v2/key-chain.hpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
22 #ifndef NDN_SECURITY_V2_KEY_CHAIN_HPP
23 #define NDN_SECURITY_V2_KEY_CHAIN_HPP
24 
25 #include "../security-common.hpp"
26 #include "certificate.hpp"
27 #include "../key-params.hpp"
28 #include "../pib/pib.hpp"
29 #include "../safe-bag.hpp"
30 #include "../signing-info.hpp"
31 #include "../tpm/tpm.hpp"
32 #include "../../interest.hpp"
33 
34 namespace ndn {
35 namespace security {
36 namespace v2 {
37 
46 class KeyChain : noncopyable
47 {
48 public:
49  class Error : public std::runtime_error
50  {
51  public:
52  explicit
53  Error(const std::string& what)
54  : std::runtime_error(what)
55  {
56  }
57  };
58 
62  class LocatorMismatchError : public Error
63  {
64  public:
65  explicit
66  LocatorMismatchError(const std::string& what)
67  : Error(what)
68  {
69  }
70  };
71 
75  class InvalidSigningInfoError : public Error
76  {
77  public:
78  explicit
79  InvalidSigningInfoError(const std::string& what)
80  : Error(what)
81  {
82  }
83  };
84 
95  KeyChain();
96 
107  KeyChain(const std::string& pibLocator, const std::string& tpmLocator, bool allowReset = false);
108 
109  ~KeyChain();
110 
111  const Pib&
112  getPib() const
113  {
114  return *m_pib;
115  }
116 
117  const Tpm&
118  getTpm() const
119  {
120  return *m_tpm;
121  }
122 
123 public: // Identity management
141  Identity
142  createIdentity(const Name& identityName, const KeyParams& params = getDefaultKeyParams());
143 
150  void
151  deleteIdentity(const Identity& identity);
152 
157  void
158  setDefaultIdentity(const Identity& identity);
159 
160 public: // Key management
174  Key
175  createKey(const Identity& identity, const KeyParams& params = getDefaultKeyParams());
176 
185  void
186  deleteKey(const Identity& identity, const Key& key);
187 
195  void
196  setDefaultKey(const Identity& identity, const Key& key);
197 
198 public: // Certificate management
212  void
213  addCertificate(const Key& key, const Certificate& certificate);
214 
223  void
224  deleteCertificate(const Key& key, const Name& certificateName);
225 
234  void
235  setDefaultCertificate(const Key& key, const Certificate& cert);
236 
237 public: // signing
260  void
261  sign(Data& data, const SigningInfo& params = getDefaultSigningInfo());
262 
286  void
287  sign(Interest& interest, const SigningInfo& params = getDefaultSigningInfo());
288 
302  Block
303  sign(const uint8_t* buffer, size_t bufferLength, const SigningInfo& params = getDefaultSigningInfo());
304 
305 public: // export & import
315  shared_ptr<SafeBag>
316  exportSafeBag(const Certificate& certificate, const char* pw, size_t pwLen);
317 
333  void
334  importSafeBag(const SafeBag& safeBag, const char* pw, size_t pwLen);
335 
336 NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
340  static tlv::SignatureTypeValue
341  getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm);
342 
343 public: // PIB & TPM backend registry
350  template<class PibBackendType>
351  static void
352  registerPibBackend(const std::string& scheme);
353 
360  template<class TpmBackendType>
361  static void
362  registerTpmBackend(const std::string& scheme);
363 
364 private:
365  typedef std::map<std::string, function<unique_ptr<pib::PibImpl>(const std::string& location)>> PibFactories;
366  typedef std::map<std::string, function<unique_ptr<tpm::BackEnd>(const std::string& location)>> TpmFactories;
367 
368  static PibFactories&
369  getPibFactories();
370 
371  static TpmFactories&
372  getTpmFactories();
373 
374  static std::tuple<std::string/*type*/, std::string/*location*/>
375  parseAndCheckPibLocator(const std::string& pibLocator);
376 
377  static std::tuple<std::string/*type*/, std::string/*location*/>
378  parseAndCheckTpmLocator(const std::string& tpmLocator);
379 
380  static const std::string&
381  getDefaultPibScheme();
382 
383  static const std::string&
384  getDefaultTpmScheme();
385 
389  static unique_ptr<Pib>
390  createPib(const std::string& pibLocator);
391 
395  static unique_ptr<Tpm>
396  createTpm(const std::string& tpmLocator);
397 
398 NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
399  static const std::string&
400  getDefaultPibLocator();
401 
402  static const std::string&
403  getDefaultTpmLocator();
404 
405 private: // signing
414  Certificate
415  selfSign(Key& key);
416 
426  std::tuple<Name, SignatureInfo>
427  prepareSignatureInfo(const SigningInfo& params);
428 
433  Block
434  sign(const uint8_t* buf, size_t size, const Name& keyName, DigestAlgorithm digestAlgorithm) const;
435 
436 public:
437  static const SigningInfo&
438  getDefaultSigningInfo();
439 
440  static const KeyParams&
441  getDefaultKeyParams();
442 
443 private:
444  std::unique_ptr<Pib> m_pib;
445  std::unique_ptr<Tpm> m_tpm;
446 
447  static std::string s_defaultPibLocator;
448  static std::string s_defaultTpmLocator;
449 };
450 
451 template<class PibType>
452 inline void
453 KeyChain::registerPibBackend(const std::string& scheme)
454 {
455  getPibFactories().emplace(scheme, [] (const std::string& locator) {
456  return unique_ptr<pib::PibImpl>(new PibType(locator));
457  });
458 }
459 
460 template<class TpmType>
461 inline void
462 KeyChain::registerTpmBackend(const std::string& scheme)
463 {
464  getTpmFactories().emplace(scheme, [] (const std::string& locator) {
465  return unique_ptr<tpm::BackEnd>(new TpmType(locator));
466  });
467 }
468 
477 #define NDN_CXX_V2_KEYCHAIN_REGISTER_PIB_BACKEND(PibType) \
478 static class NdnCxxAuto ## PibType ## PibRegistrationClass \
479 { \
480 public: \
481  NdnCxxAuto ## PibType ## PibRegistrationClass() \
482  { \
483  ::ndn::security::v2::KeyChain::registerPibBackend<PibType>(PibType::getScheme()); \
484  } \
485 } ndnCxxAuto ## PibType ## PibRegistrationVariable
486 
495 #define NDN_CXX_V2_KEYCHAIN_REGISTER_TPM_BACKEND(TpmType) \
496 static class NdnCxxAuto ## TpmType ## TpmRegistrationClass \
497 { \
498 public: \
499  NdnCxxAuto ## TpmType ## TpmRegistrationClass() \
500  { \
501  ::ndn::security::v2::KeyChain::registerTpmBackend<TpmType>(TpmType::getScheme()); \
502  } \
503 } ndnCxxAuto ## TpmType ## TpmRegistrationVariable
504 
505 } // namespace v2
506 } // namespace security
507 } // namespace ndn
508 
509 #endif // NDN_SECURITY_V2_KEY_CHAIN_HPP
ndn::security::v2::KeyChain::deleteKey
void deleteKey(const Identity &identity, const Key &key)
Delete a key key of identity.
Definition: v2/key-chain.cpp:284
ndn
Copyright (c) 2013-2016 Regents of the University of California.
Definition: common.hpp:74
ndn::security::v2::Certificate
The certificate following the certificate format naming convention.
Definition: v2/certificate.hpp:81
ndn::security::v2::KeyChain
The interface of signing key management.
Definition: v2/key-chain.hpp:46
ndn::security::v2::KeyChain::addCertificate
void addCertificate(const Key &key, const Certificate &certificate)
Add a certificate certificate for key.
Definition: v2/key-chain.cpp:313
ndn::security::v2::KeyChain::getPib
const Pib & getPib() const
Definition: v2/key-chain.hpp:112
ndn::security::v2::KeyChain::createKey
Key createKey(const Identity &identity, const KeyParams &params=getDefaultKeyParams())
Create a key for identity according to params.
Definition: v2/key-chain.cpp:266
NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE
#define NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE
Definition: common.hpp:43
ndn::security::v2::KeyChain::KeyChain
KeyChain()
Constructor to create KeyChain with default PIB and TPM.
Definition: v2/key-chain.cpp:163
std
STL namespace.
ndn::Block
Class representing a wire element of NDN-TLV packet format.
Definition: block.hpp:43
ndn::security::v2::KeyChain::LocatorMismatchError
Error indicating that the supplied TPM locator does not match the locator stored in PIB...
Definition: v2/key-chain.hpp:62
ndn::Interest
represents an Interest packet
Definition: interest.hpp:42
ndn::security::SigningInfo
Signing parameters passed to KeyChain.
Definition: signing-info.hpp:40
ndn::security::v2::KeyChain::deleteCertificate
void deleteCertificate(const Key &key, const Name &certificateName)
delete a certificate with name certificateName of key.
Definition: v2/key-chain.cpp:327
ndn::security::v2::KeyChain::createIdentity
Identity createIdentity(const Name &identityName, const KeyParams &params=getDefaultKeyParams())
Create an identity identityName.
Definition: v2/key-chain.cpp:220
ndn::security::v2::KeyChain::importSafeBag
void importSafeBag(const SafeBag &safeBag, const char *pw, size_t pwLen)
Import a pair of certificate and its corresponding private key encapsulated in a SafeBag.
Definition: v2/key-chain.cpp:371
ndn::security::v2::KeyChain::exportSafeBag
shared_ptr< SafeBag > exportSafeBag(const Certificate &certificate, const char *pw, size_t pwLen)
export a certificate of name certificateName and its corresponding private key.
Definition: v2/key-chain.cpp:354
ndn::security::pib::Pib
ndn security pib Pib
Definition: pib.cpp:30
ndn::security::v2::KeyChain::setDefaultIdentity
void setDefaultIdentity(const Identity &identity)
Set identity as the default identity.
Definition: v2/key-chain.cpp:258
ndn::security::v2::KeyChain::registerPibBackend
static void registerPibBackend(const std::string &scheme)
Register a new PIB backend.
Definition: v2/key-chain.hpp:453
ndn::security::v2::KeyChain::getDefaultSigningInfo
static const SigningInfo & getDefaultSigningInfo()
Definition: v2/key-chain.cpp:148
ndn::security::v2::KeyChain::registerTpmBackend
static void registerTpmBackend(const std::string &scheme)
Register a new TPM backend.
Definition: v2/key-chain.hpp:462
ndn::security::v2::KeyChain::Error::Error
Error(const std::string &what)
Definition: v2/key-chain.hpp:53
ndn::Name
Name abstraction to represent an absolute name.
Definition: name.hpp:46
ndn::security::v2::KeyChain::InvalidSigningInfoError
Error indicating that the supplied SigningInfo is invalid.
Definition: v2/key-chain.hpp:75
ndn::security::v2::KeyChain::sign
void sign(Data &data, const SigningInfo &params=getDefaultSigningInfo())
Sign data according to the supplied signing information.
Definition: v2/key-chain.cpp:435
ndn::security::v2::KeyChain::deleteIdentity
void deleteIdentity(const Identity &identity)
delete identity.
Definition: v2/key-chain.cpp:244
ndn::security::v2::KeyChain::getDefaultKeyParams
static const KeyParams & getDefaultKeyParams()
Definition: v2/key-chain.cpp:155
ndn::security::SafeBag
a secured container for sensitive information(certificate, private key)
Definition: safe-bag.hpp:38
ndn::security::v2::KeyChain::setDefaultKey
void setDefaultKey(const Identity &identity, const Key &key)
Set key as the default key of identity.
Definition: v2/key-chain.cpp:300
ndn::security::v2::KeyChain::setDefaultCertificate
void setDefaultCertificate(const Key &key, const Certificate &cert)
Set cert as the default certificate of key.
Definition: v2/key-chain.cpp:339
ndn::KeyParams
Base class of key parameters.
Definition: key-params.hpp:36
ndn::security::v2::KeyChain::getTpm
const Tpm & getTpm() const
Definition: v2/key-chain.hpp:118
ndn::Data
represents a Data packet
Definition: data.hpp:37