Botan 3.9.0
Crypto and TLS for C&
Functions
ffi_tpm2.cpp File Reference
Foreign Function Interface
#include <botan/ffi.h>
#include <botan/internal/ffi_pkey.h>
#include <botan/internal/ffi_rng.h>
#include <botan/internal/ffi_util.h>

Go to the source code of this file.

Functions

int botan_tpm2_crypto_backend_state_destroy (botan_tpm2_crypto_backend_state_t cbs)
int botan_tpm2_ctx_destroy (botan_tpm2_ctx_t ctx)
int botan_tpm2_ctx_enable_crypto_backend (botan_tpm2_ctx_t ctx, botan_rng_t rng)
int botan_tpm2_ctx_from_esys (botan_tpm2_ctx_t *ctx_out, ESYS_CONTEXT *esys_ctx)
int botan_tpm2_ctx_init (botan_tpm2_ctx_t *ctx_out, const char *tcti_nameconf)
int botan_tpm2_ctx_init_ex (botan_tpm2_ctx_t *ctx_out, const char *tcti_name, const char *tcti_conf)
int botan_tpm2_enable_crypto_backend (botan_tpm2_crypto_backend_state_t *cbs_out, ESYS_CONTEXT *esys_ctx, botan_rng_t rng)
int botan_tpm2_rng_init (botan_rng_t *rng_out, botan_tpm2_ctx_t ctx, botan_tpm2_session_t s1, botan_tpm2_session_t s2, botan_tpm2_session_t s3)
int botan_tpm2_session_destroy (botan_tpm2_session_t session)
int botan_tpm2_supports_crypto_backend ()
int botan_tpm2_unauthenticated_session_init (botan_tpm2_session_t *session_out, botan_tpm2_ctx_t ctx)

Function Documentation

◆ botan_tpm2_crypto_backend_state_destroy()

int botan_tpm2_crypto_backend_state_destroy ( botan_tpm2_crypto_backend_state_t cbs)

Frees all resouces of a TPM2 Crypto Callback State Note that this does not attempt to de-register the crypto backend, it just frees the resource pointed to by cbs. Use the ESAPI function Esys_SetCryptoCallbacks(ctx, nullptr) to deregister manually.

Parameters
cbsTPM2 Crypto Callback State
Returns
0 on success

Definition at line 203 of file ffi_tpm2.cpp.

203 {
204#if defined(BOTAN_HAS_TPM2_CRYPTO_BACKEND)
205 return BOTAN_FFI_CHECKED_DELETE(cbs);
206#else
207 BOTAN_UNUSED(cbs);
208 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
209#endif
210}
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144
BOTAN_FFI_ERROR_NOT_IMPLEMENTED
@ BOTAN_FFI_ERROR_NOT_IMPLEMENTED
Definition ffi.h:138
BOTAN_FFI_CHECKED_DELETE
#define BOTAN_FFI_CHECKED_DELETE(o)
Definition ffi_util.h:185

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_tpm2_ctx_destroy()

int botan_tpm2_ctx_destroy ( botan_tpm2_ctx_t ctx)

Frees all resouces of a TPM2 context

Parameters
ctxTPM2 context
Returns
0 on success

Definition at line 172 of file ffi_tpm2.cpp.

172 {
173#if defined(BOTAN_HAS_TPM2)
174 return BOTAN_FFI_CHECKED_DELETE(ctx);
175#else
176 BOTAN_UNUSED(ctx);
177 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
178#endif
179}

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_tpm2_ctx_enable_crypto_backend()

int botan_tpm2_ctx_enable_crypto_backend ( botan_tpm2_ctx_t ctx,
botan_rng_t rng )

Enable Botan's TSS2 crypto backend that replaces the cryptographic functions required for the communication with the TPM with implementations provided by Botan instead of using TSS' defaults OpenSSL or mbedTLS. Note that the provided rng should not be dependent on the TPM and the caller must ensure that it remains usable for the lifetime of the ctx.

Parameters
ctxTPM2 context
rngrandom number generator to be used by the crypto backend

Definition at line 149 of file ffi_tpm2.cpp.

149 {
150#if defined(BOTAN_HAS_TPM2)
151 return BOTAN_FFI_VISIT(ctx, [=](botan_tpm2_ctx_wrapper& ctx_wrapper) -> int {
152 Botan::RandomNumberGenerator& rng_ref = safe_get(rng);
153
154 // The lifetime of the RNG used for the crypto backend should be managed
155 // by the TPM2::Context. Here, we just need to trust the user that they
156 // keep the passed-in RNG instance intact for the lifetime of the context.
157 std::shared_ptr<Botan::RandomNumberGenerator> rng_ptr(&rng_ref, [](auto*) {});
158 ctx_wrapper.ctx->use_botan_crypto_backend(rng_ptr);
159 return BOTAN_FFI_SUCCESS;
160 });
161#else
162 BOTAN_UNUSED(ctx, rng);
163 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
164#endif
165}
BOTAN_FFI_SUCCESS
@ BOTAN_FFI_SUCCESS
Definition ffi.h:115
BOTAN_FFI_VISIT
#define BOTAN_FFI_VISIT(obj, lambda)
Definition ffi_util.h:158
Botan_FFI::safe_get
T & safe_get(botan_struct< T, M > *p)
Definition ffi_util.h:79

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::safe_get().

◆ botan_tpm2_ctx_from_esys()

int botan_tpm2_ctx_from_esys ( botan_tpm2_ctx_t * ctx_out,
struct ESYS_CONTEXT * esys_ctx )

Wrap an existing ESYS_CONTEXT for use in Botan. Note that destroying the created botan_tpm2_ctx_t won't finalize esys_ctx

Parameters
ctx_outoutput TPM2 context
esys_ctxESYS_CONTEXT to wrap
Returns
0 on success

Definition at line 132 of file ffi_tpm2.cpp.

132 {
133#if defined(BOTAN_HAS_TPM2)
134 return ffi_guard_thunk(__func__, [=]() -> int {
135 if(ctx_out == nullptr || esys_ctx == nullptr) {
136 return BOTAN_FFI_ERROR_NULL_POINTER;
137 }
138
139 auto ctx = std::make_unique<botan_tpm2_ctx_wrapper>();
140 ctx->ctx = Botan::TPM2::Context::create(esys_ctx);
141 return ffi_new_object(ctx_out, std::move(ctx));
142 });
143#else
144 BOTAN_UNUSED(ctx_out, esys_ctx);
145 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
146#endif
147}
Botan::TPM2::Context::create
static std::shared_ptr< Context > create(const std::string &tcti_nameconf)
Definition tpm2_context.cpp:55
BOTAN_FFI_ERROR_NULL_POINTER
@ BOTAN_FFI_ERROR_NULL_POINTER
Definition ffi.h:132
Botan_FFI::ffi_new_object
BOTAN_FFI_ERROR ffi_new_object(T *obj, Args &&... args)
Definition ffi_util.h:178
Botan_FFI::ffi_guard_thunk
int ffi_guard_thunk(const char *func_name, T thunk)
Definition ffi_util.h:95

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, Botan::TPM2::Context::create(), Botan_FFI::ffi_guard_thunk(), and Botan_FFI::ffi_new_object().

◆ botan_tpm2_ctx_init()

int botan_tpm2_ctx_init ( botan_tpm2_ctx_t * ctx_out,
const char * tcti_nameconf )

Initialize a TPM2 context

Parameters
ctx_outoutput TPM2 context
tcti_nameconfTCTI config (may be nullptr)
Returns
0 on success

Definition at line 74 of file ffi_tpm2.cpp.

74 {
75#if defined(BOTAN_HAS_TPM2)
76 return ffi_guard_thunk(__func__, [=]() -> int {
77 if(ctx_out == nullptr) {
78 return BOTAN_FFI_ERROR_NULL_POINTER;
79 }
80 auto ctx = std::make_unique<botan_tpm2_ctx_wrapper>();
81
82 auto tcti = [=]() -> std::optional<std::string> {
83 if(tcti_nameconf == nullptr) {
84 return {};
85 } else {
86 return std::string(tcti_nameconf);
87 }
88 }();
89
90 ctx->ctx = Botan::TPM2::Context::create(std::move(tcti));
91 return ffi_new_object(ctx_out, std::move(ctx));
92 });
93#else
94 BOTAN_UNUSED(ctx_out, tcti_nameconf);
95 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
96#endif
97}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, Botan::TPM2::Context::create(), Botan_FFI::ffi_guard_thunk(), and Botan_FFI::ffi_new_object().

◆ botan_tpm2_ctx_init_ex()

int botan_tpm2_ctx_init_ex ( botan_tpm2_ctx_t * ctx_out,
const char * tcti_name,
const char * tcti_conf )

Initialize a TPM2 context

Parameters
ctx_outoutput TPM2 context
tcti_nameTCTI name (may be nullptr)
tcti_confTCTI config (may be nullptr)
Returns
0 on success

Definition at line 99 of file ffi_tpm2.cpp.

99 {
100#if defined(BOTAN_HAS_TPM2)
101 return ffi_guard_thunk(__func__, [=]() -> int {
102 if(ctx_out == nullptr) {
103 return BOTAN_FFI_ERROR_NULL_POINTER;
104 }
105 auto ctx = std::make_unique<botan_tpm2_ctx_wrapper>();
106
107 auto tcti_name_str = [=]() -> std::optional<std::string> {
108 if(tcti_name == nullptr) {
109 return {};
110 } else {
111 return std::string(tcti_name);
112 }
113 }();
114
115 auto tcti_conf_str = [=]() -> std::optional<std::string> {
116 if(tcti_conf == nullptr) {
117 return {};
118 } else {
119 return std::string(tcti_conf);
120 }
121 }();
122
123 ctx->ctx = Botan::TPM2::Context::create(std::move(tcti_name_str), std::move(tcti_conf_str));
124 return ffi_new_object(ctx_out, std::move(ctx));
125 });
126#else
127 BOTAN_UNUSED(ctx_out, tcti_name, tcti_conf);
128 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
129#endif
130}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, Botan::TPM2::Context::create(), Botan_FFI::ffi_guard_thunk(), and Botan_FFI::ffi_new_object().

◆ botan_tpm2_enable_crypto_backend()

int botan_tpm2_enable_crypto_backend ( botan_tpm2_crypto_backend_state_t * cbs_out,
struct ESYS_CONTEXT * esys_ctx,
botan_rng_t rng )

Use this if you just need Botan's crypto backend but do not want to wrap any other ESYS functionality using Botan's TPM2 wrapper. A Crypto Backend State is created that the user needs to keep alive for as long as the crypto backend is used and needs to be destroyed after. Note that the provided rng should not be dependent on the TPM and the caller must ensure that it remains usable for the lifetime of the esys_ctx.

Parameters
cbs_outTo be created Crypto Backend State
esys_ctxTPM2 context
rngrandom number generator to be used by the crypto backend

Definition at line 181 of file ffi_tpm2.cpp.

183 {
184#if defined(BOTAN_HAS_TPM2_CRYPTO_BACKEND)
185 return ffi_guard_thunk(__func__, [=]() -> int {
186 if(cbs_out == nullptr || esys_ctx == nullptr) {
187 return BOTAN_FFI_ERROR_NULL_POINTER;
188 }
189
190 Botan::RandomNumberGenerator& rng_ref = safe_get(rng);
191
192 // Here, we just need to trust the user that they keep the passed-in RNG
193 // instance intact for the lifetime of the context.
194 std::shared_ptr<Botan::RandomNumberGenerator> rng_ptr(&rng_ref, [](auto*) {});
195 return ffi_new_object(cbs_out, Botan::TPM2::use_botan_crypto_backend(esys_ctx, rng_ptr));
196 });
197#else
198 BOTAN_UNUSED(cbs_out, esys_ctx, rng);
199 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
200#endif
201}
Botan::TPM2::use_botan_crypto_backend
std::unique_ptr< CryptoCallbackState > use_botan_crypto_backend(ESYS_CONTEXT *context, const std::shared_ptr< Botan::RandomNumberGenerator > &rng)
Definition tpm2_crypto_backend.cpp:16

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::ffi_new_object(), Botan_FFI::safe_get(), and Botan::TPM2::use_botan_crypto_backend().

◆ botan_tpm2_rng_init()

int botan_tpm2_rng_init ( botan_rng_t * rng_out,
botan_tpm2_ctx_t ctx,
botan_tpm2_session_t s1,
botan_tpm2_session_t s2,
botan_tpm2_session_t s3 )

Initialize a random number generator object via TPM2

Parameters
rng_outrng object to create
ctxTPM2 context
s1the first session to use (optional, may be nullptr)
s2the second session to use (optional, may be nullptr)
s3the third session to use (optional, may be nullptr)

Definition at line 212 of file ffi_tpm2.cpp.

216 {
217#if defined(BOTAN_HAS_TPM2)
218 return BOTAN_FFI_VISIT(ctx, [=](botan_tpm2_ctx_wrapper& ctx_wrapper) -> int {
219 if(rng_out == nullptr) {
220 return BOTAN_FFI_ERROR_NULL_POINTER;
221 }
222
223 return ffi_new_object(
224 rng_out, std::make_unique<Botan::TPM2::RandomNumberGenerator>(ctx_wrapper.ctx, sessions(s1, s2, s3)));
225 });
226#else
227 BOTAN_UNUSED(rng_out, ctx, s1, s2, s3);
228 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
229#endif
230}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::ffi_new_object().

◆ botan_tpm2_session_destroy()

int botan_tpm2_session_destroy ( botan_tpm2_session_t session)

Create an unauthenticated session for use with TPM2

Parameters
sessionthe session object to destroy

Definition at line 249 of file ffi_tpm2.cpp.

249 {
250#if defined(BOTAN_HAS_TPM2)
251 return BOTAN_FFI_CHECKED_DELETE(session);
252#else
253 BOTAN_UNUSED(session);
254 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
255#endif
256}

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_tpm2_supports_crypto_backend()

int botan_tpm2_supports_crypto_backend ( void )

Checks if Botan's TSS2 crypto backend can be used in this build

Returns
1 if the crypto backend can be enabled

Definition at line 66 of file ffi_tpm2.cpp.

66 {
67#if defined(BOTAN_HAS_TPM2)
68 return Botan::TPM2::Context::supports_botan_crypto_backend() ? 1 : 0;
69#else
70 return 0;
71#endif
72}
Botan::TPM2::Context::supports_botan_crypto_backend
static bool supports_botan_crypto_backend() noexcept
Definition tpm2_context.cpp:47

References Botan::TPM2::Context::supports_botan_crypto_backend().

◆ botan_tpm2_unauthenticated_session_init()

int botan_tpm2_unauthenticated_session_init ( botan_tpm2_session_t * session_out,
botan_tpm2_ctx_t ctx )

Create an unauthenticated session for use with TPM2

Parameters
session_outthe session object to create
ctxTPM2 context

Definition at line 232 of file ffi_tpm2.cpp.

232 {
233#if defined(BOTAN_HAS_TPM2)
234 return BOTAN_FFI_VISIT(ctx, [=](botan_tpm2_ctx_wrapper& ctx_wrapper) -> int {
235 if(session_out == nullptr) {
236 return BOTAN_FFI_ERROR_NULL_POINTER;
237 }
238
239 auto session = std::make_unique<botan_tpm2_session_wrapper>();
240 session->session = Botan::TPM2::Session::unauthenticated_session(ctx_wrapper.ctx);
241 return ffi_new_object(session_out, std::move(session));
242 });
243#else
244 BOTAN_UNUSED(session_out, ctx);
245 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
246#endif
247}
Botan::TPM2::Session::unauthenticated_session
static std::shared_ptr< Session > unauthenticated_session(const std::shared_ptr< Context > &ctx, std::string_view sym_algo="CFB(AES-256)", std::string_view hash_algo="SHA-256")
Definition tpm2_session.cpp:42

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, BOTAN_UNUSED, Botan_FFI::ffi_new_object(), and Botan::TPM2::Session::unauthenticated_session().

Generated by doxygen 1.14.0