Botan 3.6.1
Crypto and TLS for C&
tpm2_rsa.h
Go to the documentation of this file.
1/*
2* TPM 2.0 RSA Key Wrappers
3* (C) 2024 Jack Lloyd
4* (C) 2024 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity GmbH, financed by LANCOM Systems GmbH
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8#ifndef BOTAN_TPM2_RSA_H_
9#define BOTAN_TPM2_RSA_H_
10
11#include <botan/rsa.h>
12#include <botan/tpm2_key.h>
13
14namespace Botan::TPM2 {
15class BOTAN_PUBLIC_API(3, 6) RSA_PublicKey final : public virtual Botan::TPM2::PublicKey,
16 public virtual Botan::RSA_PublicKey {
17 public:
18 std::unique_ptr<Private_Key> generate_another(Botan::RandomNumberGenerator& rng) const override {
19 return TPM2::PublicKey::generate_another(rng);
20 }
21
22 std::vector<uint8_t> raw_public_key_bits() const override { return TPM2::PublicKey::raw_public_key_bits(); }
23
24 bool supports_operation(PublicKeyOperation op) const override {
25 // TODO: Support RSA-KEM
26 return op == PublicKeyOperation::Encryption || op == PublicKeyOperation::Signature;
27 }
28
29 std::unique_ptr<PK_Ops::Verification> create_verification_op(std::string_view params,
30 std::string_view provider) const override;
31
32 std::unique_ptr<PK_Ops::Encryption> create_encryption_op(Botan::RandomNumberGenerator& rng,
33 std::string_view params,
34 std::string_view provider) const override;
35
36 protected:
37 friend class TPM2::PublicKey;
38
39 RSA_PublicKey(Object handle, SessionBundle sessions, const TPM2B_PUBLIC* public_blob);
40};
41
42BOTAN_DIAGNOSTIC_PUSH
43BOTAN_DIAGNOSTIC_IGNORE_INHERITED_VIA_DOMINANCE
44
45class BOTAN_PUBLIC_API(3, 6) RSA_PrivateKey final : public virtual Botan::TPM2::PrivateKey,
46 public virtual Botan::RSA_PublicKey {
47 public:
48 /**
49 * Create a transient RSA key with the given @p keylength and @p exponent,
50 * under the given @p parent key, with the given @p auth_value. This key
51 * may be used for both signatures and data decryption. No restrictions
52 * on the utilized padding schemes are applied.
53 *
54 * TODO: provide the user with some means to specify such restrictions:
55 * - allowed key use: sign, decrypt, sign+decrypt, x509sign
56 * - allowed padding schemes: PKCS1v1.5, OAEP, PSS
57 * - data restrictions ("restricted" field in TPMT_PUBLIC)
58 * - session authentication requirements (policy, user authentication, ...)
59 * - fixed to TPM, or fixed to parent?
60 * - ...
61 *
62 * @param ctx The TPM context to use
63 * @param sessions The session bundle to use in the creation of the key
64 * @param auth_value The auth value to use for the key
65 * @param parent The parent key to create the new key under
66 * @param keylength The desired key length
67 * @param exponent The desired exponent (default: 0x10001)
68 */
69 static std::unique_ptr<TPM2::PrivateKey> create_unrestricted_transient(const std::shared_ptr<Context>& ctx,
70 const SessionBundle& sessions,
71 std::span<const uint8_t> auth_value,
72 const TPM2::PrivateKey& parent,
73 uint16_t keylength,
74 std::optional<uint32_t> exponent = {});
75
76 public:
77 std::unique_ptr<Public_Key> public_key() const override {
78 return std::make_unique<Botan::RSA_PublicKey>(algorithm_identifier(), public_key_bits());
79 }
80
81 std::vector<uint8_t> raw_public_key_bits() const override { return TPM2::PrivateKey::raw_public_key_bits(); }
82
83 bool supports_operation(PublicKeyOperation op) const override {
84 // TODO: Support RSA-KEM
85 return op == PublicKeyOperation::Encryption || op == PublicKeyOperation::Signature;
86 }
87
88 std::unique_ptr<PK_Ops::Signature> create_signature_op(Botan::RandomNumberGenerator& rng,
89 std::string_view params,
90 std::string_view provider) const override;
91
92 std::unique_ptr<PK_Ops::Decryption> create_decryption_op(Botan::RandomNumberGenerator& rng,
93 std::string_view params,
94 std::string_view provider) const override;
95
96 protected:
97 friend class TPM2::PrivateKey;
98
99 RSA_PrivateKey(Object handle,
100 SessionBundle sessions,
101 const TPM2B_PUBLIC* public_blob,
102 std::span<const uint8_t> private_blob = {});
103};
104
105BOTAN_DIAGNOSTIC_POP
106
107} // namespace Botan::TPM2
108
109#endif
Botan::RSA_PublicKey
Definition rsa.h:25
Botan::TPM2::RSA_PrivateKey
Definition tpm2_rsa.h:46
Botan::TPM2::RSA_PrivateKey::supports_operation
bool supports_operation(PublicKeyOperation op) const override
Definition tpm2_rsa.h:83
Botan::TPM2::RSA_PrivateKey::raw_public_key_bits
std::vector< uint8_t > raw_public_key_bits() const override
Definition tpm2_rsa.h:81
Botan::TPM2::RSA_PrivateKey::public_key
std::unique_ptr< Public_Key > public_key() const override
Definition tpm2_rsa.h:77
Botan::TPM2::RSA_PublicKey
Definition tpm2_rsa.h:16
Botan::TPM2::RSA_PublicKey::supports_operation
bool supports_operation(PublicKeyOperation op) const override
Definition tpm2_rsa.h:24
Botan::TPM2::RSA_PublicKey::generate_another
std::unique_ptr< Private_Key > generate_another(Botan::RandomNumberGenerator &rng) const override
Definition tpm2_rsa.h:18
Botan::TPM2::RSA_PublicKey::raw_public_key_bits
std::vector< uint8_t > raw_public_key_bits() const override
Definition tpm2_rsa.h:22
final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29
BOTAN_DIAGNOSTIC_POP
#define BOTAN_DIAGNOSTIC_POP
Definition compiler.h:191
BOTAN_DIAGNOSTIC_PUSH
#define BOTAN_DIAGNOSTIC_PUSH
Definition compiler.h:188
BOTAN_DIAGNOSTIC_IGNORE_INHERITED_VIA_DOMINANCE
#define BOTAN_DIAGNOSTIC_IGNORE_INHERITED_VIA_DOMINANCE
Definition compiler.h:190
BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31
Botan::PublicKeyOperation
PublicKeyOperation
Definition pk_keys.h:45
Generated by doxygen 1.12.0