Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / fe4733a1608712e389fe10b329a9fd61575ad075 / . / src / security / tpm / back-end.hpp
blob: 4c55ab26346854c5cee945d59c04abcf7fb084c3 [file] [log] [blame]
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame^]3 * Copyright (c) 2013-2017 Regents of the University of California.
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#ifndef NDN_SECURITY_TPM_BACK_END_HPP
23#define NDN_SECURITY_TPM_BACK_END_HPP
24
25#include "../../common.hpp"
26#include "../../name.hpp"
27#include "../../encoding/buffer.hpp"
28#include "../key-params.hpp"
29
30namespace ndn {
31namespace security {
32namespace tpm {
33
34class KeyHandle;
35
36/**
37 * @brief Abstraction of Tpm back-end.
38 *
39 * This class provides KeyHandle to the front-end and other TPM management operations.
40 */
41class BackEnd : noncopyable
42{
43public:
44 class Error : public std::runtime_error
45 {
46 public:
47 explicit
48 Error(const std::string& what)
49 : std::runtime_error(what)
50 {
51 }
52 };
53
54public:
55 virtual
56 ~BackEnd();
57
58public: // key management
59 /**
60 * @return True if a key with name @p keyName exists in TPM.
61 */
62 bool
63 hasKey(const Name& keyName) const;
64
65 /**
66 * @return The handle of a key with name @p keyName, or nullptr if the key does not exist.
67 *
68 * Calling getKeyHandle multiple times with the same keyName will return different KeyHandle
69 * objects that all refer to the same key.
70 */
71 unique_ptr<KeyHandle>
72 getKeyHandle(const Name& keyName) const;
73
74 /**
75 * @brief Create key for @p identity according to @p params.
76 *
77 * The key name is set in the returned KeyHandle.
78 *
79 * @return The handle of the created key.
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame^]80 * @throw Tpm::Error @p params are invalid
81 * @throw Error the key cannot be created
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]82 */
83 unique_ptr<KeyHandle>
84 createKey(const Name& identity, const KeyParams& params);
85
86 /**
87 * @brief Delete a key with name @p keyName.
88 *
89 * Continuing to use existing KeyHandles on a deleted key results in undefined behavior.
90 *
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame^]91 * @throw Error if the deletion fails.
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]92 */
93 void
94 deleteKey(const Name& keyName);
95
96 /**
97 * @return A private key with name @p keyName in encrypted PKCS #8 format using password @p pw
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame^]98 * @throw Error the key does not exist
99 * @throw Error the key cannot be exported, e.g., insufficient privilege
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]100 */
101 ConstBufferPtr
102 exportKey(const Name& keyName, const char* pw, size_t pwLen);
103
104 /**
105 * @brief Import a private key in encrypted PKCS #8 format
106 *
107 * @param keyName The name of imported private key
108 * @param pkcs8 Pointer to the key in encrypted PKCS #8 format
109 * @param pkcs8Len The size of the key in encrypted PKCS #8 format
110 * @param pw The password to decrypt the private key
111 * @param pwLen The length of the password
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame^]112 * @throw Error import failed
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]113 */
114 void
115 importKey(const Name& keyName, const uint8_t* pkcs8, size_t pkcs8Len, const char* pw, size_t pwLen);
116
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame^]117 /**
118 * @brief Check if TPM is in terminal mode
119 *
120 * Default implementation always returns true.
121 */
122 virtual bool
123 isTerminalMode() const;
124
125 /**
126 * @brief Set the terminal mode of TPM.
127 *
128 * In terminal mode, TPM will not ask user permission from GUI.
129 *
130 * Default implementation does nothing.
131 */
132 virtual void
133 setTerminalMode(bool isTerminal) const;
134
135 /**
136 * @return True if TPM is locked, otherwise false
137 *
138 * Default implementation always returns false.
139 */
140 virtual bool
141 isTpmLocked() const;
142
143 /**
144 * @brief Unlock TPM
145 *
146 * @param pw The password to unlock TPM
147 * @param pwLen The password size.
148 *
149 * Default implementation always returns !isTpmLocked()
150 */
151 virtual bool
152 unlockTpm(const char* pw, size_t pwLen) const;
153
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]154protected: // static helper method
155 /**
156 * @brief Set the key name in @p keyHandle according to @p identity and @p params
157 */
158 static void
159 setKeyName(KeyHandle& keyHandle, const Name& identity, const KeyParams& params);
160
161private: // pure virtual methods
162 /**
163 * @return True if a key with name @p keyName exists in TPM.
164 */
165 virtual bool
166 doHasKey(const Name& keyName) const = 0;
167
168 /**
169 * @return The handle of a key with name @p keyName, or nullptr if the key does not exist
170 */
171 virtual unique_ptr<KeyHandle>
172 doGetKeyHandle(const Name& keyName) const = 0;
173
174 /**
175 * @brief Create key for @p identityName according to @p params.
176 *
177 * The created key is named as: /<identityName>/[keyId]/KEY
178 * The key name is set in the returned KeyHandle.
179 *
180 * @return The handle of the created key.
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame^]181 * @throw Error key cannot be created
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]182 */
183 virtual unique_ptr<KeyHandle>
184 doCreateKey(const Name& identity, const KeyParams& params) = 0;
185
186 /**
187 * @brief Delete a key with name @p keyName.
188 *
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame^]189 * @throw Error the deletion failed
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]190 */
191 virtual void
192 doDeleteKey(const Name& keyName) = 0;
193
194 /**
195 * @return A private key with name @p keyName in encrypted PKCS #8 format using password @p pw
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame^]196 * @throw Error the key cannot be exported, e.g., insufficient privilege
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]197 */
198 virtual ConstBufferPtr
199 doExportKey(const Name& keyName, const char* pw, size_t pwLen) = 0;
200
201 /**
202 * @brief Import a private key in encrypted PKCS #8 format using @p password
203 *
204 * @param keyName The name of imported private key
205 * @param pkcs8 Pointer to the key in PKCS #8 format
206 * @param pkcs8Len The size of the key in PKCS #8 format
207 * @param pw The password to decrypt the private key
208 * @param pwLen The length of the password
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame^]209 * @throw Error import failed
Yingdi Yu0b60e7a2015-07-16 21:05:11 -0700[diff] [blame]210 */
211 virtual void
212 doImportKey(const Name& keyName, const uint8_t* pkcs8, size_t pkcs8Len, const char* pw, size_t pwLen) = 0;
213};
214
215} // namespace tpm
216} // namespace security
217} // namespace ndn
218
219#endif // NDN_SECURITY_TPM_BACK_END_HPP