Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 502b47956c067683f9fd75c3a0d3040c8d14e452 / . / src / security / tpm / back-end.hpp
blob: 2f9e389540d5e6c2ae6f2a383d08101549b2f369 [file] [log] [blame]
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Junxiao Shi68b53852018-07-25 13:56:38 -0600[diff] [blame]2/*
3 * Copyright (c) 2013-2018 Regents of the University of California.
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#ifndef NDN_SECURITY_TPM_BACK_END_HPP
23#define NDN_SECURITY_TPM_BACK_END_HPP
24
25#include "../../common.hpp"
26#include "../../name.hpp"
27#include "../../encoding/buffer.hpp"
28#include "../key-params.hpp"
29
30namespace ndn {
31namespace security {
32namespace tpm {
33
34class KeyHandle;
35
36/**
37 * @brief Abstraction of Tpm back-end.
38 *
39 * This class provides KeyHandle to the front-end and other TPM management operations.
40 */
41class BackEnd : noncopyable
42{
43public:
44 class Error : public std::runtime_error
45 {
46 public:
Junxiao Shi68b53852018-07-25 13:56:38 -0600[diff] [blame]47 using std::runtime_error::runtime_error;
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]48 };
49
50public:
51 virtual
52 ~BackEnd();
53
54public: // key management
55 /**
56 * @return True if a key with name @p keyName exists in TPM.
57 */
58 bool
59 hasKey(const Name& keyName) const;
60
61 /**
62 * @return The handle of a key with name @p keyName, or nullptr if the key does not exist.
63 *
64 * Calling getKeyHandle multiple times with the same keyName will return different KeyHandle
65 * objects that all refer to the same key.
66 */
67 unique_ptr<KeyHandle>
68 getKeyHandle(const Name& keyName) const;
69
70 /**
71 * @brief Create key for @p identity according to @p params.
72 *
73 * The key name is set in the returned KeyHandle.
74 *
75 * @return The handle of the created key.
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame]76 * @throw Tpm::Error @p params are invalid
77 * @throw Error the key cannot be created
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]78 */
79 unique_ptr<KeyHandle>
80 createKey(const Name& identity, const KeyParams& params);
81
82 /**
83 * @brief Delete a key with name @p keyName.
84 *
85 * Continuing to use existing KeyHandles on a deleted key results in undefined behavior.
86 *
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame]87 * @throw Error if the deletion fails.
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]88 */
89 void
90 deleteKey(const Name& keyName);
91
92 /**
93 * @return A private key with name @p keyName in encrypted PKCS #8 format using password @p pw
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame]94 * @throw Error the key does not exist
95 * @throw Error the key cannot be exported, e.g., insufficient privilege
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]96 */
97 ConstBufferPtr
98 exportKey(const Name& keyName, const char* pw, size_t pwLen);
99
100 /**
101 * @brief Import a private key in encrypted PKCS #8 format
102 *
103 * @param keyName The name of imported private key
104 * @param pkcs8 Pointer to the key in encrypted PKCS #8 format
105 * @param pkcs8Len The size of the key in encrypted PKCS #8 format
106 * @param pw The password to decrypt the private key
107 * @param pwLen The length of the password
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame]108 * @throw Error import failed
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]109 */
110 void
111 importKey(const Name& keyName, const uint8_t* pkcs8, size_t pkcs8Len, const char* pw, size_t pwLen);
112
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame]113 /**
114 * @brief Check if TPM is in terminal mode
115 *
116 * Default implementation always returns true.
117 */
118 virtual bool
119 isTerminalMode() const;
120
121 /**
122 * @brief Set the terminal mode of TPM.
123 *
124 * In terminal mode, TPM will not ask user permission from GUI.
125 *
126 * Default implementation does nothing.
127 */
128 virtual void
129 setTerminalMode(bool isTerminal) const;
130
131 /**
132 * @return True if TPM is locked, otherwise false
133 *
134 * Default implementation always returns false.
135 */
136 virtual bool
137 isTpmLocked() const;
138
139 /**
140 * @brief Unlock TPM
141 *
142 * @param pw The password to unlock TPM
143 * @param pwLen The password size.
144 *
145 * Default implementation always returns !isTpmLocked()
146 */
147 virtual bool
148 unlockTpm(const char* pw, size_t pwLen) const;
149
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]150protected: // static helper method
151 /**
152 * @brief Set the key name in @p keyHandle according to @p identity and @p params
153 */
154 static void
155 setKeyName(KeyHandle& keyHandle, const Name& identity, const KeyParams& params);
156
157private: // pure virtual methods
158 /**
159 * @return True if a key with name @p keyName exists in TPM.
160 */
161 virtual bool
162 doHasKey(const Name& keyName) const = 0;
163
164 /**
165 * @return The handle of a key with name @p keyName, or nullptr if the key does not exist
166 */
167 virtual unique_ptr<KeyHandle>
168 doGetKeyHandle(const Name& keyName) const = 0;
169
170 /**
171 * @brief Create key for @p identityName according to @p params.
172 *
173 * The created key is named as: /<identityName>/[keyId]/KEY
174 * The key name is set in the returned KeyHandle.
175 *
176 * @return The handle of the created key.
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame]177 * @throw Error key cannot be created
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]178 */
179 virtual unique_ptr<KeyHandle>
180 doCreateKey(const Name& identity, const KeyParams& params) = 0;
181
182 /**
183 * @brief Delete a key with name @p keyName.
184 *
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame]185 * @throw Error the deletion failed
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]186 */
187 virtual void
188 doDeleteKey(const Name& keyName) = 0;
189
190 /**
191 * @return A private key with name @p keyName in encrypted PKCS #8 format using password @p pw
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame]192 * @throw Error the key cannot be exported, e.g., insufficient privilege
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]193 */
194 virtual ConstBufferPtr
195 doExportKey(const Name& keyName, const char* pw, size_t pwLen) = 0;
196
197 /**
198 * @brief Import a private key in encrypted PKCS #8 format using @p password
199 *
200 * @param keyName The name of imported private key
201 * @param pkcs8 Pointer to the key in PKCS #8 format
202 * @param pkcs8Len The size of the key in PKCS #8 format
203 * @param pw The password to decrypt the private key
204 * @param pwLen The length of the password
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame]205 * @throw Error import failed
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]206 */
207 virtual void
208 doImportKey(const Name& keyName, const uint8_t* pkcs8, size_t pkcs8Len, const char* pw, size_t pwLen) = 0;
209};
210
211} // namespace tpm
212} // namespace security
213} // namespace ndn
214
215#endif // NDN_SECURITY_TPM_BACK_END_HPP