dc/de5/v1_2key-chain_8hpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
  * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
  * terms of the GNU Lesser General Public License as published by the Free Software
  * Foundation, either version 3 of the License, or (at your option) any later version.
  *
  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
  * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
  *
  * You should have received copies of the GNU General Public License and GNU Lesser
  * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
  * <http://www.gnu.org/licenses/>.
  *
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  *
  * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
  */

 #ifndef NDN_SECURITY_V1_KEY_CHAIN_HPP
 #define NDN_SECURITY_V1_KEY_CHAIN_HPP

 #include "sec-public-info.hpp"
 #include "sec-tpm.hpp"
 #include "secured-bag.hpp"
 #include "../key-params.hpp"
 #include "../signature-sha256-with-rsa.hpp"
 #include "../signature-sha256-with-ecdsa.hpp"
 #include "../digest-sha256.hpp"
 #include "../signing-info.hpp"
 #include "../../interest.hpp"
 #include "../../util/random.hpp"
 #include <initializer_list>

 namespace ndn {
 namespace security {
 namespace v1 {

 class KeyChain : noncopyable
 {
 public:
   class Error : public std::runtime_error
   {
   public:
     explicit
     Error(const std::string& what)
       : std::runtime_error(what)
     {
     }
   };

   class MismatchError : public Error
   {
   public:
     explicit
     MismatchError(const std::string& what)
       : Error(what)
     {
     }
   };

   typedef function<unique_ptr<SecPublicInfo> (const std::string&)> PibCreateFunc;
   typedef function<unique_ptr<SecTpm>(const std::string&)> TpmCreateFunc;

   template<class PibType>
   static void
   registerPib(std::initializer_list<std::string> aliases);

   template<class TpmType>
   static void
   registerTpm(std::initializer_list<std::string> aliases);

   static std::string
   getDefaultPibLocator();

   static unique_ptr<SecPublicInfo>
   createPib(const std::string& pibLocator);

   static std::string
   getDefaultTpmLocator();

   static unique_ptr<SecTpm>
   createTpm(const std::string& tpmLocator);

   KeyChain();

   KeyChain(const std::string& pibLocator,
            const std::string& tpmLocator,
            bool allowReset = false);

   virtual
   ~KeyChain();

   Name
   createIdentity(const Name& identityName, const KeyParams& params = DEFAULT_KEY_PARAMS);

   Name
   generateRsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 2048);

   Name
   generateEcKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 256);

   Name
   generateRsaKeyPairAsDefault(const Name& identityName, bool isKsk = false, uint32_t keySize = 2048);

   Name
   generateEcKeyPairAsDefault(const Name& identityName, bool isKsk = false, uint32_t keySize = 256);

   shared_ptr<IdentityCertificate>
   prepareUnsignedIdentityCertificate(const Name& keyName,
     const Name& signingIdentity,
     const time::system_clock::TimePoint& notBefore,
     const time::system_clock::TimePoint& notAfter,
     const std::vector<CertificateSubjectDescription>& subjectDescription,
     const Name& certPrefix = DEFAULT_PREFIX);

   shared_ptr<IdentityCertificate>
   prepareUnsignedIdentityCertificate(const Name& keyName,
     const PublicKey& publicKey,
     const Name& signingIdentity,
     const time::system_clock::TimePoint& notBefore,
     const time::system_clock::TimePoint& notAfter,
     const std::vector<CertificateSubjectDescription>& subjectDescription,
     const Name& certPrefix = DEFAULT_PREFIX);

   void
   sign(Data& data, const SigningInfo& params = DEFAULT_SIGNING_INFO);

   void
   sign(Interest& interest, const SigningInfo& params = DEFAULT_SIGNING_INFO);

   Block
   sign(const uint8_t* buffer, size_t bufferLength, const SigningInfo& params);

   template<typename T>
   void
   sign(T& packet, const Name& certificateName);

   Signature
   sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);

   template<typename T>
   void
   signByIdentity(T& packet, const Name& identityName);

   Signature
   signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);

   void
   signWithSha256(Data& data);

   void
   signWithSha256(Interest& interest);

   shared_ptr<IdentityCertificate>
   selfSign(const Name& keyName);

   void
   selfSign(IdentityCertificate& cert);

   void
   deleteCertificate(const Name& certificateName);

   void
   deleteKey(const Name& keyName);

   void
   deleteIdentity(const Name& identity);

   shared_ptr<SecuredBag>
   exportIdentity(const Name& identity, const std::string& passwordStr);

   void
   importIdentity(const SecuredBag& securedBag, const std::string& passwordStr);

   SecPublicInfo&
   getPib()
   {
     return *m_pib;
   }

   const SecPublicInfo&
   getPib() const
   {
     return *m_pib;
   }

   SecTpm&
   getTpm()
   {
     return *m_tpm;
   }

   const SecTpm&
   getTpm() const
   {
     return *m_tpm;
   }

   /*******************************
    *  Wrapper of SecPublicInfo   *
    *******************************/
   bool
   doesIdentityExist(const Name& identityName) const
   {
     return m_pib->doesIdentityExist(identityName);
   }

   void
   addIdentity(const Name& identityName)
   {
     return m_pib->addIdentity(identityName);
   }

   bool
   doesPublicKeyExist(const Name& keyName) const
   {
     return m_pib->doesPublicKeyExist(keyName);
   }

   void
   addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer)
   {
     return m_pib->addKey(keyName, publicKeyDer);
   }

   void
   addKey(const Name& keyName, const PublicKey& publicKeyDer)
   {
     return m_pib->addKey(keyName, publicKeyDer);
   }

   shared_ptr<PublicKey>
   getPublicKey(const Name& keyName) const
   {
     return m_pib->getPublicKey(keyName);
   }

   bool
   doesCertificateExist(const Name& certificateName) const
   {
     return m_pib->doesCertificateExist(certificateName);
   }

   void
   addCertificate(const IdentityCertificate& certificate)
   {
     return m_pib->addCertificate(certificate);
   }

   shared_ptr<IdentityCertificate>
   getCertificate(const Name& certificateName) const
   {
     return m_pib->getCertificate(certificateName);
   }

   Name
   getDefaultIdentity() const
   {
     return m_pib->getDefaultIdentity();
   }

   Name
   getDefaultKeyNameForIdentity(const Name& identityName) const
   {
     return m_pib->getDefaultKeyNameForIdentity(identityName);
   }

   const KeyParams&
   getDefaultKeyParamsForIdentity(const Name& identityName) const;

   Name
   getDefaultCertificateNameForKey(const Name& keyName) const
   {
     return m_pib->getDefaultCertificateNameForKey(keyName);
   }

   void
   getAllIdentities(std::vector<Name>& nameList, bool isDefault) const
   {
     return m_pib->getAllIdentities(nameList, isDefault);
   }

   void
   getAllKeyNames(std::vector<Name>& nameList, bool isDefault) const
   {
     return m_pib->getAllKeyNames(nameList, isDefault);
   }

   void
   getAllKeyNamesOfIdentity(const Name& identity, std::vector<Name>& nameList, bool isDefault) const
   {
     return m_pib->getAllKeyNamesOfIdentity(identity, nameList, isDefault);
   }

   void
   getAllCertificateNames(std::vector<Name>& nameList, bool isDefault) const
   {
     return m_pib->getAllCertificateNames(nameList, isDefault);
   }

   void
   getAllCertificateNamesOfKey(const Name& keyName,
                               std::vector<Name>& nameList,
                               bool isDefault) const
   {
     return m_pib->getAllCertificateNamesOfKey(keyName, nameList, isDefault);
   }

   void
   deleteCertificateInfo(const Name& certificateName)
   {
     return m_pib->deleteCertificateInfo(certificateName);
   }

   void
   deletePublicKeyInfo(const Name& keyName)
   {
     return m_pib->deletePublicKeyInfo(keyName);
   }

   void
   deleteIdentityInfo(const Name& identity)
   {
     return m_pib->deleteIdentityInfo(identity);
   }

   void
   setDefaultIdentity(const Name& identityName)
   {
     return m_pib->setDefaultIdentity(identityName);
   }

   void
   setDefaultKeyNameForIdentity(const Name& keyName)
   {
     return m_pib->setDefaultKeyNameForIdentity(keyName);
   }

   void
   setDefaultCertificateNameForKey(const Name& certificateName)
   {
     return m_pib->setDefaultCertificateNameForKey(certificateName);
   }

   Name
   getNewKeyName(const Name& identityName, bool useKsk)
   {
     return m_pib->getNewKeyName(identityName, useKsk);
   }

   Name
   getDefaultCertificateNameForIdentity(const Name& identityName) const
   {
     return m_pib->getDefaultCertificateNameForIdentity(identityName);
   }

   Name
   getDefaultCertificateName() const
   {
     return m_pib->getDefaultCertificateName();
   }

   void
   addCertificateAsKeyDefault(const IdentityCertificate& certificate)
   {
     return m_pib->addCertificateAsKeyDefault(certificate);
   }

   void
   addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
   {
     return m_pib->addCertificateAsIdentityDefault(certificate);
   }

   void
   addCertificateAsSystemDefault(const IdentityCertificate& certificate)
   {
     return m_pib->addCertificateAsSystemDefault(certificate);
   }

   shared_ptr<IdentityCertificate>
   getDefaultCertificate() const
   {
     if (!static_cast<bool>(m_pib->getDefaultCertificate()))
       const_cast<KeyChain*>(this)->setDefaultCertificateInternal();

     return m_pib->getDefaultCertificate();
   }

   void
   refreshDefaultCertificate()
   {
     return m_pib->refreshDefaultCertificate();
   }

   /*******************************
    *  Wrapper of SecTpm          *
    *******************************/

   void
   setTpmPassword(const uint8_t* password, size_t passwordLength)
   {
     return m_tpm->setTpmPassword(password, passwordLength);
   }

   void
   resetTpmPassword()
   {
     return m_tpm->resetTpmPassword();
   }

   void
   setInTerminal(bool inTerminal)
   {
     return m_tpm->setInTerminal(inTerminal);
   }

   bool
   getInTerminal() const
   {
     return m_tpm->getInTerminal();
   }

   bool
   isLocked() const
   {
     return m_tpm->isLocked();
   }

   bool
   unlockTpm(const char* password, size_t passwordLength, bool usePassword)
   {
     return m_tpm->unlockTpm(password, passwordLength, usePassword);
   }

   void
   generateKeyPairInTpm(const Name& keyName, const KeyParams& params)
   {
     return m_tpm->generateKeyPairInTpm(keyName, params);
   }

   void
   deleteKeyPairInTpm(const Name& keyName)
   {
     return m_tpm->deleteKeyPairInTpm(keyName);
   }

   shared_ptr<PublicKey>
   getPublicKeyFromTpm(const Name& keyName) const
   {
     return m_tpm->getPublicKeyFromTpm(keyName);
   }

   Block
   signInTpm(const uint8_t* data, size_t dataLength,
             const Name& keyName,
             DigestAlgorithm digestAlgorithm)
   {
     return m_tpm->signInTpm(data, dataLength, keyName, digestAlgorithm);
   }

   ConstBufferPtr
   decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
   {
     return m_tpm->decryptInTpm(data, dataLength, keyName, isSymmetric);
   }

   ConstBufferPtr
   encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
   {
     return m_tpm->encryptInTpm(data, dataLength, keyName, isSymmetric);
   }

   void
   generateSymmetricKeyInTpm(const Name& keyName, const KeyParams& params)
   {
     return m_tpm->generateSymmetricKeyInTpm(keyName, params);
   }

   bool
   doesKeyExistInTpm(const Name& keyName, KeyClass keyClass) const
   {
     return m_tpm->doesKeyExistInTpm(keyName, keyClass);
   }

   bool
   generateRandomBlock(uint8_t* res, size_t size) const
   {
     return m_tpm->generateRandomBlock(res, size);
   }

   void
   addAppToAcl(const Name& keyName, KeyClass keyClass, const std::string& appPath, AclType acl)
   {
     return m_tpm->addAppToAcl(keyName, keyClass, appPath, acl);
   }

   ConstBufferPtr
   exportPrivateKeyPkcs5FromTpm(const Name& keyName, const std::string& password)
   {
     return m_tpm->exportPrivateKeyPkcs5FromTpm(keyName, password);
   }

   bool
   importPrivateKeyPkcs5IntoTpm(const Name& keyName,
                                const uint8_t* buf, size_t size,
                                const std::string& password)
   {
     return m_tpm->importPrivateKeyPkcs5IntoTpm(keyName, buf, size, password);
   }

 private:
   void
   initialize(const std::string& pibLocatorUri,
              const std::string& tpmLocatorUri,
              bool needReset);

   std::tuple<Name, SignatureInfo>
   prepareSignatureInfo(const SigningInfo& params);

   template<typename T>
   void
   signImpl(T& packet, const SigningInfo& params);

   void
   setDefaultCertificateInternal();

   Name
   generateKeyPair(const Name& identityName, bool isKsk = false,
                   const KeyParams& params = DEFAULT_KEY_PARAMS);

   void
   signPacketWrapper(Data& data, const Signature& signature,
                     const Name& keyName, DigestAlgorithm digestAlgorithm);

   void
   signPacketWrapper(Interest& interest, const Signature& signature,
                     const Name& keyName, DigestAlgorithm digestAlgorithm);

   Block
   pureSign(const uint8_t* buf, size_t size, const Name& keyName, DigestAlgorithm digestAlgorithm) const;

   static void
   registerPibImpl(const std::string& canonicalName,
                   std::initializer_list<std::string> aliases, PibCreateFunc createFunc);

   static void
   registerTpmImpl(const std::string& canonicalName,
                   std::initializer_list<std::string> aliases, TpmCreateFunc createFunc);

 public:
   static tlv::SignatureTypeValue
   getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm);

 public:
   static const Name DEFAULT_PREFIX;
   static const SigningInfo DEFAULT_SIGNING_INFO;

   // RsaKeyParams is set to be default for backward compatibility.
   static const RsaKeyParams DEFAULT_KEY_PARAMS;

   typedef std::map<std::string, Block> SignParams;

 private:
   std::unique_ptr<SecPublicInfo> m_pib;
   std::unique_ptr<SecTpm> m_tpm;
   time::milliseconds m_lastTimestamp;
 };

 template<typename T>
 void
 KeyChain::signImpl(T& packet, const SigningInfo& params)
 {
   Name keyName;
   SignatureInfo sigInfo;
   std::tie(keyName, sigInfo) = prepareSignatureInfo(params);

   signPacketWrapper(packet, Signature(sigInfo),
                     keyName, params.getDigestAlgorithm());
 }

 template<typename T>
 void
 KeyChain::sign(T& packet, const Name& certificateName)
 {
   signImpl(packet, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certificateName));
 }

 template<typename T>
 void
 KeyChain::signByIdentity(T& packet, const Name& identityName)
 {
   signImpl(packet, SigningInfo(SigningInfo::SIGNER_TYPE_ID, identityName));
 }

 template<class PibType>
 inline void
 KeyChain::registerPib(std::initializer_list<std::string> aliases)
 {
   registerPibImpl(*aliases.begin(), aliases, [] (const std::string& locator) {
       return make_unique<PibType>(locator);
     });
 }

 template<class TpmType>
 inline void
 KeyChain::registerTpm(std::initializer_list<std::string> aliases)
 {
   registerTpmImpl(*aliases.begin(), aliases, [] (const std::string& locator) {
       return make_unique<TpmType>(locator);
     });
 }

 #define NDN_CXX_V1_KEYCHAIN_REGISTER_PIB(PibType, ...)     \
 static class NdnCxxAuto ## PibType ## PibRegistrationClass    \
 {                                                             \
 public:                                                       \
   NdnCxxAuto ## PibType ## PibRegistrationClass()             \
   {                                                           \
     ::ndn::security::v1::KeyChain::registerPib<PibType>({__VA_ARGS__});     \
   }                                                           \
 } ndnCxxAuto ## PibType ## PibRegistrationVariable

 #define NDN_CXX_V1_KEYCHAIN_REGISTER_TPM(TpmType, ...)     \
 static class NdnCxxAuto ## TpmType ## TpmRegistrationClass    \
 {                                                             \
 public:                                                       \
   NdnCxxAuto ## TpmType ## TpmRegistrationClass()             \
   {                                                           \
     ::ndn::security::v1::KeyChain::registerTpm<TpmType>({__VA_ARGS__});     \
   }                                                           \
 } ndnCxxAuto ## TpmType ## TpmRegistrationVariable

 } // namespace v1
 } // namespace security
 } // namespace ndn

 #endif // NDN_SECURITY_V1_KEY_CHAIN_HPP
ndn::security::v1::IdentityCertificate
Definition: identity-certificate.hpp:34

ndn::security::v1::KeyChain::isLocked
bool isLocked() const
Definition: v1/key-chain.hpp:694

ndn::security::v1::KeyChain::setInTerminal
void setInTerminal(bool inTerminal)
Definition: v1/key-chain.hpp:682

ndn::security::v1::KeyChain::deleteIdentity
void deleteIdentity(const Name &identity)
delete an identity.
Definition: v1/key-chain.cpp:815

ndn
Copyright (c) 2013-2017 Regents of the University of California.
Definition: common.hpp:75

ndn::security::v1::KeyChain::createTpm
static unique_ptr< SecTpm > createTpm(const std::string &tpmLocator)
Create a TPM according to tpmLocator.
Definition: v1/key-chain.cpp:244

ndn::SignatureInfo
Represents a SignatureInfo TLV element.
Definition: signature-info.hpp:33

ndn::security::v1::KeyChain::registerTpm
static void registerTpm(std::initializer_list< std::string > aliases)
Register a new TPM.
Definition: v1/key-chain.hpp:923

ndn::security::v1::KeyChain::addKey
void addKey(const Name &keyName, const PublicKey &publicKeyDer)
Definition: v1/key-chain.hpp:489

ndn::security::v1::KeyChain::signInTpm
Block signInTpm(const uint8_t *data, size_t dataLength, const Name &keyName, DigestAlgorithm digestAlgorithm)
Definition: v1/key-chain.hpp:724

ndn::security::v1::KeyChain::getAllCertificateNames
void getAllCertificateNames(std::vector< Name > &nameList, bool isDefault) const
Definition: v1/key-chain.hpp:565

ndn::security::v1::KeyChain::MismatchError::MismatchError
MismatchError(const std::string &what)
Definition: v1/key-chain.hpp:69

ndn::security::v1::KeyChain::createIdentity
Name createIdentity(const Name &identityName, const KeyParams &params=DEFAULT_KEY_PARAMS)
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed ce...
Definition: v1/key-chain.cpp:293

ndn::security::v1::KeyChain::getSignatureType
static tlv::SignatureTypeValue getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm)
Definition: v1/key-chain.cpp:828

ndn::security::v1::KeyChain::doesCertificateExist
bool doesCertificateExist(const Name &certificateName) const
Definition: v1/key-chain.hpp:501

ndn::security::v1::KeyChain::setDefaultKeyNameForIdentity
void setDefaultKeyNameForIdentity(const Name &keyName)
Definition: v1/key-chain.hpp:603

ndn::security::v1::KeyChain::DEFAULT_PREFIX
static const Name DEFAULT_PREFIX
Definition: v1/key-chain.hpp:872

ndn::security::v1::KeyChain::getTpm
const SecTpm & getTpm() const
Definition: v1/key-chain.hpp:456

ndn::security::v1::KeyChain::generateEcKeyPair
Name generateEcKeyPair(const Name &identityName, bool isKsk=false, uint32_t keySize=256)
Generate a pair of EC keys for the specified identity.
Definition: v1/key-chain.cpp:334

std
STL namespace.

ndn::security::v1::KeyChain::Error
Definition: v1/key-chain.hpp:51

ndn::security::v1::KeyChain::encryptInTpm
ConstBufferPtr encryptInTpm(const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)
Definition: v1/key-chain.hpp:738

ndn::security::v1::KeyChain::getPib
SecPublicInfo & getPib()
Definition: v1/key-chain.hpp:438

ndn::Block
Represents a TLV element of NDN packet format.
Definition: block.hpp:42

ndn::security::v1::KeyChain::addCertificateAsKeyDefault
void addCertificateAsKeyDefault(const IdentityCertificate &certificate)
Definition: v1/key-chain.hpp:633

ndn::security::v1::KeyChain::sign
void sign(Data &data, const SigningInfo &params=DEFAULT_SIGNING_INFO)
Sign data according to the supplied signing information.
Definition: v1/key-chain.cpp:513

ndn::Interest
represents an Interest packet
Definition: interest.hpp:42

ndn::security::v1::KeyChain::getPublicKey
shared_ptr< PublicKey > getPublicKey(const Name &keyName) const
Definition: v1/key-chain.hpp:495

ndn::security::v1::KeyChain::getDefaultCertificateNameForKey
Name getDefaultCertificateNameForKey(const Name &keyName) const
Definition: v1/key-chain.hpp:541

ndn::security::v1::KeyChain::getInTerminal
bool getInTerminal() const
Definition: v1/key-chain.hpp:688

ndn::security::v1::KeyChain::getAllCertificateNamesOfKey
void getAllCertificateNamesOfKey(const Name &keyName, std::vector< Name > &nameList, bool isDefault) const
Definition: v1/key-chain.hpp:571

ndn::security::v1::KeyChain::generateRandomBlock
bool generateRandomBlock(uint8_t *res, size_t size) const
Definition: v1/key-chain.hpp:756

ndn::security::v1::KeyChain::signByIdentity
void signByIdentity(T &packet, const Name &identityName)
Sign packet using the default certificate of a particular identity.
Definition: v1/key-chain.hpp:907

sec-public-info.hpp

ndn::security::v1::SecuredBag
Definition: secured-bag.hpp:32

ndn::security::SigningInfo
Signing parameters passed to KeyChain.
Definition: signing-info.hpp:40

ndn::security::v1::KeyChain::addCertificateAsIdentityDefault
void addCertificateAsIdentityDefault(const IdentityCertificate &certificate)
Definition: v1/key-chain.hpp:639

ndn::security::v1::KeyChain::exportPrivateKeyPkcs5FromTpm
ConstBufferPtr exportPrivateKeyPkcs5FromTpm(const Name &keyName, const std::string &password)
Definition: v1/key-chain.hpp:768

ndn::security::v1::KeyChain::resetTpmPassword
void resetTpmPassword()
Definition: v1/key-chain.hpp:676

ndn::security::v1::KeyChain::getNewKeyName
Name getNewKeyName(const Name &identityName, bool useKsk)
Definition: v1/key-chain.hpp:615

ndn::security::v1::KeyChain::getDefaultKeyParamsForIdentity
const KeyParams & getDefaultKeyParamsForIdentity(const Name &identityName) const
Get default key parameters for the specified identity.
Definition: v1/key-chain.cpp:653

ndn::security::v1::KeyChain::getDefaultCertificateName
Name getDefaultCertificateName() const
Definition: v1/key-chain.hpp:627

ndn::security::v1::KeyChain::generateRsaKeyPairAsDefault
Name generateRsaKeyPairAsDefault(const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
Generate a pair of RSA keys for the specified identity and set it as default key for the identity...
Definition: v1/key-chain.cpp:341

ndn::KeyType
KeyType
Definition: security-common.hpp:84

ndn::security::v1::KeyChain::addAppToAcl
void addAppToAcl(const Name &keyName, KeyClass keyClass, const std::string &appPath, AclType acl)
Definition: v1/key-chain.hpp:762

ndn::security::v1::KeyChain::prepareUnsignedIdentityCertificate
shared_ptr< IdentityCertificate > prepareUnsignedIdentityCertificate(const Name &keyName, const Name &signingIdentity, const time::system_clock::TimePoint &notBefore, const time::system_clock::TimePoint &notAfter, const std::vector< CertificateSubjectDescription > &subjectDescription, const Name &certPrefix=DEFAULT_PREFIX)
prepare an unsigned identity certificate
Definition: v1/key-chain.cpp:362

ndn::security::v1::KeyChain::signWithSha256
void signWithSha256(Data &data)
Set Sha256 weak signature for data.
Definition: v1/key-chain.cpp:772

sec-tpm.hpp

ndn::security::v1::KeyChain::exportIdentity
shared_ptr< SecuredBag > exportIdentity(const Name &identity, const std::string &passwordStr)
export an identity.
Definition: v1/key-chain.cpp:599

ndn::security::v1::KeyChain::doesKeyExistInTpm
bool doesKeyExistInTpm(const Name &keyName, KeyClass keyClass) const
Definition: v1/key-chain.hpp:750

ndn::security::v1::KeyChain::deleteIdentityInfo
void deleteIdentityInfo(const Name &identity)
Definition: v1/key-chain.hpp:591

ndn::security::v1::KeyChain::deleteKeyPairInTpm
void deleteKeyPairInTpm(const Name &keyName)
Definition: v1/key-chain.hpp:712

ndn::AclType
AclType
Definition: security-common.hpp:128

ndn::security::v1::KeyChain::setDefaultCertificateNameForKey
void setDefaultCertificateNameForKey(const Name &certificateName)
Definition: v1/key-chain.hpp:609

ndn::security::v1::KeyChain::importIdentity
void importIdentity(const SecuredBag &securedBag, const std::string &passwordStr)
import an identity.
Definition: v1/key-chain.cpp:628

ndn::security::v1::KeyChain::generateRsaKeyPair
Name generateRsaKeyPair(const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
Generate a pair of RSA keys for the specified identity.
Definition: v1/key-chain.cpp:327

ndn::security::v1::KeyChain::addPublicKey
void addPublicKey(const Name &keyName, KeyType keyType, const PublicKey &publicKeyDer)
Definition: v1/key-chain.hpp:483

ndn::security::v1::KeyChain::addCertificate
void addCertificate(const IdentityCertificate &certificate)
Definition: v1/key-chain.hpp:507

ndn::security::v1::SecPublicInfo
SecPublicInfo is a base class for the storage of public information.
Definition: v1/sec-public-info.hpp:40

ndn::security::v1::KeyChain::getPublicKeyFromTpm
shared_ptr< PublicKey > getPublicKeyFromTpm(const Name &keyName) const
Definition: v1/key-chain.hpp:718

ndn::security::v1::KeyChain::setDefaultIdentity
void setDefaultIdentity(const Name &identityName)
Definition: v1/key-chain.hpp:597

ndn::security::v1::KeyChain::setTpmPassword
void setTpmPassword(const uint8_t *password, size_t passwordLength)
Definition: v1/key-chain.hpp:670

ndn::security::v1::KeyChain::SignParams
std::map< std::string, Block > SignParams
Definition: v1/key-chain.hpp:878

ndn::Name
Represents an absolute name.
Definition: name.hpp:42

ndn::security::v1::KeyChain::doesPublicKeyExist
bool doesPublicKeyExist(const Name &keyName) const
Definition: v1/key-chain.hpp:477

ndn::security::SigningInfo::SIGNER_TYPE_CERT
signer is a certificate, use it directly
Definition: signing-info.hpp:61

secured-bag.hpp

ndn::security::v1::KeyChain::unlockTpm
bool unlockTpm(const char *password, size_t passwordLength, bool usePassword)
Definition: v1/key-chain.hpp:700

ndn::security::v1::KeyChain::DEFAULT_KEY_PARAMS
static const RsaKeyParams DEFAULT_KEY_PARAMS
Definition: v1/key-chain.hpp:876

ndn::security::v1::KeyChain::deleteCertificateInfo
void deleteCertificateInfo(const Name &certificateName)
Definition: v1/key-chain.hpp:579

ndn::security::v1::KeyChain::~KeyChain
virtual ~KeyChain()
Definition: v1/key-chain.cpp:163

ndn::time::system_clock::TimePoint
time_point TimePoint
Definition: time.hpp:90

ndn::security::v1::KeyChain::getDefaultPibLocator
static std::string getDefaultPibLocator()
Get default PIB locator.
Definition: v1/key-chain.cpp:181

ndn::KeyClass
KeyClass
Definition: security-common.hpp:94

ndn::security::v1::KeyChain::generateEcKeyPairAsDefault
Name generateEcKeyPairAsDefault(const Name &identityName, bool isKsk=false, uint32_t keySize=256)
Generate a pair of EC keys for the specified identity and set it as default key for the identity...
Definition: v1/key-chain.cpp:351

ndn::security::v1::KeyChain::deleteCertificate
void deleteCertificate(const Name &certificateName)
delete a certificate.
Definition: v1/key-chain.cpp:802

ndn::security::v1::KeyChain::KeyChain
KeyChain()
Constructor to create KeyChain with default PIB and TPM.
Definition: v1/key-chain.cpp:121

ndn::security::v1::KeyChain::getAllIdentities
void getAllIdentities(std::vector< Name > &nameList, bool isDefault) const
Definition: v1/key-chain.hpp:547

ndn::security::v1::SecTpm
SecTpm is the base class of the TPM classes.
Definition: v1/sec-tpm.hpp:43

ndn::security::v1::KeyChain::getDefaultCertificateNameForIdentity
Name getDefaultCertificateNameForIdentity(const Name &identityName) const
Definition: v1/key-chain.hpp:621

ndn::tlv::SignatureTypeValue
SignatureTypeValue
Definition: encoding/tlv.hpp:99

ndn::security::v1::KeyChain
The packet signing interface.
Definition: v1/key-chain.hpp:48

ndn::security::v1::KeyChain::MismatchError
Error thrown when the supplied TPM locator to KeyChain constructor does not match the locator stored ...
Definition: v1/key-chain.hpp:65

ndn::security::v1::KeyChain::getDefaultKeyNameForIdentity
Name getDefaultKeyNameForIdentity(const Name &identityName) const
Definition: v1/key-chain.hpp:525

ndn::security::v1::KeyChain::decryptInTpm
ConstBufferPtr decryptInTpm(const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)
Definition: v1/key-chain.hpp:732

ndn::security::v1::KeyChain::getPib
const SecPublicInfo & getPib() const
Definition: v1/key-chain.hpp:444

ndn::security::v1::KeyChain::getDefaultIdentity
Name getDefaultIdentity() const
Definition: v1/key-chain.hpp:519

ndn::security::v1::KeyChain::addCertificateAsSystemDefault
void addCertificateAsSystemDefault(const IdentityCertificate &certificate)
Definition: v1/key-chain.hpp:645

ndn::security::v1::KeyChain::getCertificate
shared_ptr< IdentityCertificate > getCertificate(const Name &certificateName) const
Definition: v1/key-chain.hpp:513

ndn::KeyParams
Base class of key parameters.
Definition: key-params.hpp:36

ndn::security::SigningInfo::SIGNER_TYPE_ID
signer is an identity, use its default key and default certificate
Definition: signing-info.hpp:57

ndn::security::v1::KeyChain::Error::Error
Error(const std::string &what)
Definition: v1/key-chain.hpp:55

ndn::security::v1::KeyChain::getTpm
SecTpm & getTpm()
Definition: v1/key-chain.hpp:450

ndn::security::v1::KeyChain::getAllKeyNamesOfIdentity
void getAllKeyNamesOfIdentity(const Name &identity, std::vector< Name > &nameList, bool isDefault) const
Definition: v1/key-chain.hpp:559

ndn::security::v1::KeyChain::DEFAULT_SIGNING_INFO
static const SigningInfo DEFAULT_SIGNING_INFO
Definition: v1/key-chain.hpp:873

ndn::security::v1::KeyChain::doesIdentityExist
bool doesIdentityExist(const Name &identityName) const
Definition: v1/key-chain.hpp:465

ndn::security::v1::KeyChain::selfSign
shared_ptr< IdentityCertificate > selfSign(const Name &keyName)
Generate a self-signed certificate for a public key.
Definition: v1/key-chain.cpp:553

ndn::security::v1::KeyChain::generateKeyPairInTpm
void generateKeyPairInTpm(const Name &keyName, const KeyParams &params)
Definition: v1/key-chain.hpp:706

ndn::security::v1::PublicKey
Definition: v1/public-key.hpp:43

ndn::ConstBufferPtr
shared_ptr< const Buffer > ConstBufferPtr
Definition: buffer.hpp:33

ndn::security::v1::KeyChain::deleteKey
void deleteKey(const Name &keyName)
delete a key.
Definition: v1/key-chain.cpp:808

ndn::security::v1::KeyChain::getAllKeyNames
void getAllKeyNames(std::vector< Name > &nameList, bool isDefault) const
Definition: v1/key-chain.hpp:553

ndn::security::v1::KeyChain::deletePublicKeyInfo
void deletePublicKeyInfo(const Name &keyName)
Definition: v1/key-chain.hpp:585

ndn::Data
Represents a Data packet.
Definition: data.hpp:35

ndn::SimplePublicKeyParams
SimplePublicKeyParams is a template for public keys with only one parameter: size.
Definition: key-params.hpp:150

ndn::security::SigningInfo::getDigestAlgorithm
DigestAlgorithm getDigestAlgorithm() const
Definition: signing-info.hpp:205

ndn::security::v1::KeyChain::importPrivateKeyPkcs5IntoTpm
bool importPrivateKeyPkcs5IntoTpm(const Name &keyName, const uint8_t *buf, size_t size, const std::string &password)
Definition: v1/key-chain.hpp:774

ndn::security::v1::KeyChain::TpmCreateFunc
function< unique_ptr< SecTpm >const std::string &)> TpmCreateFunc
Definition: v1/key-chain.hpp:76

ndn::security::v1::KeyChain::PibCreateFunc
function< unique_ptr< SecPublicInfo >const std::string &)> PibCreateFunc
Definition: v1/key-chain.hpp:75

ndn::security::v1::KeyChain::getDefaultCertificate
shared_ptr< IdentityCertificate > getDefaultCertificate() const
Definition: v1/key-chain.hpp:651

ndn::DigestAlgorithm
DigestAlgorithm
Definition: security-common.hpp:104

ndn::security::v1::KeyChain::generateSymmetricKeyInTpm
void generateSymmetricKeyInTpm(const Name &keyName, const KeyParams &params)
Definition: v1/key-chain.hpp:744

security

ndn::security::v1::KeyChain::createPib
static unique_ptr< SecPublicInfo > createPib(const std::string &pibLocator)
Create a PIB according to pibLocator.
Definition: v1/key-chain.cpp:207

ndn::security::v1::KeyChain::getDefaultTpmLocator
static std::string getDefaultTpmLocator()
Get default TPM locator.
Definition: v1/key-chain.cpp:219

ndn::security::v1::KeyChain::registerPib
static void registerPib(std::initializer_list< std::string > aliases)
Register a new PIB.
Definition: v1/key-chain.hpp:914

ndn::Signature
Holds SignatureInfo and SignatureValue in a Data packet.
Definition: signature.hpp:37

ndn::security::v1::KeyChain::refreshDefaultCertificate
void refreshDefaultCertificate()
Definition: v1/key-chain.hpp:660

ndn::security::v1::KeyChain::addIdentity
void addIdentity(const Name &identityName)
Definition: v1/key-chain.hpp:471