22 #ifndef NDN_CXX_SECURITY_KEY_CHAIN_HPP
23 #define NDN_CXX_SECURITY_KEY_CHAIN_HPP
89 class Error :
public std::runtime_error
92 using std::runtime_error::runtime_error;
133 KeyChain(
const std::string& pibLocator,
const std::string& tpmLocator,
bool allowReset =
false);
375 exportSafeBag(
const Certificate& certificate,
const char* pw,
size_t pwLen);
406 template<
class PibBackendType>
410 getPibFactories().emplace(scheme, [] (
const std::string& location) {
411 return shared_ptr<pib::PibImpl>(
new PibBackendType(location));
419 template<
class TpmBackendType>
423 getTpmFactories().emplace(scheme, [] (
const std::string& location) {
424 return unique_ptr<tpm::BackEnd>(
new TpmBackendType(location));
431 KeyChain(Locator pibLocator, Locator tpmLocator,
bool allowReset);
433 using PibFactories = std::map<std::string, std::function<shared_ptr<pib::PibImpl>(
const std::string&)>>;
434 using TpmFactories = std::map<std::string, std::function<unique_ptr<tpm::BackEnd>(
const std::string&)>>;
443 parseAndCheckPibLocator(
const std::string& pibLocator);
446 parseAndCheckTpmLocator(
const std::string& tpmLocator);
449 static const Locator&
450 getDefaultPibLocator();
452 static const Locator&
453 getDefaultTpmLocator();
455 #ifdef NDN_CXX_HAVE_TESTS
457 resetDefaultLocators();
487 std::tuple<Name, SignatureInfo>
490 static std::tuple<Name, SignatureInfo>
491 prepareSignatureInfoSha256(
const SigningInfo& params);
493 static std::tuple<Name, SignatureInfo>
496 static std::tuple<Name, SignatureInfo>
499 static std::tuple<Name, SignatureInfo>
501 const optional<Name>& certName = nullopt);
511 unique_ptr<Pib> m_pib;
512 unique_ptr<Tpm> m_tpm;
514 static Locator s_defaultPibLocator;
515 static Locator s_defaultTpmLocator;
524 #define NDN_CXX_KEYCHAIN_REGISTER_PIB_BACKEND(PibType) \
525 static class NdnCxxAuto ## PibType ## PibRegistrationClass \
528 NdnCxxAuto ## PibType ## PibRegistrationClass() \
530 ::ndn::security::KeyChain::registerPibBackend<PibType>(PibType::getScheme()); \
532 } ndnCxxAuto ## PibType ## PibRegistrationVariable
540 #define NDN_CXX_KEYCHAIN_REGISTER_TPM_BACKEND(TpmType) \
541 static class NdnCxxAuto ## TpmType ## TpmRegistrationClass \
544 NdnCxxAuto ## TpmType ## TpmRegistrationClass() \
546 ::ndn::security::KeyChain::registerTpmBackend<TpmType>(TpmType::getScheme()); \
548 } ndnCxxAuto ## TpmType ## TpmRegistrationVariable
553 using security::KeyChain;
Represents a Data packet.
Represents an Interest packet.
Base class for key parameters.
Represents an absolute name.
SimpleSymmetricKeyParams is a template for symmetric keys with only one parameter: size.
Represents a name component.
Signing parameters passed to KeyChain.
static const Name & getHmacIdentity()
A localhost identity to indicate that the signature is generated using an HMAC key.
Frontend handle for an identity in the PIB.
Frontend handle for a key in the PIB.
Frontend to the Public Information Base.
Represents an NDN certificate.
Error indicating that the supplied SigningInfo is invalid.
Error indicating that the supplied TPM locator does not match the locator stored in PIB.
The main interface for signing key management.
void setDefaultIdentity(const Identity &identity)
Set identity as the default identity.
void deleteKey(const Identity &identity, const Key &key)
Delete key from identity.
const Tpm & getTpm() const noexcept
void deleteCertificate(const Key &key, const Name &certName)
Delete a certificate with name certName from key.
Identity createIdentity(const Name &identityName, const KeyParams ¶ms=getDefaultKeyParams())
Create an identity identityName.
Key createKey(const Identity &identity, const KeyParams ¶ms=getDefaultKeyParams())
Create a new key for identity.
void setDefaultCertificate(const Key &key, const Certificate &cert)
Set cert as the default certificate of key.
void deleteIdentity(const Identity &identity)
Delete identity from this KeyChain.
static const KeyParams & getDefaultKeyParams()
void sign(Data &data, const SigningInfo ¶ms=SigningInfo())
Sign a Data packet according to the supplied signing information.
void setDefaultKey(const Identity &identity, const Key &key)
Set key as the default key of identity.
void importSafeBag(const SafeBag &safeBag, const char *pw, size_t pwLen)
Import a certificate and its corresponding private key from a SafeBag.
const Pib & getPib() const noexcept
Name createHmacKey(const Name &prefix=SigningInfo::getHmacIdentity(), const HmacKeyParams ¶ms=HmacKeyParams())
Create a new HMAC key.
Certificate makeCertificate(const pib::Key &publicKey, const SigningInfo ¶ms=SigningInfo(), const MakeCertificateOptions &opts={})
Create and sign a certificate packet.
void importPrivateKey(const Name &keyName, shared_ptr< transform::PrivateKey > key)
Import a private key into the TPM.
void addCertificate(const Key &key, const Certificate &cert)
Add a certificate cert for key.
KeyChain()
Constructor to create KeyChain with default PIB and TPM.
static void registerTpmBackend(const std::string &scheme)
Register a new TPM backend type.
static void registerPibBackend(const std::string &scheme)
Register a new PIB backend type.
shared_ptr< SafeBag > exportSafeBag(const Certificate &certificate, const char *pw, size_t pwLen)
Export a certificate and its corresponding private key.
#define NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE
boost::chrono::milliseconds milliseconds
SignatureTypeValue
SignatureType values.
SimpleSymmetricKeyParams< detail::HmacKeyParamsInfo > HmacKeyParams
HmacKeyParams carries parameters for HMAC key.
shared_ptr< const Buffer > ConstBufferPtr
KeyType
The type of a cryptographic key.
Options to KeyChain::makeCertificate() .
name::Component issuerId
Certificate name IssuerId component.
time::milliseconds freshnessPeriod
Certificate packet FreshnessPeriod.
optional< uint64_t > version
Certificate name version component.
optional< ValidityPeriod > validity
Certificate ValidityPeriod.