NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.5: NDN, CCN, CCNx, content centric networks
API Documentation
key-chain.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2018 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
22 #include "key-chain.hpp"
23 
24 #include "../../util/config-file.hpp"
25 #include "../../util/logger.hpp"
26 #include "../../util/sha256.hpp"
27 
28 #include "../pib/pib-sqlite3.hpp"
29 #include "../pib/pib-memory.hpp"
30 
31 #ifdef NDN_CXX_HAVE_OSX_FRAMEWORKS
32 #include "../tpm/back-end-osx.hpp"
33 #endif // NDN_CXX_HAVE_OSX_FRAMEWORKS
34 
35 #include "../tpm/back-end-file.hpp"
36 #include "../tpm/back-end-mem.hpp"
37 
38 #include "../transform/bool-sink.hpp"
39 #include "../transform/buffer-source.hpp"
40 #include "../transform/private-key.hpp"
41 #include "../transform/public-key.hpp"
42 #include "../transform/verifier-filter.hpp"
43 #include "../../encoding/buffer-stream.hpp"
44 
45 #include <boost/lexical_cast.hpp>
46 
47 namespace ndn {
48 namespace security {
49 
50 // When static library is used, not everything is compiled into the resulting binary.
51 // Therefore, the following standard PIB and TPMs need to be registered here.
52 // http://stackoverflow.com/q/9459980/2150331
53 
54 namespace pib {
57 } // namespace pib
58 
59 namespace tpm {
60 #if defined(NDN_CXX_HAVE_OSX_FRAMEWORKS) && defined(NDN_CXX_WITH_OSX_KEYCHAIN)
62 #endif // defined(NDN_CXX_HAVE_OSX_FRAMEWORKS) && defined(NDN_CXX_WITH_OSX_KEYCHAIN)
63 
66 } // namespace tpm
67 
68 namespace v2 {
69 
71 
72 std::string KeyChain::s_defaultPibLocator;
73 std::string KeyChain::s_defaultTpmLocator;
74 
75 KeyChain::PibFactories&
76 KeyChain::getPibFactories()
77 {
78  static PibFactories pibFactories;
79  return pibFactories;
80 }
81 
82 KeyChain::TpmFactories&
83 KeyChain::getTpmFactories()
84 {
85  static TpmFactories tpmFactories;
86  return tpmFactories;
87 }
88 
89 const std::string&
90 KeyChain::getDefaultPibScheme()
91 {
93 }
94 
95 const std::string&
96 KeyChain::getDefaultTpmScheme()
97 {
98 #if defined(NDN_CXX_HAVE_OSX_FRAMEWORKS) && defined(NDN_CXX_WITH_OSX_KEYCHAIN)
100 #else
102 #endif // defined(NDN_CXX_HAVE_OSX_FRAMEWORKS) && defined(NDN_CXX_WITH_OSX_KEYCHAIN)
103 }
104 
105 const std::string&
106 KeyChain::getDefaultPibLocator()
107 {
108  if (!s_defaultPibLocator.empty())
109  return s_defaultPibLocator;
110 
111  if (getenv("NDN_CLIENT_PIB") != nullptr) {
112  s_defaultPibLocator = getenv("NDN_CLIENT_PIB");
113  }
114  else {
115  ConfigFile config;
116  s_defaultPibLocator = config.getParsedConfiguration().get<std::string>("pib", getDefaultPibScheme() + ":");
117  }
118 
119  return s_defaultPibLocator;
120 }
121 
122 const std::string&
123 KeyChain::getDefaultTpmLocator()
124 {
125  if (!s_defaultTpmLocator.empty())
126  return s_defaultTpmLocator;
127 
128  if (getenv("NDN_CLIENT_TPM") != nullptr) {
129  s_defaultTpmLocator = getenv("NDN_CLIENT_TPM");
130  }
131  else {
132  ConfigFile config;
133  s_defaultTpmLocator = config.getParsedConfiguration().get<std::string>("tpm", getDefaultTpmScheme() + ":");
134  }
135 
136  return s_defaultTpmLocator;
137 }
138 
139 
140 // Other defaults
141 
142 const SigningInfo&
144 {
145  static SigningInfo signingInfo;
146  return signingInfo;
147 }
148 
149 const KeyParams&
151 {
152  static EcKeyParams keyParams;
153  return keyParams;
154 }
155 
156 //
157 
159  : KeyChain(getDefaultPibLocator(), getDefaultTpmLocator(), true)
160 {
161 }
162 
163 KeyChain::KeyChain(const std::string& pibLocator, const std::string& tpmLocator, bool allowReset)
164 {
165  // PIB Locator
166  std::string pibScheme, pibLocation;
167  std::tie(pibScheme, pibLocation) = parseAndCheckPibLocator(pibLocator);
168  std::string canonicalPibLocator = pibScheme + ":" + pibLocation;
169 
170  // Create PIB
171  m_pib = createPib(canonicalPibLocator);
172  std::string oldTpmLocator;
173  try {
174  oldTpmLocator = m_pib->getTpmLocator();
175  }
176  catch (const Pib::Error&) {
177  // TPM locator is not set in PIB yet.
178  }
179 
180  // TPM Locator
181  std::string tpmScheme, tpmLocation;
182  std::tie(tpmScheme, tpmLocation) = parseAndCheckTpmLocator(tpmLocator);
183  std::string canonicalTpmLocator = tpmScheme + ":" + tpmLocation;
184 
185  if (canonicalPibLocator == getDefaultPibLocator()) {
186  // Default PIB must use default TPM
187  if (!oldTpmLocator.empty() && oldTpmLocator != getDefaultTpmLocator()) {
188  m_pib->reset();
189  canonicalTpmLocator = getDefaultTpmLocator();
190  }
191  }
192  else {
193  // non-default PIB check consistency
194  if (!oldTpmLocator.empty() && oldTpmLocator != canonicalTpmLocator) {
195  if (allowReset)
196  m_pib->reset();
197  else
198  BOOST_THROW_EXCEPTION(LocatorMismatchError("TPM locator supplied does not match TPM locator in PIB: " +
199  oldTpmLocator + " != " + canonicalTpmLocator));
200  }
201  }
202 
203  // note that key mismatch may still happen if the TPM locator is initially set to a
204  // wrong one or if the PIB was shared by more than one TPMs before. This is due to the
205  // old PIB does not have TPM info, new pib should not have this problem.
206  m_tpm = createTpm(canonicalTpmLocator);
207  m_pib->setTpmLocator(canonicalTpmLocator);
208 }
209 
210 KeyChain::~KeyChain() = default;
211 
212 // public: management
213 
214 Identity
215 KeyChain::createIdentity(const Name& identityName, const KeyParams& params)
216 {
217  Identity id = m_pib->addIdentity(identityName);
218 
219  Key key;
220  try {
221  key = id.getDefaultKey();
222  }
223  catch (const Pib::Error&) {
224  key = createKey(id, params);
225  }
226 
227  try {
228  key.getDefaultCertificate();
229  }
230  catch (const Pib::Error&) {
231  NDN_LOG_DEBUG("No default cert for " << key.getName() << ", requesting self-signing");
232  selfSign(key);
233  }
234 
235  return id;
236 }
237 
238 void
240 {
241  BOOST_ASSERT(static_cast<bool>(identity));
242 
243  Name identityName = identity.getName();
244 
245  for (const auto& key : identity.getKeys()) {
246  m_tpm->deleteKey(key.getName());
247  }
248 
249  m_pib->removeIdentity(identityName);
250 }
251 
252 void
254 {
255  BOOST_ASSERT(static_cast<bool>(identity));
256 
257  m_pib->setDefaultIdentity(identity.getName());
258 }
259 
260 Key
261 KeyChain::createKey(const Identity& identity, const KeyParams& params)
262 {
263  BOOST_ASSERT(static_cast<bool>(identity));
264 
265  // create key in TPM
266  Name keyName = m_tpm->createKey(identity.getName(), params);
267 
268  // set up key info in PIB
269  ConstBufferPtr pubKey = m_tpm->getPublicKey(keyName);
270  Key key = identity.addKey(pubKey->data(), pubKey->size(), keyName);
271 
272  NDN_LOG_DEBUG("Requesting self-signing for newly created key " << key.getName());
273  selfSign(key);
274 
275  return key;
276 }
277 
278 void
279 KeyChain::deleteKey(const Identity& identity, const Key& key)
280 {
281  BOOST_ASSERT(static_cast<bool>(identity));
282  BOOST_ASSERT(static_cast<bool>(key));
283 
284  Name keyName = key.getName();
285  if (identity.getName() != key.getIdentity()) {
286  BOOST_THROW_EXCEPTION(std::invalid_argument("Identity `" + identity.getName().toUri() + "` "
287  "does not match key `" + keyName.toUri() + "`"));
288  }
289 
290  identity.removeKey(keyName);
291  m_tpm->deleteKey(keyName);
292 }
293 
294 void
295 KeyChain::setDefaultKey(const Identity& identity, const Key& key)
296 {
297  BOOST_ASSERT(static_cast<bool>(identity));
298  BOOST_ASSERT(static_cast<bool>(key));
299 
300  if (identity.getName() != key.getIdentity())
301  BOOST_THROW_EXCEPTION(std::invalid_argument("Identity `" + identity.getName().toUri() + "` "
302  "does not match key `" + key.getName().toUri() + "`"));
303 
304  identity.setDefaultKey(key.getName());
305 }
306 
307 void
308 KeyChain::addCertificate(const Key& key, const Certificate& certificate)
309 {
310  BOOST_ASSERT(static_cast<bool>(key));
311 
312  if (key.getName() != certificate.getKeyName() ||
313  !std::equal(certificate.getContent().value_begin(), certificate.getContent().value_end(),
314  key.getPublicKey().begin()))
315  BOOST_THROW_EXCEPTION(std::invalid_argument("Key `" + key.getName().toUri() + "` "
316  "does not match certificate `" + certificate.getName().toUri() + "`"));
317 
318  key.addCertificate(certificate);
319 }
320 
321 void
322 KeyChain::deleteCertificate(const Key& key, const Name& certificateName)
323 {
324  BOOST_ASSERT(static_cast<bool>(key));
325 
326  if (!Certificate::isValidName(certificateName)) {
327  BOOST_THROW_EXCEPTION(std::invalid_argument("Wrong certificate name `" + certificateName.toUri() + "`"));
328  }
329 
330  key.removeCertificate(certificateName);
331 }
332 
333 void
335 {
336  BOOST_ASSERT(static_cast<bool>(key));
337 
338  addCertificate(key, cert);
339  key.setDefaultCertificate(cert.getName());
340 }
341 
342 shared_ptr<SafeBag>
343 KeyChain::exportSafeBag(const Certificate& certificate, const char* pw, size_t pwLen)
344 {
345  Name identity = certificate.getIdentity();
346  Name keyName = certificate.getKeyName();
347 
348  ConstBufferPtr encryptedKey;
349  try {
350  encryptedKey = m_tpm->exportPrivateKey(keyName, pw, pwLen);
351  }
352  catch (const tpm::BackEnd::Error& e) {
353  BOOST_THROW_EXCEPTION(Error("Failed to export private key `" + keyName.toUri() + "`: " + e.what()));
354  }
355 
356  return make_shared<SafeBag>(certificate, *encryptedKey);
357 }
358 
359 void
360 KeyChain::importSafeBag(const SafeBag& safeBag, const char* pw, size_t pwLen)
361 {
362  Data certData = safeBag.getCertificate();
363  Certificate cert(std::move(certData));
364  Name identity = cert.getIdentity();
365  Name keyName = cert.getKeyName();
366  const Buffer publicKeyBits = cert.getPublicKey();
367 
368  if (m_tpm->hasKey(keyName)) {
369  BOOST_THROW_EXCEPTION(Error("Private key `" + keyName.toUri() + "` already exists"));
370  }
371 
372  try {
373  Identity existingId = m_pib->getIdentity(identity);
374  existingId.getKey(keyName);
375  BOOST_THROW_EXCEPTION(Error("Public key `" + keyName.toUri() + "` already exists"));
376  }
377  catch (const Pib::Error&) {
378  // Either identity or key doesn't exist. OK to import.
379  }
380 
381  try {
382  m_tpm->importPrivateKey(keyName,
383  safeBag.getEncryptedKeyBag().data(), safeBag.getEncryptedKeyBag().size(),
384  pw, pwLen);
385  }
386  catch (const tpm::BackEnd::Error& e) {
387  BOOST_THROW_EXCEPTION(Error("Failed to import private key `" + keyName.toUri() + "`: " + e.what()));
388  }
389 
390  // check the consistency of private key and certificate
391  const uint8_t content[] = {0x01, 0x02, 0x03, 0x04};
392  ConstBufferPtr sigBits;
393  try {
394  sigBits = m_tpm->sign(content, 4, keyName, DigestAlgorithm::SHA256);
395  }
396  catch (const std::runtime_error&) {
397  m_tpm->deleteKey(keyName);
398  BOOST_THROW_EXCEPTION(Error("Invalid private key `" + keyName.toUri() + "`"));
399  }
400  bool isVerified = false;
401  {
402  using namespace transform;
403  PublicKey publicKey;
404  publicKey.loadPkcs8(publicKeyBits.data(), publicKeyBits.size());
405  bufferSource(content, sizeof(content)) >> verifierFilter(DigestAlgorithm::SHA256, publicKey,
406  sigBits->data(), sigBits->size())
407  >> boolSink(isVerified);
408  }
409  if (!isVerified) {
410  m_tpm->deleteKey(keyName);
411  BOOST_THROW_EXCEPTION(Error("Certificate `" + cert.getName().toUri() + "` "
412  "and private key `" + keyName.toUri() + "` do not match"));
413  }
414 
415  Identity id = m_pib->addIdentity(identity);
416  Key key = id.addKey(cert.getPublicKey().data(), cert.getPublicKey().size(), keyName);
417  key.addCertificate(cert);
418 }
419 
420 // public: signing
421 
422 void
423 KeyChain::sign(Data& data, const SigningInfo& params)
424 {
425  Name keyName;
426  SignatureInfo sigInfo;
427  std::tie(keyName, sigInfo) = prepareSignatureInfo(params);
428 
429  data.setSignature(Signature(sigInfo));
430 
431  EncodingBuffer encoder;
432  data.wireEncode(encoder, true);
433 
434  Block sigValue = sign(encoder.buf(), encoder.size(), keyName, params.getDigestAlgorithm());
435 
436  data.wireEncode(encoder, sigValue);
437 }
438 
439 void
440 KeyChain::sign(Interest& interest, const SigningInfo& params)
441 {
442  Name keyName;
443  SignatureInfo sigInfo;
444  std::tie(keyName, sigInfo) = prepareSignatureInfo(params);
445 
446  Name signedName = interest.getName();
447  signedName.append(sigInfo.wireEncode()); // signatureInfo
448 
449  Block sigValue = sign(signedName.wireEncode().value(), signedName.wireEncode().value_size(),
450  keyName, params.getDigestAlgorithm());
451 
452  sigValue.encode();
453  signedName.append(sigValue); // signatureValue
454  interest.setName(signedName);
455 }
456 
457 Block
458 KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const SigningInfo& params)
459 {
460  Name keyName;
461  SignatureInfo sigInfo;
462  std::tie(keyName, sigInfo) = prepareSignatureInfo(params);
463 
464  return sign(buffer, bufferLength, keyName, params.getDigestAlgorithm());
465 }
466 
467 // public: PIB/TPM creation helpers
468 
469 static inline std::tuple<std::string/*type*/, std::string/*location*/>
470 parseLocatorUri(const std::string& uri)
471 {
472  size_t pos = uri.find(':');
473  if (pos != std::string::npos) {
474  return std::make_tuple(uri.substr(0, pos), uri.substr(pos + 1));
475  }
476  else {
477  return std::make_tuple(uri, "");
478  }
479 }
480 
481 std::tuple<std::string/*type*/, std::string/*location*/>
482 KeyChain::parseAndCheckPibLocator(const std::string& pibLocator)
483 {
484  std::string pibScheme, pibLocation;
485  std::tie(pibScheme, pibLocation) = parseLocatorUri(pibLocator);
486 
487  if (pibScheme.empty()) {
488  pibScheme = getDefaultPibScheme();
489  }
490 
491  auto pibFactory = getPibFactories().find(pibScheme);
492  if (pibFactory == getPibFactories().end()) {
493  BOOST_THROW_EXCEPTION(KeyChain::Error("PIB scheme `" + pibScheme + "` is not supported"));
494  }
495 
496  return std::make_tuple(pibScheme, pibLocation);
497 }
498 
499 unique_ptr<Pib>
500 KeyChain::createPib(const std::string& pibLocator)
501 {
502  std::string pibScheme, pibLocation;
503  std::tie(pibScheme, pibLocation) = parseAndCheckPibLocator(pibLocator);
504  auto pibFactory = getPibFactories().find(pibScheme);
505  BOOST_ASSERT(pibFactory != getPibFactories().end());
506  return unique_ptr<Pib>(new Pib(pibScheme, pibLocation, pibFactory->second(pibLocation)));
507 }
508 
509 std::tuple<std::string/*type*/, std::string/*location*/>
510 KeyChain::parseAndCheckTpmLocator(const std::string& tpmLocator)
511 {
512  std::string tpmScheme, tpmLocation;
513  std::tie(tpmScheme, tpmLocation) = parseLocatorUri(tpmLocator);
514 
515  if (tpmScheme.empty()) {
516  tpmScheme = getDefaultTpmScheme();
517  }
518  auto tpmFactory = getTpmFactories().find(tpmScheme);
519  if (tpmFactory == getTpmFactories().end()) {
520  BOOST_THROW_EXCEPTION(KeyChain::Error("TPM scheme `" + tpmScheme + "` is not supported"));
521  }
522 
523  return std::make_tuple(tpmScheme, tpmLocation);
524 }
525 
526 unique_ptr<Tpm>
527 KeyChain::createTpm(const std::string& tpmLocator)
528 {
529  std::string tpmScheme, tpmLocation;
530  std::tie(tpmScheme, tpmLocation) = parseAndCheckTpmLocator(tpmLocator);
531  auto tpmFactory = getTpmFactories().find(tpmScheme);
532  BOOST_ASSERT(tpmFactory != getTpmFactories().end());
533  return unique_ptr<Tpm>(new Tpm(tpmScheme, tpmLocation, tpmFactory->second(tpmLocation)));
534 }
535 
536 // private: signing
537 
538 Certificate
539 KeyChain::selfSign(Key& key)
540 {
541  Certificate certificate;
542 
543  // set name
544  Name certificateName = key.getName();
545  certificateName
546  .append("self")
547  .appendVersion();
548  certificate.setName(certificateName);
549 
550  // set metainfo
551  certificate.setContentType(tlv::ContentType_Key);
552  certificate.setFreshnessPeriod(1_h);
553 
554  // set content
555  certificate.setContent(key.getPublicKey().data(), key.getPublicKey().size());
556 
557  // set signature-info
558  SignatureInfo signatureInfo;
559  // Note time::system_clock::max() or other NotAfter date results in incorrect encoded value
560  // because of overflow during conversion to boost::posix_time::ptime (bug #3915).
561  signatureInfo.setValidityPeriod(ValidityPeriod(time::system_clock::TimePoint(),
562  time::system_clock::now() + 20 * 365_days));
563 
564  sign(certificate, SigningInfo(key).setSignatureInfo(signatureInfo));
565 
566  key.addCertificate(certificate);
567  return certificate;
568 }
569 
570 std::tuple<Name, SignatureInfo>
571 KeyChain::prepareSignatureInfo(const SigningInfo& params)
572 {
573  SignatureInfo sigInfo = params.getSignatureInfo();
574 
575  Name identityName;
576  name::Component keyId;
577  Name certificateName;
578 
579  pib::Identity identity;
580  pib::Key key;
581 
582  switch (params.getSignerType()) {
584  try {
585  identity = m_pib->getDefaultIdentity();
586  }
587  catch (const Pib::Error&) { // no default identity, use sha256 for signing.
588  sigInfo.setSignatureType(tlv::DigestSha256);
589  return std::make_tuple(SigningInfo::getDigestSha256Identity(), sigInfo);
590  }
591  break;
592  }
594  identity = params.getPibIdentity();
595  if (!identity) {
596  try {
597  identity = m_pib->getIdentity(params.getSignerName());
598  }
599  catch (const Pib::Error&) {
600  BOOST_THROW_EXCEPTION(InvalidSigningInfoError("Signing identity `" +
601  params.getSignerName().toUri() + "` does not exist"));
602  }
603  }
604  break;
605  }
607  key = params.getPibKey();
608  if (!key) {
609  Name identityName = extractIdentityFromKeyName(params.getSignerName());
610 
611  try {
612  identity = m_pib->getIdentity(identityName);
613  key = identity.getKey(params.getSignerName());
614  identity = Identity(); // we will use the PIB key instance, so reset identity;
615  }
616  catch (const Pib::Error&) {
617  BOOST_THROW_EXCEPTION(InvalidSigningInfoError("Signing key `" +
618  params.getSignerName().toUri() + "` does not exist"));
619  }
620  }
621  break;
622  }
624  Name identityName = extractIdentityFromCertName(params.getSignerName());
625  Name keyName = extractKeyNameFromCertName(params.getSignerName());
626 
627  try {
628  identity = m_pib->getIdentity(identityName);
629  key = identity.getKey(keyName);
630  }
631  catch (const Pib::Error&) {
632  BOOST_THROW_EXCEPTION(InvalidSigningInfoError("Signing certificate `" +
633  params.getSignerName().toUri() + "` does not exist"));
634  }
635 
636  break;
637  }
639  sigInfo.setSignatureType(tlv::DigestSha256);
640  return std::make_tuple(SigningInfo::getDigestSha256Identity(), sigInfo);
641  }
642  default: {
643  BOOST_THROW_EXCEPTION(InvalidSigningInfoError("Unrecognized signer type " +
644  boost::lexical_cast<std::string>(params.getSignerType())));
645  }
646  }
647 
648  if (!identity && !key) {
649  BOOST_THROW_EXCEPTION(InvalidSigningInfoError("Cannot determine signing parameters"));
650  }
651 
652  if (identity && !key) {
653  try {
654  key = identity.getDefaultKey();
655  }
656  catch (const Pib::Error&) {
657  BOOST_THROW_EXCEPTION(InvalidSigningInfoError("Signing identity `" + identity.getName().toUri() +
658  "` does not have a default certificate"));
659  }
660  }
661 
662  BOOST_ASSERT(key);
663 
664  sigInfo.setSignatureType(getSignatureType(key.getKeyType(), params.getDigestAlgorithm()));
665  sigInfo.setKeyLocator(KeyLocator(key.getName()));
666 
667  NDN_LOG_TRACE("Prepared signature info: " << sigInfo);
668  return std::make_tuple(key.getName(), sigInfo);
669 }
670 
671 Block
672 KeyChain::sign(const uint8_t* buf, size_t size,
673  const Name& keyName, DigestAlgorithm digestAlgorithm) const
674 {
675  if (keyName == SigningInfo::getDigestSha256Identity())
676  return Block(tlv::SignatureValue, util::Sha256::computeDigest(buf, size));
677 
678  return Block(tlv::SignatureValue, m_tpm->sign(buf, size, keyName, digestAlgorithm));
679 }
680 
682 KeyChain::getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm)
683 {
684  switch (keyType) {
685  case KeyType::RSA:
687  case KeyType::EC:
689  default:
690  BOOST_THROW_EXCEPTION(Error("Unsupported key types"));
691  }
692 }
693 
694 } // namespace v2
695 } // namespace security
696 } // namespace ndn
void deleteKey(const Identity &identity, const Key &key)
Delete a key key of identity.
Definition: key-chain.cpp:279
Key getKey(const Name &keyName) const
Get a key with id keyName.
Definition: identity.cpp:55
Copyright (c) 2011-2015 Regents of the University of California.
std::string toUri() const
Get URI representation of the name.
Definition: name.cpp:117
The certificate following the certificate format naming convention.
Definition: certificate.hpp:81
represents a semantic error
Definition: pib.hpp:56
const Name & getName() const
Get name.
Definition: data.hpp:128
Buffer getPublicKey() const
Get public key bits (in PKCS#8 format)
Represents a SignatureInfo TLV element.
const Key & setDefaultKey(const Name &keyName) const
Set an existing key with keyName as the default key.
Definition: identity.cpp:67
The interface of signing key management.
Definition: key-chain.hpp:46
void removeKey(const Name &keyName) const
Remove a key with keyName.
Definition: identity.cpp:49
void addCertificate(const Key &key, const Certificate &certificate)
Add a certificate certificate for key.
Definition: key-chain.cpp:308
const Block & getContent() const
Get Content.
Definition: data.cpp:234
Key createKey(const Identity &identity, const KeyParams &params=getDefaultKeyParams())
Create a key for identity according to params.
Definition: key-chain.cpp:261
NDN_CXX_V2_KEYCHAIN_REGISTER_TPM_BACKEND(BackEndFile)
Name getIdentity() const
Get identity name.
Definition: certificate.cpp:87
Data & setSignature(const Signature &signature)
Set Signature.
Definition: data.cpp:274
DigestAlgorithm getDigestAlgorithm() const
Name extractKeyNameFromCertName(const Name &certName)
Extract key name from the certificate name certName.
static std::tuple< std::string, std::string > parseLocatorUri(const std::string &uri)
Definition: key-chain.cpp:470
RSA key, supports sign/verify and encrypt/decrypt operations.
KeyChain()
Constructor to create KeyChain with default PIB and TPM.
Definition: key-chain.cpp:158
Represents a TLV element of NDN packet format.
Definition: block.hpp:42
Error indicating that the supplied TPM locator does not match the locator stored in PIB...
Definition: key-chain.hpp:62
Represents an Interest packet.
Definition: interest.hpp:42
use sha256 digest, no signer needs to be specified
Abstraction of public key in crypto transformation.
Definition: public-key.hpp:35
static time_point now() noexcept
Definition: time.cpp:46
Name & append(const Component &component)
Append a component.
Definition: name.hpp:256
Signing parameters passed to KeyChain.
void deleteCertificate(const Key &key, const Name &certificateName)
delete a certificate with name certificateName of key.
Definition: key-chain.cpp:322
const Buffer & getEncryptedKeyBag() const
Get the private key in PKCS#8 from safe bag.
Definition: safe-bag.hpp:105
Buffer::const_iterator value_begin() const
Get begin iterator of TLV-VALUE.
Definition: block.hpp:255
Identity createIdentity(const Name &identityName, const KeyParams &params=getDefaultKeyParams())
Create an identity identityName.
Definition: key-chain.cpp:215
void importSafeBag(const SafeBag &safeBag, const char *pw, size_t pwLen)
Import a pair of certificate and its corresponding private key encapsulated in a SafeBag.
Definition: key-chain.cpp:360
KeyType
The type of a cryptographic key.
static const std::string & getScheme()
#define NDN_LOG_INIT(name)
declare a log module
Definition: logger.hpp:32
size_t wireEncode(EncodingImpl< TAG > &encoder) const
Fast encoding or block size estimation.
shared_ptr< SafeBag > exportSafeBag(const Certificate &certificate, const char *pw, size_t pwLen)
Export a certificate and its corresponding private key.
Definition: key-chain.cpp:343
#define NDN_LOG_DEBUG(expression)
Definition: logger.hpp:35
const Data & getCertificate() const
Get the certificate data packet from safe bag.
Definition: safe-bag.hpp:96
A frontend handle of a key instance.
Definition: key.hpp:49
static const std::string & getScheme()
Interest & setName(const Name &name)
Definition: interest.hpp:143
no signer is specified, use default setting or follow the trust schema
ndn security pib Pib
Definition: pib.cpp:30
NDN_CXX_V2_KEYCHAIN_REGISTER_PIB_BACKEND(PibSqlite3)
static const std::string & getScheme()
void setDefaultCertificate(const Key &key, const Certificate &certificate)
Set cert as the default certificate of key.
Definition: key-chain.cpp:334
void setDefaultIdentity(const Identity &identity)
Set identity as the default identity.
Definition: key-chain.cpp:253
Name getKeyName() const
Get key name.
Definition: certificate.cpp:81
Buffer::const_iterator value_end() const
Get end iterator of TLV-VALUE.
Definition: block.hpp:264
static const SigningInfo & getDefaultSigningInfo()
Definition: key-chain.cpp:143
void loadPkcs8(const uint8_t *buf, size_t size)
Load the public key in PKCS#8 format from a buffer buf.
Definition: public-key.cpp:88
NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE DigestAlgorithm digestAlgorithm
Definition: key-chain.hpp:333
Elliptic Curve key (e.g. for ECDSA), supports sign/verify operations.
static const Name & getDigestSha256Identity()
A localhost identity to indicate that the signature is generated using SHA-256.
Use the SHA256 hash of the public key as the key id.
Represents an absolute name.
Definition: name.hpp:42
const Name & getName() const
Get key name.
Definition: key.cpp:38
signer is a certificate, use it directly
unique_ptr< Transform > verifierFilter(DigestAlgorithm algo, const PublicKey &key, const uint8_t *sig, size_t sigLen)
SignatureTypeValue
Definition: tlv.hpp:111
signer is a key, use its default certificate
time_point TimePoint
Definition: time.hpp:196
void sign(Data &data, const SigningInfo &params=getDefaultSigningInfo())
Sign data according to the supplied signing information.
Definition: key-chain.cpp:423
const v2::Certificate & setDefaultCertificate(const Name &certName) const
Set an existing certificate with certName as the default certificate.
Definition: key.cpp:86
Represents a name component.
void deleteIdentity(const Identity &identity)
delete identity.
Definition: key-chain.cpp:239
static bool isValidName(const Name &certName)
Check if the specified name follows the naming convention for the certificate.
static const KeyParams & getDefaultKeyParams()
Definition: key-chain.cpp:150
a secured container for sensitive information(certificate, private key)
Definition: safe-bag.hpp:37
void setDefaultKey(const Identity &identity, const Key &key)
Set key as the default key of identity.
Definition: key-chain.cpp:295
void encode()
Encode sub elements into TLV-VALUE.
Definition: block.cpp:364
const Name & getName() const
Get the name of the identity.
Definition: identity.cpp:37
const v2::Certificate & getDefaultCertificate() const
Get the default certificate for this Key.
Definition: key.cpp:98
size_t wireEncode(EncodingImpl< TAG > &encoder, bool wantUnsignedPortionOnly=false) const
Prepend wire encoding to encoder in NDN Packet Format v0.2.
Definition: data.cpp:48
indicates content is a public key
Definition: tlv.hpp:148
Base class of key parameters.
Definition: key-params.hpp:35
signer is an identity, use its default key and default certificate
const Buffer & getPublicKey() const
Get public key bits.
Definition: key.cpp:56
A frontend handle of an Identity.
Definition: identity.hpp:42
ConstBufferPtr computeDigest()
Finalize and return the digest based on all previously supplied inputs.
Definition: sha256.cpp:63
size_t wireEncode(EncodingImpl< TAG > &encoder) const
Fast encoding or block size estimation.
Definition: name.cpp:126
const KeyContainer & getKeys() const
Get all keys for this identity.
Definition: identity.cpp:61
#define NDN_LOG_TRACE(expression)
Definition: logger.hpp:34
Represents a Data packet.
Definition: data.hpp:35
SimplePublicKeyParams is a template for public keys with only one parameter: size.
Definition: key-params.hpp:153
Name extractIdentityFromKeyName(const Name &keyName)
Extract identity namespace from the key name keyName.
Definition: key.cpp:160
General-purpose automatically managed/resized buffer.
Definition: buffer.hpp:40
void removeCertificate(const Name &certName) const
Remove a certificate with certName.
Definition: key.cpp:68
const Name & getIdentity() const
Get the name of the belonging identity.
Definition: key.cpp:44
unique_ptr< Sink > boolSink(bool &value)
Definition: bool-sink.cpp:51
EncodingImpl< EncoderTag > EncodingBuffer
const Name & getName() const
Definition: interest.hpp:137
Holds SignatureInfo and SignatureValue in a Data packet.
Definition: signature.hpp:37
shared_ptr< const Buffer > ConstBufferPtr
Definition: buffer.hpp:89
Name extractIdentityFromCertName(const Name &certName)
Extract identity namespace from the certificate name certName.