses_botan_crypto_backend()) {
436 try {
437 set_crypto_callbacks(esys_context(), nullptr /* reset callback state */);
438 } catch(...) {
439 // ignore errors in destructor
440 }
441 m_impl->m_crypto_callback_state.reset();
442 }
443#endif
444
445 // We don't finalize contexts that were provided externally. Those are
446 // expected to be handled by the library users' applications.
447 if(!m_impl->m_external) {
448 // If the TCTI context was initialized explicitly, Esys_GetTcti() will
449 // return a pointer to the TCTI context that then has to be finalized
450 // explicitly. See ESAPI Specification Section 6.3 "Esys_GetTcti".
451 TSS2_TCTI_CONTEXT* tcti_ctx = nullptr;
452 Esys_GetTcti(m_impl->m_ctx, &tcti_ctx); // ignore error in destructor
453 if(tcti_ctx != nullptr) {
454 Tss2_TctiLdr_Finalize(&tcti_ctx);
455 }
456
457 Esys_Finalize(&m_impl->m_ctx);
458 }
459}
ESYS_CONTEXT * esys_context() noexcept
bool uses_botan_crypto_backend() const noexcept
void set_crypto_callbacks(ESYS_CONTEXT *ctx, void *callback_state)

References esys_context(), Botan::TPM2::set_crypto_callbacks(), and uses_botan_crypto_backend().

Member Function Documentation

◆ create() [1/3]

std::shared_ptr< Context > Botan::TPM2::Context::create ( const std::string & tcti_nameconf)
static
Parameters
tcti_nameconfthis is passed to Tss2_TctiLdr_Initialize verbatim

Definition at line 55 of file tpm2_context.cpp.

55 {
56 const auto nameconf_ptr = tcti_nameconf.c_str();
57
58 TSS2_TCTI_CONTEXT* tcti_ctx = nullptr;
59 ESYS_CONTEXT* esys_ctx = nullptr;
60 check_rc("TCTI Initialization", Tss2_TctiLdr_Initialize(nameconf_ptr, &tcti_ctx));
61 BOTAN_ASSERT_NONNULL(tcti_ctx);
62 check_rc("TPM2 Initialization", Esys_Initialize(&esys_ctx, tcti_ctx, nullptr /* ABI version */));
63 BOTAN_ASSERT_NONNULL(esys_ctx);
64
65 // We cannot std::make_shared as the constructor is private
66 return std::shared_ptr<Context>(new Context(esys_ctx, false /* context is managed by us */));
67}
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:86
Context(const Context &)=delete
constexpr void check_rc(std::string_view location, TSS2_RC rc)
Definition tpm2_util.h:54

References BOTAN_ASSERT_NONNULL, Botan::TPM2::check_rc(), and Context().

Referenced by botan_tpm2_ctx_from_esys(), botan_tpm2_ctx_init(), and botan_tpm2_ctx_init_ex().

◆ create() [2/3]

std::shared_ptr< Context > Botan::TPM2::Context::create ( ESYS_CONTEXT * ctx)
static

Create a TPM2::Context from an externally sourced TPM2-TSS ESYS Context. Note that the input contexts need to remain alive for the lifetime of the entire TPM2::Context! This allows to use Botan's TPM2 functionality within an exising ESAPI application.

Note that Botan won't finalize an externally provided ESYS context, this responsibility remains with the caller in this case.

Parameters
ctxthe already set up ESYS_CONTEXT*

Definition at line 84 of file tpm2_context.cpp.

84 {
85 BOTAN_ARG_CHECK(esys_ctx != nullptr, "provided esys_ctx must not be null");
86
87 // We cannot std::make_shared as the constructor is private
88 return std::shared_ptr<Context>(new Context(esys_ctx, true /* context is managed externally */));
89}
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29

References BOTAN_ARG_CHECK, and Context().

◆ create() [3/3]

std::shared_ptr< Context > Botan::TPM2::Context::create ( std::optional< std::string > tcti = {},
std::optional< std::string > conf = {} )
static
Parameters
tctiif set this is passed to Tss2_TctiLdr_Initialize_Ex verbatim otherwise a nullptr is passed.
confif set this is passed to Tss2_TctiLdr_Initialize_Ex verbatim otherwise a nullptr is passed.

Definition at line 69 of file tpm2_context.cpp.

69 {
70 const auto tcti_ptr = tcti.has_value() ? tcti->c_str() : nullptr;
71 const auto conf_ptr = conf.has_value() ? conf->c_str() : nullptr;
72
73 TSS2_TCTI_CONTEXT* tcti_ctx = nullptr;
74 ESYS_CONTEXT* esys_ctx = nullptr;
75 check_rc("TCTI Initialization", Tss2_TctiLdr_Initialize_Ex(tcti_ptr, conf_ptr, &tcti_ctx));
76 BOTAN_ASSERT_NONNULL(tcti_ctx);
77 check_rc("TPM2 Initialization", Esys_Initialize(&esys_ctx, tcti_ctx, nullptr /* ABI version */));
78 BOTAN_ASSERT_NONNULL(esys_ctx);
79
80 // We cannot std::make_shared as the constructor is private
81 return std::shared_ptr<Context>(new Context(esys_ctx, false /* context is managed by us */));
82}

References BOTAN_ASSERT_NONNULL, Botan::TPM2::check_rc(), and Context().

◆ esys_context()

ESYS_CONTEXT * Botan::TPM2::Context::esys_context ( )
noexcept
Returns
an ESYS_CONTEXT* for use in other TPM2 functions.

Definition at line 125 of file tpm2_context.cpp.

125 {
126 return m_impl->m_ctx;
127}

Referenced by ~Context().

◆ evict()

void Botan::TPM2::Context::evict ( std::unique_ptr< TPM2::PrivateKey > key,
const SessionBundle & sessions )

Evicts a persistent key from the TPM. The key cannot be used after.

Definition at line 392 of file tpm2_context.cpp.

392 {
394
395 auto& handles = key->handles();
396 BOTAN_ARG_CHECK(handles.has_persistent_handle(), "Key does not have a persistent handle assigned");
397
398 // 1. Evict the key from the TPM's NV storage
399 // This will free the persistent handle, but the transient handle will
400 // still be valid.
401 ESYS_TR no_new_handle = ESYS_TR_NONE;
402 check_rc("Esys_EvictControl",
403 Esys_EvictControl(m_impl->m_ctx,
404 ESYS_TR_RH_OWNER /*TODO: hierarchy*/,
405 handles.transient_handle(),
406 sessions[0],
407 sessions[1],
408 sessions[2],
409 0,
410 &no_new_handle));
411 BOTAN_ASSERT(no_new_handle == ESYS_TR_NONE, "When deleting a key, no new handle is returned");
412
413 // 2. The persistent key was deleted and the transient key was flushed by
414 // Esys_EvictControl().
415 handles._disengage();
416}
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:50
uint32_t ESYS_TR
Forward declaration of TSS2 type for convenience.

References BOTAN_ARG_CHECK, BOTAN_ASSERT, BOTAN_ASSERT_NONNULL, and Botan::TPM2::check_rc().

◆ find_free_persistent_handle()

std::optional< TPM2_HANDLE > Botan::TPM2::Context::find_free_persistent_handle ( ) const
Returns
a persistent handle that is currently not in use or std::nullopt if no such handle is available

Definition at line 307 of file tpm2_context.cpp.

307 {
308 const auto occupied_handles = persistent_handles();
309
310 // This is modeled after the implementation in tpm2-tools, which also takes
311 // "platform persistent" handles into account. We don't do that here, but
312 // we might need to in the future.
313 //
314 // See: https://github.com/tpm2-software/tpm2-tools/blob/bd832d3f79/lib/tpm2_capability.c#L143-L196
315
316 // all persistent handles are occupied
317 if(occupied_handles.size() >= TPM2_MAX_CAP_HANDLES) {
318 return std::nullopt;
319 }
320
321 // find the lowest handle that is not occupied
322 for(TPM2_HANDLE i = TPM2_PERSISTENT_FIRST; i < TPM2_PERSISTENT_LAST; ++i) {
323 if(!value_exists(occupied_handles, i)) {
324 return i;
325 }
326 }
327
329}
#define BOTAN_ASSERT_UNREACHABLE()
Definition assert.h:137
std::vector< TPM2_HANDLE > persistent_handles() const
bool value_exists(const std::vector< T > &vec, const OT &val)
Definition stl_util.h:60
uint32_t TPM2_HANDLE
Forward declaration of TSS2 type for convenience.

References BOTAN_ASSERT_UNREACHABLE, persistent_handles(), and Botan::value_exists().

Referenced by persist().

◆ manufacturer()

std::string Botan::TPM2::Context::manufacturer ( ) const
Returns
the Manufacturer of the TPM2

Definition at line 226 of file tpm2_context.cpp.

226 {
227 std::array<uint8_t, 4 + 1 /* ensure zero termination */> manufacturer_data{};
228 store_be(std::span{manufacturer_data}.first<4>(), get_tpm_property(m_impl->m_ctx, TPM2_PT_MANUFACTURER));
229 return std::string(cast_uint8_ptr_to_char(manufacturer_data.data()));
230}
const char * cast_uint8_ptr_to_char(const uint8_t *b)
Definition mem_ops.h:278
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:773

References Botan::cast_uint8_ptr_to_char(), and Botan::store_be().

◆ max_random_bytes_per_request()

size_t Botan::TPM2::Context::max_random_bytes_per_request ( ) const
Returns
the maximum number of random bytes to be requested at once

Definition at line 294 of file tpm2_context.cpp.

294 {
295 return get_tpm_property(m_impl->m_ctx, TPM2_PT_MAX_DIGEST);
296}

◆ operator ESYS_CONTEXT *()

Botan::TPM2::Context::operator ESYS_CONTEXT * ( )
inlinenoexcept

Definition at line 104 of file tpm2_context.h.

104{ return esys_context(); }

◆ operator=() [1/2]

Context & Botan::TPM2::Context::operator= ( const Context & )
delete

◆ operator=() [2/2]

Context & Botan::TPM2::Context::operator= ( Context && )
defaultnoexcept

◆ persist()

TPM2_HANDLE Botan::TPM2::Context::persist ( TPM2::PrivateKey & key,
const SessionBundle & sessions,
std::span< const uint8_t > auth_value = {},
std::optional< TPM2_HANDLE > persistent_handle = std::nullopt )

Makes key persistent at location persistent_handle or any free.

Definition at line 336 of file tpm2_context.cpp.

339 {
340 auto& handles = key.handles();
341
342 BOTAN_ARG_CHECK(!persistent_handle || !value_exists(persistent_handles(), persistent_handle.value()),
343 "Persistent handle already in use");
344 BOTAN_ARG_CHECK(!handles.has_persistent_handle(), "Key already has a persistent handle assigned");
345
346 // 1. Decide on the location to persist the key to.
347 // This uses either the handle provided by the caller or a free handle.
348 const TPMI_DH_PERSISTENT new_persistent_handle = [&] {
349 if(persistent_handle.has_value()) {
350 return persistent_handle.value();
351 } else {
352 const auto free_persistent_handle = find_free_persistent_handle();
353 BOTAN_STATE_CHECK(free_persistent_handle.has_value());
354 return free_persistent_handle.value();
355 }
356 }();
357
358 // 2. Persist the transient key in the TPM's NV storage
359 // This will flush the transient key handle and replace it with a new
360 // transient handle that references the persisted key.
361 check_rc("Esys_EvictControl",
362 Esys_EvictControl(m_impl->m_ctx,
363 ESYS_TR_RH_OWNER /*TODO: hierarchy*/,
364 handles.transient_handle(),
365 sessions[0],
366 sessions[1],
367 sessions[2],
368 new_persistent_handle,
369 out_transient_handle(handles)));
370 BOTAN_ASSERT_NOMSG(handles.has_transient_handle());
371
372 // 3. Reset the auth value of the key object
373 // This is necessary to ensure that the key object remains usable after
374 // the transient handle was recreated inside Esys_EvictControl().
375 if(!auth_value.empty()) {
376 const auto user_auth = copy_into<TPM2B_AUTH>(auth_value);
377 check_rc("Esys_TR_SetAuth", Esys_TR_SetAuth(m_impl->m_ctx, handles.transient_handle(), &user_auth));
378 }
379
380 // 4. Update the key object with the new persistent handle
381 // This double-checks that the key was persisted at the correct location,
382 // but also brings the key object into a consistent state.
383 check_rc("Esys_TR_GetTpmHandle",
384 Esys_TR_GetTpmHandle(m_impl->m_ctx, handles.transient_handle(), out_persistent_handle(handles)));
385
386 BOTAN_ASSERT_NOMSG(handles.has_persistent_handle());
387 BOTAN_ASSERT_EQUAL(new_persistent_handle, handles.persistent_handle(), "key was persisted at the correct location");
388
389 return new_persistent_handle;
390}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:41
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition assert.h:68
std::optional< TPM2_HANDLE > find_free_persistent_handle() const
constexpr auto out_persistent_handle(Object &object)
Definition tpm2_util.h:223
constexpr auto out_transient_handle(Object &object)
Definition tpm2_util.h:217
constexpr void copy_into(T &dest, std::span< const uint8_t > data)
Definition tpm2_util.h:117

References BOTAN_ARG_CHECK, BOTAN_ASSERT_EQUAL, BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, Botan::TPM2::check_rc(), Botan::TPM2::copy_into(), find_free_persistent_handle(), Botan::TPM2::PrivateKey::handles(), Botan::TPM2::out_persistent_handle(), Botan::TPM2::out_transient_handle(), persistent_handles(), and Botan::value_exists().

◆ persistent_handles()

std::vector< TPM2_HANDLE > Botan::TPM2::Context::persistent_handles ( ) const

Definition at line 331 of file tpm2_context.cpp.

331 {
332 return get_tpm_property_list<TPM2_CAP_HANDLES, TPM2_HANDLE>(
333 m_impl->m_ctx, TPM2_PERSISTENT_FIRST, TPM2_MAX_CAP_HANDLES);
334}

Referenced by find_free_persistent_handle(), and persist().

◆ storage_root_key()

std::unique_ptr< TPM2::PrivateKey > Botan::TPM2::Context::storage_root_key ( std::span< const uint8_t > auth_value,
const SessionBundle & sessions )

Definition at line 298 of file tpm2_context.cpp.

299 {
300 return TPM2::PrivateKey::load_persistent(shared_from_this(), storage_root_key_handle, auth_value, sessions);
301}
static std::unique_ptr< PrivateKey > load_persistent(const std::shared_ptr< Context > &ctx, TPM2_HANDLE persistent_object_handle, std::span< const uint8_t > auth_value, const SessionBundle &sessions)
Definition tpm2_key.cpp:177

References Botan::TPM2::PrivateKey::load_persistent().

◆ supports_algorithm()

bool Botan::TPM2::Context::supports_algorithm ( std::string_view algo_name) const

The algo_name can be any of the string algorithm specifiers used elsewhere. For example, "RSA", "AES-128", "SHA-1", "CTR(3DES)", etc.

Returns
true if the specified algorithm is supported by the TPM

Definition at line 232 of file tpm2_context.cpp.

232 {
233 // Go through all the string mappings we have available and check if we
234 // can find the algorithm name in any of them. If we do, we can check if
235 // the TPM supports the required algorithms.
236 const auto required_alg_ids = [&]() -> std::vector<TPM2_ALG_ID> {
237 std::vector<TPM2_ALG_ID> result;
238 if(auto algo_id = asymmetric_algorithm_botan_to_tss2(algo_name)) {
239 result.push_back(algo_id.value());
240 }
241
242 if(auto hash_id = hash_algo_botan_to_tss2(algo_name)) {
243 result.push_back(hash_id.value());
244 }
245
246 if(auto block_id = block_cipher_botan_to_tss2(algo_name)) {
247 result.push_back(block_id->first);
248 }
249
250 if(auto cipher_mode_id = cipher_mode_botan_to_tss2(algo_name)) {
251 result.push_back(cipher_mode_id.value());
252 }
253
254 if(auto cipher_spec = cipher_botan_to_tss2(algo_name)) {
255 result.push_back(cipher_spec->algorithm);
256 result.push_back(cipher_spec->mode.sym);
257 }
258
259 if(auto sig_padding = rsa_signature_padding_botan_to_tss2(algo_name)) {
260 result.push_back(sig_padding.value());
261 }
262
263 if(auto sig = rsa_signature_scheme_botan_to_tss2(algo_name)) {
264 result.push_back(sig->scheme);
265 result.push_back(sig->details.any.hashAlg);
266 }
267
268 if(auto enc_scheme = rsa_encryption_scheme_botan_to_tss2(algo_name)) {
269 result.push_back(enc_scheme->scheme);
270 if(enc_scheme->scheme == TPM2_ALG_OAEP) {
271 result.push_back(enc_scheme->details.oaep.hashAlg);
272 }
273 }
274
275 if(auto enc_id = rsa_encryption_padding_botan_to_tss2(algo_name)) {
276 result.push_back(enc_id.value());
277 }
278
279 return result;
280 }();
281
282 if(required_alg_ids.empty()) {
283 // The algorithm name is not known to us, so we cannot check for support.
284 return false;
285 }
286
287 const auto algo_caps =
288 get_tpm_property_list<TPM2_CAP_ALGS, TPM2_ALG_ID>(m_impl->m_ctx, TPM2_ALG_FIRST, TPM2_MAX_CAP_ALGS);
289
290 return std::all_of(
291 required_alg_ids.begin(), required_alg_ids.end(), [&](TPM2_ALG_ID id) { return value_exists(algo_caps, id); });
292}
std::optional< TPMT_SIG_SCHEME > rsa_signature_scheme_botan_to_tss2(std::string_view name)
std::optional< TPMI_ALG_SIG_SCHEME > rsa_signature_padding_botan_to_tss2(std::string_view padding_name) noexcept
std::optional< TPMI_ALG_ASYM_SCHEME > rsa_encryption_padding_botan_to_tss2(std::string_view name) noexcept
std::optional< std::pair< TPMI_ALG_SYM, TPM2_KEY_BITS > > block_cipher_botan_to_tss2(std::string_view cipher_name) noexcept
std::optional< TPMT_SYM_DEF > cipher_botan_to_tss2(std::string_view algo_name)
std::optional< TPMT_RSA_DECRYPT > rsa_encryption_scheme_botan_to_tss2(std::string_view padding)
std::optional< TPMI_ALG_HASH > hash_algo_botan_to_tss2(std::string_view hash_name) noexcept
std::optional< TPM2_ALG_ID > asymmetric_algorithm_botan_to_tss2(std::string_view algo_name) noexcept
std::optional< TPMI_ALG_SYM_MODE > cipher_mode_botan_to_tss2(std::string_view mode_name) noexcept

References Botan::TPM2::asymmetric_algorithm_botan_to_tss2(), Botan::TPM2::block_cipher_botan_to_tss2(), Botan::TPM2::cipher_botan_to_tss2(), Botan::TPM2::cipher_mode_botan_to_tss2(), Botan::TPM2::hash_algo_botan_to_tss2(), Botan::TPM2::rsa_encryption_padding_botan_to_tss2(), Botan::TPM2::rsa_encryption_scheme_botan_to_tss2(), Botan::TPM2::rsa_signature_padding_botan_to_tss2(), and Botan::TPM2::rsa_signature_scheme_botan_to_tss2().

◆ supports_botan_crypto_backend()

bool Botan::TPM2::Context::supports_botan_crypto_backend ( )
staticnoexcept

Checks if the TSS2 supports registering Botan's crypto backend at runtime. Older versions of the TSS2 do not support this feature ( 4.0.0), also Botan may be compiled without support for TSS' crypto backend.

Returns
true if the TSS2 supports Botan's crypto backend

Definition at line 47 of file tpm2_context.cpp.

47 {
48#if defined(BOTAN_HAS_TPM2_CRYPTO_BACKEND)
50#else
51 return false;
52#endif
53}
bool supports_botan_crypto_backend() noexcept

References Botan::TPM2::supports_botan_crypto_backend().

Referenced by botan_tpm2_supports_crypto_backend().

◆ transient_handles()

std::vector< ESYS_TR > Botan::TPM2::Context::transient_handles ( ) const

Definition at line 303 of file tpm2_context.cpp.

303 {
304 return get_tpm_property_list<TPM2_CAP_HANDLES, ESYS_TR>(m_impl->m_ctx, TPM2_TRANSIENT_FIRST, TPM2_MAX_CAP_HANDLES);
305}

◆ use_botan_crypto_backend()

void Botan::TPM2::Context::use_botan_crypto_backend ( const std::shared_ptr< Botan::RandomNumberGenerator > & rng)

Overrides the TSS2's crypto callbacks with Botan's functionality.

This replaces all cryptographic functionality required for the communication with the TPM by botan's implementations. The TSS2 would otherwise use OpenSSL or mbedTLS.

Note that the provided rng should not be dependent on the TPM.

Parameters
rngthe RNG to use for the crypto operations
Exceptions
Not_Implementedif the TPM2-TSS does not support crypto callbacks
See also
supports_botan_crypto_backend()

Definition at line 100 of file tpm2_context.cpp.

100 {
101#if defined(BOTAN_HAS_TPM2_CRYPTO_BACKEND)
103 m_impl->m_crypto_callback_state = Botan::TPM2::use_botan_crypto_backend(esys_context(), rng);
104#else
105 BOTAN_UNUSED(rng);
106 throw Not_Implemented("This build of botan does not provide the TPM2 crypto backend");
107#endif
108}
#define BOTAN_UNUSED
Definition assert.h:118
std::unique_ptr< CryptoCallbackState > use_botan_crypto_backend(ESYS_CONTEXT *context, const std::shared_ptr< Botan::RandomNumberGenerator > &rng)

References BOTAN_STATE_CHECK, BOTAN_UNUSED, and Botan::TPM2::use_botan_crypto_backend().

◆ uses_botan_crypto_backend()

bool Botan::TPM2::Context::uses_botan_crypto_backend ( ) const
noexcept
Returns
true if botan is used for the TSS' crypto functions

Definition at line 110 of file tpm2_context.cpp.

110 {
111#if defined(BOTAN_HAS_TPM2_CRYPTO_BACKEND)
112 return m_impl->m_crypto_callback_state != nullptr;
113#else
114 return false;
115#endif
116}

Referenced by ~Context().

◆ vendor()

std::string Botan::TPM2::Context::vendor ( ) const
Returns
the Vendor of the TPM2

Definition at line 209 of file tpm2_context.cpp.

209 {
210 constexpr std::array properties = {
211 TPM2_PT_VENDOR_STRING_1, TPM2_PT_VENDOR_STRING_2, TPM2_PT_VENDOR_STRING_3, TPM2_PT_VENDOR_STRING_4};
212 std::array<uint8_t, properties.size() * 4 + 1 /* ensure zero-termination */> vendor_string{};
213
214 BufferStuffer bs(vendor_string);
215
216 // The vendor name is transported in several uint32_t fields that are
217 // loaded as big-endian bytes and concatenated to form the vendor string.
218 for(auto prop : properties) {
219 bs.append(store_be(get_tpm_property(m_impl->m_ctx, prop)));
220 }
221
222 BOTAN_ASSERT_NOMSG(bs.remaining_capacity() == 1); // the ensured zero-termination
223 return std::string(cast_uint8_ptr_to_char(vendor_string.data()));
224}

References Botan::BufferStuffer::append(), BOTAN_ASSERT_NOMSG, Botan::cast_uint8_ptr_to_char(), Botan::BufferStuffer::remaining_capacity(), and Botan::store_be().


The documentation for this class was generated from the following files: