SecTpm is the base class of the TPM classes. More...
#include <sec-tpm.hpp>
Classes | |
class | Error |
Public Member Functions | |
SecTpm (const std::string &location) | |
virtual | ~SecTpm () |
std::string | getTpmLocator () |
virtual void | setTpmPassword (const uint8_t *password, size_t passwordLength)=0 |
set password of TPM More... | |
virtual void | resetTpmPassword ()=0 |
reset password of TPM More... | |
virtual void | setInTerminal (bool inTerminal)=0 |
Set inTerminal flag to. More... | |
virtual bool | getInTerminal () const =0 |
Get value of inTerminal flag. More... | |
virtual bool | isLocked ()=0 |
Check if TPM is locked. More... | |
virtual bool | unlockTpm (const char *password, size_t passwordLength, bool usePassword)=0 |
Unlock the TPM. More... | |
virtual void | generateKeyPairInTpm (const Name &keyName, const KeyParams ¶ms)=0 |
Generate a pair of asymmetric keys. More... | |
virtual void | deleteKeyPairInTpm (const Name &keyName)=0 |
Delete a key pair of asymmetric keys. More... | |
virtual shared_ptr< PublicKey > | getPublicKeyFromTpm (const Name &keyName)=0 |
Get a public key. More... | |
virtual Block | signInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, DigestAlgorithm digestAlgorithm)=0 |
Sign data. More... | |
virtual ConstBufferPtr | decryptInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)=0 |
Decrypt data. More... | |
virtual ConstBufferPtr | encryptInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)=0 |
Encrypt data. More... | |
virtual void | generateSymmetricKeyInTpm (const Name &keyName, const KeyParams ¶ms)=0 |
Generate a symmetric key. More... | |
virtual bool | doesKeyExistInTpm (const Name &keyName, KeyClass keyClass)=0 |
Check if a particular key exists. More... | |
virtual bool | generateRandomBlock (uint8_t *res, size_t size)=0 |
Generate a random block. More... | |
virtual void | addAppToAcl (const Name &keyName, KeyClass keyClass, const std::string &appPath, AclType acl)=0 |
Add the application into the ACL of a particular key. More... | |
ConstBufferPtr | exportPrivateKeyPkcs5FromTpm (const Name &keyName, const std::string &password) |
Export a private key in PKCS#5 format. More... | |
bool | importPrivateKeyPkcs5IntoTpm (const Name &keyName, const uint8_t *buffer, size_t bufferSize, const std::string &password) |
Import a private key in PKCS#5 formatted. More... | |
Protected Member Functions | |
virtual std::string | getScheme ()=0 |
virtual ConstBufferPtr | exportPrivateKeyPkcs8FromTpm (const Name &keyName)=0 |
Export a private key in PKCS#8 format. More... | |
virtual bool | importPrivateKeyPkcs8IntoTpm (const Name &keyName, const uint8_t *buffer, size_t bufferSize)=0 |
Import a private key from PKCS#8 formatted. More... | |
virtual bool | importPublicKeyPkcs1IntoTpm (const Name &keyName, const uint8_t *buffer, size_t bufferSize)=0 |
Import a public key in PKCS#1 formatted. More... | |
virtual bool | getImpExpPassWord (std::string &password, const std::string &prompt) |
Get import/export password. More... | |
Protected Attributes | |
std::string | m_location |
SecTpm is the base class of the TPM classes.
It specifies the interfaces of private/secret key related operations.
Definition at line 41 of file sec-tpm.hpp.
|
explicit |
Definition at line 35 of file sec-tpm.cpp.
|
virtual |
Definition at line 40 of file sec-tpm.cpp.
std::string ndn::SecTpm::getTpmLocator | ( | ) |
Definition at line 45 of file sec-tpm.cpp.
References getScheme(), and m_location.
|
pure virtual |
set password of TPM
Password is used to unlock TPM when it is locked. You should be cautious when using this method, because remembering password is kind of dangerous.
password | The password |
passwordLength | The length of password |
Implemented in ndn::SecTpmOsx, and ndn::SecTpmFile.
|
pure virtual |
reset password of TPM
Implemented in ndn::SecTpmOsx, and ndn::SecTpmFile.
|
pure virtual |
Set inTerminal flag to.
inTerminal | If the inTerminal flag is set, and password is not set, TPM may ask for password via terminal. inTerminal flag is set by default. |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
|
pure virtual |
Get value of inTerminal flag.
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
|
pure virtual |
Check if TPM is locked.
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
|
pure virtual |
Unlock the TPM.
password | The password. |
passwordLength | The password size. 0 indicates no password. |
usePassword | True if we want to use the supplied password to unlock the TPM. |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
|
pure virtual |
Generate a pair of asymmetric keys.
keyName | The name of the key pair. |
params | The parameters of key. |
SecTpm::Error | if fails. |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
|
pure virtual |
Delete a key pair of asymmetric keys.
keyName | The name of the key pair. |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
Get a public key.
keyName | The public key name. |
SecTpm::Error | if public key does not exist in TPM. |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
|
pure virtual |
Sign data.
data | Pointer to the byte array to be signed. |
dataLength | The length of data. |
keyName | The name of the signing key. |
digestAlgorithm | the digest algorithm. |
SecTpm::Error | if signing fails. |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
|
pure virtual |
Decrypt data.
data | Pointer to the byte arry to be decrypted. |
dataLength | The length of data. |
keyName | The name of the decrypting key. |
isSymmetric | If true symmetric encryption is used, otherwise asymmetric encryption. |
SecTpm::Error | if decryption fails. |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
|
pure virtual |
Encrypt data.
data | Pointer to the byte arry to be decrypted. |
dataLength | The length of data. |
keyName | The name of the encrypting key. |
isSymmetric | If true symmetric encryption is used, otherwise asymmetric encryption. |
SecTpm::Error | if encryption fails. |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
|
pure virtual |
Generate a symmetric key.
keyName | The name of the key. |
params | The parameter of the key. |
SecTpm::Error | if key generating fails. |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
|
pure virtual |
Check if a particular key exists.
keyName | The name of the key. |
keyClass | The class of the key, e.g. KEY_CLASS_PUBLIC, KEY_CLASS_PRIVATE. |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
|
pure virtual |
Generate a random block.
res | The pointer to the generated block |
size | The random block size |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
Referenced by exportPrivateKeyPkcs5FromTpm().
|
pure virtual |
Add the application into the ACL of a particular key.
keyName | the name of key |
keyClass | the class of key, e.g. Private Key |
appPath | the absolute path to the application |
acl | the new acl of the key |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
ConstBufferPtr ndn::SecTpm::exportPrivateKeyPkcs5FromTpm | ( | const Name & | keyName, |
const std::string & | password | ||
) |
Export a private key in PKCS#5 format.
keyName | The private key name |
password | The password to encrypt the private key |
SecTpm::Error | if private key cannot be exported |
Definition at line 51 of file sec-tpm.cpp.
References ndn::OBufferStream::buf(), ndn::OID::encode(), exportPrivateKeyPkcs8FromTpm(), and generateRandomBlock().
bool ndn::SecTpm::importPrivateKeyPkcs5IntoTpm | ( | const Name & | keyName, |
const uint8_t * | buffer, | ||
size_t | bufferSize, | ||
const std::string & | password | ||
) |
Import a private key in PKCS#5 formatted.
buffer | of size |
bufferSize | Also recover the public key and installed it in TPM. |
keyName | The private key name |
buffer | Pointer to the first byte of the buffer containing PKCS#5-encoded private key info |
bufferSize | Size of the buffer |
password | The password to encrypt the private key |
Definition at line 174 of file sec-tpm.cpp.
References ndn::OBufferStream::buf(), ndn::OID::decode(), ndn::oid::ECDSA, importPrivateKeyPkcs8IntoTpm(), importPublicKeyPkcs1IntoTpm(), ndn::KEY_TYPE_ECDSA, ndn::KEY_TYPE_NULL, ndn::KEY_TYPE_RSA, and ndn::oid::RSA.
|
protectedpure virtual |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
Referenced by getTpmLocator().
|
protectedpure virtual |
Export a private key in PKCS#8 format.
keyName | The private key name. |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
Referenced by exportPrivateKeyPkcs5FromTpm().
|
protectedpure virtual |
Import a private key from PKCS#8 formatted.
buffer | of size |
bufferSize | |
keyName | The private key name. |
buffer | Pointer to the first byte of the buffer containing PKCS#8-encoded private key info |
bufferSize | Size of the buffer |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
Referenced by importPrivateKeyPkcs5IntoTpm().
|
protectedpure virtual |
Import a public key in PKCS#1 formatted.
buffer | of size |
bufferSize | |
keyName | The public key name |
buffer | Pointer to the first byte of the buffer containing PKCS#1-encoded private key info |
bufferSize | Size of the buffer |
Implemented in ndn::SecTpmFile, and ndn::SecTpmOsx.
Referenced by importPrivateKeyPkcs5IntoTpm().
|
protectedvirtual |
Get import/export password.
password | On return, the password. |
prompt | Prompt for password, i.e., "Password for key:" |
Definition at line 362 of file sec-tpm.cpp.
|
protected |
Definition at line 300 of file sec-tpm.hpp.
Referenced by getTpmLocator().