15712221889

Committed 17 Jun 2025 10:50AM UTC coverage: 90.562% (-0.009%) from 90.571%

Build # 15712221889

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #4919 from randombit/jack/clang-tidy-headers-in-ci

Clang-tidy headers in CI

Run Details

98791 of 109086 relevant lines covered (90.56%)

12355613.82 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

94.74

/src/lib/prov/tpm2/tpm2_session.cpp

/*
* TPM 2 Auth Session Wrapper
* (C) 2024 Jack Lloyd
* (C) 2024 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity GmbH, financed by LANCOM Systems GmbH
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/tpm2_session.h>

#include <botan/tpm2_key.h>

#include <botan/internal/stl_util.h>
#include <botan/internal/tpm2_algo_mappings.h>
#include <botan/internal/tpm2_util.h>

namespace Botan::TPM2 {

namespace {

using SessionAttributesWrapper =
   AttributeWrapper<TPMA_SESSION,
                    SessionAttributes,
                    PropMap{&SessionAttributes::continue_session, TPMA_SESSION_CONTINUESESSION},
                    PropMap{&SessionAttributes::audit_exclusive, TPMA_SESSION_AUDITEXCLUSIVE},
                    PropMap{&SessionAttributes::audit_reset, TPMA_SESSION_AUDITRESET},
                    PropMap{&SessionAttributes::decrypt, TPMA_SESSION_DECRYPT},
                    PropMap{&SessionAttributes::encrypt, TPMA_SESSION_ENCRYPT},
                    PropMap{&SessionAttributes::audit, TPMA_SESSION_AUDIT}>;

}  // namespace

SessionAttributes SessionAttributes::read(TPMA_SESSION attributes) {
   return SessionAttributesWrapper::read(attributes);
}

TPMA_SESSION SessionAttributes::render(SessionAttributes attributes) {
   return SessionAttributesWrapper::render(attributes);
}

// static
std::shared_ptr<Session> Session::unauthenticated_session(const std::shared_ptr<Context>& ctx,
                                                          std::string_view sym_algo,
                                                          std::string_view hash_algo) {
   Object session(ctx);
   const auto auth_sym = get_tpm2_sym_cipher_spec(sym_algo);
   const auto auth_hash_algo = get_tpm2_hash_type(hash_algo);

   BOTAN_ASSERT_NONNULL(ctx);

   check_rc("Esys_StartSession",
            Esys_StartAuthSession(*ctx,
                                  ESYS_TR_NONE,
                                  ESYS_TR_NONE,
                                  ESYS_TR_NONE,
                                  ESYS_TR_NONE,
                                  ESYS_TR_NONE,
                                  nullptr /*NonceCaller generated automatically*/,
                                  TPM2_SE_HMAC,
                                  &auth_sym,
                                  auth_hash_algo,
                                  out_transient_handle(session)));

   return std::shared_ptr<Session>(new Session(std::move(session),
                                               {
                                                  .continue_session = true,
                                                  .decrypt = true,
                                                  .encrypt = true,
                                               }));
}

std::shared_ptr<Session> Session::authenticated_session(const std::shared_ptr<Context>& ctx,
                                                        const TPM2::PrivateKey& tpm_key,
                                                        std::string_view sym_algo,
                                                        std::string_view hash_algo) {
   Object session(ctx);
   const auto auth_sym = get_tpm2_sym_cipher_spec(sym_algo);
   const auto auth_hash_algo = get_tpm2_hash_type(hash_algo);

   BOTAN_ASSERT_NONNULL(ctx);

   check_rc("Esys_StartSession",
            Esys_StartAuthSession(*ctx,
                                  tpm_key.handles().transient_handle(),
                                  tpm_key.handles().transient_handle(),
                                  ESYS_TR_NONE,
                                  ESYS_TR_NONE,
                                  ESYS_TR_NONE,
                                  nullptr /*NonceCaller generated automatically*/,
                                  TPM2_SE_HMAC,
                                  &auth_sym,
                                  auth_hash_algo,
                                  out_transient_handle(session)));

   return std::shared_ptr<Session>(new Session(std::move(session),
                                               {
                                                  .continue_session = true,
                                                  .decrypt = true,
                                                  .encrypt = true,
                                               }));
}

Session::Session(Object session, SessionAttributes attributes) : m_session(std::move(session)) {
   set_attributes(attributes);
}

SessionAttributes Session::attributes() const {
   TPMA_SESSION attrs;
   check_rc("Esys_TRSess_GetAttributes",
            Esys_TRSess_GetAttributes(*m_session.context(), m_session.transient_handle(), &attrs));
   return SessionAttributes::read(attrs);
}

void Session::set_attributes(SessionAttributes attributes) {
   check_rc("Esys_TRSess_SetAttributes",
            Esys_TRSess_SetAttributes(
               *m_session.context(), m_session.transient_handle(), SessionAttributes::render(attributes), 0xFF));
}

secure_vector<uint8_t> Session::tpm_nonce() const {
   unique_esys_ptr<TPM2B_NONCE> nonce;
   check_rc("Esys_TRSess_GetNonceTPM",
            Esys_TRSess_GetNonceTPM(*m_session.context(), m_session.transient_handle(), out_ptr(nonce)));
   return copy_into<secure_vector<uint8_t>>(*nonce);
}

detail::SessionHandle::SessionHandle(Session& session) :
      m_session(session), m_original_attributes(session.attributes()) {}

detail::SessionHandle::~SessionHandle() {
   try {
      if(m_session) {
         m_session->get().set_attributes(m_original_attributes);
      }
   } catch(...) {}
}

[[nodiscard]] detail::SessionHandle::operator ESYS_TR() && noexcept {
   if(m_session) {
      return m_session->get().transient_handle();
   } else {
      return ESYS_TR_NONE;
   }
}

}  // namespace Botan::TPM2

1	/*
2	* TPM 2 Auth Session Wrapper
3	* (C) 2024 Jack Lloyd
4	* (C) 2024 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity GmbH, financed by LANCOM Systems GmbH
5	*
6	* Botan is released under the Simplified BSD License (see license.txt)
7	*/
8
9	#include <botan/tpm2_session.h>
10
11	#include <botan/tpm2_key.h>
12
13	#include <botan/internal/stl_util.h>
14	#include <botan/internal/tpm2_algo_mappings.h>
15	#include <botan/internal/tpm2_util.h>
16
17	namespace Botan::TPM2 {
18
19	namespace {
20
21	using SessionAttributesWrapper =
22	AttributeWrapper<TPMA_SESSION,
23	SessionAttributes,
24	PropMap{&SessionAttributes::continue_session, TPMA_SESSION_CONTINUESESSION},
25	PropMap{&SessionAttributes::audit_exclusive, TPMA_SESSION_AUDITEXCLUSIVE},
26	PropMap{&SessionAttributes::audit_reset, TPMA_SESSION_AUDITRESET},
27	PropMap{&SessionAttributes::decrypt, TPMA_SESSION_DECRYPT},
28	PropMap{&SessionAttributes::encrypt, TPMA_SESSION_ENCRYPT},
29	PropMap{&SessionAttributes::audit, TPMA_SESSION_AUDIT}>;
30
31	} // namespace
32
33	SessionAttributes SessionAttributes::read(TPMA_SESSION attributes) {	344✔
34	return SessionAttributesWrapper::read(attributes);	×
35	}
36
37	TPMA_SESSION SessionAttributes::render(SessionAttributes attributes) {	376✔
38	return SessionAttributesWrapper::render(attributes);	×
39	}
40
41	// static
42	std::shared_ptr<Session> Session::unauthenticated_session(const std::shared_ptr<Context>& ctx,	20✔
43	std::string_view sym_algo,
44	std::string_view hash_algo) {
45	Object session(ctx);	20✔
46	const auto auth_sym = get_tpm2_sym_cipher_spec(sym_algo);	20✔
47	const auto auth_hash_algo = get_tpm2_hash_type(hash_algo);	20✔
48
49	BOTAN_ASSERT_NONNULL(ctx);	20✔
50
51	check_rc("Esys_StartSession",	20✔
52	Esys_StartAuthSession(*ctx,	20✔
53	ESYS_TR_NONE,
54	ESYS_TR_NONE,
55	ESYS_TR_NONE,
56	ESYS_TR_NONE,
57	ESYS_TR_NONE,
58	nullptr /NonceCaller generated automatically/,
59	TPM2_SE_HMAC,
60	&auth_sym,
61	auth_hash_algo,
62	out_transient_handle(session)));	20✔
63
64	return std::shared_ptr<Session>(new Session(std::move(session),	20✔
65	{
66	.continue_session = true,
67	.decrypt = true,
68	.encrypt = true,
69	}));	60✔
70	}	20✔
71
72	std::shared_ptr<Session> Session::authenticated_session(const std::shared_ptr<Context>& ctx,	14✔
73	const TPM2::PrivateKey& tpm_key,
74	std::string_view sym_algo,
75	std::string_view hash_algo) {
76	Object session(ctx);	14✔
77	const auto auth_sym = get_tpm2_sym_cipher_spec(sym_algo);	14✔
78	const auto auth_hash_algo = get_tpm2_hash_type(hash_algo);	14✔
79
80	BOTAN_ASSERT_NONNULL(ctx);	14✔
81
82	check_rc("Esys_StartSession",	28✔
83	Esys_StartAuthSession(*ctx,	28✔
84	tpm_key.handles().transient_handle(),	14✔
85	tpm_key.handles().transient_handle(),	14✔
86	ESYS_TR_NONE,
87	ESYS_TR_NONE,
88	ESYS_TR_NONE,
89	nullptr /NonceCaller generated automatically/,
90	TPM2_SE_HMAC,
91	&auth_sym,
92	auth_hash_algo,
93	out_transient_handle(session)));	14✔
94
95	return std::shared_ptr<Session>(new Session(std::move(session),	14✔
96	{
97	.continue_session = true,
98	.decrypt = true,
99	.encrypt = true,
100	}));	42✔
101	}	14✔
102
103	Session::Session(Object session, SessionAttributes attributes) : m_session(std::move(session)) {	34✔
104	set_attributes(attributes);	34✔
105	}	34✔
106
107	SessionAttributes Session::attributes() const {	344✔
108	TPMA_SESSION attrs;	344✔
109	check_rc("Esys_TRSess_GetAttributes",	688✔
110	Esys_TRSess_GetAttributes(*m_session.context(), m_session.transient_handle(), &attrs));	688✔
111	return SessionAttributes::read(attrs);	344✔
112	}
113
114	void Session::set_attributes(SessionAttributes attributes) {	376✔
115	check_rc("Esys_TRSess_SetAttributes",	752✔
116	Esys_TRSess_SetAttributes(
117	*m_session.context(), m_session.transient_handle(), SessionAttributes::render(attributes), 0xFF));	376✔
118	}	376✔
119
120	secure_vector<uint8_t> Session::tpm_nonce() const {	12✔
121	unique_esys_ptr<TPM2B_NONCE> nonce;	12✔
122	check_rc("Esys_TRSess_GetNonceTPM",	24✔
123	Esys_TRSess_GetNonceTPM(*m_session.context(), m_session.transient_handle(), out_ptr(nonce)));	12✔
124	return copy_into<secure_vector<uint8_t>>(*nonce);	12✔
125	}	12✔
126
127	detail::SessionHandle::SessionHandle(Session& session) :	342✔
128	m_session(session), m_original_attributes(session.attributes()) {}	342✔
129
130	detail::SessionHandle::~SessionHandle() {	1,164✔
131	try {	1,164✔
132	if(m_session) {	1,164✔
133	m_session->get().set_attributes(m_original_attributes);	342✔
134	}
135	} catch(...) {}	×
136	}	1,164✔
137
138	[[nodiscard]] detail::SessionHandle::operator ESYS_TR() && noexcept {	1,164✔
139	if(m_session) {	1,164✔
140	return m_session->get().transient_handle();	342✔
141	} else {
142	return ESYS_TR_NONE;
143	}
144	}
145
146	} // namespace Botan::TPM2

randombit / botan / 15712221889

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous