master/doxygen/back-end_8cpp_source.html

/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */

/*

 * Copyright (c) 2013-2024 Regents of the University of California.

 *

 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).

 *

 * ndn-cxx library is free software: you can redistribute it and/or modify it under the

 * terms of the GNU Lesser General Public License as published by the Free Software

 * Foundation, either version 3 of the License, or (at your option) any later version.

 *

 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY

 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A

 * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.

 *

 * You should have received copies of the GNU General Public License and GNU Lesser

 * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see

 * <http://www.gnu.org/licenses/>.

 *

 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.

 */


#include "ndn-cxx/security/tpm/back-end.hpp"


#include "ndn-cxx/encoding/buffer-stream.hpp"

#include "ndn-cxx/security/pib/key.hpp"

#include "ndn-cxx/security/transform/buffer-source.hpp"

#include "ndn-cxx/security/transform/digest-filter.hpp"

#include "ndn-cxx/security/transform/private-key.hpp"

#include "ndn-cxx/security/transform/stream-sink.hpp"

#include "ndn-cxx/util/random.hpp"


#include <boost/lexical_cast.hpp>


namespace ndn::security::tpm {


BackEnd::~BackEnd() = default;


bool


BackEnd::hasKey(const Name& keyName) const

{

  return doHasKey(keyName);

}


unique_ptr<KeyHandle>


BackEnd::getKeyHandle(const Name& keyName) const

{

  return doGetKeyHandle(keyName);

}


unique_ptr<KeyHandle>


BackEnd::createKey(const Name& identity, const KeyParams& params)

{

  if (params.getKeyType() == KeyType::HMAC) {

    return doCreateKey(identity, params);

  }


  switch (params.getKeyIdType()) {

    case KeyIdType::USER_SPECIFIED: {

      // check that the provided key id isn't already taken

      Name keyName = constructKeyName(identity, params.getKeyId());

      if (hasKey(keyName)) {

        NDN_THROW(Error("Key `" + keyName.toUri() + "` already exists"));

      }

      break;

    }

    case KeyIdType::SHA256:

    case KeyIdType::RANDOM:

      // key id will be determined after key is generated

      break;

    default:

      NDN_THROW(std::invalid_argument("Unsupported key id type " +

                                      boost::lexical_cast<std::string>(params.getKeyIdType())));

  }


  return doCreateKey(identity, params);

}


void


BackEnd::deleteKey(const Name& keyName)

{

  doDeleteKey(keyName);

}


ConstBufferPtr


BackEnd::exportKey(const Name& keyName, const char* pw, size_t pwLen)

{

  if (!hasKey(keyName)) {

    NDN_THROW(Error("Key `" + keyName.toUri() + "` does not exist"));

  }

  return doExportKey(keyName, pw, pwLen);

}


void


BackEnd::importKey(const Name& keyName, span<const uint8_t> pkcs8, const char* pw, size_t pwLen)

{

  if (hasKey(keyName)) {

    NDN_THROW(Error("Key `" + keyName.toUri() + "` already exists"));

  }

  doImportKey(keyName, pkcs8, pw, pwLen);

}


void


BackEnd::importKey(const Name& keyName, shared_ptr<transform::PrivateKey> key)

{

  if (hasKey(keyName)) {

    NDN_THROW(Error("Key `" + keyName.toUri() + "` already exists"));

  }

  doImportKey(keyName, std::move(key));

}


Name


BackEnd::constructAsymmetricKeyName(const KeyHandle& keyHandle, const Name& identity,

                                    const KeyParams& params) const

{

  switch (params.getKeyIdType()) {

    case KeyIdType::USER_SPECIFIED: {

      return constructKeyName(identity, params.getKeyId());

    }

    case KeyIdType::SHA256: {

      using namespace transform;

      OBufferStream os;

      bufferSource(*keyHandle.derivePublicKey()) >>

        digestFilter(DigestAlgorithm::SHA256) >>

        streamSink(os);

      return constructKeyName(identity, name::Component(os.buf()));

    }

    case KeyIdType::RANDOM: {

      Name keyName;

      do {

        auto keyId = name::Component::fromNumber(random::generateSecureWord64());

        keyName = constructKeyName(identity, keyId);

      } while (hasKey(keyName));

      return keyName;

    }

    default: {

      NDN_THROW(Error("Unsupported key id type " + boost::lexical_cast<std::string>(params.getKeyIdType())));

    }

  }

}


Name


BackEnd::constructHmacKeyName(const transform::PrivateKey& key, const Name& identity,

                              const KeyParams& params) const

{

  return Name(identity).append(name::Component(key.getKeyDigest(DigestAlgorithm::SHA256)));

}


} // namespace ndn::security::tpm

back-end.hpp

buffer-source.hpp

buffer-stream.hpp

ndn::KeyParams
Base class for key parameters.
Definition key-params.hpp:36

ndn::KeyParams::getKeyId
const name::Component & getKeyId() const
Definition key-params.hpp:60

ndn::KeyParams::getKeyIdType
KeyIdType getKeyIdType() const
Definition key-params.hpp:54

ndn::KeyParams::getKeyType
KeyType getKeyType() const
Definition key-params.hpp:48

ndn::Name
Represents an absolute name.
Definition name.hpp:45

ndn::Name::append
Name & append(const Component &component)
Append a name component.
Definition name.hpp:308

ndn::Name::toUri
void toUri(std::ostream &os, name::UriFormat format=name::UriFormat::DEFAULT) const
Write URI representation of the name to the output stream.
Definition name.cpp:324

ndn::OBufferStream
An output stream that writes to a Buffer.
Definition buffer-stream.hpp:70

ndn::OBufferStream::buf
std::shared_ptr< Buffer > buf()
Return a shared pointer to the underlying buffer.
Definition buffer-stream.cpp:58

ndn::name::Component
Represents a name component.
Definition name-component.hpp:113

ndn::name::Component::fromNumber
static Component fromNumber(uint64_t number, uint32_t type=tlv::GenericNameComponent)
Create a component encoded as NonNegativeInteger.
Definition name-component.cpp:347

ndn::security::tpm::BackEnd::createKey
unique_ptr< KeyHandle > createKey(const Name &identityName, const KeyParams &params)
Create a key for identityName according to params.
Definition back-end.cpp:51

ndn::security::tpm::BackEnd::importKey
void importKey(const Name &keyName, span< const uint8_t > pkcs8, const char *pw, size_t pwLen)
Import a private key in encrypted PKCS #8 format.
Definition back-end.cpp:94

ndn::security::tpm::BackEnd::~BackEnd
virtual ~BackEnd()

ndn::security::tpm::BackEnd::hasKey
bool hasKey(const Name &keyName) const
Check if the key with name keyName exists in the TPM.
Definition back-end.cpp:39

ndn::security::tpm::BackEnd::Error
Tpm::Error Error
Definition back-end.hpp:37

ndn::security::tpm::BackEnd::constructAsymmetricKeyName
Name constructAsymmetricKeyName(const KeyHandle &key, const Name &identity, const KeyParams &params) const
Construct and return the name of a RSA or EC key, based on identity and params.
Definition back-end.cpp:112

ndn::security::tpm::BackEnd::deleteKey
void deleteKey(const Name &keyName)
Delete the key with name keyName.
Definition back-end.cpp:79

ndn::security::tpm::BackEnd::exportKey
ConstBufferPtr exportKey(const Name &keyName, const char *pw, size_t pwLen)
Get the private key with name keyName in encrypted PKCS #8 format.
Definition back-end.cpp:85

ndn::security::tpm::BackEnd::getKeyHandle
unique_ptr< KeyHandle > getKeyHandle(const Name &keyName) const
Get the handle of the key with name keyName.
Definition back-end.cpp:45

ndn::security::tpm::BackEnd::constructHmacKeyName
Name constructHmacKeyName(const transform::PrivateKey &key, const Name &identity, const KeyParams &params) const
Construct and return the name of a HMAC key, based on identity and params.
Definition back-end.cpp:142

ndn::security::tpm::KeyHandle
Abstraction of TPM key handle.
Definition key-handle.hpp:36

ndn::security::tpm::KeyHandle::derivePublicKey
ConstBufferPtr derivePublicKey() const
Definition key-handle.cpp:48

ndn::security::transform::PrivateKey
Abstraction of a private key in crypto transformations.
Definition private-key.hpp:39

ndn::security::transform::PrivateKey::getKeyDigest
ConstBufferPtr getKeyDigest(DigestAlgorithm algo) const
Returns a digest of the private key.
Definition private-key.cpp:114

digest-filter.hpp

NDN_THROW
#define NDN_THROW(e)
Definition exception.hpp:56

key.hpp

ndn::random::generateSecureWord64
uint64_t generateSecureWord64()
Generate a cryptographically secure random integer in the range [0, 2^64).
Definition random.cpp:39

ndn::security::tpm
Definition key-chain.cpp:62

ndn::security::constructKeyName
Name constructKeyName(const Name &identity, const name::Component &keyId)
Construct key name based on the appropriate naming conventions.
Definition key.cpp:126

ndn::KeyType::HMAC
@ HMAC
HMAC key, supports sign/verify operations.

ndn::KeyIdType::RANDOM
@ RANDOM
Use a 64-bit random number as key id.

ndn::KeyIdType::USER_SPECIFIED
@ USER_SPECIFIED
User-specified key id.

ndn::KeyIdType::SHA256
@ SHA256
Use the SHA-256 hash of the public key as key id.

ndn::ConstBufferPtr
std::shared_ptr< const Buffer > ConstBufferPtr
Definition buffer.hpp:140

ndn::DigestAlgorithm::SHA256
@ SHA256

private-key.hpp

random.hpp

stream-sink.hpp