Botan 3.6.1
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | Friends | List of all members
Botan::TPM2::Session Class Reference

#include <tpm2_session.h>

Public Member Functions

SessionAttributes attributes () const
 
detail::SessionHandle handle ()
 
 Session (std::shared_ptr< Context > ctx, ESYS_TR session_handle)
 
void set_attributes (SessionAttributes attributes)
 
secure_vector< uint8_t > tpm_nonce () const
 

Static Public Member Functions

static std::shared_ptr< Sessionauthenticated_session (const std::shared_ptr< Context > &ctx, const TPM2::PrivateKey &tpm_key, std::string_view sym_algo="CFB(AES-256)", std::string_view hash_algo="SHA-256")
 
static std::shared_ptr< Sessionunauthenticated_session (const std::shared_ptr< Context > &ctx, std::string_view sym_algo="CFB(AES-256)", std::string_view hash_algo="SHA-256")
 

Friends

class detail::SessionHandle
 

Detailed Description

Definition at line 86 of file tpm2_session.h.

Constructor & Destructor Documentation

◆ Session()

Botan::TPM2::Session::Session ( std::shared_ptr< Context > ctx,
ESYS_TR session_handle )
inline

Create a session object from a user-provided transient handle.

Use this to wrap an externally created session handle into a Botan::TPM2::Session instance to use it with the Botan::TPM2 library.

Note that this will take ownership of the ESYS_TR handle and will release it when the object is destroyed.

Parameters
ctxthe TPM context to use
session_handlethe transient handle to wrap

Definition at line 139 of file tpm2_session.h.

139: m_session(std::move(ctx), session_handle) {}

Referenced by authenticated_session(), and unauthenticated_session().

Member Function Documentation

◆ attributes()

SessionAttributes Botan::TPM2::Session::attributes ( ) const

Definition at line 107 of file tpm2_session.cpp.

107 {
108 TPMA_SESSION attrs;
109 check_rc("Esys_TRSess_GetAttributes",
110 Esys_TRSess_GetAttributes(*m_session.context(), m_session.transient_handle(), &attrs));
111 return SessionAttributes::read(attrs);
112}
Botan::TPM2::Object::context
const std::shared_ptr< Context > & context() const
Definition tpm2_object.h:110
Botan::TPM2::Object::transient_handle
ESYS_TR transient_handle() const noexcept
Definition tpm2_object.cpp:125
Botan::TPM2::check_rc
constexpr void check_rc(std::string_view location, TSS2_RC rc)
Definition tpm2_util.h:54
Botan::TPM2::TPMA_SESSION
uint8_t TPMA_SESSION
Definition tpm2_session.h:20
Botan::TPM2::SessionAttributes::read
static SessionAttributes read(TPMA_SESSION attributes)
Definition tpm2_session.cpp:33

References Botan::TPM2::check_rc(), Botan::TPM2::Object::context(), Botan::TPM2::SessionAttributes::read(), and Botan::TPM2::Object::transient_handle().

Referenced by set_attributes().

◆ authenticated_session()

std::shared_ptr< Session > Botan::TPM2::Session::authenticated_session ( const std::shared_ptr< Context > & ctx,
const TPM2::PrivateKey & tpm_key,
std::string_view sym_algo = "CFB(AES-256)",
std::string_view hash_algo = "SHA-256" )
static

Instantiate a session based on a salt encrypted for tpm_key. This allows for the encryption of sensitive parameters passed to and from the TPM. The application's random salt is generated automatically (via the software RNG in the TSS2's crypto backend).

Such a session is protected against man-in-the-middle attacks with access to the data channel between the application and the TPM, under the assumption that the tpm_key is not compromised.

Parameters
ctxthe TPM context
tpm_keythe key to use for session establishment
sym_algothe symmetric algorithm used for parameter encryption
hash_algothe hash algorithm in the HMAC used for authentication

Definition at line 72 of file tpm2_session.cpp.

75 {
76 Object session(ctx);
77 const auto auth_sym = get_tpm2_sym_cipher_spec(sym_algo);
78 const auto auth_hash_algo = get_tpm2_hash_type(hash_algo);
79
80 BOTAN_ASSERT_NONNULL(ctx);
81
82 check_rc("Esys_StartSession",
83 Esys_StartAuthSession(*ctx,
84 tpm_key.handles().transient_handle(),
85 tpm_key.handles().transient_handle(),
86 ESYS_TR_NONE,
87 ESYS_TR_NONE,
88 ESYS_TR_NONE,
89 nullptr /*NonceCaller generated automatically*/,
90 TPM2_SE_HMAC,
91 &auth_sym,
92 auth_hash_algo,
93 out_transient_handle(session)));
94
95 return std::shared_ptr<Session>(new Session(std::move(session),
96 {
97 .continue_session = true,
98 .decrypt = true,
99 .encrypt = true,
100 }));
101}
BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:86
Botan::TPM2::Session::Session
Session(std::shared_ptr< Context > ctx, ESYS_TR session_handle)
Definition tpm2_session.h:139
Botan::TPM2::get_tpm2_hash_type
TPMI_ALG_HASH get_tpm2_hash_type(std::string_view hash_name)
Definition tpm2_algo_mappings.h:73
Botan::TPM2::out_transient_handle
constexpr auto out_transient_handle(Object &object)
Definition tpm2_util.h:209
Botan::TPM2::get_tpm2_sym_cipher_spec
TPMT_SYM_DEF get_tpm2_sym_cipher_spec(std::string_view algo_name)
Definition tpm2_algo_mappings.h:316

References BOTAN_ASSERT_NONNULL, Botan::TPM2::check_rc(), Botan::TPM2::get_tpm2_hash_type(), Botan::TPM2::get_tpm2_sym_cipher_spec(), Botan::TPM2::PrivateKey::handles(), Botan::TPM2::out_transient_handle(), Session(), and Botan::TPM2::Object::transient_handle().

◆ handle()

detail::SessionHandle Botan::TPM2::Session::handle ( )
inlinenodiscard

Definition at line 141 of file tpm2_session.h.

141{ return *this; }

◆ set_attributes()

void Botan::TPM2::Session::set_attributes ( SessionAttributes attributes)

Definition at line 114 of file tpm2_session.cpp.

114 {
115 check_rc("Esys_TRSess_SetAttributes",
116 Esys_TRSess_SetAttributes(
117 *m_session.context(), m_session.transient_handle(), SessionAttributes::render(attributes), 0xFF));
118}
Botan::TPM2::Session::attributes
SessionAttributes attributes() const
Definition tpm2_session.cpp:107
Botan::TPM2::SessionAttributes::render
static TPMA_SESSION render(SessionAttributes attributes)
Definition tpm2_session.cpp:37

References attributes(), Botan::TPM2::check_rc(), Botan::TPM2::Object::context(), Botan::TPM2::SessionAttributes::render(), and Botan::TPM2::Object::transient_handle().

◆ tpm_nonce()

secure_vector< uint8_t > Botan::TPM2::Session::tpm_nonce ( ) const

Definition at line 120 of file tpm2_session.cpp.

120 {
121 unique_esys_ptr<TPM2B_NONCE> nonce;
122 check_rc("Esys_TRSess_GetNonceTPM",
123 Esys_TRSess_GetNonceTPM(*m_session.context(), m_session.transient_handle(), out_ptr(nonce)));
124 return copy_into<secure_vector<uint8_t>>(*nonce);
125}
Botan::TPM2::unique_esys_ptr
std::unique_ptr< T, esys_liberator > unique_esys_ptr
A unique pointer type for ESYS handles that automatically frees the handle.
Definition tpm2_util.h:154
Botan::TPM2::copy_into
constexpr void copy_into(T &dest, std::span< const uint8_t > data)
Definition tpm2_util.h:117
Botan::out_ptr
constexpr auto out_ptr(T &outptr) noexcept
Definition stl_util.h:420

References Botan::TPM2::check_rc(), Botan::TPM2::Object::context(), Botan::TPM2::copy_into(), Botan::out_ptr(), and Botan::TPM2::Object::transient_handle().

◆ unauthenticated_session()

std::shared_ptr< Session > Botan::TPM2::Session::unauthenticated_session ( const std::shared_ptr< Context > & ctx,
std::string_view sym_algo = "CFB(AES-256)",
std::string_view hash_algo = "SHA-256" )
static

Instantiate an unauthenticated session that allows for the encryption of sensitive parameters passed to and from the TPM. The application's random salt is generated automatically (via the software RNG in the TSS2's crypto backend).

Note that such a session is not protected against man-in-the-middle attacks with access to the data channel between the application and the TPM.

Parameters
ctxthe TPM context
sym_algothe symmetric algorithm used for parameter encryption
hash_algothe hash algorithm in the HMAC used for authentication

Definition at line 42 of file tpm2_session.cpp.

44 {
45 Object session(ctx);
46 const auto auth_sym = get_tpm2_sym_cipher_spec(sym_algo);
47 const auto auth_hash_algo = get_tpm2_hash_type(hash_algo);
48
49 BOTAN_ASSERT_NONNULL(ctx);
50
51 check_rc("Esys_StartSession",
52 Esys_StartAuthSession(*ctx,
53 ESYS_TR_NONE,
54 ESYS_TR_NONE,
55 ESYS_TR_NONE,
56 ESYS_TR_NONE,
57 ESYS_TR_NONE,
58 nullptr /*NonceCaller generated automatically*/,
59 TPM2_SE_HMAC,
60 &auth_sym,
61 auth_hash_algo,
62 out_transient_handle(session)));
63
64 return std::shared_ptr<Session>(new Session(std::move(session),
65 {
66 .continue_session = true,
67 .decrypt = true,
68 .encrypt = true,
69 }));
70}

References BOTAN_ASSERT_NONNULL, Botan::TPM2::check_rc(), Botan::TPM2::get_tpm2_hash_type(), Botan::TPM2::get_tpm2_sym_cipher_spec(), Botan::TPM2::out_transient_handle(), and Session().

Referenced by botan_tpm2_unauthenticated_session_init().

Friends And Related Symbol Documentation

◆ detail::SessionHandle

friend class detail::SessionHandle
friend

Definition at line 149 of file tpm2_session.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0