dd/d36/key-chain_8hpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */

 /*

  * Copyright (c) 2013-2021 Regents of the University of California.

  *

  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).

  *

  * ndn-cxx library is free software: you can redistribute it and/or modify it under the

  * terms of the GNU Lesser General Public License as published by the Free Software

  * Foundation, either version 3 of the License, or (at your option) any later version.

  *

  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY

  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A

  * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.

  *

  * You should have received copies of the GNU General Public License and GNU Lesser

  * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see

  * <http://www.gnu.org/licenses/>.

  *

  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.

  */


 #ifndef NDN_CXX_SECURITY_KEY_CHAIN_HPP

 #define NDN_CXX_SECURITY_KEY_CHAIN_HPP


 #include "ndn-cxx/interest.hpp"

 #include "ndn-cxx/security/certificate.hpp"

 #include "ndn-cxx/security/key-params.hpp"

 #include "ndn-cxx/security/pib/pib.hpp"

 #include "ndn-cxx/security/safe-bag.hpp"

 #include "ndn-cxx/security/signing-info.hpp"

 #include "ndn-cxx/security/tpm/tpm.hpp"


 namespace ndn {

 namespace security {

 inline namespace v2 {


 class KeyChain : noncopyable

 {

 public:

   class Error : public std::runtime_error

   {

   public:

     using std::runtime_error::runtime_error;

   };


   class LocatorMismatchError : public Error

   {

   public:

     using Error::Error;

   };


   class InvalidSigningInfoError : public Error

   {

   public:

     using Error::Error;

   };


   KeyChain();


   KeyChain(const std::string& pibLocator, const std::string& tpmLocator, bool allowReset = false);


   ~KeyChain();


   const Pib&

   getPib() const noexcept

   {

     return *m_pib;

   }


   const Tpm&

   getTpm() const noexcept

   {

     return *m_tpm;

   }


   static const KeyParams&

   getDefaultKeyParams();


 public: // Identity management

   Identity

   createIdentity(const Name& identityName, const KeyParams& params = getDefaultKeyParams());


   void

   deleteIdentity(const Identity& identity);


   void

   setDefaultIdentity(const Identity& identity);


 public: // Key management

   Key

   createKey(const Identity& identity, const KeyParams& params = getDefaultKeyParams());


   Name

   createHmacKey(const Name& prefix = SigningInfo::getHmacIdentity(),

                 const HmacKeyParams& params = HmacKeyParams());


   void

   deleteKey(const Identity& identity, const Key& key);


   void

   setDefaultKey(const Identity& identity, const Key& key);


 public: // Certificate management

   void

   addCertificate(const Key& key, const Certificate& certificate);


   void

   deleteCertificate(const Key& key, const Name& certificateName);


   void

   setDefaultCertificate(const Key& key, const Certificate& certificate);


 public: // signing

   void

   sign(Data& data, const SigningInfo& params = SigningInfo());


   void

   sign(Interest& interest, const SigningInfo& params = SigningInfo());


 public: // export & import

   shared_ptr<SafeBag>

   exportSafeBag(const Certificate& certificate, const char* pw, size_t pwLen);


   void

   importSafeBag(const SafeBag& safeBag, const char* pw, size_t pwLen);


   void

   importPrivateKey(const Name& keyName, shared_ptr<transform::PrivateKey> key);


 public: // PIB & TPM backend registry

   template<class PibBackendType>

   static void

   registerPibBackend(const std::string& scheme)

   {

     getPibFactories().emplace(scheme, [] (const std::string& locator) {

       return shared_ptr<pib::PibImpl>(new PibBackendType(locator));

     });

   }


   template<class TpmBackendType>

   static void

   registerTpmBackend(const std::string& scheme)

   {

     getTpmFactories().emplace(scheme, [] (const std::string& locator) {

       return unique_ptr<tpm::BackEnd>(new TpmBackendType(locator));

     });

   }


 private:

   using PibFactories = std::map<std::string, std::function<shared_ptr<pib::PibImpl>(const std::string&)>>;

   using TpmFactories = std::map<std::string, std::function<unique_ptr<tpm::BackEnd>(const std::string&)>>;


   static PibFactories&

   getPibFactories();


   static TpmFactories&

   getTpmFactories();


   static std::tuple<std::string/*type*/, std::string/*location*/>

   parseAndCheckPibLocator(const std::string& pibLocator);


   static std::tuple<std::string/*type*/, std::string/*location*/>

   parseAndCheckTpmLocator(const std::string& tpmLocator);


   static const std::string&

   getDefaultPibScheme();


   static const std::string&

   getDefaultTpmScheme();


   static unique_ptr<Pib>

   createPib(const std::string& pibLocator);


   static unique_ptr<Tpm>

   createTpm(const std::string& tpmLocator);


 NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:

   static const std::string&

   getDefaultPibLocator();


   static const std::string&

   getDefaultTpmLocator();


   static tlv::SignatureTypeValue

   getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm);


 private: // signing

   Certificate

   selfSign(Key& key);


   std::tuple<Name, SignatureInfo>

   prepareSignatureInfo(const SigningInfo& params);


   ConstBufferPtr

   sign(const InputBuffers& bufs, const Name& keyName, DigestAlgorithm digestAlgorithm) const;


 private:

   unique_ptr<Pib> m_pib;

   unique_ptr<Tpm> m_tpm;


   static std::string s_defaultPibLocator;

   static std::string s_defaultTpmLocator;

 };


 #define NDN_CXX_KEYCHAIN_REGISTER_PIB_BACKEND(PibType)     \

 static class NdnCxxAuto ## PibType ## PibRegistrationClass    \

 {                                                             \

 public:                                                       \

   NdnCxxAuto ## PibType ## PibRegistrationClass()             \

   {                                                           \

     ::ndn::security::KeyChain::registerPibBackend<PibType>(PibType::getScheme()); \

   }                                                           \

 } ndnCxxAuto ## PibType ## PibRegistrationVariable


 #define NDN_CXX_KEYCHAIN_REGISTER_TPM_BACKEND(TpmType)     \

 static class NdnCxxAuto ## TpmType ## TpmRegistrationClass    \

 {                                                             \

 public:                                                       \

   NdnCxxAuto ## TpmType ## TpmRegistrationClass()             \

   {                                                           \

     ::ndn::security::KeyChain::registerTpmBackend<TpmType>(TpmType::getScheme()); \

   }                                                           \

 } ndnCxxAuto ## TpmType ## TpmRegistrationVariable


 } // inline namespace v2

 } // namespace security


 using security::KeyChain;


 } // namespace ndn


 #endif // NDN_CXX_SECURITY_KEY_CHAIN_HPP

certificate.hpp

ndn::Data
Represents a Data packet.
Definition: data.hpp:38

ndn::Interest
Represents an Interest packet.
Definition: interest.hpp:50

ndn::KeyParams
Base class for key parameters.
Definition: key-params.hpp:36

ndn::Name
Represents an absolute name.
Definition: name.hpp:46

ndn::SimpleSymmetricKeyParams
SimpleSymmetricKeyParams is a template for symmetric keys with only one parameter: size.
Definition: key-params.hpp:257

ndn::security::SafeBag
A secured container for sensitive information (certificate, private key)
Definition: safe-bag.hpp:39

ndn::security::SigningInfo
Signing parameters passed to KeyChain.
Definition: signing-info.hpp:53

ndn::security::SigningInfo::getHmacIdentity
static const Name & getHmacIdentity()
A localhost identity to indicate that the signature is generated using an HMAC key.
Definition: signing-info.cpp:41

ndn::security::pib::Identity
A frontend handle of an Identity.
Definition: identity.hpp:48

ndn::security::pib::Key
A frontend handle of a key instance.
Definition: key.hpp:50

ndn::security::pib::Pib
represents the PIB
Definition: pib.hpp:53

ndn::security::tpm::Tpm
TPM front-end class.
Definition: tpm.hpp:66

ndn::security::v2::Certificate
Represents an NDN certificate following the version 2.0 format.
Definition: certificate.hpp:61

ndn::security::v2::KeyChain::Error
Definition: key-chain.hpp:49

ndn::security::v2::KeyChain::InvalidSigningInfoError
Error indicating that the supplied SigningInfo is invalid.
Definition: key-chain.hpp:67

ndn::security::v2::KeyChain::LocatorMismatchError
Error indicating that the supplied TPM locator does not match the locator stored in PIB.
Definition: key-chain.hpp:58

ndn::security::KeyChain
The interface of signing key management.
Definition: key-chain.hpp:46

ndn::security::v2::KeyChain::setDefaultIdentity
void setDefaultIdentity(const Identity &identity)
Set identity as the default identity.
Definition: key-chain.cpp:250

ndn::security::v2::KeyChain::deleteKey
void deleteKey(const Identity &identity, const Key &key)
Delete a key key of identity.
Definition: key-chain.cpp:281

ndn::security::v2::KeyChain::setDefaultCertificate
void setDefaultCertificate(const Key &key, const Certificate &certificate)
Set cert as the default certificate of key.
Definition: key-chain.cpp:341

ndn::security::v2::KeyChain::getTpm
const Tpm & getTpm() const noexcept
Definition: key-chain.hpp:105

ndn::security::v2::KeyChain::~KeyChain
~KeyChain()

ndn::security::v2::KeyChain::createIdentity
Identity createIdentity(const Name &identityName, const KeyParams &params=getDefaultKeyParams())
Create an identity identityName.
Definition: key-chain.cpp:212

ndn::security::v2::KeyChain::createKey
Key createKey(const Identity &identity, const KeyParams &params=getDefaultKeyParams())
Create a new key for identity.
Definition: key-chain.cpp:258

ndn::security::v2::KeyChain::deleteIdentity
void deleteIdentity(const Identity &identity)
delete identity.
Definition: key-chain.cpp:236

ndn::security::v2::KeyChain::getDefaultKeyParams
static const KeyParams & getDefaultKeyParams()
Definition: key-chain.cpp:147

ndn::security::v2::KeyChain::sign
void sign(Data &data, const SigningInfo &params=SigningInfo())
Sign a Data packet according to the supplied signing information.
Definition: key-chain.cpp:442

ndn::security::v2::KeyChain::deleteCertificate
void deleteCertificate(const Key &key, const Name &certificateName)
delete a certificate with name certificateName of key.
Definition: key-chain.cpp:329

ndn::security::v2::KeyChain::setDefaultKey
void setDefaultKey(const Identity &identity, const Key &key)
Set key as the default key of identity.
Definition: key-chain.cpp:297

ndn::security::v2::KeyChain::importSafeBag
void importSafeBag(const SafeBag &safeBag, const char *pw, size_t pwLen)
Import a certificate and its corresponding private key from a SafeBag.
Definition: key-chain.cpp:367

ndn::security::v2::KeyChain::getPib
const Pib & getPib() const noexcept
Definition: key-chain.hpp:99

ndn::security::v2::KeyChain::createHmacKey
Name createHmacKey(const Name &prefix=SigningInfo::getHmacIdentity(), const HmacKeyParams &params=HmacKeyParams())
Create a new HMAC key.
Definition: key-chain.cpp:275

ndn::security::v2::KeyChain::importPrivateKey
void importPrivateKey(const Name &keyName, shared_ptr< transform::PrivateKey > key)
Import a private key into the TPM.
Definition: key-chain.cpp:425

ndn::security::v2::KeyChain::addCertificate
void addCertificate(const Key &key, const Certificate &certificate)
Add a certificate certificate for key.
Definition: key-chain.cpp:310

ndn::security::v2::KeyChain::KeyChain
KeyChain()
Constructor to create KeyChain with default PIB and TPM.
Definition: key-chain.cpp:155

ndn::security::v2::KeyChain::registerTpmBackend
static void registerTpmBackend(const std::string &scheme)
Register a new TPM backend.
Definition: key-chain.hpp:353

ndn::security::v2::KeyChain::registerPibBackend
static void registerPibBackend(const std::string &scheme)
Register a new PIB backend.
Definition: key-chain.hpp:338

ndn::security::v2::KeyChain::exportSafeBag
shared_ptr< SafeBag > exportSafeBag(const Certificate &certificate, const char *pw, size_t pwLen)
Export a certificate and its corresponding private key.
Definition: key-chain.cpp:350

NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE
#define NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE
Definition: common.hpp:48

interest.hpp

key-params.hpp

ndn::tlv::SignatureTypeValue
SignatureTypeValue
SignatureType values.
Definition: tlv.hpp:132

ndn
Definition: data.cpp:25

ndn::HmacKeyParams
SimpleSymmetricKeyParams< detail::HmacKeyParamsInfo > HmacKeyParams
HmacKeyParams carries parameters for HMAC key.
Definition: key-params.hpp:309

ndn::ConstBufferPtr
shared_ptr< const Buffer > ConstBufferPtr
Definition: buffer.hpp:139

ndn::KeyType
KeyType
The type of a cryptographic key.
Definition: security-common.hpp:95

ndn::DigestAlgorithm
DigestAlgorithm
Definition: security-common.hpp:106

pib.hpp

safe-bag.hpp

signing-info.hpp

tpm.hpp

bufs
InputBuffers bufs
Definition: verification-helpers.cpp:57