blob: a7febc2fa27e68860638bf55f21d6e1df774dfcb [file] [log] [blame]
Jeff Thompson2747dc02013-10-04 19:11:34 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
3 * Copyright (C) 2013 Regents of the University of California.
4 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
5 * See COPYING for copyright and distribution information.
6 */
7
8#ifndef NDN_OSX_PRIVATEKEY_STORAGE_H
9#define NDN_OSX_PRIVATEKEY_STORAGE_H
10
11// Only compile if config.h defines HAVE_OSX_SECKEYCHAIN 1.
12#include "../../c/common.h"
13#if 0 // temporarily disable.
14//#if HAVE_OSX_SECKEYCHAIN
15
16#include "../../common.hpp"
17#include "private-key-storage.hpp"
18
19#include <CoreFoundation/CoreFoundation.h>
20#include <Security/Security.h>
21#include <CoreServices/CoreServices.h>
22
23namespace ndn
24{
25
26class OSXPrivateKeyStorage : public PrivateKeyStorage {
27public:
28 /**
29 * constructor of OSXPrivateKeyStorage
30 * @param keychainName the name of keychain
31 */
32 OSXPrivateKeyStorage(const std::string & keychainName = "");
33
34 /**
35 * destructor of OSXPrivateKeyStore
36 */
37 virtual
38 ~OSXPrivateKeyStorage();
39
40 /**
41 * Generate a pair of asymmetric keys.
42 * @param keyName The name of the key pair.
43 * @param keyType The type of the key pair, e.g. KEY_TYPE_RSA.
44 * @param keySize The size of the key pair.
45 */
46 virtual void
47 generateKeyPair(const Name& keyName, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048);
48
49 /**
50 * Get the public key
51 * @param keyName The name of public key.
52 * @return The public key.
53 */
54 virtual ptr_lib::shared_ptr<PublicKey>
55 getPublicKey(const Name& keyName);
56
57 /**
58 * Fetch the private key for keyName and sign the data, returning a signature Blob.
59 * @param data Pointer to the input byte array.
60 * @param dataLength The length of data.
61 * @param keyName The name of the signing key.
62 * @param digestAlgorithm the digest algorithm.
63 * @return The signature, or a null pointer if signing fails.
64 */
65 virtual Blob
66 sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256);
67
68 /**
69 * Decrypt data.
70 * @param keyName The name of the decrypting key.
71 * @param data The byte to be decrypted.
72 * @param dataLength the length of data.
73 * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
74 * @return The decrypted data.
75 */
76 virtual Blob
77 decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false);
78
79 /**
80 * Encrypt data.
81 * @param keyName The name of the encrypting key.
82 * @param data The byte to be encrypted.
83 * @param dataLength the length of data.
84 * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
85 * @return The encrypted data.
86 */
87 virtual Blob
88 encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false);
89
90 /**
91 * Generate a symmetric key.
92 * @param keyName The name of the key.
93 * @param keyType The type of the key, e.g. KEY_TYPE_AES.
94 * @param keySize The size of the key.
95 */
96 virtual void
97 generateKey(const Name& keyName, KeyType keyType = KEY_TYPE_AES, int keySize = 256);
98
99 /**
100 * Check if a particular key exists.
101 * @param keyName The name of the key.
102 * @param keyClass The class of the key, e.g. KEY_CLASS_PUBLIC, KEY_CLASS_PRIVATE, or KEY_CLASS_SYMMETRIC.
103 * @return True if the key exists, otherwise false.
104 */
105 virtual bool
106 doesKeyExist(const Name& keyName, KeyClass keyClass);
107
108 /**
109 * configure ACL of a particular key
110 * @param keyName the name of key
111 * @param keyClass the class of key, e.g. Private Key
112 * @param acl the new acl of the key
113 * @param appPath the absolute path to the application
114 * @returns true if setting succeeds
115 */
116 bool
117 setACL(const Name & keyName, KeyClass keyClass, int acl, const std::string & appPath);
118
119 /**
120 * verify data (test only)
121 * @param keyName the name of key
122 * @param pData the data to be verified
123 * @param pSig the signature associated with the data
124 * @param digestAlgo digest algorithm
125 * @return true if signature can be verified, otherwise false
126 */
127 bool
128 verifyData(const Name & keyName, const Blob & pData, const Blob & pSig, DigestAlgorithm digestAlgo = DIGEST_ALGORITHM_SHA256);
129
130 private:
131 /**
132 * convert NDN name of a key to internal name of the key
133 * @param keyName the NDN name of the key
134 * @param keyClass the class of the key
135 * @return the internal key name
136 */
137 std::string
138 toInternalKeyName(const Name & keyName, KeyClass keyClass);
139
140 /**
141 * Get key
142 * @param keyName the name of the key
143 * @param keyClass the class of the key
144 * @returns pointer to the key
145 */
146 SecKeychainItemRef
147 getKey(const Name & keyName, KeyClass keyClass);
148
149 /**
150 * convert keyType to MAC OS symmetric key key type
151 * @param keyType
152 * @returns MAC OS key type
153 */
154 const CFTypeRef
155 getSymKeyType(KeyType keyType);
156
157 /**
158 * convert keyType to MAC OS asymmetirc key type
159 * @param keyType
160 * @returns MAC OS key type
161 */
162 const CFTypeRef
163 getAsymKeyType(KeyType keyType);
164
165 /**
166 * convert keyClass to MAC OS key class
167 * @param keyClass
168 * @returns MAC OS key class
169 */
170 const CFTypeRef
171 getKeyClass(KeyClass keyClass);
172
173 /**
174 * convert digestAlgo to MAC OS algorithm id
175 * @param digestAlgo
176 * @returns MAC OS algorithm id
177 */
178 const CFStringRef
179 getDigestAlgorithm(DigestAlgorithm digestAlgo);
180
181 /**
182 * convert format to MAC OS key format
183 * @param format
184 * @returns MAC OS keyformat
185 */
186 SecExternalFormat
187 getFormat(KeyFormat format);
188
189 /**
190 * get the digest size of the corresponding algorithm
191 * @param digestAlgo the digest algorithm
192 * @return digest size
193 */
194 long
195 getDigestSize(DigestAlgorithm digestAlgo);
196
197 const std::string keyChainName_;
198 SecKeychainRef keyChainRef_;
199 SecKeychainRef originalDefaultKeyChain_;
200};
201
202}
203
204#endif HAVE_OSX_SECKEYCHAIN
205
206#endif