Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / c95f5647783476101b721e833ce58deaf3378882 / . / src / security / tpm / back-end.hpp
blob: 749b53d245cb228189a9d3253e84acb248efbcf2 [file] [log] [blame]
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2013-2016 Regents of the University of California.
4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#ifndef NDN_SECURITY_TPM_BACK_END_HPP
23#define NDN_SECURITY_TPM_BACK_END_HPP
24
25#include "../../common.hpp"
26#include "../../name.hpp"
27#include "../../encoding/buffer.hpp"
28#include "../key-params.hpp"
29
30namespace ndn {
31namespace security {
32namespace tpm {
33
34class KeyHandle;
35
36/**
37 * @brief Abstraction of Tpm back-end.
38 *
39 * This class provides KeyHandle to the front-end and other TPM management operations.
40 */
41class BackEnd : noncopyable
42{
43public:
44 class Error : public std::runtime_error
45 {
46 public:
47 explicit
48 Error(const std::string& what)
49 : std::runtime_error(what)
50 {
51 }
52 };
53
54public:
55 virtual
56 ~BackEnd();
57
58public: // key management
59 /**
60 * @return True if a key with name @p keyName exists in TPM.
61 */
62 bool
63 hasKey(const Name& keyName) const;
64
65 /**
66 * @return The handle of a key with name @p keyName, or nullptr if the key does not exist.
67 *
68 * Calling getKeyHandle multiple times with the same keyName will return different KeyHandle
69 * objects that all refer to the same key.
70 */
71 unique_ptr<KeyHandle>
72 getKeyHandle(const Name& keyName) const;
73
74 /**
75 * @brief Create key for @p identity according to @p params.
76 *
77 * The key name is set in the returned KeyHandle.
78 *
79 * @return The handle of the created key.
80 * @throws Tpm::Error if @p params is invalid
81 * @throws Error if the key cannot be created.
82 */
83 unique_ptr<KeyHandle>
84 createKey(const Name& identity, const KeyParams& params);
85
86 /**
87 * @brief Delete a key with name @p keyName.
88 *
89 * Continuing to use existing KeyHandles on a deleted key results in undefined behavior.
90 *
91 * @throws Error if the deletion fails.
92 */
93 void
94 deleteKey(const Name& keyName);
95
96 /**
97 * @return A private key with name @p keyName in encrypted PKCS #8 format using password @p pw
98 * @throws Error if the key does not exist
99 * @throws Error if the key cannot be exported, e.g., insufficient privilege
100 */
101 ConstBufferPtr
102 exportKey(const Name& keyName, const char* pw, size_t pwLen);
103
104 /**
105 * @brief Import a private key in encrypted PKCS #8 format
106 *
107 * @param keyName The name of imported private key
108 * @param pkcs8 Pointer to the key in encrypted PKCS #8 format
109 * @param pkcs8Len The size of the key in encrypted PKCS #8 format
110 * @param pw The password to decrypt the private key
111 * @param pwLen The length of the password
112 * @throws Error if import fails.
113 */
114 void
115 importKey(const Name& keyName, const uint8_t* pkcs8, size_t pkcs8Len, const char* pw, size_t pwLen);
116
117protected: // static helper method
118 /**
119 * @brief Set the key name in @p keyHandle according to @p identity and @p params
120 */
121 static void
122 setKeyName(KeyHandle& keyHandle, const Name& identity, const KeyParams& params);
123
124private: // pure virtual methods
125 /**
126 * @return True if a key with name @p keyName exists in TPM.
127 */
128 virtual bool
129 doHasKey(const Name& keyName) const = 0;
130
131 /**
132 * @return The handle of a key with name @p keyName, or nullptr if the key does not exist
133 */
134 virtual unique_ptr<KeyHandle>
135 doGetKeyHandle(const Name& keyName) const = 0;
136
137 /**
138 * @brief Create key for @p identityName according to @p params.
139 *
140 * The created key is named as: /<identityName>/[keyId]/KEY
141 * The key name is set in the returned KeyHandle.
142 *
143 * @return The handle of the created key.
144 * @throws Error when key cannot be created.
145 */
146 virtual unique_ptr<KeyHandle>
147 doCreateKey(const Name& identity, const KeyParams& params) = 0;
148
149 /**
150 * @brief Delete a key with name @p keyName.
151 *
152 * @throws Error if the deletion fails.
153 */
154 virtual void
155 doDeleteKey(const Name& keyName) = 0;
156
157 /**
158 * @return A private key with name @p keyName in encrypted PKCS #8 format using password @p pw
159 * @throws Error if the key cannot be exported, e.g., insufficient privilege
160 */
161 virtual ConstBufferPtr
162 doExportKey(const Name& keyName, const char* pw, size_t pwLen) = 0;
163
164 /**
165 * @brief Import a private key in encrypted PKCS #8 format using @p password
166 *
167 * @param keyName The name of imported private key
168 * @param pkcs8 Pointer to the key in PKCS #8 format
169 * @param pkcs8Len The size of the key in PKCS #8 format
170 * @param pw The password to decrypt the private key
171 * @param pwLen The length of the password
172 * @throws Error if import fails.
173 */
174 virtual void
175 doImportKey(const Name& keyName, const uint8_t* pkcs8, size_t pkcs8Len, const char* pw, size_t pwLen) = 0;
176};
177
178} // namespace tpm
179} // namespace security
180} // namespace ndn
181
182#endif // NDN_SECURITY_TPM_BACK_END_HPP