Abstraction of Tpm back-end. More...
#include <back-end.hpp>
Classes | |
class | Error |
Public Member Functions | |
virtual | ~BackEnd () |
bool | hasKey (const Name &keyName) const |
unique_ptr< KeyHandle > | getKeyHandle (const Name &keyName) const |
unique_ptr< KeyHandle > | createKey (const Name &identity, const KeyParams ¶ms) |
Create key for identity according to params . More... | |
void | deleteKey (const Name &keyName) |
Delete a key with name keyName . More... | |
ConstBufferPtr | exportKey (const Name &keyName, const char *pw, size_t pwLen) |
void | importKey (const Name &keyName, const uint8_t *pkcs8, size_t pkcs8Len, const char *pw, size_t pwLen) |
Import a private key in encrypted PKCS #8 format. More... | |
virtual bool | isTerminalMode () const |
Check if TPM is in terminal mode. More... | |
virtual void | setTerminalMode (bool isTerminal) const |
Set the terminal mode of TPM. More... | |
virtual bool | isTpmLocked () const |
virtual bool | unlockTpm (const char *pw, size_t pwLen) const |
Unlock TPM. More... | |
Static Protected Member Functions | |
static void | setKeyName (KeyHandle &keyHandle, const Name &identity, const KeyParams ¶ms) |
Set the key name in keyHandle according to identity and params . More... | |
Abstraction of Tpm back-end.
This class provides KeyHandle to the front-end and other TPM management operations.
Definition at line 41 of file back-end.hpp.
|
virtualdefault |
bool ndn::security::tpm::BackEnd::hasKey | ( | const Name & | keyName | ) | const |
keyName
exists in TPM. Definition at line 39 of file back-end.cpp.
Referenced by createKey(), exportKey(), and importKey().
keyName
, or nullptr if the key does not exist.Calling getKeyHandle multiple times with the same keyName will return different KeyHandle objects that all refer to the same key.
Definition at line 45 of file back-end.cpp.
unique_ptr< KeyHandle > ndn::security::tpm::BackEnd::createKey | ( | const Name & | identity, |
const KeyParams & | params | ||
) |
Create key for identity
according to params
.
The key name is set in the returned KeyHandle.
Tpm::Error | params are invalid |
Error | the key cannot be created |
Definition at line 51 of file back-end.cpp.
References ndn::security::v2::constructKeyName(), ndn::name::Component::fromNumber(), ndn::random::generateSecureWord64(), ndn::KeyParams::getKeyId(), ndn::KeyParams::getKeyIdType(), hasKey(), ndn::RANDOM, ndn::SHA256, ndn::Name::toUri(), and ndn::USER_SPECIFIED.
void ndn::security::tpm::BackEnd::deleteKey | ( | const Name & | keyName | ) |
Delete a key with name keyName
.
Continuing to use existing KeyHandles on a deleted key results in undefined behavior.
Error | if the deletion fails. |
Definition at line 86 of file back-end.cpp.
ConstBufferPtr ndn::security::tpm::BackEnd::exportKey | ( | const Name & | keyName, |
const char * | pw, | ||
size_t | pwLen | ||
) |
keyName
in encrypted PKCS #8 format using password pw
Error | the key does not exist |
Error | the key cannot be exported, e.g., insufficient privilege |
Definition at line 92 of file back-end.cpp.
References hasKey(), and ndn::Name::toUri().
void ndn::security::tpm::BackEnd::importKey | ( | const Name & | keyName, |
const uint8_t * | pkcs8, | ||
size_t | pkcs8Len, | ||
const char * | pw, | ||
size_t | pwLen | ||
) |
Import a private key in encrypted PKCS #8 format.
keyName | The name of imported private key |
pkcs8 | Pointer to the key in encrypted PKCS #8 format |
pkcs8Len | The size of the key in encrypted PKCS #8 format |
pw | The password to decrypt the private key |
pwLen | The length of the password |
Error | import failed |
Definition at line 101 of file back-end.cpp.
References hasKey(), and ndn::Name::toUri().
|
virtual |
Check if TPM is in terminal mode.
Default implementation always returns true.
Reimplemented in ndn::security::DummyTpm, and ndn::security::tpm::BackEndOsx.
Definition at line 142 of file back-end.cpp.
|
virtual |
Set the terminal mode of TPM.
In terminal mode, TPM will not ask user permission from GUI.
Default implementation does nothing.
Reimplemented in ndn::security::DummyTpm, and ndn::security::tpm::BackEndOsx.
Definition at line 148 of file back-end.cpp.
|
virtual |
Default implementation always returns false.
Reimplemented in ndn::security::DummyTpm, and ndn::security::tpm::BackEndOsx.
Definition at line 153 of file back-end.cpp.
Referenced by unlockTpm().
|
virtual |
Unlock TPM.
pw | The password to unlock TPM |
pwLen | The password size. |
Default implementation always returns !isTpmLocked()
Reimplemented in ndn::security::tpm::BackEndOsx.
Definition at line 159 of file back-end.cpp.
References isTpmLocked().
|
staticprotected |
Set the key name in keyHandle
according to identity
and params
.
Definition at line 110 of file back-end.cpp.
References ndn::OBufferStream::buf(), ndn::security::v2::constructKeyName(), ndn::security::tpm::KeyHandle::derivePublicKey(), ndn::security::transform::digestFilter(), ndn::name::Component::empty(), ndn::KeyParams::getKeyId(), ndn::KeyParams::getKeyIdType(), ndn::RANDOM, ndn::security::tpm::KeyHandle::setKeyName(), ndn::SHA256, ndn::security::transform::streamSink(), and ndn::USER_SPECIFIED.