Gitiles
Code Review Sign In
gerrit.named-data.net / name-based-access-control / refs/heads/master / . / src / group-manager.hpp
blob: afb73494f95d1e7cd570db7564da47585af7ed08 [file] [log] [blame]
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Alexander Afanasyev9091d832018-04-18 17:21:08 -0400[diff] [blame]3 * Copyright (c) 2014-2018, Regents of the University of California
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]4 *
Alexander Afanasyev9091d832018-04-18 17:21:08 -0400[diff] [blame]5 * This file is part of NAC (Name-Based Access Control for NDN).
6 * See AUTHORS.md for complete list of NAC authors and contributors.
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]7 *
Alexander Afanasyev9091d832018-04-18 17:21:08 -0400[diff] [blame]8 * NAC is free software: you can redistribute it and/or modify it under the terms
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]9 * of the GNU General Public License as published by the Free Software Foundation,
10 * either version 3 of the License, or (at your option) any later version.
11 *
Alexander Afanasyev9091d832018-04-18 17:21:08 -0400[diff] [blame]12 * NAC is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]13 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
14 * PURPOSE. See the GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
Alexander Afanasyev9091d832018-04-18 17:21:08 -0400[diff] [blame]17 * NAC, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]18 *
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame]19 * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]20 */
21
Alexander Afanasyev9091d832018-04-18 17:21:08 -0400[diff] [blame]22#ifndef NDN_NAC_GROUP_MANAGER_HPP
23#define NDN_NAC_GROUP_MANAGER_HPP
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]24
25#include "group-manager-db.hpp"
26#include "algo/rsa.hpp"
27
28#include <ndn-cxx/security/key-chain.hpp>
29
30namespace ndn {
Alexander Afanasyev9091d832018-04-18 17:21:08 -0400[diff] [blame]31namespace nac {
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]32
33class GroupManager
34{
35public:
36 class Error : public std::runtime_error
37 {
38 public:
Alexander Afanasyev9091d832018-04-18 17:21:08 -0400[diff] [blame]39 using std::runtime_error::runtime_error;
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]40 };
41
42public:
Yingdi Yu4467c112015-10-19 09:27:45 -0700[diff] [blame]43 /**
44 * @brief Create group manager
45 *
Alexander Afanasyev9d7f8fe2016-08-05 11:28:06 -0700[diff] [blame]46 * The namespace of group manager is /[prefix]/read/[dataType]/
Yingdi Yu4467c112015-10-19 09:27:45 -0700[diff] [blame]47 * The group management information (including user cert, schedule) is stored in a database
Yingdi Yu8c43fcc2016-03-09 18:23:57 -0800[diff] [blame]48 * at @p dbPath.
49 * The group key will be an RSA key with @p paramLength bits.
50 * The FreshnessPeriod of data packet carrying the keys will be set to @p freshPeriod hours.
Yingdi Yu4467c112015-10-19 09:27:45 -0700[diff] [blame]51 */
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame]52 GroupManager(const Name& prefix,
53 const Name& dataType,
54 const std::string& dbPath,
55 const int paramLength,
56 const int freshPeriod);
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]57
58 /**
59 * @brief Create a group key for interval which
60 * @p timeslot falls into
61 *
62 * This method creates a group key if it does not
63 * exist, and encrypts the key using public key of
Zhiyi Zhang67f90aa2016-10-16 14:29:15 -0700[diff] [blame]64 * all eligible members.
65 *
66 * @p needRegenerate should be true if 1.first time to call 2.a member was removed
67 * and it can be false if 1.not the first time to call 2.a member was added
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]68 *
69 * @returns The group key (the first one is the
70 * public key, and the rest are encrypted
71 * private key.
72 */
73 std::list<Data>
Zhiyi Zhang67f90aa2016-10-16 14:29:15 -0700[diff] [blame]74 getGroupKey(const TimeStamp& timeslot, bool needRegenerate = true);
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]75
76 /// @brief Add @p schedule with @p scheduleName
77 void
78 addSchedule(const std::string& scheduleName, const Schedule& schedule);
79
80 /// @brief Delete schedule with name @p scheduleName
81 void
82 deleteSchedule(const std::string& scheduleName);
83
84 /// @brief Update a schedule by name @p scheduleName with a new @p schedule
85 void
86 updateSchedule(const std::string& scheduleName, const Schedule& schedule);
87
88 /// @brief Add @p memCert with @p scheduleName
89 void
90 addMember(const std::string& scheduleName, const Data& memCert);
91
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame]92 void
93 addMember(const std::string& scheduleName, const Name& keyName, const Buffer& key);
94
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]95 /// @brief Remove member with name @p identity from the group.
96 void
97 removeMember(const Name& identity);
98
99 /// @brief Update @p member with a schedule of @p schedule Name.
100 void
101 updateMemberSchedule(const Name& identity, const std::string& scheduleName);
102
Alexander Afanasyev9091d832018-04-18 17:21:08 -0400[diff] [blame]103PUBLIC_WITH_TESTS_ELSE_PRIVATE:
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]104 /**
105 * @brief Calculate interval that covers @p timeslot
106 * and fill @p memberKeys with the info of members who is allowed to access the interval.
107 */
108 Interval
109 calculateInterval(const TimeStamp& timeslot, std::map<Name, Buffer>& certMap);
110
111 /**
112 * @brief Generate rsa key pairs according to the member variable m_paramLength.
113 * @p priKeyBuf The generated private key buffer
114 * @p pubKeyBuf The generated public key buffer
115 */
116 void
117 generateKeyPairs(Buffer& priKeyBuf, Buffer& pubKeyBuf) const;
118
119 /// @brief Create E-KEY data.
120 Data
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame]121 createEKeyData(const std::string& startTs, const std::string& endTs, const Buffer& pubKeyBuf);
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]122
123 /// @brief Create D-KEY data.
124 Data
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame]125 createDKeyData(const std::string& startTs,
126 const std::string& endTs,
127 const Name& keyName,
128 const Buffer& priKeyBuf,
129 const Buffer& certKey);
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]130
Zhiyi Zhang67f90aa2016-10-16 14:29:15 -0700[diff] [blame]131 /// @brief Add a EKey to the database
132 void
133 addEKey(const Name& eKeyName, const Buffer& pubKey, const Buffer& priKey);
134
135 /// @brief Get the key pair from the database
136 std::tuple<Buffer, Buffer>
137 getEKey(const Name& eKeyName);
138
139 /// @brief Delete a EKey to the database
140 void
141 deleteEKey(const Name& eKeyName);
142
143 /// @brief The method should be called periodically because the table size will keep growing
144 void
145 cleanEKeys();
146
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]147private:
148 Name m_namespace;
149 GroupManagerDB m_db;
150 int m_paramLength;
151 int m_freshPeriod;
152
153 KeyChain m_keyChain;
154};
155
Alexander Afanasyev9091d832018-04-18 17:21:08 -0400[diff] [blame]156} // namespace nac
Zhiyi Zhang84986cc2015-09-21 00:26:07 +0800[diff] [blame]157} // namespace ndn
158
Alexander Afanasyev9091d832018-04-18 17:21:08 -0400[diff] [blame]159#endif // NDN_NAC_GROUP_MANAGER_HPP