Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 2 | /** |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 3 | * Copyright (C) 2013 Regents of the University of California. |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 4 | * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 5 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 6 | * See COPYING for copyright and distribution information. |
| 7 | */ |
| 8 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 9 | #ifndef NDN_SECURITY_SEC_TPM_HPP |
| 10 | #define NDN_SECURITY_SEC_TPM_HPP |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 11 | |
Alexander Afanasyev | e2dcdfd | 2014-02-07 15:53:28 -0800 | [diff] [blame] | 12 | #include "../common.hpp" |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 13 | #include "security-common.hpp" |
| 14 | #include "../name.hpp" |
| 15 | #include "../data.hpp" |
| 16 | #include "public-key.hpp" |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 17 | |
| 18 | namespace ndn { |
| 19 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 20 | /** |
| 21 | * @brief SecTpm is the base class of the TPM classes. |
| 22 | * |
| 23 | * It specifies the interfaces of private/secret key related operations. |
| 24 | */ |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 25 | class SecTpm |
| 26 | { |
Jeff Thompson | a50703f | 2013-09-17 14:24:15 -0700 | [diff] [blame] | 27 | public: |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 28 | class Error : public std::runtime_error |
| 29 | { |
| 30 | public: |
| 31 | explicit |
| 32 | Error(const std::string& what) |
| 33 | : std::runtime_error(what) |
| 34 | { |
| 35 | } |
| 36 | }; |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 37 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 38 | virtual |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 39 | ~SecTpm() {} |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 40 | |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 41 | /** |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 42 | * @brief set password of TPM |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 43 | * |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 44 | * Password is used to unlock TPM when it is locked. |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 45 | * You should be cautious when using this method, because remembering password is kind of |
| 46 | * dangerous. |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 47 | * |
| 48 | * @param password The password. |
| 49 | * @param passwordLength The length of password. |
| 50 | */ |
| 51 | virtual void |
| 52 | setTpmPassword(const uint8_t* password, size_t passwordLength) = 0; |
| 53 | |
| 54 | /** |
| 55 | * @brief reset password of TPM |
| 56 | */ |
| 57 | virtual void |
| 58 | resetTpmPassword() = 0; |
| 59 | |
| 60 | /** |
| 61 | * @brief set inTerminal flag |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 62 | * |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 63 | * If the inTerminal flag is set, and password is not set, TPM may ask for password via terminal. |
| 64 | * inTerminal flag is set by default. |
| 65 | * |
| 66 | * @param inTerminal. |
| 67 | */ |
| 68 | virtual void |
| 69 | setInTerminal(bool inTerminal) = 0; |
| 70 | |
| 71 | /** |
| 72 | * @brief get inTerminal flag |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 73 | * |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 74 | * @return inTerminal flag. |
| 75 | */ |
| 76 | virtual bool |
| 77 | getInTerminal() = 0; |
| 78 | |
| 79 | /** |
| 80 | * @brief check if TPM is locked. |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 81 | * |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 82 | * @return true if locked, false otherwise |
| 83 | */ |
| 84 | virtual bool |
| 85 | locked() = 0; |
| 86 | |
| 87 | /** |
| 88 | * @brief Unlock the TPM. |
| 89 | * |
| 90 | * @param password The password. |
| 91 | * @param passwordLength The password size. 0 indicates no password. |
| 92 | * @param usePassword True if we want to use the supplied password to unlock the TPM. |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 93 | * @return true if TPM is unlocked, otherwise false. |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 94 | */ |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 95 | virtual bool |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 96 | unlockTpm(const char* password, size_t passwordLength, bool usePassword) = 0; |
| 97 | |
| 98 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 99 | * @brief Generate a pair of asymmetric keys. |
| 100 | * |
Jeff Thompson | 6c314bc | 2013-09-23 18:09:38 -0700 | [diff] [blame] | 101 | * @param keyName The name of the key pair. |
| 102 | * @param keyType The type of the key pair, e.g. KEY_TYPE_RSA. |
| 103 | * @param keySize The size of the key pair. |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 104 | * @throws SecTpm::Error if fails. |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 105 | */ |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 106 | virtual void |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 107 | generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize) = 0; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 108 | |
Yingdi Yu | 28fd32f | 2014-01-28 19:03:03 -0800 | [diff] [blame] | 109 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 110 | * @brief Delete a key pair of asymmetric keys. |
| 111 | * |
Yingdi Yu | 28fd32f | 2014-01-28 19:03:03 -0800 | [diff] [blame] | 112 | * @param keyName The name of the key pair. |
| 113 | */ |
| 114 | virtual void |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 115 | deleteKeyPairInTpm(const Name& keyName) = 0; |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 116 | |
| 117 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 118 | * @brief Get a public key. |
| 119 | * |
| 120 | * @param keyName The public key name. |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 121 | * @return The public key. |
| 122 | * @throws SecTpm::Error if public key does not exist in TPM. |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 123 | */ |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 124 | virtual shared_ptr<PublicKey> |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 125 | getPublicKeyFromTpm(const Name& keyName) = 0; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 126 | |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 127 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 128 | * @brief Sign data. |
| 129 | * |
| 130 | * @param data Pointer to the byte array to be signed. |
Jeff Thompson | 4c11b9f | 2013-09-13 11:05:28 -0700 | [diff] [blame] | 131 | * @param dataLength The length of data. |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 132 | * @param keyName The name of the signing key. |
| 133 | * @param digestAlgorithm the digest algorithm. |
Yingdi Yu | 3c5887c | 2014-01-21 18:19:49 -0800 | [diff] [blame] | 134 | * @return The signature block. |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 135 | * @throws SecTpm::Error if signing fails. |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 136 | */ |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 137 | virtual Block |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 138 | signInTpm(const uint8_t* data, size_t dataLength, |
| 139 | const Name& keyName, |
| 140 | DigestAlgorithm digestAlgorithm) = 0; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 141 | |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 142 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 143 | * @brief Decrypt data. |
| 144 | * |
| 145 | * @param data Pointer to the byte arry to be decrypted. |
| 146 | * @param dataLength The length of data. |
Jeff Thompson | 6c314bc | 2013-09-23 18:09:38 -0700 | [diff] [blame] | 147 | * @param keyName The name of the decrypting key. |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 148 | * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric encryption. |
Jeff Thompson | 6c314bc | 2013-09-23 18:09:38 -0700 | [diff] [blame] | 149 | * @return The decrypted data. |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 150 | * @throws SecTpm::Error if decryption fails. |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 151 | */ |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 152 | virtual ConstBufferPtr |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 153 | decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric) = 0; |
Jeff Thompson | 6c314bc | 2013-09-23 18:09:38 -0700 | [diff] [blame] | 154 | |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 155 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 156 | * @brief Encrypt data. |
| 157 | * |
| 158 | * @param data Pointer to the byte arry to be decrypted. |
| 159 | * @param dataLength The length of data. |
Jeff Thompson | 6c314bc | 2013-09-23 18:09:38 -0700 | [diff] [blame] | 160 | * @param keyName The name of the encrypting key. |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 161 | * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric encryption. |
Jeff Thompson | 6c314bc | 2013-09-23 18:09:38 -0700 | [diff] [blame] | 162 | * @return The encrypted data. |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 163 | * @throws SecTpm::Error if encryption fails. |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 164 | */ |
Alexander Afanasyev | 64a3d81 | 2014-01-05 23:35:05 -0800 | [diff] [blame] | 165 | virtual ConstBufferPtr |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 166 | encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric) = 0; |
Jeff Thompson | 6c314bc | 2013-09-23 18:09:38 -0700 | [diff] [blame] | 167 | |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 168 | /** |
Jeff Thompson | 6c314bc | 2013-09-23 18:09:38 -0700 | [diff] [blame] | 169 | * @brief Generate a symmetric key. |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 170 | * |
Jeff Thompson | 6c314bc | 2013-09-23 18:09:38 -0700 | [diff] [blame] | 171 | * @param keyName The name of the key. |
| 172 | * @param keyType The type of the key, e.g. KEY_TYPE_AES. |
| 173 | * @param keySize The size of the key. |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 174 | * @throws SecTpm::Error if key generating fails. |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 175 | */ |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 176 | virtual void |
Yingdi Yu | b4bb85a | 2014-01-16 10:11:04 -0800 | [diff] [blame] | 177 | generateSymmetricKeyInTpm(const Name& keyName, KeyType keyType, int keySize) = 0; |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 178 | |
| 179 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 180 | * @brief Check if a particular key exists. |
| 181 | * |
Jeff Thompson | 6c314bc | 2013-09-23 18:09:38 -0700 | [diff] [blame] | 182 | * @param keyName The name of the key. |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 183 | * @param keyClass The class of the key, e.g. KEY_CLASS_PUBLIC, KEY_CLASS_PRIVATE. |
Jeff Thompson | 6c314bc | 2013-09-23 18:09:38 -0700 | [diff] [blame] | 184 | * @return True if the key exists, otherwise false. |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 185 | */ |
| 186 | virtual bool |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 187 | doesKeyExistInTpm(const Name& keyName, KeyClass keyClass) = 0; |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 188 | |
| 189 | /** |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 190 | * @brief Generate a random block. |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 191 | * |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 192 | * @param res The pointer to the generated block. |
| 193 | * @param size The random block size. |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 194 | * @return true for success, otherwise false. |
| 195 | */ |
| 196 | virtual bool |
| 197 | generateRandomBlock(uint8_t* res, size_t size) = 0; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 198 | |
| 199 | /** |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 200 | * @brief Add the application into the ACL of a particular key. |
| 201 | * |
| 202 | * @param keyName the name of key |
| 203 | * @param keyClass the class of key, e.g. Private Key |
| 204 | * @param appPath the absolute path to the application |
| 205 | * @param acl the new acl of the key |
| 206 | */ |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 207 | virtual void |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 208 | addAppToACL(const Name& keyName, KeyClass keyClass, const std::string& appPath, AclType acl) = 0; |
| 209 | |
| 210 | /** |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 211 | * @brief Export a private key in PKCS#8 format. |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 212 | * |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 213 | * @param keyName The private key name. |
| 214 | * @param password The password to encrypt the private key. |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 215 | * @return The private key info (in PKCS8 format) if exist. |
| 216 | * @throws SecTpm::Error if private key cannot be exported. |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 217 | */ |
| 218 | ConstBufferPtr |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 219 | exportPrivateKeyPkcs8FromTpm(const Name& keyName, const std::string& password); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 220 | |
| 221 | /** |
| 222 | * @brief Import a private key in PKCS#8 format. |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 223 | * |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 224 | * Also recover the public key and installed it in TPM. |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 225 | * |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 226 | * @param keyName The private key name. |
| 227 | * @param key The encoded private key info. |
| 228 | * @param password The password to encrypt the private key. |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 229 | * @return False if import fails. |
| 230 | */ |
| 231 | bool |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 232 | importPrivateKeyPkcs8IntoTpm(const Name& keyName, |
| 233 | const uint8_t* buf, size_t size, |
| 234 | const std::string& password); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 235 | |
| 236 | protected: |
| 237 | /** |
| 238 | * @brief Export a private key in PKCS#1 format. |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 239 | * |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 240 | * @param keyName The private key name. |
| 241 | * @return The private key info (in PKCS#1 format) if exist, otherwise a NULL pointer. |
| 242 | */ |
| 243 | virtual ConstBufferPtr |
| 244 | exportPrivateKeyPkcs1FromTpm(const Name& keyName) = 0; |
| 245 | |
| 246 | /** |
| 247 | * @brief Import a private key in PKCS#1 format. |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 248 | * |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 249 | * @param keyName The private key name. |
| 250 | * @param key The encoded private key info. |
| 251 | * @return False if import fails. |
| 252 | */ |
| 253 | virtual bool |
| 254 | importPrivateKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size) = 0; |
| 255 | |
| 256 | /** |
| 257 | * @brief Import a public key in PKCS#1 format. |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 258 | * |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 259 | * @param keyName The public key name. |
| 260 | * @param key The encoded public key info. |
| 261 | * @return False if import fails. |
| 262 | */ |
| 263 | virtual bool |
| 264 | importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size) = 0; |
| 265 | |
| 266 | |
| 267 | /** |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 268 | * @brief Get import/export password. |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 269 | * |
| 270 | * @param password On return, the password. |
| 271 | * @param prompt Prompt for password, i.e., "Password for key:" |
| 272 | * @return true if password has been obtained. |
| 273 | */ |
| 274 | inline virtual bool |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 275 | getImpExpPassWord(std::string& password, const std::string& prompt); |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 276 | }; |
| 277 | |
Yingdi Yu | f8fc8de | 2014-02-25 15:45:39 -0800 | [diff] [blame] | 278 | inline bool |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 279 | SecTpm::getImpExpPassWord(std::string& password, const std::string& prompt) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 280 | { |
| 281 | int result = false; |
| 282 | |
| 283 | char* pw0 = NULL; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 284 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 285 | pw0 = getpass(prompt.c_str()); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 286 | if (!pw0) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 287 | return false; |
| 288 | std::string password1 = pw0; |
| 289 | memset(pw0, 0, strlen(pw0)); |
| 290 | |
| 291 | pw0 = getpass("Confirm:"); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 292 | if (!pw0) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 293 | { |
| 294 | char* pw1 = const_cast<char*>(password1.c_str()); |
| 295 | memset(pw1, 0, password1.size()); |
| 296 | return false; |
| 297 | } |
| 298 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 299 | if (!password1.compare(pw0)) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 300 | { |
| 301 | result = true; |
| 302 | password.swap(password1); |
| 303 | } |
| 304 | |
| 305 | char* pw1 = const_cast<char*>(password1.c_str()); |
| 306 | memset(pw1, 0, password1.size()); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 307 | memset(pw0, 0, strlen(pw0)); |
| 308 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 309 | if (password.empty()) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 310 | return false; |
| 311 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 312 | return result; |
| 313 | } |
| 314 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 315 | } // namespace ndn |
Jeff Thompson | 7b79eb6 | 2013-09-12 18:48:29 -0700 | [diff] [blame] | 316 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 317 | #endif //NDN_SECURITY_SEC_TPM_HPP |