Project

General

Profile

Actions

Task #2948

closed

Define new abstraction of Tpm

Added by Yingdi Yu over 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
06/24/2015
Due date:
% Done:

100%

Estimated time:

Description

One of the overhead of the current SecTpm is the key lookup, which is similar to the old implementation of Pib (SecPib). For example, to perform a signing operation, the current implementation must do a lookup operation in Tpm. In SecTpmOsx, the lookup involves inter-process operation; in SecTpmFile, the lookup involves file system operation, and even worse it has to load the key from file every time. It would be better to optimize the Tpm with the similar abstraction as the one of new Pib implementation (Pib). That is, we have a front end abstraction (whose public interface is read-only) and have a back end abstraction provides the handler of key.

A key handler is the abstract interface to manipulate a private key in TPM. For example, in the TPM based on OS X keychain, the handler is a Keychain Item Reference. Every private key related crypto function in OS X keychain service requires such a item reference. In previous implementation, we will lookup the reference in every crypto function. With the KeyHandler abstraction that retain the reference, we can avoid the lookup and directly invoke OS X keychain service functions.

In Memory-based TPM, the handler could simply carry the private key.

With the new abstraction, the front end can maintain in memory a list of key handlers that have been used before.
This new abstraction also makes the style of the implementation of TPM and PIB consistent.


Related issues 4 (0 open4 closed)

Blocks ndn-cxx - Task #2926: Refactor KeyChainClosedYingdi Yu

Actions
Blocked by ndn-cxx - Task #2949: Adding libcrypto-based crypto supportClosedYingdi Yu07/02/2015

Actions
Blocks ndn-cxx - Task #2418: Improve ValidatorConfig test suiteClosed

Actions
Blocks ndn-cxx - Task #2923: Reduce number lookups during KeyChain::sign operationClosedYingdi Yu

Actions
Actions

Also available in: Atom PDF