Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Support external ESYS_CONTEXT in TPM2 #4430

Merged
merged 6 commits into from
Nov 11, 2024
Merged

Feature: Support external ESYS_CONTEXT in TPM2 #4430

merged 6 commits into from
Nov 11, 2024

Conversation

atreiber94
Copy link
Collaborator

(Don't be scared, the large diff is due to file renaming...)

Certain applications may want the flexibilty to do more than currently possible within Botan::TPM2 and therefore may rely on an ESYS_CONTEXT that is not created via Botan's interface.

This results in 2 major use cases:

  • Create a TPM2::Context from an ESYS_CONTEXT managed by the application
    This is useful to selectively benefit from wrapped functionality in Botan while maintaining the flexibility to use all of ESAPI
  • Use ESAPI for everything but register Botans TPM crypto backend

Unfortunately there is some added complexity because of the different kinds of memory management involved between the different APIs. Externally provided ESYS_CONTEXT objects are not retained by TPM2::Context, and are therefore not finalized in its destructor.

@atreiber94 atreiber94 added the enhancement Enhancement or new feature label Nov 8, 2024
@reneme reneme added this to the Botan 3.7.0 milestone Nov 8, 2024
atreiber94 and others added 2 commits November 8, 2024 17:49
@atreiber94 @reneme
Add free standing functions to use TPM2 Crypto Backend with an ESYS_C…
f20bac3 
…ONTEXT*

Co-Authored-By: René Meusel <[email protected]>
@atreiber94 @reneme
Allow TPM2::Context to wrap an existing ESYS_CONTEXT*
ae51a07 
The ESYS_CONTEXT is managed by the application and
will not be finalized by the TPM2::Context.

Co-Authored-By: René Meusel <[email protected]>
@coveralls
Copy link

coveralls commented Nov 8, 2024
edited
Loading

Coverage Status

coverage: 91.064% (-0.009%) from 91.073%
when pulling 9fcff47 on Rohde-Schwarz:feature/tpm2_external_ctx
into d35b793 on randombit:master.

@randombit randombit requested a review from reneme November 9, 2024 10:06
randombit
randombit approved these changes Nov 9, 2024
View reviewed changes
Copy link
Owner

@randombit randombit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine to me but @reneme has a lot more context here so I’d like his review if possible

reneme
reneme requested changes Nov 11, 2024
View reviewed changes
Copy link
Collaborator

@reneme reneme left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was involved in the development of this patch, pair-programming with @atreiber94. Nevertheless, we forgot to test this with --disabled-modules=tpm2_crypto_backend 😨. Needs a little #ifdef fairy dust, therefore.

src/lib/ffi/ffi.h Outdated Show resolved Hide resolved
src/lib/ffi/ffi_tpm2.cpp Outdated Show resolved Hide resolved
src/lib/ffi/ffi_tpm2.cpp Show resolved Hide resolved
src/lib/prov/tpm2/tpm2_context.cpp Outdated Show resolved Hide resolved
src/lib/prov/tpm2/tpm2_context.cpp Outdated Show resolved Hide resolved
src/lib/prov/tpm2/tpm2_context.cpp Outdated Show resolved Hide resolved
@atreiber94 atreiber94 merged commit 6f26bcd into randombit:master Nov 11, 2024
38 checks passed
@reneme reneme deleted the feature/tpm2_external_ctx branch November 11, 2024 13:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reneme reneme reneme approved these changes

@randombit randombit randombit approved these changes

Assignees
No one assigned
Labels
enhancement Enhancement or new feature
Projects
None yet
Milestone
Botan 3.7.0
Development

Successfully merging this pull request may close these issues.
4 participants
@atreiber94 @coveralls @randombit @reneme