NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.0: NDN, CCN, CCNx, content centric networks
API Documentation
key-chain.hpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
24 #ifndef NDN_SECURITY_KEY_CHAIN_HPP
25 #define NDN_SECURITY_KEY_CHAIN_HPP
26 
27 #include "sec-public-info.hpp"
28 #include "sec-tpm.hpp"
29 #include "key-params.hpp"
30 #include "secured-bag.hpp"
33 #include "digest-sha256.hpp"
34 #include "signing-info.hpp"
35 
36 #include "../interest.hpp"
37 #include "../util/crypto.hpp"
38 #include "../util/random.hpp"
39 #include <initializer_list>
40 
41 
42 namespace ndn {
43 namespace security {
44 
48 class KeyChain : noncopyable
49 {
50 public:
51  class Error : public std::runtime_error
52  {
53  public:
54  explicit
55  Error(const std::string& what)
56  : std::runtime_error(what)
57  {
58  }
59  };
60 
65  class MismatchError : public Error
66  {
67  public:
68  explicit
69  MismatchError(const std::string& what)
70  : Error(what)
71  {
72  }
73  };
74 
75  typedef function<unique_ptr<SecPublicInfo> (const std::string&)> PibCreateFunc;
76  typedef function<unique_ptr<SecTpm>(const std::string&)> TpmCreateFunc;
77 
83  template<class PibType>
84  static void
85  registerPib(std::initializer_list<std::string> aliases);
86 
92  template<class TpmType>
93  static void
94  registerTpm(std::initializer_list<std::string> aliases);
95 
99  static std::string
101 
105  static unique_ptr<SecPublicInfo>
106  createPib(const std::string& pibLocator);
107 
111  static std::string
113 
117  static unique_ptr<SecTpm>
118  createTpm(const std::string& tpmLocator);
119 
128  KeyChain();
129 
140  KeyChain(const std::string& pibLocator,
141  const std::string& tpmLocator,
142  bool allowReset = false);
143 
144  virtual
145  ~KeyChain();
146 
155  Name
156  createIdentity(const Name& identityName, const KeyParams& params = DEFAULT_KEY_PARAMS);
157 
167  Name
168  generateRsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 2048);
169 
179  Name
180  generateEcdsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 256);
181 
192  Name
193  generateRsaKeyPairAsDefault(const Name& identityName, bool isKsk = false,
194  uint32_t keySize = 2048);
195 
206  Name
207  generateEcdsaKeyPairAsDefault(const Name& identityName, bool isKsk, uint32_t keySize = 256);
208 
224  shared_ptr<IdentityCertificate>
226  const Name& signingIdentity,
227  const time::system_clock::TimePoint& notBefore,
228  const time::system_clock::TimePoint& notAfter,
229  const std::vector<CertificateSubjectDescription>& subjectDescription,
230  const Name& certPrefix = DEFAULT_PREFIX);
231 
248  shared_ptr<IdentityCertificate>
250  const PublicKey& publicKey,
251  const Name& signingIdentity,
252  const time::system_clock::TimePoint& notBefore,
253  const time::system_clock::TimePoint& notAfter,
254  const std::vector<CertificateSubjectDescription>& subjectDescription,
255  const Name& certPrefix = DEFAULT_PREFIX);
256 
273  void
274  sign(Data& data, const SigningInfo& params = DEFAULT_SIGNING_INFO);
275 
292  void
293  sign(Interest& interest, const SigningInfo& params = DEFAULT_SIGNING_INFO);
294 
305  Block
306  sign(const uint8_t* buffer, size_t bufferLength, const SigningInfo& params);
307 
316  template<typename T>
317  void
318  sign(T& packet, const Name& certificateName);
319 
330  Signature
331  sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
332 
343  template<typename T>
344  void
345  signByIdentity(T& packet, const Name& identityName);
346 
356  Signature
357  signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
358 
363  void
364  signWithSha256(Data& data);
365 
370  void
371  signWithSha256(Interest& interest);
372 
379  shared_ptr<IdentityCertificate>
380  selfSign(const Name& keyName);
381 
388  void
390 
397  void
398  deleteCertificate(const Name& certificateName);
399 
406  void
407  deleteKey(const Name& keyName);
408 
415  void
416  deleteIdentity(const Name& identity);
417 
426  shared_ptr<SecuredBag>
427  exportIdentity(const Name& identity, const std::string& passwordStr);
428 
435  void
436  importIdentity(const SecuredBag& securedBag, const std::string& passwordStr);
437 
440  {
441  return *m_pib;
442  }
443 
444  const SecPublicInfo&
445  getPib() const
446  {
447  return *m_pib;
448  }
449 
450  SecTpm&
452  {
453  return *m_tpm;
454  }
455 
456  const SecTpm&
457  getTpm() const
458  {
459  return *m_tpm;
460  }
461 
462  /*******************************
463  * Wrapper of SecPublicInfo *
464  *******************************/
465  bool
466  doesIdentityExist(const Name& identityName) const
467  {
468  return m_pib->doesIdentityExist(identityName);
469  }
470 
471  void
472  addIdentity(const Name& identityName)
473  {
474  return m_pib->addIdentity(identityName);
475  }
476 
477  bool
478  doesPublicKeyExist(const Name& keyName) const
479  {
480  return m_pib->doesPublicKeyExist(keyName);
481  }
482 
483  void
484  addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer)
485  {
486  return m_pib->addKey(keyName, publicKeyDer);
487  }
488 
489  void
490  addKey(const Name& keyName, const PublicKey& publicKeyDer)
491  {
492  return m_pib->addKey(keyName, publicKeyDer);
493  }
494 
495  shared_ptr<PublicKey>
496  getPublicKey(const Name& keyName) const
497  {
498  return m_pib->getPublicKey(keyName);
499  }
500 
501  bool
502  doesCertificateExist(const Name& certificateName) const
503  {
504  return m_pib->doesCertificateExist(certificateName);
505  }
506 
507  void
509  {
510  return m_pib->addCertificate(certificate);
511  }
512 
513  shared_ptr<IdentityCertificate>
514  getCertificate(const Name& certificateName) const
515  {
516  return m_pib->getCertificate(certificateName);
517  }
518 
519  Name
521  {
522  return m_pib->getDefaultIdentity();
523  }
524 
525  Name
526  getDefaultKeyNameForIdentity(const Name& identityName) const
527  {
528  return m_pib->getDefaultKeyNameForIdentity(identityName);
529  }
530 
531  Name
532  getDefaultCertificateNameForKey(const Name& keyName) const
533  {
534  return m_pib->getDefaultCertificateNameForKey(keyName);
535  }
536 
537  void
538  getAllIdentities(std::vector<Name>& nameList, bool isDefault) const
539  {
540  return m_pib->getAllIdentities(nameList, isDefault);
541  }
542 
543  void
544  getAllKeyNames(std::vector<Name>& nameList, bool isDefault) const
545  {
546  return m_pib->getAllKeyNames(nameList, isDefault);
547  }
548 
549  void
550  getAllKeyNamesOfIdentity(const Name& identity, std::vector<Name>& nameList, bool isDefault) const
551  {
552  return m_pib->getAllKeyNamesOfIdentity(identity, nameList, isDefault);
553  }
554 
555  void
556  getAllCertificateNames(std::vector<Name>& nameList, bool isDefault) const
557  {
558  return m_pib->getAllCertificateNames(nameList, isDefault);
559  }
560 
561  void
563  std::vector<Name>& nameList,
564  bool isDefault) const
565  {
566  return m_pib->getAllCertificateNamesOfKey(keyName, nameList, isDefault);
567  }
568 
569  void
570  deleteCertificateInfo(const Name& certificateName)
571  {
572  return m_pib->deleteCertificateInfo(certificateName);
573  }
574 
575  void
576  deletePublicKeyInfo(const Name& keyName)
577  {
578  return m_pib->deletePublicKeyInfo(keyName);
579  }
580 
581  void
582  deleteIdentityInfo(const Name& identity)
583  {
584  return m_pib->deleteIdentityInfo(identity);
585  }
586 
587  void
588  setDefaultIdentity(const Name& identityName)
589  {
590  return m_pib->setDefaultIdentity(identityName);
591  }
592 
593  void
595  {
596  return m_pib->setDefaultKeyNameForIdentity(keyName);
597  }
598 
599  void
600  setDefaultCertificateNameForKey(const Name& certificateName)
601  {
602  return m_pib->setDefaultCertificateNameForKey(certificateName);
603  }
604 
605  Name
606  getNewKeyName(const Name& identityName, bool useKsk)
607  {
608  return m_pib->getNewKeyName(identityName, useKsk);
609  }
610 
611  Name
612  getDefaultCertificateNameForIdentity(const Name& identityName) const
613  {
614  return m_pib->getDefaultCertificateNameForIdentity(identityName);
615  }
616 
617  Name
619  {
620  return m_pib->getDefaultCertificateName();
621  }
622 
623  void
625  {
626  return m_pib->addCertificateAsKeyDefault(certificate);
627  }
628 
629  void
631  {
632  return m_pib->addCertificateAsIdentityDefault(certificate);
633  }
634 
635  void
637  {
638  return m_pib->addCertificateAsSystemDefault(certificate);
639  }
640 
641  shared_ptr<IdentityCertificate>
643  {
644  if (!static_cast<bool>(m_pib->getDefaultCertificate()))
645  const_cast<KeyChain*>(this)->setDefaultCertificateInternal();
646 
647  return m_pib->getDefaultCertificate();
648  }
649 
650  void
652  {
653  return m_pib->refreshDefaultCertificate();
654  }
655 
656  /*******************************
657  * Wrapper of SecTpm *
658  *******************************/
659 
660  void
661  setTpmPassword(const uint8_t* password, size_t passwordLength)
662  {
663  return m_tpm->setTpmPassword(password, passwordLength);
664  }
665 
666  void
668  {
669  return m_tpm->resetTpmPassword();
670  }
671 
672  void
673  setInTerminal(bool inTerminal)
674  {
675  return m_tpm->setInTerminal(inTerminal);
676  }
677 
678  bool
680  {
681  return m_tpm->getInTerminal();
682  }
683 
684  bool
685  isLocked() const
686  {
687  return m_tpm->isLocked();
688  }
689 
690  bool
691  unlockTpm(const char* password, size_t passwordLength, bool usePassword)
692  {
693  return m_tpm->unlockTpm(password, passwordLength, usePassword);
694  }
695 
696  void
697  generateKeyPairInTpm(const Name& keyName, const KeyParams& params)
698  {
699  return m_tpm->generateKeyPairInTpm(keyName, params);
700  }
701 
702  void
703  deleteKeyPairInTpm(const Name& keyName)
704  {
705  return m_tpm->deleteKeyPairInTpm(keyName);
706  }
707 
708  shared_ptr<PublicKey>
709  getPublicKeyFromTpm(const Name& keyName) const
710  {
711  return m_tpm->getPublicKeyFromTpm(keyName);
712  }
713 
714  Block
715  signInTpm(const uint8_t* data, size_t dataLength,
716  const Name& keyName,
717  DigestAlgorithm digestAlgorithm)
718  {
719  return m_tpm->signInTpm(data, dataLength, keyName, digestAlgorithm);
720  }
721 
723  decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
724  {
725  return m_tpm->decryptInTpm(data, dataLength, keyName, isSymmetric);
726  }
727 
729  encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
730  {
731  return m_tpm->encryptInTpm(data, dataLength, keyName, isSymmetric);
732  }
733 
734  void
735  generateSymmetricKeyInTpm(const Name& keyName, const KeyParams& params)
736  {
737  return m_tpm->generateSymmetricKeyInTpm(keyName, params);
738  }
739 
740  bool
741  doesKeyExistInTpm(const Name& keyName, KeyClass keyClass) const
742  {
743  return m_tpm->doesKeyExistInTpm(keyName, keyClass);
744  }
745 
746  bool
747  generateRandomBlock(uint8_t* res, size_t size) const
748  {
749  return m_tpm->generateRandomBlock(res, size);
750  }
751 
752  void
753  addAppToAcl(const Name& keyName, KeyClass keyClass, const std::string& appPath, AclType acl)
754  {
755  return m_tpm->addAppToAcl(keyName, keyClass, appPath, acl);
756  }
757 
759  exportPrivateKeyPkcs5FromTpm(const Name& keyName, const std::string& password)
760  {
761  return m_tpm->exportPrivateKeyPkcs5FromTpm(keyName, password);
762  }
763 
764  bool
766  const uint8_t* buf, size_t size,
767  const std::string& password)
768  {
769  return m_tpm->importPrivateKeyPkcs5IntoTpm(keyName, buf, size, password);
770  }
771 
772 private:
773  void
774  initialize(const std::string& pibLocatorUri,
775  const std::string& tpmLocatorUri,
776  bool needReset);
777 
786  std::tuple<Name, SignatureInfo>
787  prepareSignatureInfo(const SigningInfo& params);
788 
796  template<typename T>
797  void
798  signImpl(T& packet, const SigningInfo& params);
799 
803  void
804  setDefaultCertificateInternal();
805 
814  Name
815  generateKeyPair(const Name& identityName, bool isKsk = false,
816  const KeyParams& params = DEFAULT_KEY_PARAMS);
817 
827  void
828  signPacketWrapper(Data& data, const Signature& signature,
829  const Name& keyName, DigestAlgorithm digestAlgorithm);
830 
840  void
841  signPacketWrapper(Interest& interest, const Signature& signature,
842  const Name& keyName, DigestAlgorithm digestAlgorithm);
843 
848  Block
849  pureSign(const uint8_t* buf, size_t size, const Name& keyName, DigestAlgorithm digestAlgorithm) const;
850 
851  static void
852  registerPibImpl(const std::string& canonicalName,
853  std::initializer_list<std::string> aliases, PibCreateFunc createFunc);
854 
855  static void
856  registerTpmImpl(const std::string& canonicalName,
857  std::initializer_list<std::string> aliases, TpmCreateFunc createFunc);
858 
859 public:
861  getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm);
862 
863 public:
864  static const Name DEFAULT_PREFIX;
866 
872 
873  // RsaKeyParams is set to be default for backward compatibility.
875 
876  typedef std::map<std::string, Block> SignParams;
877 
878 private:
879  std::unique_ptr<SecPublicInfo> m_pib;
880  std::unique_ptr<SecTpm> m_tpm;
881  time::milliseconds m_lastTimestamp;
882 };
883 
884 template<typename T>
885 void
886 KeyChain::signImpl(T& packet, const SigningInfo& params)
887 {
888  Name keyName;
889  SignatureInfo sigInfo;
890  std::tie(keyName, sigInfo) = prepareSignatureInfo(params);
891 
892  signPacketWrapper(packet, Signature(sigInfo),
893  keyName, params.getDigestAlgorithm());
894 }
895 
896 template<typename T>
897 void
898 KeyChain::sign(T& packet, const Name& certificateName)
899 {
900  signImpl(packet, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certificateName));
901 }
902 
903 template<typename T>
904 void
905 KeyChain::signByIdentity(T& packet, const Name& identityName)
906 {
907  signImpl(packet, SigningInfo(SigningInfo::SIGNER_TYPE_ID, identityName));
908 }
909 
910 template<class PibType>
911 inline void
912 KeyChain::registerPib(std::initializer_list<std::string> aliases)
913 {
914  registerPibImpl(*aliases.begin(), aliases, [] (const std::string& locator) {
915  return unique_ptr<SecPublicInfo>(new PibType(locator));
916  });
917 }
918 
919 template<class TpmType>
920 inline void
921 KeyChain::registerTpm(std::initializer_list<std::string> aliases)
922 {
923  registerTpmImpl(*aliases.begin(), aliases, [] (const std::string& locator) {
924  return unique_ptr<SecTpm>(new TpmType(locator));
925  });
926 }
927 
934 #define NDN_CXX_KEYCHAIN_REGISTER_PIB(PibType, ...) \
935 static class NdnCxxAuto ## PibType ## PibRegistrationClass \
936 { \
937 public: \
938  NdnCxxAuto ## PibType ## PibRegistrationClass() \
939  { \
940  ::ndn::KeyChain::registerPib<PibType>({__VA_ARGS__}); \
941  } \
942 } ndnCxxAuto ## PibType ## PibRegistrationVariable
943 
950 #define NDN_CXX_KEYCHAIN_REGISTER_TPM(TpmType, ...) \
951 static class NdnCxxAuto ## TpmType ## TpmRegistrationClass \
952 { \
953 public: \
954  NdnCxxAuto ## TpmType ## TpmRegistrationClass() \
955  { \
956  ::ndn::KeyChain::registerTpm<TpmType>({__VA_ARGS__}); \
957  } \
958 } ndnCxxAuto ## TpmType ## TpmRegistrationVariable
959 
960 } // namespace security
961 
962 using security::KeyChain;
963 
964 } // namespace ndn
965 
966 #endif // NDN_SECURITY_KEY_CHAIN_HPP
static const RsaKeyParams DEFAULT_KEY_PARAMS
Definition: key-chain.hpp:874
Name getNewKeyName(const Name &identityName, bool useKsk)
Definition: key-chain.hpp:606
bool unlockTpm(const char *password, size_t passwordLength, bool usePassword)
Definition: key-chain.hpp:691
Name getDefaultCertificateNameForIdentity(const Name &identityName) const
Definition: key-chain.hpp:612
shared_ptr< IdentityCertificate > prepareUnsignedIdentityCertificate(const Name &keyName, const Name &signingIdentity, const time::system_clock::TimePoint &notBefore, const time::system_clock::TimePoint &notAfter, const std::vector< CertificateSubjectDescription > &subjectDescription, const Name &certPrefix=DEFAULT_PREFIX)
prepare an unsigned identity certificate
Definition: key-chain.cpp:352
MismatchError(const std::string &what)
Definition: key-chain.hpp:69
Copyright (c) 2011-2015 Regents of the University of California.
function< unique_ptr< SecPublicInfo >const std::string &)> PibCreateFunc
Definition: key-chain.hpp:75
void addIdentity(const Name &identityName)
Definition: key-chain.hpp:472
bool generateRandomBlock(uint8_t *res, size_t size) const
Definition: key-chain.hpp:747
shared_ptr< PublicKey > getPublicKey(const Name &keyName) const
Definition: key-chain.hpp:496
shared_ptr< PublicKey > getPublicKeyFromTpm(const Name &keyName) const
Definition: key-chain.hpp:709
void importIdentity(const SecuredBag &securedBag, const std::string &passwordStr)
import an identity.
Definition: key-chain.cpp:636
void setDefaultIdentity(const Name &identityName)
Definition: key-chain.hpp:588
static unique_ptr< SecPublicInfo > createPib(const std::string &pibLocator)
Create a PIB according to pibLocator.
Definition: key-chain.cpp:188
void getAllKeyNamesOfIdentity(const Name &identity, std::vector< Name > &nameList, bool isDefault) const
Definition: key-chain.hpp:550
void addCertificateAsKeyDefault(const IdentityCertificate &certificate)
Definition: key-chain.hpp:624
The packet signing interface.
Definition: key-chain.hpp:48
void signByIdentity(T &packet, const Name &identityName)
Sign packet using the default certificate of a particular identity.
Definition: key-chain.hpp:905
void generateSymmetricKeyInTpm(const Name &keyName, const KeyParams &params)
Definition: key-chain.hpp:735
shared_ptr< IdentityCertificate > getDefaultCertificate() const
Definition: key-chain.hpp:642
STL namespace.
ConstBufferPtr encryptInTpm(const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)
Definition: key-chain.hpp:729
Error thrown when the supplied TPM locator to KeyChain constructor does not match the locator stored ...
Definition: key-chain.hpp:65
Class representing a wire element of NDN-TLV packet format.
Definition: block.hpp:43
represents an Interest packet
Definition: interest.hpp:45
Name getDefaultCertificateName() const
Definition: key-chain.hpp:618
void deleteKeyPairInTpm(const Name &keyName)
Definition: key-chain.hpp:703
void sign(Data &data, const SigningInfo &params=DEFAULT_SIGNING_INFO)
Sign data according to the supplied signing information.
Definition: key-chain.cpp:517
void getAllCertificateNames(std::vector< Name > &nameList, bool isDefault) const
Definition: key-chain.hpp:556
const SecTpm & getTpm() const
Definition: key-chain.hpp:457
void setTpmPassword(const uint8_t *password, size_t passwordLength)
Definition: key-chain.hpp:661
const SecPublicInfo & getPib() const
Definition: key-chain.hpp:445
Signing parameters passed to KeyChain.
shared_ptr< SecuredBag > exportIdentity(const Name &identity, const std::string &passwordStr)
export an identity.
Definition: key-chain.cpp:601
void addCertificateAsSystemDefault(const IdentityCertificate &certificate)
Definition: key-chain.hpp:636
bool doesCertificateExist(const Name &certificateName) const
Definition: key-chain.hpp:502
shared_ptr< IdentityCertificate > getCertificate(const Name &certificateName) const
Definition: key-chain.hpp:514
void getAllIdentities(std::vector< Name > &nameList, bool isDefault) const
Definition: key-chain.hpp:538
static void registerPib(std::initializer_list< std::string > aliases)
Register a new PIB.
Definition: key-chain.hpp:912
static const SigningInfo DEFAULT_SIGNING_INFO
Definition: key-chain.hpp:865
void generateKeyPairInTpm(const Name &keyName, const KeyParams &params)
Definition: key-chain.hpp:697
Name createIdentity(const Name &identityName, const KeyParams &params=DEFAULT_KEY_PARAMS)
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed ce...
Definition: key-chain.cpp:274
SecTpm is the base class of the TPM classes.
Definition: sec-tpm.hpp:41
Name getDefaultCertificateNameForKey(const Name &keyName) const
Definition: key-chain.hpp:532
SecPublicInfo & getPib()
Definition: key-chain.hpp:439
function< unique_ptr< SecTpm >const std::string &)> TpmCreateFunc
Definition: key-chain.hpp:76
static std::string getDefaultTpmLocator()
Get default TPM locator.
Definition: key-chain.cpp:200
void addAppToAcl(const Name &keyName, KeyClass keyClass, const std::string &appPath, AclType acl)
Definition: key-chain.hpp:753
void setInTerminal(bool inTerminal)
Definition: key-chain.hpp:673
std::map< std::string, Block > SignParams
Definition: key-chain.hpp:876
void deletePublicKeyInfo(const Name &keyName)
Definition: key-chain.hpp:576
Block signInTpm(const uint8_t *data, size_t dataLength, const Name &keyName, DigestAlgorithm digestAlgorithm)
Definition: key-chain.hpp:715
Name abstraction to represent an absolute name.
Definition: name.hpp:46
signer is a certificate, use it directly
void getAllCertificateNamesOfKey(const Name &keyName, std::vector< Name > &nameList, bool isDefault) const
Definition: key-chain.hpp:562
void deleteIdentity(const Name &identity)
delete an identity.
Definition: key-chain.cpp:824
void deleteIdentityInfo(const Name &identity)
Definition: key-chain.hpp:582
time_point TimePoint
Definition: time.hpp:78
Name generateRsaKeyPair(const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
Generate a pair of RSA keys for the specified identity.
Definition: key-chain.cpp:313
static tlv::SignatureTypeValue getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm)
Definition: key-chain.cpp:837
KeyChain()
Constructor to create KeyChain with default PIB and TPM.
Definition: key-chain.cpp:120
static unique_ptr< SecTpm > createTpm(const std::string &tpmLocator)
Create a TPM according to tpmLocator.
Definition: key-chain.cpp:225
bool doesIdentityExist(const Name &identityName) const
Definition: key-chain.hpp:466
static std::string getDefaultPibLocator()
Get default PIB locator.
Definition: key-chain.cpp:162
bool doesKeyExistInTpm(const Name &keyName, KeyClass keyClass) const
Definition: key-chain.hpp:741
bool doesPublicKeyExist(const Name &keyName) const
Definition: key-chain.hpp:478
SignatureTypeValue
Definition: tlv.hpp:95
shared_ptr< IdentityCertificate > selfSign(const Name &keyName)
Generate a self-signed certificate for a public key.
Definition: key-chain.cpp:556
Name getDefaultIdentity() const
Definition: key-chain.hpp:520
void addCertificate(const IdentityCertificate &certificate)
Definition: key-chain.hpp:508
Base class of key parameters.
Definition: key-params.hpp:35
signer is an identity, use its default key and default certificate
bool getInTerminal() const
Definition: key-chain.hpp:679
Name generateEcdsaKeyPair(const Name &identityName, bool isKsk=false, uint32_t keySize=256)
Generate a pair of ECDSA keys for the specified identity.
Definition: key-chain.cpp:320
ConstBufferPtr decryptInTpm(const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)
Definition: key-chain.hpp:723
void setDefaultKeyNameForIdentity(const Name &keyName)
Definition: key-chain.hpp:594
static const Name DEFAULT_PREFIX
Definition: key-chain.hpp:864
bool isLocked() const
Definition: key-chain.hpp:685
void addPublicKey(const Name &keyName, KeyType keyType, const PublicKey &publicKeyDer)
Definition: key-chain.hpp:484
void signWithSha256(Data &data)
Set Sha256 weak signature for data.
Definition: key-chain.cpp:774
shared_ptr< const Buffer > ConstBufferPtr
Definition: buffer.hpp:33
void setDefaultCertificateNameForKey(const Name &certificateName)
Definition: key-chain.hpp:600
Name generateEcdsaKeyPairAsDefault(const Name &identityName, bool isKsk, uint32_t keySize=256)
Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity...
Definition: key-chain.cpp:339
void getAllKeyNames(std::vector< Name > &nameList, bool isDefault) const
Definition: key-chain.hpp:544
represents a Data packet
Definition: data.hpp:39
SimplePublicKeyParams is a template for public keys with only one parameter: size.
Definition: key-params.hpp:110
DigestAlgorithm getDigestAlgorithm() const
Name generateRsaKeyPairAsDefault(const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
Generate a pair of RSA keys for the specified identity and set it as default key for the identity...
Definition: key-chain.cpp:327
static const Name DIGEST_SHA256_IDENTITY
A localhost identity which indicates that signature is generated using SHA-256.
Definition: key-chain.hpp:871
void deleteCertificateInfo(const Name &certificateName)
Definition: key-chain.hpp:570
void deleteKey(const Name &keyName)
delete a key.
Definition: key-chain.cpp:817
static void registerTpm(std::initializer_list< std::string > aliases)
Register a new TPM.
Definition: key-chain.hpp:921
void addCertificateAsIdentityDefault(const IdentityCertificate &certificate)
Definition: key-chain.hpp:630
ConstBufferPtr exportPrivateKeyPkcs5FromTpm(const Name &keyName, const std::string &password)
Definition: key-chain.hpp:759
SecPublicInfo is a base class for the storage of public information.
void addKey(const Name &keyName, const PublicKey &publicKeyDer)
Definition: key-chain.hpp:490
void deleteCertificate(const Name &certificateName)
delete a certificate.
Definition: key-chain.cpp:811
bool importPrivateKeyPkcs5IntoTpm(const Name &keyName, const uint8_t *buf, size_t size, const std::string &password)
Definition: key-chain.hpp:765
Name getDefaultKeyNameForIdentity(const Name &identityName) const
Definition: key-chain.hpp:526
Error(const std::string &what)
Definition: key-chain.hpp:55
A Signature is storage for the signature-related information (info and value) in a Data packet...
Definition: signature.hpp:33