Botan 3.7.1
Crypto and TLS for C&
ffi_tpm2.cpp File Reference
#include <botan/ffi.h>
#include <botan/internal/ffi_pkey.h>
#include <botan/internal/ffi_rng.h>
#include <botan/internal/ffi_util.h>

Go to the source code of this file.

Functions

int botan_tpm2_crypto_backend_state_destroy (botan_tpm2_crypto_backend_state_t cbs)
 
int botan_tpm2_ctx_destroy (botan_tpm2_ctx_t ctx)
 
int botan_tpm2_ctx_enable_crypto_backend (botan_tpm2_ctx_t ctx, botan_rng_t rng)
 
int botan_tpm2_ctx_from_esys (botan_tpm2_ctx_t *ctx_out, ESYS_CONTEXT *esys_ctx)
 
int botan_tpm2_ctx_init (botan_tpm2_ctx_t *ctx_out, const char *tcti_nameconf)
 
int botan_tpm2_ctx_init_ex (botan_tpm2_ctx_t *ctx_out, const char *tcti_name, const char *tcti_conf)
 
int botan_tpm2_enable_crypto_backend (botan_tpm2_crypto_backend_state_t *cbs_out, ESYS_CONTEXT *esys_ctx, botan_rng_t rng)
 
int botan_tpm2_rng_init (botan_rng_t *rng_out, botan_tpm2_ctx_t ctx, botan_tpm2_session_t s1, botan_tpm2_session_t s2, botan_tpm2_session_t s3)
 
int botan_tpm2_session_destroy (botan_tpm2_session_t session)
 
int botan_tpm2_supports_crypto_backend ()
 
int botan_tpm2_unauthenticated_session_init (botan_tpm2_session_t *session_out, botan_tpm2_ctx_t ctx)
 

Function Documentation

◆ botan_tpm2_crypto_backend_state_destroy()

int botan_tpm2_crypto_backend_state_destroy ( botan_tpm2_crypto_backend_state_t cbs)

Frees all resouces of a TPM2 Crypto Callback State Note that this does not attempt to de-register the crypto backend, it just frees the resource pointed to by cbs. Use the ESAPI function Esys_SetCryptoCallbacks(ctx, nullptr) to deregister manually.

Parameters
cbsTPM2 Crypto Callback State
Returns
0 on success

Definition at line 207 of file ffi_tpm2.cpp.

207 {
208#if defined(BOTAN_HAS_TPM2_CRYPTO_BACKEND)
209 return BOTAN_FFI_CHECKED_DELETE(cbs);
210#else
211 BOTAN_UNUSED(cbs);
213#endif
214}
#define BOTAN_UNUSED
Definition assert.h:118
@ BOTAN_FFI_ERROR_NOT_IMPLEMENTED
Definition ffi.h:135
#define BOTAN_FFI_CHECKED_DELETE(o)
Definition ffi_util.h:143

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_tpm2_ctx_destroy()

int botan_tpm2_ctx_destroy ( botan_tpm2_ctx_t ctx)

Frees all resouces of a TPM2 context

Parameters
ctxTPM2 context
Returns
0 on success

Definition at line 175 of file ffi_tpm2.cpp.

175 {
176#if defined(BOTAN_HAS_TPM2)
177 return BOTAN_FFI_CHECKED_DELETE(ctx);
178#else
179 BOTAN_UNUSED(ctx);
181#endif
182}

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_tpm2_ctx_enable_crypto_backend()

int botan_tpm2_ctx_enable_crypto_backend ( botan_tpm2_ctx_t ctx,
botan_rng_t rng )

Enable Botan's TSS2 crypto backend that replaces the cryptographic functions required for the communication with the TPM with implementations provided by Botan instead of using TSS' defaults OpenSSL or mbedTLS. Note that the provided rng should not be dependent on the TPM and the caller must ensure that it remains usable for the lifetime of the ctx.

Parameters
ctxTPM2 context
rngrandom number generator to be used by the crypto backend

Definition at line 152 of file ffi_tpm2.cpp.

152 {
153#if defined(BOTAN_HAS_TPM2)
154 return BOTAN_FFI_VISIT(ctx, [=](botan_tpm2_ctx_wrapper& ctx_wrapper) -> int {
156
157 // The lifetime of the RNG used for the crypto backend should be managed
158 // by the TPM2::Context. Here, we just need to trust the user that they
159 // keep the passed-in RNG instance intact for the lifetime of the context.
160 std::shared_ptr<Botan::RandomNumberGenerator> rng_ptr(&rng_ref, [](auto*) {});
161 ctx_wrapper.ctx->use_botan_crypto_backend(rng_ptr);
162 return BOTAN_FFI_SUCCESS;
163 });
164#else
165 BOTAN_UNUSED(ctx, rng);
167#endif
168}
@ BOTAN_FFI_SUCCESS
Definition ffi.h:114
#define BOTAN_FFI_VISIT(obj, lambda)
Definition ffi_util.h:124
T & safe_get(botan_struct< T, M > *p)
Definition ffi_util.h:63

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::safe_get().

◆ botan_tpm2_ctx_from_esys()

int botan_tpm2_ctx_from_esys ( botan_tpm2_ctx_t * ctx_out,
struct ESYS_CONTEXT * esys_ctx )

Wrap an existing ESYS_CONTEXT for use in Botan. Note that destroying the created botan_tpm2_ctx_t won't finalize esys_ctx

Parameters
ctx_outoutput TPM2 context
esys_ctxESYS_CONTEXT to wrap
Returns
0 on success

Definition at line 134 of file ffi_tpm2.cpp.

134 {
135#if defined(BOTAN_HAS_TPM2)
136 return ffi_guard_thunk(__func__, [=]() -> int {
137 if(ctx_out == nullptr || esys_ctx == nullptr) {
139 }
140
141 auto ctx = std::make_unique<botan_tpm2_ctx_wrapper>();
142 ctx->ctx = Botan::TPM2::Context::create(esys_ctx);
143 *ctx_out = new botan_tpm2_ctx_struct(std::move(ctx));
144 return BOTAN_FFI_SUCCESS;
145 });
146#else
147 BOTAN_UNUSED(ctx_out, esys_ctx);
149#endif
150}
static std::shared_ptr< Context > create(const std::string &tcti_nameconf)
@ BOTAN_FFI_ERROR_NULL_POINTER
Definition ffi.h:129
int ffi_guard_thunk(const char *func_name, const std::function< int()> &thunk)
Definition ffi.cpp:128

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, Botan::TPM2::Context::create(), and Botan_FFI::ffi_guard_thunk().

◆ botan_tpm2_ctx_init()

int botan_tpm2_ctx_init ( botan_tpm2_ctx_t * ctx_out,
const char * tcti_nameconf )

Initialize a TPM2 context

Parameters
ctx_outoutput TPM2 context
tcti_nameconfTCTI config (may be nullptr)
Returns
0 on success

Definition at line 74 of file ffi_tpm2.cpp.

74 {
75#if defined(BOTAN_HAS_TPM2)
76 return ffi_guard_thunk(__func__, [=]() -> int {
77 if(ctx_out == nullptr) {
79 }
80 auto ctx = std::make_unique<botan_tpm2_ctx_wrapper>();
81
82 auto tcti = [=]() -> std::optional<std::string> {
83 if(tcti_nameconf == nullptr) {
84 return {};
85 } else {
86 return std::string(tcti_nameconf);
87 }
88 }();
89
90 ctx->ctx = Botan::TPM2::Context::create(std::move(tcti));
91 *ctx_out = new botan_tpm2_ctx_struct(std::move(ctx));
92 return BOTAN_FFI_SUCCESS;
93 });
94#else
95 BOTAN_UNUSED(ctx_out, tcti_nameconf);
97#endif
98}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, Botan::TPM2::Context::create(), and Botan_FFI::ffi_guard_thunk().

◆ botan_tpm2_ctx_init_ex()

int botan_tpm2_ctx_init_ex ( botan_tpm2_ctx_t * ctx_out,
const char * tcti_name,
const char * tcti_conf )

Initialize a TPM2 context

Parameters
ctx_outoutput TPM2 context
tcti_nameTCTI name (may be nullptr)
tcti_confTCTI config (may be nullptr)
Returns
0 on success

Definition at line 100 of file ffi_tpm2.cpp.

100 {
101#if defined(BOTAN_HAS_TPM2)
102 return ffi_guard_thunk(__func__, [=]() -> int {
103 if(ctx_out == nullptr) {
105 }
106 auto ctx = std::make_unique<botan_tpm2_ctx_wrapper>();
107
108 auto tcti_name_str = [=]() -> std::optional<std::string> {
109 if(tcti_name == nullptr) {
110 return {};
111 } else {
112 return std::string(tcti_name);
113 }
114 }();
115
116 auto tcti_conf_str = [=]() -> std::optional<std::string> {
117 if(tcti_conf == nullptr) {
118 return {};
119 } else {
120 return std::string(tcti_conf);
121 }
122 }();
123
124 ctx->ctx = Botan::TPM2::Context::create(std::move(tcti_name_str), std::move(tcti_conf_str));
125 *ctx_out = new botan_tpm2_ctx_struct(std::move(ctx));
126 return BOTAN_FFI_SUCCESS;
127 });
128#else
129 BOTAN_UNUSED(ctx_out, tcti_name, tcti_conf);
131#endif
132}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, Botan::TPM2::Context::create(), and Botan_FFI::ffi_guard_thunk().

◆ botan_tpm2_enable_crypto_backend()

int botan_tpm2_enable_crypto_backend ( botan_tpm2_crypto_backend_state_t * cbs_out,
struct ESYS_CONTEXT * esys_ctx,
botan_rng_t rng )

Use this if you just need Botan's crypto backend but do not want to wrap any other ESYS functionality using Botan's TPM2 wrapper. A Crypto Backend State is created that the user needs to keep alive for as long as the crypto backend is used and needs to be destroyed after. Note that the provided rng should not be dependent on the TPM and the caller must ensure that it remains usable for the lifetime of the esys_ctx.

Parameters
cbs_outTo be created Crypto Backend State
esys_ctxTPM2 context
rngrandom number generator to be used by the crypto backend

Definition at line 184 of file ffi_tpm2.cpp.

186 {
187#if defined(BOTAN_HAS_TPM2_CRYPTO_BACKEND)
188 return ffi_guard_thunk(__func__, [=]() -> int {
189 if(cbs_out == nullptr || esys_ctx == nullptr) {
191 }
192
194
195 // Here, we just need to trust the user that they keep the passed-in RNG
196 // instance intact for the lifetime of the context.
197 std::shared_ptr<Botan::RandomNumberGenerator> rng_ptr(&rng_ref, [](auto*) {});
198 *cbs_out = new botan_tpm2_crypto_backend_state_struct(Botan::TPM2::use_botan_crypto_backend(esys_ctx, rng_ptr));
199 return BOTAN_FFI_SUCCESS;
200 });
201#else
202 BOTAN_UNUSED(cbs_out, esys_ctx, rng);
204#endif
205}
std::unique_ptr< CryptoCallbackState > use_botan_crypto_backend(ESYS_CONTEXT *context, const std::shared_ptr< Botan::RandomNumberGenerator > &rng)

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::safe_get(), and Botan::TPM2::use_botan_crypto_backend().

◆ botan_tpm2_rng_init()

int botan_tpm2_rng_init ( botan_rng_t * rng_out,
botan_tpm2_ctx_t ctx,
botan_tpm2_session_t s1,
botan_tpm2_session_t s2,
botan_tpm2_session_t s3 )

Initialize a random number generator object via TPM2

Parameters
rng_outrng object to create
ctxTPM2 context
s1the first session to use (optional, may be nullptr)
s2the second session to use (optional, may be nullptr)
s3the third session to use (optional, may be nullptr)

Definition at line 216 of file ffi_tpm2.cpp.

220 {
221#if defined(BOTAN_HAS_TPM2)
222 return BOTAN_FFI_VISIT(ctx, [=](botan_tpm2_ctx_wrapper& ctx_wrapper) -> int {
223 if(rng_out == nullptr) {
225 }
226
227 *rng_out = new botan_rng_struct(
228 std::make_unique<Botan::TPM2::RandomNumberGenerator>(ctx_wrapper.ctx, sessions(s1, s2, s3)));
229 return BOTAN_FFI_SUCCESS;
230 });
231#else
232 BOTAN_UNUSED(rng_out, ctx, s1, s2, s3);
234#endif
235}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_tpm2_session_destroy()

int botan_tpm2_session_destroy ( botan_tpm2_session_t session)

Create an unauthenticated session for use with TPM2

Parameters
sessionthe session object to destroy

Definition at line 255 of file ffi_tpm2.cpp.

255 {
256#if defined(BOTAN_HAS_TPM2)
257 return BOTAN_FFI_CHECKED_DELETE(session);
258#else
259 BOTAN_UNUSED(session);
261#endif
262}

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_tpm2_supports_crypto_backend()

int botan_tpm2_supports_crypto_backend ( )

Checks if Botan's TSS2 crypto backend can be used in this build

Returns
1 if the crypto backend can be enabled

Definition at line 66 of file ffi_tpm2.cpp.

66 {
67#if defined(BOTAN_HAS_TPM2)
69#else
70 return 0;
71#endif
72}
static bool supports_botan_crypto_backend() noexcept

References Botan::TPM2::Context::supports_botan_crypto_backend().

◆ botan_tpm2_unauthenticated_session_init()

int botan_tpm2_unauthenticated_session_init ( botan_tpm2_session_t * session_out,
botan_tpm2_ctx_t ctx )

Create an unauthenticated session for use with TPM2

Parameters
session_outthe session object to create
ctxTPM2 context

Definition at line 237 of file ffi_tpm2.cpp.

237 {
238#if defined(BOTAN_HAS_TPM2)
239 return BOTAN_FFI_VISIT(ctx, [=](botan_tpm2_ctx_wrapper& ctx_wrapper) -> int {
240 if(session_out == nullptr) {
242 }
243
244 auto session = std::make_unique<botan_tpm2_session_wrapper>();
245 session->session = Botan::TPM2::Session::unauthenticated_session(ctx_wrapper.ctx);
246 *session_out = new botan_tpm2_session_struct(std::move(session));
247 return BOTAN_FFI_SUCCESS;
248 });
249#else
250 BOTAN_UNUSED(session_out, ctx);
252#endif
253}
static std::shared_ptr< Session > unauthenticated_session(const std::shared_ptr< Context > &ctx, std::string_view sym_algo="CFB(AES-256)", std::string_view hash_algo="SHA-256")

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan::TPM2::Session::unauthenticated_session().