26995937053

Committed 04 Jun 2026 09:38PM UTC coverage: 89.394% (-2.3%) from 91.672%

Build # 26995937053

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5642 from randombit/jack/prefetch-in-ks

Improve prefetching for table based implementations

Coverage Stats

110588 of 123708 relevant lines covered (89.39%)

11056434.37 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

84.0

/src/lib/prov/tpm2/tpm2_object.cpp

/*
* TPM 2.0 Base Object handling
* (C) 2024 Jack Lloyd
* (C) 2024 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity GmbH, financed by LANCOM Systems GmbH
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/tpm2_object.h>

#include <botan/tpm2_session.h>

#include <botan/internal/stl_util.h>
#include <botan/internal/tpm2_util.h>

#include <tss2/tss2_esys.h>

namespace Botan::TPM2 {

namespace {

using ObjectAttributesWrapper =
   AttributeWrapper<TPMA_OBJECT,
                    ObjectAttributes,
                    PropMap{&ObjectAttributes::fixed_tpm, TPMA_OBJECT_FIXEDTPM},
                    PropMap{&ObjectAttributes::st_clear, TPMA_OBJECT_STCLEAR},
                    PropMap{&ObjectAttributes::fixed_parent, TPMA_OBJECT_FIXEDPARENT},
                    PropMap{&ObjectAttributes::sensitive_data_origin, TPMA_OBJECT_SENSITIVEDATAORIGIN},
                    PropMap{&ObjectAttributes::user_with_auth, TPMA_OBJECT_USERWITHAUTH},
                    PropMap{&ObjectAttributes::admin_with_policy, TPMA_OBJECT_ADMINWITHPOLICY},
                    PropMap{&ObjectAttributes::no_da, TPMA_OBJECT_NODA},
                    PropMap{&ObjectAttributes::encrypted_duplication, TPMA_OBJECT_ENCRYPTEDDUPLICATION},
                    PropMap{&ObjectAttributes::restricted, TPMA_OBJECT_RESTRICTED},
                    PropMap{&ObjectAttributes::decrypt, TPMA_OBJECT_DECRYPT},
                    PropMap{&ObjectAttributes::sign_encrypt, TPMA_OBJECT_SIGN_ENCRYPT},
                    PropMap{&ObjectAttributes::x509sign, TPMA_OBJECT_X509SIGN}>;

}  // namespace

ObjectAttributes ObjectAttributes::read(TPMA_OBJECT attributes) {
   return ObjectAttributesWrapper::read(attributes);
}

TPMA_OBJECT ObjectAttributes::render(ObjectAttributes attributes) {
   return ObjectAttributesWrapper::render(attributes);
}

Object::Object(std::shared_ptr<Context> ctx) : m_ctx(std::move(ctx)), m_handles(std::make_unique<ObjectHandles>()) {
   BOTAN_ASSERT_NONNULL(m_ctx);
}

Object::Object(std::shared_ptr<Context> ctx, ESYS_TR handle) : Object(std::move(ctx)) {
   m_handles->transient = handle;
}

Object::Object(Object&& other) noexcept :
      m_ctx(std::move(other.m_ctx)),
      m_handles(std::move(other.m_handles)),
      m_public_info(std::move(other.m_public_info)) {
   other.scrub();
}

Object::~Object() {
   if(m_handles) {
      flush();
   }
}

Object& Object::operator=(Object&& other) noexcept {
   if(this != &other) {
      flush();
      m_ctx = std::move(other.m_ctx);
      m_handles = std::move(other.m_handles);
      m_public_info = std::move(other.m_public_info);
      other.scrub();
   }
   return *this;
}

/// Flush the object's TPM handles as necessary
void Object::flush() const noexcept {
   // Only purely transient objects have to be flushed
   if(has_transient_handle()) {
      if(has_persistent_handle()) {
         Esys_TR_Close(m_ctx->esys_context(), &m_handles->transient);
      } else {
         Esys_FlushContext(m_ctx->esys_context(), m_handles->transient);
      }
   }
}

/// Destroy the object's internal state, making the destructor a no-op.
/// No more operations except the destructor must be performed on that object.
void Object::scrub() {
   m_ctx.reset();
   m_handles.reset();
   m_public_info.reset();
}

/// Flush the object's TPM handles and reset its internal state
void Object::_reset() noexcept {
   flush();
   _disengage();
}

/// Reset the object's internal state without flushing its TPM handles
void Object::_disengage() noexcept {
   if(m_handles) {
      *m_handles = ObjectHandles();
   }
   m_public_info.reset();
}

bool Object::has_persistent_handle() const {
   return m_handles->persistent.has_value();
}

bool Object::has_transient_handle() const {
   return m_handles->transient != ESYS_TR_NONE;
}

TPM2_HANDLE Object::persistent_handle() const {
   BOTAN_STATE_CHECK(has_persistent_handle());
   return *m_handles->persistent;
}

ESYS_TR Object::transient_handle() const noexcept {
   return m_handles->transient;
}

ObjectAttributes Object::attributes(const SessionBundle& sessions) const {
   const auto attrs = _public_info(sessions).pub->publicArea.objectAttributes;
   return ObjectAttributes::read(attrs);
}

PublicInfo& Object::_public_info(const SessionBundle& sessions, std::optional<TPMI_ALG_PUBLIC> expected_type) const {
   if(!m_public_info) {
      m_public_info = std::make_unique<PublicInfo>();

      check_rc("Esys_ReadPublic",
               Esys_ReadPublic(m_ctx->esys_context(),
                               m_handles->transient,
                               sessions[0],
                               sessions[1],
                               sessions[2],
                               out_ptr(m_public_info->pub),
                               out_ptr(m_public_info->name),
                               out_ptr(m_public_info->qualified_name)));
      BOTAN_ASSERT_NONNULL(m_public_info->pub);

      if(expected_type) {
         BOTAN_STATE_CHECK(m_public_info->pub->publicArea.type == *expected_type);
      }
   }

   return *m_public_info;
}

ObjectHandles& Object::handles() {
   return *m_handles;
}

}  // namespace Botan::TPM2

1	/*
2	* TPM 2.0 Base Object handling
3	* (C) 2024 Jack Lloyd
4	* (C) 2024 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity GmbH, financed by LANCOM Systems GmbH
5	*
6	* Botan is released under the Simplified BSD License (see license.txt)
7	*/
8
9	#include <botan/tpm2_object.h>
10
11	#include <botan/tpm2_session.h>
12
13	#include <botan/internal/stl_util.h>
14	#include <botan/internal/tpm2_util.h>
15
16	#include <tss2/tss2_esys.h>
17
18	namespace Botan::TPM2 {
19
20	namespace {
21
22	using ObjectAttributesWrapper =
23	AttributeWrapper<TPMA_OBJECT,
24	ObjectAttributes,
25	PropMap{&ObjectAttributes::fixed_tpm, TPMA_OBJECT_FIXEDTPM},
26	PropMap{&ObjectAttributes::st_clear, TPMA_OBJECT_STCLEAR},
27	PropMap{&ObjectAttributes::fixed_parent, TPMA_OBJECT_FIXEDPARENT},
28	PropMap{&ObjectAttributes::sensitive_data_origin, TPMA_OBJECT_SENSITIVEDATAORIGIN},
29	PropMap{&ObjectAttributes::user_with_auth, TPMA_OBJECT_USERWITHAUTH},
30	PropMap{&ObjectAttributes::admin_with_policy, TPMA_OBJECT_ADMINWITHPOLICY},
31	PropMap{&ObjectAttributes::no_da, TPMA_OBJECT_NODA},
32	PropMap{&ObjectAttributes::encrypted_duplication, TPMA_OBJECT_ENCRYPTEDDUPLICATION},
33	PropMap{&ObjectAttributes::restricted, TPMA_OBJECT_RESTRICTED},
34	PropMap{&ObjectAttributes::decrypt, TPMA_OBJECT_DECRYPT},
35	PropMap{&ObjectAttributes::sign_encrypt, TPMA_OBJECT_SIGN_ENCRYPT},
36	PropMap{&ObjectAttributes::x509sign, TPMA_OBJECT_X509SIGN}>;
37
38	} // namespace
39
40	ObjectAttributes ObjectAttributes::read(TPMA_OBJECT attributes) {	24✔
41	return ObjectAttributesWrapper::read(attributes);	24✔
42	}
43
44	TPMA_OBJECT ObjectAttributes::render(ObjectAttributes attributes) {	6✔
45	return ObjectAttributesWrapper::render(attributes);	6✔
46	}
47
48	Object::Object(std::shared_ptr<Context> ctx) : m_ctx(std::move(ctx)), m_handles(std::make_unique<ObjectHandles>()) {	133✔
49	BOTAN_ASSERT_NONNULL(m_ctx);	133✔
50	}	133✔
51
52	Object::Object(std::shared_ptr<Context> ctx, ESYS_TR handle) : Object(std::move(ctx)) {	×
53	m_handles->transient = handle;	×
54	}	×
55
56	Object::Object(Object&& other) noexcept :	418✔
57	m_ctx(std::move(other.m_ctx)),	418✔
58	m_handles(std::move(other.m_handles)),	418✔
59	m_public_info(std::move(other.m_public_info)) {	418✔
60	other.scrub();	418✔
61	}	418✔
62
63	Object::~Object() {	550✔
64	if(m_handles) {	550✔
65	flush();	132✔
66	}
67	}	682✔
68
69	Object& Object::operator=(Object&& other) noexcept {	×
70	if(this != &other) {	×
71	flush();	×
72	m_ctx = std::move(other.m_ctx);	×
73	m_handles = std::move(other.m_handles);	×
74	m_public_info = std::move(other.m_public_info);	×
75	other.scrub();	×
76	}
77	return *this;	×
78	}
79
80	/// Flush the object's TPM handles as necessary
81	void Object::flush() const noexcept {	136✔
82	// Only purely transient objects have to be flushed
83	if(has_transient_handle()) {	136✔
84	if(has_persistent_handle()) {	121✔
85	Esys_TR_Close(m_ctx->esys_context(), &m_handles->transient);	75✔
86	} else {
87	Esys_FlushContext(m_ctx->esys_context(), m_handles->transient);	46✔
88	}
89	}
90	}	136✔
91
92	/// Destroy the object's internal state, making the destructor a no-op.
93	/// No more operations except the destructor must be performed on that object.
94	void Object::scrub() {	418✔
95	m_ctx.reset();	418✔
96	m_handles.reset();	418✔
97	m_public_info.reset();	418✔
98	}	418✔
99
100	/// Flush the object's TPM handles and reset its internal state
101	void Object::_reset() noexcept {	4✔
102	flush();	4✔
103	_disengage();	4✔
104	}	4✔
105
106	/// Reset the object's internal state without flushing its TPM handles
107	void Object::_disengage() noexcept {	32✔
108	if(m_handles) {	32✔
109	*m_handles = ObjectHandles();	32✔
110	}
111	m_public_info.reset();	32✔
112	}	32✔
113
114	bool Object::has_persistent_handle() const {	209✔
115	return m_handles->persistent.has_value();	209✔
116	}
117
118	bool Object::has_transient_handle() const {	222✔
119	return m_handles->transient != ESYS_TR_NONE;	222✔
120	}
121
122	TPM2_HANDLE Object::persistent_handle() const {	67✔
123	BOTAN_STATE_CHECK(has_persistent_handle());	67✔
124	return *m_handles->persistent;	67✔
125	}
126
127	ESYS_TR Object::transient_handle() const noexcept {	1,362✔
128	return m_handles->transient;	1,362✔
129	}
130
131	ObjectAttributes Object::attributes(const SessionBundle& sessions) const {	24✔
132	const auto attrs = _public_info(sessions).pub->publicArea.objectAttributes;	24✔
133	return ObjectAttributes::read(attrs);	24✔
134	}
135
136	PublicInfo& Object::_public_info(const SessionBundle& sessions, std::optional<TPMI_ALG_PUBLIC> expected_type) const {	217✔
137	if(!m_public_info) {	217✔
138	m_public_info = std::make_unique<PublicInfo>();	84✔
139
140	check_rc("Esys_ReadPublic",	336✔
141	Esys_ReadPublic(m_ctx->esys_context(),	84✔
142	m_handles->transient,	84✔
143	sessions[0],
144	sessions[1],
145	sessions[2],
146	out_ptr(m_public_info->pub),	84✔
147	out_ptr(m_public_info->name),	168✔
148	out_ptr(m_public_info->qualified_name)));	84✔
149	BOTAN_ASSERT_NONNULL(m_public_info->pub);	84✔
150
151	if(expected_type) {	84✔
152	BOTAN_STATE_CHECK(m_public_info->pub->publicArea.type == *expected_type);	×
153	}
154	}
155
156	return *m_public_info;	217✔
157	}
158
159	ObjectHandles& Object::handles() {	229✔
160	return *m_handles;	229✔
161	}
162
163	} // namespace Botan::TPM2

randombit / botan / 26995937053

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous