Abstract interface for a TPM backend implementation. More...
#include <back-end.hpp>
Classes | |
class | Error |
Public Member Functions | |
virtual | ~BackEnd () |
bool | hasKey (const Name &keyName) const |
Check if the key with name keyName exists in the TPM. More... | |
unique_ptr< KeyHandle > | getKeyHandle (const Name &keyName) const |
Get the handle of the key with name keyName . More... | |
unique_ptr< KeyHandle > | createKey (const Name &identityName, const KeyParams ¶ms) |
Create a key for identityName according to params . More... | |
void | deleteKey (const Name &keyName) |
Delete the key with name keyName . More... | |
ConstBufferPtr | exportKey (const Name &keyName, const char *pw, size_t pwLen) |
Get the private key with name keyName in encrypted PKCS #8 format. More... | |
void | importKey (const Name &keyName, const uint8_t *pkcs8, size_t pkcs8Len, const char *pw, size_t pwLen) |
Import a private key in encrypted PKCS #8 format. More... | |
virtual bool | isTerminalMode () const |
Check if the TPM is in terminal mode. More... | |
virtual void | setTerminalMode (bool isTerminal) const |
Set the terminal mode of the TPM. More... | |
virtual bool | isTpmLocked () const |
Check if the TPM is locked. More... | |
virtual bool | unlockTpm (const char *pw, size_t pwLen) const |
Unlock the TPM. More... | |
Static Protected Member Functions | |
static void | setKeyName (KeyHandle &keyHandle, const Name &identity, const KeyParams ¶ms) |
Set the key name in keyHandle according to identity and params . More... | |
Abstract interface for a TPM backend implementation.
This class provides KeyHandle to the front-end and other TPM management operations.
Definition at line 40 of file back-end.hpp.
|
virtualdefault |
bool ndn::security::tpm::BackEnd::hasKey | ( | const Name & | keyName | ) | const |
Check if the key with name keyName
exists in the TPM.
Definition at line 39 of file back-end.cpp.
Referenced by createKey(), exportKey(), and importKey().
Get the handle of the key with name keyName
.
Calling this function multiple times with the same keyName
will return different KeyHandle objects that all refer to the same key.
Definition at line 45 of file back-end.cpp.
unique_ptr< KeyHandle > ndn::security::tpm::BackEnd::createKey | ( | const Name & | identityName, |
const KeyParams & | params | ||
) |
Create a key for identityName
according to params
.
Tpm::Error | params are invalid. |
Error | The key could not be created. |
Definition at line 51 of file back-end.cpp.
References ndn::security::v2::constructKeyName(), ndn::name::Component::fromNumber(), ndn::random::generateSecureWord64(), ndn::KeyParams::getKeyId(), ndn::KeyParams::getKeyIdType(), hasKey(), ndn::RANDOM, ndn::SHA256, ndn::Name::toUri(), and ndn::USER_SPECIFIED.
void ndn::security::tpm::BackEnd::deleteKey | ( | const Name & | keyName | ) |
Delete the key with name keyName
.
Error | The key could not be deleted. |
Definition at line 86 of file back-end.cpp.
ConstBufferPtr ndn::security::tpm::BackEnd::exportKey | ( | const Name & | keyName, |
const char * | pw, | ||
size_t | pwLen | ||
) |
Get the private key with name keyName
in encrypted PKCS #8 format.
keyName | The name of the key. |
pw | The password to encrypt the private key. |
pwLen | The length of the password. |
Error | The key does not exist or cannot be exported. |
Definition at line 92 of file back-end.cpp.
References hasKey(), and ndn::Name::toUri().
void ndn::security::tpm::BackEnd::importKey | ( | const Name & | keyName, |
const uint8_t * | pkcs8, | ||
size_t | pkcs8Len, | ||
const char * | pw, | ||
size_t | pwLen | ||
) |
Import a private key in encrypted PKCS #8 format.
keyName | The name of the key to use in the TPM. |
pkcs8 | Pointer to the key in encrypted PKCS #8 format. |
pkcs8Len | The size of the key in encrypted PKCS #8 format. |
pw | The password to decrypt the private key. |
pwLen | The length of the password. |
Error | The key could not be imported. |
Definition at line 101 of file back-end.cpp.
References hasKey(), and ndn::Name::toUri().
|
virtual |
Check if the TPM is in terminal mode.
The default implementation always returns true.
Reimplemented in ndn::security::DummyTpm, and ndn::security::tpm::BackEndOsx.
Definition at line 142 of file back-end.cpp.
|
virtual |
Set the terminal mode of the TPM.
In terminal mode, the TPM will not ask for a password from the GUI. The default implementation does nothing.
Reimplemented in ndn::security::DummyTpm, and ndn::security::tpm::BackEndOsx.
Definition at line 148 of file back-end.cpp.
|
virtual |
Check if the TPM is locked.
The default implementation always returns false.
Reimplemented in ndn::security::DummyTpm, and ndn::security::tpm::BackEndOsx.
Definition at line 153 of file back-end.cpp.
Referenced by unlockTpm().
|
virtual |
Unlock the TPM.
The default implementation does nothing and returns !isTpmLocked()
.
pw | The password to unlock the TPM. |
pwLen | The length of the password. |
Reimplemented in ndn::security::tpm::BackEndOsx.
Definition at line 159 of file back-end.cpp.
References isTpmLocked().
|
staticprotected |
Set the key name in keyHandle
according to identity
and params
.
Definition at line 110 of file back-end.cpp.
References ndn::OBufferStream::buf(), ndn::security::v2::constructKeyName(), ndn::security::tpm::KeyHandle::derivePublicKey(), ndn::security::transform::digestFilter(), ndn::name::Component::empty(), ndn::KeyParams::getKeyId(), ndn::KeyParams::getKeyIdType(), ndn::RANDOM, ndn::security::tpm::KeyHandle::setKeyName(), ndn::SHA256, ndn::security::transform::streamSink(), and ndn::USER_SPECIFIED.