commit be4150e30ad9cf72fd933c30acf168d6d6e437e9
author Yingdi Yu <yuyingdi@gmail.com> Tue Feb 18 13:02:46 2014 -0800
committer Yingdi Yu <yuyingdi@gmail.com> Wed Feb 19 16:25:36 2014 -0800
tree 91dac6588cd0611377237a59720adbec7d2c4085
parent fc40d878d99d636009659329c614cf38c31039e6

security: Adjust unlocking TPM process.

Change-Id: Iee8787bb9aaa8e05fab9544bd35ce9fe31eecf29

src/security/sec-tpm.cpp

diff --git a/src/security/sec-tpm.cpp b/src/security/sec-tpm.cpp
index a52d839..f93169d 100644
--- a/src/security/sec-tpm.cpp
+++ b/src/security/sec-tpm.cpp
@@ -24,7 +24,7 @@
 namespace ndn {
 
 ConstBufferPtr
-SecTpm::exportPrivateKeyPkcs8FromTpm(const Name& keyName, bool inTerminal, const string& passwordStr)
+SecTpm::exportPrivateKeyPkcs8FromTpm(const Name& keyName, const string& passwordStr)
 {
   uint8_t salt[8] = {0};
   uint8_t iv[8] = {0};
@@ -32,25 +32,6 @@
   try{
     using namespace CryptoPP;
 
-    // check password
-    string password;
-    if(passwordStr.empty())
-      if(!inTerminal)
-        return shared_ptr<Buffer>();
-      else
-        {
-          int count = 0;
-          while(!getPassWord(password, keyName.toUri()))
-            {
-              cerr << "Password mismatch!" << endl;
-              count++;
-              if(count > 3)
-                return shared_ptr<Buffer>();
-            }
-        }
-    else
-      password = passwordStr;
-
     // derive key
     if(!generateRandomBlock(salt, 8))
       return shared_ptr<Buffer>();
@@ -67,11 +48,9 @@
 
     keyGenerator.DeriveKey(derived, derivedLen, 
                            purpose, 
-                           reinterpret_cast<const byte*>(password.c_str()), password.size(), 
+                           reinterpret_cast<const byte*>(passwordStr.c_str()), passwordStr.size(), 
                            salt, 8, 
-                           iterationCount); 
-    
-    memset(const_cast<char*>(password.c_str()), 0, password.size());
+                           iterationCount);
 
     //encrypt
     CBC_Mode< DES_EDE3 >::Encryption e;
@@ -152,7 +131,7 @@
 }
 
 bool
-SecTpm::importPrivateKeyPkcs8IntoTpm(const Name& keyName, const uint8_t* buf, size_t size, bool inTerminal, const string& passwordStr)
+SecTpm::importPrivateKeyPkcs8IntoTpm(const Name& keyName, const uint8_t* buf, size_t size, const string& passwordStr)
 {
   try{
     using namespace CryptoPP;
@@ -227,29 +206,13 @@
     size_t derivedLen = 24; //For DES-EDE3-CBC-PAD
     byte derived[24] = {0};
     byte purpose = 0;
-
-    string password;
-    if(passwordStr.empty())
-      if(inTerminal)
-        {
-          char* pw = getpass("Password for the private key: ");
-          if (!pw)
-            return false;
-          password = pw;
-          memset(pw, 0, strlen(pw));
-        }
-      else
-        return false;
-    else
-      password = passwordStr;
       
     keyGenerator.DeriveKey(derived, derivedLen, 
                            purpose, 
-                           reinterpret_cast<const byte*>(password.c_str()), password.size(), 
+                           reinterpret_cast<const byte*>(passwordStr.c_str()), passwordStr.size(), 
                            saltBlock.BytePtr(), saltBlock.size(), 
                            iterationCount);
 
-    memset(const_cast<char*>(password.c_str()), 0, password.size());
         
     //decrypt
     CBC_Mode< DES_EDE3 >::Decryption d;