Botan 3.7.1
Crypto and TLS for C&
Botan::TPM2::RSA_PrivateKey Class Referencefinal

#include <tpm2_rsa.h>

Inheritance diagram for Botan::TPM2::RSA_PrivateKey:
Botan::TPM2::PrivateKey Botan::RSA_PublicKey Botan::Private_Key Botan::Public_Key Botan::Public_Key Botan::Asymmetric_Key Botan::Asymmetric_Key

Public Member Functions

virtual Signature_Format _default_x509_signature_format () const
 
virtual std::optional< size_t > _signature_element_size_for_DER_encoding () const
 
std::string algo_name () const override
 
AlgorithmIdentifier algorithm_identifier () const override
 
bool check_key (RandomNumberGenerator &rng, bool) const override
 
std::unique_ptr< PK_Ops::Decryptioncreate_decryption_op (Botan::RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
 
std::unique_ptr< PK_Ops::Encryptioncreate_encryption_op (RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
 
virtual std::unique_ptr< PK_Ops::KEM_Decryptioncreate_kem_decryption_op (RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const
 
std::unique_ptr< PK_Ops::KEM_Encryptioncreate_kem_encryption_op (std::string_view params, std::string_view provider) const override
 
virtual std::unique_ptr< PK_Ops::Key_Agreementcreate_key_agreement_op (RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const
 
std::unique_ptr< PK_Ops::Signaturecreate_signature_op (Botan::RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
 
std::unique_ptr< PK_Ops::Verificationcreate_verification_op (std::string_view params, std::string_view provider) const override
 
std::unique_ptr< PK_Ops::Verificationcreate_x509_verification_op (const AlgorithmIdentifier &alg_id, std::string_view provider) const override
 
Signature_Format default_x509_signature_format () const
 
size_t estimated_strength () const override
 
std::string fingerprint_private (std::string_view alg) const
 
std::string fingerprint_public (std::string_view alg="SHA-256") const
 
std::unique_ptr< Private_Keygenerate_another (RandomNumberGenerator &rng) const override
 
const BigIntget_e () const
 
const BigIntget_int_field (std::string_view field) const override
 
const BigIntget_n () const
 
OID get_oid () const
 
Objecthandles ()
 
const Objecthandles () const
 
bool is_parent () const
 
size_t key_length () const override
 
size_t message_part_size () const
 
size_t message_parts () const
 
virtual OID object_identifier () const
 
virtual AlgorithmIdentifier pkcs8_algorithm_identifier () const
 
secure_vector< uint8_t > private_key_bits () const override
 
secure_vector< uint8_t > private_key_info () const
 
std::shared_ptr< const RSA_Public_Data > public_data () const
 
std::unique_ptr< Public_Keypublic_key () const override
 
std::vector< uint8_t > public_key_bits () const override
 
secure_vector< uint8_t > raw_private_key_bits () const override
 
std::vector< uint8_t > raw_public_key_bits () const override
 
virtual std::optional< uint64_t > remaining_operations () const
 Retrieves the number of remaining operations if this is a stateful private key.
 
const SessionBundlesessions () const
 
virtual bool stateful_operation () const
 
std::vector< uint8_t > subject_public_key () const
 
bool supports_operation (PublicKeyOperation op) const override
 

Static Public Member Functions

static std::unique_ptr< PrivateKeycreate_transient_from_template (const std::shared_ptr< Context > &ctx, const SessionBundle &sessions, ESYS_TR parent, const TPMT_PUBLIC &key_template, const TPM2B_SENSITIVE_CREATE &sensitive_data)
 
static std::unique_ptr< TPM2::PrivateKeycreate_unrestricted_transient (const std::shared_ptr< Context > &ctx, const SessionBundle &sessions, std::span< const uint8_t > auth_value, const TPM2::PrivateKey &parent, uint16_t keylength, std::optional< uint32_t > exponent={})
 
static std::unique_ptr< PrivateKeyload_persistent (const std::shared_ptr< Context > &ctx, TPM2_HANDLE persistent_object_handle, std::span< const uint8_t > auth_value, const SessionBundle &sessions)
 
static std::unique_ptr< PrivateKeyload_transient (const std::shared_ptr< Context > &ctx, std::span< const uint8_t > auth_value, const TPM2::PrivateKey &parent, std::span< const uint8_t > public_blob, std::span< const uint8_t > private_blob, const SessionBundle &sessions)
 

Protected Member Functions

void init (BigInt &&n, BigInt &&e)
 
 RSA_PrivateKey (Object handle, SessionBundle sessions, const TPM2B_PUBLIC *public_blob, std::span< const uint8_t > private_blob={})
 

Static Protected Member Functions

static std::unique_ptr< PrivateKeycreate (Object handles, const SessionBundle &sessions, const TPM2B_PUBLIC *public_info, std::span< const uint8_t > private_blob)
 

Protected Attributes

std::shared_ptr< const RSA_Public_Data > m_public
 

Friends

class TPM2::PrivateKey
 

Detailed Description

Definition at line 64 of file tpm2_rsa.h.

Constructor & Destructor Documentation

◆ RSA_PrivateKey()

Botan::TPM2::RSA_PrivateKey::RSA_PrivateKey ( Object handle,
SessionBundle sessions,
const TPM2B_PUBLIC * public_blob,
std::span< const uint8_t > private_blob = {} )
protected

Definition at line 50 of file tpm2_rsa.cpp.

53 :
54 Botan::TPM2::RSA_PrivateKey(std::move(handle),
55 std::move(session_bundle),
57 private_blob) {}
std::pair< BigInt, BigInt > rsa_pubkey_components_from_tss2_public(const TPM2B_PUBLIC *public_area)
Definition tpm2_rsa.cpp:29

Member Function Documentation

◆ _default_x509_signature_format()

Signature_Format Botan::Asymmetric_Key::_default_x509_signature_format ( ) const
virtualinherited

◆ _signature_element_size_for_DER_encoding()

virtual std::optional< size_t > Botan::Asymmetric_Key::_signature_element_size_for_DER_encoding ( ) const
inlinevirtualinherited

Certain signatures schemes such as ECDSA have more than one element, and certain unfortunate protocols decided the thing to do was not concatenate them as normally done, but instead DER encode each of the elements as independent values.

If this returns a value x then the signature is checked to be exactly 2*x bytes and split in half for DER encoding.

Reimplemented in Botan::DSA_PublicKey, Botan::ECDSA_PublicKey, Botan::ECGDSA_PublicKey, Botan::ECKCDSA_PublicKey, Botan::GOST_3410_PublicKey, and Botan::SM2_PublicKey.

Definition at line 136 of file pk_keys.h.

136{ return {}; }

Referenced by Botan::Asymmetric_Key::_default_x509_signature_format(), Botan::PK_Signer::PK_Signer(), Botan::PK_Verifier::PK_Verifier(), and Botan::PK_Verifier::PK_Verifier().

◆ algo_name()

std::string Botan::RSA_PublicKey::algo_name ( ) const
inlineoverridevirtualinherited

Get the name of the underlying public key scheme.

Returns
name of the public key scheme

Implements Botan::Asymmetric_Key.

Definition at line 41 of file rsa.h.

41{ return "RSA"; }

◆ algorithm_identifier()

AlgorithmIdentifier Botan::RSA_PublicKey::algorithm_identifier ( ) const
overridevirtualinherited
Returns
X.509 AlgorithmIdentifier for this key

Implements Botan::Public_Key.

Definition at line 183 of file rsa.cpp.

183 {
184 return AlgorithmIdentifier(object_identifier(), AlgorithmIdentifier::USE_NULL_PARAM);
185}
virtual OID object_identifier() const
Definition pk_keys.cpp:22

References Botan::Asymmetric_Key::object_identifier(), and Botan::AlgorithmIdentifier::USE_NULL_PARAM.

◆ check_key()

bool Botan::RSA_PublicKey::check_key ( RandomNumberGenerator & rng,
bool  ) const
overridevirtualinherited

Implements Botan::Asymmetric_Key.

Definition at line 202 of file rsa.cpp.

202 {
203 if(get_n() < 35 || get_n().is_even() || get_e() < 3 || get_e().is_even()) {
204 return false;
205 }
206 return true;
207}
const BigInt & get_n() const
Definition rsa.cpp:142
const BigInt & get_e() const
Definition rsa.cpp:146

References Botan::RSA_PublicKey::get_e(), and Botan::RSA_PublicKey::get_n().

◆ create()

std::unique_ptr< PrivateKey > Botan::TPM2::PrivateKey::create ( Object handles,
const SessionBundle & sessions,
const TPM2B_PUBLIC * public_info,
std::span< const uint8_t > private_blob )
staticprotectedinherited

Definition at line 288 of file tpm2_key.cpp.

291 {
292 if(!public_info) {
293 public_info = handles._public_info(sessions).pub.get();
294 }
295
296#if defined(BOTAN_HAS_TPM2_RSA_ADAPTER)
297 if(public_info->publicArea.type == TPM2_ALG_RSA) {
298 return std::unique_ptr<RSA_PrivateKey>(
299 new RSA_PrivateKey(std::move(handles), sessions, public_info, private_blob));
300 }
301#endif
302
303#if defined(BOTAN_HAS_TPM2_ECC_ADAPTER)
304 if(public_info->publicArea.type == TPM2_ALG_ECC) {
305 return std::unique_ptr<EC_PrivateKey>(new EC_PrivateKey(std::move(handles), sessions, public_info, private_blob));
306 }
307#endif
308
309 throw Not_Implemented(Botan::fmt("Loaded a {} private key of an unsupported type",
310 handles.has_persistent_handle() ? "persistent" : "transient"));
311}
bool has_persistent_handle() const
PublicInfo & _public_info(const SessionBundle &sessions, std::optional< TPMI_ALG_PUBLIC > expected_type={}) const
const SessionBundle & sessions() const
Definition tpm2_key.h:224
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
unique_esys_ptr< TPM2B_PUBLIC > pub
Definition tpm2_util.h:165

References Botan::TPM2::Object::_public_info(), Botan::fmt(), Botan::TPM2::PrivateKey::handles(), Botan::TPM2::Object::has_persistent_handle(), Botan::TPM2::PublicInfo::pub, and Botan::TPM2::PrivateKey::sessions().

Referenced by Botan::TPM2::PrivateKey::create_transient_from_template(), Botan::TPM2::PrivateKey::load_persistent(), and Botan::TPM2::PrivateKey::load_transient().

◆ create_decryption_op()

std::unique_ptr< PK_Ops::Decryption > Botan::TPM2::RSA_PrivateKey::create_decryption_op ( Botan::RandomNumberGenerator & rng,
std::string_view params,
std::string_view provider ) const
overridevirtual

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return an decryption operation for this key/params or throw

Parameters
rnga random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
paramsadditional parameters
providerthe provider to use

Reimplemented from Botan::Private_Key.

Definition at line 424 of file tpm2_rsa.cpp.

426 {
427 BOTAN_UNUSED(rng, provider);
428 return std::make_unique<RSA_Decryption_Operation>(handles(), sessions(), params);
429}
#define BOTAN_UNUSED
Definition assert.h:118

References BOTAN_UNUSED, Botan::TPM2::PrivateKey::handles(), and Botan::TPM2::PrivateKey::sessions().

◆ create_encryption_op()

std::unique_ptr< PK_Ops::Encryption > Botan::RSA_PublicKey::create_encryption_op ( RandomNumberGenerator & rng,
std::string_view params,
std::string_view provider ) const
overridevirtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return an encryption operation for this key/params or throw

Parameters
rnga random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
paramsadditional parameters
providerthe provider to use

Reimplemented from Botan::Public_Key.

Reimplemented in Botan::TPM2::RSA_PublicKey.

Definition at line 730 of file rsa.cpp.

732 {
733 if(provider == "base" || provider.empty()) {
734 return std::make_unique<RSA_Encryption_Operation>(*this, params);
735 }
736 throw Provider_Not_Found(algo_name(), provider);
737}
std::string algo_name() const override
Definition rsa.h:41

◆ create_kem_decryption_op()

std::unique_ptr< PK_Ops::KEM_Decryption > Botan::Private_Key::create_kem_decryption_op ( RandomNumberGenerator & rng,
std::string_view params,
std::string_view provider ) const
virtualinherited

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a KEM decryption operation for this key/params or throw

Parameters
rnga random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
paramsadditional parameters
providerthe provider to use

Reimplemented in Botan::Classic_McEliece_PrivateKey, Botan::FrodoKEM_PrivateKey, Botan::Kyber_PrivateKey, Botan::McEliece_PrivateKey, Botan::RSA_PrivateKey, Botan::TLS::Hybrid_KEM_PrivateKey, and Botan::TLS::KEX_to_KEM_Adapter_PrivateKey.

Definition at line 125 of file pk_keys.cpp.

127 {
128 throw Lookup_Error(fmt("{} does not support KEM decryption", algo_name()));
129}
virtual std::string algo_name() const =0

References Botan::Asymmetric_Key::algo_name(), and Botan::fmt().

Referenced by Botan::PK_KEM_Decryptor::PK_KEM_Decryptor().

◆ create_kem_encryption_op()

std::unique_ptr< PK_Ops::KEM_Encryption > Botan::RSA_PublicKey::create_kem_encryption_op ( std::string_view params,
std::string_view provider ) const
overridevirtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return a KEM encryption operation for this key/params or throw

Parameters
paramsadditional parameters
providerthe provider to use

Reimplemented from Botan::Public_Key.

Definition at line 739 of file rsa.cpp.

740 {
741 if(provider == "base" || provider.empty()) {
742 return std::make_unique<RSA_KEM_Encryption_Operation>(*this, params);
743 }
744 throw Provider_Not_Found(algo_name(), provider);
745}

◆ create_key_agreement_op()

std::unique_ptr< PK_Ops::Key_Agreement > Botan::Private_Key::create_key_agreement_op ( RandomNumberGenerator & rng,
std::string_view params,
std::string_view provider ) const
virtualinherited

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a key agreement operation for this key/params or throw

Parameters
rnga random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
paramsadditional parameters
providerthe provider to use

Reimplemented in Botan::DH_PrivateKey, Botan::ECDH_PrivateKey, Botan::X25519_PrivateKey, and Botan::X448_PrivateKey.

Definition at line 137 of file pk_keys.cpp.

139 {
140 throw Lookup_Error(fmt("{} does not support key agreement", algo_name()));
141}

References Botan::Asymmetric_Key::algo_name(), and Botan::fmt().

Referenced by Botan::PK_Key_Agreement::PK_Key_Agreement().

◆ create_signature_op()

std::unique_ptr< PK_Ops::Signature > Botan::TPM2::RSA_PrivateKey::create_signature_op ( Botan::RandomNumberGenerator & rng,
std::string_view params,
std::string_view provider ) const
overridevirtual

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a signature operation for this key/params or throw

Parameters
rnga random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
paramsadditional parameters
providerthe provider to use

Reimplemented from Botan::Private_Key.

Definition at line 410 of file tpm2_rsa.cpp.

412 {
413 BOTAN_UNUSED(rng, provider);
414 return std::make_unique<RSA_Signature_Operation>(handles(), sessions(), params);
415}

References BOTAN_UNUSED, Botan::TPM2::PrivateKey::handles(), and Botan::TPM2::PrivateKey::sessions().

◆ create_transient_from_template()

std::unique_ptr< PrivateKey > Botan::TPM2::PrivateKey::create_transient_from_template ( const std::shared_ptr< Context > & ctx,
const SessionBundle & sessions,
ESYS_TR parent,
const TPMT_PUBLIC & key_template,
const TPM2B_SENSITIVE_CREATE & sensitive_data )
staticinherited

This is a wrapper around Esys_CreateLoaded creating a transient key from a given key_template with sensitive_data. It gives maximal flexibility to the caller to create a key with their own TSS2 template configuration.

Please use this if you know what you are doing, only! Most users should use the more convenient create_transient() methods of the derived classes.

Parameters
ctxThe TPM context to use
sessionsThe session bundle to use in Esys_CreateLoaded().
parentThe handle of the parent object to create the new key under (this may reference a "Primary Seed" to create a "Primary Key", a "Storage Parent" to create an "Ordinary Key", or a "Derivation Parent" to create a "Derived Key").
key_templateThe template data to use for the key creation. It will be passed to Tss2_MU_TPMT_PUBLIC_Marshal() and Esys_CreateLoaded().
sensitive_dataThe sensitive data (e.g. with the desired auth value) to use for the key creation.

Definition at line 217 of file tpm2_key.cpp.

221 {
223
224 switch(key_template.type) {
225 case TPM2_ALG_RSA:
226#if not defined(BOTAN_HAS_TPM2_RSA_ADAPTER)
227 throw Not_Implemented("TPM2-based RSA keys are not supported in this build");
228#endif
229 break;
230 case TPM2_ALG_ECC:
231#if not defined(BOTAN_HAS_TPM2_ECC_ADAPTER)
232 throw Not_Implemented("TPM2-based ECC keys are not supported in this build");
233#endif
234 break;
235 default:
236 throw Invalid_Argument("Unsupported key type");
237 }
238
239 const auto marshalled_template = marshal_template(key_template);
240
241 Object handle(ctx);
242 unique_esys_ptr<TPM2B_PRIVATE> private_bytes;
244
245 // Esys_CreateLoaded can create different object types depending on the type
246 // of the parent passed in. Namely, this will create a Primary object if the
247 // parent is referencing a Primary Seed; an Ordinary Object if the parent is
248 // referencing a Storage Parent; and a Derived Object if the parent is
249 // referencing a Derivation Parent.
250 //
251 // See the Architecture Document, Section 27.1.
252 check_rc("Esys_CreateLoaded",
253 Esys_CreateLoaded(*ctx,
254 parent,
255 sessions[0],
256 sessions[1],
257 sessions[2],
258 &sensitive_data,
259 &marshalled_template,
260 out_transient_handle(handle),
261 out_ptr(private_bytes),
262 out_ptr(public_info)));
263 BOTAN_ASSERT_NONNULL(private_bytes);
264 BOTAN_ASSERT_NOMSG(public_info->publicArea.type == key_template.type);
265 BOTAN_ASSERT_NOMSG(handle.has_transient_handle());
266
267 return create(std::move(handle), sessions, public_info.get(), as_span(*private_bytes));
268}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:86
static std::unique_ptr< PrivateKey > create(Object handles, const SessionBundle &sessions, const TPM2B_PUBLIC *public_info, std::span< const uint8_t > private_blob)
Definition tpm2_key.cpp:288
constexpr void check_rc(std::string_view location, TSS2_RC rc)
Definition tpm2_util.h:54
std::unique_ptr< T, esys_liberator > unique_esys_ptr
A unique pointer type for ESYS handles that automatically frees the handle.
Definition tpm2_util.h:162
constexpr auto out_transient_handle(Object &object)
Definition tpm2_util.h:217
constexpr auto as_span(tpm2_buffer auto &data)
Construct a std::span as a view into a TPM2 buffer.
Definition tpm2_util.h:102
constexpr auto out_ptr(T &outptr) noexcept
Definition stl_util.h:420

References Botan::TPM2::as_span(), BOTAN_ASSERT_NOMSG, BOTAN_ASSERT_NONNULL, Botan::TPM2::check_rc(), Botan::TPM2::PrivateKey::create(), Botan::TPM2::Object::has_transient_handle(), Botan::out_ptr(), Botan::TPM2::out_transient_handle(), and Botan::TPM2::PrivateKey::sessions().

Referenced by Botan::TPM2::EC_PrivateKey::create_unrestricted_transient(), and create_unrestricted_transient().

◆ create_unrestricted_transient()

std::unique_ptr< TPM2::PrivateKey > Botan::TPM2::RSA_PrivateKey::create_unrestricted_transient ( const std::shared_ptr< Context > & ctx,
const SessionBundle & sessions,
std::span< const uint8_t > auth_value,
const TPM2::PrivateKey & parent,
uint16_t keylength,
std::optional< uint32_t > exponent = {} )
static

Create a transient RSA key with the given keylength and exponent, under the given parent key, with the given auth_value. This key may be used for both signatures and data decryption. No restrictions on the utilized padding schemes are applied.

TODO: provide the user with some means to specify such restrictions:

  • allowed key use: sign, decrypt, sign+decrypt, x509sign
  • allowed padding schemes: PKCS1v1.5, OAEP, PSS
  • data restrictions ("restricted" field in TPMT_PUBLIC)
  • session authentication requirements (policy, user authentication, ...)
  • fixed to TPM, or fixed to parent?
  • ...
Parameters
ctxThe TPM context to use
sessionsThe session bundle to use in the creation of the key
auth_valueThe auth value to use for the key
parentThe parent key to create the new key under
keylengthThe desired key length
exponentThe desired exponent (default: 0x10001)

Definition at line 68 of file tpm2_rsa.cpp.

73 {
74 BOTAN_ARG_CHECK(parent.is_parent(), "The passed key cannot be used as a parent key");
75
76 TPM2B_SENSITIVE_CREATE sensitive_data = {
77 .size = 0, // ignored
78 .sensitive =
79 {
80 .userAuth = copy_into<TPM2B_AUTH>(auth_value),
81
82 // Architecture Document, Section 25.2.3
83 // When an asymmetric key is created, the caller is not allowed to
84 // provide the sensitive data of the key.
86 },
87 };
88
89 TPMT_PUBLIC key_template = {
90 .type = TPM2_ALG_RSA,
91
92 // This is the algorithm for fingerprinting the newly created public key.
93 // For best compatibility we always use SHA-256.
94 .nameAlg = TPM2_ALG_SHA256,
95
96 // This sets up the key to be both a decryption and a signing key, forbids
97 // its duplication (fixed_tpm, fixed_parent) and ensures that the key's
98 // private portion can be used only by a user with an HMAC or password
99 // session.
100 .objectAttributes = ObjectAttributes::render({
101 .fixed_tpm = true,
102 .fixed_parent = true,
103 .sensitive_data_origin = true,
104 .user_with_auth = true,
105 .decrypt = true,
106 .sign_encrypt = true,
107 }),
108
109 // We currently do not support policy-based authorization
110 .authPolicy = init_empty<TPM2B_DIGEST>(),
111 .parameters =
112 {
113 .rsaDetail =
114 {
115 // Structures Document (Part 2), Section 12.2.3.5
116 // If the key is not a restricted decryption key, this field
117 // shall be set to TPM_ALG_NULL.
118 //
119 // TODO: Once we stop supporting TSS < 4.0, we could use
120 // `.keyBits = {.null = {}}, .mode = {.null = {}}`
121 // which better reflects our intention here.
122 .symmetric =
123 {
124 .algorithm = TPM2_ALG_NULL,
125 .keyBits = {.sym = 0},
126 .mode = {.sym = TPM2_ALG_NULL},
127 },
128
129 // Structures Document (Part 2), Section 12.2.3.5
130 // When both sign and decrypt are SET, restricted shall be
131 // CLEAR and scheme shall be TPM_ALG_NULL
132 //
133 // TODO: Once we stop supporting TSS < 4.0, we could use
134 // `.details = {.null = {}}`
135 // which better reflects our intention here.
136 .scheme =
137 {
138 .scheme = TPM2_ALG_NULL,
139 .details = {.anySig = {.hashAlg = TPM2_ALG_NULL}},
140 },
141 .keyBits = keylength,
142 .exponent = exponent.value_or(0 /* default value - 2^16 + 1*/),
143 },
144 },
145
146 // For creating an asymmetric key this value is not used.
147 .unique = {.rsa = init_empty<TPM2B_PUBLIC_KEY_RSA>()},
148 };
149
151 ctx, sessions, parent.handles().transient_handle(), key_template, sensitive_data);
152}
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
static std::unique_ptr< PrivateKey > create_transient_from_template(const std::shared_ptr< Context > &ctx, const SessionBundle &sessions, ESYS_TR parent, const TPMT_PUBLIC &key_template, const TPM2B_SENSITIVE_CREATE &sensitive_data)
Definition tpm2_key.cpp:217
constexpr T init_empty()
Create an empty TPM2 buffer of the given type.
Definition tpm2_util.h:152
constexpr void copy_into(T &dest, std::span< const uint8_t > data)
Definition tpm2_util.h:117
static TPMA_OBJECT render(ObjectAttributes attributes)

References BOTAN_ARG_CHECK, Botan::TPM2::copy_into(), Botan::TPM2::PrivateKey::create_transient_from_template(), Botan::TPM2::PrivateKey::handles(), Botan::TPM2::init_empty(), Botan::TPM2::PrivateKey::is_parent(), Botan::TPM2::ObjectAttributes::render(), Botan::TPM2::PrivateKey::sessions(), and Botan::TPM2::Object::transient_handle().

◆ create_verification_op()

std::unique_ptr< PK_Ops::Verification > Botan::RSA_PublicKey::create_verification_op ( std::string_view params,
std::string_view provider ) const
overridevirtualinherited

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a verification operation for this key/params or throw

Parameters
paramsadditional parameters
providerthe provider to use

Reimplemented from Botan::Public_Key.

Reimplemented in Botan::TPM2::RSA_PublicKey.

Definition at line 747 of file rsa.cpp.

748 {
749 if(provider == "base" || provider.empty()) {
750 return std::make_unique<RSA_Verify_Operation>(*this, params);
751 }
752
753 throw Provider_Not_Found(algo_name(), provider);
754}

◆ create_x509_verification_op()

std::unique_ptr< PK_Ops::Verification > Botan::RSA_PublicKey::create_x509_verification_op ( const AlgorithmIdentifier & signature_algorithm,
std::string_view provider ) const
overridevirtualinherited

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a verification operation for this combination of key and signature algorithm or throw.

Parameters
signature_algorithmis the X.509 algorithm identifier encoding the padding scheme and hash hash function used in the signature if applicable.
providerthe provider to use

Reimplemented from Botan::Public_Key.

Definition at line 806 of file rsa.cpp.

807 {
808 if(provider == "base" || provider.empty()) {
809 return std::make_unique<RSA_Verify_Operation>(*this, parse_rsa_signature_algorithm(alg_id));
810 }
811
812 throw Provider_Not_Found(algo_name(), provider);
813}

◆ default_x509_signature_format()

Signature_Format Botan::Public_Key::default_x509_signature_format ( ) const
inlineinherited

Definition at line 227 of file pk_keys.h.

227 {
229 }
virtual Signature_Format _default_x509_signature_format() const
Definition pk_keys.cpp:30

◆ estimated_strength()

size_t Botan::RSA_PublicKey::estimated_strength ( ) const
overridevirtualinherited

Return the estimated strength of the underlying key against the best currently known attack. Note that this ignores anything but pure attacks against the key itself and do not take into account padding schemes, usage mistakes, etc which might reduce the strength. However it does suffice to provide an upper bound.

Returns
estimated strength in bits

Implements Botan::Asymmetric_Key.

Definition at line 179 of file rsa.cpp.

179 {
180 return if_work_factor(key_length());
181}
size_t key_length() const override
Definition rsa.cpp:175
size_t if_work_factor(size_t bits)

References Botan::if_work_factor(), and Botan::RSA_PublicKey::key_length().

◆ fingerprint_private()

std::string Botan::Private_Key::fingerprint_private ( std::string_view alg) const
inherited
Returns
Hash of the PKCS #8 encoding for this key object

Definition at line 94 of file pk_keys.cpp.

94 {
95 return create_hex_fingerprint(private_key_bits(), hash_algo);
96}
virtual secure_vector< uint8_t > private_key_bits() const =0
std::string create_hex_fingerprint(const uint8_t bits[], size_t bits_len, std::string_view hash_name)
Definition pk_keys.cpp:38

References Botan::create_hex_fingerprint(), and Botan::Private_Key::private_key_bits().

Referenced by Botan::Certificate_Store_In_SQL::find_certs_for_key(), Botan::Certificate_Store_In_SQL::insert_key(), and Botan::Certificate_Store_In_SQL::remove_key().

◆ fingerprint_public()

std::string Botan::Public_Key::fingerprint_public ( std::string_view alg = "SHA-256") const
inherited
Returns
Hash of the subject public key

Definition at line 87 of file pk_keys.cpp.

87 {
88 return create_hex_fingerprint(subject_public_key(), hash_algo);
89}
std::vector< uint8_t > subject_public_key() const
Definition pk_keys.cpp:56

References Botan::create_hex_fingerprint(), and Botan::Public_Key::subject_public_key().

◆ generate_another()

std::unique_ptr< Private_Key > Botan::RSA_PublicKey::generate_another ( RandomNumberGenerator & rng) const
overridevirtualinherited

Generate another (cryptographically independent) key pair using the same algorithm parameters as this key. This is most useful for algorithms that support PublicKeyOperation::KeyAgreement to generate a fitting ephemeral key pair. For other key types it might throw Not_Implemented.

Implements Botan::Asymmetric_Key.

Reimplemented in Botan::TPM2::RSA_PublicKey.

Definition at line 138 of file rsa.cpp.

138 {
139 return std::make_unique<RSA_PrivateKey>(rng, m_public->public_modulus_bits(), m_public->get_e().to_u32bit());
140}
std::shared_ptr< const RSA_Public_Data > m_public
Definition rsa.h:91

References Botan::RSA_PublicKey::m_public.

◆ get_e()

const BigInt & Botan::RSA_PublicKey::get_e ( ) const
inherited

◆ get_int_field()

const BigInt & Botan::RSA_PublicKey::get_int_field ( std::string_view field) const
overridevirtualinherited

Access an algorithm specific field

If the field is not known for this algorithm, an Invalid_Argument is thrown. The interpretation of the result requires knowledge of which algorithm is involved. For instance for RSA "p" represents one of the secret primes, while for DSA "p" is the public prime.

Some algorithms may not implement this method at all.

This is primarily used to implement the FFI botan_pubkey_get_field and botan_privkey_get_field functions.

TODO(Botan4) Change this to return by value

Reimplemented from Botan::Asymmetric_Key.

Definition at line 128 of file rsa.cpp.

128 {
129 if(field == "n") {
130 return m_public->get_n();
131 } else if(field == "e") {
132 return m_public->get_e();
133 } else {
134 return Public_Key::get_int_field(field);
135 }
136}
virtual const BigInt & get_int_field(std::string_view field) const
Definition pk_keys.cpp:18

References Botan::Asymmetric_Key::get_int_field(), and Botan::RSA_PublicKey::m_public.

Referenced by Botan::RSA_PrivateKey::get_int_field().

◆ get_n()

const BigInt & Botan::RSA_PublicKey::get_n ( ) const
inherited

◆ get_oid()

OID Botan::Public_Key::get_oid ( ) const
inlineinherited

Deprecated version of object_identifier

Definition at line 160 of file pk_keys.h.

160{ return this->object_identifier(); }

◆ handles() [1/2]

◆ handles() [2/2]

const Object & Botan::TPM2::PrivateKey::handles ( ) const
inlineinherited

Definition at line 222 of file tpm2_key.h.

222{ return m_handle; }

◆ init()

void Botan::RSA_PublicKey::init ( BigInt && n,
BigInt && e )
protectedinherited

Definition at line 150 of file rsa.cpp.

150 {
151 if(n.is_negative() || n.is_even() || n.bits() < 5 /* n >= 3*5 */ || e.is_negative() || e.is_even()) {
152 throw Decoding_Error("Invalid RSA public key parameters");
153 }
154 m_public = std::make_shared<RSA_Public_Data>(std::move(n), std::move(e));
155}

References Botan::RSA_PublicKey::m_public.

Referenced by Botan::RSA_PrivateKey::RSA_PrivateKey(), Botan::RSA_PrivateKey::RSA_PrivateKey(), and Botan::RSA_PrivateKey::RSA_PrivateKey().

◆ is_parent()

bool Botan::TPM2::PrivateKey::is_parent ( ) const
inherited

Definition at line 280 of file tpm2_key.cpp.

280 {
281 // Architectural Document, Section 4.54
282 // any object with the decrypt and restricted attributes SET and the sign
283 // attribute CLEAR
284 const auto attrs = m_handle.attributes(m_sessions);
285 return attrs.decrypt && attrs.restricted && !attrs.sign_encrypt;
286}
ObjectAttributes attributes(const SessionBundle &sessions) const
bool decrypt
The private portion of the key might be used for data decryption.
Definition tpm2_object.h:64

References Botan::TPM2::Object::attributes(), and Botan::TPM2::ObjectAttributes::decrypt.

Referenced by Botan::TPM2::EC_PrivateKey::create_unrestricted_transient(), and create_unrestricted_transient().

◆ key_length()

size_t Botan::RSA_PublicKey::key_length ( ) const
overridevirtualinherited

Return an integer value best approximating the length of the primary security parameter. For example for RSA this will be the size of the modulus, for ECDSA the size of the ECC group, and for McEliece the size of the code will be returned.

Implements Botan::Public_Key.

Definition at line 175 of file rsa.cpp.

175 {
176 return m_public->public_modulus_bits();
177}

References Botan::RSA_PublicKey::m_public.

Referenced by Botan::RSA_PublicKey::estimated_strength().

◆ load_persistent()

std::unique_ptr< PrivateKey > Botan::TPM2::PrivateKey::load_persistent ( const std::shared_ptr< Context > & ctx,
TPM2_HANDLE persistent_object_handle,
std::span< const uint8_t > auth_value,
const SessionBundle & sessions )
staticinherited

Load a private key that resides in the TPM's persistent storage.

Parameters
ctxThe TPM context to use
persistent_object_handleThe handle of the persistent object to load
auth_valueThe auth value required to use the key
sessionsThe session bundle to use for the key's operations

Definition at line 177 of file tpm2_key.cpp.

180 {
181 return create(load_persistent_object(ctx, persistent_object_handle, auth_value, sessions),
182 sessions,
183 nullptr /* pull public info from handle */,
184 {} /* persistent keys don't have an encrypted private blob */);
185}

References Botan::TPM2::PrivateKey::create(), and Botan::TPM2::PrivateKey::sessions().

Referenced by Botan::TPM2::Context::storage_root_key().

◆ load_transient()

std::unique_ptr< PrivateKey > Botan::TPM2::PrivateKey::load_transient ( const std::shared_ptr< Context > & ctx,
std::span< const uint8_t > auth_value,
const TPM2::PrivateKey & parent,
std::span< const uint8_t > public_blob,
std::span< const uint8_t > private_blob,
const SessionBundle & sessions )
staticinherited

Load a private key from the public and private blobs obtained by a TPM key creation.

Transient keys don't reside inside the TPM but must be loaded by the application as required. Once this object is destructed, the transient memory on the TPM is cleared.

Parameters
ctxThe TPM context to use
auth_valueThe auth value required to use the key
parentThe parent key the key was originally created under
public_blobThe public blob of the key to load
private_blobThe private blob of the key to load
sessionsThe session bundle to use for loading

Definition at line 187 of file tpm2_key.cpp.

192 {
194 Object handle(ctx);
195
196 const auto public_data = unmarshal_public_blob(public_blob);
197 const auto private_data = copy_into<TPM2B_PRIVATE>(private_blob);
198
199 check_rc("Esys_Load",
200 Esys_Load(*ctx,
201 parent.handles().transient_handle(),
202 sessions[0],
203 sessions[1],
204 sessions[2],
205 &private_data,
206 &public_data,
207 out_transient_handle(handle)));
208
209 if(!auth_value.empty()) {
210 const auto user_auth = copy_into<TPM2B_AUTH>(auth_value);
211 check_rc("Esys_TR_SetAuth", Esys_TR_SetAuth(*ctx, handle.transient_handle(), &user_auth));
212 }
213
214 return create(std::move(handle), sessions, nullptr /* pull public info from handle */, private_blob);
215}

References BOTAN_ASSERT_NONNULL, Botan::TPM2::check_rc(), Botan::TPM2::copy_into(), Botan::TPM2::PrivateKey::create(), Botan::TPM2::PrivateKey::handles(), Botan::TPM2::out_transient_handle(), Botan::TPM2::PrivateKey::sessions(), and Botan::TPM2::Object::transient_handle().

◆ message_part_size()

size_t Botan::Public_Key::message_part_size ( ) const
inlineinherited

Returns how large each of the message parts refered to by message_parts() is

This function is public but applications should have few reasons to ever call this.

Returns
size of the message parts in bits

Definition at line 220 of file pk_keys.h.

220 {
221 return _signature_element_size_for_DER_encoding().value_or(0);
222 }

◆ message_parts()

size_t Botan::Public_Key::message_parts ( ) const
inlineinherited

Returns more than 1 if the output of this algorithm (ciphertext, signature) should be treated as more than one value. This is used for algorithms like DSA and ECDSA, where the (r,s) output pair can be encoded as either a plain binary list or a TLV tagged DER encoding depending on the protocol.

This function is public but applications should have few reasons to ever call this.

Returns
number of message parts

Definition at line 207 of file pk_keys.h.

207 {
209 }

◆ object_identifier()

◆ pkcs8_algorithm_identifier()

virtual AlgorithmIdentifier Botan::Private_Key::pkcs8_algorithm_identifier ( ) const
inlinevirtualinherited
Returns
PKCS #8 AlgorithmIdentifier for this key Might be different from the X.509 identifier, but normally is not

Reimplemented in Botan::GOST_3410_PrivateKey, and Botan::HSS_LMS_PrivateKey.

Definition at line 322 of file pk_keys.h.

322{ return algorithm_identifier(); }
virtual AlgorithmIdentifier algorithm_identifier() const =0

Referenced by Botan::Private_Key::private_key_info().

◆ private_key_bits()

secure_vector< uint8_t > Botan::TPM2::PrivateKey::private_key_bits ( ) const
inlineoverridevirtualinherited
Exceptions
Not_Implementedkeys hosted in a TPM2 cannot be exported

Implements Botan::Private_Key.

Definition at line 205 of file tpm2_key.h.

205 {
206 throw Not_Implemented("cannot export private key bits from a TPM2 key, maybe use raw_private_key_bits()?");
207 }

◆ private_key_info()

secure_vector< uint8_t > Botan::Private_Key::private_key_info ( ) const
inherited
Returns
PKCS #8 private key encoding for this key object

Definition at line 68 of file pk_keys.cpp.

68 {
69 const size_t PKCS8_VERSION = 0;
70
71 return DER_Encoder()
72 .start_sequence()
73 .encode(PKCS8_VERSION)
76 .end_cons()
77 .get_contents();
78}
virtual AlgorithmIdentifier pkcs8_algorithm_identifier() const
Definition pk_keys.h:322

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::get_contents(), Botan::OctetString, Botan::Private_Key::pkcs8_algorithm_identifier(), Botan::Private_Key::private_key_bits(), and Botan::DER_Encoder::start_sequence().

Referenced by Botan::PKCS8::BER_encode(), Botan::PKCS8::BER_encode_encrypted_pbkdf_iter(), Botan::PKCS8::BER_encode_encrypted_pbkdf_msec(), and Botan::PKCS8::PEM_encode().

◆ public_data()

std::shared_ptr< const RSA_Public_Data > Botan::RSA_PublicKey::public_data ( ) const
inherited

Definition at line 124 of file rsa.cpp.

124 {
125 return m_public;
126}

References Botan::RSA_PublicKey::m_public.

◆ public_key()

std::unique_ptr< Public_Key > Botan::TPM2::RSA_PrivateKey::public_key ( ) const
inlineoverridevirtual

Allocate a new object for the public key associated with this private key.

Returns
public key

Implements Botan::Private_Key.

Definition at line 96 of file tpm2_rsa.h.

96 {
97 return std::make_unique<Botan::RSA_PublicKey>(algorithm_identifier(), public_key_bits());
98 }
AlgorithmIdentifier algorithm_identifier() const override
Definition rsa.cpp:183
std::vector< uint8_t > public_key_bits() const override
Definition rsa.cpp:191

◆ public_key_bits()

std::vector< uint8_t > Botan::RSA_PublicKey::public_key_bits ( ) const
overridevirtualinherited
Returns
BER encoded public key bits

Implements Botan::Public_Key.

Definition at line 191 of file rsa.cpp.

191 {
192 std::vector<uint8_t> output;
193 DER_Encoder der(output);
194 der.start_sequence().encode(get_n()).encode(get_e()).end_cons();
195
196 return output;
197}

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::RSA_PublicKey::get_e(), Botan::RSA_PublicKey::get_n(), and Botan::DER_Encoder::start_sequence().

◆ raw_private_key_bits()

secure_vector< uint8_t > Botan::TPM2::PrivateKey::raw_private_key_bits ( ) const
overridevirtualinherited
Returns
the encrypted private key blob, if the key is transient
Exceptions
Invalid_Stateif the key is persistent

Reimplemented from Botan::Private_Key.

Definition at line 270 of file tpm2_key.cpp.

270 {
272 BOTAN_ASSERT_NOMSG(!m_private_blob.empty());
273 return Botan::lock(m_private_blob);
274}
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:41
secure_vector< T > lock(const std::vector< T > &in)
Definition secmem.h:70

References BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, Botan::TPM2::Object::has_persistent_handle(), and Botan::lock().

◆ raw_public_key_bits()

std::vector< uint8_t > Botan::TPM2::RSA_PrivateKey::raw_public_key_bits ( ) const
inlineoverridevirtual
Returns
a TPM2-specific marshalled representation of the public key

Reimplemented from Botan::TPM2::PrivateKey.

Definition at line 100 of file tpm2_rsa.h.

std::vector< uint8_t > raw_public_key_bits() const override
Definition tpm2_key.cpp:276

◆ remaining_operations()

virtual std::optional< uint64_t > Botan::Private_Key::remaining_operations ( ) const
inlinevirtualinherited

Retrieves the number of remaining operations if this is a stateful private key.

Returns
the number of remaining operations or std::nullopt if not applicable.

Reimplemented in Botan::HSS_LMS_PrivateKey, and Botan::XMSS_PrivateKey.

Definition at line 335 of file pk_keys.h.

335{ return std::nullopt; }

◆ sessions()

◆ stateful_operation()

virtual bool Botan::Private_Key::stateful_operation ( ) const
inlinevirtualinherited

Indicates if this key is stateful, ie that performing a private key operation requires updating the key storage.

Reimplemented in Botan::HSS_LMS_PrivateKey, and Botan::XMSS_PrivateKey.

Definition at line 328 of file pk_keys.h.

328{ return false; }

◆ subject_public_key()

std::vector< uint8_t > Botan::Public_Key::subject_public_key ( ) const
inherited
Returns
X.509 subject key encoding for this key object

Definition at line 56 of file pk_keys.cpp.

56 {
57 std::vector<uint8_t> output;
58
59 DER_Encoder(output)
60 .start_sequence()
61 .encode(algorithm_identifier())
63 .end_cons();
64
65 return output;
66}
virtual std::vector< uint8_t > public_key_bits() const =0

References Botan::Public_Key::algorithm_identifier(), Botan::BitString, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::Public_Key::public_key_bits(), and Botan::DER_Encoder::start_sequence().

Referenced by Botan::X509::BER_encode(), Botan::PKCS10_Request::create(), Botan::Public_Key::fingerprint_public(), and Botan::X509::PEM_encode().

◆ supports_operation()

bool Botan::TPM2::RSA_PrivateKey::supports_operation ( PublicKeyOperation op) const
inlineoverridevirtual

Return true if this key could be used for the specified type of operation.

Implements Botan::Asymmetric_Key.

Definition at line 102 of file tpm2_rsa.h.

102 {
103 // TODO: Support RSA-KEM
105 }

Friends And Related Symbol Documentation

◆ TPM2::PrivateKey

friend class TPM2::PrivateKey
friend

Definition at line 116 of file tpm2_rsa.h.

Member Data Documentation

◆ m_public


The documentation for this class was generated from the following files: