doxygen/tpm2__object_8cpp_source.html

/*

* TPM 2.0 Base Object handling

* (C) 2024 Jack Lloyd

* (C) 2024 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity GmbH, financed by LANCOM Systems GmbH

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/tpm2_object.h>


#include <botan/tpm2_session.h>


#include <botan/internal/stl_util.h>

#include <botan/internal/tpm2_util.h>


#include <tss2/tss2_esys.h>


namespace Botan::TPM2 {


namespace {


using ObjectAttributesWrapper =

   AttributeWrapper<TPMA_OBJECT,

                    ObjectAttributes,

                    PropMap{&ObjectAttributes::fixed_tpm, TPMA_OBJECT_FIXEDTPM},

                    PropMap{&ObjectAttributes::st_clear, TPMA_OBJECT_STCLEAR},

                    PropMap{&ObjectAttributes::fixed_parent, TPMA_OBJECT_FIXEDPARENT},

                    PropMap{&ObjectAttributes::sensitive_data_origin, TPMA_OBJECT_SENSITIVEDATAORIGIN},

                    PropMap{&ObjectAttributes::user_with_auth, TPMA_OBJECT_USERWITHAUTH},

                    PropMap{&ObjectAttributes::admin_with_policy, TPMA_OBJECT_ADMINWITHPOLICY},

                    PropMap{&ObjectAttributes::no_da, TPMA_OBJECT_NODA},

                    PropMap{&ObjectAttributes::encrypted_duplication, TPMA_OBJECT_ENCRYPTEDDUPLICATION},

                    PropMap{&ObjectAttributes::restricted, TPMA_OBJECT_RESTRICTED},

                    PropMap{&ObjectAttributes::decrypt, TPMA_OBJECT_DECRYPT},

                    PropMap{&ObjectAttributes::sign_encrypt, TPMA_OBJECT_SIGN_ENCRYPT},

                    PropMap{&ObjectAttributes::x509sign, TPMA_OBJECT_X509SIGN}>;


}  // namespace


ObjectAttributes ObjectAttributes::read(TPMA_OBJECT attributes) {

   return ObjectAttributesWrapper::read(attributes);

}


TPMA_OBJECT ObjectAttributes::render(ObjectAttributes attributes) {

   return ObjectAttributesWrapper::render(attributes);

}


Object::Object(std::shared_ptr<Context> ctx) : m_ctx(std::move(ctx)), m_handles(std::make_unique<ObjectHandles>()) {

   BOTAN_ASSERT_NONNULL(m_ctx);

}


Object::Object(std::shared_ptr<Context> ctx, ESYS_TR handle) : Object(std::move(ctx)) {

   m_handles->transient = handle;

}


Object::Object(Object&& other) noexcept :

      m_ctx(std::move(other.m_ctx)),

      m_handles(std::move(other.m_handles)),

      m_public_info(std::move(other.m_public_info)) {

   other.scrub();

}


Object::~Object() {

   if(m_handles) {

      flush();

   }

}


Object& Object::operator=(Object&& other) noexcept {

   if(this != &other) {

      flush();

      m_ctx = std::move(other.m_ctx);

      m_handles = std::move(other.m_handles);

      m_public_info = std::move(other.m_public_info);

      other.scrub();

   }

   return *this;

}


/// Flush the object's TPM handles as necessary

void Object::flush() const noexcept {

   // Only purely transient objects have to be flushed

   if(has_transient_handle()) {

      if(has_persistent_handle()) {

         Esys_TR_Close(*m_ctx, &m_handles->transient);

      } else {

         Esys_FlushContext(*m_ctx, m_handles->transient);

      }

   }

}


/// Destroy the object's internal state, making the destructor a no-op.

/// No more operations except the destructor must be performed on that object.

void Object::scrub() {

   m_ctx.reset();

   m_handles.reset();

   m_public_info.reset();

}


/// Flush the object's TPM handles and reset its internal state


void Object::_reset() noexcept {

   flush();

   _disengage();

}


/// Reset the object's internal state without flushing its TPM handles


void Object::_disengage() noexcept {

   m_handles = std::make_unique<ObjectHandles>();

   m_public_info.reset();

}


bool Object::has_persistent_handle() const {

   return m_handles->persistent.has_value();

}


bool Object::has_transient_handle() const {

   return m_handles->transient != ESYS_TR_NONE;

}


TPM2_HANDLE Object::persistent_handle() const {

   BOTAN_STATE_CHECK(has_persistent_handle());

   return *m_handles->persistent;

}


ESYS_TR Object::transient_handle() const noexcept {

   return m_handles->transient;

}


ObjectAttributes Object::attributes(const SessionBundle& sessions) const {

   const auto attrs = _public_info(sessions).pub->publicArea.objectAttributes;

   return ObjectAttributes::read(attrs);

}


PublicInfo& Object::_public_info(const SessionBundle& sessions, std::optional<TPMI_ALG_PUBLIC> expected_type) const {

   if(!m_public_info) {

      m_public_info = std::make_unique<PublicInfo>();


      check_rc("Esys_ReadPublic",

               Esys_ReadPublic(*m_ctx,

                               m_handles->transient,

                               sessions[0],

                               sessions[1],

                               sessions[2],

                               out_ptr(m_public_info->pub),

                               out_ptr(m_public_info->name),

                               out_ptr(m_public_info->qualified_name)));

      BOTAN_ASSERT_NONNULL(m_public_info->pub);


      if(expected_type) {

         BOTAN_STATE_CHECK(m_public_info->pub->publicArea.type == *expected_type);

      }

   }


   return *m_public_info;

}


ObjectHandles& Object::handles() {

   return *m_handles;

}


}  // namespace Botan::TPM2

BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:41

BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:86

Botan::TPM2::Object
Definition tpm2_object.h:85

Botan::TPM2::Object::has_transient_handle
bool has_transient_handle() const
Definition tpm2_object.cpp:116

Botan::TPM2::Object::_reset
void _reset() noexcept
Flush the object's TPM handles and reset its internal state.
Definition tpm2_object.cpp:101

Botan::TPM2::Object::Object
Object(std::shared_ptr< Context > ctx)
Definition tpm2_object.cpp:48

Botan::TPM2::Object::~Object
virtual ~Object()
Definition tpm2_object.cpp:63

Botan::TPM2::Object::has_persistent_handle
bool has_persistent_handle() const
Definition tpm2_object.cpp:112

Botan::TPM2::Object::_public_info
PublicInfo & _public_info(const SessionBundle &sessions, std::optional< TPMI_ALG_PUBLIC > expected_type={}) const
Definition tpm2_object.cpp:134

Botan::TPM2::Object::attributes
ObjectAttributes attributes(const SessionBundle &sessions) const
Definition tpm2_object.cpp:129

Botan::TPM2::Object::transient_handle
ESYS_TR transient_handle() const noexcept
Definition tpm2_object.cpp:125

Botan::TPM2::Object::_disengage
void _disengage() noexcept
Reset the object's internal state without flushing its TPM handles.
Definition tpm2_object.cpp:107

Botan::TPM2::Object::operator=
Object & operator=(const Object &)=delete

Botan::TPM2::Object::persistent_handle
TPM2_HANDLE persistent_handle() const
Definition tpm2_object.cpp:120

Botan::TPM2::SessionBundle
Definition tpm2_session.h:173

Botan::TPM2
Definition tpm2_algo_mappings.h:24

Botan::TPM2::PropMap
PropMap(MaskT, FieldPointerT) -> PropMap< MaskT, FieldPointerT >
Deduction guide to simplify the creation of PropMap instances.

Botan::TPM2::check_rc
constexpr void check_rc(std::string_view location, TSS2_RC rc)
Definition tpm2_util.h:54

Botan::out_ptr
constexpr auto out_ptr(T &outptr) noexcept
Definition stl_util.h:420

Botan::TPM2::ObjectAttributes
Definition tpm2_object.h:30

Botan::TPM2::ObjectAttributes::no_da
bool no_da
If set, the object is not subject to dictionary attack protection.
Definition tpm2_object.h:53

Botan::TPM2::ObjectAttributes::fixed_tpm
bool fixed_tpm
The hierarchy of the object may or may not change (i.e. when keys are duplicated)
Definition tpm2_object.h:35

Botan::TPM2::ObjectAttributes::x509sign
bool x509sign
Definition tpm2_object.h:72

Botan::TPM2::ObjectAttributes::fixed_parent
bool fixed_parent
The parent of the object may or may not change.
Definition tpm2_object.h:41

Botan::TPM2::ObjectAttributes::read
static ObjectAttributes read(TPMA_OBJECT attributes)
Definition tpm2_object.cpp:40

Botan::TPM2::ObjectAttributes::restricted
bool restricted
Definition tpm2_object.h:61

Botan::TPM2::ObjectAttributes::encrypted_duplication
bool encrypted_duplication
Definition tpm2_object.h:57

Botan::TPM2::ObjectAttributes::admin_with_policy
bool admin_with_policy
ADMIN role actions may or may not require a policy session.
Definition tpm2_object.h:50

Botan::TPM2::ObjectAttributes::user_with_auth
bool user_with_auth
USER role actions may or may not be performed without authorization (HMAC or password)
Definition tpm2_object.h:47

Botan::TPM2::ObjectAttributes::sensitive_data_origin
bool sensitive_data_origin
Indicates that the TPM generated all of the sensitive data other than the authValue.
Definition tpm2_object.h:44

Botan::TPM2::ObjectAttributes::sign_encrypt
bool sign_encrypt
Definition tpm2_object.h:68

Botan::TPM2::ObjectAttributes::render
static TPMA_OBJECT render(ObjectAttributes attributes)
Definition tpm2_object.cpp:44

Botan::TPM2::ObjectAttributes::st_clear
bool st_clear
Saved contexts of this object may or may not be loaded after Startup(CLEAR)
Definition tpm2_object.h:38

Botan::TPM2::ObjectAttributes::decrypt
bool decrypt
The private portion of the key might be used for data decryption.
Definition tpm2_object.h:64

Botan::TPM2::ObjectHandles
Definition tpm2_util.h:162

Botan::TPM2::PublicInfo
Definition tpm2_util.h:156

Botan::TPM2::PublicInfo::pub
unique_esys_ptr< TPM2B_PUBLIC > pub
Definition tpm2_util.h:157

ESYS_TR
uint32_t ESYS_TR
Forward declaration of TSS2 type for convenience.
Definition tpm2_context.h:23

TPM2_HANDLE
uint32_t TPM2_HANDLE
Forward declaration of TSS2 type for convenience.
Definition tpm2_context.h:20

TPMA_OBJECT
uint32_t TPMA_OBJECT
Forward declaration of TSS2 type for convenience.
Definition tpm2_object.h:15