Botan 3.8.1
Crypto and TLS for C&
tpm2_rsa.h
Go to the documentation of this file.
1/*
2* TPM 2.0 RSA Key Wrappers
3* (C) 2024 Jack Lloyd
4* (C) 2024 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity GmbH, financed by LANCOM Systems GmbH
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8#ifndef BOTAN_TPM2_RSA_H_
9#define BOTAN_TPM2_RSA_H_
10
11#include <botan/rsa.h>
12#include <botan/tpm2_key.h>
13
14namespace Botan::TPM2 {
15
18
19class BOTAN_PUBLIC_API(3, 6) RSA_PublicKey final : public virtual Botan::TPM2::PublicKey,
20 public virtual Botan::RSA_PublicKey {
21 public:
22 std::unique_ptr<Private_Key> generate_another(Botan::RandomNumberGenerator& rng) const override {
24 }
25
26 std::vector<uint8_t> raw_public_key_bits() const override { return TPM2::PublicKey::raw_public_key_bits(); }
27
28 bool supports_operation(PublicKeyOperation op) const override {
29 // TODO: Support RSA-KEM
31 }
32
33 std::unique_ptr<PK_Ops::Verification> create_verification_op(std::string_view params,
34 std::string_view provider) const override;
35
36 std::unique_ptr<PK_Ops::Encryption> create_encryption_op(Botan::RandomNumberGenerator& rng,
37 std::string_view params,
38 std::string_view provider) const override;
39
40 protected:
41 friend class TPM2::PublicKey;
42
43 RSA_PublicKey(Object handle, SessionBundle sessions, const TPM2B_PUBLIC* public_blob);
44
45 private:
46 /**
47 * This constructor is delegated to from the other (protected) constructor
48 * to avoid calling the subclass' RSA_PublicKey's copy/move constructor
49 * during initialization. This is to work around an apparent issue in MSVC
50 * leading to a heap corruption.
51 */
52 RSA_PublicKey(Object handle, SessionBundle sessions, const std::pair<BigInt, BigInt>& pubkey);
53};
54
55class BOTAN_PUBLIC_API(3, 6) RSA_PrivateKey final : public virtual Botan::TPM2::PrivateKey,
56 public virtual Botan::RSA_PublicKey {
57 public:
58 /**
59 * Create a transient RSA key with the given @p keylength and @p exponent,
60 * under the given @p parent key, with the given @p auth_value. This key
61 * may be used for both signatures and data decryption. No restrictions
62 * on the utilized padding schemes are applied.
63 *
64 * TODO: provide the user with some means to specify such restrictions:
65 * - allowed key use: sign, decrypt, sign+decrypt, x509sign
66 * - allowed padding schemes: PKCS1v1.5, OAEP, PSS
67 * - data restrictions ("restricted" field in TPMT_PUBLIC)
68 * - session authentication requirements (policy, user authentication, ...)
69 * - fixed to TPM, or fixed to parent?
70 * - ...
71 *
72 * @param ctx The TPM context to use
73 * @param sessions The session bundle to use in the creation of the key
74 * @param auth_value The auth value to use for the key
75 * @param parent The parent key to create the new key under
76 * @param keylength The desired key length
77 * @param exponent The desired exponent (default: 0x10001)
78 */
79 static std::unique_ptr<TPM2::PrivateKey> create_unrestricted_transient(const std::shared_ptr<Context>& ctx,
81 std::span<const uint8_t> auth_value,
82 const TPM2::PrivateKey& parent,
83 uint16_t keylength,
84 std::optional<uint32_t> exponent = {});
85
86 public:
87 std::unique_ptr<Public_Key> public_key() const override {
88 return std::make_unique<Botan::RSA_PublicKey>(algorithm_identifier(), public_key_bits());
89 }
90
91 std::vector<uint8_t> raw_public_key_bits() const override { return TPM2::PrivateKey::raw_public_key_bits(); }
92
93 bool supports_operation(PublicKeyOperation op) const override {
94 // TODO: Support RSA-KEM
96 }
97
98 std::unique_ptr<PK_Ops::Signature> create_signature_op(Botan::RandomNumberGenerator& rng,
99 std::string_view params,
100 std::string_view provider) const override;
101
102 std::unique_ptr<PK_Ops::Decryption> create_decryption_op(Botan::RandomNumberGenerator& rng,
103 std::string_view params,
104 std::string_view provider) const override;
105
106 protected:
107 friend class TPM2::PrivateKey;
108
109 RSA_PrivateKey(Object handle,
111 const TPM2B_PUBLIC* public_blob,
112 std::span<const uint8_t> private_blob = {});
113
114 private:
115 /**
116 * This constructor is delegated to from the other (protected) constructor
117 * to avoid calling the subclass' RSA_PublicKey's copy/move constructor
118 * during initialization. This is to work around an apparent issue in MSVC
119 * leading to a heap corruption.
120 */
121 RSA_PrivateKey(Object handle,
122 SessionBundle sessions,
123 const std::pair<BigInt, BigInt>& pubkey,
124 std::span<const uint8_t> private_blob = {});
125};
126
128
129} // namespace Botan::TPM2
130
131#endif
#define BOTAN_DIAGNOSTIC_POP
Definition api.h:108
#define BOTAN_DIAGNOSTIC_PUSH
Definition api.h:105
#define BOTAN_DIAGNOSTIC_IGNORE_INHERITED_VIA_DOMINANCE
Definition api.h:107
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:19
AlgorithmIdentifier algorithm_identifier() const override
Definition rsa.cpp:184
std::vector< uint8_t > public_key_bits() const override
Definition rsa.cpp:192
std::vector< uint8_t > raw_public_key_bits() const override
Definition tpm2_key.cpp:276
const SessionBundle & sessions() const
Definition tpm2_key.h:224
std::vector< uint8_t > raw_public_key_bits() const override
Definition tpm2_key.cpp:154
const SessionBundle & sessions() const
Definition tpm2_key.h:101
std::unique_ptr< Private_Key > generate_another(Botan::RandomNumberGenerator &) const override
Definition tpm2_key.h:90
bool supports_operation(PublicKeyOperation op) const override
Definition tpm2_rsa.h:93
RSA_PrivateKey(Object handle, SessionBundle sessions, const TPM2B_PUBLIC *public_blob, std::span< const uint8_t > private_blob={})
Definition tpm2_rsa.cpp:39
std::vector< uint8_t > raw_public_key_bits() const override
Definition tpm2_rsa.h:91
std::unique_ptr< Public_Key > public_key() const override
Definition tpm2_rsa.h:87
static std::unique_ptr< TPM2::PrivateKey > create_unrestricted_transient(const std::shared_ptr< Context > &ctx, const SessionBundle &sessions, std::span< const uint8_t > auth_value, const TPM2::PrivateKey &parent, uint16_t keylength, std::optional< uint32_t > exponent={})
Definition tpm2_rsa.cpp:57
bool supports_operation(PublicKeyOperation op) const override
Definition tpm2_rsa.h:28
std::unique_ptr< Private_Key > generate_another(Botan::RandomNumberGenerator &rng) const override
Definition tpm2_rsa.h:22
std::vector< uint8_t > raw_public_key_bits() const override
Definition tpm2_rsa.h:26
RSA_PublicKey(Object handle, SessionBundle sessions, const TPM2B_PUBLIC *public_blob)
Definition tpm2_rsa.cpp:29
PublicKeyOperation
Definition pk_keys.h:46