Project

General

Profile

Task #2242

Updated by Yingdi Yu over 9 years ago

It would be desired to pair up a TPM with a PublicInfoBase, 
 so that when KeyChain loads a PublicInfoBase, the corresponding TPM will be loaded as well. 
 As a result, user does not have to explicitly specify both TPM and PublicInfoBase. 
 Instead, user only needs to specify a PublicInfoBase,  
 so that it is guaranteed that the corresponding TPM will be loaded, and for any key that is described in PublicInfoBase, its private part can be found in the TPM. 
 This can avoid the "Private key does not exist" problem due to wrong configuration.  

 To enable this feature, we need to define a TpmInfo data structure: 

     enum TpmType { 
       TPM_TYPE_FILE = 0, 
       TPM_TYPE_OSX    = 1, 
       // we can define more TPM URI. A scheme is defined types when necessary, e.g., TPM_TYPE_DUMMY for each type of SecTpm implementation. 
 The scheme for SecTpmOsx and SecTpmFile are: `sec-tpm-osx` and `sec-tpm-file`. For example:  

     sec-tpm-osx:/app-keychain dummy tpm 
     sec-tpm-file:/var/tmp }; 

     struct TpmInfo { 
       TPM_TYPE      type; 
       std::string path; // Note, this does not have to be a path, it could encode any information about how the TPM can be loaded. 
     }; 

 And we also need to add two more method in SecPublicInfo: 

     void 
     SecPublicInfo::setTpmPath(const SecTpmUri& TpmInfo& path); 

     SecTpmUri TpmInfo 
     SecPublicInfo::getTpmPath(); 

 The first method is used to associate a TPM to the PublicInfoBase. 
 The second method can be used by KeyChain to get the TpmInfo from SecPublicInfo, and use that to load the corresponding TPM.

Back