master/doxygen/key-chain_8hpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */

 /*

  * Copyright (c) 2013-2024 Regents of the University of California.

  *

  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).

  *

  * ndn-cxx library is free software: you can redistribute it and/or modify it under the

  * terms of the GNU Lesser General Public License as published by the Free Software

  * Foundation, either version 3 of the License, or (at your option) any later version.

  *

  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY

  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A

  * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.

  *

  * You should have received copies of the GNU General Public License and GNU Lesser

  * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see

  * <http://www.gnu.org/licenses/>.

  *

  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.

  */


 #ifndef NDN_CXX_SECURITY_KEY_CHAIN_HPP

 #define NDN_CXX_SECURITY_KEY_CHAIN_HPP


 #include "ndn-cxx/interest.hpp"

 #include "ndn-cxx/security/certificate.hpp"

 #include "ndn-cxx/security/key-params.hpp"

 #include "ndn-cxx/security/pib/pib.hpp"

 #include "ndn-cxx/security/safe-bag.hpp"

 #include "ndn-cxx/security/signing-info.hpp"

 #include "ndn-cxx/security/tpm/tpm.hpp"


 namespace ndn::security {


 struct MakeCertificateOptions

 {

   name::Component issuerId = Certificate::DEFAULT_ISSUER_ID;


   std::optional<uint64_t> version;


   time::milliseconds freshnessPeriod = 1_h;


   std::optional<ValidityPeriod> validity;

 };


 class KeyChain : noncopyable

 {

 public:

   class Error : public std::runtime_error

   {

   public:

     using std::runtime_error::runtime_error;

   };


   class LocatorMismatchError : public Error

   {

   public:

     using Error::Error;

   };


   class InvalidSigningInfoError : public Error

   {

   public:

     using Error::Error;

   };


   KeyChain();


   KeyChain(const std::string& pibLocator, const std::string& tpmLocator, bool allowReset = false);


   ~KeyChain();


   const Pib&

   getPib() const noexcept

   {

     return *m_pib;

   }


   const Tpm&

   getTpm() const noexcept

   {

     return *m_tpm;

   }


   static const KeyParams&

   getDefaultKeyParams();


 public: // Identity management

   Identity

   createIdentity(const Name& identityName, const KeyParams& params = getDefaultKeyParams());


   void

   deleteIdentity(const Identity& identity);


   void

   setDefaultIdentity(const Identity& identity);


 public: // Key management

   Key

   createKey(const Identity& identity, const KeyParams& params = getDefaultKeyParams());


   Name

   createHmacKey(const Name& prefix = SigningInfo::getHmacIdentity(),

                 const HmacKeyParams& params = HmacKeyParams());


   void

   deleteKey(const Identity& identity, const Key& key);


   void

   setDefaultKey(const Identity& identity, const Key& key);


 public: // Certificate management

   void

   addCertificate(const Key& key, const Certificate& cert);


   void

   deleteCertificate(const Key& key, const Name& certName);


   void

   setDefaultCertificate(const Key& key, const Certificate& cert);


 public: // signing

   void

   sign(Data& data, const SigningInfo& params = SigningInfo());


   void

   sign(Interest& interest, const SigningInfo& params = SigningInfo());


   Certificate

   makeCertificate(const pib::Key& publicKey, const SigningInfo& params = SigningInfo(),

                   const MakeCertificateOptions& opts = {});


   Certificate

   makeCertificate(const Certificate& certRequest, const SigningInfo& params = SigningInfo(),

                   const MakeCertificateOptions& opts = {});


 public: // export & import

   shared_ptr<SafeBag>

   exportSafeBag(const Certificate& certificate, const char* pw, size_t pwLen);


   void

   importSafeBag(const SafeBag& safeBag, const char* pw, size_t pwLen);


   void

   importPrivateKey(const Name& keyName, shared_ptr<transform::PrivateKey> key);


 public: // PIB & TPM backend registry

   template<class PibBackendType>

   static void

   registerPibBackend(const std::string& scheme)

   {

     getPibFactories().emplace(scheme, [] (const std::string& location) {

       return shared_ptr<pib::PibImpl>(new PibBackendType(location));

     });

   }


   template<class TpmBackendType>

   static void

   registerTpmBackend(const std::string& scheme)

   {

     getTpmFactories().emplace(scheme, [] (const std::string& location) {

       return unique_ptr<tpm::BackEnd>(new TpmBackendType(location));

     });

   }


 private:

   class Locator;


   KeyChain(Locator pibLocator, Locator tpmLocator, bool allowReset);


   using PibFactories = std::map<std::string, std::function<shared_ptr<pib::PibImpl>(const std::string&)>>;

   using TpmFactories = std::map<std::string, std::function<unique_ptr<tpm::BackEnd>(const std::string&)>>;


   static PibFactories&

   getPibFactories();


   static TpmFactories&

   getTpmFactories();


   static Locator

   parseAndCheckPibLocator(const std::string& pibLocator);


   static Locator

   parseAndCheckTpmLocator(const std::string& tpmLocator);


 NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:

   static const Locator&

   getDefaultPibLocator();


   static const Locator&

   getDefaultTpmLocator();


 #ifdef NDN_CXX_WITH_TESTS

   static void

   resetDefaultLocators();

 #endif


   static tlv::SignatureTypeValue

   getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm);


 private: // signing

   Certificate

   makeCertificate(const Name& keyName, span<const uint8_t> publicKey, SigningInfo params,

                   const MakeCertificateOptions& opts);


   Certificate

   selfSign(Key& key);


   std::tuple<Name, SignatureInfo>

   prepareSignatureInfo(const SigningInfo& params);


   static std::tuple<Name, SignatureInfo>

   prepareSignatureInfoSha256(const SigningInfo& params);


   static std::tuple<Name, SignatureInfo>

   prepareSignatureInfoHmac(const SigningInfo& params, Tpm& tpm);


   static std::tuple<Name, SignatureInfo>

   prepareSignatureInfoWithIdentity(const SigningInfo& params, const pib::Identity& identity);


   static std::tuple<Name, SignatureInfo>

   prepareSignatureInfoWithKey(const SigningInfo& params, const pib::Key& key,

                               const std::optional<Name>& certName = std::nullopt);


   ConstBufferPtr

   sign(const InputBuffers& bufs, const Name& keyName, DigestAlgorithm digestAlgorithm) const;


 private:

   unique_ptr<Pib> m_pib;

   unique_ptr<Tpm> m_tpm;


   static Locator s_defaultPibLocator;

   static Locator s_defaultTpmLocator;

 };


 } // namespace ndn::security


 namespace ndn {

 using security::KeyChain;

 } // namespace ndn


 #define NDN_CXX_KEYCHAIN_REGISTER_PIB_BACKEND(PibType)     \

 static class NdnCxxAuto ## PibType ## PibRegistrationClass    \

 {                                                             \

 public:                                                       \

   NdnCxxAuto ## PibType ## PibRegistrationClass()             \

   {                                                           \

     ::ndn::security::KeyChain::registerPibBackend<PibType>(PibType::getScheme()); \

   }                                                           \

 } ndnCxxAuto ## PibType ## PibRegistrationVariable


 #define NDN_CXX_KEYCHAIN_REGISTER_TPM_BACKEND(TpmType)     \

 static class NdnCxxAuto ## TpmType ## TpmRegistrationClass    \

 {                                                             \

 public:                                                       \

   NdnCxxAuto ## TpmType ## TpmRegistrationClass()             \

   {                                                           \

     ::ndn::security::KeyChain::registerTpmBackend<TpmType>(TpmType::getScheme()); \

   }                                                           \

 } ndnCxxAuto ## TpmType ## TpmRegistrationVariable


 #endif // NDN_CXX_SECURITY_KEY_CHAIN_HPP

certificate.hpp

ndn::Data
Represents a Data packet.
Definition: data.hpp:39

ndn::Interest
Represents an Interest packet.
Definition: interest.hpp:50

ndn::KeyParams
Base class for key parameters.
Definition: key-params.hpp:36

ndn::Name
Represents an absolute name.
Definition: name.hpp:45

ndn::SimpleSymmetricKeyParams
SimpleSymmetricKeyParams is a template for symmetric keys with only one parameter: size.
Definition: key-params.hpp:257

ndn::name::Component
Represents a name component.
Definition: name-component.hpp:113

ndn::security::Certificate
Represents an NDN certificate.
Definition: certificate.hpp:58

ndn::security::Certificate::DEFAULT_ISSUER_ID
static const name::Component DEFAULT_ISSUER_ID
Definition: certificate.hpp:159

ndn::security::KeyChain::Error
Definition: key-chain.hpp:90

ndn::security::KeyChain::InvalidSigningInfoError
Error indicating that the supplied SigningInfo is invalid.
Definition: key-chain.hpp:108

ndn::security::KeyChain::LocatorMismatchError
Error indicating that the supplied TPM locator does not match the locator stored in PIB.
Definition: key-chain.hpp:99

ndn::security::KeyChain
The main interface for signing key management.
Definition: key-chain.hpp:87

ndn::security::KeyChain::sign
void sign(Data &data, const SigningInfo &params=SigningInfo())
Sign a Data packet according to the supplied signing information.
Definition: key-chain.cpp:400

ndn::security::KeyChain::setDefaultCertificate
void setDefaultCertificate(const Key &key, const Certificate &cert)
Set cert as the default certificate of key.
Definition: key-chain.cpp:309

ndn::security::KeyChain::addCertificate
void addCertificate(const Key &key, const Certificate &cert)
Add a certificate cert for key.
Definition: key-chain.cpp:293

ndn::security::KeyChain::getPib
const Pib & getPib() const noexcept
Definition: key-chain.hpp:138

ndn::security::KeyChain::importPrivateKey
void importPrivateKey(const Name &keyName, shared_ptr< transform::PrivateKey > key)
Import a private key into the TPM.
Definition: key-chain.cpp:383

ndn::security::KeyChain::importSafeBag
void importSafeBag(const SafeBag &safeBag, const char *pw, size_t pwLen)
Import a certificate and its corresponding private key from a SafeBag.
Definition: key-chain.cpp:333

ndn::security::KeyChain::getDefaultKeyParams
static const KeyParams & getDefaultKeyParams()
Definition: key-chain.cpp:103

ndn::security::KeyChain::registerTpmBackend
static void registerTpmBackend(const std::string &scheme)
Register a new TPM backend type.
Definition: key-chain.hpp:421

ndn::security::KeyChain::exportSafeBag
shared_ptr< SafeBag > exportSafeBag(const Certificate &certificate, const char *pw, size_t pwLen)
Export a certificate and its corresponding private key.
Definition: key-chain.cpp:317

ndn::security::KeyChain::deleteIdentity
void deleteIdentity(const Identity &identity)
Delete identity from this KeyChain.
Definition: key-chain.cpp:223

ndn::security::KeyChain::createKey
Key createKey(const Identity &identity, const KeyParams &params=getDefaultKeyParams())
Create a new key for identity.
Definition: key-chain.cpp:248

ndn::security::KeyChain::setDefaultIdentity
void setDefaultIdentity(const Identity &identity)
Set identity as the default identity.
Definition: key-chain.cpp:240

ndn::security::KeyChain::setDefaultKey
void setDefaultKey(const Identity &identity, const Key &key)
Set key as the default key of identity.
Definition: key-chain.cpp:284

ndn::security::KeyChain::getTpm
const Tpm & getTpm() const noexcept
Definition: key-chain.hpp:144

ndn::security::KeyChain::createHmacKey
Name createHmacKey(const Name &prefix=SigningInfo::getHmacIdentity(), const HmacKeyParams &params=HmacKeyParams())
Create a new HMAC key.
Definition: key-chain.cpp:265

ndn::security::KeyChain::KeyChain
KeyChain()
Constructor to create KeyChain with default PIB and TPM.
Definition: key-chain.cpp:142

ndn::security::KeyChain::makeCertificate
Certificate makeCertificate(const pib::Key &publicKey, const SigningInfo &params=SigningInfo(), const MakeCertificateOptions &opts={})
Create and sign a certificate packet.
Definition: key-chain.cpp:441

ndn::security::KeyChain::registerPibBackend
static void registerPibBackend(const std::string &scheme)
Register a new PIB backend type.
Definition: key-chain.hpp:408

ndn::security::KeyChain::createIdentity
Identity createIdentity(const Name &identityName, const KeyParams &params=getDefaultKeyParams())
Create an identity identityName.
Definition: key-chain.cpp:198

ndn::security::KeyChain::deleteKey
void deleteKey(const Identity &identity, const Key &key)
Delete key from identity.
Definition: key-chain.cpp:271

ndn::security::KeyChain::deleteCertificate
void deleteCertificate(const Key &key, const Name &certName)
Delete a certificate with name certName from key.
Definition: key-chain.cpp:301

ndn::security::KeyChain::~KeyChain
~KeyChain()

ndn::security::SigningInfo
Signing parameters passed to KeyChain.
Definition: signing-info.hpp:52

ndn::security::SigningInfo::getHmacIdentity
static const Name & getHmacIdentity()
A localhost identity to indicate that the signature is generated using an HMAC key.
Definition: signing-info.cpp:39

ndn::security::pib::Identity
Frontend handle for an identity in the PIB.
Definition: identity.hpp:44

ndn::security::pib::Key
Frontend handle for a key in the PIB.
Definition: key.hpp:45

ndn::security::pib::Pib
Frontend to the Public Information Base.
Definition: pib.hpp:52

ndn::security::tpm::Tpm
TPM front-end class.
Definition: tpm.hpp:63

NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE
#define NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE
Definition: common.hpp:49

interest.hpp

key-params.hpp

ndn::security
Contains the ndn-cxx security framework.
Definition: additional-description.cpp:26

ndn::time::milliseconds
::boost::chrono::milliseconds milliseconds
Definition: time.hpp:52

ndn::tlv::security::SafeBag
@ SafeBag
Definition: tlv-security.hpp:34

ndn::tlv::Name
@ Name
Definition: tlv.hpp:71

ndn::tlv::SignatureTypeValue
SignatureTypeValue
SignatureType values.
Definition: tlv.hpp:127

ndn
Definition: data.cpp:25

ndn::KeyType
KeyType
The type of a cryptographic key.
Definition: security-common.hpp:106

ndn::HmacKeyParams
SimpleSymmetricKeyParams< detail::HmacKeyParamsInfo > HmacKeyParams
HmacKeyParams carries parameters for HMAC key.
Definition: key-params.hpp:309

ndn::ConstBufferPtr
std::shared_ptr< const Buffer > ConstBufferPtr
Definition: buffer.hpp:140

ndn::DigestAlgorithm
DigestAlgorithm
Definition: security-common.hpp:117

pib.hpp

safe-bag.hpp

signing-info.hpp

ndn::security::MakeCertificateOptions
Options to KeyChain::makeCertificate().
Definition: key-chain.hpp:42

ndn::security::MakeCertificateOptions::issuerId
name::Component issuerId
Certificate name IssuerId component.
Definition: key-chain.hpp:48

ndn::security::MakeCertificateOptions::version
std::optional< uint64_t > version
Certificate name version component.
Definition: key-chain.hpp:55

ndn::security::MakeCertificateOptions::freshnessPeriod
time::milliseconds freshnessPeriod
Certificate packet FreshnessPeriod.
Definition: key-chain.hpp:65

ndn::security::MakeCertificateOptions::validity
std::optional< ValidityPeriod > validity
Certificate ValidityPeriod.
Definition: key-chain.hpp:75

tpm.hpp

bufs
InputBuffers bufs
Definition: verification-helpers.cpp:57