#include <botan/ffi.h>
#include <botan/internal/ffi_pkey.h>
#include <botan/internal/ffi_rng.h>
#include <botan/internal/ffi_util.h>

Functions
int	botan_tpm2_ctx_destroy (botan_tpm2_ctx_t ctx)

int	botan_tpm2_ctx_enable_crypto_backend (botan_tpm2_ctx_t ctx, botan_rng_t rng)

int	botan_tpm2_ctx_init (botan_tpm2_ctx_t ctx_out, const char tcti_nameconf)

int	botan_tpm2_ctx_init_ex (botan_tpm2_ctx_t ctx_out, const char tcti_name, const char *tcti_conf)

int	botan_tpm2_rng_init (botan_rng_t *rng_out, botan_tpm2_ctx_t ctx, botan_tpm2_session_t s1, botan_tpm2_session_t s2, botan_tpm2_session_t s3)

int	botan_tpm2_session_destroy (botan_tpm2_session_t session)

int	botan_tpm2_supports_crypto_backend ()

int	botan_tpm2_unauthenticated_session_init (botan_tpm2_session_t *session_out, botan_tpm2_ctx_t ctx)

Function Documentation

◆ botan_tpm2_ctx_destroy()

int botan_tpm2_ctx_destroy ( botan_tpm2_ctx_t ctx )

Frees all resouces of a TPM2 context

Parameters

ctx	TPM2 context

Returns: 0 on success

Definition at line 149 of file ffi_tpm2.cpp.

                                                 {
#if defined(BOTAN_HAS_TPM2)
   return BOTAN_FFI_CHECKED_DELETE(ctx);
#else
   BOTAN_UNUSED(ctx);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_tpm2_ctx_enable_crypto_backend()

int botan_tpm2_ctx_enable_crypto_backend	(	botan_tpm2_ctx_t	ctx,
		botan_rng_t	rng )

Enable Botan's TSS2 crypto backend that replaces the cryptographic functions required for the communication with the TPM with implementations provided by Botan instead of using TSS' defaults OpenSSL or mbedTLS. Note that the provided rng should not be dependent on the TPM and the caller must ensure that it remains usable for the lifetime of the ctx.

Parameters

ctx	TPM2 context
rng	random number generator to be used by the crypto backend

Definition at line 126 of file ffi_tpm2.cpp.

                                                                                {
#if defined(BOTAN_HAS_TPM2)
   return BOTAN_FFI_VISIT(ctx, [=](botan_tpm2_ctx_wrapper& ctx_wrapper) -> int {
      Botan::RandomNumberGenerator& rng_ref = safe_get(rng);
 
      // The lifetime of the RNG used for the crypto backend should be managed
      // by the TPM2::Context. Here, we just need to trust the user that they
      // keep the passed-in RNG instance intact for the lifetime of the context.
      std::shared_ptr<Botan::RandomNumberGenerator> rng_ptr(&rng_ref, [](auto*) {});
      ctx_wrapper.ctx->use_botan_crypto_backend(rng_ptr);
      return BOTAN_FFI_SUCCESS;
   });
#else
   BOTAN_UNUSED(ctx, rng);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::safe_get().

◆ botan_tpm2_ctx_init()

int botan_tpm2_ctx_init	(	botan_tpm2_ctx_t *	ctx_out,
		const char *	tcti_nameconf )

Initialize a TPM2 context

Parameters

ctx_out	output TPM2 context
tcti_nameconf	TCTI config (may be nullptr)

Returns: 0 on success

Definition at line 66 of file ffi_tpm2.cpp.

                                                                              {
#if defined(BOTAN_HAS_TPM2)
   return ffi_guard_thunk(__func__, [=]() -> int {
      if(ctx_out == nullptr) {
         return BOTAN_FFI_ERROR_NULL_POINTER;
      }
      auto ctx = std::make_unique<botan_tpm2_ctx_wrapper>();
 
      auto tcti = [=]() -> std::optional<std::string> {
         if(tcti_nameconf == nullptr) {
            return {};
         } else {
            return std::string(tcti_nameconf);
         }
      }();
 
      ctx->ctx = Botan::TPM2::Context::create(std::move(tcti));
      *ctx_out = new botan_tpm2_ctx_struct(std::move(ctx));
      return BOTAN_FFI_SUCCESS;
   });
#else
   BOTAN_UNUSED(ctx_out, tcti_nameconf);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, Botan::TPM2::Context::create(), and Botan_FFI::ffi_guard_thunk().

◆ botan_tpm2_ctx_init_ex()

int botan_tpm2_ctx_init_ex	(	botan_tpm2_ctx_t *	ctx_out,
		const char *	tcti_name,
		const char *	tcti_conf )

Initialize a TPM2 context

Parameters

ctx_out	output TPM2 context
tcti_name	TCTI name (may be nullptr)
tcti_conf	TCTI config (may be nullptr)

Returns: 0 on success

Definition at line 92 of file ffi_tpm2.cpp.

                                                                                                    {
#if defined(BOTAN_HAS_TPM2)
   return ffi_guard_thunk(__func__, [=]() -> int {
      if(ctx_out == nullptr) {
         return BOTAN_FFI_ERROR_NULL_POINTER;
      }
      auto ctx = std::make_unique<botan_tpm2_ctx_wrapper>();
 
      auto tcti_name_str = [=]() -> std::optional<std::string> {
         if(tcti_name == nullptr) {
            return {};
         } else {
            return std::string(tcti_name);
         }
      }();
 
      auto tcti_conf_str = [=]() -> std::optional<std::string> {
         if(tcti_conf == nullptr) {
            return {};
         } else {
            return std::string(tcti_conf);
         }
      }();
 
      ctx->ctx = Botan::TPM2::Context::create(std::move(tcti_name_str), std::move(tcti_conf_str));
      *ctx_out = new botan_tpm2_ctx_struct(std::move(ctx));
      return BOTAN_FFI_SUCCESS;
   });
#else
   BOTAN_UNUSED(ctx_out, tcti_name, tcti_conf);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_UNUSED, Botan::TPM2::Context::create(), and Botan_FFI::ffi_guard_thunk().

◆ botan_tpm2_rng_init()

int botan_tpm2_rng_init	(	botan_rng_t *	rng_out,
		botan_tpm2_ctx_t	ctx,
		botan_tpm2_session_t	s1,
		botan_tpm2_session_t	s2,
		botan_tpm2_session_t	s3 )

Initialize a random number generator object via TPM2

Parameters

rng_out	rng object to create
ctx	TPM2 context
s1	the first session to use (optional, may be nullptr)
s2	the second session to use (optional, may be nullptr)
s3	the third session to use (optional, may be nullptr)

Definition at line 158 of file ffi_tpm2.cpp.

                                                 {
#if defined(BOTAN_HAS_TPM2)
   return BOTAN_FFI_VISIT(ctx, [=](botan_tpm2_ctx_wrapper& ctx_wrapper) -> int {
      if(rng_out == nullptr) {
         return BOTAN_FFI_ERROR_NULL_POINTER;
      }
 
      *rng_out = new botan_rng_struct(
         std::make_unique<Botan::TPM2::RandomNumberGenerator>(ctx_wrapper.ctx, sessions(s1, s2, s3)));
      return BOTAN_FFI_SUCCESS;
   });
#else
   BOTAN_UNUSED(rng_out, ctx, s1, s2, s3);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, and BOTAN_UNUSED.

◆ botan_tpm2_session_destroy()

int botan_tpm2_session_destroy ( botan_tpm2_session_t session )

Create an unauthenticated session for use with TPM2

Parameters

session the session object to destroy

Definition at line 197 of file ffi_tpm2.cpp.

                                                             {
#if defined(BOTAN_HAS_TPM2)
   return BOTAN_FFI_CHECKED_DELETE(session);
#else
   BOTAN_UNUSED(session);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_tpm2_supports_crypto_backend()

int botan_tpm2_supports_crypto_backend ( )

Checks if Botan's TSS2 crypto backend can be used in this build

Returns: 1 if the crypto backend can be enabled

Definition at line 58 of file ffi_tpm2.cpp.

                                         {
#if defined(BOTAN_HAS_TPM2)
   return Botan::TPM2::Context::supports_botan_crypto_backend() ? 1 : 0;
#else
   return 0;
#endif
}

References Botan::TPM2::Context::supports_botan_crypto_backend().

◆ botan_tpm2_unauthenticated_session_init()

int botan_tpm2_unauthenticated_session_init	(	botan_tpm2_session_t *	session_out,
		botan_tpm2_ctx_t	ctx )

Create an unauthenticated session for use with TPM2

Parameters

session_out	the session object to create
ctx	TPM2 context

Definition at line 179 of file ffi_tpm2.cpp.

                                                                                                     {
#if defined(BOTAN_HAS_TPM2)
   return BOTAN_FFI_VISIT(ctx, [=](botan_tpm2_ctx_wrapper& ctx_wrapper) -> int {
      if(session_out == nullptr) {
         return BOTAN_FFI_ERROR_NULL_POINTER;
      }
 
      auto session = std::make_unique<botan_tpm2_session_wrapper>();
      session->session = Botan::TPM2::Session::unauthenticated_session(ctx_wrapper.ctx);
      *session_out = new botan_tpm2_session_struct(std::move(session));
      return BOTAN_FFI_SUCCESS;
   });
#else
   BOTAN_UNUSED(session_out, ctx);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan::TPM2::Session::unauthenticated_session().

Functions

Function Documentation

◆ botan_tpm2_ctx_destroy()

◆ botan_tpm2_ctx_enable_crypto_backend()

◆ botan_tpm2_ctx_init()

◆ botan_tpm2_ctx_init_ex()

◆ botan_tpm2_rng_init()

◆ botan_tpm2_session_destroy()

◆ botan_tpm2_supports_crypto_backend()

◆ botan_tpm2_unauthenticated_session_init()