blob: 7114e4e4355c673e99438681706b4bac3490d5a9 [file] [log] [blame]
Jeff Thompson47c93cf2013-08-09 00:38:48 -07001/**
Jeff Thompson7687dc02013-09-13 11:54:07 -07002 * Copyright (C) 2013 Regents of the University of California.
3 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson47c93cf2013-08-09 00:38:48 -07004 * See COPYING for copyright and distribution information.
5 */
6
7#ifndef NDN_KEY_CHAIN_HPP
Jeff Thompson2d27e2f2013-08-09 12:55:00 -07008#define NDN_KEY_CHAIN_HPP
Jeff Thompson47c93cf2013-08-09 00:38:48 -07009
Jeff Thompson7a67cb62013-08-26 11:43:18 -070010#include "../data.hpp"
Jeff Thompson2ce8f492013-09-17 18:01:25 -070011#include "../face.hpp"
12#include "identity/identity-manager.hpp"
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070013#include "encryption/encryption-manager.hpp"
Jeff Thompson47c93cf2013-08-09 00:38:48 -070014
15namespace ndn {
16
Jeff Thompson29ce3102013-09-27 11:47:48 -070017class PolicyManager;
18
Jeff Thompson2ce8f492013-09-17 18:01:25 -070019/**
20 * An OnVerified function object is used to pass a callback to verifyData to report a successful verification.
21 */
22typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerified;
23
24/**
25 * An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verification.
26 */
Jeff Thompson29ce3102013-09-27 11:47:48 -070027typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerifyFailed;
Jeff Thompson2ce8f492013-09-17 18:01:25 -070028
Jeff Thompsonffa36f92013-09-20 08:42:41 -070029/**
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070030 * Keychain is the main class of the security library.
Jeff Thompsonffa36f92013-09-20 08:42:41 -070031 *
32 * The Keychain class provides a set of interfaces to the security library such as identity management, policy configuration
33 * and packet signing and verification.
34 */
Jeff Thompson47c93cf2013-08-09 00:38:48 -070035class KeyChain {
36public:
Jeff Thompson29ce3102013-09-27 11:47:48 -070037 KeyChain
38 (const ptr_lib::shared_ptr<IdentityManager>& identityManager, const ptr_lib::shared_ptr<PolicyManager>& policyManager);
Jeff Thompson2ce8f492013-09-17 18:01:25 -070039
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070040 /*****************************************
41 * Identity Management *
42 *****************************************/
43
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070044 /**
45 * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
46 * @param identityName The name of the identity.
47 * @return The key name of the auto-generated KSK of the identity.
48 */
49 Name
50 createIdentity(const Name& identityName)
51 {
52 return identityManager_->createIdentity(identityName);
53 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070054
55 /**
56 * Get the default identity.
57 * @return The default identity name.
58 */
59 Name
60 getDefaultIdentity()
61 {
62 return identityManager_->getDefaultIdentity();
63 }
64
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070065 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -070066 * Generate a pair of RSA keys for the specified identity.
67 * @param identityName The name of the identity.
68 * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
69 * @param keySize The size of the key.
70 * @return The generated key name.
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070071 */
72 Name
Jeff Thompsone7e069b2013-09-27 15:48:48 -070073 generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048)
74 {
75 return identityManager_->generateRSAKeyPair(identityName, isKsk, keySize);
76 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070077
78 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -070079 * Set a key as the default key of an identity.
80 * @param keyName The name of the key.
81 * @param identityName the name of the identity. If not specified, the identity name is inferred from the keyName.
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070082 */
83 void
Jeff Thompsone7e069b2013-09-27 15:48:48 -070084 setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name())
85 {
86 return identityManager_->setDefaultKeyForIdentity(keyName, identityName);
87 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070088
89 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -070090 * Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
91 * @param identityName The name of the identity.
92 * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
93 * @param keySize The size of the key.
94 * @return The generated key name.
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070095 */
96 Name
Jeff Thompsone7e069b2013-09-27 15:48:48 -070097 generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048)
98 {
99 return identityManager_->generateRSAKeyPairAsDefault(identityName, isKsk, keySize);
100 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700101
102 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700103 * Create a public key signing request.
104 * @param keyName The name of the key.
105 * @returns The signing request data.
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700106 */
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700107 Blob
108 createSigningRequest(const Name& keyName)
109 {
110 return identityManager_->getPublicKey(keyName)->getKeyDer();
111 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700112
113 /**
Jeff Thompsonb63abf52013-10-04 11:23:34 -0700114 * Install an identity certificate into the public key identity storage.
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700115 * @param certificate The certificate to to added.
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700116 */
117 void
Jeff Thompsonb63abf52013-10-04 11:23:34 -0700118 installIdentityCertificate(const Certificate& certificate)
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700119 {
120 identityManager_->addCertificate(certificate);
121 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700122
123 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700124 * Set the certificate as the default for its corresponding key.
125 * @param certificateName The name of the certificate.
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700126 */
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700127 void
128 setDefaultCertificateForKey(const Name& certificateName)
129 {
130 identityManager_->setDefaultCertificateForKey(certificateName);
131 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700132
133 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700134 * Get a certificate with the specified name.
135 * @param certificateName The name of the requested certificate.
136 * @return the requested certificate.
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700137 */
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700138 ptr_lib::shared_ptr<Certificate>
139 getCertificate(const Name& certificateName)
140 {
141 return identityManager_->getCertificate(certificateName);
142 }
143
144 /**
145 * Get a certificate even if the certificate is not valid anymore.
146 * @param certificateName The name of the requested certificate.
147 * @return the requested certificate.
148 */
149 ptr_lib::shared_ptr<Certificate>
150 getAnyCertificate(const Name& certificateName)
151 {
152 return identityManager_->getAnyCertificate(certificateName);
153 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700154
155 /**
156 * Revoke a key
157 * @param keyName the name of the key that will be revoked
158 */
159 void
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700160 revokeKey(const Name & keyName)
161 {
162 //TODO: Implement
163 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700164
165 /**
166 * Revoke a certificate
167 * @param certificateName the name of the certificate that will be revoked
168 */
169 void
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700170 revokeCertificate(const Name & certificateName)
171 {
172 //TODO: Implement
173 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700174
175 /*****************************************
176 * Policy Management *
177 *****************************************/
178
179 const ptr_lib::shared_ptr<PolicyManager>&
180 getPolicyManager() { return policyManager_; }
181
182 /*****************************************
183 * Sign/Verify *
184 *****************************************/
185
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700186 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700187 * Wire encode the Data object, sign it and set its signature.
Jeff Thompsonade5b1e2013-08-09 12:16:45 -0700188 * Note: the caller must make sure the timestamp is correct, for example with
Jeff Thompsonfec716d2013-09-11 13:54:36 -0700189 * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700190 * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700191 * @param certificateName The certificate name of the key to use for signing. If omitted, infer the signing identity from the data packet name.
Jeff Thompson8d24fe12013-09-18 15:54:51 -0700192 * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
Jeff Thompson3c73da42013-08-12 11:19:05 -0700193 */
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700194 void
Jeff Thompson29ce3102013-09-27 11:47:48 -0700195 sign(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700196
Jeff Thompson29ce3102013-09-27 11:47:48 -0700197 /**
198 * Wire encode the Data object, sign it and set its signature.
199 * Note: the caller must make sure the timestamp is correct, for example with
200 * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
201 * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
202 * @param identityName The identity name for the key to use for signing. If omitted, infer the signing identity from the data packet name.
203 * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
204 */
205 void
206 signByIdentity(Data& data, const Name& identityName = Name(), WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
Jeff Thompson3c73da42013-08-12 11:19:05 -0700207
208 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700209 * Check the signature on the Data object and call either onVerify or onVerifyFailed.
210 * We use callback functions because verify may fetch information to check the signature.
Jeff Thompson29ce3102013-09-27 11:47:48 -0700211 * @param data The Data object with the signature to check. It is an error if data does not have a wireEncoding.
212 * To set the wireEncoding, you can call data.wireDecode.
213 * @param onVerified If the signature is verified, this calls onVerified(data).
214 * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700215 */
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700216 void
Jeff Thompson7c5d2312013-09-25 16:07:15 -0700217 verifyData
218 (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700219
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700220 /*****************************************
221 * Encrypt/Decrypt *
222 *****************************************/
223
224 /**
225 * Generate a symmetric key.
226 * @param keyName The name of the generated key.
227 * @param keyType The type of the key, e.g. KEY_TYPE_AES
228 */
229 void
230 generateSymmetricKey(const Name& keyName, KeyType keyType)
231 {
232 encryptionManager_->createSymmetricKey(keyName, keyType);
233 }
234
235 /**
236 * Encrypt a byte array.
237 * @param keyName The name of the encrypting key.
238 * @param data The byte array that will be encrypted.
239 * @param dataLength The length of data.
240 * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used.
241 * @param encryptMode the encryption mode
242 * @return the encrypted data as an immutable Blob.
243 */
244 Blob
245 encrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true,
246 EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT)
247 {
248 return encryptionManager_->encrypt(keyName, data, dataLength, useSymmetric, encryptMode);
249 }
250
251 /**
252 * Decrypt a byte array.
253 * @param keyName The name of the decrypting key.
254 * @param data The byte array that will be decrypted.
255 * @param dataLength The length of data.
256 * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used.
257 * @param encryptMode the encryption mode
258 * @return the decrypted data as an immutable Blob.
259 */
260 Blob
261 decrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true,
262 EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT)
263 {
264 return encryptionManager_->decrypt(keyName, data, dataLength, useSymmetric, encryptMode);
265 }
266
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700267 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700268 * Set the Face which will be used to fetch required certificates.
269 * @param face A pointer to the Face object.
Jeff Thompson1e90d8c2013-08-12 16:09:25 -0700270 */
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700271 void
272 setFace(Face* face) { face_ = face; }
273
274private:
Jeff Thompson40f361a2013-09-25 13:12:48 -0700275 ptr_lib::shared_ptr<IdentityManager> identityManager_;
Jeff Thompson29ce3102013-09-27 11:47:48 -0700276 ptr_lib::shared_ptr<PolicyManager> policyManager_;
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700277 ptr_lib::shared_ptr<EncryptionManager> encryptionManager_;
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700278 Face* face_;
279 const int maxSteps_;
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700280};
281
282}
283
284#endif