commit 4154634058a33b1c1b89198af568bdefa1a88fea
author Yingdi Yu <yuyingdi@gmail.com> Sun Nov 30 23:37:53 2014 -0800
committer Yingdi Yu <yuyingdi@gmail.com> Mon Jan 12 19:23:25 2015 -0800
tree 137a893c90637aff79ac8922bfe7549953b1b367
parent 81a6c5dea60cea97c60dab0d78576c0d3b4e29ed

security: Pair-up Tpm and Pib in KeyChain

In this commit, we also change the HOME setting for test cases.

Change-Id: I7fa15461555b3519d9d2005c6956c167ed07d66f
Refs: #2242
Refs: #2260

src/security/key-chain.hpp

diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index 5d348c4..28de735 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -60,10 +60,19 @@
     }
   };
 
-  static const Name DEFAULT_PREFIX;
-
-  // RsaKeyParams is set to be default for backward compatibility.
-  static const RsaKeyParams DEFAULT_KEY_PARAMS;
+  /**
+   * This error is thrown when the TPM locator retrieved from PIB is
+   * different from what is supplied to the KeyChain constructor.
+   */
+  class MismatchError : public Error
+  {
+  public:
+    explicit
+    MismatchError(const std::string& what)
+      : Error(what)
+    {
+    }
+  };
 
   KeyChain();
 
@@ -71,8 +80,19 @@
   explicit
   KeyChain(KeyChainTraits traits);
 
-  KeyChain(const std::string& pibName,
-           const std::string& tpmName);
+  /**
+   * @brief KeyChain constructor
+   *
+   * @sa  http://redmine.named-data.net/issues/2260
+   *
+   * @param pibLocator
+   * @param tpmLocator
+   * @param allowReset if true, the PIB will be reset when the supplied tpmLocator
+   *        mismatches the one in PIB
+   */
+  KeyChain(const std::string& pibLocator,
+           const std::string& tpmLocator,
+           bool allowReset = false);
 
   virtual
   ~KeyChain();
@@ -96,10 +116,10 @@
    * @param keySize The size of the key.
    * @return The generated key name.
    */
-  inline Name
+  Name
   generateRsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 2048);
 
-  inline Name
+  Name
   generateEcdsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 256);
   /**
    * @brief Generate a pair of RSA keys for the specified identity and set it as default key for
@@ -356,7 +376,7 @@
   void
   addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer)
   {
-    return m_pib->addPublicKey(keyName, keyType, publicKeyDer);
+    return m_pib->addKey(keyName, publicKeyDer);
   }
 
   void
@@ -643,6 +663,17 @@
   }
 
 private:
+  void
+  initialize(const std::string& pibLocator,
+             const std::string& tpmLocator,
+             bool needReset);
+
+  void
+  initializeTpm(const std::string& locator);
+
+  void
+  initializePib(const std::string& locator);
+
   /**
    * @brief Determine signature type
    *
@@ -707,6 +738,10 @@
   signPacketWrapper(Interest& interest, const Signature& signature,
                     const Name& keyName, DigestAlgorithm digestAlgorithm);
 
+public:
+  static const Name DEFAULT_PREFIX;
+  // RsaKeyParams is set to be default for backward compatibility.
+  static const RsaKeyParams DEFAULT_KEY_PARAMS;
 
 private:
   SecPublicInfo* m_pib;
@@ -714,29 +749,6 @@
   time::milliseconds m_lastTimestamp;
 };
 
-template<class T>
-inline
-KeyChain::KeyChain(T)
-  : m_pib(new typename T::Pib)
-  , m_tpm(new typename T::Tpm)
-  , m_lastTimestamp(time::toUnixTimestamp(time::system_clock::now()))
-{
-}
-
-inline Name
-KeyChain::generateRsaKeyPair(const Name& identityName, bool isKsk, uint32_t keySize)
-{
-  RsaKeyParams params(keySize);
-  return generateKeyPair(identityName, isKsk, params);
-}
-
-inline Name
-KeyChain::generateEcdsaKeyPair(const Name& identityName, bool isKsk, uint32_t keySize)
-{
-  EcdsaKeyParams params(keySize);
-  return generateKeyPair(identityName, isKsk, params);
-}
-
 template<typename T>
 void
 KeyChain::sign(T& packet)