Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 1 | /** |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 2 | * Copyright (C) 2013 Regents of the University of California. |
| 3 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 4 | * See COPYING for copyright and distribution information. |
| 5 | */ |
| 6 | |
| 7 | #ifndef NDN_KEY_CHAIN_HPP |
Jeff Thompson | 2d27e2f | 2013-08-09 12:55:00 -0700 | [diff] [blame] | 8 | #define NDN_KEY_CHAIN_HPP |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 9 | |
Jeff Thompson | 7a67cb6 | 2013-08-26 11:43:18 -0700 | [diff] [blame] | 10 | #include "../data.hpp" |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 11 | #include "../face.hpp" |
| 12 | #include "identity/identity-manager.hpp" |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 13 | #include "encryption/encryption-manager.hpp" |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 14 | |
| 15 | namespace ndn { |
| 16 | |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 17 | class PolicyManager; |
| 18 | |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 19 | /** |
| 20 | * An OnVerified function object is used to pass a callback to verifyData to report a successful verification. |
| 21 | */ |
| 22 | typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerified; |
| 23 | |
| 24 | /** |
| 25 | * An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verification. |
| 26 | */ |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 27 | typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerifyFailed; |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 28 | |
Jeff Thompson | ffa36f9 | 2013-09-20 08:42:41 -0700 | [diff] [blame] | 29 | /** |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 30 | * Keychain is the main class of the security library. |
Jeff Thompson | ffa36f9 | 2013-09-20 08:42:41 -0700 | [diff] [blame] | 31 | * |
| 32 | * The Keychain class provides a set of interfaces to the security library such as identity management, policy configuration |
| 33 | * and packet signing and verification. |
| 34 | */ |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 35 | class KeyChain { |
| 36 | public: |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 37 | KeyChain |
| 38 | (const ptr_lib::shared_ptr<IdentityManager>& identityManager, const ptr_lib::shared_ptr<PolicyManager>& policyManager); |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 39 | |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 40 | /***************************************** |
| 41 | * Identity Management * |
| 42 | *****************************************/ |
| 43 | |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 44 | /** |
| 45 | * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. |
| 46 | * @param identityName The name of the identity. |
| 47 | * @return The key name of the auto-generated KSK of the identity. |
| 48 | */ |
| 49 | Name |
| 50 | createIdentity(const Name& identityName) |
| 51 | { |
| 52 | return identityManager_->createIdentity(identityName); |
| 53 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 54 | |
| 55 | /** |
| 56 | * Get the default identity. |
| 57 | * @return The default identity name. |
| 58 | */ |
| 59 | Name |
| 60 | getDefaultIdentity() |
| 61 | { |
| 62 | return identityManager_->getDefaultIdentity(); |
| 63 | } |
| 64 | |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 65 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 66 | * Generate a pair of RSA keys for the specified identity. |
| 67 | * @param identityName The name of the identity. |
| 68 | * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK). |
| 69 | * @param keySize The size of the key. |
| 70 | * @return The generated key name. |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 71 | */ |
| 72 | Name |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 73 | generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048) |
| 74 | { |
| 75 | return identityManager_->generateRSAKeyPair(identityName, isKsk, keySize); |
| 76 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 77 | |
| 78 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 79 | * Set a key as the default key of an identity. |
| 80 | * @param keyName The name of the key. |
| 81 | * @param identityName the name of the identity. If not specified, the identity name is inferred from the keyName. |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 82 | */ |
| 83 | void |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 84 | setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name()) |
| 85 | { |
| 86 | return identityManager_->setDefaultKeyForIdentity(keyName, identityName); |
| 87 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 88 | |
| 89 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 90 | * Generate a pair of RSA keys for the specified identity and set it as default key for the identity. |
| 91 | * @param identityName The name of the identity. |
| 92 | * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK). |
| 93 | * @param keySize The size of the key. |
| 94 | * @return The generated key name. |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 95 | */ |
| 96 | Name |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 97 | generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048) |
| 98 | { |
| 99 | return identityManager_->generateRSAKeyPairAsDefault(identityName, isKsk, keySize); |
| 100 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 101 | |
| 102 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 103 | * Create a public key signing request. |
| 104 | * @param keyName The name of the key. |
| 105 | * @returns The signing request data. |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 106 | */ |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 107 | Blob |
| 108 | createSigningRequest(const Name& keyName) |
| 109 | { |
| 110 | return identityManager_->getPublicKey(keyName)->getKeyDer(); |
| 111 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 112 | |
| 113 | /** |
Jeff Thompson | b63abf5 | 2013-10-04 11:23:34 -0700 | [diff] [blame^] | 114 | * Install an identity certificate into the public key identity storage. |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 115 | * @param certificate The certificate to to added. |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 116 | */ |
| 117 | void |
Jeff Thompson | b63abf5 | 2013-10-04 11:23:34 -0700 | [diff] [blame^] | 118 | installIdentityCertificate(const Certificate& certificate) |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 119 | { |
| 120 | identityManager_->addCertificate(certificate); |
| 121 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 122 | |
| 123 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 124 | * Set the certificate as the default for its corresponding key. |
| 125 | * @param certificateName The name of the certificate. |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 126 | */ |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 127 | void |
| 128 | setDefaultCertificateForKey(const Name& certificateName) |
| 129 | { |
| 130 | identityManager_->setDefaultCertificateForKey(certificateName); |
| 131 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 132 | |
| 133 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 134 | * Get a certificate with the specified name. |
| 135 | * @param certificateName The name of the requested certificate. |
| 136 | * @return the requested certificate. |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 137 | */ |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 138 | ptr_lib::shared_ptr<Certificate> |
| 139 | getCertificate(const Name& certificateName) |
| 140 | { |
| 141 | return identityManager_->getCertificate(certificateName); |
| 142 | } |
| 143 | |
| 144 | /** |
| 145 | * Get a certificate even if the certificate is not valid anymore. |
| 146 | * @param certificateName The name of the requested certificate. |
| 147 | * @return the requested certificate. |
| 148 | */ |
| 149 | ptr_lib::shared_ptr<Certificate> |
| 150 | getAnyCertificate(const Name& certificateName) |
| 151 | { |
| 152 | return identityManager_->getAnyCertificate(certificateName); |
| 153 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 154 | |
| 155 | /** |
| 156 | * Revoke a key |
| 157 | * @param keyName the name of the key that will be revoked |
| 158 | */ |
| 159 | void |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 160 | revokeKey(const Name & keyName) |
| 161 | { |
| 162 | //TODO: Implement |
| 163 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 164 | |
| 165 | /** |
| 166 | * Revoke a certificate |
| 167 | * @param certificateName the name of the certificate that will be revoked |
| 168 | */ |
| 169 | void |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 170 | revokeCertificate(const Name & certificateName) |
| 171 | { |
| 172 | //TODO: Implement |
| 173 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 174 | |
| 175 | /***************************************** |
| 176 | * Policy Management * |
| 177 | *****************************************/ |
| 178 | |
| 179 | const ptr_lib::shared_ptr<PolicyManager>& |
| 180 | getPolicyManager() { return policyManager_; } |
| 181 | |
| 182 | /***************************************** |
| 183 | * Sign/Verify * |
| 184 | *****************************************/ |
| 185 | |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 186 | /** |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 187 | * Wire encode the Data object, sign it and set its signature. |
Jeff Thompson | ade5b1e | 2013-08-09 12:16:45 -0700 | [diff] [blame] | 188 | * Note: the caller must make sure the timestamp is correct, for example with |
Jeff Thompson | fec716d | 2013-09-11 13:54:36 -0700 | [diff] [blame] | 189 | * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0). |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 190 | * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 191 | * @param certificateName The certificate name of the key to use for signing. If omitted, infer the signing identity from the data packet name. |
Jeff Thompson | 8d24fe1 | 2013-09-18 15:54:51 -0700 | [diff] [blame] | 192 | * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat(). |
Jeff Thompson | 3c73da4 | 2013-08-12 11:19:05 -0700 | [diff] [blame] | 193 | */ |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 194 | void |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 195 | sign(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat()); |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 196 | |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 197 | /** |
| 198 | * Wire encode the Data object, sign it and set its signature. |
| 199 | * Note: the caller must make sure the timestamp is correct, for example with |
| 200 | * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0). |
| 201 | * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding. |
| 202 | * @param identityName The identity name for the key to use for signing. If omitted, infer the signing identity from the data packet name. |
| 203 | * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat(). |
| 204 | */ |
| 205 | void |
| 206 | signByIdentity(Data& data, const Name& identityName = Name(), WireFormat& wireFormat = *WireFormat::getDefaultWireFormat()); |
Jeff Thompson | 3c73da4 | 2013-08-12 11:19:05 -0700 | [diff] [blame] | 207 | |
| 208 | /** |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 209 | * Check the signature on the Data object and call either onVerify or onVerifyFailed. |
| 210 | * We use callback functions because verify may fetch information to check the signature. |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 211 | * @param data The Data object with the signature to check. It is an error if data does not have a wireEncoding. |
| 212 | * To set the wireEncoding, you can call data.wireDecode. |
| 213 | * @param onVerified If the signature is verified, this calls onVerified(data). |
| 214 | * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data). |
Jeff Thompson | 8efe5ad | 2013-08-20 17:36:38 -0700 | [diff] [blame] | 215 | */ |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 216 | void |
Jeff Thompson | 7c5d231 | 2013-09-25 16:07:15 -0700 | [diff] [blame] | 217 | verifyData |
| 218 | (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0); |
Jeff Thompson | 8efe5ad | 2013-08-20 17:36:38 -0700 | [diff] [blame] | 219 | |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 220 | /***************************************** |
| 221 | * Encrypt/Decrypt * |
| 222 | *****************************************/ |
| 223 | |
| 224 | /** |
| 225 | * Generate a symmetric key. |
| 226 | * @param keyName The name of the generated key. |
| 227 | * @param keyType The type of the key, e.g. KEY_TYPE_AES |
| 228 | */ |
| 229 | void |
| 230 | generateSymmetricKey(const Name& keyName, KeyType keyType) |
| 231 | { |
| 232 | encryptionManager_->createSymmetricKey(keyName, keyType); |
| 233 | } |
| 234 | |
| 235 | /** |
| 236 | * Encrypt a byte array. |
| 237 | * @param keyName The name of the encrypting key. |
| 238 | * @param data The byte array that will be encrypted. |
| 239 | * @param dataLength The length of data. |
| 240 | * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used. |
| 241 | * @param encryptMode the encryption mode |
| 242 | * @return the encrypted data as an immutable Blob. |
| 243 | */ |
| 244 | Blob |
| 245 | encrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true, |
| 246 | EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT) |
| 247 | { |
| 248 | return encryptionManager_->encrypt(keyName, data, dataLength, useSymmetric, encryptMode); |
| 249 | } |
| 250 | |
| 251 | /** |
| 252 | * Decrypt a byte array. |
| 253 | * @param keyName The name of the decrypting key. |
| 254 | * @param data The byte array that will be decrypted. |
| 255 | * @param dataLength The length of data. |
| 256 | * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used. |
| 257 | * @param encryptMode the encryption mode |
| 258 | * @return the decrypted data as an immutable Blob. |
| 259 | */ |
| 260 | Blob |
| 261 | decrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true, |
| 262 | EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT) |
| 263 | { |
| 264 | return encryptionManager_->decrypt(keyName, data, dataLength, useSymmetric, encryptMode); |
| 265 | } |
| 266 | |
Jeff Thompson | 8efe5ad | 2013-08-20 17:36:38 -0700 | [diff] [blame] | 267 | /** |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 268 | * Set the Face which will be used to fetch required certificates. |
| 269 | * @param face A pointer to the Face object. |
Jeff Thompson | 1e90d8c | 2013-08-12 16:09:25 -0700 | [diff] [blame] | 270 | */ |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 271 | void |
| 272 | setFace(Face* face) { face_ = face; } |
| 273 | |
| 274 | private: |
Jeff Thompson | 40f361a | 2013-09-25 13:12:48 -0700 | [diff] [blame] | 275 | ptr_lib::shared_ptr<IdentityManager> identityManager_; |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 276 | ptr_lib::shared_ptr<PolicyManager> policyManager_; |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 277 | ptr_lib::shared_ptr<EncryptionManager> encryptionManager_; |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 278 | Face* face_; |
| 279 | const int maxSteps_; |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 280 | }; |
| 281 | |
| 282 | } |
| 283 | |
| 284 | #endif |