blob: 2b82d3179385b1bb29fbb316a1f55819d80b33d1 [file] [log] [blame]
Alexander Afanasyev1a21e102018-06-13 20:33:21 -04001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2014-2018, Regents of the University of California
4 *
5 * NAC library is free software: you can redistribute it and/or modify it under the
6 * terms of the GNU Lesser General Public License as published by the Free Software
7 * Foundation, either version 3 of the License, or (at your option) any later version.
8 *
9 * NAC library is distributed in the hope that it will be useful, but WITHOUT ANY
10 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
11 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
12 *
13 * You should have received copies of the GNU General Public License and GNU Lesser
14 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
15 * <http://www.gnu.org/licenses/>.
16 *
17 * See AUTHORS.md for complete list of NAC library authors and contributors.
18 */
19
20#ifndef NDN_NAC_ENCRYPTOR_HPP
21#define NDN_NAC_ENCRYPTOR_HPP
22
23#include "common.hpp"
24#include "encrypted-content.hpp"
25
26namespace ndn {
27namespace nac {
28
29/**
30 * @brief NAC Encryptor
31 *
32 * Encryptor encrypts the requested content and returns ``EncryptedContent`` element.
33 */
34class Encryptor
35{
36public:
37 /**
38 * @param accessPrefix NAC prefix to fetch KEK (e.g., /access/prefix/NAC/data/subset)
39 * @param ckPrefix Prefix under which Content Keys will be generated
40 * (each will have unique version appended)
41 * @param ckDataSigningInfo SigningInfo parameters to sign CK Data
42 * @param onFailure Callback to notify application of a failure to create CK data
Alexander Afanasyevda366d82018-06-29 18:18:02 -040043 * (failed to fetch KEK, failed to encrypt with KEK, etc.).
44 * Note that Encryptor will continue trying to retrieve KEK until success
45 * (each attempt separated by `RETRY_DELAY_KEK_RETRIEVAL`) and @p onFailure
46 * may be called multiple times.
Alexander Afanasyev1a21e102018-06-13 20:33:21 -040047 * @param validator Validation policy to ensure correctness of KEK
48 * @param keyChain KeyChain
49 * @param face Face that will be used to fetch KEK and publish CK data
50 */
51 Encryptor(const Name& accessPrefix,
52 const Name& ckPrefix, SigningInfo ckDataSigningInfo,
53 const ErrorCallback& onFailure,
54 Validator& validator, KeyChain& keyChain, Face& face);
55
56 ~Encryptor();
57
58 /**
59 * Synchronously encrypt supplied data
60 *
61 * If KEK has not been fetched already, this method will trigger async fetching of it.
62 * After KEK successfully fetched, CK data will be automatically published.
63 *
64 * @todo For now, CK is being published in InMemoryStorage and can be fetched only while
65 * Encryptor instance is alive.
66 *
67 * The actual encryption is done synchronously, but the exact KDK name is not known
68 * until KEK is fetched.
69 *
70 * Note that if the KDK name is already known, this method will call onReady right away.
71 *
72 * @return Encrypted content
73 */
74 EncryptedContent
75 encrypt(const uint8_t* data, size_t size);
76
77 /**
78 * @brief Create a new content key and publish the corresponding CK data
79 *
80 * @todo Ensure that CK data packet for the old CK is published, when CK updated
81 * before KEK fetched
82 */
83 void
Alexander Afanasyevda366d82018-06-29 18:18:02 -040084 regenerateCk();
Alexander Afanasyev1a21e102018-06-13 20:33:21 -040085
86public: // accessor interface for published data packets
87
88 /** @return{ number of packets stored in in-memory storage }
89 */
90 size_t
91 size() const
92 {
93 return m_ims.size();
94 }
95
96 /** @brief Returns begin iterator of the in-memory storage ordered by
97 * name with digest
98 *
99 * @return{ const_iterator pointing to the beginning of m_cache }
100 */
101 InMemoryStorage::const_iterator
102 begin() const
103 {
104 return m_ims.begin();
105 }
106
107 /** @brief Returns end iterator of the in-memory storage ordered by
108 * name with digest
109 *
110 * @return{ const_iterator pointing to the end of m_cache }
111 */
112 InMemoryStorage::const_iterator
113 end() const
114 {
115 return m_ims.end();
116 }
117
118private:
119 void
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400120 retryFetchingKek();
121
122 void
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400123 fetchKekAndPublishCkData(const std::function<void()>& onReady,
124 const ErrorCallback& onFailure,
125 size_t nTriesLeft);
126
Alexander Afanasyevc9934282018-07-17 18:41:36 -0400127 bool
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400128 makeAndPublishCkData(const ErrorCallback& onFailure);
129
Alexander Afanasyevc9934282018-07-17 18:41:36 -0400130PUBLIC_WITH_TESTS_ELSE_PRIVATE:
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400131 Name m_accessPrefix;
132 Name m_ckPrefix;
133 Name m_ckName;
134 Buffer m_ckBits;
135 SigningInfo m_ckDataSigningInfo;
136
137 bool m_isKekRetrievalInProgress;
138 optional<Data> m_kek;
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400139 ErrorCallback m_onFailure;
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400140
141 InMemoryStoragePersistent m_ims; // for encrypted CKs
142 const RegisteredPrefixId* m_ckRegId = nullptr;
143 const PendingInterestId* m_kekPendingInterest = nullptr;
144
145 KeyChain& m_keyChain;
146 Face& m_face;
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400147 Scheduler m_scheduler;
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400148};
149
150} // namespace nac
151} // namespace ndn
152
153#endif // NDN_NAC_ENCRYPTOR_HPP