24 #ifndef NDN_SECURITY_KEY_CHAIN_HPP 25 #define NDN_SECURITY_KEY_CHAIN_HPP 36 #include "../interest.hpp" 37 #include "../util/crypto.hpp" 38 #include "../util/random.hpp" 39 #include <initializer_list> 51 class Error :
public std::runtime_error
56 :
std::runtime_error(what)
75 typedef function<unique_ptr<SecPublicInfo> (
const std::string&)>
PibCreateFunc;
83 template<
class PibType>
85 registerPib(std::initializer_list<std::string> aliases);
92 template<
class TpmType>
94 registerTpm(std::initializer_list<std::string> aliases);
105 static unique_ptr<SecPublicInfo>
106 createPib(
const std::string& pibLocator);
117 static unique_ptr<SecTpm>
118 createTpm(
const std::string& tpmLocator);
140 KeyChain(
const std::string& pibLocator,
141 const std::string& tpmLocator,
142 bool allowReset =
false);
223 shared_ptr<IdentityCertificate>
225 const Name& signingIdentity,
228 const std::vector<CertificateSubjectDescription>& subjectDescription,
247 shared_ptr<IdentityCertificate>
250 const Name& signingIdentity,
253 const std::vector<CertificateSubjectDescription>& subjectDescription,
305 sign(
const uint8_t* buffer,
size_t bufferLength,
const SigningInfo& params);
317 sign(T& packet,
const Name& certificateName);
330 sign(
const uint8_t* buffer,
size_t bufferLength,
const Name& certificateName);
378 shared_ptr<IdentityCertificate>
425 shared_ptr<SecuredBag>
467 return m_pib->doesIdentityExist(identityName);
473 return m_pib->addIdentity(identityName);
479 return m_pib->doesPublicKeyExist(keyName);
485 return m_pib->addKey(keyName, publicKeyDer);
491 return m_pib->addKey(keyName, publicKeyDer);
494 shared_ptr<PublicKey>
497 return m_pib->getPublicKey(keyName);
503 return m_pib->doesCertificateExist(certificateName);
509 return m_pib->addCertificate(certificate);
512 shared_ptr<IdentityCertificate>
515 return m_pib->getCertificate(certificateName);
521 return m_pib->getDefaultIdentity();
527 return m_pib->getDefaultKeyNameForIdentity(identityName);
543 return m_pib->getDefaultCertificateNameForKey(keyName);
549 return m_pib->getAllIdentities(nameList, isDefault);
555 return m_pib->getAllKeyNames(nameList, isDefault);
561 return m_pib->getAllKeyNamesOfIdentity(identity, nameList, isDefault);
567 return m_pib->getAllCertificateNames(nameList, isDefault);
572 std::vector<Name>& nameList,
573 bool isDefault)
const 575 return m_pib->getAllCertificateNamesOfKey(keyName, nameList, isDefault);
581 return m_pib->deleteCertificateInfo(certificateName);
587 return m_pib->deletePublicKeyInfo(keyName);
593 return m_pib->deleteIdentityInfo(identity);
599 return m_pib->setDefaultIdentity(identityName);
605 return m_pib->setDefaultKeyNameForIdentity(keyName);
611 return m_pib->setDefaultCertificateNameForKey(certificateName);
617 return m_pib->getNewKeyName(identityName, useKsk);
623 return m_pib->getDefaultCertificateNameForIdentity(identityName);
629 return m_pib->getDefaultCertificateName();
635 return m_pib->addCertificateAsKeyDefault(certificate);
641 return m_pib->addCertificateAsIdentityDefault(certificate);
647 return m_pib->addCertificateAsSystemDefault(certificate);
650 shared_ptr<IdentityCertificate>
653 if (!static_cast<bool>(m_pib->getDefaultCertificate()))
654 const_cast<KeyChain*
>(
this)->setDefaultCertificateInternal();
662 return m_pib->refreshDefaultCertificate();
672 return m_tpm->setTpmPassword(password, passwordLength);
678 return m_tpm->resetTpmPassword();
684 return m_tpm->setInTerminal(inTerminal);
690 return m_tpm->getInTerminal();
696 return m_tpm->isLocked();
700 unlockTpm(
const char* password,
size_t passwordLength,
bool usePassword)
702 return m_tpm->unlockTpm(password, passwordLength, usePassword);
708 return m_tpm->generateKeyPairInTpm(keyName, params);
714 return m_tpm->deleteKeyPairInTpm(keyName);
717 shared_ptr<PublicKey>
720 return m_tpm->getPublicKeyFromTpm(keyName);
728 return m_tpm->signInTpm(data, dataLength, keyName, digestAlgorithm);
732 decryptInTpm(
const uint8_t* data,
size_t dataLength,
const Name& keyName,
bool isSymmetric)
734 return m_tpm->decryptInTpm(data, dataLength, keyName, isSymmetric);
738 encryptInTpm(
const uint8_t* data,
size_t dataLength,
const Name& keyName,
bool isSymmetric)
740 return m_tpm->encryptInTpm(data, dataLength, keyName, isSymmetric);
746 return m_tpm->generateSymmetricKeyInTpm(keyName, params);
752 return m_tpm->doesKeyExistInTpm(keyName, keyClass);
758 return m_tpm->generateRandomBlock(res, size);
764 return m_tpm->addAppToAcl(keyName, keyClass, appPath, acl);
770 return m_tpm->exportPrivateKeyPkcs5FromTpm(keyName, password);
775 const uint8_t* buf,
size_t size,
776 const std::string& password)
778 return m_tpm->importPrivateKeyPkcs5IntoTpm(keyName, buf, size, password);
783 initialize(
const std::string& pibLocatorUri,
784 const std::string& tpmLocatorUri,
794 std::tuple<Name, SignatureInfo>
812 setDefaultCertificateInternal();
823 generateKeyPair(
const Name& identityName,
bool isKsk =
false,
857 pureSign(
const uint8_t* buf,
size_t size,
const Name& keyName,
DigestAlgorithm digestAlgorithm)
const;
860 registerPibImpl(
const std::string& canonicalName,
861 std::initializer_list<std::string> aliases,
PibCreateFunc createFunc);
864 registerTpmImpl(
const std::string& canonicalName,
865 std::initializer_list<std::string> aliases,
TpmCreateFunc createFunc);
887 std::unique_ptr<SecPublicInfo> m_pib;
888 std::unique_ptr<SecTpm> m_tpm;
889 time::milliseconds m_lastTimestamp;
894 KeyChain::signImpl(T& packet,
const SigningInfo& params)
898 std::tie(keyName, sigInfo) = prepareSignatureInfo(params);
900 signPacketWrapper(packet,
Signature(sigInfo),
918 template<
class PibType>
922 registerPibImpl(*aliases.begin(), aliases, [] (
const std::string& locator) {
923 return make_unique<PibType>(locator);
927 template<
class TpmType>
931 registerTpmImpl(*aliases.begin(), aliases, [] (
const std::string& locator) {
932 return make_unique<TpmType>(locator);
942 #define NDN_CXX_KEYCHAIN_REGISTER_PIB(PibType, ...) \ 943 static class NdnCxxAuto ## PibType ## PibRegistrationClass \ 946 NdnCxxAuto ## PibType ## PibRegistrationClass() \ 948 ::ndn::KeyChain::registerPib<PibType>({__VA_ARGS__}); \ 950 } ndnCxxAuto ## PibType ## PibRegistrationVariable 958 #define NDN_CXX_KEYCHAIN_REGISTER_TPM(TpmType, ...) \ 959 static class NdnCxxAuto ## TpmType ## TpmRegistrationClass \ 962 NdnCxxAuto ## TpmType ## TpmRegistrationClass() \ 964 ::ndn::KeyChain::registerTpm<TpmType>({__VA_ARGS__}); \ 966 } ndnCxxAuto ## TpmType ## TpmRegistrationVariable 970 using security::KeyChain;
974 #endif // NDN_SECURITY_KEY_CHAIN_HPP static const RsaKeyParams DEFAULT_KEY_PARAMS
const SecPublicInfo & getPib() const
Name getNewKeyName(const Name &identityName, bool useKsk)
bool unlockTpm(const char *password, size_t passwordLength, bool usePassword)
const SecTpm & getTpm() const
shared_ptr< IdentityCertificate > prepareUnsignedIdentityCertificate(const Name &keyName, const Name &signingIdentity, const time::system_clock::TimePoint ¬Before, const time::system_clock::TimePoint ¬After, const std::vector< CertificateSubjectDescription > &subjectDescription, const Name &certPrefix=DEFAULT_PREFIX)
prepare an unsigned identity certificate
MismatchError(const std::string &what)
Copyright (c) 2011-2015 Regents of the University of California.
function< unique_ptr< SecPublicInfo >const std::string &)> PibCreateFunc
bool doesCertificateExist(const Name &certificateName) const
Name getDefaultCertificateName() const
bool doesIdentityExist(const Name &identityName) const
void getAllIdentities(std::vector< Name > &nameList, bool isDefault) const
void addIdentity(const Name &identityName)
void importIdentity(const SecuredBag &securedBag, const std::string &passwordStr)
import an identity.
void setDefaultIdentity(const Name &identityName)
static unique_ptr< SecPublicInfo > createPib(const std::string &pibLocator)
Create a PIB according to pibLocator.
Name getDefaultCertificateNameForIdentity(const Name &identityName) const
DigestAlgorithm getDigestAlgorithm() const
void addCertificateAsKeyDefault(const IdentityCertificate &certificate)
shared_ptr< PublicKey > getPublicKey(const Name &keyName) const
The packet signing interface.
void signByIdentity(T &packet, const Name &identityName)
Sign packet using the default certificate of a particular identity.
void generateSymmetricKeyInTpm(const Name &keyName, const KeyParams ¶ms)
bool doesKeyExistInTpm(const Name &keyName, KeyClass keyClass) const
ConstBufferPtr encryptInTpm(const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)
Error thrown when the supplied TPM locator to KeyChain constructor does not match the locator stored ...
Class representing a wire element of NDN-TLV packet format.
represents an Interest packet
void deleteKeyPairInTpm(const Name &keyName)
void sign(Data &data, const SigningInfo ¶ms=DEFAULT_SIGNING_INFO)
Sign data according to the supplied signing information.
void setTpmPassword(const uint8_t *password, size_t passwordLength)
Signing parameters passed to KeyChain.
shared_ptr< SecuredBag > exportIdentity(const Name &identity, const std::string &passwordStr)
export an identity.
void getAllCertificateNames(std::vector< Name > &nameList, bool isDefault) const
void addCertificateAsSystemDefault(const IdentityCertificate &certificate)
static void registerPib(std::initializer_list< std::string > aliases)
Register a new PIB.
Name generateEcdsaKeyPairAsDefault(const Name &identityName, bool isKsk=false, uint32_t keySize=256)
Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity...
bool doesPublicKeyExist(const Name &keyName) const
static const SigningInfo DEFAULT_SIGNING_INFO
void generateKeyPairInTpm(const Name &keyName, const KeyParams ¶ms)
Name getDefaultCertificateNameForKey(const Name &keyName) const
Name createIdentity(const Name &identityName, const KeyParams ¶ms=DEFAULT_KEY_PARAMS)
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed ce...
SecTpm is the base class of the TPM classes.
function< unique_ptr< SecTpm >const std::string &)> TpmCreateFunc
static std::string getDefaultTpmLocator()
Get default TPM locator.
void addAppToAcl(const Name &keyName, KeyClass keyClass, const std::string &appPath, AclType acl)
bool generateRandomBlock(uint8_t *res, size_t size) const
void setInTerminal(bool inTerminal)
void getAllCertificateNamesOfKey(const Name &keyName, std::vector< Name > &nameList, bool isDefault) const
std::map< std::string, Block > SignParams
void deletePublicKeyInfo(const Name &keyName)
Block signInTpm(const uint8_t *data, size_t dataLength, const Name &keyName, DigestAlgorithm digestAlgorithm)
Name abstraction to represent an absolute name.
signer is a certificate, use it directly
Name getDefaultKeyNameForIdentity(const Name &identityName) const
void deleteIdentity(const Name &identity)
delete an identity.
void deleteIdentityInfo(const Name &identity)
Name generateRsaKeyPair(const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
Generate a pair of RSA keys for the specified identity.
static tlv::SignatureTypeValue getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm)
KeyChain()
Constructor to create KeyChain with default PIB and TPM.
static unique_ptr< SecTpm > createTpm(const std::string &tpmLocator)
Create a TPM according to tpmLocator.
static std::string getDefaultPibLocator()
Get default PIB locator.
shared_ptr< IdentityCertificate > selfSign(const Name &keyName)
Generate a self-signed certificate for a public key.
void addCertificate(const IdentityCertificate &certificate)
Base class of key parameters.
shared_ptr< IdentityCertificate > getDefaultCertificate() const
signer is an identity, use its default key and default certificate
void getAllKeyNamesOfIdentity(const Name &identity, std::vector< Name > &nameList, bool isDefault) const
shared_ptr< PublicKey > getPublicKeyFromTpm(const Name &keyName) const
Name generateEcdsaKeyPair(const Name &identityName, bool isKsk=false, uint32_t keySize=256)
Generate a pair of ECDSA keys for the specified identity.
void getAllKeyNames(std::vector< Name > &nameList, bool isDefault) const
ConstBufferPtr decryptInTpm(const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)
void setDefaultKeyNameForIdentity(const Name &keyName)
static const Name DEFAULT_PREFIX
Name getDefaultIdentity() const
shared_ptr< IdentityCertificate > getCertificate(const Name &certificateName) const
void refreshDefaultCertificate()
void addPublicKey(const Name &keyName, KeyType keyType, const PublicKey &publicKeyDer)
bool getInTerminal() const
void signWithSha256(Data &data)
Set Sha256 weak signature for data.
shared_ptr< const Buffer > ConstBufferPtr
void setDefaultCertificateNameForKey(const Name &certificateName)
const KeyParams & getDefaultKeyParamsForIdentity(const Name &identityName) const
Get default key parameters for the specified identity.
SimplePublicKeyParams is a template for public keys with only one parameter: size.
Name generateRsaKeyPairAsDefault(const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
Generate a pair of RSA keys for the specified identity and set it as default key for the identity...
static const Name DIGEST_SHA256_IDENTITY
A localhost identity which indicates that signature is generated using SHA-256.
void deleteCertificateInfo(const Name &certificateName)
void deleteKey(const Name &keyName)
delete a key.
static void registerTpm(std::initializer_list< std::string > aliases)
Register a new TPM.
void addCertificateAsIdentityDefault(const IdentityCertificate &certificate)
ConstBufferPtr exportPrivateKeyPkcs5FromTpm(const Name &keyName, const std::string &password)
SecPublicInfo is a base class for the storage of public information.
void addKey(const Name &keyName, const PublicKey &publicKeyDer)
void deleteCertificate(const Name &certificateName)
delete a certificate.
bool importPrivateKeyPkcs5IntoTpm(const Name &keyName, const uint8_t *buf, size_t size, const std::string &password)
Error(const std::string &what)
A Signature is storage for the signature-related information (info and value) in a Data packet...
1.8.12