Botan  2.10.0
Crypto and TLS for C++11
tpm.h
Go to the documentation of this file.
1 
2 /*
3 * TPM 1.2 interface
4 * (C) 2015 Jack Lloyd
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_TPM_H_
10 #define BOTAN_TPM_H_
11 
12 #include <botan/exceptn.h>
13 #include <botan/pk_keys.h>
14 #include <botan/bigint.h>
15 #include <botan/rng.h>
16 #include <botan/uuid.h>
17 #include <functional>
18 
19 //TODO remove this
20 #include <tss/tspi.h>
21 
22 namespace Botan {
23 
25  {
26  public:
27  TPM_Error(const std::string& err) : Exception(err) {}
28  ErrorType error_type() const noexcept override { return ErrorType::TPMError; }
29  };
30 
31 /**
32 * Creates a connection to the TPM. All other TPM types take and hold
33 * a TPM_Context reference, so all other objects must be deallocated
34 * before ~TPM_Context runs.
35 *
36 * Use nullptr for the srk_password to indicate the well known secret
37 * (ie, an unencrypted SRK). This is usually what you want.
38 *
39 * TODO: handling owner password?
40 */
42  {
43  public:
44  /**
45  * User callback for getting the PIN. Will be passed the best available
46  * description of what we are attempting to load.
47  */
48  typedef std::function<std::string (std::string)> pin_cb;
49 
50  TPM_Context(pin_cb cb, const char* srk_password);
51 
52  ~TPM_Context();
53 
54  // Get data from the TPM's RNG, whatever that is
55  void gen_random(uint8_t out[], size_t out_len);
56 
57  // Uses Tspi_TPM_StirRandom to add data to TPM's internal pool
58  void stir_random(const uint8_t in[], size_t in_len);
59 
60  std::string get_user_pin(const std::string& who)
61  {
62  return m_pin_cb(who);
63  }
64 
65  uint32_t current_counter();
66 
67  TSS_HCONTEXT handle() const { return m_ctx; }
68  TSS_HKEY srk() const { return m_srk; }
69 
70  private:
71  std::function<std::string (std::string)> m_pin_cb;
72  TSS_HCONTEXT m_ctx;
73  TSS_HKEY m_srk;
74  TSS_HTPM m_tpm;
75  };
76 
78  {
79  public:
80  TPM_RNG(TPM_Context& ctx) : m_ctx(ctx) {}
81 
82  bool accepts_input() const override { return true; }
83 
84  void add_entropy(const uint8_t in[], size_t in_len) override
85  {
86  m_ctx.stir_random(in, in_len);
87  }
88 
89  void randomize(uint8_t out[], size_t out_len) override
90  {
91  m_ctx.gen_random(out, out_len);
92  }
93 
94  std::string name() const override { return "TPM_RNG"; }
95 
96  bool is_seeded() const override { return true; }
97 
98  private:
99  TPM_Context& m_ctx;
100 };
101 
102 enum class TPM_Storage_Type { User, System };
103 
104 /*
105 * Also implements the public interface, but does not have usable
106 * TODO: derive from RSA_PublicKey???
107 */
109  {
110  public:
111  // TODO: key import?
112 
113  /*
114  * Create a new key on the TPM parented to the SRK
115  * @param bits must be 1024 or 2048
116  */
117  TPM_PrivateKey(TPM_Context& ctx, size_t bits, const char* key_password);
118 
119  // reference an existing TPM key using URL syntax from GnuTLS
120  // "tpmkey:uuid=79f07ca9-73ac-478a-9093-11ca6702e774;storage=user"
121  //TPM_PrivateKey(TPM_Context& ctx, const std::string& tpm_url);
122 
124  const std::string& uuid,
125  TPM_Storage_Type storage_type);
126 
128  const std::vector<uint8_t>& blob);
129 
130  /**
131  * If the key is not currently registered under a known UUID,
132  * generates a new random UUID and registers the key.
133  * Returns the access URL.
134  */
135  std::string register_key(TPM_Storage_Type storage_type);
136 
137  /**
138  * Returns a copy of the public key
139  */
140  std::unique_ptr<Public_Key> public_key() const;
141 
142  std::vector<uint8_t> export_blob() const;
143 
144  TPM_Context& ctx() const { return m_ctx; }
145 
146  TSS_HKEY handle() const { return m_key; }
147 
148  /*
149  * Returns the list of all keys (in URL format) registered with the system
150  */
151  static std::vector<std::string> registered_keys(TPM_Context& ctx);
152 
153  size_t estimated_strength() const override;
154 
155  size_t key_length() const override;
156 
157  AlgorithmIdentifier algorithm_identifier() const override;
158 
159  std::vector<uint8_t> public_key_bits() const override;
160 
161  secure_vector<uint8_t> private_key_bits() const override;
162 
163  bool check_key(RandomNumberGenerator& rng, bool) const override;
164 
165  BigInt get_n() const;
166 
167  BigInt get_e() const;
168 
169  std::string algo_name() const override { return "RSA"; } // ???
170 
171  std::unique_ptr<PK_Ops::Signature>
172  create_signature_op(RandomNumberGenerator& rng,
173  const std::string& params,
174  const std::string& provider) const override;
175 
176  private:
177  TPM_Context& m_ctx;
178  TSS_HKEY m_key;
179 
180  // Only set for registered keys
181  UUID m_uuid;
182  TPM_Storage_Type m_storage;
183 
184  // Lazily computed in get_n, get_e
185  mutable BigInt m_n, m_e;
186  };
187 
188 // TODO: NVRAM interface
189 // TODO: PCR measurement, writing, key locking
190 
191 }
192 
193 #endif
TSS_HKEY handle() const
Definition: tpm.h:146
TPM_Storage_Type
Definition: tpm.h:102
bool is_seeded() const override
Definition: tpm.h:96
bool accepts_input() const override
Definition: tpm.h:82
const BigInt & m_e
Definition: rsa.cpp:419
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
TSS_HKEY srk() const
Definition: tpm.h:68
TPM_Context & ctx() const
Definition: tpm.h:144
std::string name() const override
Definition: tpm.h:94
void randomize(uint8_t out[], size_t out_len) override
Definition: tpm.h:89
void add_entropy(const uint8_t in[], size_t in_len) override
Definition: tpm.h:84
std::string algo_name() const override
Definition: tpm.h:169
std::function< std::string(std::string)> pin_cb
Definition: tpm.h:48
ErrorType
Definition: exceptn.h:20
Definition: alg_id.cpp:13
TPM_RNG(TPM_Context &ctx)
Definition: tpm.h:80
ErrorType error_type() const noexcept override
Definition: tpm.h:28
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
std::string get_user_pin(const std::string &who)
Definition: tpm.h:60
TPM_Error(const std::string &err)
Definition: tpm.h:27
TSS_HCONTEXT handle() const
Definition: tpm.h:67
const RSA_PrivateKey & m_key
Definition: rsa.cpp:296
const BigInt & m_n
Definition: rsa.cpp:418