dd/d36/key-chain_8hpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
  * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
  * terms of the GNU Lesser General Public License as published by the Free Software
  * Foundation, either version 3 of the License, or (at your option) any later version.
  *
  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
  * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
  *
  * You should have received copies of the GNU General Public License and GNU Lesser
  * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
  * <http://www.gnu.org/licenses/>.
  *
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */

 #ifndef NDN_SECURITY_KEY_CHAIN_HPP
 #define NDN_SECURITY_KEY_CHAIN_HPP

 #include "ndn-cxx/interest.hpp"
 #include "ndn-cxx/security/certificate.hpp"
 #include "ndn-cxx/security/key-params.hpp"
 #include "ndn-cxx/security/pib/pib.hpp"
 #include "ndn-cxx/security/safe-bag.hpp"
 #include "ndn-cxx/security/signing-info.hpp"
 #include "ndn-cxx/security/tpm/tpm.hpp"

 namespace ndn {
 namespace security {
 inline namespace v2 {

 class KeyChain : noncopyable
 {
 public:
   class Error : public std::runtime_error
   {
   public:
     using std::runtime_error::runtime_error;
   };

   class LocatorMismatchError : public Error
   {
   public:
     using Error::Error;
   };

   class InvalidSigningInfoError : public Error
   {
   public:
     using Error::Error;
   };

   KeyChain();

   KeyChain(const std::string& pibLocator, const std::string& tpmLocator, bool allowReset = false);

   ~KeyChain();

   const Pib&
   getPib() const
   {
     return *m_pib;
   }

   const Tpm&
   getTpm() const
   {
     return *m_tpm;
   }

 public: // Identity management
   Identity
   createIdentity(const Name& identityName, const KeyParams& params = getDefaultKeyParams());

   void
   deleteIdentity(const Identity& identity);

   void
   setDefaultIdentity(const Identity& identity);

 public: // Key management
   Key
   createKey(const Identity& identity, const KeyParams& params = getDefaultKeyParams());

   Name
   createHmacKey(const Name& prefix = SigningInfo::getHmacIdentity(),
                 const HmacKeyParams& params = HmacKeyParams());

   void
   deleteKey(const Identity& identity, const Key& key);

   void
   setDefaultKey(const Identity& identity, const Key& key);

 public: // Certificate management
   void
   addCertificate(const Key& key, const Certificate& certificate);

   void
   deleteCertificate(const Key& key, const Name& certificateName);

   void
   setDefaultCertificate(const Key& key, const Certificate& certificate);

 public: // signing
   void
   sign(Data& data, const SigningInfo& params = SigningInfo());

   void
   sign(Interest& interest, const SigningInfo& params = SigningInfo());

   [[deprecated("sign Interests and Data directly")]]
   Block
   sign(const uint8_t* buffer, size_t bufferLength, const SigningInfo& params = SigningInfo());

 public: // export & import
   shared_ptr<SafeBag>
   exportSafeBag(const Certificate& certificate, const char* pw, size_t pwLen);

   void
   importSafeBag(const SafeBag& safeBag, const char* pw, size_t pwLen);

   void
   importPrivateKey(const Name& keyName, shared_ptr<transform::PrivateKey> key);

 NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
   static tlv::SignatureTypeValue
   getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm);

 public: // PIB & TPM backend registry
   template<class PibBackendType>
   static void
   registerPibBackend(const std::string& scheme);

   template<class TpmBackendType>
   static void
   registerTpmBackend(const std::string& scheme);

 private:
   typedef std::map<std::string, function<std::shared_ptr<pib::PibImpl>(const std::string& location)>> PibFactories;
   typedef std::map<std::string, function<unique_ptr<tpm::BackEnd>(const std::string& location)>> TpmFactories;

   static PibFactories&
   getPibFactories();

   static TpmFactories&
   getTpmFactories();

   static std::tuple<std::string/*type*/, std::string/*location*/>
   parseAndCheckPibLocator(const std::string& pibLocator);

   static std::tuple<std::string/*type*/, std::string/*location*/>
   parseAndCheckTpmLocator(const std::string& tpmLocator);

   static const std::string&
   getDefaultPibScheme();

   static const std::string&
   getDefaultTpmScheme();

   static unique_ptr<Pib>
   createPib(const std::string& pibLocator);

   static unique_ptr<Tpm>
   createTpm(const std::string& tpmLocator);

 NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
   static const std::string&
   getDefaultPibLocator();

   static const std::string&
   getDefaultTpmLocator();

 private: // signing
   Certificate
   selfSign(Key& key);

   std::tuple<Name, SignatureInfo>
   prepareSignatureInfo(const SigningInfo& params);

   ConstBufferPtr
   sign(const InputBuffers& bufs, const Name& keyName, DigestAlgorithm digestAlgorithm) const;

 public:
   [[deprecated("use default constructor for SigningInfo")]]
   static const SigningInfo&
   getDefaultSigningInfo();

   static const KeyParams&
   getDefaultKeyParams();

 private:
   std::unique_ptr<Pib> m_pib;
   std::unique_ptr<Tpm> m_tpm;

   static std::string s_defaultPibLocator;
   static std::string s_defaultTpmLocator;
 };

 template<class PibType>
 inline void
 KeyChain::registerPibBackend(const std::string& scheme)
 {
   getPibFactories().emplace(scheme, [] (const std::string& locator) {
       return std::shared_ptr<pib::PibImpl>(new PibType(locator));
     });
 }

 template<class TpmType>
 inline void
 KeyChain::registerTpmBackend(const std::string& scheme)
 {
   getTpmFactories().emplace(scheme, [] (const std::string& locator) {
       return unique_ptr<tpm::BackEnd>(new TpmType(locator));
     });
 }

 #define NDN_CXX_KEYCHAIN_REGISTER_PIB_BACKEND(PibType)     \
 static class NdnCxxAuto ## PibType ## PibRegistrationClass    \
 {                                                             \
 public:                                                       \
   NdnCxxAuto ## PibType ## PibRegistrationClass()             \
   {                                                           \
     ::ndn::security::v2::KeyChain::registerPibBackend<PibType>(PibType::getScheme()); \
   }                                                           \
 } ndnCxxAuto ## PibType ## PibRegistrationVariable

 #define NDN_CXX_KEYCHAIN_REGISTER_TPM_BACKEND(TpmType)     \
 static class NdnCxxAuto ## TpmType ## TpmRegistrationClass    \
 {                                                             \
 public:                                                       \
   NdnCxxAuto ## TpmType ## TpmRegistrationClass()             \
   {                                                           \
     ::ndn::security::v2::KeyChain::registerTpmBackend<TpmType>(TpmType::getScheme()); \
   }                                                           \
 } ndnCxxAuto ## TpmType ## TpmRegistrationVariable

 } // inline namespace v2
 } // namespace security

 using security::v2::KeyChain;

 } // namespace ndn

 #endif // NDN_SECURITY_KEY_CHAIN_HPP
ndn::security::v2::KeyChain::deleteKey
void deleteKey(const Identity &identity, const Key &key)
Delete a key key of identity.
Definition: key-chain.cpp:292

ndn
Definition: data.cpp:26

ndn::security::v2::Certificate
The certificate following the certificate format naming convention.
Definition: certificate.hpp:81

ndn::security::v2::KeyChain
The interface of signing key management.
Definition: key-chain.hpp:45

ndn::SimpleSymmetricKeyParams
SimpleSymmetricKeyParams is a template for symmetric keys with only one parameter: size...
Definition: key-params.hpp:256

ndn::security::v2::KeyChain::addCertificate
void addCertificate(const Key &key, const Certificate &certificate)
Add a certificate certificate for key.
Definition: key-chain.cpp:321

ndn::security::v2::KeyChain::createKey
Key createKey(const Identity &identity, const KeyParams &params=getDefaultKeyParams())
Create a new key for identity.
Definition: key-chain.cpp:268

key-params.hpp

ndn::security::v2::KeyChain::KeyChain
KeyChain()
Constructor to create KeyChain with default PIB and TPM.
Definition: key-chain.cpp:165

ndn::security::v2::KeyChain::sign
void sign(Data &data, const SigningInfo &params=SigningInfo())
Sign a Data packet according to the supplied signing information.
Definition: key-chain.cpp:456

ndn::Block
Represents a TLV element of the NDN packet format.
Definition: block.hpp:42

ndn::security::v2::KeyChain::LocatorMismatchError
Error indicating that the supplied TPM locator does not match the locator stored in PIB...
Definition: key-chain.hpp:57

ndn::Interest
Represents an Interest packet.
Definition: interest.hpp:50

ndn::security::SigningInfo
Signing parameters passed to KeyChain.
Definition: signing-info.hpp:52

ndn::security::v2::KeyChain::deleteCertificate
void deleteCertificate(const Key &key, const Name &certificateName)
delete a certificate with name certificateName of key.
Definition: key-chain.cpp:340

ndn::security::tpm::Tpm
TPM front-end class.
Definition: tpm.hpp:65

ndn::HmacKeyParams
SimpleSymmetricKeyParams< detail::HmacKeyParamsInfo > HmacKeyParams
HmacKeyParams carries parameters for HMAC key.
Definition: key-params.hpp:309

ndn::security::v2::KeyChain::getPib
const Pib & getPib() const
Definition: key-chain.hpp:99

ndn::security::v2::KeyChain::createIdentity
Identity createIdentity(const Name &identityName, const KeyParams &params=getDefaultKeyParams())
Create an identity identityName.
Definition: key-chain.cpp:222

ndn::security::v2::KeyChain::importSafeBag
void importSafeBag(const SafeBag &safeBag, const char *pw, size_t pwLen)
Import a certificate and its corresponding private key from a SafeBag.
Definition: key-chain.cpp:378

ndn::KeyType
KeyType
The type of a cryptographic key.
Definition: security-common.hpp:94

ndn::security::v2::KeyChain::getTpm
const Tpm & getTpm() const
Definition: key-chain.hpp:105

ndn::security::v2::KeyChain::exportSafeBag
shared_ptr< SafeBag > exportSafeBag(const Certificate &certificate, const char *pw, size_t pwLen)
Export a certificate and its corresponding private key.
Definition: key-chain.cpp:361

ndn::security::v2::KeyChain::Error
Definition: key-chain.hpp:48

safe-bag.hpp

ndn::security::pib::Key
A frontend handle of a key instance.
Definition: key.hpp:49

ndn::security::v2::KeyChain::setDefaultCertificate
void setDefaultCertificate(const Key &key, const Certificate &certificate)
Set cert as the default certificate of key.
Definition: key-chain.cpp:352

ndn::security::v2::KeyChain::setDefaultIdentity
void setDefaultIdentity(const Identity &identity)
Set identity as the default identity.
Definition: key-chain.cpp:260

ndn::security::v2::KeyChain::registerPibBackend
static void registerPibBackend(const std::string &scheme)
Register a new PIB backend.
Definition: key-chain.hpp:463

ndn::security::v2::KeyChain::getDefaultSigningInfo
static const SigningInfo & getDefaultSigningInfo()
Definition: key-chain.cpp:150

NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE
#define NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE
Definition: common.hpp:48

ndn::security::v2::KeyChain::registerTpmBackend
static void registerTpmBackend(const std::string &scheme)
Register a new TPM backend.
Definition: key-chain.hpp:472

certificate.hpp

interest.hpp

ndn::Name
Represents an absolute name.
Definition: name.hpp:44

ndn::security::v2::KeyChain::InvalidSigningInfoError
Error indicating that the supplied SigningInfo is invalid.
Definition: key-chain.hpp:66

ndn::security::v2::KeyChain::createHmacKey
Name createHmacKey(const Name &prefix=SigningInfo::getHmacIdentity(), const HmacKeyParams &params=HmacKeyParams())
Create a new HMAC key.
Definition: key-chain.cpp:286

signing-info.hpp

ndn::security::v2::KeyChain::importPrivateKey
void importPrivateKey(const Name &keyName, shared_ptr< transform::PrivateKey > key)
Import a private key into the TPM.
Definition: key-chain.cpp:439

ndn::tlv::SignatureTypeValue
SignatureTypeValue
SignatureType values.
Definition: tlv.hpp:131

tpm.hpp

ndn::security::v2::KeyChain::deleteIdentity
void deleteIdentity(const Identity &identity)
delete identity.
Definition: key-chain.cpp:246

ndn::security::v2::KeyChain::getDefaultKeyParams
static const KeyParams & getDefaultKeyParams()
Definition: key-chain.cpp:157

ndn::security::SafeBag
a secured container for sensitive information(certificate, private key)
Definition: safe-bag.hpp:37

ndn::security::v2::KeyChain::setDefaultKey
void setDefaultKey(const Identity &identity, const Key &key)
Set key as the default key of identity.
Definition: key-chain.cpp:308

pib.hpp

ndn::KeyParams
Base class for key parameters.
Definition: key-params.hpp:35

ndn::security::pib::Identity
A frontend handle of an Identity.
Definition: identity.hpp:42

ndn::security::v2::KeyChain::~KeyChain
~KeyChain()

bufs
InputBuffers bufs
Definition: verification-helpers.cpp:56

ndn::Data
Represents a Data packet.
Definition: data.hpp:39

ndn::DigestAlgorithm
DigestAlgorithm
Definition: security-common.hpp:105

ndn::security::SigningInfo::getHmacIdentity
static const Name & getHmacIdentity()
A localhost identity to indicate that the signature is generated using an HMAC key.
Definition: signing-info.cpp:55

ndn::security::pib::Pib
represents the PIB
Definition: pib.hpp:52

ndn::ConstBufferPtr
shared_ptr< const Buffer > ConstBufferPtr
Definition: buffer.hpp:126