Botan 3.7.1
Crypto and TLS for C&
tpm2_crypto_backend.h
Go to the documentation of this file.
1/*
2* TPM 2 TSS crypto callbacks backend interface
3* (C) 2024 Jack Lloyd
4* (C) 2024 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity GmbH, financed by LANCOM Systems GmbH
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_TPM2_CRYPTO_BACKEND_H_
10#define BOTAN_TPM2_CRYPTO_BACKEND_H_
11
12#include <botan/compiler.h>
13#include <memory>
14
15struct ESYS_CONTEXT;
16
17namespace Botan {
18class RandomNumberGenerator;
19}
20
21namespace Botan::TPM2 {
22
23/**
24 * This state object is available to all crypto callbacks.
25 * Its lifetime must be managed by the caller for as long as the associated
26 * ESYS_CONTEXT pointer is valid.
27 */
29 std::shared_ptr<Botan::RandomNumberGenerator> rng; // NOLINT(misc-non-private-member-variables-in-classes)
30};
31
32/**
33 * Enable Botan's crypto callbacks in the TPM2-TSS for the given ESYS_CONTEXT
34 * @p context. Use this if you do not plan to use Botan's TPM wrapper (rooted
35 * in TPM2::Context) but still want to benefit from Botan's TPM crypto backend.
36 * Otherwise, use TPM2::Context::use_botan_crypto_backend().
37 *
38 * This replaces all cryptographic functionality required for the communication
39 * with the TPM by Botan's implementations. The TSS2 would otherwise use OpenSSL
40 * or mbedTLS.
41 *
42 * Note that the provided @p rng should not be dependent on the TPM and that the
43 * returned pointer to the CryptoCallbackState must be kept alive as long as the
44 * associated ESYS_CONTEXT is valid and used.
45 *
46 * @param context the ESYS_CONTEXT pointer to register the crypto backend on
47 * @param rng the (independent) random number generator to be used
48 * @returns a state object that must be kept alive by the caller for as
49 * long as the associated ESYS_CONTEXT is valid.
50 *
51 * @throws Not_Implemented if the TPM2-TSS does not support crypto callbacks.
52 */
53[[nodiscard]] BOTAN_PUBLIC_API(3, 7) std::unique_ptr<CryptoCallbackState> use_botan_crypto_backend(
54 ESYS_CONTEXT* context, const std::shared_ptr<Botan::RandomNumberGenerator>& rng);
55
56/**
57 * Checks if the TSS2 supports registering Botan's crypto backend at runtime.
58 * Older versions of the TSS2 do not support this feature ( 4.0.0).
59 * @returns true if the TSS2 supports Botan's crypto backend
60 */
61[[nodiscard]] BOTAN_PUBLIC_API(3, 7) bool supports_botan_crypto_backend() noexcept;
62
63} // namespace Botan::TPM2
64
65#endif
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:19
bool supports_botan_crypto_backend() noexcept
std::unique_ptr< CryptoCallbackState > use_botan_crypto_backend(ESYS_CONTEXT *context, const std::shared_ptr< Botan::RandomNumberGenerator > &rng)
std::shared_ptr< Botan::RandomNumberGenerator > rng