security: Move KeyChain to security::v1 namespace and deprecated it
Change-Id: Ic4b6915ca15998a83b410f3f8fac027f797ee7ca
Refs: #3098
diff --git a/src/security/v1/sec-tpm.hpp b/src/security/v1/sec-tpm.hpp
new file mode 100644
index 0000000..5acb0c3
--- /dev/null
+++ b/src/security/v1/sec-tpm.hpp
@@ -0,0 +1,319 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2017 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ *
+ * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
+ */
+
+#ifndef NDN_SECURITY_V1_SEC_TPM_HPP
+#define NDN_SECURITY_V1_SEC_TPM_HPP
+
+#include "../../common.hpp"
+#include "../security-common.hpp"
+#include "../../name.hpp"
+#include "../../data.hpp"
+#include "../key-params.hpp"
+#include "public-key.hpp"
+
+namespace ndn {
+namespace security {
+namespace v1 {
+
+/**
+ * @brief SecTpm is the base class of the TPM classes.
+ *
+ * It specifies the interfaces of private/secret key related operations.
+ */
+class SecTpm : noncopyable
+{
+public:
+ class Error : public std::runtime_error
+ {
+ public:
+ explicit
+ Error(const std::string& what)
+ : std::runtime_error(what)
+ {
+ }
+ };
+
+ explicit
+ SecTpm(const std::string& location);
+
+ virtual
+ ~SecTpm();
+
+ std::string
+ getTpmLocator();
+
+ /**
+ * @brief set password of TPM
+ *
+ * Password is used to unlock TPM when it is locked.
+ * You should be cautious when using this method, because remembering password is kind of
+ * dangerous.
+ *
+ * @param password The password
+ * @param passwordLength The length of password
+ */
+ virtual void
+ setTpmPassword(const uint8_t* password, size_t passwordLength) = 0;
+
+ /**
+ * @brief reset password of TPM
+ */
+ virtual void
+ resetTpmPassword() = 0;
+
+ /**
+ * @brief Set inTerminal flag to @p inTerminal
+ *
+ * If the inTerminal flag is set, and password is not set, TPM may ask for password via terminal.
+ * inTerminal flag is set by default.
+ */
+ virtual void
+ setInTerminal(bool inTerminal) = 0;
+
+ /**
+ * @brief Get value of inTerminal flag
+ */
+ virtual bool
+ getInTerminal() const = 0;
+
+ /**
+ * @brief Check if TPM is locked
+ */
+ virtual bool
+ isLocked() = 0;
+
+ /**
+ * @brief Unlock the TPM
+ *
+ * @param password The password.
+ * @param passwordLength The password size. 0 indicates no password.
+ * @param usePassword True if we want to use the supplied password to unlock the TPM.
+ * @return true if TPM is unlocked, otherwise false.
+ */
+ virtual bool
+ unlockTpm(const char* password, size_t passwordLength, bool usePassword) = 0;
+
+ /**
+ * @brief Generate a pair of asymmetric keys.
+ *
+ * @param keyName The name of the key pair.
+ * @param params The parameters of key.
+ * @throws SecTpm::Error if fails.
+ */
+ virtual void
+ generateKeyPairInTpm(const Name& keyName, const KeyParams& params) = 0;
+
+ /**
+ * @brief Delete a key pair of asymmetric keys.
+ *
+ * @param keyName The name of the key pair.
+ */
+ virtual void
+ deleteKeyPairInTpm(const Name& keyName) = 0;
+
+ /**
+ * @brief Get a public key.
+ *
+ * @param keyName The public key name.
+ * @return The public key.
+ * @throws SecTpm::Error if public key does not exist in TPM.
+ */
+ virtual shared_ptr<v1::PublicKey>
+ getPublicKeyFromTpm(const Name& keyName) = 0;
+
+ /**
+ * @brief Sign data.
+ *
+ * @param data Pointer to the byte array to be signed.
+ * @param dataLength The length of data.
+ * @param keyName The name of the signing key.
+ * @param digestAlgorithm the digest algorithm.
+ * @return The signature block.
+ * @throws SecTpm::Error if signing fails.
+ */
+ virtual Block
+ signInTpm(const uint8_t* data, size_t dataLength,
+ const Name& keyName,
+ DigestAlgorithm digestAlgorithm) = 0;
+
+ /**
+ * @brief Decrypt data.
+ *
+ * @param data Pointer to the byte arry to be decrypted.
+ * @param dataLength The length of data.
+ * @param keyName The name of the decrypting key.
+ * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric encryption.
+ * @return The decrypted data.
+ * @throws SecTpm::Error if decryption fails.
+ */
+ virtual ConstBufferPtr
+ decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric) = 0;
+
+ /**
+ * @brief Encrypt data.
+ *
+ * @param data Pointer to the byte arry to be decrypted.
+ * @param dataLength The length of data.
+ * @param keyName The name of the encrypting key.
+ * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric encryption.
+ * @return The encrypted data.
+ * @throws SecTpm::Error if encryption fails.
+ */
+ virtual ConstBufferPtr
+ encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric) = 0;
+
+ /**
+ * @brief Generate a symmetric key.
+ *
+ * @param keyName The name of the key.
+ * @param params The parameter of the key.
+ * @throws SecTpm::Error if key generating fails.
+ */
+ virtual void
+ generateSymmetricKeyInTpm(const Name& keyName, const KeyParams& params) = 0;
+
+ /**
+ * @brief Check if a particular key exists.
+ *
+ * @param keyName The name of the key.
+ * @param keyClass The class of the key, e.g. KeyClass::PUBLIC, KeyClass::PRIVATE.
+ * @return True if the key exists, otherwise false.
+ */
+ virtual bool
+ doesKeyExistInTpm(const Name& keyName, KeyClass keyClass) = 0;
+
+ /**
+ * @brief Generate a random block
+ *
+ * @param res The pointer to the generated block
+ * @param size The random block size
+ * @return true for success, otherwise false
+ */
+ virtual bool
+ generateRandomBlock(uint8_t* res, size_t size) = 0;
+
+ /**
+ * @brief Add the application into the ACL of a particular key
+ *
+ * @param keyName the name of key
+ * @param keyClass the class of key, e.g. Private Key
+ * @param appPath the absolute path to the application
+ * @param acl the new acl of the key
+ */
+ virtual void
+ addAppToAcl(const Name& keyName, KeyClass keyClass, const std::string& appPath, AclType acl) = 0;
+
+ /**
+ * @brief Export a private key in PKCS#5 format
+ *
+ * @param keyName The private key name
+ * @param password The password to encrypt the private key
+ * @return The private key info (in PKCS8 format) if exist
+ * @throws SecTpm::Error if private key cannot be exported
+ */
+ ConstBufferPtr
+ exportPrivateKeyPkcs5FromTpm(const Name& keyName, const std::string& password);
+
+ /**
+ * @brief Import a private key in PKCS#5 formatted buffer of size @p bufferSize
+ *
+ * Also recover the public key and installed it in TPM.
+ *
+ * @param keyName The private key name
+ * @param buffer Pointer to the first byte of the buffer containing PKCS#5-encoded
+ * private key info
+ * @param bufferSize Size of the buffer
+ * @param password The password to encrypt the private key
+ * @return false if import fails
+ */
+ bool
+ importPrivateKeyPkcs5IntoTpm(const Name& keyName,
+ const uint8_t* buffer, size_t bufferSize,
+ const std::string& password);
+
+protected:
+ virtual std::string
+ getScheme() = 0;
+
+ /**
+ * @brief Export a private key in PKCS#8 format.
+ *
+ * @param keyName The private key name.
+ * @return The private key info (in PKCS#8 format) if exist, otherwise a NULL pointer.
+ */
+ virtual ConstBufferPtr
+ exportPrivateKeyPkcs8FromTpm(const Name& keyName) = 0;
+
+ /**
+ * @brief Import a private key from PKCS#8 formatted buffer of size @p bufferSize
+ *
+ * @param keyName The private key name.
+ * @param buffer Pointer to the first byte of the buffer containing PKCS#8-encoded
+ * private key info
+ * @param bufferSize Size of the buffer
+ * @return false if import fails
+ */
+ virtual bool
+ importPrivateKeyPkcs8IntoTpm(const Name& keyName, const uint8_t* buffer, size_t bufferSize) = 0;
+
+ /**
+ * @brief Import a public key in PKCS#1 formatted buffer of size @p bufferSize
+ *
+ * @param keyName The public key name
+ * @param buffer Pointer to the first byte of the buffer containing PKCS#1-encoded
+ * private key info
+ * @param bufferSize Size of the buffer
+ * @return false if import fails
+ */
+ virtual bool
+ importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buffer, size_t bufferSize) = 0;
+
+ /**
+ * @brief Get import/export password.
+ *
+ * @param password On return, the password.
+ * @param prompt Prompt for password, i.e., "Password for key:"
+ * @return true if password has been obtained.
+ */
+ virtual bool
+ getImpExpPassWord(std::string& password, const std::string& prompt);
+
+protected:
+ std::string m_location;
+};
+
+} // namespace v1
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+using v1::SecTpm;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
+} // namespace security
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+using security::v1::SecTpm;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
+} // namespace ndn
+
+#endif // NDN_SECURITY_V1_SEC_TPM_HPP