NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.0: NDN, CCN, CCNx, content centric networks
API Documentation
ndn::security::KeyChain Class Reference

The packet signing interface. More...

#include <key-chain.hpp>

Inheritance diagram for ndn::security::KeyChain:
Collaboration diagram for ndn::security::KeyChain:

Classes

class  Error
 
class  MismatchError
 Error thrown when the supplied TPM locator to KeyChain constructor does not match the locator stored in PIB. More...
 

Public Types

typedef function< unique_ptr< SecPublicInfo >const std::string &)> PibCreateFunc
 
typedef function< unique_ptr< SecTpm >const std::string &)> TpmCreateFunc
 
typedef std::map< std::string, BlockSignParams
 

Public Member Functions

 KeyChain ()
 Constructor to create KeyChain with default PIB and TPM. More...
 
 KeyChain (const std::string &pibLocator, const std::string &tpmLocator, bool allowReset=false)
 KeyChain constructor. More...
 
virtual ~KeyChain ()
 
Name createIdentity (const Name &identityName, const KeyParams &params=DEFAULT_KEY_PARAMS)
 Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. More...
 
Name generateRsaKeyPair (const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
 Generate a pair of RSA keys for the specified identity. More...
 
Name generateEcdsaKeyPair (const Name &identityName, bool isKsk=false, uint32_t keySize=256)
 Generate a pair of ECDSA keys for the specified identity. More...
 
Name generateRsaKeyPairAsDefault (const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
 Generate a pair of RSA keys for the specified identity and set it as default key for the identity. More...
 
Name generateEcdsaKeyPairAsDefault (const Name &identityName, bool isKsk=false, uint32_t keySize=256)
 Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity. More...
 
shared_ptr< IdentityCertificateprepareUnsignedIdentityCertificate (const Name &keyName, const Name &signingIdentity, const time::system_clock::TimePoint &notBefore, const time::system_clock::TimePoint &notAfter, const std::vector< CertificateSubjectDescription > &subjectDescription, const Name &certPrefix=DEFAULT_PREFIX)
 prepare an unsigned identity certificate More...
 
shared_ptr< IdentityCertificateprepareUnsignedIdentityCertificate (const Name &keyName, const PublicKey &publicKey, const Name &signingIdentity, const time::system_clock::TimePoint &notBefore, const time::system_clock::TimePoint &notAfter, const std::vector< CertificateSubjectDescription > &subjectDescription, const Name &certPrefix=DEFAULT_PREFIX)
 prepare an unsigned identity certificate More...
 
void sign (Data &data, const SigningInfo &params=DEFAULT_SIGNING_INFO)
 Sign data according to the supplied signing information. More...
 
void sign (Interest &interest, const SigningInfo &params=DEFAULT_SIGNING_INFO)
 Sign interest according to the supplied signing information. More...
 
Block sign (const uint8_t *buffer, size_t bufferLength, const SigningInfo &params)
 Sign buffer according to the supplied signing information. More...
 
template<typename T >
void sign (T &packet, const Name &certificateName)
 Sign packet with a particular certificate. More...
 
Signature sign (const uint8_t *buffer, size_t bufferLength, const Name &certificateName)
 Sign the byte array using a particular certificate. More...
 
template<typename T >
void signByIdentity (T &packet, const Name &identityName)
 Sign packet using the default certificate of a particular identity. More...
 
Signature signByIdentity (const uint8_t *buffer, size_t bufferLength, const Name &identityName)
 Sign the byte array using the default certificate of a particular identity. More...
 
void signWithSha256 (Data &data)
 Set Sha256 weak signature for data. More...
 
void signWithSha256 (Interest &interest)
 Set Sha256 weak signature for interest. More...
 
shared_ptr< IdentityCertificateselfSign (const Name &keyName)
 Generate a self-signed certificate for a public key. More...
 
void selfSign (IdentityCertificate &cert)
 Self-sign the supplied identity certificate. More...
 
void deleteCertificate (const Name &certificateName)
 delete a certificate. More...
 
void deleteKey (const Name &keyName)
 delete a key. More...
 
void deleteIdentity (const Name &identity)
 delete an identity. More...
 
shared_ptr< SecuredBagexportIdentity (const Name &identity, const std::string &passwordStr)
 export an identity. More...
 
void importIdentity (const SecuredBag &securedBag, const std::string &passwordStr)
 import an identity. More...
 
SecPublicInfogetPib ()
 
const SecPublicInfogetPib () const
 
SecTpmgetTpm ()
 
const SecTpmgetTpm () const
 
bool doesIdentityExist (const Name &identityName) const
 
void addIdentity (const Name &identityName)
 
bool doesPublicKeyExist (const Name &keyName) const
 
void addPublicKey (const Name &keyName, KeyType keyType, const PublicKey &publicKeyDer)
 
void addKey (const Name &keyName, const PublicKey &publicKeyDer)
 
shared_ptr< PublicKeygetPublicKey (const Name &keyName) const
 
bool doesCertificateExist (const Name &certificateName) const
 
void addCertificate (const IdentityCertificate &certificate)
 
shared_ptr< IdentityCertificategetCertificate (const Name &certificateName) const
 
Name getDefaultIdentity () const
 
Name getDefaultKeyNameForIdentity (const Name &identityName) const
 
const KeyParamsgetDefaultKeyParamsForIdentity (const Name &identityName) const
 Get default key parameters for the specified identity. More...
 
Name getDefaultCertificateNameForKey (const Name &keyName) const
 
void getAllIdentities (std::vector< Name > &nameList, bool isDefault) const
 
void getAllKeyNames (std::vector< Name > &nameList, bool isDefault) const
 
void getAllKeyNamesOfIdentity (const Name &identity, std::vector< Name > &nameList, bool isDefault) const
 
void getAllCertificateNames (std::vector< Name > &nameList, bool isDefault) const
 
void getAllCertificateNamesOfKey (const Name &keyName, std::vector< Name > &nameList, bool isDefault) const
 
void deleteCertificateInfo (const Name &certificateName)
 
void deletePublicKeyInfo (const Name &keyName)
 
void deleteIdentityInfo (const Name &identity)
 
void setDefaultIdentity (const Name &identityName)
 
void setDefaultKeyNameForIdentity (const Name &keyName)
 
void setDefaultCertificateNameForKey (const Name &certificateName)
 
Name getNewKeyName (const Name &identityName, bool useKsk)
 
Name getDefaultCertificateNameForIdentity (const Name &identityName) const
 
Name getDefaultCertificateName () const
 
void addCertificateAsKeyDefault (const IdentityCertificate &certificate)
 
void addCertificateAsIdentityDefault (const IdentityCertificate &certificate)
 
void addCertificateAsSystemDefault (const IdentityCertificate &certificate)
 
shared_ptr< IdentityCertificategetDefaultCertificate () const
 
void refreshDefaultCertificate ()
 
void setTpmPassword (const uint8_t *password, size_t passwordLength)
 
void resetTpmPassword ()
 
void setInTerminal (bool inTerminal)
 
bool getInTerminal () const
 
bool isLocked () const
 
bool unlockTpm (const char *password, size_t passwordLength, bool usePassword)
 
void generateKeyPairInTpm (const Name &keyName, const KeyParams &params)
 
void deleteKeyPairInTpm (const Name &keyName)
 
shared_ptr< PublicKeygetPublicKeyFromTpm (const Name &keyName) const
 
Block signInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, DigestAlgorithm digestAlgorithm)
 
ConstBufferPtr decryptInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)
 
ConstBufferPtr encryptInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)
 
void generateSymmetricKeyInTpm (const Name &keyName, const KeyParams &params)
 
bool doesKeyExistInTpm (const Name &keyName, KeyClass keyClass) const
 
bool generateRandomBlock (uint8_t *res, size_t size) const
 
void addAppToAcl (const Name &keyName, KeyClass keyClass, const std::string &appPath, AclType acl)
 
ConstBufferPtr exportPrivateKeyPkcs5FromTpm (const Name &keyName, const std::string &password)
 
bool importPrivateKeyPkcs5IntoTpm (const Name &keyName, const uint8_t *buf, size_t size, const std::string &password)
 

Static Public Member Functions

template<class PibType >
static void registerPib (std::initializer_list< std::string > aliases)
 Register a new PIB. More...
 
template<class TpmType >
static void registerTpm (std::initializer_list< std::string > aliases)
 Register a new TPM. More...
 
static std::string getDefaultPibLocator ()
 Get default PIB locator. More...
 
static unique_ptr< SecPublicInfocreatePib (const std::string &pibLocator)
 Create a PIB according to pibLocator. More...
 
static std::string getDefaultTpmLocator ()
 Get default TPM locator. More...
 
static unique_ptr< SecTpmcreateTpm (const std::string &tpmLocator)
 Create a TPM according to tpmLocator. More...
 
static tlv::SignatureTypeValue getSignatureType (KeyType keyType, DigestAlgorithm digestAlgorithm)
 

Static Public Attributes

static const Name DEFAULT_PREFIX
 
static const SigningInfo DEFAULT_SIGNING_INFO
 
static const Name DIGEST_SHA256_IDENTITY
 A localhost identity which indicates that signature is generated using SHA-256. More...
 
static const RsaKeyParams DEFAULT_KEY_PARAMS
 

Detailed Description

The packet signing interface.

Definition at line 48 of file key-chain.hpp.

Member Typedef Documentation

§ PibCreateFunc

typedef function<unique_ptr<SecPublicInfo>const std::string&)> ndn::security::KeyChain::PibCreateFunc

Definition at line 75 of file key-chain.hpp.

§ TpmCreateFunc

typedef function<unique_ptr<SecTpm>const std::string&)> ndn::security::KeyChain::TpmCreateFunc

Definition at line 76 of file key-chain.hpp.

§ SignParams

typedef std::map<std::string, Block> ndn::security::KeyChain::SignParams

Definition at line 884 of file key-chain.hpp.

Constructor & Destructor Documentation

§ KeyChain() [1/2]

ndn::security::KeyChain::KeyChain ( )

Constructor to create KeyChain with default PIB and TPM.

Default PIB and TPM are platform-dependent and can be overriden system-wide or on per-use basis.

Todo:
Add detailed description about config file behavior here

Definition at line 121 of file key-chain.cpp.

References ndn::ConfigFile::getParsedConfiguration().

§ KeyChain() [2/2]

ndn::security::KeyChain::KeyChain ( const std::string &  pibLocator,
const std::string &  tpmLocator,
bool  allowReset = false 
)

KeyChain constructor.

See also
http://redmine.named-data.net/issues/2260
Parameters
pibLocatorPIB locator
tpmLocatorTPM locator
allowResetif true, the PIB will be reset when the supplied tpmLocator mismatches the one in PIB

Definition at line 135 of file key-chain.cpp.

§ ~KeyChain()

ndn::security::KeyChain::~KeyChain ( )
virtual

Definition at line 145 of file key-chain.cpp.

Member Function Documentation

§ registerPib()

template<class PibType >
void ndn::security::KeyChain::registerPib ( std::initializer_list< std::string >  aliases)
inlinestatic

Register a new PIB.

Parameters
aliasesList of schemes with which this PIB will be associated. The first alias in the list is considered a canonical name of the PIB instance.

Definition at line 920 of file key-chain.hpp.

§ registerTpm()

template<class TpmType >
void ndn::security::KeyChain::registerTpm ( std::initializer_list< std::string >  aliases)
inlinestatic

Register a new TPM.

Parameters
aliasesList of schemes with which this TPM will be associated The first alias in the list is considered a canonical name of the TPM instance.

Definition at line 929 of file key-chain.hpp.

§ getDefaultPibLocator()

std::string ndn::security::KeyChain::getDefaultPibLocator ( )
static

Get default PIB locator.

Definition at line 163 of file key-chain.cpp.

§ createPib()

unique_ptr< SecPublicInfo > ndn::security::KeyChain::createPib ( const std::string &  pibLocator)
static

Create a PIB according to pibLocator.

Definition at line 189 of file key-chain.cpp.

References ndn::security::getCanonicalPibLocator(), and ndn::security::getPibFactories().

Referenced by createTpm().

§ getDefaultTpmLocator()

std::string ndn::security::KeyChain::getDefaultTpmLocator ( )
static

Get default TPM locator.

Definition at line 201 of file key-chain.cpp.

§ createTpm()

unique_ptr< SecTpm > ndn::security::KeyChain::createTpm ( const std::string &  tpmLocator)
static

Create a TPM according to tpmLocator.

Definition at line 226 of file key-chain.cpp.

References createPib(), ndn::security::getCanonicalPibLocator(), ndn::security::getCanonicalTpmLocator(), and ndn::security::getTpmFactories().

§ createIdentity()

Name ndn::security::KeyChain::createIdentity ( const Name identityName,
const KeyParams params = DEFAULT_KEY_PARAMS 
)

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.

Parameters
identityNameThe name of the identity.
paramsThe key parameter if a key needs to be generated for the identity.
Returns
The name of the default certificate of the identity.

Definition at line 275 of file key-chain.cpp.

References ndn::KeyParams::getKeyType(), and selfSign().

Referenced by getDefaultKeyParamsForIdentity(), and prepareUnsignedIdentityCertificate().

§ generateRsaKeyPair()

Name ndn::security::KeyChain::generateRsaKeyPair ( const Name identityName,
bool  isKsk = false,
uint32_t  keySize = 2048 
)

Generate a pair of RSA keys for the specified identity.

Parameters
identityNameThe name of the identity.
isKsktrue for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySizeThe size of the key.
Returns
The generated key name.
See also
generateEcdsaKeyPair

Definition at line 309 of file key-chain.cpp.

§ generateEcdsaKeyPair()

Name ndn::security::KeyChain::generateEcdsaKeyPair ( const Name identityName,
bool  isKsk = false,
uint32_t  keySize = 256 
)

Generate a pair of ECDSA keys for the specified identity.

Parameters
identityNameThe name of the identity.
isKsktrue for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySizeThe size of the key.
Returns
The generated key name.
See also
generateRsaKeyPair

Definition at line 316 of file key-chain.cpp.

§ generateRsaKeyPairAsDefault()

Name ndn::security::KeyChain::generateRsaKeyPairAsDefault ( const Name identityName,
bool  isKsk = false,
uint32_t  keySize = 2048 
)

Generate a pair of RSA keys for the specified identity and set it as default key for the identity.

Parameters
identityNameThe name of the identity.
isKsktrue for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySizeThe size of the key.
Returns
The generated key name.
See also
generateRsaKeyPair, generateEcdsaKeyPair, generateEcdsaKeyPairAsDefault

Definition at line 323 of file key-chain.cpp.

§ generateEcdsaKeyPairAsDefault()

Name ndn::security::KeyChain::generateEcdsaKeyPairAsDefault ( const Name identityName,
bool  isKsk = false,
uint32_t  keySize = 256 
)

Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity.

Parameters
identityNameThe name of the identity.
isKsktrue for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySizeThe size of the key.
Returns
The generated key name.
See also
generateRsaKeyPair, generateEcdsaKeyPair, generateRsaKeyPairAsDefault

Definition at line 335 of file key-chain.cpp.

§ prepareUnsignedIdentityCertificate() [1/2]

shared_ptr< IdentityCertificate > ndn::security::KeyChain::prepareUnsignedIdentityCertificate ( const Name keyName,
const Name signingIdentity,
const time::system_clock::TimePoint notBefore,
const time::system_clock::TimePoint notAfter,
const std::vector< CertificateSubjectDescription > &  subjectDescription,
const Name certPrefix = DEFAULT_PREFIX 
)

prepare an unsigned identity certificate

Parameters
keyNameKey name, e.g., /<identity_name>/ksk-123456.
signingIdentityThe signing identity.
notBeforeRefer to IdentityCertificate.
notAfterRefer to IdentityCertificate.
subjectDescriptionRefer to IdentityCertificate.
certPrefixPrefix before KEY component. By default, KeyChain will infer the certificate name according to the relation between the signingIdentity and the subject identity. If signingIdentity is a prefix of the subject identity, KEY will be inserted after the signingIdentity, otherwise KEY is inserted after subject identity (i.e., before ksk-....).
Returns
IdentityCertificate.

Definition at line 348 of file key-chain.cpp.

§ prepareUnsignedIdentityCertificate() [2/2]

shared_ptr< IdentityCertificate > ndn::security::KeyChain::prepareUnsignedIdentityCertificate ( const Name keyName,
const PublicKey publicKey,
const Name signingIdentity,
const time::system_clock::TimePoint notBefore,
const time::system_clock::TimePoint notAfter,
const std::vector< CertificateSubjectDescription > &  subjectDescription,
const Name certPrefix = DEFAULT_PREFIX 
)

prepare an unsigned identity certificate

Parameters
keyNameKey name, e.g., /<identity_name>/ksk-123456.
publicKeyPublic key to sign.
signingIdentityThe signing identity.
notBeforeRefer to IdentityCertificate.
notAfterRefer to IdentityCertificate.
subjectDescriptionRefer to IdentityCertificate.
certPrefixPrefix before KEY component. By default, KeyChain will infer the certificate name according to the relation between the signingIdentity and the subject identity. If signingIdentity is a prefix of the subject identity, KEY will be inserted after the signingIdentity, otherwise KEY is inserted after subject identity (i.e., before ksk-....).
Returns
IdentityCertificate.

Definition at line 369 of file key-chain.cpp.

References ndn::Name::append(), ndn::Name::appendVersion(), ndn::oid::ATTRIBUTE_NAME, createIdentity(), DEFAULT_PREFIX, DIGEST_SHA256_IDENTITY, ndn::tlv::DigestSha256, ndn::Name::get(), getDefaultKeyParamsForIdentity(), ndn::security::SigningInfo::getDigestAlgorithm(), ndn::Name::getPrefix(), ndn::security::SigningInfo::getSignatureInfo(), getSignatureType(), ndn::security::SigningInfo::getSignerName(), ndn::security::SigningInfo::getSignerType(), ndn::Name::getSubName(), ndn::Name::isPrefixOf(), ndn::tlv::KeyLocator, ndn::SignatureInfo::setKeyLocator(), ndn::SignatureInfo::setSignatureType(), ndn::security::SigningInfo::SIGNER_TYPE_CERT, ndn::security::SigningInfo::SIGNER_TYPE_ID, ndn::security::SigningInfo::SIGNER_TYPE_KEY, ndn::security::SigningInfo::SIGNER_TYPE_NULL, ndn::security::SigningInfo::SIGNER_TYPE_SHA256, ndn::Name::size(), ndn::name::Component::toUri(), and ndn::Name::toUri().

§ sign() [1/5]

void ndn::security::KeyChain::sign ( Data data,
const SigningInfo params = DEFAULT_SIGNING_INFO 
)

Sign data according to the supplied signing information.

This method uses the supplied signing information params to create the SignatureInfo block:

  • it selects a private key and its certificate to sign the packet
  • sets the KeyLocator field with the certificate name, and
  • adds other requested information to the SignatureInfo block).

After that, the method assigns the created SignatureInfo to the data packets, generate a signature and sets as part of the SignatureValue block.

Parameters
dataThe data to sign
paramsThe signing parameters.
Exceptions
Errorif signing fails.
See also
SigningInfo

Definition at line 501 of file key-chain.cpp.

Referenced by ndn::nfd::Controller::Controller(), ndn::util::DummyClientFace::DummyClientFace(), ndn::CommandInterestGenerator::generate(), ndn::CommandInterestGenerator::generateWithIdentity(), ndn::util::NotificationStream< Notification >::postNotification(), nfd::SegmentPublisher< ndn::Face >::publish(), ndn::mgmt::Dispatcher::removeTopPrefix(), nfd::rib::RibManager::setConfigFile(), signByIdentity(), and signWithSha256().

§ sign() [2/5]

void ndn::security::KeyChain::sign ( Interest interest,
const SigningInfo params = DEFAULT_SIGNING_INFO 
)

Sign interest according to the supplied signing information.

This method uses the supplied signing information params to create the SignatureInfo block:

  • it selects a private key and its certificate to sign the packet
  • sets the KeyLocator field with the certificate name, and
  • adds other requested information to the SignatureInfo block).

After that, the method appends the created SignatureInfo to the interest name, generate a signature and appends it as part of the SignatureValue block to the interest name.

Parameters
interestThe interest to sign
paramsThe signing parameters.
Exceptions
Errorif signing fails.
See also
SigningInfo

Definition at line 507 of file key-chain.cpp.

§ sign() [3/5]

Block ndn::security::KeyChain::sign ( const uint8_t *  buffer,
size_t  bufferLength,
const SigningInfo params 
)

Sign buffer according to the supplied signing information.

Parameters
bufferThe buffer to sign
bufferLengthThe buffer size
paramsThe signing parameters.
Returns
a SignatureValue TLV block
Exceptions
Errorif signing fails.
See also
SigningInfo

Definition at line 513 of file key-chain.cpp.

References ndn::DIGEST_ALGORITHM_SHA256.

§ sign() [4/5]

template<typename T >
void ndn::security::KeyChain::sign ( T &  packet,
const Name certificateName 
)

Sign packet with a particular certificate.

Deprecated:
use sign sign(T&, const SigningInfo&)
Parameters
packetThe packet to be signed.
certificateNameThe certificate name of the key to use for signing.
Exceptions
SecPublicInfo::Errorif certificate does not exist.

Definition at line 906 of file key-chain.hpp.

References ndn::security::SigningInfo::SIGNER_TYPE_CERT.

§ sign() [5/5]

Signature ndn::security::KeyChain::sign ( const uint8_t *  buffer,
size_t  bufferLength,
const Name certificateName 
)

Sign the byte array using a particular certificate.

Deprecated:
Use sign(const uint8_t*, size_t, const SigningInfo&) instead
Parameters
bufferThe byte array to be signed.
bufferLengththe length of buffer.
certificateNameThe certificate name of the signing key.
Returns
The Signature.
Exceptions
SecPublicInfo::Errorif certificate does not exist.

Definition at line 522 of file key-chain.cpp.

References ndn::DIGEST_ALGORITHM_SHA256, and ndn::Signature::setValue().

§ signByIdentity() [1/2]

template<typename T >
void ndn::security::KeyChain::signByIdentity ( T &  packet,
const Name identityName 
)

Sign packet using the default certificate of a particular identity.

Deprecated:
use sign sign(T&, const SigningInfo&)

If there is no default certificate of that identity, this method will create a self-signed certificate.

Parameters
packetThe packet to be signed.
identityNameThe signing identity name.

Definition at line 913 of file key-chain.hpp.

References ndn::security::SigningInfo::SIGNER_TYPE_ID.

§ signByIdentity() [2/2]

Signature ndn::security::KeyChain::signByIdentity ( const uint8_t *  buffer,
size_t  bufferLength,
const Name identityName 
)

Sign the byte array using the default certificate of a particular identity.

Deprecated:
use sign(const uint8_t*, size_t, const SigningInfo&) instead
Parameters
bufferThe byte array to be signed.
bufferLengththe length of buffer.
identityNameThe identity name.
Returns
The Signature.

Definition at line 751 of file key-chain.cpp.

References ndn::Signature::setValue(), sign(), and ndn::security::signingByIdentity().

§ signWithSha256() [1/2]

void ndn::security::KeyChain::signWithSha256 ( Data data)

Set Sha256 weak signature for data.

Deprecated:
use sign(Data&, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256))

Definition at line 759 of file key-chain.cpp.

References sign(), and ndn::security::signingWithSha256().

§ signWithSha256() [2/2]

void ndn::security::KeyChain::signWithSha256 ( Interest interest)

§ selfSign() [1/2]

shared_ptr< IdentityCertificate > ndn::security::KeyChain::selfSign ( const Name keyName)

Generate a self-signed certificate for a public key.

Parameters
keyNameThe name of the public key
Returns
The generated certificate, shared_ptr<IdentityCertificate>() if selfSign fails

Definition at line 541 of file key-chain.cpp.

References ndn::Name::append(), ndn::Name::appendVersion(), ndn::oid::ATTRIBUTE_NAME, ndn::Name::get(), ndn::Name::getPrefix(), ndn::time::system_clock::now(), ndn::tlv::SignatureInfo, and ndn::Name::toUri().

Referenced by createIdentity(), and exportIdentity().

§ selfSign() [2/2]

§ deleteCertificate()

void ndn::security::KeyChain::deleteCertificate ( const Name certificateName)

delete a certificate.

Parameters
certificateNameThe certificate to be deleted.
Exceptions
KeyChain::Errorif certificate cannot be deleted.

Definition at line 789 of file key-chain.cpp.

§ deleteKey()

void ndn::security::KeyChain::deleteKey ( const Name keyName)

delete a key.

Parameters
keyNameThe key to be deleted.
Exceptions
KeyChain::Errorif key cannot be deleted.

Definition at line 795 of file key-chain.cpp.

§ deleteIdentity()

void ndn::security::KeyChain::deleteIdentity ( const Name identity)

delete an identity.

Parameters
identityThe identity to be deleted.
Exceptions
KeyChain::Errorif identity cannot be deleted.

Definition at line 802 of file key-chain.cpp.

§ exportIdentity()

shared_ptr< SecuredBag > ndn::security::KeyChain::exportIdentity ( const Name identity,
const std::string &  passwordStr 
)

export an identity.

Parameters
identityThe identity to export.
passwordStrThe password to secure the private key.
Returns
The encoded export data.
Exceptions
SecPublicInfo::Errorif anything goes wrong in exporting.

Definition at line 586 of file key-chain.cpp.

References selfSign().

§ importIdentity()

void ndn::security::KeyChain::importIdentity ( const SecuredBag securedBag,
const std::string &  passwordStr 
)

import an identity.

Parameters
securedBagThe encoded import data.
passwordStrThe password to secure the private key.

Definition at line 615 of file key-chain.cpp.

References ndn::IdentityCertificate::certificateNameToPublicKeyName(), ndn::SecuredBag::getCertificate(), ndn::SecuredBag::getKey(), ndn::Data::getName(), ndn::Name::getPrefix(), and ndn::Name::toUri().

§ getPib() [1/2]

SecPublicInfo& ndn::security::KeyChain::getPib ( )
inline

Definition at line 438 of file key-chain.hpp.

§ getPib() [2/2]

const SecPublicInfo& ndn::security::KeyChain::getPib ( ) const
inline

Definition at line 444 of file key-chain.hpp.

§ getTpm() [1/2]

SecTpm& ndn::security::KeyChain::getTpm ( )
inline

Definition at line 450 of file key-chain.hpp.

§ getTpm() [2/2]

const SecTpm& ndn::security::KeyChain::getTpm ( ) const
inline

Definition at line 456 of file key-chain.hpp.

§ doesIdentityExist()

bool ndn::security::KeyChain::doesIdentityExist ( const Name identityName) const
inline

Definition at line 465 of file key-chain.hpp.

§ addIdentity()

void ndn::security::KeyChain::addIdentity ( const Name identityName)
inline

Definition at line 471 of file key-chain.hpp.

§ doesPublicKeyExist()

bool ndn::security::KeyChain::doesPublicKeyExist ( const Name keyName) const
inline

Definition at line 477 of file key-chain.hpp.

§ addPublicKey()

void ndn::security::KeyChain::addPublicKey ( const Name keyName,
KeyType  keyType,
const PublicKey publicKeyDer 
)
inline

Definition at line 483 of file key-chain.hpp.

§ addKey()

void ndn::security::KeyChain::addKey ( const Name keyName,
const PublicKey publicKeyDer 
)
inline

Definition at line 489 of file key-chain.hpp.

§ getPublicKey()

shared_ptr<PublicKey> ndn::security::KeyChain::getPublicKey ( const Name keyName) const
inline

Definition at line 495 of file key-chain.hpp.

§ doesCertificateExist()

bool ndn::security::KeyChain::doesCertificateExist ( const Name certificateName) const
inline

Definition at line 501 of file key-chain.hpp.

§ addCertificate()

void ndn::security::KeyChain::addCertificate ( const IdentityCertificate certificate)
inline

Definition at line 507 of file key-chain.hpp.

§ getCertificate()

shared_ptr<IdentityCertificate> ndn::security::KeyChain::getCertificate ( const Name certificateName) const
inline

Definition at line 513 of file key-chain.hpp.

§ getDefaultIdentity()

Name ndn::security::KeyChain::getDefaultIdentity ( ) const
inline

Definition at line 519 of file key-chain.hpp.

Referenced by nfd::rib::AutoPrefixPropagator::disable().

§ getDefaultKeyNameForIdentity()

Name ndn::security::KeyChain::getDefaultKeyNameForIdentity ( const Name identityName) const
inline

Definition at line 525 of file key-chain.hpp.

References getDefaultKeyParamsForIdentity().

§ getDefaultKeyParamsForIdentity()

const KeyParams & ndn::security::KeyChain::getDefaultKeyParamsForIdentity ( const Name identityName) const

§ getDefaultCertificateNameForKey()

Name ndn::security::KeyChain::getDefaultCertificateNameForKey ( const Name keyName) const
inline

Definition at line 541 of file key-chain.hpp.

§ getAllIdentities()

void ndn::security::KeyChain::getAllIdentities ( std::vector< Name > &  nameList,
bool  isDefault 
) const
inline

Definition at line 547 of file key-chain.hpp.

Referenced by nfd::rib::AutoPrefixPropagator::disable().

§ getAllKeyNames()

void ndn::security::KeyChain::getAllKeyNames ( std::vector< Name > &  nameList,
bool  isDefault 
) const
inline

Definition at line 553 of file key-chain.hpp.

§ getAllKeyNamesOfIdentity()

void ndn::security::KeyChain::getAllKeyNamesOfIdentity ( const Name identity,
std::vector< Name > &  nameList,
bool  isDefault 
) const
inline

Definition at line 559 of file key-chain.hpp.

§ getAllCertificateNames()

void ndn::security::KeyChain::getAllCertificateNames ( std::vector< Name > &  nameList,
bool  isDefault 
) const
inline

Definition at line 565 of file key-chain.hpp.

§ getAllCertificateNamesOfKey()

void ndn::security::KeyChain::getAllCertificateNamesOfKey ( const Name keyName,
std::vector< Name > &  nameList,
bool  isDefault 
) const
inline

Definition at line 571 of file key-chain.hpp.

§ deleteCertificateInfo()

void ndn::security::KeyChain::deleteCertificateInfo ( const Name certificateName)
inline

Definition at line 579 of file key-chain.hpp.

§ deletePublicKeyInfo()

void ndn::security::KeyChain::deletePublicKeyInfo ( const Name keyName)
inline

Definition at line 585 of file key-chain.hpp.

§ deleteIdentityInfo()

void ndn::security::KeyChain::deleteIdentityInfo ( const Name identity)
inline

Definition at line 591 of file key-chain.hpp.

§ setDefaultIdentity()

void ndn::security::KeyChain::setDefaultIdentity ( const Name identityName)
inline

Definition at line 597 of file key-chain.hpp.

§ setDefaultKeyNameForIdentity()

void ndn::security::KeyChain::setDefaultKeyNameForIdentity ( const Name keyName)
inline

Definition at line 603 of file key-chain.hpp.

§ setDefaultCertificateNameForKey()

void ndn::security::KeyChain::setDefaultCertificateNameForKey ( const Name certificateName)
inline

Definition at line 609 of file key-chain.hpp.

§ getNewKeyName()

Name ndn::security::KeyChain::getNewKeyName ( const Name identityName,
bool  useKsk 
)
inline

Definition at line 615 of file key-chain.hpp.

§ getDefaultCertificateNameForIdentity()

Name ndn::security::KeyChain::getDefaultCertificateNameForIdentity ( const Name identityName) const
inline

Definition at line 621 of file key-chain.hpp.

§ getDefaultCertificateName()

Name ndn::security::KeyChain::getDefaultCertificateName ( ) const
inline

Definition at line 627 of file key-chain.hpp.

§ addCertificateAsKeyDefault()

void ndn::security::KeyChain::addCertificateAsKeyDefault ( const IdentityCertificate certificate)
inline

Definition at line 633 of file key-chain.hpp.

§ addCertificateAsIdentityDefault()

void ndn::security::KeyChain::addCertificateAsIdentityDefault ( const IdentityCertificate certificate)
inline

Definition at line 639 of file key-chain.hpp.

§ addCertificateAsSystemDefault()

void ndn::security::KeyChain::addCertificateAsSystemDefault ( const IdentityCertificate certificate)
inline

Definition at line 645 of file key-chain.hpp.

§ getDefaultCertificate()

shared_ptr<IdentityCertificate> ndn::security::KeyChain::getDefaultCertificate ( ) const
inline

Definition at line 651 of file key-chain.hpp.

References getDefaultCertificate().

Referenced by getDefaultCertificate().

§ refreshDefaultCertificate()

void ndn::security::KeyChain::refreshDefaultCertificate ( )
inline

Definition at line 660 of file key-chain.hpp.

§ setTpmPassword()

void ndn::security::KeyChain::setTpmPassword ( const uint8_t *  password,
size_t  passwordLength 
)
inline

Definition at line 670 of file key-chain.hpp.

§ resetTpmPassword()

void ndn::security::KeyChain::resetTpmPassword ( )
inline

Definition at line 676 of file key-chain.hpp.

§ setInTerminal()

void ndn::security::KeyChain::setInTerminal ( bool  inTerminal)
inline

Definition at line 682 of file key-chain.hpp.

§ getInTerminal()

bool ndn::security::KeyChain::getInTerminal ( ) const
inline

Definition at line 688 of file key-chain.hpp.

§ isLocked()

bool ndn::security::KeyChain::isLocked ( ) const
inline

Definition at line 694 of file key-chain.hpp.

§ unlockTpm()

bool ndn::security::KeyChain::unlockTpm ( const char *  password,
size_t  passwordLength,
bool  usePassword 
)
inline

Definition at line 700 of file key-chain.hpp.

§ generateKeyPairInTpm()

void ndn::security::KeyChain::generateKeyPairInTpm ( const Name keyName,
const KeyParams params 
)
inline

Definition at line 706 of file key-chain.hpp.

§ deleteKeyPairInTpm()

void ndn::security::KeyChain::deleteKeyPairInTpm ( const Name keyName)
inline

Definition at line 712 of file key-chain.hpp.

§ getPublicKeyFromTpm()

shared_ptr<PublicKey> ndn::security::KeyChain::getPublicKeyFromTpm ( const Name keyName) const
inline

Definition at line 718 of file key-chain.hpp.

§ signInTpm()

Block ndn::security::KeyChain::signInTpm ( const uint8_t *  data,
size_t  dataLength,
const Name keyName,
DigestAlgorithm  digestAlgorithm 
)
inline

Definition at line 724 of file key-chain.hpp.

§ decryptInTpm()

ConstBufferPtr ndn::security::KeyChain::decryptInTpm ( const uint8_t *  data,
size_t  dataLength,
const Name keyName,
bool  isSymmetric 
)
inline

Definition at line 732 of file key-chain.hpp.

§ encryptInTpm()

ConstBufferPtr ndn::security::KeyChain::encryptInTpm ( const uint8_t *  data,
size_t  dataLength,
const Name keyName,
bool  isSymmetric 
)
inline

Definition at line 738 of file key-chain.hpp.

§ generateSymmetricKeyInTpm()

void ndn::security::KeyChain::generateSymmetricKeyInTpm ( const Name keyName,
const KeyParams params 
)
inline

Definition at line 744 of file key-chain.hpp.

§ doesKeyExistInTpm()

bool ndn::security::KeyChain::doesKeyExistInTpm ( const Name keyName,
KeyClass  keyClass 
) const
inline

Definition at line 750 of file key-chain.hpp.

§ generateRandomBlock()

bool ndn::security::KeyChain::generateRandomBlock ( uint8_t *  res,
size_t  size 
) const
inline

Definition at line 756 of file key-chain.hpp.

§ addAppToAcl()

void ndn::security::KeyChain::addAppToAcl ( const Name keyName,
KeyClass  keyClass,
const std::string &  appPath,
AclType  acl 
)
inline

Definition at line 762 of file key-chain.hpp.

§ exportPrivateKeyPkcs5FromTpm()

ConstBufferPtr ndn::security::KeyChain::exportPrivateKeyPkcs5FromTpm ( const Name keyName,
const std::string &  password 
)
inline

Definition at line 768 of file key-chain.hpp.

§ importPrivateKeyPkcs5IntoTpm()

bool ndn::security::KeyChain::importPrivateKeyPkcs5IntoTpm ( const Name keyName,
const uint8_t *  buf,
size_t  size,
const std::string &  password 
)
inline

Definition at line 774 of file key-chain.hpp.

References DEFAULT_KEY_PARAMS, and getSignatureType().

§ getSignatureType()

tlv::SignatureTypeValue ndn::security::KeyChain::getSignatureType ( KeyType  keyType,
DigestAlgorithm  digestAlgorithm 
)
static

Member Data Documentation

§ DEFAULT_PREFIX

const Name ndn::security::KeyChain::DEFAULT_PREFIX
static

Definition at line 872 of file key-chain.hpp.

Referenced by prepareUnsignedIdentityCertificate().

§ DEFAULT_SIGNING_INFO

const SigningInfo ndn::security::KeyChain::DEFAULT_SIGNING_INFO
static

Definition at line 873 of file key-chain.hpp.

§ DIGEST_SHA256_IDENTITY

const Name ndn::security::KeyChain::DIGEST_SHA256_IDENTITY
static

A localhost identity which indicates that signature is generated using SHA-256.

Todo:
Passing this as identity is not implemented.

Definition at line 879 of file key-chain.hpp.

Referenced by getDefaultKeyParamsForIdentity(), ndn::security::operator<<(), prepareUnsignedIdentityCertificate(), and ndn::security::SigningInfo::SigningInfo().

§ DEFAULT_KEY_PARAMS

const RsaKeyParams ndn::security::KeyChain::DEFAULT_KEY_PARAMS
static

Definition at line 882 of file key-chain.hpp.

Referenced by getDefaultKeyParamsForIdentity(), and importPrivateKeyPkcs5IntoTpm().


The documentation for this class was generated from the following files: