Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame^] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /** |
| 3 | * Copyright (C) 2013 Regents of the University of California. |
| 4 | * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
| 5 | * See COPYING for copyright and distribution information. |
| 6 | */ |
| 7 | |
| 8 | #ifndef NDN_OSX_PRIVATEKEY_STORAGE_H |
| 9 | #define NDN_OSX_PRIVATEKEY_STORAGE_H |
| 10 | |
| 11 | // Only compile if config.h defines HAVE_OSX_SECKEYCHAIN 1. |
| 12 | #include "../../c/common.h" |
| 13 | #if 0 // temporarily disable. |
| 14 | //#if HAVE_OSX_SECKEYCHAIN |
| 15 | |
| 16 | #include "../../common.hpp" |
| 17 | #include "private-key-storage.hpp" |
| 18 | |
| 19 | #include <CoreFoundation/CoreFoundation.h> |
| 20 | #include <Security/Security.h> |
| 21 | #include <CoreServices/CoreServices.h> |
| 22 | |
| 23 | namespace ndn |
| 24 | { |
| 25 | |
| 26 | class OSXPrivateKeyStorage : public PrivateKeyStorage { |
| 27 | public: |
| 28 | /** |
| 29 | * constructor of OSXPrivateKeyStorage |
| 30 | * @param keychainName the name of keychain |
| 31 | */ |
| 32 | OSXPrivateKeyStorage(const std::string & keychainName = ""); |
| 33 | |
| 34 | /** |
| 35 | * destructor of OSXPrivateKeyStore |
| 36 | */ |
| 37 | virtual |
| 38 | ~OSXPrivateKeyStorage(); |
| 39 | |
| 40 | /** |
| 41 | * Generate a pair of asymmetric keys. |
| 42 | * @param keyName The name of the key pair. |
| 43 | * @param keyType The type of the key pair, e.g. KEY_TYPE_RSA. |
| 44 | * @param keySize The size of the key pair. |
| 45 | */ |
| 46 | virtual void |
| 47 | generateKeyPair(const Name& keyName, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048); |
| 48 | |
| 49 | /** |
| 50 | * Get the public key |
| 51 | * @param keyName The name of public key. |
| 52 | * @return The public key. |
| 53 | */ |
| 54 | virtual ptr_lib::shared_ptr<PublicKey> |
| 55 | getPublicKey(const Name& keyName); |
| 56 | |
| 57 | /** |
| 58 | * Fetch the private key for keyName and sign the data, returning a signature Blob. |
| 59 | * @param data Pointer to the input byte array. |
| 60 | * @param dataLength The length of data. |
| 61 | * @param keyName The name of the signing key. |
| 62 | * @param digestAlgorithm the digest algorithm. |
| 63 | * @return The signature, or a null pointer if signing fails. |
| 64 | */ |
| 65 | virtual Blob |
| 66 | sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256); |
| 67 | |
| 68 | /** |
| 69 | * Decrypt data. |
| 70 | * @param keyName The name of the decrypting key. |
| 71 | * @param data The byte to be decrypted. |
| 72 | * @param dataLength the length of data. |
| 73 | * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used. |
| 74 | * @return The decrypted data. |
| 75 | */ |
| 76 | virtual Blob |
| 77 | decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false); |
| 78 | |
| 79 | /** |
| 80 | * Encrypt data. |
| 81 | * @param keyName The name of the encrypting key. |
| 82 | * @param data The byte to be encrypted. |
| 83 | * @param dataLength the length of data. |
| 84 | * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used. |
| 85 | * @return The encrypted data. |
| 86 | */ |
| 87 | virtual Blob |
| 88 | encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false); |
| 89 | |
| 90 | /** |
| 91 | * Generate a symmetric key. |
| 92 | * @param keyName The name of the key. |
| 93 | * @param keyType The type of the key, e.g. KEY_TYPE_AES. |
| 94 | * @param keySize The size of the key. |
| 95 | */ |
| 96 | virtual void |
| 97 | generateKey(const Name& keyName, KeyType keyType = KEY_TYPE_AES, int keySize = 256); |
| 98 | |
| 99 | /** |
| 100 | * Check if a particular key exists. |
| 101 | * @param keyName The name of the key. |
| 102 | * @param keyClass The class of the key, e.g. KEY_CLASS_PUBLIC, KEY_CLASS_PRIVATE, or KEY_CLASS_SYMMETRIC. |
| 103 | * @return True if the key exists, otherwise false. |
| 104 | */ |
| 105 | virtual bool |
| 106 | doesKeyExist(const Name& keyName, KeyClass keyClass); |
| 107 | |
| 108 | /** |
| 109 | * configure ACL of a particular key |
| 110 | * @param keyName the name of key |
| 111 | * @param keyClass the class of key, e.g. Private Key |
| 112 | * @param acl the new acl of the key |
| 113 | * @param appPath the absolute path to the application |
| 114 | * @returns true if setting succeeds |
| 115 | */ |
| 116 | bool |
| 117 | setACL(const Name & keyName, KeyClass keyClass, int acl, const std::string & appPath); |
| 118 | |
| 119 | /** |
| 120 | * verify data (test only) |
| 121 | * @param keyName the name of key |
| 122 | * @param pData the data to be verified |
| 123 | * @param pSig the signature associated with the data |
| 124 | * @param digestAlgo digest algorithm |
| 125 | * @return true if signature can be verified, otherwise false |
| 126 | */ |
| 127 | bool |
| 128 | verifyData(const Name & keyName, const Blob & pData, const Blob & pSig, DigestAlgorithm digestAlgo = DIGEST_ALGORITHM_SHA256); |
| 129 | |
| 130 | private: |
| 131 | /** |
| 132 | * convert NDN name of a key to internal name of the key |
| 133 | * @param keyName the NDN name of the key |
| 134 | * @param keyClass the class of the key |
| 135 | * @return the internal key name |
| 136 | */ |
| 137 | std::string |
| 138 | toInternalKeyName(const Name & keyName, KeyClass keyClass); |
| 139 | |
| 140 | /** |
| 141 | * Get key |
| 142 | * @param keyName the name of the key |
| 143 | * @param keyClass the class of the key |
| 144 | * @returns pointer to the key |
| 145 | */ |
| 146 | SecKeychainItemRef |
| 147 | getKey(const Name & keyName, KeyClass keyClass); |
| 148 | |
| 149 | /** |
| 150 | * convert keyType to MAC OS symmetric key key type |
| 151 | * @param keyType |
| 152 | * @returns MAC OS key type |
| 153 | */ |
| 154 | const CFTypeRef |
| 155 | getSymKeyType(KeyType keyType); |
| 156 | |
| 157 | /** |
| 158 | * convert keyType to MAC OS asymmetirc key type |
| 159 | * @param keyType |
| 160 | * @returns MAC OS key type |
| 161 | */ |
| 162 | const CFTypeRef |
| 163 | getAsymKeyType(KeyType keyType); |
| 164 | |
| 165 | /** |
| 166 | * convert keyClass to MAC OS key class |
| 167 | * @param keyClass |
| 168 | * @returns MAC OS key class |
| 169 | */ |
| 170 | const CFTypeRef |
| 171 | getKeyClass(KeyClass keyClass); |
| 172 | |
| 173 | /** |
| 174 | * convert digestAlgo to MAC OS algorithm id |
| 175 | * @param digestAlgo |
| 176 | * @returns MAC OS algorithm id |
| 177 | */ |
| 178 | const CFStringRef |
| 179 | getDigestAlgorithm(DigestAlgorithm digestAlgo); |
| 180 | |
| 181 | /** |
| 182 | * convert format to MAC OS key format |
| 183 | * @param format |
| 184 | * @returns MAC OS keyformat |
| 185 | */ |
| 186 | SecExternalFormat |
| 187 | getFormat(KeyFormat format); |
| 188 | |
| 189 | /** |
| 190 | * get the digest size of the corresponding algorithm |
| 191 | * @param digestAlgo the digest algorithm |
| 192 | * @return digest size |
| 193 | */ |
| 194 | long |
| 195 | getDigestSize(DigestAlgorithm digestAlgo); |
| 196 | |
| 197 | const std::string keyChainName_; |
| 198 | SecKeychainRef keyChainRef_; |
| 199 | SecKeychainRef originalDefaultKeyChain_; |
| 200 | }; |
| 201 | |
| 202 | } |
| 203 | |
| 204 | #endif HAVE_OSX_SECKEYCHAIN |
| 205 | |
| 206 | #endif |