#include <tpm2_rsa.h>

Inheritance diagram for Botan::TPM2::RSA_PrivateKey:

Public Member Functions
std::string	algo_name () const override

AlgorithmIdentifier	algorithm_identifier () const override

bool	check_key (RandomNumberGenerator &rng, bool) const override

std::unique_ptr< PK_Ops::Decryption >	create_decryption_op (Botan::RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override

std::unique_ptr< PK_Ops::Encryption >	create_encryption_op (RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override

virtual std::unique_ptr< PK_Ops::KEM_Decryption >	create_kem_decryption_op (RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const

std::unique_ptr< PK_Ops::KEM_Encryption >	create_kem_encryption_op (std::string_view params, std::string_view provider) const override

virtual std::unique_ptr< PK_Ops::Key_Agreement >	create_key_agreement_op (RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const

std::unique_ptr< PK_Ops::Signature >	create_signature_op (Botan::RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override

std::unique_ptr< PK_Ops::Verification >	create_verification_op (std::string_view params, std::string_view provider) const override

std::unique_ptr< PK_Ops::Verification >	create_x509_verification_op (const AlgorithmIdentifier &alg_id, std::string_view provider) const override

virtual Signature_Format	default_x509_signature_format () const

size_t	estimated_strength () const override

std::string	fingerprint_private (std::string_view alg) const

std::string	fingerprint_public (std::string_view alg="SHA-256") const

std::unique_ptr< Private_Key >	generate_another (RandomNumberGenerator &rng) const override

const BigInt &	get_e () const

const BigInt &	get_int_field (std::string_view field) const override

const BigInt &	get_n () const

OID	get_oid () const

Object &	handles ()

const Object &	handles () const

bool	is_parent () const

size_t	key_length () const override

virtual size_t	message_part_size () const

virtual size_t	message_parts () const

virtual OID	object_identifier () const

virtual AlgorithmIdentifier	pkcs8_algorithm_identifier () const

secure_vector< uint8_t >	private_key_bits () const override

secure_vector< uint8_t >	private_key_info () const

std::shared_ptr< const RSA_Public_Data >	public_data () const

std::unique_ptr< Public_Key >	public_key () const override

std::vector< uint8_t >	public_key_bits () const override

secure_vector< uint8_t >	raw_private_key_bits () const override

std::vector< uint8_t >	raw_public_key_bits () const override

virtual std::optional< uint64_t >	remaining_operations () const
	Retrieves the number of remaining operations if this is a stateful private key.

const SessionBundle &	sessions () const

virtual bool	stateful_operation () const

std::vector< uint8_t >	subject_public_key () const

bool	supports_operation (PublicKeyOperation op) const override

Static Public Member Functions
static std::unique_ptr< PrivateKey >	create_transient_from_template (const std::shared_ptr< Context > &ctx, const SessionBundle &sessions, ESYS_TR parent, const TPMT_PUBLIC &key_template, const TPM2B_SENSITIVE_CREATE &sensitive_data)

static std::unique_ptr< TPM2::PrivateKey >	create_unrestricted_transient (const std::shared_ptr< Context > &ctx, const SessionBundle &sessions, std::span< const uint8_t > auth_value, const TPM2::PrivateKey &parent, uint16_t keylength, std::optional< uint32_t > exponent={})

static std::unique_ptr< PrivateKey >	load_persistent (const std::shared_ptr< Context > &ctx, TPM2_HANDLE persistent_object_handle, std::span< const uint8_t > auth_value, const SessionBundle &sessions)

static std::unique_ptr< PrivateKey >	load_transient (const std::shared_ptr< Context > &ctx, std::span< const uint8_t > auth_value, const TPM2::PrivateKey &parent, std::span< const uint8_t > public_blob, std::span< const uint8_t > private_blob, const SessionBundle &sessions)

Protected Member Functions
void	init (BigInt &&n, BigInt &&e)

	RSA_PrivateKey (Object handle, SessionBundle sessions, const TPM2B_PUBLIC *public_blob, std::span< const uint8_t > private_blob={})

Static Protected Member Functions
static std::unique_ptr< PrivateKey >	create (Object handles, const SessionBundle &sessions, const TPM2B_PUBLIC *public_info, std::span< const uint8_t > private_blob)

Protected Attributes
std::shared_ptr< const RSA_Public_Data >	m_public

Friends
class	TPM2::PrivateKey

Detailed Description

Definition at line 45 of file tpm2_rsa.h.

Constructor & Destructor Documentation

◆ RSA_PrivateKey()

Botan::TPM2::RSA_PrivateKey::RSA_PrivateKey	(	Object	handle,
		SessionBundle	sessions,
		const TPM2B_PUBLIC *	public_blob,
		std::span< const uint8_t >	private_blob = {} )

protected

Definition at line 33 of file tpm2_rsa.cpp.

                                                                    :
      Botan::TPM2::PrivateKey(std::move(handle), std::move(session_bundle), private_blob),
      Botan::RSA_PublicKey(rsa_pubkey_from_tss2_public(public_blob)) {}

Member Function Documentation

◆ algo_name()

std::string Botan::RSA_PublicKey::algo_name ( ) const

inlineoverridevirtualinherited

Get the name of the underlying public key scheme.

Returns: name of the public key scheme

Implements Botan::Asymmetric_Key.

Definition at line 41 of file rsa.h.

41{ return "RSA"; }

◆ algorithm_identifier()

AlgorithmIdentifier Botan::RSA_PublicKey::algorithm_identifier ( ) const

overridevirtualinherited

Returns: X.509 AlgorithmIdentifier for this key

Implements Botan::Public_Key.

Definition at line 177 of file rsa.cpp.

                                                              {
   return AlgorithmIdentifier(object_identifier(), AlgorithmIdentifier::USE_NULL_PARAM);
}

References Botan::Asymmetric_Key::object_identifier(), and Botan::AlgorithmIdentifier::USE_NULL_PARAM.

◆ check_key()

bool Botan::RSA_PublicKey::check_key	(	RandomNumberGenerator &	rng,
		bool	) const

overridevirtualinherited

Implements Botan::Public_Key.

Definition at line 196 of file rsa.cpp.

                                                                    {
   if(get_n() < 35 || get_n().is_even() || get_e() < 3 || get_e().is_even()) {
      return false;
   }
   return true;
}

References Botan::RSA_PublicKey::get_e(), and Botan::RSA_PublicKey::get_n().

◆ create()

std::unique_ptr< PrivateKey > Botan::TPM2::PrivateKey::create	(	Object	handles,
		const SessionBundle &	sessions,
		const TPM2B_PUBLIC *	public_info,
		std::span< const uint8_t >	private_blob )

staticprotectedinherited

Definition at line 291 of file tpm2_key.cpp.

                                                                                                     {
   if(!public_info) {
      public_info = handles._public_info(sessions).pub.get();
   }
 
#if defined(BOTAN_HAS_TPM2_RSA_ADAPTER)
   if(public_info->publicArea.type == TPM2_ALG_RSA) {
      return std::unique_ptr<RSA_PrivateKey>(
         new RSA_PrivateKey(std::move(handles), sessions, public_info, private_blob));
   }
#endif
 
#if defined(BOTAN_HAS_TPM2_ECC_ADAPTER)
   if(public_info->publicArea.type == TPM2_ALG_ECC) {
      return std::unique_ptr<EC_PrivateKey>(new EC_PrivateKey(std::move(handles), sessions, public_info, private_blob));
   }
#endif
 
   throw Not_Implemented(Botan::fmt("Loaded a {} private key of an unsupported type",
                                    handles.has_persistent_handle() ? "persistent" : "transient"));
}

References Botan::TPM2::Object::_public_info(), Botan::fmt(), Botan::TPM2::PrivateKey::handles(), Botan::TPM2::Object::has_persistent_handle(), Botan::TPM2::PublicInfo::pub, and Botan::TPM2::PrivateKey::sessions().

Referenced by Botan::TPM2::PrivateKey::create_transient_from_template(), Botan::TPM2::PrivateKey::load_persistent(), and Botan::TPM2::PrivateKey::load_transient().

◆ create_decryption_op()

std::unique_ptr< PK_Ops::Decryption > Botan::TPM2::RSA_PrivateKey::create_decryption_op	(	Botan::RandomNumberGenerator &	rng,
		std::string_view	params,
		std::string_view	provider ) const

overridevirtual

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return an decryption operation for this key/params or throw

Parameters

rng	a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
params	additional parameters
provider	the provider to use

Reimplemented from Botan::Private_Key.

Definition at line 384 of file tpm2_rsa.cpp.

                                                                                                        {
   BOTAN_UNUSED(rng, provider);
   return std::make_unique<RSA_Decryption_Operation>(handles(), sessions(), params);
}

References BOTAN_UNUSED, Botan::TPM2::PrivateKey::handles(), and Botan::TPM2::PrivateKey::sessions().

◆ create_encryption_op()

std::unique_ptr< PK_Ops::Encryption > Botan::RSA_PublicKey::create_encryption_op	(	RandomNumberGenerator &	rng,
		std::string_view	params,
		std::string_view	provider ) const

overridevirtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return an encryption operation for this key/params or throw

Parameters

rng	a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
params	additional parameters
provider	the provider to use

Reimplemented from Botan::Public_Key.

Reimplemented in Botan::TPM2::RSA_PublicKey.

Definition at line 715 of file rsa.cpp.

                                                                                                       {
   if(provider == "base" || provider.empty()) {
      return std::make_unique<RSA_Encryption_Operation>(*this, params);
   }
   throw Provider_Not_Found(algo_name(), provider);
}

◆ create_kem_decryption_op()

std::unique_ptr< PK_Ops::KEM_Decryption > Botan::Private_Key::create_kem_decryption_op	(	RandomNumberGenerator &	rng,
		std::string_view	params,
		std::string_view	provider ) const

virtualinherited

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a KEM decryption operation for this key/params or throw

Parameters

rng	a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
params	additional parameters
provider	the provider to use

Reimplemented in Botan::FrodoKEM_PrivateKey, Botan::Kyber_PrivateKey, Botan::McEliece_PrivateKey, Botan::RSA_PrivateKey, Botan::TLS::Hybrid_KEM_PrivateKey, and Botan::TLS::KEX_to_KEM_Adapter_PrivateKey.

Definition at line 117 of file pk_keys.cpp.

                                                                                                      {
   throw Lookup_Error(fmt("{} does not support KEM decryption", algo_name()));
}

References Botan::Asymmetric_Key::algo_name(), and Botan::fmt().

Referenced by Botan::PK_KEM_Decryptor::PK_KEM_Decryptor().

◆ create_kem_encryption_op()

std::unique_ptr< PK_Ops::KEM_Encryption > Botan::RSA_PublicKey::create_kem_encryption_op	(	std::string_view	params,
		std::string_view	provider ) const

overridevirtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return a KEM encryption operation for this key/params or throw

Parameters

params	additional parameters
provider	the provider to use

Reimplemented from Botan::Public_Key.

Definition at line 724 of file rsa.cpp.

                                                                                                               {
   if(provider == "base" || provider.empty()) {
      return std::make_unique<RSA_KEM_Encryption_Operation>(*this, params);
   }
   throw Provider_Not_Found(algo_name(), provider);
}

◆ create_key_agreement_op()

std::unique_ptr< PK_Ops::Key_Agreement > Botan::Private_Key::create_key_agreement_op	(	RandomNumberGenerator &	rng,
		std::string_view	params,
		std::string_view	provider ) const

virtualinherited

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a key agreement operation for this key/params or throw

Parameters

rng	a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
params	additional parameters
provider	the provider to use

Reimplemented in Botan::DH_PrivateKey, Botan::ECDH_PrivateKey, Botan::X25519_PrivateKey, and Botan::X448_PrivateKey.

Definition at line 129 of file pk_keys.cpp.

                                                                                                    {
   throw Lookup_Error(fmt("{} does not support key agreement", algo_name()));
}

References Botan::Asymmetric_Key::algo_name(), and Botan::fmt().

Referenced by Botan::PK_Key_Agreement::PK_Key_Agreement().

◆ create_signature_op()

std::unique_ptr< PK_Ops::Signature > Botan::TPM2::RSA_PrivateKey::create_signature_op	(	Botan::RandomNumberGenerator &	rng,
		std::string_view	params,
		std::string_view	provider ) const

overridevirtual

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a signature operation for this key/params or throw

Parameters

rng	a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
params	additional parameters
provider	the provider to use

Reimplemented from Botan::Private_Key.

Definition at line 370 of file tpm2_rsa.cpp.

                                                                                                      {
   BOTAN_UNUSED(rng, provider);
   return std::make_unique<RSA_Signature_Operation>(handles(), sessions(), params);
}

References BOTAN_UNUSED, Botan::TPM2::PrivateKey::handles(), and Botan::TPM2::PrivateKey::sessions().

◆ create_transient_from_template()

std::unique_ptr< PrivateKey > Botan::TPM2::PrivateKey::create_transient_from_template	(	const std::shared_ptr< Context > &	ctx,
		const SessionBundle &	sessions,
		ESYS_TR	parent,
		const TPMT_PUBLIC &	key_template,
		const TPM2B_SENSITIVE_CREATE &	sensitive_data )

staticinherited

This is a wrapper around Esys_CreateLoaded creating a transient key from a given key_template with sensitive_data. It gives maximal flexibility to the caller to create a key with their own TSS2 template configuration.

Please use this if you know what you are doing, only! Most users should use the more convenient create_transient() methods of the derived classes.

Parameters

ctx	The TPM context to use
sessions	The session bundle to use in Esys_CreateLoaded().
parent	The handle of the parent object to create the new key under (this may reference a "Primary Seed" to create a "Primary Key", a "Storage Parent" to create an "Ordinary Key", or a "Derivation Parent" to create a "Derived Key").
key_template	The template data to use for the key creation. It will be passed to Tss2_MU_TPMT_PUBLIC_Marshal() and Esys_CreateLoaded().
sensitive_data	The sensitive data (e.g. with the desired auth value) to use for the key creation.

Definition at line 220 of file tpm2_key.cpp.

                                                                                                                     {
   BOTAN_ASSERT_NONNULL(ctx);
 
   switch(key_template.type) {
      case TPM2_ALG_RSA:
#if not defined(BOTAN_HAS_TPM2_RSA_ADAPTER)
         throw Not_Implemented("TPM2-based RSA keys are not supported in this build");
#endif
         break;
      case TPM2_ALG_ECC:
#if not defined(BOTAN_HAS_TPM2_ECC_ADAPTER)
         throw Not_Implemented("TPM2-based ECC keys are not supported in this build");
#endif
         break;
      default:
         throw Invalid_Argument("Unsupported key type");
   }
 
   const auto marshalled_template = marshal_template(key_template);
 
   Object handle(ctx);
   unique_esys_ptr<TPM2B_PRIVATE> private_bytes;
   unique_esys_ptr<TPM2B_PUBLIC> public_info;
 
   // Esys_CreateLoaded can create different object types depending on the type
   // of the parent passed in. Namely, this will create a Primary object if the
   // parent is referencing a Primary Seed; an Ordinary Object if the parent is
   // referencing a Storage Parent; and a Derived Object if the parent is
   // referencing a Derivation Parent.
   //
   // See the Architecture Document, Section 27.1.
   check_rc("Esys_CreateLoaded",
            Esys_CreateLoaded(*ctx,
                              parent,
                              sessions[0],
                              sessions[1],
                              sessions[2],
                              &sensitive_data,
                              &marshalled_template,
                              out_transient_handle(handle),
                              out_ptr(private_bytes),
                              out_ptr(public_info)));
   BOTAN_ASSERT_NONNULL(private_bytes);
   BOTAN_ASSERT_NOMSG(public_info->publicArea.type == key_template.type);
   BOTAN_ASSERT_NOMSG(handle.has_transient_handle());
 
   return create(std::move(handle), sessions, public_info.get(), as_span(*private_bytes));
}

References Botan::TPM2::as_span(), BOTAN_ASSERT_NOMSG, BOTAN_ASSERT_NONNULL, Botan::TPM2::check_rc(), Botan::TPM2::PrivateKey::create(), Botan::TPM2::Object::has_transient_handle(), Botan::out_ptr(), Botan::TPM2::out_transient_handle(), and Botan::TPM2::PrivateKey::sessions().

Referenced by Botan::TPM2::EC_PrivateKey::create_unrestricted_transient(), and create_unrestricted_transient().

◆ create_unrestricted_transient()

std::unique_ptr< TPM2::PrivateKey > Botan::TPM2::RSA_PrivateKey::create_unrestricted_transient	(	const std::shared_ptr< Context > &	ctx,
		const SessionBundle &	sessions,
		std::span< const uint8_t >	auth_value,
		const TPM2::PrivateKey &	parent,
		uint16_t	keylength,
		std::optional< uint32_t >	exponent = {} )

static

Create a transient RSA key with the given keylength and exponent, under the given parent key, with the given auth_value. This key may be used for both signatures and data decryption. No restrictions on the utilized padding schemes are applied.

TODO: provide the user with some means to specify such restrictions:

allowed key use: sign, decrypt, sign+decrypt, x509sign
allowed padding schemes: PKCS1v1.5, OAEP, PSS
data restrictions ("restricted" field in TPMT_PUBLIC)
session authentication requirements (policy, user authentication, ...)
fixed to TPM, or fixed to parent?
...

Parameters

ctx	The TPM context to use
sessions	The session bundle to use in the creation of the key
auth_value	The auth value to use for the key
parent	The parent key to create the new key under
keylength	The desired key length
exponent	The desired exponent (default: 0x10001)

Definition at line 40 of file tpm2_rsa.cpp.

                                                                                                                {
   BOTAN_ARG_CHECK(parent.is_parent(), "The passed key cannot be used as a parent key");
 
   TPM2B_SENSITIVE_CREATE sensitive_data = {
      .size = 0,  // ignored
      .sensitive =
         {
            .userAuth = copy_into<TPM2B_AUTH>(auth_value),
 
            // Architecture Document, Section 25.2.3
            //   When an asymmetric key is created, the caller is not allowed to
            //   provide the sensitive data of the key.
            .data = init_empty<TPM2B_SENSITIVE_DATA>(),
         },
   };
 
   TPMT_PUBLIC key_template = {
      .type = TPM2_ALG_RSA,
 
      // This is the algorithm for fingerprinting the newly created public key.
      // For best compatibility we always use SHA-256.
      .nameAlg = TPM2_ALG_SHA256,
 
      // This sets up the key to be both a decryption and a signing key, forbids
      // its duplication (fixed_tpm, fixed_parent) and ensures that the key's
      // private portion can be used only by a user with an HMAC or password
      // session.
      .objectAttributes = ObjectAttributes::render({
         .fixed_tpm = true,
         .fixed_parent = true,
         .sensitive_data_origin = true,
         .user_with_auth = true,
         .decrypt = true,
         .sign_encrypt = true,
      }),
 
      // We currently do not support policy-based authorization
      .authPolicy = init_empty<TPM2B_DIGEST>(),
      .parameters =
         {
            .rsaDetail =
               {
                  // Structures Document (Part 2), Section 12.2.3.5
                  //   If the key is not a restricted decryption key, this field
                  //   shall be set to TPM_ALG_NULL.
                  //
                  // TODO: Once we stop supporting TSS < 4.0, we could use
                  //       `.keyBits = {.null = {}}, .mode = {.null = {}}`
                  //       which better reflects our intention here.
                  .symmetric =
                     {
                        .algorithm = TPM2_ALG_NULL,
                        .keyBits = {.sym = 0},
                        .mode = {.sym = TPM2_ALG_NULL},
                     },
 
                  // Structures Document (Part 2), Section 12.2.3.5
                  //   When both sign and decrypt are SET, restricted shall be
                  //   CLEAR and scheme shall be TPM_ALG_NULL
                  //
                  // TODO: Once we stop supporting TSS < 4.0, we could use
                  //       `.details = {.null = {}}`
                  //       which better reflects our intention here.
                  .scheme =
                     {
                        .scheme = TPM2_ALG_NULL,
                        .details = {.anySig = {.hashAlg = TPM2_ALG_NULL}},
                     },
                  .keyBits = keylength,
                  .exponent = exponent.value_or(0 /* default value - 2^16 + 1*/),
               },
         },
 
      // For creating an asymmetric key this value is not used.
      .unique = {.rsa = init_empty<TPM2B_PUBLIC_KEY_RSA>()},
   };
 
   return create_transient_from_template(
      ctx, sessions, parent.handles().transient_handle(), key_template, sensitive_data);
}

References BOTAN_ARG_CHECK, Botan::TPM2::copy_into(), Botan::TPM2::PrivateKey::create_transient_from_template(), Botan::TPM2::PrivateKey::handles(), Botan::TPM2::init_empty(), Botan::TPM2::PrivateKey::is_parent(), Botan::TPM2::ObjectAttributes::render(), Botan::TPM2::PrivateKey::sessions(), and Botan::TPM2::Object::transient_handle().

◆ create_verification_op()

std::unique_ptr< PK_Ops::Verification > Botan::RSA_PublicKey::create_verification_op	(	std::string_view	params,
		std::string_view	provider ) const

overridevirtualinherited

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a verification operation for this key/params or throw

Parameters

params	additional parameters
provider	the provider to use

Reimplemented from Botan::Public_Key.

Reimplemented in Botan::TPM2::RSA_PublicKey.

Definition at line 732 of file rsa.cpp.

                                                                                                           {
   if(provider == "base" || provider.empty()) {
      return std::make_unique<RSA_Verify_Operation>(*this, params);
   }
 
   throw Provider_Not_Found(algo_name(), provider);
}

◆ create_x509_verification_op()

std::unique_ptr< PK_Ops::Verification > Botan::RSA_PublicKey::create_x509_verification_op	(	const AlgorithmIdentifier &	signature_algorithm,
		std::string_view	provider ) const

overridevirtualinherited

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a verification operation for this combination of key and signature algorithm or throw.

Parameters

signature_algorithm	is the X.509 algorithm identifier encoding the padding scheme and hash hash function used in the signature if applicable.
provider	the provider to use

Reimplemented from Botan::Public_Key.

Definition at line 791 of file rsa.cpp.

                                                                                                                {
   if(provider == "base" || provider.empty()) {
      return std::make_unique<RSA_Verify_Operation>(*this, parse_rsa_signature_algorithm(alg_id));
   }
 
   throw Provider_Not_Found(algo_name(), provider);
}

◆ default_x509_signature_format()

virtual Signature_Format Botan::Public_Key::default_x509_signature_format ( ) const

inlinevirtualinherited

Reimplemented in Botan::GOST_3410_PublicKey.

Definition at line 201 of file pk_keys.h.

                                                                     {
         return (this->message_parts() >= 2) ? Signature_Format::DerSequence : Signature_Format::Standard;
      }

Referenced by Botan::X509_Object::choose_sig_format(), and Botan::PK_Verifier::PK_Verifier().

◆ estimated_strength()

size_t Botan::RSA_PublicKey::estimated_strength ( ) const

overridevirtualinherited

Return the estimated strength of the underlying key against the best currently known attack. Note that this ignores anything but pure attacks against the key itself and do not take into account padding schemes, usage mistakes, etc which might reduce the strength. However it does suffice to provide an upper bound.

Returns: estimated strength in bits

Implements Botan::Asymmetric_Key.

Definition at line 173 of file rsa.cpp.

                                               {
   return if_work_factor(key_length());
}

References Botan::if_work_factor(), and Botan::RSA_PublicKey::key_length().

◆ fingerprint_private()

std::string Botan::Private_Key::fingerprint_private ( std::string_view alg ) const

inherited

Returns: Hash of the PKCS #8 encoding for this key object

Definition at line 86 of file pk_keys.cpp.

                                                                         {
   return create_hex_fingerprint(private_key_bits(), hash_algo);
}

References Botan::create_hex_fingerprint(), and Botan::Private_Key::private_key_bits().

Referenced by Botan::Certificate_Store_In_SQL::find_certs_for_key(), Botan::Certificate_Store_In_SQL::insert_key(), and Botan::Certificate_Store_In_SQL::remove_key().

◆ fingerprint_public()

std::string Botan::Public_Key::fingerprint_public ( std::string_view alg = "SHA-256" ) const

inherited

Returns: Hash of the subject public key

Definition at line 79 of file pk_keys.cpp.

                                                                       {
   return create_hex_fingerprint(subject_public_key(), hash_algo);
}

References Botan::create_hex_fingerprint(), and Botan::Public_Key::subject_public_key().

◆ generate_another()

std::unique_ptr< Private_Key > Botan::RSA_PublicKey::generate_another ( RandomNumberGenerator & rng ) const

overridevirtualinherited

Generate another (cryptographically independent) key pair using the same algorithm parameters as this key. This is most useful for algorithms that support PublicKeyOperation::KeyAgreement to generate a fitting ephemeral key pair. For other key types it might throw Not_Implemented.

Implements Botan::Asymmetric_Key.

Reimplemented in Botan::TPM2::RSA_PublicKey.

Definition at line 132 of file rsa.cpp.

                                                                                           {
   return std::make_unique<RSA_PrivateKey>(rng, m_public->public_modulus_bits(), m_public->get_e().to_u32bit());
}

References Botan::RSA_PublicKey::m_public.

◆ get_e()

const BigInt & Botan::RSA_PublicKey::get_e ( ) const

inherited

Returns: public exponent

Definition at line 140 of file rsa.cpp.

                                         {
   return m_public->get_e();
}

References Botan::RSA_PublicKey::m_public.

Referenced by Botan::RSA_PrivateKey::check_key(), Botan::RSA_PublicKey::check_key(), Botan::RSA_PrivateKey::private_key_bits(), Botan::RSA_PrivateKey::public_key(), and Botan::RSA_PublicKey::public_key_bits().

◆ get_int_field()

const BigInt & Botan::RSA_PublicKey::get_int_field ( std::string_view field ) const

overridevirtualinherited

Access an algorithm specific field

If the field is not known for this algorithm, an Invalid_Argument is thrown. The interpretation of the result requires knowledge of which algorithm is involved. For instance for RSA "p" represents one of the secret primes, while for DSA "p" is the public prime.

Some algorithms may not implement this method at all.

This is primarily used to implement the FFI botan_pubkey_get_field and botan_privkey_get_field functions.

Reimplemented from Botan::Asymmetric_Key.

Definition at line 122 of file rsa.cpp.

                                                                     {
   if(field == "n") {
      return m_public->get_n();
   } else if(field == "e") {
      return m_public->get_e();
   } else {
      return Public_Key::get_int_field(field);
   }
}

References Botan::Asymmetric_Key::get_int_field(), and Botan::RSA_PublicKey::m_public.

Referenced by Botan::RSA_PrivateKey::get_int_field().

◆ get_n()

const BigInt & Botan::RSA_PublicKey::get_n ( ) const

inherited

Returns: public modulus

Definition at line 136 of file rsa.cpp.

                                         {
   return m_public->get_n();
}

References Botan::RSA_PublicKey::m_public.

Referenced by Botan::RSA_PrivateKey::check_key(), Botan::RSA_PublicKey::check_key(), Botan::RSA_PrivateKey::private_key_bits(), Botan::RSA_PrivateKey::public_key(), and Botan::RSA_PublicKey::public_key_bits().

◆ get_oid()

OID Botan::Public_Key::get_oid ( ) const

inlineinherited

Deprecated version of object_identifier

Definition at line 132 of file pk_keys.h.

132{ return this->object_identifier(); }

◆ handles() [1/2]

Object & Botan::TPM2::PrivateKey::handles ( )

inlineinherited

Definition at line 220 of file tpm2_key.h.

220{ return m_handle; }

Referenced by Botan::TPM2::Session::authenticated_session(), Botan::TPM2::PrivateKey::create(), create_decryption_op(), Botan::TPM2::EC_PrivateKey::create_signature_op(), create_signature_op(), Botan::TPM2::EC_PrivateKey::create_unrestricted_transient(), create_unrestricted_transient(), Botan::TPM2::PrivateKey::load_transient(), and Botan::TPM2::Context::persist().

◆ handles() [2/2]

const Object & Botan::TPM2::PrivateKey::handles ( ) const

inlineinherited

Definition at line 222 of file tpm2_key.h.

222{ return m_handle; }

◆ init()

void Botan::RSA_PublicKey::init	(	BigInt &&	n,
		BigInt &&	e )

protectedinherited

Definition at line 144 of file rsa.cpp.

                                               {
   if(n.is_negative() || n.is_even() || n.bits() < 5 /* n >= 3*5 */ || e.is_negative() || e.is_even()) {
      throw Decoding_Error("Invalid RSA public key parameters");
   }
   m_public = std::make_shared<RSA_Public_Data>(std::move(n), std::move(e));
}

References Botan::RSA_PublicKey::m_public.

Referenced by Botan::RSA_PrivateKey::RSA_PrivateKey(), Botan::RSA_PrivateKey::RSA_PrivateKey(), and Botan::RSA_PrivateKey::RSA_PrivateKey().

◆ is_parent()

bool Botan::TPM2::PrivateKey::is_parent ( ) const

inherited

Definition at line 283 of file tpm2_key.cpp.

                                 {
   // Architectural Document, Section 4.54
   //   any object with the decrypt and restricted attributes SET and the sign
   //   attribute CLEAR
   const auto attrs = m_handle.attributes(m_sessions);
   return attrs.decrypt && attrs.restricted && !attrs.sign_encrypt;
}

References Botan::TPM2::Object::attributes(), and Botan::TPM2::ObjectAttributes::decrypt.

Referenced by Botan::TPM2::EC_PrivateKey::create_unrestricted_transient(), and create_unrestricted_transient().

◆ key_length()

size_t Botan::RSA_PublicKey::key_length ( ) const

overridevirtualinherited

Return an integer value best approximating the length of the primary security parameter. For example for RSA this will be the size of the modulus, for ECDSA the size of the ECC group, and for McEliece the size of the code will be returned.

Implements Botan::Public_Key.

Definition at line 169 of file rsa.cpp.

                                       {
   return m_public->public_modulus_bits();
}

References Botan::RSA_PublicKey::m_public.

Referenced by Botan::RSA_PublicKey::estimated_strength().

◆ load_persistent()

std::unique_ptr< PrivateKey > Botan::TPM2::PrivateKey::load_persistent	(	const std::shared_ptr< Context > &	ctx,
		TPM2_HANDLE	persistent_object_handle,
		std::span< const uint8_t >	auth_value,
		const SessionBundle &	sessions )

staticinherited

Load a private key that resides in the TPM's persistent storage.

Parameters

ctx	The TPM context to use
persistent_object_handle	The handle of the persistent object to load
auth_value	The auth value required to use the key
sessions	The session bundle to use for the key's operations

Definition at line 180 of file tpm2_key.cpp.

                                                                                       {
   return create(load_persistent_object(ctx, persistent_object_handle, auth_value, sessions),
                 sessions,
                 nullptr /* pull public info from handle */,
                 {} /* persistent keys don't have an encrypted private blob */);
}

References Botan::TPM2::PrivateKey::create(), and Botan::TPM2::PrivateKey::sessions().

Referenced by Botan::TPM2::Context::storage_root_key().

◆ load_transient()

std::unique_ptr< PrivateKey > Botan::TPM2::PrivateKey::load_transient	(	const std::shared_ptr< Context > &	ctx,
		std::span< const uint8_t >	auth_value,
		const TPM2::PrivateKey &	parent,
		std::span< const uint8_t >	public_blob,
		std::span< const uint8_t >	private_blob,
		const SessionBundle &	sessions )

staticinherited

Load a private key from the public and private blobs obtained by a TPM key creation.

Transient keys don't reside inside the TPM but must be loaded by the application as required. Once this object is destructed, the transient memory on the TPM is cleared.

Parameters

ctx	The TPM context to use
auth_value	The auth value required to use the key
parent	The parent key the key was originally created under
public_blob	The public blob of the key to load
private_blob	The private blob of the key to load
sessions	The session bundle to use for loading

Definition at line 190 of file tpm2_key.cpp.

                                                                                      {
   BOTAN_ASSERT_NONNULL(ctx);
   Object handle(ctx);
 
   const auto public_data = unmarshal_public_blob(public_blob);
   const auto private_data = copy_into<TPM2B_PRIVATE>(private_blob);
 
   check_rc("Esys_Load",
            Esys_Load(*ctx,
                      parent.handles().transient_handle(),
                      sessions[0],
                      sessions[1],
                      sessions[2],
                      &private_data,
                      &public_data,
                      out_transient_handle(handle)));
 
   if(!auth_value.empty()) {
      const auto user_auth = copy_into<TPM2B_AUTH>(auth_value);
      check_rc("Esys_TR_SetAuth", Esys_TR_SetAuth(*ctx, handle.transient_handle(), &user_auth));
   }
 
   return create(std::move(handle), sessions, nullptr /* pull public info from handle */, private_blob);
}

References BOTAN_ASSERT_NONNULL, Botan::TPM2::check_rc(), Botan::TPM2::copy_into(), Botan::TPM2::PrivateKey::create(), Botan::TPM2::PrivateKey::handles(), Botan::TPM2::out_transient_handle(), Botan::TPM2::PrivateKey::sessions(), and Botan::TPM2::Object::transient_handle().

◆ message_part_size()

virtual size_t Botan::Public_Key::message_part_size ( ) const

inlinevirtualinherited

Returns how large each of the message parts refered to by message_parts() is

This function is public but applications should have few reasons to ever call this.

Returns: size of the message parts in bits

Reimplemented in Botan::DSA_PublicKey, Botan::ECDSA_PublicKey, Botan::ECGDSA_PublicKey, Botan::ECKCDSA_PublicKey, Botan::GOST_3410_PublicKey, and Botan::SM2_PublicKey.

Definition at line 199 of file pk_keys.h.

199{ return 0; }

Referenced by Botan::PK_Signer::PK_Signer(), Botan::PK_Verifier::PK_Verifier(), and Botan::PK_Verifier::PK_Verifier().

◆ message_parts()

virtual size_t Botan::Public_Key::message_parts ( ) const

inlinevirtualinherited

Returns more than 1 if the output of this algorithm (ciphertext, signature) should be treated as more than one value. This is used for algorithms like DSA and ECDSA, where the (r,s) output pair can be encoded as either a plain binary list or a TLV tagged DER encoding depending on the protocol.

This function is public but applications should have few reasons to ever call this.

Returns: number of message parts

Reimplemented in Botan::DSA_PublicKey, Botan::ECDSA_PublicKey, Botan::ECGDSA_PublicKey, Botan::ECKCDSA_PublicKey, Botan::GOST_3410_PublicKey, and Botan::SM2_PublicKey.

Definition at line 188 of file pk_keys.h.

188{ return 1; }

Referenced by Botan::PK_Signer::PK_Signer(), Botan::PK_Verifier::PK_Verifier(), and Botan::PK_Verifier::PK_Verifier().

◆ object_identifier()

OID Botan::Asymmetric_Key::object_identifier ( ) const

virtualinherited

Get the OID of the underlying public key scheme.

Returns: OID of the public key scheme

Reimplemented in Botan::Dilithium_PublicKey, Botan::FrodoKEM_PublicKey, Botan::HSS_LMS_PublicKey, Botan::Kyber_PublicKey, and Botan::SphincsPlus_PublicKey.

Definition at line 22 of file pk_keys.cpp.

                                            {
   try {
      return OID::from_string(algo_name());
   } catch(Lookup_Error&) {
      throw Lookup_Error(fmt("Public key algorithm {} has no defined OIDs", algo_name()));
   }
}

References Botan::Asymmetric_Key::algo_name(), Botan::fmt(), and Botan::OID::from_string().

◆ pkcs8_algorithm_identifier()

virtual AlgorithmIdentifier Botan::Private_Key::pkcs8_algorithm_identifier ( ) const

inlinevirtualinherited

Returns: PKCS #8 AlgorithmIdentifier for this key Might be different from the X.509 identifier, but normally is not

Reimplemented in Botan::GOST_3410_PrivateKey, and Botan::HSS_LMS_PrivateKey.

Definition at line 296 of file pk_keys.h.

296{ return algorithm_identifier(); }

Botan::Public_Key::algorithm_identifier

virtual AlgorithmIdentifier algorithm_identifier() const =0

Referenced by Botan::Private_Key::private_key_info().

◆ private_key_bits()

secure_vector< uint8_t > Botan::TPM2::PrivateKey::private_key_bits ( ) const

inlineoverridevirtualinherited

Exceptions

Not_Implemented keys hosted in a TPM2 cannot be exported

Implements Botan::Private_Key.

Definition at line 205 of file tpm2_key.h.

                                                               {
         throw Not_Implemented("cannot export private key bits from a TPM2 key, maybe use raw_private_key_bits()?");
      }

◆ private_key_info()

secure_vector< uint8_t > Botan::Private_Key::private_key_info ( ) const

inherited

Returns: PKCS #8 private key encoding for this key object

Definition at line 60 of file pk_keys.cpp.

                                                           {
   const size_t PKCS8_VERSION = 0;
 
   return DER_Encoder()
      .start_sequence()
      .encode(PKCS8_VERSION)
      .encode(pkcs8_algorithm_identifier())
      .encode(private_key_bits(), ASN1_Type::OctetString)
      .end_cons()
      .get_contents();
}

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::get_contents(), Botan::OctetString, Botan::Private_Key::pkcs8_algorithm_identifier(), Botan::Private_Key::private_key_bits(), and Botan::DER_Encoder::start_sequence().

Referenced by Botan::PKCS8::BER_encode(), Botan::PKCS8::BER_encode_encrypted_pbkdf_iter(), Botan::PKCS8::BER_encode_encrypted_pbkdf_msec(), and Botan::PKCS8::PEM_encode().

◆ public_data()

std::shared_ptr< const RSA_Public_Data > Botan::RSA_PublicKey::public_data ( ) const

inherited

Definition at line 118 of file rsa.cpp.

                                                                      {
   return m_public;
}

References Botan::RSA_PublicKey::m_public.

◆ public_key()

std::unique_ptr< Public_Key > Botan::TPM2::RSA_PrivateKey::public_key ( ) const

inlineoverridevirtual

Allocate a new object for the public key associated with this private key.

Returns: public key

Implements Botan::Private_Key.

Definition at line 77 of file tpm2_rsa.h.

                                                            {
         return std::make_unique<Botan::RSA_PublicKey>(algorithm_identifier(), public_key_bits());
      }

◆ public_key_bits()

std::vector< uint8_t > Botan::RSA_PublicKey::public_key_bits ( ) const

overridevirtualinherited

Returns: BER encoded public key bits

Implements Botan::Public_Key.

Definition at line 185 of file rsa.cpp.

                                                        {
   std::vector<uint8_t> output;
   DER_Encoder der(output);
   der.start_sequence().encode(get_n()).encode(get_e()).end_cons();
 
   return output;
}

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::RSA_PublicKey::get_e(), Botan::RSA_PublicKey::get_n(), and Botan::DER_Encoder::start_sequence().

◆ raw_private_key_bits()

secure_vector< uint8_t > Botan::TPM2::PrivateKey::raw_private_key_bits ( ) const

overridevirtualinherited

Returns: the encrypted private key blob, if the key is transient

Exceptions

Invalid_State if the key is persistent

Reimplemented from Botan::Private_Key.

Definition at line 273 of file tpm2_key.cpp.

                                                              {
   BOTAN_STATE_CHECK(!m_handle.has_persistent_handle());
   BOTAN_ASSERT_NOMSG(!m_private_blob.empty());
   return Botan::lock(m_private_blob);
}

References BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, Botan::TPM2::Object::has_persistent_handle(), and Botan::lock().

◆ raw_public_key_bits()

std::vector< uint8_t > Botan::TPM2::RSA_PrivateKey::raw_public_key_bits ( ) const

inlineoverridevirtual

Returns: a TPM2-specific marshalled representation of the public key

Reimplemented from Botan::TPM2::PrivateKey.

Definition at line 81 of file tpm2_rsa.h.

81{ return TPM2::PrivateKey::raw_public_key_bits(); }

Botan::TPM2::PrivateKey::raw_public_key_bits

std::vector< uint8_t > raw_public_key_bits() const override

Definition tpm2_key.cpp:279

◆ remaining_operations()

virtual std::optional< uint64_t > Botan::Private_Key::remaining_operations ( ) const

inlinevirtualinherited

Retrieves the number of remaining operations if this is a stateful private key.

Returns: the number of remaining operations or std::nullopt if not applicable.

Reimplemented in Botan::HSS_LMS_PrivateKey, and Botan::XMSS_PrivateKey.

Definition at line 309 of file pk_keys.h.

309{ return std::nullopt; }

◆ sessions()

const SessionBundle & Botan::TPM2::PrivateKey::sessions ( ) const

inlineinherited

Definition at line 224 of file tpm2_key.h.

224{ return m_sessions; }

Referenced by Botan::TPM2::PrivateKey::create(), create_decryption_op(), Botan::TPM2::EC_PrivateKey::create_signature_op(), create_signature_op(), Botan::TPM2::PrivateKey::create_transient_from_template(), Botan::TPM2::EC_PrivateKey::create_unrestricted_transient(), create_unrestricted_transient(), Botan::TPM2::PrivateKey::load_persistent(), and Botan::TPM2::PrivateKey::load_transient().

◆ stateful_operation()

virtual bool Botan::Private_Key::stateful_operation ( ) const

inlinevirtualinherited

Indicates if this key is stateful, ie that performing a private key operation requires updating the key storage.

Reimplemented in Botan::HSS_LMS_PrivateKey, and Botan::XMSS_PrivateKey.

Definition at line 302 of file pk_keys.h.

302{ return false; }

◆ subject_public_key()

std::vector< uint8_t > Botan::Public_Key::subject_public_key ( ) const

inherited

Returns: X.509 subject key encoding for this key object

Definition at line 48 of file pk_keys.cpp.

                                                        {
   std::vector<uint8_t> output;
 
   DER_Encoder(output)
      .start_sequence()
      .encode(algorithm_identifier())
      .encode(public_key_bits(), ASN1_Type::BitString)
      .end_cons();
 
   return output;
}

References Botan::Public_Key::algorithm_identifier(), Botan::BitString, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::Public_Key::public_key_bits(), and Botan::DER_Encoder::start_sequence().

Referenced by Botan::X509::BER_encode(), Botan::PKCS10_Request::create(), Botan::Public_Key::fingerprint_public(), and Botan::X509::PEM_encode().

◆ supports_operation()

bool Botan::TPM2::RSA_PrivateKey::supports_operation ( PublicKeyOperation op ) const

inlineoverridevirtual

Return true if this key could be used for the specified type of operation.

Implements Botan::Asymmetric_Key.

Definition at line 83 of file tpm2_rsa.h.

                                                                    {
         // TODO: Support RSA-KEM
         return op == PublicKeyOperation::Encryption || op == PublicKeyOperation::Signature;
      }

Friends And Related Symbol Documentation

◆ TPM2::PrivateKey

friend class TPM2::PrivateKey

friend

Definition at line 97 of file tpm2_rsa.h.

Member Data Documentation

◆ m_public

std::shared_ptr<const RSA_Public_Data> Botan::RSA_PublicKey::m_public

protectedinherited

Definition at line 91 of file rsa.h.

Referenced by Botan::RSA_PublicKey::generate_another(), Botan::RSA_PublicKey::get_e(), Botan::RSA_PublicKey::get_int_field(), Botan::RSA_PublicKey::get_n(), Botan::RSA_PublicKey::init(), Botan::RSA_PublicKey::key_length(), and Botan::RSA_PublicKey::public_data().

The documentation for this class was generated from the following files:

src/lib/prov/tpm2/tpm2_rsa/tpm2_rsa.h
src/lib/prov/tpm2/tpm2_rsa/tpm2_rsa.cpp

Public Member Functions

Static Public Member Functions

Protected Member Functions

Static Protected Member Functions

Protected Attributes

Friends

Detailed Description

Constructor & Destructor Documentation

◆ RSA_PrivateKey()

Member Function Documentation

◆ algo_name()

◆ algorithm_identifier()

◆ check_key()

◆ create()

◆ create_decryption_op()

◆ create_encryption_op()

◆ create_kem_decryption_op()

◆ create_kem_encryption_op()

◆ create_key_agreement_op()

◆ create_signature_op()

◆ create_transient_from_template()

◆ create_unrestricted_transient()

◆ create_verification_op()

◆ create_x509_verification_op()

◆ default_x509_signature_format()

◆ estimated_strength()

◆ fingerprint_private()

◆ fingerprint_public()

◆ generate_another()

◆ get_e()

◆ get_int_field()

◆ get_n()

◆ get_oid()

◆ handles() [1/2]

◆ handles() [2/2]

◆ init()

◆ is_parent()

◆ key_length()

◆ load_persistent()

◆ load_transient()

◆ message_part_size()

◆ message_parts()

◆ object_identifier()

◆ pkcs8_algorithm_identifier()

◆ private_key_bits()

◆ private_key_info()

◆ public_data()

◆ public_key()

◆ public_key_bits()

◆ raw_private_key_bits()

◆ raw_public_key_bits()

◆ remaining_operations()

◆ sessions()

◆ stateful_operation()

◆ subject_public_key()

◆ supports_operation()

Friends And Related Symbol Documentation

◆ TPM2::PrivateKey

Member Data Documentation

◆ m_public