Botan 3.9.0
Crypto and TLS for C&
ffi_tpm2.cpp File Reference
#include <botan/ffi.h>
#include <botan/internal/ffi_pkey.h>
#include <botan/internal/ffi_rng.h>
#include <botan/internal/ffi_util.h>

Go to the source code of this file.

Functions

int botan_tpm2_crypto_backend_state_destroy (botan_tpm2_crypto_backend_state_t cbs)
int botan_tpm2_ctx_destroy (botan_tpm2_ctx_t ctx)
int botan_tpm2_ctx_enable_crypto_backend (botan_tpm2_ctx_t ctx, botan_rng_t rng)
int botan_tpm2_ctx_from_esys (botan_tpm2_ctx_t *ctx_out, ESYS_CONTEXT *esys_ctx)
int botan_tpm2_ctx_init (botan_tpm2_ctx_t *ctx_out, const char *tcti_nameconf)
int botan_tpm2_ctx_init_ex (botan_tpm2_ctx_t *ctx_out, const char *tcti_name, const char *tcti_conf)
int botan_tpm2_enable_crypto_backend (botan_tpm2_crypto_backend_state_t *cbs_out, ESYS_CONTEXT *esys_ctx, botan_rng_t rng)
int botan_tpm2_rng_init (botan_rng_t *rng_out, botan_tpm2_ctx_t ctx, botan_tpm2_session_t s1, botan_tpm2_session_t s2, botan_tpm2_session_t s3)
int botan_tpm2_session_destroy (botan_tpm2_session_t session)
int botan_tpm2_supports_crypto_backend ()
int botan_tpm2_unauthenticated_session_init (botan_tpm2_session_t *session_out, botan_tpm2_ctx_t ctx)

Function Documentation

◆ botan_tpm2_crypto_backend_state_destroy()

int botan_tpm2_crypto_backend_state_destroy ( botan_tpm2_crypto_backend_state_t cbs)

Frees all resouces of a TPM2 Crypto Callback State Note that this does not attempt to de-register the crypto backend, it just frees the resource pointed to by cbs. Use the ESAPI function Esys_SetCryptoCallbacks(ctx, nullptr) to deregister manually.

Parameters
cbsTPM2 Crypto Callback State
Returns
0 on success

Definition at line 203 of file ffi_tpm2.cpp.

203 {
204#if defined(BOTAN_HAS_TPM2_CRYPTO_BACKEND)
205 return BOTAN_FFI_CHECKED_DELETE(cbs);
206#else
207 BOTAN_UNUSED(cbs);
209#endif
210}
#define BOTAN_UNUSED
Definition assert.h:144
@ BOTAN_FFI_ERROR_NOT_IMPLEMENTED
Definition ffi.h:138
#define BOTAN_FFI_CHECKED_DELETE(o)
Definition ffi_util.h:185

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_tpm2_ctx_destroy()

int botan_tpm2_ctx_destroy ( botan_tpm2_ctx_t ctx)

Frees all resouces of a TPM2 context

Parameters
ctxTPM2 context
Returns
0 on success

Definition at line 172 of file ffi_tpm2.cpp.

172 {
173#if defined(BOTAN_HAS_TPM2)
174 return BOTAN_FFI_CHECKED_DELETE(ctx);
175#else
176 BOTAN_UNUSED(ctx);
178#endif
179}

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_tpm2_ctx_enable_crypto_backend()

int botan_tpm2_ctx_enable_crypto_backend ( botan_tpm2_ctx_t ctx,
botan_rng_t rng )

Enable Botan's TSS2 crypto backend that replaces the cryptographic functions required for the communication with the TPM with implementations provided by Botan instead of using TSS' defaults OpenSSL or mbedTLS. Note that the provided rng should not be dependent on the TPM and the caller must ensure that it remains usable for the lifetime of the ctx.

Parameters
ctxTPM2 context
rngrandom number generator to be used by the crypto backend

Definition at line 149 of file ffi_tpm2.cpp.

149 {
150#if defined(BOTAN_HAS_TPM2)
151 return BOTAN_FFI_VISIT(ctx, [=](botan_tpm2_ctx_wrapper& ctx_wrapper) -> int {
153
154 // The lifetime of the RNG used for the crypto backend should be managed
155 // by the TPM2::Context. Here, we just need to trust the user that they
156 // keep the passed-in RNG instance intact for the lifetime of the context.
157 std::shared_ptr<Botan::RandomNumberGenerator> rng_ptr(&rng_ref, [](auto*) {});
158 ctx_wrapper.ctx->use_botan_crypto_backend(rng_ptr);
159 return BOTAN_FFI_SUCCESS;
160 });
161#else
162 BOTAN_UNUSED(ctx, rng);
164#endif
165}
@ BOTAN_FFI_SUCCESS
Definition ffi.h:115
#define BOTAN_FFI_VISIT(obj, lambda)
Definition ffi_util.h:158
T & safe_get(botan_struct< T, M > *p)
Definition ffi_util.h:79

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_SUCCESS, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::safe_get().

◆ botan_tpm2_ctx_from_esys()

int botan_tpm2_ctx_from_esys ( botan_tpm2_ctx_t * ctx_out,
struct ESYS_CONTEXT * esys_ctx )

Wrap an existing ESYS_CONTEXT for use in Botan. Note that destroying the created botan_tpm2_ctx_t won't finalize esys_ctx

Parameters
ctx_outoutput TPM2 context
esys_ctxESYS_CONTEXT to wrap
Returns
0 on success

Definition at line 132 of file ffi_tpm2.cpp.

132 {
133#if defined(BOTAN_HAS_TPM2)
134 return ffi_guard_thunk(__func__, [=]() -> int {
135 if(ctx_out == nullptr || esys_ctx == nullptr) {
137 }
138
139 auto ctx = std::make_unique<botan_tpm2_ctx_wrapper>();
140 ctx->ctx = Botan::TPM2::Context::create(esys_ctx);
141 return ffi_new_object(ctx_out, std::move(ctx));
142 });
143#else
144 BOTAN_UNUSED(ctx_out, esys_ctx);
146#endif
147}
static std::shared_ptr< Context > create(const std::string &tcti_nameconf)
@ BOTAN_FFI_ERROR_NULL_POINTER
Definition ffi.h:132
BOTAN_FFI_ERROR ffi_new_object(T *obj, Args &&... args)
Definition ffi_util.h:178
int ffi_guard_thunk(const char *func_name, T thunk)
Definition ffi_util.h:95

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, Botan::TPM2::Context::create(), Botan_FFI::ffi_guard_thunk(), and Botan_FFI::ffi_new_object().

◆ botan_tpm2_ctx_init()

int botan_tpm2_ctx_init ( botan_tpm2_ctx_t * ctx_out,
const char * tcti_nameconf )

Initialize a TPM2 context

Parameters
ctx_outoutput TPM2 context
tcti_nameconfTCTI config (may be nullptr)
Returns
0 on success

Definition at line 74 of file ffi_tpm2.cpp.

74 {
75#if defined(BOTAN_HAS_TPM2)
76 return ffi_guard_thunk(__func__, [=]() -> int {
77 if(ctx_out == nullptr) {
79 }
80 auto ctx = std::make_unique<botan_tpm2_ctx_wrapper>();
81
82 auto tcti = [=]() -> std::optional<std::string> {
83 if(tcti_nameconf == nullptr) {
84 return {};
85 } else {
86 return std::string(tcti_nameconf);
87 }
88 }();
89
90 ctx->ctx = Botan::TPM2::Context::create(std::move(tcti));
91 return ffi_new_object(ctx_out, std::move(ctx));
92 });
93#else
94 BOTAN_UNUSED(ctx_out, tcti_nameconf);
96#endif
97}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, Botan::TPM2::Context::create(), Botan_FFI::ffi_guard_thunk(), and Botan_FFI::ffi_new_object().

◆ botan_tpm2_ctx_init_ex()

int botan_tpm2_ctx_init_ex ( botan_tpm2_ctx_t * ctx_out,
const char * tcti_name,
const char * tcti_conf )

Initialize a TPM2 context

Parameters
ctx_outoutput TPM2 context
tcti_nameTCTI name (may be nullptr)
tcti_confTCTI config (may be nullptr)
Returns
0 on success

Definition at line 99 of file ffi_tpm2.cpp.

99 {
100#if defined(BOTAN_HAS_TPM2)
101 return ffi_guard_thunk(__func__, [=]() -> int {
102 if(ctx_out == nullptr) {
104 }
105 auto ctx = std::make_unique<botan_tpm2_ctx_wrapper>();
106
107 auto tcti_name_str = [=]() -> std::optional<std::string> {
108 if(tcti_name == nullptr) {
109 return {};
110 } else {
111 return std::string(tcti_name);
112 }
113 }();
114
115 auto tcti_conf_str = [=]() -> std::optional<std::string> {
116 if(tcti_conf == nullptr) {
117 return {};
118 } else {
119 return std::string(tcti_conf);
120 }
121 }();
122
123 ctx->ctx = Botan::TPM2::Context::create(std::move(tcti_name_str), std::move(tcti_conf_str));
124 return ffi_new_object(ctx_out, std::move(ctx));
125 });
126#else
127 BOTAN_UNUSED(ctx_out, tcti_name, tcti_conf);
129#endif
130}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, Botan::TPM2::Context::create(), Botan_FFI::ffi_guard_thunk(), and Botan_FFI::ffi_new_object().

◆ botan_tpm2_enable_crypto_backend()

int botan_tpm2_enable_crypto_backend ( botan_tpm2_crypto_backend_state_t * cbs_out,
struct ESYS_CONTEXT * esys_ctx,
botan_rng_t rng )

Use this if you just need Botan's crypto backend but do not want to wrap any other ESYS functionality using Botan's TPM2 wrapper. A Crypto Backend State is created that the user needs to keep alive for as long as the crypto backend is used and needs to be destroyed after. Note that the provided rng should not be dependent on the TPM and the caller must ensure that it remains usable for the lifetime of the esys_ctx.

Parameters
cbs_outTo be created Crypto Backend State
esys_ctxTPM2 context
rngrandom number generator to be used by the crypto backend

Definition at line 181 of file ffi_tpm2.cpp.

183 {
184#if defined(BOTAN_HAS_TPM2_CRYPTO_BACKEND)
185 return ffi_guard_thunk(__func__, [=]() -> int {
186 if(cbs_out == nullptr || esys_ctx == nullptr) {
188 }
189
191
192 // Here, we just need to trust the user that they keep the passed-in RNG
193 // instance intact for the lifetime of the context.
194 std::shared_ptr<Botan::RandomNumberGenerator> rng_ptr(&rng_ref, [](auto*) {});
195 return ffi_new_object(cbs_out, Botan::TPM2::use_botan_crypto_backend(esys_ctx, rng_ptr));
196 });
197#else
198 BOTAN_UNUSED(cbs_out, esys_ctx, rng);
200#endif
201}
std::unique_ptr< CryptoCallbackState > use_botan_crypto_backend(ESYS_CONTEXT *context, const std::shared_ptr< Botan::RandomNumberGenerator > &rng)

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_UNUSED, Botan_FFI::ffi_guard_thunk(), Botan_FFI::ffi_new_object(), Botan_FFI::safe_get(), and Botan::TPM2::use_botan_crypto_backend().

◆ botan_tpm2_rng_init()

int botan_tpm2_rng_init ( botan_rng_t * rng_out,
botan_tpm2_ctx_t ctx,
botan_tpm2_session_t s1,
botan_tpm2_session_t s2,
botan_tpm2_session_t s3 )

Initialize a random number generator object via TPM2

Parameters
rng_outrng object to create
ctxTPM2 context
s1the first session to use (optional, may be nullptr)
s2the second session to use (optional, may be nullptr)
s3the third session to use (optional, may be nullptr)

Definition at line 212 of file ffi_tpm2.cpp.

216 {
217#if defined(BOTAN_HAS_TPM2)
218 return BOTAN_FFI_VISIT(ctx, [=](botan_tpm2_ctx_wrapper& ctx_wrapper) -> int {
219 if(rng_out == nullptr) {
221 }
222
223 return ffi_new_object(
224 rng_out, std::make_unique<Botan::TPM2::RandomNumberGenerator>(ctx_wrapper.ctx, sessions(s1, s2, s3)));
225 });
226#else
227 BOTAN_UNUSED(rng_out, ctx, s1, s2, s3);
229#endif
230}

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, BOTAN_UNUSED, and Botan_FFI::ffi_new_object().

◆ botan_tpm2_session_destroy()

int botan_tpm2_session_destroy ( botan_tpm2_session_t session)

Create an unauthenticated session for use with TPM2

Parameters
sessionthe session object to destroy

Definition at line 249 of file ffi_tpm2.cpp.

249 {
250#if defined(BOTAN_HAS_TPM2)
251 return BOTAN_FFI_CHECKED_DELETE(session);
252#else
253 BOTAN_UNUSED(session);
255#endif
256}

References BOTAN_FFI_CHECKED_DELETE, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, and BOTAN_UNUSED.

◆ botan_tpm2_supports_crypto_backend()

int botan_tpm2_supports_crypto_backend ( void )

Checks if Botan's TSS2 crypto backend can be used in this build

Returns
1 if the crypto backend can be enabled

Definition at line 66 of file ffi_tpm2.cpp.

66 {
67#if defined(BOTAN_HAS_TPM2)
69#else
70 return 0;
71#endif
72}
static bool supports_botan_crypto_backend() noexcept

References Botan::TPM2::Context::supports_botan_crypto_backend().

◆ botan_tpm2_unauthenticated_session_init()

int botan_tpm2_unauthenticated_session_init ( botan_tpm2_session_t * session_out,
botan_tpm2_ctx_t ctx )

Create an unauthenticated session for use with TPM2

Parameters
session_outthe session object to create
ctxTPM2 context

Definition at line 232 of file ffi_tpm2.cpp.

232 {
233#if defined(BOTAN_HAS_TPM2)
234 return BOTAN_FFI_VISIT(ctx, [=](botan_tpm2_ctx_wrapper& ctx_wrapper) -> int {
235 if(session_out == nullptr) {
237 }
238
239 auto session = std::make_unique<botan_tpm2_session_wrapper>();
240 session->session = Botan::TPM2::Session::unauthenticated_session(ctx_wrapper.ctx);
241 return ffi_new_object(session_out, std::move(session));
242 });
243#else
244 BOTAN_UNUSED(session_out, ctx);
246#endif
247}
static std::shared_ptr< Session > unauthenticated_session(const std::shared_ptr< Context > &ctx, std::string_view sym_algo="CFB(AES-256)", std::string_view hash_algo="SHA-256")

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_VISIT, BOTAN_UNUSED, Botan_FFI::ffi_new_object(), and Botan::TPM2::Session::unauthenticated_session().