Abstract interface for a TPM backend implementation. More...

#include <back-end.hpp>

Inheritance diagram for ndn::security::tpm::BackEnd:

[legend]

Collaboration diagram for ndn::security::tpm::BackEnd:

Public Types
using	Error = Tpm::Error

Public Member Functions
virtual	~BackEnd ()

bool	hasKey (const Name &keyName) const
	Check if the key with name `keyName` exists in the TPM. More...

unique_ptr< KeyHandle >	getKeyHandle (const Name &keyName) const
	Get the handle of the key with name `keyName`. More...

unique_ptr< KeyHandle >	createKey (const Name &identityName, const KeyParams &params)
	Create a key for `identityName` according to `params`. More...

void	deleteKey (const Name &keyName)
	Delete the key with name `keyName`. More...

ConstBufferPtr	exportKey (const Name &keyName, const char *pw, size_t pwLen)
	Get the private key with name `keyName` in encrypted PKCS #8 format. More...

void	importKey (const Name &keyName, span< const uint8_t > pkcs8, const char *pw, size_t pwLen)
	Import a private key in encrypted PKCS #8 format. More...

void	importKey (const Name &keyName, shared_ptr< transform::PrivateKey > key)
	Import a private key. More...

virtual bool	isTerminalMode () const
	Check if the TPM is in terminal mode. More...

virtual void	setTerminalMode (bool isTerminal) const
	Set the terminal mode of the TPM. More...

virtual bool	isTpmLocked () const
	Check if the TPM is locked. More...

virtual NDN_CXX_NODISCARD bool	unlockTpm (const char *pw, size_t pwLen) const
	Unlock the TPM. More...

Protected Member Functions
Name	constructAsymmetricKeyName (const KeyHandle &key, const Name &identity, const KeyParams &params) const
	Construct and return the name of a RSA or EC key, based on `identity` and `params`. More...

Name	constructHmacKeyName (const transform::PrivateKey &key, const Name &identity, const KeyParams &params) const
	Construct and return the name of a HMAC key, based on `identity` and `params`. More...

Detailed Description

Abstract interface for a TPM backend implementation.

This class provides KeyHandle to the front-end and other TPM management operations.

Definition at line 36 of file back-end.hpp.

Member Typedef Documentation

◆ Error

using ndn::security::tpm::BackEnd::Error = Tpm::Error

Definition at line 39 of file back-end.hpp.

Constructor & Destructor Documentation

◆ ~BackEnd()

ndn::security::tpm::BackEnd::~BackEnd ( )

virtualdefault

Member Function Documentation

◆ hasKey()

bool ndn::security::tpm::BackEnd::hasKey ( const Name & keyName ) const

Check if the key with name keyName exists in the TPM.

Returns: True if the key exists, false otherwise.

Definition at line 41 of file back-end.cpp.

Referenced by constructAsymmetricKeyName(), createKey(), exportKey(), and importKey().

◆ getKeyHandle()

unique_ptr< KeyHandle > ndn::security::tpm::BackEnd::getKeyHandle ( const Name & keyName ) const

Get the handle of the key with name keyName.

Calling this function multiple times with the same keyName will return different KeyHandle objects that all refer to the same key.

Returns: The handle of the key, or nullptr if the key does not exist.

Definition at line 47 of file back-end.cpp.

◆ createKey()

unique_ptr< KeyHandle > ndn::security::tpm::BackEnd::createKey	(	const Name &	identityName,
		const KeyParams &	params
	)

Create a key for identityName according to params.

Returns: The handle of the created key.

Exceptions

std::invalid_argument	`params` are invalid.
Error	The key could not be created.

Definition at line 53 of file back-end.cpp.

References ndn::security::v2::constructKeyName(), ndn::KeyParams::getKeyId(), ndn::KeyParams::getKeyIdType(), ndn::KeyParams::getKeyType(), hasKey(), ndn::HMAC, NDN_THROW, ndn::RANDOM, ndn::SHA256, ndn::Name::toUri(), and ndn::USER_SPECIFIED.

◆ deleteKey()

void ndn::security::tpm::BackEnd::deleteKey ( const Name & keyName )

Delete the key with name keyName.

Warning: Continuing to use existing KeyHandle objects for a deleted key results in undefined behavior.

Exceptions

Error The key could not be deleted.

Definition at line 81 of file back-end.cpp.

◆ exportKey()

ConstBufferPtr ndn::security::tpm::BackEnd::exportKey	(	const Name &	keyName,
		const char *	pw,
		size_t	pwLen
	)

Get the private key with name keyName in encrypted PKCS #8 format.

Parameters

keyName	The name of the key.
pw	The password to encrypt the private key.
pwLen	The length of the password.

Returns: The encoded private key.

Exceptions

Error The key does not exist or cannot be exported.

Definition at line 87 of file back-end.cpp.

References hasKey(), NDN_THROW, and ndn::Name::toUri().

◆ importKey() [1/2]

void ndn::security::tpm::BackEnd::importKey	(	const Name &	keyName,
		span< const uint8_t >	pkcs8,
		const char *	pw,
		size_t	pwLen
	)

Import a private key in encrypted PKCS #8 format.

Parameters

keyName	The name of the key to use in the TPM.
pkcs8	The key in encrypted PKCS #8 format.
pw	The password to decrypt the private key.
pwLen	The length of the password.

Exceptions

Error The key could not be imported.

Definition at line 96 of file back-end.cpp.

References hasKey(), NDN_THROW, and ndn::Name::toUri().

◆ importKey() [2/2]

void ndn::security::tpm::BackEnd::importKey	(	const Name &	keyName,
		shared_ptr< transform::PrivateKey >	key
	)

Import a private key.

Exceptions

Error The key could not be imported.

Definition at line 105 of file back-end.cpp.

References hasKey(), nonstd::optional_lite::std11::move(), NDN_THROW, and ndn::Name::toUri().

◆ isTerminalMode()

bool ndn::security::tpm::BackEnd::isTerminalMode ( ) const

virtual

Check if the TPM is in terminal mode.

The default implementation always returns true.

Returns: True if in terminal mode, false otherwise.

Reimplemented in ndn::security::DummyTpm, and ndn::security::tpm::BackEndOsx.

Definition at line 151 of file back-end.cpp.

◆ setTerminalMode()

void ndn::security::tpm::BackEnd::setTerminalMode ( bool isTerminal ) const

virtual

Set the terminal mode of the TPM.

In terminal mode, the TPM will not ask for a password from the GUI. The default implementation does nothing.

Reimplemented in ndn::security::DummyTpm, and ndn::security::tpm::BackEndOsx.

Definition at line 157 of file back-end.cpp.

◆ isTpmLocked()

bool ndn::security::tpm::BackEnd::isTpmLocked ( ) const

virtual

Check if the TPM is locked.

The default implementation always returns false.

Returns: True if locked, false otherwise.

Reimplemented in ndn::security::DummyTpm, and ndn::security::tpm::BackEndOsx.

Definition at line 162 of file back-end.cpp.

Referenced by unlockTpm().

◆ unlockTpm()

bool ndn::security::tpm::BackEnd::unlockTpm	(	const char *	pw,
		size_t	pwLen
	)		const

virtual

Unlock the TPM.

The default implementation does nothing and returns !isTpmLocked().

Parameters

pw	The password to unlock the TPM.
pwLen	The length of the password.

Returns: True if the TPM was unlocked.

Reimplemented in ndn::security::tpm::BackEndOsx.

Definition at line 168 of file back-end.cpp.

References isTpmLocked().

◆ constructAsymmetricKeyName()

Name ndn::security::tpm::BackEnd::constructAsymmetricKeyName	(	const KeyHandle &	key,
		const Name &	identity,
		const KeyParams &	params
	)		const

protected

Construct and return the name of a RSA or EC key, based on identity and params.

Definition at line 114 of file back-end.cpp.

References ndn::OBufferStream::buf(), ndn::security::v2::constructKeyName(), ndn::security::tpm::KeyHandle::derivePublicKey(), ndn::security::transform::digestFilter(), ndn::name::Component::fromNumber(), ndn::random::generateSecureWord64(), ndn::KeyParams::getKeyId(), ndn::KeyParams::getKeyIdType(), hasKey(), NDN_THROW, ndn::RANDOM, ndn::SHA256, ndn::security::transform::streamSink(), and ndn::USER_SPECIFIED.

Referenced by ndn::security::tpm::BackEndOsx::derivePublicKey(), ndn::security::tpm::BackEndMem::getScheme(), and ndn::security::tpm::BackEndFile::getScheme().

◆ constructHmacKeyName()

Name ndn::security::tpm::BackEnd::constructHmacKeyName	(	const transform::PrivateKey &	key,
		const Name &	identity,
		const KeyParams &	params
	)		const

protected

Construct and return the name of a HMAC key, based on identity and params.

Definition at line 144 of file back-end.cpp.

References ndn::security::transform::PrivateKey::getKeyDigest(), ns3::ndn::Name, and ndn::SHA256.

Referenced by ndn::security::tpm::BackEndMem::getScheme().

The documentation for this class was generated from the following files:

ndnSIM/ndn-cxx/ndn-cxx/security/tpm/back-end.hpp
ndnSIM/ndn-cxx/ndn-cxx/security/tpm/back-end.cpp

Public Types

Public Member Functions

Protected Member Functions

Detailed Description

Member Typedef Documentation

◆ Error

Constructor & Destructor Documentation

◆ ~BackEnd()

Member Function Documentation

◆ hasKey()

◆ getKeyHandle()

◆ createKey()

◆ deleteKey()

◆ exportKey()

◆ importKey() [1/2]

◆ importKey() [2/2]

◆ isTerminalMode()

◆ setTerminalMode()

◆ isTpmLocked()

◆ unlockTpm()

◆ constructAsymmetricKeyName()

◆ constructHmacKeyName()