Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / bd5ba400190a95b97b773be08f399d7a2519f167 / . / include / ndn-cpp / security / key-chain.hpp
blob: 29bd1642f371feea7d05a81c92a2509f40cbbef1 [file] [log] [blame]
Jeff Thompson25b4e612013-10-10 16:03:24 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]2/**
Jeff Thompson7687dc02013-09-13 11:54:07 -0700[diff] [blame]3 * Copyright (C) 2013 Regents of the University of California.
Jeff Thompsonba16b8f2013-12-16 13:11:47 -0800[diff] [blame]4 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
Jeff Thompson7687dc02013-09-13 11:54:07 -0700[diff] [blame]5 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]6 * See COPYING for copyright and distribution information.
7 */
8
9#ifndef NDN_KEY_CHAIN_HPP
Jeff Thompson2d27e2f2013-08-09 12:55:00 -0700[diff] [blame]10#define NDN_KEY_CHAIN_HPP
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]11
Jeff Thompson7a67cb62013-08-26 11:43:18 -0700[diff] [blame]12#include "../data.hpp"
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]13#include "../face.hpp"
14#include "identity/identity-manager.hpp"
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]15#include "encryption/encryption-manager.hpp"
Jeff Thompsonba16b8f2013-12-16 13:11:47 -0800[diff] [blame]16#include "policy/validation-request.hpp"
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]17
18namespace ndn {
19
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]20class PolicyManager;
21
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]22/**
Jeff Thompsonba16b8f2013-12-16 13:11:47 -0800[diff] [blame]23 * KeyChain is the main class of the security library.
Jeff Thompsonffa36f92013-09-20 08:42:41 -0700[diff] [blame]24 *
Jeff Thompsonba16b8f2013-12-16 13:11:47 -0800[diff] [blame]25 * The KeyChain class provides a set of interfaces to the security library such as identity management, policy configuration
Jeff Thompsonffa36f92013-09-20 08:42:41 -0700[diff] [blame]26 * and packet signing and verification.
27 */
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]28class KeyChain {
29public:
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]30 struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]31
Alexander Afanasyevbd5ba402014-01-05 22:41:09 -0800[diff] [blame^]32 KeyChain(const ptr_lib::shared_ptr<IdentityStorage> &identityStorage = DefaultIdentityStorage,
33 const ptr_lib::shared_ptr<PrivateKeyStorage> &privateKeyStorage = DefaultPrivateKeyStorage,
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]34 const ptr_lib::shared_ptr<PolicyManager> &policyManager = DefaultPolicyManager,
35 const ptr_lib::shared_ptr<EncryptionManager> &encryptionManager = DefaultEncryptionManager);
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]36
37 /**
38 * @brief Set the Face which will be used to fetch required certificates.
39 * @param face A pointer to the Face object.
40 *
41 * Setting face is necessary for keychain operation that involve fetching data.
42 */
43 void
44 setFace(const ptr_lib::shared_ptr<Face> &face) { face_ = face; }
45
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]46 /*****************************************
47 * Identity Management *
48 *****************************************/
49
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]50 inline IdentityManager&
51 identities()
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]52 {
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]53 if (!identityManager_)
54 throw Error("IdentityManager is not assigned to the KeyChain");
55
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]56 return *identityManager_;
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]57 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]58
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]59 /*****************************************
60 * Policy Management *
61 *****************************************/
62
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]63 inline PolicyManager&
64 policies()
65 {
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]66 if (!policyManager_)
67 throw Error("PolicyManager is not assigned to the KeyChain");
68
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]69 return *policyManager_;
70 }
71
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]72 /*****************************************
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]73 * Encryption Management *
74 *****************************************/
75
76 inline EncryptionManager&
77 encryption()
78 {
79 if (!encryptionManager_)
80 throw Error("EncryptionManager is not assigned to the KeyChain");
81
82 return *encryptionManager_;
83 }
84
85 /*****************************************
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]86 * Sign/Verify *
87 *****************************************/
88
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]89 inline void
90 sign(Data& data);
91
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]92 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]93 * Wire encode the Data object, sign it and set its signature.
Jeff Thompsonade5b1e2013-08-09 12:16:45 -0700[diff] [blame]94 * Note: the caller must make sure the timestamp is correct, for example with
Jeff Thompsonfec716d2013-09-11 13:54:36 -0700[diff] [blame]95 * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]96 * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]97 * @param certificateName The certificate name of the key to use for signing. If omitted, infer the signing identity from the data packet name.
Jeff Thompson3c73da42013-08-12 11:19:05 -0700[diff] [blame]98 */
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]99 inline void
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]100 sign(Data& data, const Name& certificateName);
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]101
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]102 /**
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]103 * Sign the byte array using a certificate name and return a Signature object.
104 * @param buffer The byte array to be signed.
105 * @param bufferLength the length of buffer.
106 * @param certificateName The certificate name used to get the signing key and which will be put into KeyLocator.
107 * @return The Signature.
108 */
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]109 inline Signature
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]110 sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
111
112 /**
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]113 * Wire encode the Data object, sign it and set its signature.
114 * Note: the caller must make sure the timestamp is correct, for example with
115 * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
116 * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
117 * @param identityName The identity name for the key to use for signing. If omitted, infer the signing identity from the data packet name.
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]118 */
119 void
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]120 signByIdentity(Data& data, const Name& identityName = Name());
Jeff Thompson3c73da42013-08-12 11:19:05 -0700[diff] [blame]121
122 /**
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]123 * Sign the byte array using an identity name and return a Signature object.
124 * @param buffer The byte array to be signed.
125 * @param bufferLength the length of buffer.
126 * @param identityName The identity name.
127 * @return The Signature.
128 */
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]129 Signature
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]130 signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
131
132 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]133 * Check the signature on the Data object and call either onVerify or onVerifyFailed.
134 * We use callback functions because verify may fetch information to check the signature.
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]135 * @param data The Data object with the signature to check. It is an error if data does not have a wireEncoding.
136 * To set the wireEncoding, you can call data.wireDecode.
137 * @param onVerified If the signature is verified, this calls onVerified(data).
138 * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700[diff] [blame]139 */
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]140 void
Jeff Thompson7c5d2312013-09-25 16:07:15 -0700[diff] [blame]141 verifyData
142 (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700[diff] [blame]143
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]144 /*****************************************
145 * Encrypt/Decrypt *
146 *****************************************/
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]147 // todo
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]148
149public:
Alexander Afanasyevbd5ba402014-01-05 22:41:09 -0800[diff] [blame^]150 static const ptr_lib::shared_ptr<IdentityStorage> DefaultIdentityStorage;
151 static const ptr_lib::shared_ptr<PrivateKeyStorage> DefaultPrivateKeyStorage;
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]152 static const ptr_lib::shared_ptr<PolicyManager> DefaultPolicyManager;
153 static const ptr_lib::shared_ptr<EncryptionManager> DefaultEncryptionManager;
154
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]155private:
Jeff Thompsoncda349e2013-11-05 17:37:39 -0800[diff] [blame]156 void
157 onCertificateData
158 (const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
159
160 void
161 onCertificateInterestTimeout
162 (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed,
163 const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
164
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]165private:
Alexander Afanasyevbd5ba402014-01-05 22:41:09 -0800[diff] [blame^]166 ptr_lib::shared_ptr<IdentityStorage> publicInfoStorage_;
167 ptr_lib::shared_ptr<PrivateKeyStorage> privateKeyStorage_;
168 ptr_lib::shared_ptr<IdentityManager> identityManager_; // uses publicInfo and privateKey storages
169
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]170 ptr_lib::shared_ptr<PolicyManager> policyManager_;
171 ptr_lib::shared_ptr<EncryptionManager> encryptionManager_;
172
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]173 ptr_lib::shared_ptr<Face> face_;
174
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]175 const int maxSteps_;
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]176};
177
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]178void
179KeyChain::sign(Data& data)
180{
181 identities().sign(data);
182}
183
184void
185KeyChain::sign(Data& data, const Name& certificateName)
186{
187 identities().signByCertificate(data, certificateName);
188}
189
190Signature
191KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
192{
193 return identities().signByCertificate(buffer, bufferLength, certificateName);
194}
195
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]196}
197
198#endif