The packet signing interface. More...

#include <key-chain.hpp>

Inheritance diagram for ndn::security::KeyChain:

Collaboration diagram for ndn::security::KeyChain:

[legend]

Classes
class	Error

class	MismatchError
	Error thrown when the supplied TPM locator to KeyChain constructor does not match the locator stored in PIB. More...

Public Types
typedef function< unique_ptr< SecPublicInfo >const std::string &)>	PibCreateFunc

typedef function< unique_ptr< SecTpm >const std::string &)>	TpmCreateFunc

typedef std::map< std::string, Block >	SignParams

Public Member Functions
	KeyChain ()
	Constructor to create KeyChain with default PIB and TPM. More...

	KeyChain (const std::string &pibLocator, const std::string &tpmLocator, bool allowReset=false)
	KeyChain constructor. More...

virtual	~KeyChain ()

Name	createIdentity (const Name &identityName, const KeyParams &params=DEFAULT_KEY_PARAMS)
	Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. More...

Name	generateRsaKeyPair (const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
	Generate a pair of RSA keys for the specified identity. More...

Name	generateEcdsaKeyPair (const Name &identityName, bool isKsk=false, uint32_t keySize=256)
	Generate a pair of ECDSA keys for the specified identity. More...

Name	generateRsaKeyPairAsDefault (const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
	Generate a pair of RSA keys for the specified identity and set it as default key for the identity. More...

Name	generateEcdsaKeyPairAsDefault (const Name &identityName, bool isKsk=false, uint32_t keySize=256)
	Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity. More...

shared_ptr< IdentityCertificate >	prepareUnsignedIdentityCertificate (const Name &keyName, const Name &signingIdentity, const time::system_clock::TimePoint &notBefore, const time::system_clock::TimePoint &notAfter, const std::vector< CertificateSubjectDescription > &subjectDescription, const Name &certPrefix=DEFAULT_PREFIX)
	prepare an unsigned identity certificate More...

shared_ptr< IdentityCertificate >	prepareUnsignedIdentityCertificate (const Name &keyName, const PublicKey &publicKey, const Name &signingIdentity, const time::system_clock::TimePoint &notBefore, const time::system_clock::TimePoint &notAfter, const std::vector< CertificateSubjectDescription > &subjectDescription, const Name &certPrefix=DEFAULT_PREFIX)
	prepare an unsigned identity certificate More...

void	sign (Data &data, const SigningInfo &params=DEFAULT_SIGNING_INFO)
	Sign data according to the supplied signing information. More...

void	sign (Interest &interest, const SigningInfo &params=DEFAULT_SIGNING_INFO)
	Sign interest according to the supplied signing information. More...

Block	sign (const uint8_t *buffer, size_t bufferLength, const SigningInfo &params)
	Sign buffer according to the supplied signing information. More...

template<typename T >
void	sign (T &packet, const Name &certificateName)
	Sign packet with a particular certificate. More...

Signature	sign (const uint8_t *buffer, size_t bufferLength, const Name &certificateName)
	Sign the byte array using a particular certificate. More...

template<typename T >
void	signByIdentity (T &packet, const Name &identityName)
	Sign packet using the default certificate of a particular identity. More...

Signature	signByIdentity (const uint8_t *buffer, size_t bufferLength, const Name &identityName)
	Sign the byte array using the default certificate of a particular identity. More...

void	signWithSha256 (Data &data)
	Set Sha256 weak signature for `data`. More...

void	signWithSha256 (Interest &interest)
	Set Sha256 weak signature for `interest`. More...

shared_ptr< IdentityCertificate >	selfSign (const Name &keyName)
	Generate a self-signed certificate for a public key. More...

void	selfSign (IdentityCertificate &cert)
	Self-sign the supplied identity certificate. More...

void	deleteCertificate (const Name &certificateName)
	delete a certificate. More...

void	deleteKey (const Name &keyName)
	delete a key. More...

void	deleteIdentity (const Name &identity)
	delete an identity. More...

shared_ptr< SecuredBag >	exportIdentity (const Name &identity, const std::string &passwordStr)
	export an identity. More...

void	importIdentity (const SecuredBag &securedBag, const std::string &passwordStr)
	import an identity. More...

SecPublicInfo &	getPib ()

const SecPublicInfo &	getPib () const

SecTpm &	getTpm ()

const SecTpm &	getTpm () const

bool	doesIdentityExist (const Name &identityName) const

void	addIdentity (const Name &identityName)

bool	doesPublicKeyExist (const Name &keyName) const

void	addPublicKey (const Name &keyName, KeyType keyType, const PublicKey &publicKeyDer)

void	addKey (const Name &keyName, const PublicKey &publicKeyDer)

shared_ptr< PublicKey >	getPublicKey (const Name &keyName) const

bool	doesCertificateExist (const Name &certificateName) const

void	addCertificate (const IdentityCertificate &certificate)

shared_ptr< IdentityCertificate >	getCertificate (const Name &certificateName) const

Name	getDefaultIdentity () const

Name	getDefaultKeyNameForIdentity (const Name &identityName) const

const KeyParams &	getDefaultKeyParamsForIdentity (const Name &identityName) const
	Get default key parameters for the specified identity. More...

Name	getDefaultCertificateNameForKey (const Name &keyName) const

void	getAllIdentities (std::vector< Name > &nameList, bool isDefault) const

void	getAllKeyNames (std::vector< Name > &nameList, bool isDefault) const

void	getAllKeyNamesOfIdentity (const Name &identity, std::vector< Name > &nameList, bool isDefault) const

void	getAllCertificateNames (std::vector< Name > &nameList, bool isDefault) const

void	getAllCertificateNamesOfKey (const Name &keyName, std::vector< Name > &nameList, bool isDefault) const

void	deleteCertificateInfo (const Name &certificateName)

void	deletePublicKeyInfo (const Name &keyName)

void	deleteIdentityInfo (const Name &identity)

void	setDefaultIdentity (const Name &identityName)

void	setDefaultKeyNameForIdentity (const Name &keyName)

void	setDefaultCertificateNameForKey (const Name &certificateName)

Name	getNewKeyName (const Name &identityName, bool useKsk)

Name	getDefaultCertificateNameForIdentity (const Name &identityName) const

Name	getDefaultCertificateName () const

void	addCertificateAsKeyDefault (const IdentityCertificate &certificate)

void	addCertificateAsIdentityDefault (const IdentityCertificate &certificate)

void	addCertificateAsSystemDefault (const IdentityCertificate &certificate)

shared_ptr< IdentityCertificate >	getDefaultCertificate () const

void	refreshDefaultCertificate ()

void	setTpmPassword (const uint8_t *password, size_t passwordLength)

void	resetTpmPassword ()

void	setInTerminal (bool inTerminal)

bool	getInTerminal () const

bool	isLocked () const

bool	unlockTpm (const char *password, size_t passwordLength, bool usePassword)

void	generateKeyPairInTpm (const Name &keyName, const KeyParams &params)

void	deleteKeyPairInTpm (const Name &keyName)

shared_ptr< PublicKey >	getPublicKeyFromTpm (const Name &keyName) const

Block	signInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, DigestAlgorithm digestAlgorithm)

ConstBufferPtr	decryptInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)

ConstBufferPtr	encryptInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)

void	generateSymmetricKeyInTpm (const Name &keyName, const KeyParams &params)

bool	doesKeyExistInTpm (const Name &keyName, KeyClass keyClass) const

bool	generateRandomBlock (uint8_t *res, size_t size) const

void	addAppToAcl (const Name &keyName, KeyClass keyClass, const std::string &appPath, AclType acl)

ConstBufferPtr	exportPrivateKeyPkcs5FromTpm (const Name &keyName, const std::string &password)

bool	importPrivateKeyPkcs5IntoTpm (const Name &keyName, const uint8_t *buf, size_t size, const std::string &password)

Static Public Member Functions
template<class PibType >
static void	registerPib (std::initializer_list< std::string > aliases)
	Register a new PIB. More...

template<class TpmType >
static void	registerTpm (std::initializer_list< std::string > aliases)
	Register a new TPM. More...

static std::string	getDefaultPibLocator ()
	Get default PIB locator. More...

static unique_ptr< SecPublicInfo >	createPib (const std::string &pibLocator)
	Create a PIB according to `pibLocator`. More...

static std::string	getDefaultTpmLocator ()
	Get default TPM locator. More...

static unique_ptr< SecTpm >	createTpm (const std::string &tpmLocator)
	Create a TPM according to `tpmLocator`. More...

static tlv::SignatureTypeValue	getSignatureType (KeyType keyType, DigestAlgorithm digestAlgorithm)

Static Public Attributes
static const Name	DEFAULT_PREFIX

static const SigningInfo	DEFAULT_SIGNING_INFO

static const Name	DIGEST_SHA256_IDENTITY
	A localhost identity which indicates that signature is generated using SHA-256. More...

static const RsaKeyParams	DEFAULT_KEY_PARAMS

Detailed Description

The packet signing interface.

Definition at line 48 of file key-chain.hpp.

Member Typedef Documentation

§ PibCreateFunc

typedef function<unique_ptr<SecPublicInfo>const std::string&)> ndn::security::KeyChain::PibCreateFunc

Definition at line 75 of file key-chain.hpp.

§ TpmCreateFunc

typedef function<unique_ptr<SecTpm>const std::string&)> ndn::security::KeyChain::TpmCreateFunc

Definition at line 76 of file key-chain.hpp.

§ SignParams

typedef std::map<std::string, Block> ndn::security::KeyChain::SignParams

Definition at line 884 of file key-chain.hpp.

Constructor & Destructor Documentation

§ KeyChain() [1/2]

ndn::security::KeyChain::KeyChain ( )

Constructor to create KeyChain with default PIB and TPM.

Default PIB and TPM are platform-dependent and can be overriden system-wide or on per-use basis.

Todo:: Add detailed description about config file behavior here

Definition at line 121 of file key-chain.cpp.

References ndn::ConfigFile::getParsedConfiguration().

§ KeyChain() [2/2]

ndn::security::KeyChain::KeyChain	(	const std::string &	pibLocator,
		const std::string &	tpmLocator,
		bool	allowReset = `false`
	)

KeyChain constructor.

See also: http://redmine.named-data.net/issues/2260

Parameters

pibLocator	PIB locator
tpmLocator	TPM locator
allowReset	if true, the PIB will be reset when the supplied tpmLocator mismatches the one in PIB

Definition at line 135 of file key-chain.cpp.

§ ~KeyChain()

ndn::security::KeyChain::~KeyChain ( )

virtual

Definition at line 145 of file key-chain.cpp.

Member Function Documentation

§ registerPib()

template<class PibType >

void ndn::security::KeyChain::registerPib ( std::initializer_list< std::string > aliases )

inlinestatic

Register a new PIB.

Parameters

aliases List of schemes with which this PIB will be associated. The first alias in the list is considered a canonical name of the PIB instance.

Definition at line 920 of file key-chain.hpp.

§ registerTpm()

template<class TpmType >

void ndn::security::KeyChain::registerTpm ( std::initializer_list< std::string > aliases )

inlinestatic

Register a new TPM.

Parameters

aliases List of schemes with which this TPM will be associated The first alias in the list is considered a canonical name of the TPM instance.

Definition at line 929 of file key-chain.hpp.

§ getDefaultPibLocator()

std::string ndn::security::KeyChain::getDefaultPibLocator ( )

static

Get default PIB locator.

Definition at line 163 of file key-chain.cpp.

§ createPib()

unique_ptr< SecPublicInfo > ndn::security::KeyChain::createPib ( const std::string & pibLocator )

static

Create a PIB according to pibLocator.

Definition at line 189 of file key-chain.cpp.

References ndn::security::getCanonicalPibLocator(), and ndn::security::getPibFactories().

Referenced by createTpm().

§ getDefaultTpmLocator()

std::string ndn::security::KeyChain::getDefaultTpmLocator ( )

static

Get default TPM locator.

Definition at line 201 of file key-chain.cpp.

§ createTpm()

unique_ptr< SecTpm > ndn::security::KeyChain::createTpm ( const std::string & tpmLocator )

static

Create a TPM according to tpmLocator.

Definition at line 226 of file key-chain.cpp.

References createPib(), ndn::security::getCanonicalPibLocator(), ndn::security::getCanonicalTpmLocator(), and ndn::security::getTpmFactories().

§ createIdentity()

Name ndn::security::KeyChain::createIdentity	(	const Name &	identityName,
		const KeyParams &	params = `DEFAULT_KEY_PARAMS`
	)

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.

Parameters

identityName	The name of the identity.
params	The key parameter if a key needs to be generated for the identity.

Returns: The name of the default certificate of the identity.

Definition at line 275 of file key-chain.cpp.

References ndn::KeyParams::getKeyType(), and selfSign().

Referenced by getDefaultKeyParamsForIdentity(), and prepareUnsignedIdentityCertificate().

§ generateRsaKeyPair()

Name ndn::security::KeyChain::generateRsaKeyPair	(	const Name &	identityName,
		bool	isKsk = `false`,
		uint32_t	keySize = `2048`
	)

Generate a pair of RSA keys for the specified identity.

Parameters

identityName	The name of the identity.
isKsk	true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySize	The size of the key.

Returns: The generated key name.

See also: generateEcdsaKeyPair

Definition at line 309 of file key-chain.cpp.

§ generateEcdsaKeyPair()

Name ndn::security::KeyChain::generateEcdsaKeyPair	(	const Name &	identityName,
		bool	isKsk = `false`,
		uint32_t	keySize = `256`
	)

Generate a pair of ECDSA keys for the specified identity.

Parameters

identityName	The name of the identity.
isKsk	true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySize	The size of the key.

Returns: The generated key name.

See also: generateRsaKeyPair

Definition at line 316 of file key-chain.cpp.

§ generateRsaKeyPairAsDefault()

Name ndn::security::KeyChain::generateRsaKeyPairAsDefault	(	const Name &	identityName,
		bool	isKsk = `false`,
		uint32_t	keySize = `2048`
	)

Generate a pair of RSA keys for the specified identity and set it as default key for the identity.

Parameters

identityName	The name of the identity.
isKsk	true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySize	The size of the key.

Returns: The generated key name.

See also: generateRsaKeyPair, generateEcdsaKeyPair, generateEcdsaKeyPairAsDefault

Definition at line 323 of file key-chain.cpp.

§ generateEcdsaKeyPairAsDefault()

Name ndn::security::KeyChain::generateEcdsaKeyPairAsDefault	(	const Name &	identityName,
		bool	isKsk = `false`,
		uint32_t	keySize = `256`
	)

Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity.

Parameters

identityName	The name of the identity.
isKsk	true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySize	The size of the key.

Returns: The generated key name.

See also: generateRsaKeyPair, generateEcdsaKeyPair, generateRsaKeyPairAsDefault

Definition at line 335 of file key-chain.cpp.

§ prepareUnsignedIdentityCertificate() [1/2]

shared_ptr< IdentityCertificate > ndn::security::KeyChain::prepareUnsignedIdentityCertificate	(	const Name &	keyName,
		const Name &	signingIdentity,
		const time::system_clock::TimePoint &	notBefore,
		const time::system_clock::TimePoint &	notAfter,
		const std::vector< CertificateSubjectDescription > &	subjectDescription,
		const Name &	certPrefix = `DEFAULT_PREFIX`
	)

prepare an unsigned identity certificate

Parameters

keyName	Key name, e.g., `/<identity_name>/ksk-123456`.
signingIdentity	The signing identity.
notBefore	Refer to IdentityCertificate.
notAfter	Refer to IdentityCertificate.
subjectDescription	Refer to IdentityCertificate.
certPrefix	Prefix before `KEY` component. By default, KeyChain will infer the certificate name according to the relation between the signingIdentity and the subject identity. If signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-....`).

Returns: IdentityCertificate.

Definition at line 348 of file key-chain.cpp.

§ prepareUnsignedIdentityCertificate() [2/2]

shared_ptr< IdentityCertificate > ndn::security::KeyChain::prepareUnsignedIdentityCertificate	(	const Name &	keyName,
		const PublicKey &	publicKey,
		const Name &	signingIdentity,
		const time::system_clock::TimePoint &	notBefore,
		const time::system_clock::TimePoint &	notAfter,
		const std::vector< CertificateSubjectDescription > &	subjectDescription,
		const Name &	certPrefix = `DEFAULT_PREFIX`
	)

prepare an unsigned identity certificate

Parameters

keyName	Key name, e.g., `/<identity_name>/ksk-123456`.
publicKey	Public key to sign.
signingIdentity	The signing identity.
notBefore	Refer to IdentityCertificate.
notAfter	Refer to IdentityCertificate.
subjectDescription	Refer to IdentityCertificate.
certPrefix	Prefix before `KEY` component. By default, KeyChain will infer the certificate name according to the relation between the signingIdentity and the subject identity. If signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-....`).

Returns: IdentityCertificate.

Definition at line 369 of file key-chain.cpp.

§ sign() [1/5]

void ndn::security::KeyChain::sign	(	Data &	data,
		const SigningInfo &	params = `DEFAULT_SIGNING_INFO`
	)

Sign data according to the supplied signing information.

This method uses the supplied signing information params to create the SignatureInfo block:

it selects a private key and its certificate to sign the packet
sets the KeyLocator field with the certificate name, and
adds other requested information to the SignatureInfo block).

After that, the method assigns the created SignatureInfo to the data packets, generate a signature and sets as part of the SignatureValue block.

Parameters

data	The data to sign
params	The signing parameters.

Exceptions

Error if signing fails.

See also: SigningInfo

Definition at line 501 of file key-chain.cpp.

Referenced by ndn::nfd::Controller::Controller(), ndn::util::DummyClientFace::DummyClientFace(), ndn::CommandInterestGenerator::generate(), ndn::CommandInterestGenerator::generateWithIdentity(), ndn::util::NotificationStream< Notification >::postNotification(), nfd::SegmentPublisher< ndn::Face >::publish(), ndn::mgmt::Dispatcher::removeTopPrefix(), nfd::rib::RibManager::setConfigFile(), signByIdentity(), and signWithSha256().

§ sign() [2/5]

void ndn::security::KeyChain::sign	(	Interest &	interest,
		const SigningInfo &	params = `DEFAULT_SIGNING_INFO`
	)

Sign interest according to the supplied signing information.

This method uses the supplied signing information params to create the SignatureInfo block:

it selects a private key and its certificate to sign the packet
sets the KeyLocator field with the certificate name, and
adds other requested information to the SignatureInfo block).

After that, the method appends the created SignatureInfo to the interest name, generate a signature and appends it as part of the SignatureValue block to the interest name.

Parameters

interest	The interest to sign
params	The signing parameters.

Exceptions

Error if signing fails.

See also: SigningInfo

Definition at line 507 of file key-chain.cpp.

§ sign() [3/5]

Block ndn::security::KeyChain::sign	(	const uint8_t *	buffer,
		size_t	bufferLength,
		const SigningInfo &	params
	)

Sign buffer according to the supplied signing information.

Parameters

buffer	The buffer to sign
bufferLength	The buffer size
params	The signing parameters.

Returns: a SignatureValue TLV block

Exceptions

Error if signing fails.

See also: SigningInfo

Definition at line 513 of file key-chain.cpp.

References ndn::DIGEST_ALGORITHM_SHA256.

§ sign() [4/5]

template<typename T >

void ndn::security::KeyChain::sign	(	T &	packet,
		const Name &	certificateName
	)

Sign packet with a particular certificate.

Deprecated:: use sign sign(T&, const SigningInfo&)

Parameters

packet	The packet to be signed.
certificateName	The certificate name of the key to use for signing.

Exceptions

SecPublicInfo::Error if certificate does not exist.

Definition at line 906 of file key-chain.hpp.

References ndn::security::SigningInfo::SIGNER_TYPE_CERT.

§ sign() [5/5]

Signature ndn::security::KeyChain::sign	(	const uint8_t *	buffer,
		size_t	bufferLength,
		const Name &	certificateName
	)

Sign the byte array using a particular certificate.

Deprecated:: Use sign(const uint8_t*, size_t, const SigningInfo&) instead

Parameters

buffer	The byte array to be signed.
bufferLength	the length of buffer.
certificateName	The certificate name of the signing key.

Returns: The Signature.

Exceptions

SecPublicInfo::Error if certificate does not exist.

Definition at line 522 of file key-chain.cpp.

References ndn::DIGEST_ALGORITHM_SHA256, and ndn::Signature::setValue().

§ signByIdentity() [1/2]

template<typename T >

void ndn::security::KeyChain::signByIdentity	(	T &	packet,
		const Name &	identityName
	)

Sign packet using the default certificate of a particular identity.

Deprecated:: use sign sign(T&, const SigningInfo&)

If there is no default certificate of that identity, this method will create a self-signed certificate.

Parameters

packet	The packet to be signed.
identityName	The signing identity name.

Definition at line 913 of file key-chain.hpp.

References ndn::security::SigningInfo::SIGNER_TYPE_ID.

§ signByIdentity() [2/2]

Signature ndn::security::KeyChain::signByIdentity	(	const uint8_t *	buffer,
		size_t	bufferLength,
		const Name &	identityName
	)

Sign the byte array using the default certificate of a particular identity.

Deprecated:: use sign(const uint8_t*, size_t, const SigningInfo&) instead

Parameters

buffer	The byte array to be signed.
bufferLength	the length of buffer.
identityName	The identity name.

Returns: The Signature.

Definition at line 751 of file key-chain.cpp.

References ndn::Signature::setValue(), sign(), and ndn::security::signingByIdentity().

§ signWithSha256() [1/2]

void ndn::security::KeyChain::signWithSha256 ( Data & data )

Set Sha256 weak signature for data.

Deprecated:: use sign(Data&, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256))

Definition at line 759 of file key-chain.cpp.

References sign(), and ndn::security::signingWithSha256().

§ signWithSha256() [2/2]

void ndn::security::KeyChain::signWithSha256 ( Interest & interest )

Set Sha256 weak signature for interest.

Deprecated:: use sign(Interest&, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256))

Definition at line 765 of file key-chain.cpp.

References ndn::Name::append(), ndn::Block::encode(), ndn::name::Component::fromNumber(), ndn::random::generateWord64(), ndn::Signature::getInfo(), ndn::Interest::getName(), ndn::time::system_clock::now(), ndn::Interest::setName(), ndn::crypto::sha256(), ndn::tlv::SignatureValue, ndn::time::toUnixTimestamp(), and ndn::Name::wireEncode().

§ selfSign() [1/2]

shared_ptr< IdentityCertificate > ndn::security::KeyChain::selfSign ( const Name & keyName )

Generate a self-signed certificate for a public key.

Parameters

keyName The name of the public key

Returns: The generated certificate, shared_ptr<IdentityCertificate>() if selfSign fails

Definition at line 541 of file key-chain.cpp.

References ndn::Name::append(), ndn::Name::appendVersion(), ndn::oid::ATTRIBUTE_NAME, ndn::Name::get(), ndn::Name::getPrefix(), ndn::time::system_clock::now(), ndn::tlv::SignatureInfo, and ndn::Name::toUri().

Referenced by createIdentity(), and exportIdentity().

§ selfSign() [2/2]

void ndn::security::KeyChain::selfSign ( IdentityCertificate & cert )

Self-sign the supplied identity certificate.

Parameters

cert	The supplied cert.

Exceptions

SecTpm::Error if the private key does not exist.

Definition at line 571 of file key-chain.cpp.

References ndn::DIGEST_ALGORITHM_SHA256, ndn::Signature::getInfo(), ndn::PublicKey::getKeyType(), ndn::Data::getName(), ndn::Name::getPrefix(), ndn::Certificate::getPublicKeyInfo(), ndn::IdentityCertificate::getPublicKeyName(), ndn::Data::getSignature(), getSignatureType(), ndn::KEY_CLASS_PRIVATE, ndn::tlv::KeyLocator, and ndn::SignatureInfo::setKeyLocator().

§ deleteCertificate()

void ndn::security::KeyChain::deleteCertificate ( const Name & certificateName )

delete a certificate.

Parameters

certificateName The certificate to be deleted.

Exceptions

KeyChain::Error if certificate cannot be deleted.

Definition at line 789 of file key-chain.cpp.

§ deleteKey()

void ndn::security::KeyChain::deleteKey ( const Name & keyName )

delete a key.

Parameters

keyName The key to be deleted.

Exceptions

KeyChain::Error if key cannot be deleted.

Definition at line 795 of file key-chain.cpp.

§ deleteIdentity()

void ndn::security::KeyChain::deleteIdentity ( const Name & identity )

delete an identity.

Parameters

identity The identity to be deleted.

Exceptions

KeyChain::Error if identity cannot be deleted.

Definition at line 802 of file key-chain.cpp.

§ exportIdentity()

shared_ptr< SecuredBag > ndn::security::KeyChain::exportIdentity	(	const Name &	identity,
		const std::string &	passwordStr
	)

export an identity.

Parameters

identity	The identity to export.
passwordStr	The password to secure the private key.

Returns: The encoded export data.

Exceptions

SecPublicInfo::Error if anything goes wrong in exporting.

Definition at line 586 of file key-chain.cpp.

References selfSign().

§ importIdentity()

void ndn::security::KeyChain::importIdentity	(	const SecuredBag &	securedBag,
		const std::string &	passwordStr
	)

import an identity.

Parameters

securedBag	The encoded import data.
passwordStr	The password to secure the private key.

Definition at line 615 of file key-chain.cpp.

References ndn::IdentityCertificate::certificateNameToPublicKeyName(), ndn::SecuredBag::getCertificate(), ndn::SecuredBag::getKey(), ndn::Data::getName(), ndn::Name::getPrefix(), and ndn::Name::toUri().

§ getPib() [1/2]

SecPublicInfo& ndn::security::KeyChain::getPib ( )

inline

Definition at line 438 of file key-chain.hpp.

§ getPib() [2/2]

const SecPublicInfo& ndn::security::KeyChain::getPib ( ) const

inline

Definition at line 444 of file key-chain.hpp.

§ getTpm() [1/2]

SecTpm& ndn::security::KeyChain::getTpm ( )

inline

Definition at line 450 of file key-chain.hpp.

§ getTpm() [2/2]

const SecTpm& ndn::security::KeyChain::getTpm ( ) const

inline

Definition at line 456 of file key-chain.hpp.

§ doesIdentityExist()

bool ndn::security::KeyChain::doesIdentityExist ( const Name & identityName ) const

inline

Definition at line 465 of file key-chain.hpp.

§ addIdentity()

void ndn::security::KeyChain::addIdentity ( const Name & identityName )

inline

Definition at line 471 of file key-chain.hpp.

§ doesPublicKeyExist()

bool ndn::security::KeyChain::doesPublicKeyExist ( const Name & keyName ) const

inline

Definition at line 477 of file key-chain.hpp.

§ addPublicKey()

void ndn::security::KeyChain::addPublicKey	(	const Name &	keyName,
		KeyType	keyType,
		const PublicKey &	publicKeyDer
	)

inline

Definition at line 483 of file key-chain.hpp.

§ addKey()

void ndn::security::KeyChain::addKey	(	const Name &	keyName,
		const PublicKey &	publicKeyDer
	)

inline

Definition at line 489 of file key-chain.hpp.

§ getPublicKey()

shared_ptr<PublicKey> ndn::security::KeyChain::getPublicKey ( const Name & keyName ) const

inline

Definition at line 495 of file key-chain.hpp.

§ doesCertificateExist()

bool ndn::security::KeyChain::doesCertificateExist ( const Name & certificateName ) const

inline

Definition at line 501 of file key-chain.hpp.

§ addCertificate()

void ndn::security::KeyChain::addCertificate ( const IdentityCertificate & certificate )

inline

Definition at line 507 of file key-chain.hpp.

§ getCertificate()

shared_ptr<IdentityCertificate> ndn::security::KeyChain::getCertificate ( const Name & certificateName ) const

inline

Definition at line 513 of file key-chain.hpp.

§ getDefaultIdentity()

Name ndn::security::KeyChain::getDefaultIdentity ( ) const

inline

Definition at line 519 of file key-chain.hpp.

Referenced by nfd::rib::AutoPrefixPropagator::disable().

§ getDefaultKeyNameForIdentity()

Name ndn::security::KeyChain::getDefaultKeyNameForIdentity ( const Name & identityName ) const

inline

Definition at line 525 of file key-chain.hpp.

References getDefaultKeyParamsForIdentity().

§ getDefaultKeyParamsForIdentity()

const KeyParams & ndn::security::KeyChain::getDefaultKeyParamsForIdentity ( const Name & identityName ) const

Get default key parameters for the specified identity.

If identity has a previously generated key, the returned parameters will include the same type of the key. If there are no existing keys, DEFAULT_KEY_PARAMS is used.

Definition at line 640 of file key-chain.cpp.

References ndn::Name::append(), createIdentity(), DEFAULT_KEY_PARAMS, DIGEST_SHA256_IDENTITY, ndn::Block::encode(), ndn::name::Component::fromNumber(), ndn::random::generateWord32(), ndn::random::generateWord64(), ndn::Signature::getInfo(), ndn::Interest::getName(), ndn::KEY_TYPE_ECDSA, ndn::KEY_TYPE_NULL, ndn::KEY_TYPE_RSA, ndn::time::system_clock::now(), ndn::Interest::setName(), ndn::Data::setSignature(), ndn::crypto::sha256(), ndn::tlv::SignatureValue, ndn::time::toUnixTimestamp(), ndn::Name::toUri(), ndn::Data::wireEncode(), and ndn::Name::wireEncode().

Referenced by getDefaultKeyNameForIdentity(), and prepareUnsignedIdentityCertificate().

§ getDefaultCertificateNameForKey()

Name ndn::security::KeyChain::getDefaultCertificateNameForKey ( const Name & keyName ) const

inline

Definition at line 541 of file key-chain.hpp.

§ getAllIdentities()

void ndn::security::KeyChain::getAllIdentities	(	std::vector< Name > &	nameList,
		bool	isDefault
	)		const

inline

Definition at line 547 of file key-chain.hpp.

Referenced by nfd::rib::AutoPrefixPropagator::disable().

§ getAllKeyNames()

void ndn::security::KeyChain::getAllKeyNames	(	std::vector< Name > &	nameList,
		bool	isDefault
	)		const

inline

Definition at line 553 of file key-chain.hpp.

§ getAllKeyNamesOfIdentity()

void ndn::security::KeyChain::getAllKeyNamesOfIdentity	(	const Name &	identity,
		std::vector< Name > &	nameList,
		bool	isDefault
	)		const

inline

Definition at line 559 of file key-chain.hpp.

§ getAllCertificateNames()

void ndn::security::KeyChain::getAllCertificateNames	(	std::vector< Name > &	nameList,
		bool	isDefault
	)		const

inline

Definition at line 565 of file key-chain.hpp.

§ getAllCertificateNamesOfKey()

void ndn::security::KeyChain::getAllCertificateNamesOfKey	(	const Name &	keyName,
		std::vector< Name > &	nameList,
		bool	isDefault
	)		const

inline

Definition at line 571 of file key-chain.hpp.

§ deleteCertificateInfo()

void ndn::security::KeyChain::deleteCertificateInfo ( const Name & certificateName )

inline

Definition at line 579 of file key-chain.hpp.

§ deletePublicKeyInfo()

void ndn::security::KeyChain::deletePublicKeyInfo ( const Name & keyName )

inline

Definition at line 585 of file key-chain.hpp.

§ deleteIdentityInfo()

void ndn::security::KeyChain::deleteIdentityInfo ( const Name & identity )

inline

Definition at line 591 of file key-chain.hpp.

§ setDefaultIdentity()

void ndn::security::KeyChain::setDefaultIdentity ( const Name & identityName )

inline

Definition at line 597 of file key-chain.hpp.

§ setDefaultKeyNameForIdentity()

void ndn::security::KeyChain::setDefaultKeyNameForIdentity ( const Name & keyName )

inline

Definition at line 603 of file key-chain.hpp.

§ setDefaultCertificateNameForKey()

void ndn::security::KeyChain::setDefaultCertificateNameForKey ( const Name & certificateName )

inline

Definition at line 609 of file key-chain.hpp.

§ getNewKeyName()

Name ndn::security::KeyChain::getNewKeyName	(	const Name &	identityName,
		bool	useKsk
	)

inline

Definition at line 615 of file key-chain.hpp.

§ getDefaultCertificateNameForIdentity()

Name ndn::security::KeyChain::getDefaultCertificateNameForIdentity ( const Name & identityName ) const

inline

Definition at line 621 of file key-chain.hpp.

§ getDefaultCertificateName()

Name ndn::security::KeyChain::getDefaultCertificateName ( ) const

inline

Definition at line 627 of file key-chain.hpp.

§ addCertificateAsKeyDefault()

void ndn::security::KeyChain::addCertificateAsKeyDefault ( const IdentityCertificate & certificate )

inline

Definition at line 633 of file key-chain.hpp.

§ addCertificateAsIdentityDefault()

void ndn::security::KeyChain::addCertificateAsIdentityDefault ( const IdentityCertificate & certificate )

inline

Definition at line 639 of file key-chain.hpp.

§ addCertificateAsSystemDefault()

void ndn::security::KeyChain::addCertificateAsSystemDefault ( const IdentityCertificate & certificate )

inline

Definition at line 645 of file key-chain.hpp.

§ getDefaultCertificate()

shared_ptr<IdentityCertificate> ndn::security::KeyChain::getDefaultCertificate ( ) const

inline

Definition at line 651 of file key-chain.hpp.

References getDefaultCertificate().

Referenced by getDefaultCertificate().

§ refreshDefaultCertificate()

void ndn::security::KeyChain::refreshDefaultCertificate ( )

inline

Definition at line 660 of file key-chain.hpp.

§ setTpmPassword()

void ndn::security::KeyChain::setTpmPassword	(	const uint8_t *	password,
		size_t	passwordLength
	)

inline

Definition at line 670 of file key-chain.hpp.

§ resetTpmPassword()

void ndn::security::KeyChain::resetTpmPassword ( )

inline

Definition at line 676 of file key-chain.hpp.

§ setInTerminal()

void ndn::security::KeyChain::setInTerminal ( bool inTerminal )

inline

Definition at line 682 of file key-chain.hpp.

§ getInTerminal()

bool ndn::security::KeyChain::getInTerminal ( ) const

inline

Definition at line 688 of file key-chain.hpp.

§ isLocked()

bool ndn::security::KeyChain::isLocked ( ) const

inline

Definition at line 694 of file key-chain.hpp.

§ unlockTpm()

bool ndn::security::KeyChain::unlockTpm	(	const char *	password,
		size_t	passwordLength,
		bool	usePassword
	)

inline

Definition at line 700 of file key-chain.hpp.

§ generateKeyPairInTpm()

void ndn::security::KeyChain::generateKeyPairInTpm	(	const Name &	keyName,
		const KeyParams &	params
	)

inline

Definition at line 706 of file key-chain.hpp.

§ deleteKeyPairInTpm()

void ndn::security::KeyChain::deleteKeyPairInTpm ( const Name & keyName )

inline

Definition at line 712 of file key-chain.hpp.

§ getPublicKeyFromTpm()

shared_ptr<PublicKey> ndn::security::KeyChain::getPublicKeyFromTpm ( const Name & keyName ) const

inline

Definition at line 718 of file key-chain.hpp.

§ signInTpm()

Block ndn::security::KeyChain::signInTpm	(	const uint8_t *	data,
		size_t	dataLength,
		const Name &	keyName,
		DigestAlgorithm	digestAlgorithm
	)

inline

Definition at line 724 of file key-chain.hpp.

§ decryptInTpm()

ConstBufferPtr ndn::security::KeyChain::decryptInTpm	(	const uint8_t *	data,
		size_t	dataLength,
		const Name &	keyName,
		bool	isSymmetric
	)

inline

Definition at line 732 of file key-chain.hpp.

§ encryptInTpm()

ConstBufferPtr ndn::security::KeyChain::encryptInTpm	(	const uint8_t *	data,
		size_t	dataLength,
		const Name &	keyName,
		bool	isSymmetric
	)

inline

Definition at line 738 of file key-chain.hpp.

§ generateSymmetricKeyInTpm()

void ndn::security::KeyChain::generateSymmetricKeyInTpm	(	const Name &	keyName,
		const KeyParams &	params
	)

inline

Definition at line 744 of file key-chain.hpp.

§ doesKeyExistInTpm()

bool ndn::security::KeyChain::doesKeyExistInTpm	(	const Name &	keyName,
		KeyClass	keyClass
	)		const

inline

Definition at line 750 of file key-chain.hpp.

§ generateRandomBlock()

bool ndn::security::KeyChain::generateRandomBlock	(	uint8_t *	res,
		size_t	size
	)		const

inline

Definition at line 756 of file key-chain.hpp.

§ addAppToAcl()

void ndn::security::KeyChain::addAppToAcl	(	const Name &	keyName,
		KeyClass	keyClass,
		const std::string &	appPath,
		AclType	acl
	)

inline

Definition at line 762 of file key-chain.hpp.

§ exportPrivateKeyPkcs5FromTpm()

ConstBufferPtr ndn::security::KeyChain::exportPrivateKeyPkcs5FromTpm	(	const Name &	keyName,
		const std::string &	password
	)

inline

Definition at line 768 of file key-chain.hpp.

§ importPrivateKeyPkcs5IntoTpm()

bool ndn::security::KeyChain::importPrivateKeyPkcs5IntoTpm	(	const Name &	keyName,
		const uint8_t *	buf,
		size_t	size,
		const std::string &	password
	)

inline

Definition at line 774 of file key-chain.hpp.

References DEFAULT_KEY_PARAMS, and getSignatureType().

§ getSignatureType()

tlv::SignatureTypeValue ndn::security::KeyChain::getSignatureType	(	KeyType	keyType,
		DigestAlgorithm	digestAlgorithm
	)

static

Definition at line 815 of file key-chain.cpp.

References ndn::KEY_TYPE_ECDSA, ndn::KEY_TYPE_RSA, ndn::tlv::SignatureSha256WithEcdsa, and ndn::tlv::SignatureSha256WithRsa.

Referenced by importPrivateKeyPkcs5IntoTpm(), prepareUnsignedIdentityCertificate(), and selfSign().

Member Data Documentation

§ DEFAULT_PREFIX

const Name ndn::security::KeyChain::DEFAULT_PREFIX

static

Definition at line 872 of file key-chain.hpp.

Referenced by prepareUnsignedIdentityCertificate().

§ DEFAULT_SIGNING_INFO

const SigningInfo ndn::security::KeyChain::DEFAULT_SIGNING_INFO

static

Definition at line 873 of file key-chain.hpp.

§ DIGEST_SHA256_IDENTITY

const Name ndn::security::KeyChain::DIGEST_SHA256_IDENTITY

static

A localhost identity which indicates that signature is generated using SHA-256.

Todo:: Passing this as identity is not implemented.

Definition at line 879 of file key-chain.hpp.

Referenced by getDefaultKeyParamsForIdentity(), ndn::security::operator<<(), prepareUnsignedIdentityCertificate(), and ndn::security::SigningInfo::SigningInfo().

§ DEFAULT_KEY_PARAMS

const RsaKeyParams ndn::security::KeyChain::DEFAULT_KEY_PARAMS

static

Definition at line 882 of file key-chain.hpp.

Referenced by getDefaultKeyParamsForIdentity(), and importPrivateKeyPkcs5IntoTpm().

The documentation for this class was generated from the following files:

ndnSIM/ndn-cxx/src/security/key-chain.hpp
ndnSIM/ndn-cxx/src/security/key-chain.cpp

Classes

Public Types

Public Member Functions

Static Public Member Functions

Static Public Attributes

Detailed Description

Member Typedef Documentation

§ PibCreateFunc

§ TpmCreateFunc

§ SignParams

Constructor & Destructor Documentation

§ KeyChain() [1/2]

§ KeyChain() [2/2]

§ ~KeyChain()

Member Function Documentation

§ registerPib()

§ registerTpm()

§ getDefaultPibLocator()

§ createPib()

§ getDefaultTpmLocator()

§ createTpm()

§ createIdentity()

§ generateRsaKeyPair()

§ generateEcdsaKeyPair()

§ generateRsaKeyPairAsDefault()

§ generateEcdsaKeyPairAsDefault()

§ prepareUnsignedIdentityCertificate() [1/2]

§ prepareUnsignedIdentityCertificate() [2/2]

§ sign() [1/5]

§ sign() [2/5]

§ sign() [3/5]

§ sign() [4/5]

§ sign() [5/5]

§ signByIdentity() [1/2]

§ signByIdentity() [2/2]

§ signWithSha256() [1/2]

§ signWithSha256() [2/2]

§ selfSign() [1/2]

§ selfSign() [2/2]

§ deleteCertificate()

§ deleteKey()

§ deleteIdentity()

§ exportIdentity()

§ importIdentity()

§ getPib() [1/2]

§ getPib() [2/2]

§ getTpm() [1/2]

§ getTpm() [2/2]

§ doesIdentityExist()

§ addIdentity()

§ doesPublicKeyExist()

§ addPublicKey()

§ addKey()

§ getPublicKey()

§ doesCertificateExist()

§ addCertificate()

§ getCertificate()

§ getDefaultIdentity()

§ getDefaultKeyNameForIdentity()

§ getDefaultKeyParamsForIdentity()

§ getDefaultCertificateNameForKey()

§ getAllIdentities()

§ getAllKeyNames()

§ getAllKeyNamesOfIdentity()

§ getAllCertificateNames()

§ getAllCertificateNamesOfKey()

§ deleteCertificateInfo()

§ deletePublicKeyInfo()

§ deleteIdentityInfo()

§ setDefaultIdentity()

§ setDefaultKeyNameForIdentity()

§ setDefaultCertificateNameForKey()

§ getNewKeyName()

§ getDefaultCertificateNameForIdentity()

§ getDefaultCertificateName()

§ addCertificateAsKeyDefault()

§ addCertificateAsIdentityDefault()

§ addCertificateAsSystemDefault()

§ getDefaultCertificate()

§ refreshDefaultCertificate()