net.named_data.jndn.security.tpm

Class TpmBackEndFile

java.lang.Object

net.named_data.jndn.security.tpm.TpmBackEnd

net.named_data.jndn.security.tpm.TpmBackEndFile

public class TpmBackEndFile
extends TpmBackEnd

TpmBackEndFile extends TpmBackEnd to implement a TPM back-end using on-disk file storage. In this TPM, each private key is stored in a separate file with permission 0400, i.e., owner read-only. The key is stored in PKCS #1 format in base64 encoding.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	TpmBackEndFile.Error A TpmBackEndFile.Error extends TpmBackEnd.Error and represents a non-semantic error in backend TPM file processing.

Constructor Summary

Constructors

Constructor and Description
TpmBackEndFile() Create a TpmBackEndFile to store files in the default location HOME/.ndn/ndnsec-key-file where HOME is System.getProperty("user.home").
TpmBackEndFile(String locationPath) Create a TpmBackEndFile to use the given path to store files.

Method Summary

Modifier and Type	Method and Description
protected TpmKeyHandle	doCreateKey(Name identityName, KeyParams params) Create a key for identityName according to params.
protected void	doDeleteKey(Name keyName) Delete the key with name keyName.
protected Blob	doExportKey(Name keyName, ByteBuffer password) Get the encoded private key with name keyName in PKCS #8 format, possibly password-encrypted.
protected TpmKeyHandle	doGetKeyHandle(Name keyName) Get the handle of the key with name keyName.
protected boolean	doHasKey(Name keyName) Check if the key with name keyName exists in the TPM.
protected void	doImportKey(Name keyName, ByteBuffer pkcs8, ByteBuffer password) Import an encoded private key with name keyName in PKCS #8 format, possibly password-encrypted.
static String	getDefaultDirecoryPath(File filesRoot) Get the default directory path for private keys based on the files root.
static String	getDefaultDirecoryPath(String filesRoot) Get the default directory path for private keys based on the files root.
static String	getScheme()

Methods inherited from class net.named_data.jndn.security.tpm.TpmBackEnd

createKey, deleteKey, exportKey, getKeyHandle, hasKey, importKey, isTerminalMode, isTpmLocked, setKeyName, setTerminalMode, unlockTpm

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TpmBackEndFile

public TpmBackEndFile()

Create a TpmBackEndFile to store files in the default location HOME/.ndn/ndnsec-key-file where HOME is System.getProperty("user.home"). This creates the directory if it doesn't exist.

TpmBackEndFile

public TpmBackEndFile(String locationPath)

Create a TpmBackEndFile to use the given path to store files.

Parameters:

locationPath - The full path of the directory to store private keys. This creates the directory if it doesn't exist. If locationPath is empty, then store private key files in the default location HOME/.ndn/ndnsec-key-file where HOME is System.getProperty("user.home"). Note that on Android there is no HOME and you must supply the locationPath. For example, you can get the default directory path from an Android files directory with getDefaultDirecoryPath(context.getFilesDir()) .

Method Detail

getDefaultDirecoryPath

public static String getDefaultDirecoryPath(File filesRoot)

Get the default directory path for private keys based on the files root. For example if filesRoot is "/data/data/org.example/files", this returns "/data/data/org.example/files/.ndn/ndnsec-tpm-file".

Parameters:

filesRoot - The root file directory. An Android app can use context.getFilesDir()

Returns:

The default directory path.

getDefaultDirecoryPath

public static String getDefaultDirecoryPath(String filesRoot)

Get the default directory path for private keys based on the files root.

Parameters:

filesRoot - The root file directory.

Returns:

The default directory path.

getScheme

public static String getScheme()

doHasKey

protected boolean doHasKey(Name keyName)
                    throws TpmBackEnd.Error

Check if the key with name keyName exists in the TPM.

Specified by:

doHasKey in class TpmBackEnd

Parameters:

keyName - The name of the key.

Returns:

True if the key exists.

Throws:

TpmBackEnd.Error

doGetKeyHandle

protected TpmKeyHandle doGetKeyHandle(Name keyName)
                               throws TpmBackEnd.Error

Get the handle of the key with name keyName.

Specified by:

doGetKeyHandle in class TpmBackEnd

Parameters:

keyName - The name of the key.

Returns:

The handle of the key, or null if the key does not exist.

Throws:

TpmBackEnd.Error

doCreateKey

protected TpmKeyHandle doCreateKey(Name identityName,
                                   KeyParams params)
                            throws TpmBackEnd.Error

Create a key for identityName according to params. The created key is named as: /{identityName}/[keyId]/KEY . The key name is set in the returned TpmKeyHandle.

Specified by:

doCreateKey in class TpmBackEnd

Parameters:

identityName - The name if the identity.

params - The KeyParams for creating the key.

Returns:

The handle of the created key.

Throws:

TpmBackEnd.Error - if the key cannot be created.

doDeleteKey

protected void doDeleteKey(Name keyName)
                    throws TpmBackEnd.Error

Delete the key with name keyName. If the key doesn't exist, do nothing.

Specified by:

doDeleteKey in class TpmBackEnd

Parameters:

keyName - The name of the key to delete.

Throws:

TpmBackEnd.Error - if the deletion fails.

doExportKey

protected Blob doExportKey(Name keyName,
                           ByteBuffer password)
                    throws TpmBackEnd.Error

Get the encoded private key with name keyName in PKCS #8 format, possibly password-encrypted.

Overrides:

doExportKey in class TpmBackEnd

Parameters:

keyName - The name of the key in the TPM.

password - The password for encrypting the private key, which should have characters in the range of 1 to 127. If the password is supplied, use it to return a PKCS #8 EncryptedPrivateKeyInfo. If the password is null, return an unencrypted PKCS #8 PrivateKeyInfo.

Returns:

The encoded private key.

Throws:

TpmBackEnd.Error - if the key does not exist or if the key cannot be exported, e.g., insufficient privileges.

doImportKey

protected void doImportKey(Name keyName,
                           ByteBuffer pkcs8,
                           ByteBuffer password)
                    throws TpmBackEnd.Error

Import an encoded private key with name keyName in PKCS #8 format, possibly password-encrypted.

Overrides:

doImportKey in class TpmBackEnd

Parameters:

keyName - The name of the key to use in the TPM.

pkcs8 - The input byte buffer. If the password is supplied, this is a PKCS #8 EncryptedPrivateKeyInfo. If the password is null, this is an unencrypted PKCS #8 PrivateKeyInfo.

password - The password for decrypting the private key, which should have characters in the range of 1 to 127. If the password is supplied, use it to decrypt the PKCS #8 EncryptedPrivateKeyInfo. If the password is null, import an unencrypted PKCS #8 PrivateKeyInfo.

Throws:

TpmBackEnd.Error - for an error importing the key.