The packet signing interface. More...
#include <key-chain.hpp>
Classes | |
class | Error |
class | MismatchError |
Error thrown when the supplied TPM locator to KeyChain constructor does not match the locator stored in PIB. More... | |
Public Types | |
typedef function< unique_ptr< SecPublicInfo >const std::string &)> | PibCreateFunc |
typedef function< unique_ptr< SecTpm >const std::string &)> | TpmCreateFunc |
typedef std::map< std::string, Block > | SignParams |
Public Member Functions | |
KeyChain () | |
Constructor to create KeyChain with default PIB and TPM. More... | |
KeyChain (const std::string &pibLocator, const std::string &tpmLocator, bool allowReset=false) | |
KeyChain constructor. More... | |
virtual | ~KeyChain () |
Name | createIdentity (const Name &identityName, const KeyParams ¶ms=DEFAULT_KEY_PARAMS) |
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. More... | |
Name | generateRsaKeyPair (const Name &identityName, bool isKsk=false, uint32_t keySize=2048) |
Generate a pair of RSA keys for the specified identity. More... | |
Name | generateEcdsaKeyPair (const Name &identityName, bool isKsk=false, uint32_t keySize=256) |
Generate a pair of ECDSA keys for the specified identity. More... | |
Name | generateRsaKeyPairAsDefault (const Name &identityName, bool isKsk=false, uint32_t keySize=2048) |
Generate a pair of RSA keys for the specified identity and set it as default key for the identity. More... | |
Name | generateEcdsaKeyPairAsDefault (const Name &identityName, bool isKsk=false, uint32_t keySize=256) |
Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity. More... | |
shared_ptr< IdentityCertificate > | prepareUnsignedIdentityCertificate (const Name &keyName, const Name &signingIdentity, const time::system_clock::TimePoint ¬Before, const time::system_clock::TimePoint ¬After, const std::vector< CertificateSubjectDescription > &subjectDescription, const Name &certPrefix=DEFAULT_PREFIX) |
prepare an unsigned identity certificate More... | |
shared_ptr< IdentityCertificate > | prepareUnsignedIdentityCertificate (const Name &keyName, const PublicKey &publicKey, const Name &signingIdentity, const time::system_clock::TimePoint ¬Before, const time::system_clock::TimePoint ¬After, const std::vector< CertificateSubjectDescription > &subjectDescription, const Name &certPrefix=DEFAULT_PREFIX) |
prepare an unsigned identity certificate More... | |
void | sign (Data &data, const SigningInfo ¶ms=DEFAULT_SIGNING_INFO) |
Sign data according to the supplied signing information. More... | |
void | sign (Interest &interest, const SigningInfo ¶ms=DEFAULT_SIGNING_INFO) |
Sign interest according to the supplied signing information. More... | |
Block | sign (const uint8_t *buffer, size_t bufferLength, const SigningInfo ¶ms) |
Sign buffer according to the supplied signing information. More... | |
template<typename T > | |
void | sign (T &packet, const Name &certificateName) |
Sign packet with a particular certificate. More... | |
Signature | sign (const uint8_t *buffer, size_t bufferLength, const Name &certificateName) |
Sign the byte array using a particular certificate. More... | |
template<typename T > | |
void | signByIdentity (T &packet, const Name &identityName) |
Sign packet using the default certificate of a particular identity. More... | |
Signature | signByIdentity (const uint8_t *buffer, size_t bufferLength, const Name &identityName) |
Sign the byte array using the default certificate of a particular identity. More... | |
void | signWithSha256 (Data &data) |
Set Sha256 weak signature for data . More... | |
void | signWithSha256 (Interest &interest) |
Set Sha256 weak signature for interest . More... | |
shared_ptr< IdentityCertificate > | selfSign (const Name &keyName) |
Generate a self-signed certificate for a public key. More... | |
void | selfSign (IdentityCertificate &cert) |
Self-sign the supplied identity certificate. More... | |
void | deleteCertificate (const Name &certificateName) |
delete a certificate. More... | |
void | deleteKey (const Name &keyName) |
delete a key. More... | |
void | deleteIdentity (const Name &identity) |
delete an identity. More... | |
shared_ptr< SecuredBag > | exportIdentity (const Name &identity, const std::string &passwordStr) |
export an identity. More... | |
void | importIdentity (const SecuredBag &securedBag, const std::string &passwordStr) |
import an identity. More... | |
SecPublicInfo & | getPib () |
const SecPublicInfo & | getPib () const |
SecTpm & | getTpm () |
const SecTpm & | getTpm () const |
bool | doesIdentityExist (const Name &identityName) const |
void | addIdentity (const Name &identityName) |
bool | doesPublicKeyExist (const Name &keyName) const |
void | addPublicKey (const Name &keyName, KeyType keyType, const PublicKey &publicKeyDer) |
void | addKey (const Name &keyName, const PublicKey &publicKeyDer) |
shared_ptr< PublicKey > | getPublicKey (const Name &keyName) const |
bool | doesCertificateExist (const Name &certificateName) const |
void | addCertificate (const IdentityCertificate &certificate) |
shared_ptr< IdentityCertificate > | getCertificate (const Name &certificateName) const |
Name | getDefaultIdentity () const |
Name | getDefaultKeyNameForIdentity (const Name &identityName) const |
const KeyParams & | getDefaultKeyParamsForIdentity (const Name &identityName) const |
Get default key parameters for the specified identity. More... | |
Name | getDefaultCertificateNameForKey (const Name &keyName) const |
void | getAllIdentities (std::vector< Name > &nameList, bool isDefault) const |
void | getAllKeyNames (std::vector< Name > &nameList, bool isDefault) const |
void | getAllKeyNamesOfIdentity (const Name &identity, std::vector< Name > &nameList, bool isDefault) const |
void | getAllCertificateNames (std::vector< Name > &nameList, bool isDefault) const |
void | getAllCertificateNamesOfKey (const Name &keyName, std::vector< Name > &nameList, bool isDefault) const |
void | deleteCertificateInfo (const Name &certificateName) |
void | deletePublicKeyInfo (const Name &keyName) |
void | deleteIdentityInfo (const Name &identity) |
void | setDefaultIdentity (const Name &identityName) |
void | setDefaultKeyNameForIdentity (const Name &keyName) |
void | setDefaultCertificateNameForKey (const Name &certificateName) |
Name | getNewKeyName (const Name &identityName, bool useKsk) |
Name | getDefaultCertificateNameForIdentity (const Name &identityName) const |
Name | getDefaultCertificateName () const |
void | addCertificateAsKeyDefault (const IdentityCertificate &certificate) |
void | addCertificateAsIdentityDefault (const IdentityCertificate &certificate) |
void | addCertificateAsSystemDefault (const IdentityCertificate &certificate) |
shared_ptr< IdentityCertificate > | getDefaultCertificate () const |
void | refreshDefaultCertificate () |
void | setTpmPassword (const uint8_t *password, size_t passwordLength) |
void | resetTpmPassword () |
void | setInTerminal (bool inTerminal) |
bool | getInTerminal () const |
bool | isLocked () const |
bool | unlockTpm (const char *password, size_t passwordLength, bool usePassword) |
void | generateKeyPairInTpm (const Name &keyName, const KeyParams ¶ms) |
void | deleteKeyPairInTpm (const Name &keyName) |
shared_ptr< PublicKey > | getPublicKeyFromTpm (const Name &keyName) const |
Block | signInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, DigestAlgorithm digestAlgorithm) |
ConstBufferPtr | decryptInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric) |
ConstBufferPtr | encryptInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric) |
void | generateSymmetricKeyInTpm (const Name &keyName, const KeyParams ¶ms) |
bool | doesKeyExistInTpm (const Name &keyName, KeyClass keyClass) const |
bool | generateRandomBlock (uint8_t *res, size_t size) const |
void | addAppToAcl (const Name &keyName, KeyClass keyClass, const std::string &appPath, AclType acl) |
ConstBufferPtr | exportPrivateKeyPkcs5FromTpm (const Name &keyName, const std::string &password) |
bool | importPrivateKeyPkcs5IntoTpm (const Name &keyName, const uint8_t *buf, size_t size, const std::string &password) |
Static Public Member Functions | |
template<class PibType > | |
static void | registerPib (std::initializer_list< std::string > aliases) |
Register a new PIB. More... | |
template<class TpmType > | |
static void | registerTpm (std::initializer_list< std::string > aliases) |
Register a new TPM. More... | |
static std::string | getDefaultPibLocator () |
Get default PIB locator. More... | |
static unique_ptr< SecPublicInfo > | createPib (const std::string &pibLocator) |
Create a PIB according to pibLocator . More... | |
static std::string | getDefaultTpmLocator () |
Get default TPM locator. More... | |
static unique_ptr< SecTpm > | createTpm (const std::string &tpmLocator) |
Create a TPM according to tpmLocator . More... | |
static tlv::SignatureTypeValue | getSignatureType (KeyType keyType, DigestAlgorithm digestAlgorithm) |
Static Public Attributes | |
static const Name | DEFAULT_PREFIX |
static const SigningInfo | DEFAULT_SIGNING_INFO |
static const Name | DIGEST_SHA256_IDENTITY |
A localhost identity which indicates that signature is generated using SHA-256. More... | |
static const RsaKeyParams | DEFAULT_KEY_PARAMS |
The packet signing interface.
Definition at line 48 of file key-chain.hpp.
typedef function<unique_ptr<SecPublicInfo>const std::string&)> ndn::security::KeyChain::PibCreateFunc |
Definition at line 75 of file key-chain.hpp.
typedef function<unique_ptr<SecTpm>const std::string&)> ndn::security::KeyChain::TpmCreateFunc |
Definition at line 76 of file key-chain.hpp.
typedef std::map<std::string, Block> ndn::security::KeyChain::SignParams |
Definition at line 884 of file key-chain.hpp.
ndn::security::KeyChain::KeyChain | ( | ) |
Constructor to create KeyChain with default PIB and TPM.
Default PIB and TPM are platform-dependent and can be overriden system-wide or on per-use basis.
Definition at line 121 of file key-chain.cpp.
References ndn::ConfigFile::getParsedConfiguration().
ndn::security::KeyChain::KeyChain | ( | const std::string & | pibLocator, |
const std::string & | tpmLocator, | ||
bool | allowReset = false |
||
) |
KeyChain constructor.
pibLocator | PIB locator |
tpmLocator | TPM locator |
allowReset | if true, the PIB will be reset when the supplied tpmLocator mismatches the one in PIB |
Definition at line 135 of file key-chain.cpp.
|
virtual |
Definition at line 145 of file key-chain.cpp.
|
inlinestatic |
Register a new PIB.
aliases | List of schemes with which this PIB will be associated. The first alias in the list is considered a canonical name of the PIB instance. |
Definition at line 920 of file key-chain.hpp.
|
inlinestatic |
Register a new TPM.
aliases | List of schemes with which this TPM will be associated The first alias in the list is considered a canonical name of the TPM instance. |
Definition at line 929 of file key-chain.hpp.
|
static |
Get default PIB locator.
Definition at line 163 of file key-chain.cpp.
|
static |
Create a PIB according to pibLocator
.
Definition at line 189 of file key-chain.cpp.
References ndn::security::getCanonicalPibLocator(), and ndn::security::getPibFactories().
Referenced by createTpm().
|
static |
Get default TPM locator.
Definition at line 201 of file key-chain.cpp.
|
static |
Create a TPM according to tpmLocator
.
Definition at line 226 of file key-chain.cpp.
References createPib(), ndn::security::getCanonicalPibLocator(), ndn::security::getCanonicalTpmLocator(), and ndn::security::getTpmFactories().
Name ndn::security::KeyChain::createIdentity | ( | const Name & | identityName, |
const KeyParams & | params = DEFAULT_KEY_PARAMS |
||
) |
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
identityName | The name of the identity. |
params | The key parameter if a key needs to be generated for the identity. |
Definition at line 275 of file key-chain.cpp.
References ndn::KeyParams::getKeyType(), and selfSign().
Referenced by getDefaultKeyParamsForIdentity(), and prepareUnsignedIdentityCertificate().
Name ndn::security::KeyChain::generateRsaKeyPair | ( | const Name & | identityName, |
bool | isKsk = false , |
||
uint32_t | keySize = 2048 |
||
) |
Generate a pair of RSA keys for the specified identity.
identityName | The name of the identity. |
isKsk | true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK). |
keySize | The size of the key. |
Definition at line 309 of file key-chain.cpp.
Name ndn::security::KeyChain::generateEcdsaKeyPair | ( | const Name & | identityName, |
bool | isKsk = false , |
||
uint32_t | keySize = 256 |
||
) |
Generate a pair of ECDSA keys for the specified identity.
identityName | The name of the identity. |
isKsk | true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK). |
keySize | The size of the key. |
Definition at line 316 of file key-chain.cpp.
Name ndn::security::KeyChain::generateRsaKeyPairAsDefault | ( | const Name & | identityName, |
bool | isKsk = false , |
||
uint32_t | keySize = 2048 |
||
) |
Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
identityName | The name of the identity. |
isKsk | true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK). |
keySize | The size of the key. |
Definition at line 323 of file key-chain.cpp.
Name ndn::security::KeyChain::generateEcdsaKeyPairAsDefault | ( | const Name & | identityName, |
bool | isKsk = false , |
||
uint32_t | keySize = 256 |
||
) |
Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity.
identityName | The name of the identity. |
isKsk | true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK). |
keySize | The size of the key. |
Definition at line 335 of file key-chain.cpp.
shared_ptr< IdentityCertificate > ndn::security::KeyChain::prepareUnsignedIdentityCertificate | ( | const Name & | keyName, |
const Name & | signingIdentity, | ||
const time::system_clock::TimePoint & | notBefore, | ||
const time::system_clock::TimePoint & | notAfter, | ||
const std::vector< CertificateSubjectDescription > & | subjectDescription, | ||
const Name & | certPrefix = DEFAULT_PREFIX |
||
) |
prepare an unsigned identity certificate
keyName | Key name, e.g., /<identity_name>/ksk-123456 . |
signingIdentity | The signing identity. |
notBefore | Refer to IdentityCertificate. |
notAfter | Refer to IdentityCertificate. |
subjectDescription | Refer to IdentityCertificate. |
certPrefix | Prefix before KEY component. By default, KeyChain will infer the certificate name according to the relation between the signingIdentity and the subject identity. If signingIdentity is a prefix of the subject identity, KEY will be inserted after the signingIdentity, otherwise KEY is inserted after subject identity (i.e., before ksk-.... ). |
Definition at line 348 of file key-chain.cpp.
shared_ptr< IdentityCertificate > ndn::security::KeyChain::prepareUnsignedIdentityCertificate | ( | const Name & | keyName, |
const PublicKey & | publicKey, | ||
const Name & | signingIdentity, | ||
const time::system_clock::TimePoint & | notBefore, | ||
const time::system_clock::TimePoint & | notAfter, | ||
const std::vector< CertificateSubjectDescription > & | subjectDescription, | ||
const Name & | certPrefix = DEFAULT_PREFIX |
||
) |
prepare an unsigned identity certificate
keyName | Key name, e.g., /<identity_name>/ksk-123456 . |
publicKey | Public key to sign. |
signingIdentity | The signing identity. |
notBefore | Refer to IdentityCertificate. |
notAfter | Refer to IdentityCertificate. |
subjectDescription | Refer to IdentityCertificate. |
certPrefix | Prefix before KEY component. By default, KeyChain will infer the certificate name according to the relation between the signingIdentity and the subject identity. If signingIdentity is a prefix of the subject identity, KEY will be inserted after the signingIdentity, otherwise KEY is inserted after subject identity (i.e., before ksk-.... ). |
Definition at line 369 of file key-chain.cpp.
References ndn::Name::append(), ndn::Name::appendVersion(), ndn::oid::ATTRIBUTE_NAME, createIdentity(), DEFAULT_PREFIX, DIGEST_SHA256_IDENTITY, ndn::tlv::DigestSha256, ndn::Name::get(), getDefaultKeyParamsForIdentity(), ndn::security::SigningInfo::getDigestAlgorithm(), ndn::Name::getPrefix(), ndn::security::SigningInfo::getSignatureInfo(), getSignatureType(), ndn::security::SigningInfo::getSignerName(), ndn::security::SigningInfo::getSignerType(), ndn::Name::getSubName(), ndn::Name::isPrefixOf(), ndn::tlv::KeyLocator, ndn::SignatureInfo::setKeyLocator(), ndn::SignatureInfo::setSignatureType(), ndn::security::SigningInfo::SIGNER_TYPE_CERT, ndn::security::SigningInfo::SIGNER_TYPE_ID, ndn::security::SigningInfo::SIGNER_TYPE_KEY, ndn::security::SigningInfo::SIGNER_TYPE_NULL, ndn::security::SigningInfo::SIGNER_TYPE_SHA256, ndn::Name::size(), ndn::name::Component::toUri(), and ndn::Name::toUri().
void ndn::security::KeyChain::sign | ( | Data & | data, |
const SigningInfo & | params = DEFAULT_SIGNING_INFO |
||
) |
Sign data according to the supplied signing information.
This method uses the supplied signing information params
to create the SignatureInfo block:
After that, the method assigns the created SignatureInfo to the data packets, generate a signature and sets as part of the SignatureValue block.
data | The data to sign |
params | The signing parameters. |
Error | if signing fails. |
Definition at line 501 of file key-chain.cpp.
Referenced by ndn::nfd::Controller::Controller(), ndn::util::DummyClientFace::DummyClientFace(), ndn::CommandInterestGenerator::generate(), ndn::CommandInterestGenerator::generateWithIdentity(), ndn::util::NotificationStream< Notification >::postNotification(), nfd::SegmentPublisher< ndn::Face >::publish(), ndn::mgmt::Dispatcher::removeTopPrefix(), nfd::rib::RibManager::setConfigFile(), signByIdentity(), and signWithSha256().
void ndn::security::KeyChain::sign | ( | Interest & | interest, |
const SigningInfo & | params = DEFAULT_SIGNING_INFO |
||
) |
Sign interest according to the supplied signing information.
This method uses the supplied signing information params
to create the SignatureInfo block:
After that, the method appends the created SignatureInfo to the interest name, generate a signature and appends it as part of the SignatureValue block to the interest name.
interest | The interest to sign |
params | The signing parameters. |
Error | if signing fails. |
Definition at line 507 of file key-chain.cpp.
Block ndn::security::KeyChain::sign | ( | const uint8_t * | buffer, |
size_t | bufferLength, | ||
const SigningInfo & | params | ||
) |
Sign buffer according to the supplied signing information.
buffer | The buffer to sign |
bufferLength | The buffer size |
params | The signing parameters. |
Error | if signing fails. |
Definition at line 513 of file key-chain.cpp.
References ndn::DIGEST_ALGORITHM_SHA256.
void ndn::security::KeyChain::sign | ( | T & | packet, |
const Name & | certificateName | ||
) |
Sign packet with a particular certificate.
packet | The packet to be signed. |
certificateName | The certificate name of the key to use for signing. |
SecPublicInfo::Error | if certificate does not exist. |
Definition at line 906 of file key-chain.hpp.
References ndn::security::SigningInfo::SIGNER_TYPE_CERT.
Signature ndn::security::KeyChain::sign | ( | const uint8_t * | buffer, |
size_t | bufferLength, | ||
const Name & | certificateName | ||
) |
Sign the byte array using a particular certificate.
buffer | The byte array to be signed. |
bufferLength | the length of buffer. |
certificateName | The certificate name of the signing key. |
SecPublicInfo::Error | if certificate does not exist. |
Definition at line 522 of file key-chain.cpp.
References ndn::DIGEST_ALGORITHM_SHA256, and ndn::Signature::setValue().
void ndn::security::KeyChain::signByIdentity | ( | T & | packet, |
const Name & | identityName | ||
) |
Sign packet using the default certificate of a particular identity.
If there is no default certificate of that identity, this method will create a self-signed certificate.
packet | The packet to be signed. |
identityName | The signing identity name. |
Definition at line 913 of file key-chain.hpp.
References ndn::security::SigningInfo::SIGNER_TYPE_ID.
Signature ndn::security::KeyChain::signByIdentity | ( | const uint8_t * | buffer, |
size_t | bufferLength, | ||
const Name & | identityName | ||
) |
Sign the byte array using the default certificate of a particular identity.
buffer | The byte array to be signed. |
bufferLength | the length of buffer. |
identityName | The identity name. |
Definition at line 751 of file key-chain.cpp.
References ndn::Signature::setValue(), sign(), and ndn::security::signingByIdentity().
void ndn::security::KeyChain::signWithSha256 | ( | Data & | data | ) |
Set Sha256 weak signature for data
.
Definition at line 759 of file key-chain.cpp.
References sign(), and ndn::security::signingWithSha256().
void ndn::security::KeyChain::signWithSha256 | ( | Interest & | interest | ) |
Set Sha256 weak signature for interest
.
Definition at line 765 of file key-chain.cpp.
References ndn::Name::append(), ndn::Block::encode(), ndn::name::Component::fromNumber(), ndn::random::generateWord64(), ndn::Signature::getInfo(), ndn::Interest::getName(), ndn::time::system_clock::now(), ndn::Interest::setName(), ndn::crypto::sha256(), ndn::tlv::SignatureValue, ndn::time::toUnixTimestamp(), and ndn::Name::wireEncode().
shared_ptr< IdentityCertificate > ndn::security::KeyChain::selfSign | ( | const Name & | keyName | ) |
Generate a self-signed certificate for a public key.
keyName | The name of the public key |
Definition at line 541 of file key-chain.cpp.
References ndn::Name::append(), ndn::Name::appendVersion(), ndn::oid::ATTRIBUTE_NAME, ndn::Name::get(), ndn::Name::getPrefix(), ndn::time::system_clock::now(), ndn::tlv::SignatureInfo, and ndn::Name::toUri().
Referenced by createIdentity(), and exportIdentity().
void ndn::security::KeyChain::selfSign | ( | IdentityCertificate & | cert | ) |
Self-sign the supplied identity certificate.
cert | The supplied cert. |
SecTpm::Error | if the private key does not exist. |
Definition at line 571 of file key-chain.cpp.
References ndn::DIGEST_ALGORITHM_SHA256, ndn::Signature::getInfo(), ndn::PublicKey::getKeyType(), ndn::Data::getName(), ndn::Name::getPrefix(), ndn::Certificate::getPublicKeyInfo(), ndn::IdentityCertificate::getPublicKeyName(), ndn::Data::getSignature(), getSignatureType(), ndn::KEY_CLASS_PRIVATE, ndn::tlv::KeyLocator, and ndn::SignatureInfo::setKeyLocator().
void ndn::security::KeyChain::deleteCertificate | ( | const Name & | certificateName | ) |
delete a certificate.
certificateName | The certificate to be deleted. |
KeyChain::Error | if certificate cannot be deleted. |
Definition at line 789 of file key-chain.cpp.
void ndn::security::KeyChain::deleteKey | ( | const Name & | keyName | ) |
delete a key.
keyName | The key to be deleted. |
KeyChain::Error | if key cannot be deleted. |
Definition at line 795 of file key-chain.cpp.
void ndn::security::KeyChain::deleteIdentity | ( | const Name & | identity | ) |
delete an identity.
identity | The identity to be deleted. |
KeyChain::Error | if identity cannot be deleted. |
Definition at line 802 of file key-chain.cpp.
shared_ptr< SecuredBag > ndn::security::KeyChain::exportIdentity | ( | const Name & | identity, |
const std::string & | passwordStr | ||
) |
export an identity.
identity | The identity to export. |
passwordStr | The password to secure the private key. |
SecPublicInfo::Error | if anything goes wrong in exporting. |
Definition at line 586 of file key-chain.cpp.
References selfSign().
void ndn::security::KeyChain::importIdentity | ( | const SecuredBag & | securedBag, |
const std::string & | passwordStr | ||
) |
import an identity.
securedBag | The encoded import data. |
passwordStr | The password to secure the private key. |
Definition at line 615 of file key-chain.cpp.
References ndn::IdentityCertificate::certificateNameToPublicKeyName(), ndn::SecuredBag::getCertificate(), ndn::SecuredBag::getKey(), ndn::Data::getName(), ndn::Name::getPrefix(), and ndn::Name::toUri().
|
inline |
Definition at line 438 of file key-chain.hpp.
|
inline |
Definition at line 444 of file key-chain.hpp.
|
inline |
Definition at line 450 of file key-chain.hpp.
|
inline |
Definition at line 456 of file key-chain.hpp.
|
inline |
Definition at line 465 of file key-chain.hpp.
|
inline |
Definition at line 471 of file key-chain.hpp.
|
inline |
Definition at line 477 of file key-chain.hpp.
|
inline |
Definition at line 483 of file key-chain.hpp.
|
inline |
Definition at line 489 of file key-chain.hpp.
Definition at line 495 of file key-chain.hpp.
|
inline |
Definition at line 501 of file key-chain.hpp.
|
inline |
Definition at line 507 of file key-chain.hpp.
|
inline |
Definition at line 513 of file key-chain.hpp.
|
inline |
Definition at line 519 of file key-chain.hpp.
Referenced by nfd::rib::AutoPrefixPropagator::disable().
|
inline |
Definition at line 525 of file key-chain.hpp.
References getDefaultKeyParamsForIdentity().
const KeyParams & ndn::security::KeyChain::getDefaultKeyParamsForIdentity | ( | const Name & | identityName | ) | const |
Get default key parameters for the specified identity.
If identity has a previously generated key, the returned parameters will include the same type of the key. If there are no existing keys, DEFAULT_KEY_PARAMS is used.
Definition at line 640 of file key-chain.cpp.
References ndn::Name::append(), createIdentity(), DEFAULT_KEY_PARAMS, DIGEST_SHA256_IDENTITY, ndn::Block::encode(), ndn::name::Component::fromNumber(), ndn::random::generateWord32(), ndn::random::generateWord64(), ndn::Signature::getInfo(), ndn::Interest::getName(), ndn::KEY_TYPE_ECDSA, ndn::KEY_TYPE_NULL, ndn::KEY_TYPE_RSA, ndn::time::system_clock::now(), ndn::Interest::setName(), ndn::Data::setSignature(), ndn::crypto::sha256(), ndn::tlv::SignatureValue, ndn::time::toUnixTimestamp(), ndn::Name::toUri(), ndn::Data::wireEncode(), and ndn::Name::wireEncode().
Referenced by getDefaultKeyNameForIdentity(), and prepareUnsignedIdentityCertificate().
Definition at line 541 of file key-chain.hpp.
|
inline |
Definition at line 547 of file key-chain.hpp.
Referenced by nfd::rib::AutoPrefixPropagator::disable().
|
inline |
Definition at line 553 of file key-chain.hpp.
|
inline |
Definition at line 559 of file key-chain.hpp.
|
inline |
Definition at line 565 of file key-chain.hpp.
|
inline |
Definition at line 571 of file key-chain.hpp.
|
inline |
Definition at line 579 of file key-chain.hpp.
|
inline |
Definition at line 585 of file key-chain.hpp.
|
inline |
Definition at line 591 of file key-chain.hpp.
|
inline |
Definition at line 597 of file key-chain.hpp.
|
inline |
Definition at line 603 of file key-chain.hpp.
|
inline |
Definition at line 609 of file key-chain.hpp.
Definition at line 615 of file key-chain.hpp.
|
inline |
Definition at line 621 of file key-chain.hpp.
|
inline |
Definition at line 627 of file key-chain.hpp.
|
inline |
Definition at line 633 of file key-chain.hpp.
|
inline |
Definition at line 639 of file key-chain.hpp.
|
inline |
Definition at line 645 of file key-chain.hpp.
|
inline |
Definition at line 651 of file key-chain.hpp.
References getDefaultCertificate().
Referenced by getDefaultCertificate().
|
inline |
Definition at line 660 of file key-chain.hpp.
|
inline |
Definition at line 670 of file key-chain.hpp.
|
inline |
Definition at line 676 of file key-chain.hpp.
|
inline |
Definition at line 682 of file key-chain.hpp.
|
inline |
Definition at line 688 of file key-chain.hpp.
|
inline |
Definition at line 694 of file key-chain.hpp.
|
inline |
Definition at line 700 of file key-chain.hpp.
|
inline |
Definition at line 706 of file key-chain.hpp.
|
inline |
Definition at line 712 of file key-chain.hpp.
|
inline |
Definition at line 718 of file key-chain.hpp.
|
inline |
Definition at line 724 of file key-chain.hpp.
|
inline |
Definition at line 732 of file key-chain.hpp.
|
inline |
Definition at line 738 of file key-chain.hpp.
|
inline |
Definition at line 744 of file key-chain.hpp.
|
inline |
Definition at line 750 of file key-chain.hpp.
|
inline |
Definition at line 756 of file key-chain.hpp.
|
inline |
Definition at line 762 of file key-chain.hpp.
|
inline |
Definition at line 768 of file key-chain.hpp.
|
inline |
Definition at line 774 of file key-chain.hpp.
References DEFAULT_KEY_PARAMS, and getSignatureType().
|
static |
Definition at line 815 of file key-chain.cpp.
References ndn::KEY_TYPE_ECDSA, ndn::KEY_TYPE_RSA, ndn::tlv::SignatureSha256WithEcdsa, and ndn::tlv::SignatureSha256WithRsa.
Referenced by importPrivateKeyPkcs5IntoTpm(), prepareUnsignedIdentityCertificate(), and selfSign().
|
static |
Definition at line 872 of file key-chain.hpp.
Referenced by prepareUnsignedIdentityCertificate().
|
static |
Definition at line 873 of file key-chain.hpp.
|
static |
A localhost identity which indicates that signature is generated using SHA-256.
Definition at line 879 of file key-chain.hpp.
Referenced by getDefaultKeyParamsForIdentity(), ndn::security::operator<<(), prepareUnsignedIdentityCertificate(), and ndn::security::SigningInfo::SigningInfo().
|
static |
Definition at line 882 of file key-chain.hpp.
Referenced by getDefaultKeyParamsForIdentity(), and importPrivateKeyPkcs5IntoTpm().