2.3/doxygen/key-chain_8hpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 #ifndef NDN_SECURITY_KEY_CHAIN_HPP
 #define NDN_SECURITY_KEY_CHAIN_HPP

 #include "sec-public-info.hpp"
 #include "sec-tpm.hpp"
 #include "key-params.hpp"
 #include "secured-bag.hpp"
 #include "signature-sha256-with-rsa.hpp"
 #include "signature-sha256-with-ecdsa.hpp"
 #include "digest-sha256.hpp"
 #include "signing-info.hpp"

 #include "../interest.hpp"
 #include "../util/crypto.hpp"
 #include "../util/random.hpp"
 #include <initializer_list>

 namespace ndn {
 namespace security {

 class KeyChain : noncopyable
 {
 public:
   class Error : public std::runtime_error
   {
   public:
     explicit
     Error(const std::string& what)
       : std::runtime_error(what)
     {
     }
   };

   class MismatchError : public Error
   {
   public:
     explicit
     MismatchError(const std::string& what)
       : Error(what)
     {
     }
   };

   typedef function<unique_ptr<SecPublicInfo> (const std::string&)> PibCreateFunc;
   typedef function<unique_ptr<SecTpm>(const std::string&)> TpmCreateFunc;

   template<class PibType>
   static void
   registerPib(std::initializer_list<std::string> aliases);

   template<class TpmType>
   static void
   registerTpm(std::initializer_list<std::string> aliases);

   static std::string
   getDefaultPibLocator();

   static unique_ptr<SecPublicInfo>
   createPib(const std::string& pibLocator);

   static std::string
   getDefaultTpmLocator();

   static unique_ptr<SecTpm>
   createTpm(const std::string& tpmLocator);

   KeyChain();

   KeyChain(const std::string& pibLocator,
            const std::string& tpmLocator,
            bool allowReset = false);

   virtual
   ~KeyChain();

   Name
   createIdentity(const Name& identityName, const KeyParams& params = DEFAULT_KEY_PARAMS);

   Name
   generateRsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 2048);

   Name
   generateEcdsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 256);

   Name
   generateRsaKeyPairAsDefault(const Name& identityName, bool isKsk = false, uint32_t keySize = 2048);

   Name
   generateEcdsaKeyPairAsDefault(const Name& identityName, bool isKsk = false, uint32_t keySize = 256);

   shared_ptr<v1::IdentityCertificate>
   prepareUnsignedIdentityCertificate(const Name& keyName,
     const Name& signingIdentity,
     const time::system_clock::TimePoint& notBefore,
     const time::system_clock::TimePoint& notAfter,
     const std::vector<security::v1::CertificateSubjectDescription>& subjectDescription,
     const Name& certPrefix = DEFAULT_PREFIX);

   shared_ptr<v1::IdentityCertificate>
   prepareUnsignedIdentityCertificate(const Name& keyName,
     const v1::PublicKey& publicKey,
     const Name& signingIdentity,
     const time::system_clock::TimePoint& notBefore,
     const time::system_clock::TimePoint& notAfter,
     const std::vector<security::v1::CertificateSubjectDescription>& subjectDescription,
     const Name& certPrefix = DEFAULT_PREFIX);

   void
   sign(Data& data, const SigningInfo& params = DEFAULT_SIGNING_INFO);

   void
   sign(Interest& interest, const SigningInfo& params = DEFAULT_SIGNING_INFO);

   Block
   sign(const uint8_t* buffer, size_t bufferLength, const SigningInfo& params);

   template<typename T>
   void
   sign(T& packet, const Name& certificateName);

   Signature
   sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);

   template<typename T>
   void
   signByIdentity(T& packet, const Name& identityName);

   Signature
   signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);

   void
   signWithSha256(Data& data);

   void
   signWithSha256(Interest& interest);

   shared_ptr<v1::IdentityCertificate>
   selfSign(const Name& keyName);

   void
   selfSign(v1::IdentityCertificate& cert);

   void
   deleteCertificate(const Name& certificateName);

   void
   deleteKey(const Name& keyName);

   void
   deleteIdentity(const Name& identity);

   shared_ptr<SecuredBag>
   exportIdentity(const Name& identity, const std::string& passwordStr);

   void
   importIdentity(const SecuredBag& securedBag, const std::string& passwordStr);

   SecPublicInfo&
   getPib()
   {
     return *m_pib;
   }

   const SecPublicInfo&
   getPib() const
   {
     return *m_pib;
   }

   SecTpm&
   getTpm()
   {
     return *m_tpm;
   }

   const SecTpm&
   getTpm() const
   {
     return *m_tpm;
   }

   /*******************************
    *  Wrapper of SecPublicInfo   *
    *******************************/
   bool
   doesIdentityExist(const Name& identityName) const
   {
     return m_pib->doesIdentityExist(identityName);
   }

   void
   addIdentity(const Name& identityName)
   {
     return m_pib->addIdentity(identityName);
   }

   bool
   doesPublicKeyExist(const Name& keyName) const
   {
     return m_pib->doesPublicKeyExist(keyName);
   }

   void
   addPublicKey(const Name& keyName, KeyType keyType, const v1::PublicKey& publicKeyDer)
   {
     return m_pib->addKey(keyName, publicKeyDer);
   }

   void
   addKey(const Name& keyName, const v1::PublicKey& publicKeyDer)
   {
     return m_pib->addKey(keyName, publicKeyDer);
   }

   shared_ptr<v1::PublicKey>
   getPublicKey(const Name& keyName) const
   {
     return m_pib->getPublicKey(keyName);
   }

   bool
   doesCertificateExist(const Name& certificateName) const
   {
     return m_pib->doesCertificateExist(certificateName);
   }

   void
   addCertificate(const v1::IdentityCertificate& certificate)
   {
     return m_pib->addCertificate(certificate);
   }

   shared_ptr<v1::IdentityCertificate>
   getCertificate(const Name& certificateName) const
   {
     return m_pib->getCertificate(certificateName);
   }

   Name
   getDefaultIdentity() const
   {
     return m_pib->getDefaultIdentity();
   }

   Name
   getDefaultKeyNameForIdentity(const Name& identityName) const
   {
     return m_pib->getDefaultKeyNameForIdentity(identityName);
   }

   const KeyParams&
   getDefaultKeyParamsForIdentity(const Name& identityName) const;

   Name
   getDefaultCertificateNameForKey(const Name& keyName) const
   {
     return m_pib->getDefaultCertificateNameForKey(keyName);
   }

   void
   getAllIdentities(std::vector<Name>& nameList, bool isDefault) const
   {
     return m_pib->getAllIdentities(nameList, isDefault);
   }

   void
   getAllKeyNames(std::vector<Name>& nameList, bool isDefault) const
   {
     return m_pib->getAllKeyNames(nameList, isDefault);
   }

   void
   getAllKeyNamesOfIdentity(const Name& identity, std::vector<Name>& nameList, bool isDefault) const
   {
     return m_pib->getAllKeyNamesOfIdentity(identity, nameList, isDefault);
   }

   void
   getAllCertificateNames(std::vector<Name>& nameList, bool isDefault) const
   {
     return m_pib->getAllCertificateNames(nameList, isDefault);
   }

   void
   getAllCertificateNamesOfKey(const Name& keyName,
                               std::vector<Name>& nameList,
                               bool isDefault) const
   {
     return m_pib->getAllCertificateNamesOfKey(keyName, nameList, isDefault);
   }

   void
   deleteCertificateInfo(const Name& certificateName)
   {
     return m_pib->deleteCertificateInfo(certificateName);
   }

   void
   deletePublicKeyInfo(const Name& keyName)
   {
     return m_pib->deletePublicKeyInfo(keyName);
   }

   void
   deleteIdentityInfo(const Name& identity)
   {
     return m_pib->deleteIdentityInfo(identity);
   }

   void
   setDefaultIdentity(const Name& identityName)
   {
     return m_pib->setDefaultIdentity(identityName);
   }

   void
   setDefaultKeyNameForIdentity(const Name& keyName)
   {
     return m_pib->setDefaultKeyNameForIdentity(keyName);
   }

   void
   setDefaultCertificateNameForKey(const Name& certificateName)
   {
     return m_pib->setDefaultCertificateNameForKey(certificateName);
   }

   Name
   getNewKeyName(const Name& identityName, bool useKsk)
   {
     return m_pib->getNewKeyName(identityName, useKsk);
   }

   Name
   getDefaultCertificateNameForIdentity(const Name& identityName) const
   {
     return m_pib->getDefaultCertificateNameForIdentity(identityName);
   }

   Name
   getDefaultCertificateName() const
   {
     return m_pib->getDefaultCertificateName();
   }

   void
   addCertificateAsKeyDefault(const v1::IdentityCertificate& certificate)
   {
     return m_pib->addCertificateAsKeyDefault(certificate);
   }

   void
   addCertificateAsIdentityDefault(const v1::IdentityCertificate& certificate)
   {
     return m_pib->addCertificateAsIdentityDefault(certificate);
   }

   void
   addCertificateAsSystemDefault(const v1::IdentityCertificate& certificate)
   {
     return m_pib->addCertificateAsSystemDefault(certificate);
   }

   shared_ptr<v1::IdentityCertificate>
   getDefaultCertificate() const
   {
     if (!static_cast<bool>(m_pib->getDefaultCertificate()))
       const_cast<KeyChain*>(this)->setDefaultCertificateInternal();

     return m_pib->getDefaultCertificate();
   }

   void
   refreshDefaultCertificate()
   {
     return m_pib->refreshDefaultCertificate();
   }

   /*******************************
    *  Wrapper of SecTpm          *
    *******************************/

   void
   setTpmPassword(const uint8_t* password, size_t passwordLength)
   {
     return m_tpm->setTpmPassword(password, passwordLength);
   }

   void
   resetTpmPassword()
   {
     return m_tpm->resetTpmPassword();
   }

   void
   setInTerminal(bool inTerminal)
   {
     return m_tpm->setInTerminal(inTerminal);
   }

   bool
   getInTerminal() const
   {
     return m_tpm->getInTerminal();
   }

   bool
   isLocked() const
   {
     return m_tpm->isLocked();
   }

   bool
   unlockTpm(const char* password, size_t passwordLength, bool usePassword)
   {
     return m_tpm->unlockTpm(password, passwordLength, usePassword);
   }

   void
   generateKeyPairInTpm(const Name& keyName, const KeyParams& params)
   {
     return m_tpm->generateKeyPairInTpm(keyName, params);
   }

   void
   deleteKeyPairInTpm(const Name& keyName)
   {
     return m_tpm->deleteKeyPairInTpm(keyName);
   }

   shared_ptr<v1::PublicKey>
   getPublicKeyFromTpm(const Name& keyName) const
   {
     return m_tpm->getPublicKeyFromTpm(keyName);
   }

   Block
   signInTpm(const uint8_t* data, size_t dataLength,
             const Name& keyName,
             DigestAlgorithm digestAlgorithm)
   {
     return m_tpm->signInTpm(data, dataLength, keyName, digestAlgorithm);
   }

   ConstBufferPtr
   decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
   {
     return m_tpm->decryptInTpm(data, dataLength, keyName, isSymmetric);
   }

   ConstBufferPtr
   encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
   {
     return m_tpm->encryptInTpm(data, dataLength, keyName, isSymmetric);
   }

   void
   generateSymmetricKeyInTpm(const Name& keyName, const KeyParams& params)
   {
     return m_tpm->generateSymmetricKeyInTpm(keyName, params);
   }

   bool
   doesKeyExistInTpm(const Name& keyName, KeyClass keyClass) const
   {
     return m_tpm->doesKeyExistInTpm(keyName, keyClass);
   }

   bool
   generateRandomBlock(uint8_t* res, size_t size) const
   {
     return m_tpm->generateRandomBlock(res, size);
   }

   void
   addAppToAcl(const Name& keyName, KeyClass keyClass, const std::string& appPath, AclType acl)
   {
     return m_tpm->addAppToAcl(keyName, keyClass, appPath, acl);
   }

   ConstBufferPtr
   exportPrivateKeyPkcs5FromTpm(const Name& keyName, const std::string& password)
   {
     return m_tpm->exportPrivateKeyPkcs5FromTpm(keyName, password);
   }

   bool
   importPrivateKeyPkcs5IntoTpm(const Name& keyName,
                                const uint8_t* buf, size_t size,
                                const std::string& password)
   {
     return m_tpm->importPrivateKeyPkcs5IntoTpm(keyName, buf, size, password);
   }

 private:
   void
   initialize(const std::string& pibLocatorUri,
              const std::string& tpmLocatorUri,
              bool needReset);

   std::tuple<Name, SignatureInfo>
   prepareSignatureInfo(const SigningInfo& params);

   template<typename T>
   void
   signImpl(T& packet, const SigningInfo& params);

   void
   setDefaultCertificateInternal();

   Name
   generateKeyPair(const Name& identityName, bool isKsk = false,
                   const KeyParams& params = DEFAULT_KEY_PARAMS);

   void
   signPacketWrapper(Data& data, const Signature& signature,
                     const Name& keyName, DigestAlgorithm digestAlgorithm);

   void
   signPacketWrapper(Interest& interest, const Signature& signature,
                     const Name& keyName, DigestAlgorithm digestAlgorithm);

   Block
   pureSign(const uint8_t* buf, size_t size, const Name& keyName, DigestAlgorithm digestAlgorithm) const;

   static void
   registerPibImpl(const std::string& canonicalName,
                   std::initializer_list<std::string> aliases, PibCreateFunc createFunc);

   static void
   registerTpmImpl(const std::string& canonicalName,
                   std::initializer_list<std::string> aliases, TpmCreateFunc createFunc);

 public:
   static tlv::SignatureTypeValue
   getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm);

 public:
   static const Name DEFAULT_PREFIX;
   static const SigningInfo DEFAULT_SIGNING_INFO;

   static const Name DIGEST_SHA256_IDENTITY;

   // RsaKeyParams is set to be default for backward compatibility.
   static const RsaKeyParams DEFAULT_KEY_PARAMS;

   typedef std::map<std::string, Block> SignParams;

 private:
   std::unique_ptr<SecPublicInfo> m_pib;
   std::unique_ptr<SecTpm> m_tpm;
   time::milliseconds m_lastTimestamp;
 };

 template<typename T>
 void
 KeyChain::signImpl(T& packet, const SigningInfo& params)
 {
   Name keyName;
   SignatureInfo sigInfo;
   std::tie(keyName, sigInfo) = prepareSignatureInfo(params);

   signPacketWrapper(packet, Signature(sigInfo),
                     keyName, params.getDigestAlgorithm());
 }

 template<typename T>
 void
 KeyChain::sign(T& packet, const Name& certificateName)
 {
   signImpl(packet, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certificateName));
 }

 template<typename T>
 void
 KeyChain::signByIdentity(T& packet, const Name& identityName)
 {
   signImpl(packet, SigningInfo(SigningInfo::SIGNER_TYPE_ID, identityName));
 }

 template<class PibType>
 inline void
 KeyChain::registerPib(std::initializer_list<std::string> aliases)
 {
   registerPibImpl(*aliases.begin(), aliases, [] (const std::string& locator) {
       return make_unique<PibType>(locator);
     });
 }

 template<class TpmType>
 inline void
 KeyChain::registerTpm(std::initializer_list<std::string> aliases)
 {
   registerTpmImpl(*aliases.begin(), aliases, [] (const std::string& locator) {
       return make_unique<TpmType>(locator);
     });
 }

 #define NDN_CXX_KEYCHAIN_REGISTER_PIB(PibType, ...)     \
 static class NdnCxxAuto ## PibType ## PibRegistrationClass    \
 {                                                             \
 public:                                                       \
   NdnCxxAuto ## PibType ## PibRegistrationClass()             \
   {                                                           \
     ::ndn::KeyChain::registerPib<PibType>({__VA_ARGS__});     \
   }                                                           \
 } ndnCxxAuto ## PibType ## PibRegistrationVariable

 #define NDN_CXX_KEYCHAIN_REGISTER_TPM(TpmType, ...)     \
 static class NdnCxxAuto ## TpmType ## TpmRegistrationClass    \
 {                                                             \
 public:                                                       \
   NdnCxxAuto ## TpmType ## TpmRegistrationClass()             \
   {                                                           \
     ::ndn::KeyChain::registerTpm<TpmType>({__VA_ARGS__});     \
   }                                                           \
 } ndnCxxAuto ## TpmType ## TpmRegistrationVariable

 } // namespace security

 using security::KeyChain;

 } // namespace ndn

 #endif // NDN_SECURITY_KEY_CHAIN_HPP
ndn::security::KeyChain::DEFAULT_KEY_PARAMS
static const RsaKeyParams DEFAULT_KEY_PARAMS
Definition: key-chain.hpp:881

ndn::security::KeyChain::getPib
const SecPublicInfo & getPib() const
Definition: key-chain.hpp:443

ndn::security::v1::IdentityCertificate
Definition: identity-certificate.hpp:34

ndn::security::KeyChain::addCertificateAsIdentityDefault
void addCertificateAsIdentityDefault(const v1::IdentityCertificate &certificate)
Definition: key-chain.hpp:638

ndn::security::KeyChain::getNewKeyName
Name getNewKeyName(const Name &identityName, bool useKsk)
Definition: key-chain.hpp:614

ndn::security::KeyChain::unlockTpm
bool unlockTpm(const char *password, size_t passwordLength, bool usePassword)
Definition: key-chain.hpp:699

ndn::security::KeyChain::getTpm
const SecTpm & getTpm() const
Definition: key-chain.hpp:455

ndn::security::KeyChain::resetTpmPassword
void resetTpmPassword()
Definition: key-chain.hpp:675

ndn::security::KeyChain::MismatchError::MismatchError
MismatchError(const std::string &what)
Definition: key-chain.hpp:68

ndn
Copyright (c) 2011-2015 Regents of the University of California.
Definition: ndn-strategy-choice-helper.hpp:34

ndn::security::KeyChain::PibCreateFunc
function< unique_ptr< SecPublicInfo >const std::string &)> PibCreateFunc
Definition: key-chain.hpp:74

ndn::security::KeyChain::doesCertificateExist
bool doesCertificateExist(const Name &certificateName) const
Definition: key-chain.hpp:500

ndn::security::KeyChain::getDefaultCertificateName
Name getDefaultCertificateName() const
Definition: key-chain.hpp:626

ndn::SignatureInfo
Definition: signature-info.hpp:32

ndn::security::KeyChain::getCertificate
shared_ptr< v1::IdentityCertificate > getCertificate(const Name &certificateName) const
Definition: key-chain.hpp:512

ndn::security::KeyChain::doesIdentityExist
bool doesIdentityExist(const Name &identityName) const
Definition: key-chain.hpp:464

ndn::security::KeyChain::getAllIdentities
void getAllIdentities(std::vector< Name > &nameList, bool isDefault) const
Definition: key-chain.hpp:546

ndn::security::KeyChain::addIdentity
void addIdentity(const Name &identityName)
Definition: key-chain.hpp:470

signature-sha256-with-rsa.hpp

ndn::security::KeyChain::importIdentity
void importIdentity(const SecuredBag &securedBag, const std::string &passwordStr)
import an identity.
Definition: key-chain.cpp:632

ndn::security::KeyChain::setDefaultIdentity
void setDefaultIdentity(const Name &identityName)
Definition: key-chain.hpp:596

ndn::security::KeyChain::getDefaultCertificate
shared_ptr< v1::IdentityCertificate > getDefaultCertificate() const
Definition: key-chain.hpp:650

ndn::security::KeyChain::createPib
static unique_ptr< SecPublicInfo > createPib(const std::string &pibLocator)
Create a PIB according to pibLocator.
Definition: key-chain.cpp:207

ndn::security::KeyChain::getDefaultCertificateNameForIdentity
Name getDefaultCertificateNameForIdentity(const Name &identityName) const
Definition: key-chain.hpp:620

ndn::security::SigningInfo::getDigestAlgorithm
DigestAlgorithm getDigestAlgorithm() const
Definition: signing-info.hpp:151

ndn::security::KeyChain
The packet signing interface.
Definition: key-chain.hpp:47

ndn::security::KeyChain::signByIdentity
void signByIdentity(T &packet, const Name &identityName)
Sign packet using the default certificate of a particular identity.
Definition: key-chain.hpp:912

key-params.hpp

ndn::security::KeyChain::generateSymmetricKeyInTpm
void generateSymmetricKeyInTpm(const Name &keyName, const KeyParams &params)
Definition: key-chain.hpp:743

ndn::security::SecTpm
SecTpm is the base class of the TPM classes.
Definition: sec-tpm.hpp:42

ndn::security::KeyChain::doesKeyExistInTpm
bool doesKeyExistInTpm(const Name &keyName, KeyClass keyClass) const
Definition: key-chain.hpp:749

std
STL namespace.

ndn::security::KeyChain::encryptInTpm
ConstBufferPtr encryptInTpm(const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)
Definition: key-chain.hpp:737

ndn::security::KeyChain::MismatchError
Error thrown when the supplied TPM locator to KeyChain constructor does not match the locator stored ...
Definition: key-chain.hpp:64

ndn::security::KeyChain::selfSign
shared_ptr< v1::IdentityCertificate > selfSign(const Name &keyName)
Generate a self-signed certificate for a public key.
Definition: key-chain.cpp:557

ndn::Block
Class representing a wire element of NDN-TLV packet format.
Definition: block.hpp:43

signature-sha256-with-ecdsa.hpp

ndn::Interest
represents an Interest packet
Definition: interest.hpp:42

ndn::security::KeyChain::deleteKeyPairInTpm
void deleteKeyPairInTpm(const Name &keyName)
Definition: key-chain.hpp:711

ndn::security::KeyChain::sign
void sign(Data &data, const SigningInfo &params=DEFAULT_SIGNING_INFO)
Sign data according to the supplied signing information.
Definition: key-chain.cpp:517

ndn::security::KeyChain::isLocked
bool isLocked() const
Definition: key-chain.hpp:693

ndn::security::KeyChain::getTpm
SecTpm & getTpm()
Definition: key-chain.hpp:449

sec-tpm.hpp

ndn::security::KeyChain::setTpmPassword
void setTpmPassword(const uint8_t *password, size_t passwordLength)
Definition: key-chain.hpp:669

ndn::security::SigningInfo
Signing parameters passed to KeyChain.
Definition: signing-info.hpp:36

ndn::security::KeyChain::exportIdentity
shared_ptr< SecuredBag > exportIdentity(const Name &identity, const std::string &passwordStr)
export an identity.
Definition: key-chain.cpp:603

ndn::security::KeyChain::getAllCertificateNames
void getAllCertificateNames(std::vector< Name > &nameList, bool isDefault) const
Definition: key-chain.hpp:564

ndn::KeyType
KeyType
Definition: security-common.hpp:50

ndn::security::KeyChain::registerPib
static void registerPib(std::initializer_list< std::string > aliases)
Register a new PIB.
Definition: key-chain.hpp:919

ndn::security::KeyChain::getPublicKeyFromTpm
shared_ptr< v1::PublicKey > getPublicKeyFromTpm(const Name &keyName) const
Definition: key-chain.hpp:717

ndn::security::KeyChain::generateEcdsaKeyPairAsDefault
Name generateEcdsaKeyPairAsDefault(const Name &identityName, bool isKsk=false, uint32_t keySize=256)
Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity...
Definition: key-chain.cpp:353

ndn::security::KeyChain::doesPublicKeyExist
bool doesPublicKeyExist(const Name &keyName) const
Definition: key-chain.hpp:476

ndn::security::KeyChain::DEFAULT_SIGNING_INFO
static const SigningInfo DEFAULT_SIGNING_INFO
Definition: key-chain.hpp:872

ndn::security::SecuredBag
Definition: secured-bag.hpp:31

ndn::security::KeyChain::generateKeyPairInTpm
void generateKeyPairInTpm(const Name &keyName, const KeyParams &params)
Definition: key-chain.hpp:705

ndn::security::KeyChain::getDefaultCertificateNameForKey
Name getDefaultCertificateNameForKey(const Name &keyName) const
Definition: key-chain.hpp:540

ndn::security::KeyChain::createIdentity
Name createIdentity(const Name &identityName, const KeyParams &params=DEFAULT_KEY_PARAMS)
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed ce...
Definition: key-chain.cpp:293

ndn::security::KeyChain::addPublicKey
void addPublicKey(const Name &keyName, KeyType keyType, const v1::PublicKey &publicKeyDer)
Definition: key-chain.hpp:482

ndn::AclType
AclType
Definition: security-common.hpp:94

ndn::security::KeyChain::getPib
SecPublicInfo & getPib()
Definition: key-chain.hpp:437

ndn::security::KeyChain::TpmCreateFunc
function< unique_ptr< SecTpm >const std::string &)> TpmCreateFunc
Definition: key-chain.hpp:75

ndn::security::KeyChain::getDefaultTpmLocator
static std::string getDefaultTpmLocator()
Get default TPM locator.
Definition: key-chain.cpp:219

ndn::security::KeyChain::addAppToAcl
void addAppToAcl(const Name &keyName, KeyClass keyClass, const std::string &appPath, AclType acl)
Definition: key-chain.hpp:761

ndn::security::KeyChain::addKey
void addKey(const Name &keyName, const v1::PublicKey &publicKeyDer)
Definition: key-chain.hpp:488

ndn::security::KeyChain::generateRandomBlock
bool generateRandomBlock(uint8_t *res, size_t size) const
Definition: key-chain.hpp:755

ndn::security::KeyChain::setInTerminal
void setInTerminal(bool inTerminal)
Definition: key-chain.hpp:681

ndn::security::KeyChain::getAllCertificateNamesOfKey
void getAllCertificateNamesOfKey(const Name &keyName, std::vector< Name > &nameList, bool isDefault) const
Definition: key-chain.hpp:570

ndn::security::KeyChain::SignParams
std::map< std::string, Block > SignParams
Definition: key-chain.hpp:883

ndn::security::KeyChain::deletePublicKeyInfo
void deletePublicKeyInfo(const Name &keyName)
Definition: key-chain.hpp:584

ndn::security::KeyChain::signInTpm
Block signInTpm(const uint8_t *data, size_t dataLength, const Name &keyName, DigestAlgorithm digestAlgorithm)
Definition: key-chain.hpp:723

ndn::Name
Name abstraction to represent an absolute name.
Definition: name.hpp:46

ndn::security::KeyChain::~KeyChain
virtual ~KeyChain()
Definition: key-chain.cpp:163

ndn::security::SigningInfo::SIGNER_TYPE_CERT
signer is a certificate, use it directly
Definition: signing-info.hpp:57

ndn::security::KeyChain::getPublicKey
shared_ptr< v1::PublicKey > getPublicKey(const Name &keyName) const
Definition: key-chain.hpp:494

secured-bag.hpp

signing-info.hpp

ndn::security::KeyChain::getDefaultKeyNameForIdentity
Name getDefaultKeyNameForIdentity(const Name &identityName) const
Definition: key-chain.hpp:524

ndn::security::KeyChain::deleteIdentity
void deleteIdentity(const Name &identity)
delete an identity.
Definition: key-chain.cpp:819

ndn::security::KeyChain::deleteIdentityInfo
void deleteIdentityInfo(const Name &identity)
Definition: key-chain.hpp:590

ndn::time::system_clock::TimePoint
time_point TimePoint
Definition: time.hpp:90

ndn::security::KeyChain::generateRsaKeyPair
Name generateRsaKeyPair(const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
Generate a pair of RSA keys for the specified identity.
Definition: key-chain.cpp:327

ndn::security::KeyChain::Error
Definition: key-chain.hpp:50

ndn::security::KeyChain::addCertificate
void addCertificate(const v1::IdentityCertificate &certificate)
Definition: key-chain.hpp:506

ndn::security::KeyChain::getSignatureType
static tlv::SignatureTypeValue getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm)
Definition: key-chain.cpp:832

ndn::security::KeyChain::KeyChain
KeyChain()
Constructor to create KeyChain with default PIB and TPM.
Definition: key-chain.cpp:121

ndn::security::KeyChain::createTpm
static unique_ptr< SecTpm > createTpm(const std::string &tpmLocator)
Create a TPM according to tpmLocator.
Definition: key-chain.cpp:244

ndn::KeyClass
KeyClass
Definition: security-common.hpp:60

ndn::security::KeyChain::getDefaultPibLocator
static std::string getDefaultPibLocator()
Get default PIB locator.
Definition: key-chain.cpp:181

ndn::security::SecPublicInfo
SecPublicInfo is a base class for the storage of public information.
Definition: sec-public-info.hpp:39

ndn::tlv::SignatureTypeValue
SignatureTypeValue
Definition: tlv.hpp:95

ndn::security::KeyChain::addCertificateAsKeyDefault
void addCertificateAsKeyDefault(const v1::IdentityCertificate &certificate)
Definition: key-chain.hpp:632

ndn::KeyParams
Base class of key parameters.
Definition: key-params.hpp:35

ndn::security::SigningInfo::SIGNER_TYPE_ID
signer is an identity, use its default key and default certificate
Definition: signing-info.hpp:53

ndn::security::KeyChain::getAllKeyNamesOfIdentity
void getAllKeyNamesOfIdentity(const Name &identity, std::vector< Name > &nameList, bool isDefault) const
Definition: key-chain.hpp:558

ndn::security::KeyChain::generateEcdsaKeyPair
Name generateEcdsaKeyPair(const Name &identityName, bool isKsk=false, uint32_t keySize=256)
Generate a pair of ECDSA keys for the specified identity.
Definition: key-chain.cpp:334

ndn::security::KeyChain::getAllKeyNames
void getAllKeyNames(std::vector< Name > &nameList, bool isDefault) const
Definition: key-chain.hpp:552

ndn::security::KeyChain::decryptInTpm
ConstBufferPtr decryptInTpm(const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)
Definition: key-chain.hpp:731

ndn::security::KeyChain::setDefaultKeyNameForIdentity
void setDefaultKeyNameForIdentity(const Name &keyName)
Definition: key-chain.hpp:602

ndn::security::KeyChain::addCertificateAsSystemDefault
void addCertificateAsSystemDefault(const v1::IdentityCertificate &certificate)
Definition: key-chain.hpp:644

ndn::security::KeyChain::DEFAULT_PREFIX
static const Name DEFAULT_PREFIX
Definition: key-chain.hpp:871

ndn::security::KeyChain::getDefaultIdentity
Name getDefaultIdentity() const
Definition: key-chain.hpp:518

ndn::security::KeyChain::refreshDefaultCertificate
void refreshDefaultCertificate()
Definition: key-chain.hpp:659

ndn::security::KeyChain::getInTerminal
bool getInTerminal() const
Definition: key-chain.hpp:687

ndn::security::KeyChain::signWithSha256
void signWithSha256(Data &data)
Set Sha256 weak signature for data.
Definition: key-chain.cpp:776

ndn::security::v1::PublicKey
Definition: public-key.hpp:43

ndn::ConstBufferPtr
shared_ptr< const Buffer > ConstBufferPtr
Definition: buffer.hpp:33

ndn::security::KeyChain::setDefaultCertificateNameForKey
void setDefaultCertificateNameForKey(const Name &certificateName)
Definition: key-chain.hpp:608

ndn::security::KeyChain::getDefaultKeyParamsForIdentity
const KeyParams & getDefaultKeyParamsForIdentity(const Name &identityName) const
Get default key parameters for the specified identity.
Definition: key-chain.cpp:657

ndn::Data
represents a Data packet
Definition: data.hpp:37

ndn::SimplePublicKeyParams
SimplePublicKeyParams is a template for public keys with only one parameter: size.
Definition: key-params.hpp:110

ndn::security::KeyChain::prepareUnsignedIdentityCertificate
shared_ptr< v1::IdentityCertificate > prepareUnsignedIdentityCertificate(const Name &keyName, const Name &signingIdentity, const time::system_clock::TimePoint &notBefore, const time::system_clock::TimePoint &notAfter, const std::vector< security::v1::CertificateSubjectDescription > &subjectDescription, const Name &certPrefix=DEFAULT_PREFIX)
prepare an unsigned identity certificate
Definition: key-chain.cpp:366

ndn::security::KeyChain::generateRsaKeyPairAsDefault
Name generateRsaKeyPairAsDefault(const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
Generate a pair of RSA keys for the specified identity and set it as default key for the identity...
Definition: key-chain.cpp:341

ndn::security::KeyChain::DIGEST_SHA256_IDENTITY
static const Name DIGEST_SHA256_IDENTITY
A localhost identity which indicates that signature is generated using SHA-256.
Definition: key-chain.hpp:878

ndn::security::KeyChain::deleteCertificateInfo
void deleteCertificateInfo(const Name &certificateName)
Definition: key-chain.hpp:578

sec-public-info.hpp

ndn::security::KeyChain::deleteKey
void deleteKey(const Name &keyName)
delete a key.
Definition: key-chain.cpp:812

ndn::DigestAlgorithm
DigestAlgorithm
Definition: security-common.hpp:70

ndn::security::KeyChain::registerTpm
static void registerTpm(std::initializer_list< std::string > aliases)
Register a new TPM.
Definition: key-chain.hpp:928

ndn::security::KeyChain::exportPrivateKeyPkcs5FromTpm
ConstBufferPtr exportPrivateKeyPkcs5FromTpm(const Name &keyName, const std::string &password)
Definition: key-chain.hpp:767

digest-sha256.hpp

security

ndn::security::KeyChain::deleteCertificate
void deleteCertificate(const Name &certificateName)
delete a certificate.
Definition: key-chain.cpp:806

ndn::security::KeyChain::importPrivateKeyPkcs5IntoTpm
bool importPrivateKeyPkcs5IntoTpm(const Name &keyName, const uint8_t *buf, size_t size, const std::string &password)
Definition: key-chain.hpp:773

ndn::security::KeyChain::Error::Error
Error(const std::string &what)
Definition: key-chain.hpp:54

ndn::Signature
A Signature is storage for the signature-related information (info and value) in a Data packet...
Definition: signature.hpp:33