Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 3b101d06827c46a070081733cd40dbb3636ccf64 / . / src / security / tpm / back-end-file.hpp
blob: bd2838db2e682072809d3940312c4928fb0dafa7 [file] [log] [blame]
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Davide Pesavento3b101d02018-07-21 22:44:09 -0400[diff] [blame^]2/*
3 * Copyright (c) 2013-2018 Regents of the University of California.
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#ifndef NDN_SECURITY_TPM_BACK_END_FILE_HPP
23#define NDN_SECURITY_TPM_BACK_END_FILE_HPP
24
25#include "back-end.hpp"
26
27namespace ndn {
28namespace security {
Davide Pesavento3b101d02018-07-21 22:44:09 -0400[diff] [blame^]29
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]30namespace transform {
31class PrivateKey;
32} // namespace transform
33
34namespace tpm {
35
36/**
37 * @brief The back-end implementation of file-based TPM.
38 *
39 * In this TPM, each private key is stored in a separate file with permission 0400, i.e.,
40 * owner read-only. The key is stored in PKCS #1 format in base64 encoding.
41 */
42class BackEndFile : public BackEnd
43{
44public:
45 class Error : public BackEnd::Error
46 {
47 public:
48 explicit
49 Error(const std::string& what)
50 : BackEnd::Error(what)
51 {
52 }
53 };
54
55public:
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame]56 /**
57 * @brief Create file-based TPM backend
58 * @param location Directory to store private keys
59 */
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]60 explicit
61 BackEndFile(const std::string& location = "");
62
63 ~BackEndFile() override;
64
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame]65 static const std::string&
66 getScheme();
67
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]68private: // inherited from tpm::BackEnd
69 /**
70 * @return True if a key with name @p keyName exists in TPM.
71 */
72 bool
73 doHasKey(const Name& keyName) const final;
74
75 /**
76 * @return The handle of a key with name @p keyName, or nullptr if the key does not exist
77 */
78 unique_ptr<KeyHandle>
79 doGetKeyHandle(const Name& keyName) const final;
80
81 /**
82 * @brief Create key for @p identityName according to @p params.
83 *
84 * The created key is named as: /<identityName>/[keyId]/KEY
85 * The key name is set in the returned KeyHandle.
86 *
87 * If the key with the same name exists, the old key will be overwritten.
88 * The behavior of using KeyHandler of removed key is undefined.
89 *
90 * @return The handle of the created key.
91 */
92 unique_ptr<KeyHandle>
93 doCreateKey(const Name& identityName, const KeyParams& params) final;
94
95 /**
96 * @brief Delete a key with name @p keyName.
97 *
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame]98 * @throw Error the deletion failed
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]99 */
100 void
101 doDeleteKey(const Name& keyName) final;
102
103 /**
104 * @return A private key with name @p keyName in encrypted PKCS #8 format using password @p pw
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame]105 * @throw Error the key cannot be exported, e.g., not enough privilege
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]106 */
107 ConstBufferPtr
108 doExportKey(const Name& keyName, const char* pw, size_t pwLen) final;
109
110 /**
111 * @brief Import a private key in encrypted PKCS #8 format
112 *
113 * @param keyName The name of imported private key
114 * @param buf Pointer to the key in encrypted PKCS #8 format
115 * @param size The size of the key in encrypted PKCS #8 format
116 * @param pw The password to decrypt the key
117 * @param pwLen The length of the password
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame]118 * @throw Error import failed
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]119 */
120 void
121 doImportKey(const Name& keyName, const uint8_t* buf, size_t size, const char* pw, size_t pwLen) final;
122
123private:
124 /**
125 * @brief Load a private key with name @p keyName from the key file directory
126 */
Davide Pesavento3b101d02018-07-21 22:44:09 -0400[diff] [blame^]127 unique_ptr<transform::PrivateKey>
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]128 loadKey(const Name& keyName) const;
129
130 /**
131 * @brief Save a private key with name @p keyName into the key file directory
132 */
133 void
Davide Pesavento3b101d02018-07-21 22:44:09 -0400[diff] [blame^]134 saveKey(const Name& keyName, const transform::PrivateKey& key);
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]135
136private:
137 class Impl;
Davide Pesavento794f6872017-05-15 23:33:38 -0400[diff] [blame]138 const unique_ptr<Impl> m_impl;
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]139};
140
141} // namespace tpm
142} // namespace security
143} // namespace ndn
144
145#endif // NDN_SECURITY_TPM_BACK_END_FILE_HPP