Contains the ndn-cxx security framework. More...
Namespaces | |
| detail | |
| pib | |
| tpm | |
| transform | |
| validator_config | |
Classes | |
| class | AdditionalDescription |
| Represents an AdditionalDescription TLV element. More... | |
| class | CertContainerInterface |
| class | Certificate |
| Represents an NDN certificate. More... | |
| class | CertificateBundleFetcher |
| Fetch certificate bundle from the network. More... | |
| class | CertificateCache |
| Represents a container for verified certificates. More... | |
| class | CertificateFetcher |
| Interface used by the validator to fetch missing certificates. More... | |
| class | CertificateFetcherDirectFetch |
| Extends CertificateFetcherFromNetwork to fetch certificates from the incoming face of the packet. More... | |
| class | CertificateFetcherFromNetwork |
| Fetch missing keys from the network. More... | |
| class | CertificateFetcherOffline |
| Certificate fetcher realization that does not fetch keys (always offline) More... | |
| class | CertificateRequest |
| Request for a certificate, associated with the number of attempts. More... | |
| class | CertificateStorage |
| Storage for trusted anchors, verified certificate cache, and unverified certificate cache. More... | |
| class | DataValidationState |
| Validation state for a data packet. More... | |
| class | DynamicTrustAnchorGroup |
| Dynamic trust anchor group. More... | |
| class | InterestSigner |
| Helper class to create signed Interests. More... | |
| class | InterestValidationState |
| Validation state for an interest packet. More... | |
| class | KeyChain |
| The main interface for signing key management. More... | |
| struct | MakeCertificateOptions |
| Options to KeyChain::makeCertificate(). More... | |
| class | SafeBag |
| A secured container for sensitive information (certificate, private key) More... | |
| class | SigningInfo |
| Signing parameters passed to KeyChain. More... | |
| class | StaticTrustAnchorGroup |
| Static trust anchor group. More... | |
| class | TrustAnchorContainer |
| A container for trust anchors. More... | |
| class | TrustAnchorGroup |
| A group of trust anchors. More... | |
| class | ValidationError |
| Validation error code and optional detailed error message. More... | |
| class | ValidationPolicy |
| Abstraction that implements a validation policy for Interest and Data packets. More... | |
| class | ValidationPolicyAcceptAll |
| A validator policy that accepts any signature of data and interest packets. More... | |
| class | ValidationPolicyCommandInterest |
| Validation policy for stop-and-wait command Interests. More... | |
| class | ValidationPolicySignedInterest |
| Validation policy for signed Interests. More... | |
| class | ValidationPolicySimpleHierarchy |
| Validation policy for a simple hierarchical trust model. More... | |
| class | ValidationState |
| Validation state. More... | |
| class | Validator |
| Interface for validating data and interest packets. More... | |
| class | ValidatorConfig |
| Helper for validator that uses SignedInterest + CommandInterest + Config policy and NetworkFetcher. More... | |
| class | ValidatorNull |
| Validator with "accept-all" policy and offline certificate fetcher. More... | |
| class | ValidityPeriod |
| Represents a ValidityPeriod TLV element. More... | |
Typedefs | |
| using | BundleNameTag = SimpleTag< Name, 1000 > |
| using | DataValidationFailureCallback = std::function< void(const Data &, const ValidationError &)> |
| Callback to report a failed Data validation. More... | |
| using | DataValidationSuccessCallback = std::function< void(const Data &)> |
| Callback to report a successful Data validation. More... | |
| using | FinalBlockIdTag = SimpleTag< name::Component, 1001 > |
| using | InterestValidationFailureCallback = std::function< void(const Interest &, const ValidationError &)> |
| Callback to report a failed Interest validation. More... | |
| using | InterestValidationSuccessCallback = std::function< void(const Interest &)> |
| Callback to report a successful Interest validation. More... | |
| using | SignedInterestFormatTag = SimpleTag< SignedInterestFormat, 1002 > |
Enumerations | |
| enum class | SignedInterestFormat { V03 , V02 } |
Functions | |
| template size_t | AdditionalDescription ::wireEncode<::ndn::encoding::EncoderTag > (::ndn::EncodingBuffer &) const |
| template size_t | AdditionalDescription ::wireEncode<::ndn::encoding::EstimatorTag > (::ndn::EncodingEstimator &) const |
| Name | constructKeyName (const Name &identity, const name::Component &keyId) |
| Construct key name based on the appropriate naming conventions. More... | |
| Name | extractIdentityFromCertName (const Name &certName) |
Extract identity namespace from the certificate name certName. More... | |
| Name | extractIdentityFromKeyName (const Name &keyName) |
Extract identity namespace from the key name keyName. More... | |
| Name | extractIdentityNameFromKeyLocator (const Name &keyLocator) |
| Extract identity name from key, version-less certificate, or certificate name. More... | |
| Name | extractKeyNameFromCertName (const Name &certName) |
Extract key name from the certificate name certName. More... | |
| Validator & | getAcceptAllValidator () |
| Name | getKeyLocatorName (const SignatureInfo &sigInfo, ValidationState &state) |
| Extract the KeyLocator name from a SignatureInfo element. More... | |
| SignatureInfo | getSignatureInfo (const Interest &interest, ValidationState &state) |
| Extract SignatureInfo from a signed Interest. More... | |
| bool | isValidKeyName (const Name &keyName) |
Check if keyName follow the naming conventions for the key name. More... | |
| std::ostream & | operator<< (std::ostream &os, const AdditionalDescription &desc) |
| std::ostream & | operator<< (std::ostream &os, const Certificate &cert) |
| std::ostream & | operator<< (std::ostream &os, const SignedInterestFormat &format) |
| std::ostream & | operator<< (std::ostream &os, const SigningInfo &si) |
| std::ostream & | operator<< (std::ostream &os, const ValidityPeriod &period) |
| std::ostream & | operator<< (std::ostream &os, ValidationError::Code code) |
| template size_t | SafeBag ::wireEncode<::ndn::encoding::EncoderTag > (::ndn::EncodingBuffer &) const |
| template size_t | SafeBag ::wireEncode<::ndn::encoding::EstimatorTag > (::ndn::EncodingEstimator &) const |
| SigningInfo | signingByCertificate (const Certificate &cert) |
| Return a SigningInfo for signing with a certificate. More... | |
| SigningInfo | signingByCertificate (const Name &certName) |
| Return a SigningInfo for signing with a certificate. More... | |
| SigningInfo | signingByIdentity (const Identity &identity) |
| Return a SigningInfo for signing with an identity. More... | |
| SigningInfo | signingByIdentity (const Name &identityName) |
| Return a SigningInfo for signing with an identity. More... | |
| SigningInfo | signingByKey (const Key &key) |
| Return a SigningInfo for signing with a key. More... | |
| SigningInfo | signingByKey (const Name &keyName) |
| Return a SigningInfo for signing with a key. More... | |
| SigningInfo | signingWithSha256 () |
| Return a SigningInfo for signing with a SHA-256 digest. More... | |
| template size_t | ValidityPeriod ::wireEncode<::ndn::encoding::EncoderTag > (::ndn::EncodingBuffer &) const |
| template size_t | ValidityPeriod ::wireEncode<::ndn::encoding::EstimatorTag > (::ndn::EncodingEstimator &) const |
| bool | verifySignature (const Data &data, const pib::Key &key) |
Verify data using key. More... | |
| bool | verifySignature (const Data &data, const std::optional< Certificate > &cert) |
Verify data using cert. More... | |
| bool | verifySignature (const Data &data, const tpm::Tpm &tpm, const Name &keyName, DigestAlgorithm digestAlgorithm) |
Verify data using tpm and keyName with the digestAlgorithm. More... | |
| bool | verifySignature (const Data &data, const transform::PublicKey &key) |
Verify data using key. More... | |
| bool | verifySignature (const Data &data, span< const uint8_t > key) |
Verify data using key. More... | |
| bool | verifySignature (const InputBuffers &blobs, span< const uint8_t > sig, const transform::PublicKey &key) |
Verify blobs using key against sig. More... | |
| bool | verifySignature (const InputBuffers &blobs, span< const uint8_t > sig, span< const uint8_t > key) |
Verify blobs using key against sig. More... | |
| bool | verifySignature (const Interest &interest, const pib::Key &key) |
Verify interest using key. More... | |
| bool | verifySignature (const Interest &interest, const std::optional< Certificate > &cert) |
Verify interest using cert. More... | |
| bool | verifySignature (const Interest &interest, const tpm::Tpm &tpm, const Name &keyName, DigestAlgorithm digestAlgorithm) |
Verify interest using tpm and keyName with the digestAlgorithm. More... | |
| bool | verifySignature (const Interest &interest, const transform::PublicKey &key) |
Verify interest using key. More... | |
| bool | verifySignature (const Interest &interest, span< const uint8_t > key) |
Verify interest using key. More... | |
Variables | |
| constexpr size_t | ISO_DATETIME_SIZE = 15 |
| constexpr size_t | KEY_OFFSET = 0 |
| constexpr size_t | NOT_AFTER_OFFSET = 1 |
| constexpr size_t | NOT_BEFORE_OFFSET = 0 |
| const name::Component | SELF {"self"} |
| constexpr size_t | VALUE_OFFSET = 1 |
Contains the ndn-cxx security framework.
| using ndn::security::BundleNameTag = typedef SimpleTag<Name, 1000> |
Definition at line 36 of file certificate-bundle-fetcher.cpp.
| using ndn::security::DataValidationFailureCallback = typedef std::function<void(const Data&, const ValidationError&)> |
Callback to report a failed Data validation.
Definition at line 39 of file validation-callback.hpp.
| using ndn::security::DataValidationSuccessCallback = typedef std::function<void(const Data&)> |
Callback to report a successful Data validation.
Definition at line 34 of file validation-callback.hpp.
| using ndn::security::FinalBlockIdTag = typedef SimpleTag<name::Component, 1001> |
Definition at line 37 of file certificate-bundle-fetcher.cpp.
| using ndn::security::InterestValidationFailureCallback = typedef std::function<void(const Interest&, const ValidationError&)> |
Callback to report a failed Interest validation.
Definition at line 49 of file validation-callback.hpp.
| using ndn::security::InterestValidationSuccessCallback = typedef std::function<void(const Interest&)> |
Callback to report a successful Interest validation.
Definition at line 44 of file validation-callback.hpp.
| using ndn::security::SignedInterestFormatTag = typedef SimpleTag<SignedInterestFormat, 1002> |
Definition at line 255 of file validation-state.hpp.
|
strong |
| Enumerator | |
|---|---|
| V03 | Sign Interest using Packet Specification v0.3 semantics. |
| V02 | Sign Interest using Packet Specification v0.2 semantics. |
Definition at line 38 of file signing-info.hpp.
| template size_t ndn::security::AdditionalDescription ::wireEncode<::ndn::encoding::EncoderTag > | ( | ::ndn::EncodingBuffer & | ) | const |
| template size_t ndn::security::AdditionalDescription ::wireEncode<::ndn::encoding::EstimatorTag > | ( | ::ndn::EncodingEstimator & | ) | const |
| Name ndn::security::constructKeyName | ( | const Name & | identity, |
| const name::Component & | keyId | ||
| ) |
Extract identity namespace from the certificate name certName.
Definition at line 187 of file certificate.cpp.
Extract identity name from key, version-less certificate, or certificate name.
| KeyLocator::Error | If keyLocator does not follow the naming conventions |
Definition at line 112 of file validation-policy.cpp.
Extract key name from the certificate name certName.
Definition at line 198 of file certificate.cpp.
| Validator & ndn::security::getAcceptAllValidator | ( | ) |
Definition at line 34 of file validator-null.cpp.
| Name ndn::security::getKeyLocatorName | ( | const SignatureInfo & | sigInfo, |
| ValidationState & | state | ||
| ) |
Extract the KeyLocator name from a SignatureInfo element.
sigInfo must contain a KeyLocator of Name type. Otherwise, ValidationState::fail() is invoked on state with a ValidationError::INVALID_KEY_LOCATOR error code.
Definition at line 62 of file validation-policy.cpp.
| SignatureInfo ndn::security::getSignatureInfo | ( | const Interest & | interest, |
| ValidationState & | state | ||
| ) |
Extract SignatureInfo from a signed Interest.
Signed Interests according to Packet Specification v0.3+, as identified by the SignedInterestFormatTag inside state, must have an InterestSignatureInfo element. Legacy signed Interests must contain a (Data)SignatureInfo name component. In both cases, if any TLV parsing errors are encountered, ValidationState::fail() is invoked on state with a ValidationError::MALFORMED_SIGNATURE error code.
state must contain a SignedInterestFormatTag to indicate whether the Interest is signed according to Packet Specification v0.3+ or a previous specification. Definition at line 83 of file validation-policy.cpp.
| bool ndn::security::isValidKeyName | ( | const Name & | keyName | ) |
| std::ostream & ndn::security::operator<< | ( | std::ostream & | os, |
| const AdditionalDescription & | desc | ||
| ) |
Definition at line 156 of file additional-description.cpp.
| std::ostream & ndn::security::operator<< | ( | std::ostream & | os, |
| const Certificate & | cert | ||
| ) |
Definition at line 119 of file certificate.cpp.
| std::ostream & ndn::security::operator<< | ( | std::ostream & | os, |
| const SignedInterestFormat & | format | ||
| ) |
Definition at line 205 of file signing-info.cpp.
| std::ostream & ndn::security::operator<< | ( | std::ostream & | os, |
| const SigningInfo & | si | ||
| ) |
Definition at line 185 of file signing-info.cpp.
| std::ostream & ndn::security::operator<< | ( | std::ostream & | os, |
| const ValidityPeriod & | period | ||
| ) |
Definition at line 181 of file validity-period.cpp.
| std::ostream & ndn::security::operator<< | ( | std::ostream & | os, |
| ValidationError::Code | code | ||
| ) |
Definition at line 29 of file validation-error.cpp.
| template size_t ndn::security::SafeBag ::wireEncode<::ndn::encoding::EncoderTag > | ( | ::ndn::EncodingBuffer & | ) | const |
| template size_t ndn::security::SafeBag ::wireEncode<::ndn::encoding::EstimatorTag > | ( | ::ndn::EncodingEstimator & | ) | const |
| SigningInfo ndn::security::signingByCertificate | ( | const Certificate & | cert | ) |
Return a SigningInfo for signing with a certificate.
Definition at line 57 of file signing-helpers.cpp.
| SigningInfo ndn::security::signingByCertificate | ( | const Name & | certName | ) |
Return a SigningInfo for signing with a certificate.
Definition at line 51 of file signing-helpers.cpp.
| SigningInfo ndn::security::signingByIdentity | ( | const Identity & | identity | ) |
Return a SigningInfo for signing with an identity.
Definition at line 33 of file signing-helpers.cpp.
| SigningInfo ndn::security::signingByIdentity | ( | const Name & | identityName | ) |
Return a SigningInfo for signing with an identity.
Definition at line 27 of file signing-helpers.cpp.
| SigningInfo ndn::security::signingByKey | ( | const Key & | key | ) |
Return a SigningInfo for signing with a key.
Definition at line 45 of file signing-helpers.cpp.
| SigningInfo ndn::security::signingByKey | ( | const Name & | keyName | ) |
Return a SigningInfo for signing with a key.
Definition at line 39 of file signing-helpers.cpp.
| SigningInfo ndn::security::signingWithSha256 | ( | ) |
Return a SigningInfo for signing with a SHA-256 digest.
Definition at line 63 of file signing-helpers.cpp.
| template size_t ndn::security::ValidityPeriod ::wireEncode<::ndn::encoding::EncoderTag > | ( | ::ndn::EncodingBuffer & | ) | const |
| template size_t ndn::security::ValidityPeriod ::wireEncode<::ndn::encoding::EstimatorTag > | ( | ::ndn::EncodingEstimator & | ) | const |
Verify data using key.
Definition at line 206 of file verification-helpers.cpp.
| bool ndn::security::verifySignature | ( | const Data & | data, |
| const std::optional< Certificate > & | cert | ||
| ) |
Verify data using cert.
If cert is nullopt, data assumed to be self-verifiable (with digest or attributes)
Definition at line 218 of file verification-helpers.cpp.
| bool ndn::security::verifySignature | ( | const Data & | data, |
| const tpm::Tpm & | tpm, | ||
| const Name & | keyName, | ||
| DigestAlgorithm | digestAlgorithm | ||
| ) |
Verify data using tpm and keyName with the digestAlgorithm.
Definition at line 250 of file verification-helpers.cpp.
| bool ndn::security::verifySignature | ( | const Data & | data, |
| const transform::PublicKey & | key | ||
| ) |
Verify data using key.
Definition at line 194 of file verification-helpers.cpp.
| bool ndn::security::verifySignature | ( | const Data & | data, |
| span< const uint8_t > | key | ||
| ) |
Verify data using key.
key must be a public key in PKCS #8 format. Definition at line 182 of file verification-helpers.cpp.
| bool ndn::security::verifySignature | ( | const InputBuffers & | blobs, |
| span< const uint8_t > | sig, | ||
| const transform::PublicKey & | key | ||
| ) |
Verify blobs using key against sig.
Definition at line 64 of file verification-helpers.cpp.
| bool ndn::security::verifySignature | ( | const InputBuffers & | blobs, |
| span< const uint8_t > | sig, | ||
| span< const uint8_t > | key | ||
| ) |
Verify blobs using key against sig.
key must be a public key in PKCS #8 format. Definition at line 80 of file verification-helpers.cpp.
Verify interest using key.
Definition at line 212 of file verification-helpers.cpp.
| bool ndn::security::verifySignature | ( | const Interest & | interest, |
| const std::optional< Certificate > & | cert | ||
| ) |
Verify interest using cert.
If cert is nullptr, interest assumed to be self-verifiable (with digest or attributes)
Definition at line 234 of file verification-helpers.cpp.
| bool ndn::security::verifySignature | ( | const Interest & | interest, |
| const tpm::Tpm & | tpm, | ||
| const Name & | keyName, | ||
| DigestAlgorithm | digestAlgorithm | ||
| ) |
Verify interest using tpm and keyName with the digestAlgorithm.
Definition at line 257 of file verification-helpers.cpp.
| bool ndn::security::verifySignature | ( | const Interest & | interest, |
| const transform::PublicKey & | key | ||
| ) |
Verify interest using key.
Definition at line 200 of file verification-helpers.cpp.
| bool ndn::security::verifySignature | ( | const Interest & | interest, |
| span< const uint8_t > | key | ||
| ) |
Verify interest using key.
key must be a public key in PKCS #8 format. Definition at line 188 of file verification-helpers.cpp.
|
constexpr |
Definition at line 29 of file validity-period.cpp.
|
constexpr |
Definition at line 28 of file additional-description.cpp.
|
constexpr |
Definition at line 31 of file validity-period.cpp.
|
constexpr |
Definition at line 30 of file validity-period.cpp.
| const name::Component ndn::security::SELF {"self"} |
Definition at line 70 of file key-chain.cpp.
|
constexpr |
Definition at line 29 of file additional-description.cpp.
1.9.1