Botan 3.7.1
Crypto and TLS for C&
tpm2_rsa.h
Go to the documentation of this file.
1/*
2* TPM 2.0 RSA Key Wrappers
3* (C) 2024 Jack Lloyd
4* (C) 2024 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity GmbH, financed by LANCOM Systems GmbH
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8#ifndef BOTAN_TPM2_RSA_H_
9#define BOTAN_TPM2_RSA_H_
10
11#include <botan/rsa.h>
12#include <botan/tpm2_key.h>
13
14namespace Botan::TPM2 {
15
16/**
17 * This helper function transforms a @p public_blob in a TPM2B_PUBLIC* format
18 * into the functional components of an RSA public key. Namely, a pair of
19 * modulus and exponent as big integers.
20 *
21 * @param public_blob The public blob to decompose into RSA pubkey components
22 */
23std::pair<BigInt, BigInt> rsa_pubkey_components_from_tss2_public(const TPM2B_PUBLIC* public_blob);
24
27
29 public virtual Botan::RSA_PublicKey {
30 public:
31 std::unique_ptr<Private_Key> generate_another(Botan::RandomNumberGenerator& rng) const override {
32 return TPM2::PublicKey::generate_another(rng);
33 }
34
35 std::vector<uint8_t> raw_public_key_bits() const override { return TPM2::PublicKey::raw_public_key_bits(); }
36
37 bool supports_operation(PublicKeyOperation op) const override {
38 // TODO: Support RSA-KEM
39 return op == PublicKeyOperation::Encryption || op == PublicKeyOperation::Signature;
40 }
41
42 std::unique_ptr<PK_Ops::Verification> create_verification_op(std::string_view params,
43 std::string_view provider) const override;
44
45 std::unique_ptr<PK_Ops::Encryption> create_encryption_op(Botan::RandomNumberGenerator& rng,
46 std::string_view params,
47 std::string_view provider) const override;
48
49 protected:
50 friend class TPM2::PublicKey;
51
52 RSA_PublicKey(Object handle, SessionBundle sessions, const TPM2B_PUBLIC* public_blob);
53
54 private:
55 /**
56 * This constructor is delegated to from the other (protected) constructor
57 * to avoid calling the subclass' RSA_PublicKey's copy/move constructor
58 * during initialization. This is to work around an apparent issue in MSVC
59 * leading to a heap corruption.
60 */
61 RSA_PublicKey(Object handle, SessionBundle sessions, const std::pair<BigInt, BigInt>& pubkey);
62};
63
65 public virtual Botan::RSA_PublicKey {
66 public:
67 /**
68 * Create a transient RSA key with the given @p keylength and @p exponent,
69 * under the given @p parent key, with the given @p auth_value. This key
70 * may be used for both signatures and data decryption. No restrictions
71 * on the utilized padding schemes are applied.
72 *
73 * TODO: provide the user with some means to specify such restrictions:
74 * - allowed key use: sign, decrypt, sign+decrypt, x509sign
75 * - allowed padding schemes: PKCS1v1.5, OAEP, PSS
76 * - data restrictions ("restricted" field in TPMT_PUBLIC)
77 * - session authentication requirements (policy, user authentication, ...)
78 * - fixed to TPM, or fixed to parent?
79 * - ...
80 *
81 * @param ctx The TPM context to use
82 * @param sessions The session bundle to use in the creation of the key
83 * @param auth_value The auth value to use for the key
84 * @param parent The parent key to create the new key under
85 * @param keylength The desired key length
86 * @param exponent The desired exponent (default: 0x10001)
87 */
88 static std::unique_ptr<TPM2::PrivateKey> create_unrestricted_transient(const std::shared_ptr<Context>& ctx,
89 const SessionBundle& sessions,
90 std::span<const uint8_t> auth_value,
91 const TPM2::PrivateKey& parent,
92 uint16_t keylength,
93 std::optional<uint32_t> exponent = {});
94
95 public:
96 std::unique_ptr<Public_Key> public_key() const override {
97 return std::make_unique<Botan::RSA_PublicKey>(algorithm_identifier(), public_key_bits());
98 }
99
100 std::vector<uint8_t> raw_public_key_bits() const override { return TPM2::PrivateKey::raw_public_key_bits(); }
101
102 bool supports_operation(PublicKeyOperation op) const override {
103 // TODO: Support RSA-KEM
104 return op == PublicKeyOperation::Encryption || op == PublicKeyOperation::Signature;
105 }
106
107 std::unique_ptr<PK_Ops::Signature> create_signature_op(Botan::RandomNumberGenerator& rng,
108 std::string_view params,
109 std::string_view provider) const override;
110
111 std::unique_ptr<PK_Ops::Decryption> create_decryption_op(Botan::RandomNumberGenerator& rng,
112 std::string_view params,
113 std::string_view provider) const override;
114
115 protected:
116 friend class TPM2::PrivateKey;
117
118 RSA_PrivateKey(Object handle,
119 SessionBundle sessions,
120 const TPM2B_PUBLIC* public_blob,
121 std::span<const uint8_t> private_blob = {});
122
123 private:
124 /**
125 * This constructor is delegated to from the other (protected) constructor
126 * to avoid calling the subclass' RSA_PublicKey's copy/move constructor
127 * during initialization. This is to work around an apparent issue in MSVC
128 * leading to a heap corruption.
129 */
130 RSA_PrivateKey(Object handle,
131 SessionBundle sessions,
132 const std::pair<BigInt, BigInt>& pubkey,
133 std::span<const uint8_t> private_blob = {});
134};
135
137
138} // namespace Botan::TPM2
139
140#endif
#define BOTAN_DIAGNOSTIC_POP
Definition api.h:108
#define BOTAN_DIAGNOSTIC_PUSH
Definition api.h:105
#define BOTAN_DIAGNOSTIC_IGNORE_INHERITED_VIA_DOMINANCE
Definition api.h:107
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:19
bool supports_operation(PublicKeyOperation op) const override
Definition tpm2_rsa.h:102
std::vector< uint8_t > raw_public_key_bits() const override
Definition tpm2_rsa.h:100
std::unique_ptr< Public_Key > public_key() const override
Definition tpm2_rsa.h:96
bool supports_operation(PublicKeyOperation op) const override
Definition tpm2_rsa.h:37
std::unique_ptr< Private_Key > generate_another(Botan::RandomNumberGenerator &rng) const override
Definition tpm2_rsa.h:31
std::vector< uint8_t > raw_public_key_bits() const override
Definition tpm2_rsa.h:35
int(* final)(unsigned char *, CTX *)
std::pair< BigInt, BigInt > rsa_pubkey_components_from_tss2_public(const TPM2B_PUBLIC *public_area)
Definition tpm2_rsa.cpp:29
PublicKeyOperation
Definition pk_keys.h:45